{0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kDHE,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kECDHE,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
{0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
+ {0,SSL_TXT_aSRP,0, 0,SSL_aSRP, 0,0,0,0,0,0,0},
/* aliases combining key exchange and server authentication */
{0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_DHE,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ECDHE,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
{0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
{0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
{0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
/* FIPS 140-2 approved ciphersuite */
{0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
+ /* "DHE-" aliases to "EDH-" labels (for forward compatibility) */
+ {0,SSL3_TXT_DHE_DSS_DES_40_CBC_SHA,0,
+ SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
+ {0,SSL3_TXT_DHE_DSS_DES_64_CBC_SHA,0,
+ SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
+ {0,SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,0,
+ SSL_kDHE,SSL_aDSS,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
+ {0,SSL3_TXT_DHE_RSA_DES_40_CBC_SHA,0,
+ SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
+ {0,SSL3_TXT_DHE_RSA_DES_64_CBC_SHA,0,
+ SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
+ {0,SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,0,
+ SSL_kDHE,SSL_aRSA,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
};
/* Search for public key algorithm with given name and
* return its pkey_id if it is available. Otherwise return 0
}
#endif
-/* ssl_cipher_get_comp sets |comp| to the correct SSL_COMP for the given
- * session and returns 1. On error it returns 0. */
-int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp)
- {
- int i;
-
- SSL_COMP ctmp;
-#ifndef OPENSSL_NO_COMP
- load_builtin_compressions();
-#endif
-
- *comp=NULL;
- ctmp.id=s->compress_meth;
- if (ssl_comp_methods != NULL)
- {
- i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
- if (i >= 0)
- *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
- else
- *comp=NULL;
- }
-
- return 1;
- }
-
-/* ssl_cipher_get_evp_aead sets |*aead| to point to the correct EVP_AEAD object
- * for |s->cipher|. It returns 1 on success and 0 on error. */
-int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
- {
- const SSL_CIPHER *c = s->cipher;
-
- *aead = NULL;
-
- if (c == NULL)
- return 0;
- if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0)
- return 0;
-
- switch (c->algorithm_enc)
- {
-#ifndef OPENSSL_NO_AES
- case SSL_AES128GCM:
- *aead = EVP_aead_aes_128_gcm();
- return 1;
- case SSL_AES256GCM:
- *aead = EVP_aead_aes_256_gcm();
- return 1;
-#endif
- }
-
- return 0;
- }
-
int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size)
+ const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
{
int i;
const SSL_CIPHER *c;
c=s->cipher;
if (c == NULL) return(0);
+ if (comp != NULL)
+ {
+ SSL_COMP ctmp;
+#ifndef OPENSSL_NO_COMP
+ load_builtin_compressions();
+#endif
- /* This function doesn't deal with EVP_AEAD. See
- * |ssl_cipher_get_aead_evp|. */
- if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)
- return(0);
+ *comp=NULL;
+ ctmp.id=s->compress_meth;
+ if (ssl_comp_methods != NULL)
+ {
+ i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
+ if (i >= 0)
+ *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
+ else
+ *comp=NULL;
+ }
+ }
if ((enc == NULL) || (md == NULL)) return(0);
break;
}
- if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+ if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
*enc=NULL;
else
{
i= -1;
break;
}
- if ((i < 0) || (i > SSL_MD_NUM_IDX))
+ if ((i < 0) || (i >= SSL_MD_NUM_IDX))
{
*md=NULL;
if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
c->algorithm_mac == SSL_SHA1 &&
(evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
*enc = evp, *md = NULL;
+ else if (c->algorithm_enc == SSL_AES128 &&
+ c->algorithm_mac == SSL_SHA256 &&
+ (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA256")))
+ *enc = evp, *md = NULL;
+ else if (c->algorithm_enc == SSL_AES256 &&
+ c->algorithm_mac == SSL_SHA256 &&
+ (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+ *enc = evp, *md = NULL;
return(1);
}
else
int rule, int strength_bits,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
- CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
+ CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp;
int reverse = 0;
if (reverse)
{
- curr = tail;
+ next = tail;
last = head;
}
else
{
- curr = head;
+ next = head;
last = tail;
}
- curr2 = curr;
+ curr = NULL;
for (;;)
{
- if ((curr == NULL) || (curr == last)) break;
- curr = curr2;
- curr2 = reverse ? curr->prev : curr->next;
+ if (curr == last) break;
+
+ curr = next;
+
+ if (curr == NULL) break;
+
+ next = reverse ? curr->prev : curr->next;
cp = curr->cipher;
case SSL_kSRP:
kx="SRP";
break;
+ case SSL_kGOST:
+ kx="GOST";
+ break;
default:
kx="unknown";
}
case SSL_aPSK:
au="PSK";
break;
+ case SSL_aSRP:
+ au="SRP";
+ break;
+ case SSL_aGOST94:
+ au="GOST94";
+ break;
+ case SSL_aGOST01:
+ au="GOST01";
+ break;
default:
au="unknown";
break;
case SSL_SEED:
enc="SEED(128)";
break;
+ case SSL_eGOST2814789CNT:
+ enc="GOST89(256)";
+ break;
default:
enc="unknown";
break;
case SSL_AEAD:
mac="AEAD";
break;
+ case SSL_GOST89MAC:
+ mac="GOST89";
+ break;
+ case SSL_GOST94:
+ mac="GOST94";
+ break;
default:
mac="unknown";
break;
return(ssl_comp_methods);
}
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths)
+ {
+ STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+ ssl_comp_methods = meths;
+ return old_meths;
+ }
+
+static void cmeth_free(SSL_COMP *cm)
+ {
+ OPENSSL_free(cm);
+ }
+
+void SSL_COMP_free_compression_methods(void)
+ {
+ STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+ ssl_comp_methods = NULL;
+ sk_SSL_COMP_pop_free(old_meths, cmeth_free);
+ }
+
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
SSL_COMP *comp;