/* GOST Ciphersuites */
- {
- 1,
- "GOST94-GOST89-GOST89",
- 0x3000080,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
- 256,
- 256},
{
1,
"GOST2001-GOST89-GOST89",
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256,
- 256},
- {
- 1,
- "GOST94-NULL-GOST94",
- 0x3000082,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eNULL,
- SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
- 0,
- 0},
+ 256
+ },
{
1,
"GOST2001-NULL-GOST94",
SSL_NOT_EXP | SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
0,
- 0},
+ 0
+ },
#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
256},
#endif
-#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
+ /* Cipher C09C */
{
1,
- "GOST-MD5",
- 0x0300ff00,
+ TLS1_TXT_RSA_WITH_AES_128_CCM,
+ TLS1_CK_RSA_WITH_AES_128_CCM,
SSL_kRSA,
SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_MD5,
- SSL_TLSV1,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C09D */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_CCM,
+ TLS1_CK_RSA_WITH_AES_256_CCM,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
+
+ /* Cipher C09E */
{
1,
- "GOST-GOST94",
- 0x0300ff01,
- SSL_kRSA,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+ TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
+ SSL_kDHE,
SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST94,
- SSL_TLSV1,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C09F */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+ TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
- 256},
+ 256,
+ },
+
+ /* Cipher C0A0 */
{
1,
- "GOST-GOST89MAC",
- 0x0300ff02,
+ TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+ TLS1_CK_RSA_WITH_AES_128_CCM_8,
SSL_kRSA,
SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256},
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A1 */
{
1,
- "GOST-GOST89STREAM",
- 0x0300ff03,
+ TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+ TLS1_CK_RSA_WITH_AES_256_CCM_8,
SSL_kRSA,
SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
- 256},
-#endif
+ 256,
+ },
+
+ /* Cipher C0A2 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+ TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A3 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+ TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A4 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CCM,
+ TLS1_CK_PSK_WITH_AES_128_CCM,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A4 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CCM,
+ TLS1_CK_PSK_WITH_AES_256_CCM,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A6 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A7 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A8 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+ TLS1_CK_PSK_WITH_AES_128_CCM_8,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A9 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+ TLS1_CK_PSK_WITH_AES_256_CCM_8,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0AA */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0AB */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0AC */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0AD */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0AE */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0AF */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
/* end of list */
};
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION) {
if (alg_k & SSL_kGOST) {
- p[ret++] = TLS_CT_GOST94_SIGN;
p[ret++] = TLS_CT_GOST01_SIGN;
return (ret);
}