#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
-/* FIXED_NONCE_LEN is a macro that results in the correct value to set the
- * fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of
- * SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */
-#define FIXED_NONCE_LEN(x) ((x/2)<<24)
-
/* list of available SSLv3 ciphers (sorted by id) */
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
SSL_AES128,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
SSL_AES256,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
- FIXED_NONCE_LEN(4)|
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},
},
#endif
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
- TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
- SSL_kEECDH,
- SSL_aRSA,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
- 256,
- 0,
- },
-
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
- TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
- SSL_kEECDH,
- SSL_aECDSA,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
- 256,
- 0,
- },
-
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
- TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
- SSL_kEDH,
- SSL_aRSA,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
- 256,
- 0,
- },
-#endif
-
/* end of list */
};
else
return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
+ case SSL_CTRL_GET_CHAIN_CERTS:
+ *(STACK_OF(X509) **)parg = s->cert->key->chain;
+ break;
+
+ case SSL_CTRL_SELECT_CURRENT_CERT:
+ return ssl_cert_select_current(s->cert, (X509 *)parg);
+
+ case SSL_CTRL_SET_CURRENT_CERT:
+ return ssl_cert_set_current(s->cert, larg);
+
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_CURVES:
{
else
return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
+ case SSL_CTRL_GET_CHAIN_CERTS:
+ *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+ break;
+
+ case SSL_CTRL_SELECT_CURRENT_CERT:
+ return ssl_cert_select_current(ctx->cert, (X509 *)parg);
+
+ case SSL_CTRL_SET_CURRENT_CERT:
+ return ssl_cert_set_current(ctx->cert, larg);
+
default:
return(0);
}
projects / openssl.git / blobdiff