Ciphersuite string bugfixes, and ECC-related (re-)definitions.
authorBodo Möller <bodo@openssl.org>
Wed, 14 Jun 2006 17:40:31 +0000 (17:40 +0000)
committerBodo Möller <bodo@openssl.org>
Wed, 14 Jun 2006 17:40:31 +0000 (17:40 +0000)
CHANGES
ssl/d1_srvr.c
ssl/s3_clnt.c
ssl/s3_lib.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl3.h
ssl/ssl_ciph.c
ssl/ssl_lib.c
ssl/ssl_locl.h
ssl/t1_lib.c

diff --git a/CHANGES b/CHANGES
index 037c916..2cf3cd2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,39 @@
 
  Changes between 0.9.8b and 0.9.9  [xx XXX xxxx]
 
+  *) Various modifications and fixes to SSL/TLS cipher string
+     handling.  For ECC, the code now distinguishes between fixed ECDH
+     with RSA certificates on the one hand and with ECDSA certificates
+     on the other hand, since these are separate ciphersuites.  The
+     unused code for Fortezza ciphersuites has been removed.
+
+     For consistency with EDH, ephemeral ECDH is now called "EECDH"
+     (not "ECDHE").  For consistency with the code for DH
+     certificates, use of ECDH certificates is now considered ECDH
+     authentication, not RSA or ECDSA authentication (the latter is
+     merely the CA's signing algorithm and not actively used in the
+     protocol).
+
+     The temporary ciphersuite alias "ECCdraft" is no longer
+     available, and ECC ciphersuites are no longer excluded from "ALL"
+     and "DEFAULT".  The following aliases now exist for RFC 4492
+     ciphersuites, most of these by analogy with the DH case:
+
+         kECDHr   - ECDH cert, signed with RSA
+         kECDHe   - ECDH cert, signed with ECDSA
+         kECDH    - ECDH cert (signed with either RSA or ECDSA)
+         kEECDH   - ephemeral ECDH
+         ECDH     - ECDH cert or ephemeral ECDH
+
+         aECDH    - ECDH cert
+         aECDSA   - ECDSA cert
+         ECDSA    - ECDSA cert
+
+         AECDH    - anonymous ECDH
+         EECDH    - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
+
+     [Bodo Moeller]
+
   *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
      Use correct micalg parameters depending on digest(s) in signed message.
      [Steve Henson]
index 962ae56..67baf80 100644 (file)
@@ -333,10 +333,10 @@ int dtls1_accept(SSL *s)
                        else
                                s->s3->tmp.use_rsa_tmp=0;
 
-                       /* only send if a DH key exchange, fortezza or
+                       /* only send if a DH key exchange or
                         * RSA but we have a sign only certificate */
                        if (s->s3->tmp.use_rsa_tmp
-                           || (l & (SSL_DH|SSL_kFZA))
+                           || (l & SSL_DH)
                            || ((l & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
index 1b9b586..e84dbf5 100644 (file)
@@ -1308,7 +1308,7 @@ int ssl3_get_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_DH */
 
 #ifndef OPENSSL_NO_ECDH
-       else if (alg & SSL_kECDHE)
+       else if (alg & SSL_kEECDH)
                {
                EC_GROUP *ngroup;
                const EC_GROUP *group;
@@ -1407,19 +1407,13 @@ int ssl3_get_key_exchange(SSL *s)
                EC_POINT_free(srvr_ecpoint);
                srvr_ecpoint = NULL;
                }
-       else if (alg & SSL_kECDH)
+       else if (alg)
                {
                al=SSL_AD_UNEXPECTED_MESSAGE;
                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
                goto f_err;
                }
 #endif /* !OPENSSL_NO_ECDH */
-       if (alg & SSL_aFZA)
-               {
-               al=SSL_AD_HANDSHAKE_FAILURE;
-               SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-               goto f_err;
-               }
 
 
        /* p points to the next byte, there are 'n' bytes left */
@@ -2009,7 +2003,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 #endif
 
 #ifndef OPENSSL_NO_ECDH 
-               else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+               else if ((l & SSL_kECDH) || (l & SSL_kEECDH))
                        {
                        const EC_GROUP *srvr_group = NULL;
                        EC_KEY *tkey;
index 63edc36..e2d2f91 100644 (file)
@@ -317,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
 /* Cipher 0C */
        {
-       0,
+       0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
        SSL3_CK_DH_DSS_DES_64_CBC_SHA,
        SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
@@ -330,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
 /* Cipher 0D */
        {
-       0,
+       0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
        SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
        SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
@@ -343,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
 /* Cipher 0E */
        {
-       0,
+       0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
        SSL3_CK_DH_RSA_DES_40_CBC_SHA,
        SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
@@ -356,7 +356,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
 /* Cipher 0F */
        {
-       0,
+       0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
        SSL3_CK_DH_RSA_DES_64_CBC_SHA,
        SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
@@ -369,7 +369,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
 /* Cipher 10 */
        {
-       0,
+       0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
        SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
        SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
@@ -526,7 +526,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Fortezza */
+/* Fortezza ciphersuite from SSL 3.0 spec */
+#if 0
 /* Cipher 1C */
        {
        0,
@@ -555,7 +556,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-#if 0
 /* Cipher 1E */
        {
        0,
@@ -576,7 +576,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 ** 20000107 VRS: And the first shall be last,
 ** in hopes of avoiding the lynx ssl renegotiation problem.
 */
-/* Cipher 1E VRS */
+/* Cipher 1E */
        {
        1,
        SSL3_TXT_KRB5_DES_64_CBC_SHA,
@@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 1F VRS */
+/* Cipher 1F */
        {
        1,
        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
@@ -604,7 +604,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 20 VRS */
+/* Cipher 20 */
        {
        1,
        SSL3_TXT_KRB5_RC4_128_SHA,
@@ -618,7 +618,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 21 VRS */
+/* Cipher 21 */
        {
        1,
        SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
@@ -632,7 +632,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 22 VRS */
+/* Cipher 22 */
        {
        1,
        SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -646,7 +646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 23 VRS */
+/* Cipher 23 */
        {
        1,
        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
@@ -660,7 +660,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 24 VRS */
+/* Cipher 24 */
        {
        1,
        SSL3_TXT_KRB5_RC4_128_MD5,
@@ -674,7 +674,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 25 VRS */
+/* Cipher 25 */
        {
        1,
        SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
@@ -688,7 +688,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 26 VRS */
+/* Cipher 26 */
        {
        1,
        SSL3_TXT_KRB5_DES_40_CBC_SHA,
@@ -702,7 +702,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 27 VRS */
+/* Cipher 27 */
        {
        1,
        SSL3_TXT_KRB5_RC2_40_CBC_SHA,
@@ -716,7 +716,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 28 VRS */
+/* Cipher 28 */
        {
        1,
        SSL3_TXT_KRB5_RC4_40_SHA,
@@ -730,7 +730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 29 VRS */
+/* Cipher 29 */
        {
        1,
        SSL3_TXT_KRB5_DES_40_CBC_MD5,
@@ -744,7 +744,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 2A VRS */
+/* Cipher 2A */
        {
        1,
        SSL3_TXT_KRB5_RC2_40_CBC_MD5,
@@ -758,7 +758,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
-/* Cipher 2B VRS */
+/* Cipher 2B */
        {
        1,
        SSL3_TXT_KRB5_RC4_40_MD5,
@@ -772,8 +772,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 #endif /* OPENSSL_NO_KRB5 */
-/* New AES ciphersuites */
 
+/* New AES ciphersuites */
 /* Cipher 2F */
        {
        1,
@@ -881,7 +881,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
 /* Cipher 37 */
        {
-       0,
+       0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
        TLS1_CK_DH_RSA_WITH_AES_256_SHA,
        SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
@@ -1252,13 +1252,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 #endif  /* OPENSSL_NO_PSK */
+
 #ifndef OPENSSL_NO_ECDH
        /* Cipher C001 */
            {
             1,
             TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
             TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHe|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             0,
@@ -1272,7 +1273,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
             TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHe|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             128,
@@ -1286,7 +1287,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
             TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHe|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             168,
@@ -1300,7 +1301,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
             TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             128,
@@ -1314,7 +1315,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
             TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             256,
@@ -1328,7 +1329,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
             TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             0,
@@ -1342,7 +1343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
             TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             128,
@@ -1356,7 +1357,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
             TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             168,
@@ -1370,7 +1371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
             TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             128,
@@ -1384,7 +1385,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
             TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             256,
@@ -1398,7 +1399,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
             TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHr|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             0,
@@ -1412,7 +1413,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
             TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHr|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             128,
@@ -1426,7 +1427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
             TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHr|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             168,
@@ -1440,7 +1441,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
             TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             128,
@@ -1454,7 +1455,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
             TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             256,
@@ -1468,7 +1469,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
             TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             0,
@@ -1482,7 +1483,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
             TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             128,
@@ -1496,7 +1497,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
             TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             168,
@@ -1510,7 +1511,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
             TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             128,
@@ -1524,7 +1525,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
             TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             256,
@@ -1538,7 +1539,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
             TLS1_CK_ECDH_anon_WITH_NULL_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             0,
@@ -1552,7 +1553,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
             TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP,
             0,
             128,
@@ -1566,7 +1567,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
             TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             168,
@@ -1580,7 +1581,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
             TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             128,
@@ -1594,7 +1595,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             1,
             TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
             TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
             SSL_NOT_EXP|SSL_HIGH,
             0,
             256,
@@ -2410,7 +2411,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                        }
                if (
                        /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
-                       ((alg & SSL_kECDH) || (alg & SSL_kECDHE))
+                       ((alg & SSL_kECDH) || (alg & SSL_kEECDH))
                        /* and we have an ephemeral EC key */
                        && (s->cert->ecdh_tmp != NULL)
                        /* and the client specified an EllipticCurves extension */
@@ -2505,7 +2506,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #endif
 #ifndef OPENSSL_NO_ECDH
        /* We should ask for fixed ECDH certificates only
-        * for SSL_kECDH (and not SSL_kECDHE)
+        * for SSL_kECDH (and not SSL_kEECDH)
         */
        if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
                {
@@ -2516,7 +2517,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 #ifndef OPENSSL_NO_ECDSA
        /* ECDSA certs can be used with RSA cipher suites as well 
-        * so we don't need to check for SSL_kECDH or SSL_kECDHE
+        * so we don't need to check for SSL_kECDH or SSL_kEECDH
         */
        if (s->version >= TLS1_VERSION)
                {
index bfbf951..b4b95c3 100644 (file)
@@ -365,7 +365,7 @@ int ssl3_accept(SSL *s)
                         * For ECC ciphersuites, we send a serverKeyExchange
                         * message only if the cipher suite is either
                         * ECDH-anon or ECDHE. In other cases, the
-                        * server certificate contains the server's 
+                        * server certificate contains the server's
                         * public key for key exchange.
                         */
                        if (s->s3->tmp.use_rsa_tmp
@@ -374,8 +374,7 @@ int ssl3_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                            || ((l & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-                           || (l & SSL_kECDHE)
-                           || (l & (SSL_DH|SSL_kFZA))
+                           || (l & SSL_kEECDH)
                            || ((l & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
@@ -481,7 +480,7 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SR_KEY_EXCH_A:
                case SSL3_ST_SR_KEY_EXCH_B:
                        ret=ssl3_get_client_key_exchange(s);
-                       if (ret <= 0) 
+                       if (ret <= 0)
                                goto end;
                        if (ret == 2)
                                {
@@ -493,14 +492,14 @@ int ssl3_accept(SSL *s)
                                s->state=SSL3_ST_SR_FINISHED_A;
                                s->init_num = 0;
                                }
-                       else   
+                       else
                                {
                                s->state=SSL3_ST_SR_CERT_VRFY_A;
                                s->init_num=0;
 
                                /* We need to get hashes here so if there is
                                 * a client cert, it can be verified
-                                */ 
+                                */
                                s->method->ssl3_enc->cert_verify_mac(s,
                                    &(s->s3->finish_dgst1),
                                    &(s->s3->tmp.cert_verify_md[0]));
@@ -735,7 +734,7 @@ int ssl3_get_client_hello(SSL *s)
        if (s->client_version < s->version)
                {
                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-               if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
+               if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
                        {
                        /* similar to ssl3_get_record, send alert using remote version number */
                        s->version = s->client_version;
@@ -1302,7 +1301,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                else 
 #endif
 #ifndef OPENSSL_NO_ECDH
-                       if (type & SSL_kECDHE)
+                       if (type & SSL_kEECDH)
                        {
                        const EC_GROUP *group;
 
@@ -1481,7 +1480,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                        }
 
 #ifndef OPENSSL_NO_ECDH
-               if (type & SSL_kECDHE
+               if (type & SSL_kEECDH
                        {
                        /* XXX: For now, we only support named (not generic) curves.
                         * In this situation, the serverKeyExchange message has:
@@ -2088,7 +2087,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 #endif /* OPENSSL_NO_KRB5 */
 
 #ifndef OPENSSL_NO_ECDH
-               if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+               if ((l & SSL_kECDH) || (l & SSL_kEECDH))
                {
                int ret = 1;
                int field_size = 0;
@@ -2141,7 +2140,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                         {
                        /* Client Publickey was in Client Certificate */
 
-                        if (l & SSL_kECDHE) 
+                        if (l & SSL_kEECDH)
                                 {
                                 al=SSL_AD_HANDSHAKE_FAILURE;
                                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
index 0278b03..94724e7 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -277,31 +277,43 @@ extern "C" {
 #define SSL_TXT_LOW            "LOW"
 #define SSL_TXT_MEDIUM         "MEDIUM"
 #define SSL_TXT_HIGH           "HIGH"
-#define SSL_TXT_kFZA           "kFZA"
-#define        SSL_TXT_aFZA            "aFZA"
-#define SSL_TXT_eFZA           "eFZA"
-#define SSL_TXT_FZA            "FZA"
+#define SSL_TXT_kFZA           "kFZA" /* unused! */
+#define        SSL_TXT_aFZA            "aFZA" /* unused! */
+#define SSL_TXT_eFZA           "eFZA" /* unused! */
+#define SSL_TXT_FZA            "FZA"  /* unused! */
 
 #define        SSL_TXT_aNULL           "aNULL"
 #define        SSL_TXT_eNULL           "eNULL"
 #define        SSL_TXT_NULL            "NULL"
 
-#define SSL_TXT_kKRB5          "kKRB5"
-#define SSL_TXT_aKRB5          "aKRB5"
-#define SSL_TXT_KRB5           "KRB5"
-
 #define SSL_TXT_kRSA           "kRSA"
-#define SSL_TXT_kDHr           "kDHr"
-#define SSL_TXT_kDHd           "kDHd"
+#define SSL_TXT_kDHr           "kDHr" /* no such ciphersuites supported! */
+#define SSL_TXT_kDHd           "kDHd" /* no such ciphersuites supported! */
 #define SSL_TXT_kEDH           "kEDH"
+#define SSL_TXT_kKRB5          "kKRB5"
+#define SSL_TXT_kECDHr         "kECDHr"
+#define SSL_TXT_kECDHe         "kECDHe"
+#define SSL_TXT_kECDH          "kECDH"
+#define SSL_TXT_kEECDH         "kEECDH"
+#define SSL_TXT_kPSK            "kPSK"
+
 #define        SSL_TXT_aRSA            "aRSA"
 #define        SSL_TXT_aDSS            "aDSS"
-#define        SSL_TXT_aDH             "aDH"
+#define        SSL_TXT_aDH             "aDH" /* no such ciphersuites supported! */
+#define        SSL_TXT_aECDH           "aECDH"
+#define SSL_TXT_aKRB5          "aKRB5"
+#define SSL_TXT_aECDSA         "aECDSA"
+#define SSL_TXT_aPSK            "aPSK"
+
 #define        SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH             "DH"
-#define SSL_TXT_EDH            "EDH"
+#define SSL_TXT_EDH            "EDH" /* same as "kEDH:-ADH" */
 #define SSL_TXT_ADH            "ADH"
 #define SSL_TXT_RSA            "RSA"
+#define SSL_TXT_ECDH           "ECDH"
+#define SSL_TXT_EECDH          "EECDH" /* same as "kEECDH:-AECDH" */
+#define SSL_TXT_AECDH          "AECDH"
+#define SSL_TXT_ECDSA          "ECDSA"
 #define SSL_TXT_DES            "DES"
 #define SSL_TXT_3DES           "3DES"
 #define SSL_TXT_RC4            "RC4"
@@ -319,11 +331,10 @@ extern "C" {
 #define SSL_TXT_SSLV2          "SSLv2"
 #define SSL_TXT_SSLV3          "SSLv3"
 #define SSL_TXT_TLSV1          "TLSv1"
-#define SSL_TXT_ALL            "ALL"
-#define SSL_TXT_ECC            "ECCdraft" /* ECC ciphersuites are not yet official */
+#define SSL_TXT_KRB5           "KRB5"
 #define SSL_TXT_PSK             "PSK"
-#define SSL_TXT_kPSK            "kPSK"
-#define SSL_TXT_aPSK            "aPSK"
+
+#define SSL_TXT_ALL            "ALL"
 
 /*
  * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
@@ -345,7 +356,7 @@ extern "C" {
 /* The following cipher list is used by default.
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST        "AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+#define SSL_DEFAULT_CIPHER_LIST        "AES:CAMELLIA:ALL:!ADH:!AECDH:+RC4:@STRENGTH" /* low priority for RC4 */
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 #define SSL_SENT_SHUTDOWN      1
index 6475d82..2129759 100644 (file)
@@ -159,12 +159,14 @@ extern "C" {
 #define SSL3_CK_ADH_DES_64_CBC_SHA             0x0300001A
 #define SSL3_CK_ADH_DES_192_CBC_SHA            0x0300001B
 
-#define SSL3_CK_FZA_DMS_NULL_SHA               0x0300001C
-#define SSL3_CK_FZA_DMS_FZA_SHA                        0x0300001D
-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-        to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-        of the ietf-tls list */
-#define SSL3_CK_FZA_DMS_RC4_SHA                        0x0300001E
+#if 0
+       #define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+       #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+       #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+                to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+                of the ietf-tls list */
+       #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+       #endif
 #endif
 
 /*    VRS Additional Kerberos5 entries
@@ -216,9 +218,11 @@ extern "C" {
 #define SSL3_TXT_ADH_DES_64_CBC_SHA            "ADH-DES-CBC-SHA"
 #define SSL3_TXT_ADH_DES_192_CBC_SHA           "ADH-DES-CBC3-SHA"
 
-#define SSL3_TXT_FZA_DMS_NULL_SHA              "FZA-NULL-SHA"
-#define SSL3_TXT_FZA_DMS_FZA_SHA               "FZA-FZA-CBC-SHA"
-#define SSL3_TXT_FZA_DMS_RC4_SHA               "FZA-RC4-SHA"
+#if 0
+       #define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+       #define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+       #define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#endif
 
 #define SSL3_TXT_KRB5_DES_64_CBC_SHA           "KRB5-DES-CBC-SHA"
 #define SSL3_TXT_KRB5_DES_192_CBC3_SHA         "KRB5-DES-CBC3-SHA"
index 5453037..0320e37 100644 (file)
 #define SSL_ENC_RC4_IDX                2
 #define SSL_ENC_RC2_IDX                3
 #define SSL_ENC_IDEA_IDX       4
-#define SSL_ENC_eFZA_IDX       5
-#define SSL_ENC_NULL_IDX       6
-#define SSL_ENC_AES128_IDX     7
-#define SSL_ENC_AES256_IDX     8
-#define SSL_ENC_NUM_IDX                9
-#define SSL_ENC_CAMELLIA128_IDX        9
-#define SSL_ENC_CAMELLIA256_IDX        10
-#undef  SSL_ENC_NUM_IDX
-#define SSL_ENC_NUM_IDX                11
+#define SSL_ENC_NULL_IDX       5
+#define SSL_ENC_AES128_IDX     6
+#define SSL_ENC_AES256_IDX     7
+#define SSL_ENC_CAMELLIA128_IDX        8
+#define SSL_ENC_CAMELLIA256_IDX        9
+#define SSL_ENC_NUM_IDX                10
 
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
@@ -193,31 +190,49 @@ typedef struct cipher_order_st
        } CIPHER_ORDER;
 
 static const SSL_CIPHER cipher_aliases[]={
-       /* Don't include eNULL unless specifically enabled. */
-       /* Don't include ECC in ALL because these ciphers are not yet official. */
-       {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
-       /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
-       {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
-       {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
-       {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
+       /* "ALL" must be first; it doesn't include eNULL (must be specifically enabled) */
+       {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL},
+       /* "COMPLEMENTOFALL" */
+       {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
+
+       /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
+       {0,SSL_TXT_CMPDEF,0,SSL_ADH|SSL_AECDH|(SSL_ENC_MASK & ~SSL_eNULL), 0,0,0,0,SSL_AUTH_MASK|SSL_ENC_MASK,0},
+
+       /* Single key exchange bits
+        * (some of these are multiple key exchange algs according to the RFCs,
+        * e.g. kEDH combines DHE_DSS and DHE_RSA) */
        {0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
-       {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
-       {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
+       {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0}, /* no such ciphersuites supported! */
+       {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0}, /* no such ciphersuites supported! */
        {0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},
-       {0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},
+       {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},
+       {0,SSL_TXT_kECDHr,0,SSL_kECDHr,0,0,0,0,SSL_MKEY_MASK,0},
+       {0,SSL_TXT_kECDHe,0,SSL_kECDHe,0,0,0,0,SSL_MKEY_MASK,0},
+       {0,SSL_TXT_kEECDH,0,SSL_kEECDH,0,0,0,0,SSL_MKEY_MASK,0},
         {0,SSL_TXT_kPSK,0,SSL_kPSK,  0,0,0,0,SSL_MKEY_MASK,0},
+
+       /* More key exchange aliases (combined bits) */
        {0,SSL_TXT_DH,  0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
-       {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
        {0,SSL_TXT_EDH, 0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
-       {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
+       {0,SSL_TXT_kECDH,0,SSL_kECDH,0,0,0,0,SSL_MKEY_MASK,0},
+       {0,SSL_TXT_ECDH,0,SSL_ECDH,  0,0,0,0,SSL_MKEY_MASK,0},
+       {0,SSL_TXT_EECDH,0,SSL_EECDH,0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
+
+       /* Single authentication bits */
        {0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
        {0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
-       {0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},
-        {0,SSL_TXT_aPSK,0,SSL_aPSK,  0,0,0,0,SSL_AUTH_MASK,0},
+       {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},
        {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
-       {0,SSL_TXT_aDH, 0,SSL_aDH,   0,0,0,0,SSL_AUTH_MASK,0},
+       {0,SSL_TXT_aDH, 0,SSL_aDH,   0,0,0,0,SSL_AUTH_MASK,0}, /* no such ciphersuites supported! */
+       {0,SSL_TXT_aECDH, 0,SSL_aECDH,0,0,0,0,SSL_AUTH_MASK,0},
+       {0,SSL_TXT_aECDSA, 0,SSL_aECDSA,0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_aPSK,0,SSL_aPSK,  0,0,0,0,SSL_AUTH_MASK,0},
+
+       /* More authentication aliases */
        {0,SSL_TXT_DSS, 0,SSL_DSS,   0,0,0,0,SSL_AUTH_MASK,0},
+       {0,SSL_TXT_ECDSA,0,SSL_ECDSA,0,0,0,0,SSL_AUTH_MASK,0},
 
+       /* Single encryption bits */
        {0,SSL_TXT_DES, 0,SSL_DES,   0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_3DES,0,SSL_3DES,  0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_RC4, 0,SSL_RC4,   0,0,0,0,SSL_ENC_MASK,0},
@@ -226,19 +241,20 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
 #endif
        {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
-       {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_AES, 0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_CAMELLIA,    0,SSL_CAMELLIA,   0,0,0,0,SSL_ENC_MASK,0},
 
+       /* Single MAC bits */   
        {0,SSL_TXT_MD5, 0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
        {0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
        {0,SSL_TXT_SHA, 0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},
 
+       /* More aliases */
        {0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
        {0,SSL_TXT_RSA, 0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
        {0,SSL_TXT_ADH, 0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
-       {0,SSL_TXT_FZA, 0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
+       {0,SSL_TXT_AECDH,0,SSL_AECDH,0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
         {0,SSL_TXT_PSK, 0,SSL_PSK,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
 
        {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
@@ -466,7 +482,6 @@ static unsigned long ssl_cipher_get_disabled(void)
        {
        unsigned long mask;
 
-       mask = SSL_kFZA;
 #ifdef OPENSSL_NO_RSA
        mask |= SSL_aRSA|SSL_kRSA;
 #endif
@@ -479,8 +494,11 @@ static unsigned long ssl_cipher_get_disabled(void)
 #ifdef OPENSSL_NO_KRB5
        mask |= SSL_kKRB5|SSL_aKRB5;
 #endif
+#ifdef OPENSSL_NO_ECDSA
+       mask |= SSL_aECDSA;
+#endif
 #ifdef OPENSSL_NO_ECDH
-       mask |= SSL_kECDH|SSL_kECDHE;
+       mask |= SSL_kECDHe|SSL_kECDHr|SSL_kECDHE|SSL_aECDH;
 #endif
 #ifdef OPENSSL_NO_PSK
        mask |= SSL_kPSK;
@@ -494,7 +512,6 @@ static unsigned long ssl_cipher_get_disabled(void)
        mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
        mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
        mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
-       mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
        mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
        mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
 
@@ -581,14 +598,24 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
 
        /*
         * Now we add the available ones from the cipher_aliases[] table.
-        * They represent either an algorithm, that must be fully
-        * supported (not match any bit in mask) or represent a cipher
-        * strength value (will be added in any case because algorithms=0).
+        * They represent either an algorithm, that must be
+        * supported (not disabled through 'mask', i.e. all of the
+        * SSL_MKEY_MASK, SSL_AUTH_MASK, .. bits in the alias are set in 'mask')
+        * or represent a cipher strength value (will be added in any case because algorithms=0).
         */
        for (i = 0; i < num_of_group_aliases; i++)
                {
-               if ((i == 0) ||         /* always fetch "ALL" */
-                   !(cipher_aliases[i].algorithms & mask))
+               int algorithms = cipher_aliases[i].algorithms;
+
+               if ((i == 0) /* always fetch "ALL" */ ||
+                   !(((SSL_MKEY_MASK & algorithms) && (SSL_MKEY_MASK & mask)
+                      && ((algorithms & SSL_MKEY_MASK & mask) == (SSL_MKEY_MASK & mask))) ||
+                     ((SSL_AUTH_MASK & algorithms) && (SSL_AUTH_MASK & mask)
+                      && ((algorithms & SSL_AUTH_MASK & mask) == (SSL_AUTH_MASK & mask))) ||
+                     ((SSL_ENC_MASK & algorithms) && (SSL_ENC_MASK & mask)
+                      && ((algorithms & SSL_ENC_MASK & mask) == (SSL_ENC_MASK & mask))) ||
+                     ((SSL_MAC_MASK & algorithms) && (SSL_MAC_MASK & mask)
+                      && ((algorithms & SSL_MAC_MASK & mask) == (SSL_MAC_MASK & mask)))))
                        {
                        *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
                        ca_curr++;
@@ -1105,19 +1132,20 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kDHd:
                kx="DH/DSS";
                break;
-        case SSL_kKRB5:         /* VRS */
-        case SSL_KRB5:          /* VRS */
-            kx="KRB5";
-            break;
-       case SSL_kFZA:
-               kx="Fortezza";
+        case SSL_kKRB5:
+               kx="KRB5";
                break;
        case SSL_kEDH:
                kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
                break;
-       case SSL_kECDH:
-       case SSL_kECDHE:
-               kx=is_export?"ECDH(<=163)":"ECDH";
+       case SSL_kECDHr:
+               kx="ECDH/RSA";
+               break;
+       case SSL_kECDHe:
+               kx="ECDH/ECDSA";
+               break;
+       case SSL_kEECDH:
+               kx="ECDH";
                break;
        case SSL_kPSK:
                kx="PSK";
@@ -1137,11 +1165,12 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_aDH:
                au="DH";
                break;
-        case SSL_aKRB5:         /* VRS */
-        case SSL_KRB5:          /* VRS */
-            au="KRB5";
-            break;
-       case SSL_aFZA:
+        case SSL_aKRB5:
+               au="KRB5";
+               break;
+        case SSL_aECDH:
+               au="ECDH";
+               break;
        case SSL_aNULL:
                au="None";
                break;
@@ -1174,9 +1203,6 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_IDEA:
                enc="IDEA(128)";
                break;
-       case SSL_eFZA:
-               enc="Fortezza";
-               break;
        case SSL_eNULL:
                enc="None";
                break;
index 091195f..eae31f9 100644 (file)
@@ -1784,15 +1784,15 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
                            (signature_nid == NID_md4WithRSAEncryption) ||
                            (signature_nid == NID_md2WithRSAEncryption))
                                {
-                               mask|=SSL_kECDH|SSL_aRSA;
+                               mask|=SSL_kECDHr|SSL_aECDH;
                                if (ecc_pkey_size <= 163)
-                                       emask|=SSL_kECDH|SSL_aRSA;
+                                       emask|=SSL_kECDHr|SSL_aECDH;
                                }
                        if (signature_nid == NID_ecdsa_with_SHA1)
                                {
-                               mask|=SSL_kECDH|SSL_aECDSA;
+                               mask|=SSL_kECDHe|SSL_aECDH;
                                if (ecc_pkey_size <= 163)
-                                       emask|=SSL_kECDH|SSL_aECDSA;
+                                       emask|=SSL_kECDHe|SSL_aECDH;
                                }
                        }
 #endif
@@ -1808,8 +1808,8 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 #ifndef OPENSSL_NO_ECDH
        if (have_ecdh_tmp)
                {
-               mask|=SSL_kECDHE;
-               emask|=SSL_kECDHE;
+               mask|=SSL_kEECDH;
+               emask|=SSL_kEECDH;
                }
 #endif
 
@@ -1902,13 +1902,13 @@ X509 *ssl_get_server_send_cert(SSL *s)
 
        if (kalg & SSL_kECDH)
                {
-               /* we don't need to look at SSL_kECDHE 
+               /* we don't need to look at SSL_kEECDH
                 * since no certificate is needed for
                 * anon ECDH and for authenticated
-                * ECDHE, the check for the auth 
+                * EECDH, the check for the auth
                 * algorithm will set i correctly
                 * NOTE: For ECDH-RSA, we need an ECC
-                * not an RSA cert but for ECDHE-RSA
+                * not an RSA cert but for EECDH-RSA
                 * we need an RSA cert. Placing the
                 * checks for SSL_kECDH before RSA
                 * checks ensures the correct cert is chosen.
index b85861b..a81f239 100644 (file)
  */
 #define SSL_MKEY_MASK          0x200000FFL
 #define SSL_kRSA               0x00000001L /* RSA key exchange */
-#define SSL_kDHr               0x00000002L /* DH cert RSA CA cert */
-#define SSL_kDHd               0x00000004L /* DH cert DSA CA cert */
-#define SSL_kFZA               0x00000008L
-#define SSL_kEDH               0x00000010L /* tmp DH key no DH cert */
-#define SSL_kKRB5              0x00000020L /* Kerberos5 key exchange */
-#define SSL_kECDH               0x00000040L /* ECDH w/ long-term keys */
-#define SSL_kECDHE              0x00000080L /* ephemeral ECDH */
+#define SSL_kDHr               0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
+#define SSL_kDHd               0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
+#define SSL_kEDH               0x00000008L /* tmp DH key no DH cert */
 #define SSL_EDH                        (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
-#define SSL_kPSK                0x20000000L /* PSK */
+#define SSL_kKRB5              0x00000010L /* Kerberos5 key exchange */
+#define SSL_kECDHr             0x00000020L /* ECDH cert, RSA CA cert */
+#define SSL_kECDHe             0x00000040L /* ECDH cert, ECDSA CA cert */
+#define SSL_kECDH              (SSL_kECDHr|SSL_kECDHe)
+#define SSL_kEECDH             0x00000080L /* ephemeral ECDH */
+#define SSL_EECDH              (SSL_kEECDH|(SSL_AUTH_MASK^SSL_aNULL))
+#define SSL_kPSK               0x20000000L /* PSK */
 
 #define SSL_AUTH_MASK          0x10007f00L
-#define SSL_aRSA               0x00000100L /* Authenticate with RSA */
-#define SSL_aDSS               0x00000200L /* Authenticate with DSS */
+#define SSL_aRSA               0x00000100L /* RSA auth */
+#define SSL_aDSS               0x00000200L /* DSS auth */
 #define SSL_DSS                SSL_aDSS
-#define SSL_aFZA               0x00000400L
-#define SSL_aNULL              0x00000800L /* no Authenticate, ADH */
-#define SSL_aDH                0x00001000L /* no Authenticate, ADH */
-#define SSL_aKRB5               0x00002000L /* Authenticate with KRB5 */
-#define SSL_aECDSA              0x00004000L /* Authenticate with ECDSA */
-#define SSL_aPSK                0x10000000L /* PSK */
+#define SSL_aNULL              0x00000400L /* no auth (i.e. use ADH or AECDH) */
+#define SSL_aDH                0x00000800L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
+#define SSL_aECDH              0x00001000L /* Fixed ECDH auth (kECDHe or kECDHr) */
+#define SSL_aKRB5               0x00002000L /* KRB5 auth */
+#define SSL_aECDSA              0x00004000L /* ECDSA auth*/
+#define SSL_ECDSA              SSL_aECDSA
+#define SSL_aPSK                0x10000000L /* PSK auth */
 
 #define SSL_NULL               (SSL_eNULL)
-#define SSL_ADH                        (SSL_kEDH|SSL_aNULL)
 #define SSL_RSA                        (SSL_kRSA|SSL_aRSA)
 #define SSL_DH                 (SSL_kDHr|SSL_kDHd|SSL_kEDH)
-#define SSL_ECDH               (SSL_kECDH|SSL_kECDHE)
-#define SSL_FZA                        (SSL_aFZA|SSL_kFZA|SSL_eFZA)
+#define SSL_ADH                        (SSL_kEDH|SSL_aNULL)
+#define SSL_ECDH               (SSL_kECDH|SSL_kEECDH)
+#define SSL_AECDH              (SSL_kEECDH|SSL_aNULL)
 #define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
 #define SSL_PSK                 (SSL_kPSK|SSL_aPSK)
 
 #define SSL_RC4                        0x00020000L
 #define SSL_RC2                        0x00040000L
 #define SSL_IDEA               0x00080000L
-#define SSL_eFZA               0x00100000L
 #define SSL_eNULL              0x00200000L
 #define SSL_AES                        0x04000000L
 #define SSL_CAMELLIA           0x08000000L
index 06cb57d..eeb6b57 100644 (file)
@@ -686,7 +686,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
        for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
                {
                algs = (sk_SSL_CIPHER_value(cipher_stack, i))->algorithms;
-               if ((algs & SSL_kECDH) || (algs & SSL_kECDHE) || (algs & SSL_aECDSA)) 
+               if ((algs & SSL_kECDH) || (algs & SSL_kEECDH) || (algs & SSL_aECDSA)) 
                        {
                        using_ecc = 1;
                        break;
@@ -731,7 +731,7 @@ int ssl_prepare_serverhello_tlsext(SSL *s)
         * supposed to send an EllipticCurves extension.
         */
        int algs = s->s3->tmp.new_cipher->algorithms;
-       int using_ecc = (algs & SSL_kECDH) || (algs & SSL_kECDHE) || (algs & SSL_aECDSA);
+       int using_ecc = (algs & SSL_kECDH) || (algs & SSL_kEECDH) || (algs & SSL_aECDSA);
        using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
 
        if (using_ecc)
@@ -797,7 +797,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
         */
        int algs = s->s3->tmp.new_cipher->algorithms;
        if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 
-           ((algs & SSL_kECDH) || (algs & SSL_kECDHE) || (algs & SSL_aECDSA))) 
+           ((algs & SSL_kECDH) || (algs & SSL_kEECDH) || (algs & SSL_aECDSA))) 
                {
                /* we are using an ECC cipher */
                size_t i;