{0, "TLSv1.0", 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0},
{0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0},
- /* export flag */
- {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
- {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
-
/* strength classes */
- {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0},
- {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0},
{0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0},
{0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},
{0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0},
{0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0},
/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
- {0, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 0,
- SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_EXPORT | SSL_EXP40,
- 0, 0, 0,},
- {0, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 0,
- SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP | SSL_LOW,
- 0, 0, 0,},
{0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,},
- {0, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 0,
- SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_EXPORT | SSL_EXP40,
- 0, 0, 0,},
- {0, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 0,
- SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP | SSL_LOW,
- 0, 0, 0,},
+ SSL_HIGH | SSL_FIPS, 0, 0, 0,},
{0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,},
+ SSL_HIGH | SSL_FIPS, 0, 0, 0,},
};
continue;
if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
continue;
- if ((algo_strength & SSL_EXP_MASK)
- && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
- continue;
- if ((algo_strength & SSL_STRONG_MASK)
- && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
+ if (algo_strength && !(algo_strength & cp->algo_strength))
continue;
if ((algo_strength & SSL_DEFAULT_MASK)
&& !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
alg_mac = ca_list[j]->algorithm_mac;
}
- if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
- if (algo_strength & SSL_EXP_MASK) {
- algo_strength &=
- (ca_list[j]->algo_strength & SSL_EXP_MASK) |
- ~SSL_EXP_MASK;
- if (!(algo_strength & SSL_EXP_MASK)) {
- found = 0;
- break;
- }
- } else
- algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
- }
-
- if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
- if (algo_strength & SSL_STRONG_MASK) {
- algo_strength &=
- (ca_list[j]->algo_strength & SSL_STRONG_MASK) |
- ~SSL_STRONG_MASK;
- if (!(algo_strength & SSL_STRONG_MASK)) {
+ if (ca_list[j]->algo_strength) {
+ if (algo_strength) {
+ algo_strength &= ca_list[j]->algo_strength;
+ if (!algo_strength) {
found = 0;
break;
}
} else
- algo_strength |=
- ca_list[j]->algo_strength & SSL_STRONG_MASK;
+ algo_strength = ca_list[j]->algo_strength;
}
if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
break;
}
- /* Set auto ECDH parameter determination */
- c->ecdh_tmp_auto = 1;
return 1;
# else
SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
{
- int is_export, pkl, kl;
- const char *ver, *exp_str;
+ const char *ver;
const char *kx, *au, *enc, *mac;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
static const char *format =
- "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+ "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
alg_mac = cipher->algorithm_mac;
alg_ssl = cipher->algorithm_ssl;
- is_export = SSL_C_IS_EXPORT(cipher);
- pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
- kl = SSL_C_EXPORT_KEYLENGTH(cipher);
- exp_str = is_export ? " export" : "";
-
if (alg_ssl & SSL_SSLV3)
ver = "SSLv3";
else if (alg_ssl & SSL_TLSV1)
switch (alg_mkey) {
case SSL_kRSA:
- kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA";
+ kx = "RSA";
break;
case SSL_kDHr:
kx = "DH/RSA";
kx = "DH/DSS";
break;
case SSL_kDHE:
- kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH";
+ kx = "DH";
break;
case SSL_kECDHr:
kx = "ECDH/RSA";
switch (alg_enc) {
case SSL_DES:
- enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)";
+ enc = "DES(56)";
break;
case SSL_3DES:
enc = "3DES(168)";
break;
case SSL_RC4:
- enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)") : "RC4(128)";
+ enc = "RC4(128)";
break;
case SSL_RC2:
- enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)";
+ enc = "RC2(128)";
break;
case SSL_IDEA:
enc = "IDEA(128)";
} else if (len < 128)
return ("Buffer too small");
- BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
- exp_str);
+ BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
return (buf);
}
}
/* number of bits for symmetric cipher */
-int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits)
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
{
- int32_t ret = 0;
+ int ret = 0;
if (c != NULL) {
if (alg_bits != NULL)
- *alg_bits = c->alg_bits;
- ret = c->strength_bits;
+ *alg_bits = (int) c->alg_bits;
+ ret = (int) c->strength_bits;
}
return ret;
}