X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_lib.c;h=4531f4655667586a7bb5837bb011ad943d2c6422;hp=618f53d73d46b372fa4934adce62f7d1aac00c7b;hb=e91fb53b38a75953a693fadbc09177245bc7a05d;hpb=cbf81235122917265e18a86f07a7af2d15e3d525 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 618f53d73d..4531f46556 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -428,9 +428,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 11 */ { 1, - SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, - SSL3_CK_EDH_DSS_DES_40_CBC_SHA, - SSL_kEDH, + SSL3_TXT_DHE_DSS_DES_40_CBC_SHA, + SSL3_CK_DHE_DSS_DES_40_CBC_SHA, + SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, @@ -444,9 +444,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 12 */ { 1, - SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, - SSL3_CK_EDH_DSS_DES_64_CBC_SHA, - SSL_kEDH, + SSL3_TXT_DHE_DSS_DES_64_CBC_SHA, + SSL3_CK_DHE_DSS_DES_64_CBC_SHA, + SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, @@ -460,9 +460,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 13 */ { 1, - SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, - SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, - SSL_kEDH, + SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, + SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, + SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, @@ -476,9 +476,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 14 */ { 1, - SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, - SSL3_CK_EDH_RSA_DES_40_CBC_SHA, - SSL_kEDH, + SSL3_TXT_DHE_RSA_DES_40_CBC_SHA, + SSL3_CK_DHE_RSA_DES_40_CBC_SHA, + SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, @@ -492,9 +492,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 15 */ { 1, - SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, - SSL3_CK_EDH_RSA_DES_64_CBC_SHA, - SSL_kEDH, + SSL3_TXT_DHE_RSA_DES_64_CBC_SHA, + SSL3_CK_DHE_RSA_DES_64_CBC_SHA, + SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, @@ -508,9 +508,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 16 */ { 1, - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, - SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, - SSL_kEDH, + SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, + SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, + SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, @@ -526,7 +526,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_ADH_RC4_40_MD5, SSL3_CK_ADH_RC4_40_MD5, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_RC4, SSL_MD5, @@ -542,7 +542,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_RC4, SSL_MD5, @@ -558,7 +558,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_ADH_DES_40_CBC_SHA, SSL3_CK_ADH_DES_40_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_DES, SSL_SHA1, @@ -574,7 +574,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_ADH_DES_64_CBC_SHA, SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_DES, SSL_SHA1, @@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_3DES, SSL_SHA1, @@ -930,7 +930,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, TLS1_CK_DHE_DSS_WITH_AES_128_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_AES128, SSL_SHA1, @@ -945,7 +945,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, @@ -960,7 +960,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ADH_WITH_AES_128_SHA, TLS1_CK_ADH_WITH_AES_128_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_AES128, SSL_SHA1, @@ -1023,7 +1023,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, TLS1_CK_DHE_DSS_WITH_AES_256_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_AES256, SSL_SHA1, @@ -1039,7 +1039,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, @@ -1055,7 +1055,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ADH_WITH_AES_256_SHA, TLS1_CK_ADH_WITH_AES_256_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_AES256, SSL_SHA1, @@ -1152,7 +1152,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_AES128, SSL_SHA256, @@ -1219,7 +1219,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA128, SSL_SHA1, @@ -1235,7 +1235,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA128, SSL_SHA1, @@ -1251,7 +1251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA128, SSL_SHA1, @@ -1320,7 +1320,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, @@ -1352,7 +1352,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_RC4, SSL_SHA1, @@ -1368,7 +1368,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_RC4, SSL_SHA1, @@ -1386,7 +1386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA256, @@ -1434,7 +1434,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_AES256, SSL_SHA256, @@ -1450,7 +1450,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA256, @@ -1466,7 +1466,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ADH_WITH_AES_128_SHA256, TLS1_CK_ADH_WITH_AES_128_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_AES128, SSL_SHA256, @@ -1482,7 +1482,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ADH_WITH_AES_256_SHA256, TLS1_CK_ADH_WITH_AES_256_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_AES256, SSL_SHA256, @@ -1607,7 +1607,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA256, SSL_SHA1, @@ -1623,7 +1623,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA256, SSL_SHA1, @@ -1639,7 +1639,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA256, SSL_SHA1, @@ -1678,7 +1678,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AES128, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, @@ -1710,7 +1710,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AES256, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, @@ -1773,7 +1773,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_SEED_SHA, TLS1_CK_DHE_DSS_WITH_SEED_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_SEED, SSL_SHA1, @@ -1789,7 +1789,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_RSA_WITH_SEED_SHA, TLS1_CK_DHE_RSA_WITH_SEED_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_SEED, SSL_SHA1, @@ -1805,7 +1805,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ADH_WITH_SEED_SHA, TLS1_CK_ADH_WITH_SEED_SHA, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_SEED, SSL_SHA1, @@ -1857,7 +1857,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_AES128GCM, SSL_AEAD, @@ -1873,7 +1873,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_AES256GCM, SSL_AEAD, @@ -1921,7 +1921,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_AES128GCM, SSL_AEAD, @@ -1937,7 +1937,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_AES256GCM, SSL_AEAD, @@ -1985,7 +1985,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_AES128GCM, SSL_AEAD, @@ -2001,7 +2001,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_AES256GCM, SSL_AEAD, @@ -2114,7 +2114,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_eNULL, SSL_SHA1, @@ -2130,7 +2130,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_RC4, SSL_SHA1, @@ -2146,7 +2146,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_3DES, SSL_SHA1, @@ -2162,7 +2162,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES128, SSL_SHA1, @@ -2178,7 +2178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES256, SSL_SHA1, @@ -2274,7 +2274,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_eNULL, SSL_SHA1, @@ -2290,7 +2290,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, @@ -2306,7 +2306,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, @@ -2322,7 +2322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, @@ -2338,7 +2338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, @@ -2354,7 +2354,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_NULL_SHA, TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_eNULL, SSL_SHA1, @@ -2370,7 +2370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_RC4, SSL_SHA1, @@ -2386,7 +2386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_3DES, SSL_SHA1, @@ -2402,7 +2402,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_AES128, SSL_SHA1, @@ -2418,7 +2418,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_AES256, SSL_SHA1, @@ -2584,7 +2584,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES128, SSL_SHA256, @@ -2600,7 +2600,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES256, SSL_SHA384, @@ -2648,7 +2648,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES128, SSL_SHA256, @@ -2664,7 +2664,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES256, SSL_SHA384, @@ -2714,7 +2714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES128GCM, SSL_AEAD, @@ -2730,7 +2730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES256GCM, SSL_AEAD, @@ -2778,7 +2778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES128GCM, SSL_AEAD, @@ -2794,7 +2794,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES256GCM, SSL_AEAD, @@ -3029,8 +3029,8 @@ void ssl3_free(SSL *s) SSL_SRP_CTX_free(s); #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->tlsext_custom_types != NULL) - OPENSSL_free(s->s3->tlsext_custom_types); + if (s->s3->serverinfo_client_tlsext_custom_types != NULL) + OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); #endif OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); @@ -3076,12 +3076,12 @@ void ssl3_clear(SSL *s) } #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->tlsext_custom_types != NULL) + if (s->s3->serverinfo_client_tlsext_custom_types != NULL) { - OPENSSL_free(s->s3->tlsext_custom_types); - s->s3->tlsext_custom_types = NULL; + OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); + s->s3->serverinfo_client_tlsext_custom_types = NULL; } - s->s3->tlsext_custom_types_count = 0; + s->s3->serverinfo_client_tlsext_custom_types_count = 0; #ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ @@ -3424,6 +3424,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) else return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg); + case SSL_CTRL_GET_CHAIN_CERTS: + *(STACK_OF(X509) **)parg = s->cert->key->chain; + break; + + case SSL_CTRL_SELECT_CURRENT_CERT: + return ssl_cert_select_current(s->cert, (X509 *)parg); + + case SSL_CTRL_SET_CURRENT_CERT: + return ssl_cert_set_current(s->cert, larg); + #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_CURVES: { @@ -3898,7 +3908,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) break; case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: - *(STACK_OF(X509) **)parg = ctx->extra_certs; + if (ctx->extra_certs == NULL && larg == 0) + *(STACK_OF(X509) **)parg = ctx->cert->key->chain; + else + *(STACK_OF(X509) **)parg = ctx->extra_certs; break; case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: @@ -3923,6 +3936,16 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) else return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg); + case SSL_CTRL_GET_CHAIN_CERTS: + *(STACK_OF(X509) **)parg = ctx->cert->key->chain; + break; + + case SSL_CTRL_SELECT_CURRENT_CERT: + return ssl_cert_select_current(ctx->cert, (X509 *)parg); + + case SSL_CTRL_SET_CURRENT_CERT: + return ssl_cert_set_current(ctx->cert, larg); + default: return(0); } @@ -4147,7 +4170,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_EC /* if we are considering an ECC cipher suite that uses * an ephemeral EC key check it */ - if (alg_k & SSL_kEECDH) + if (alg_k & SSL_kECDHE) ok = ok && tls1_check_ec_tmp_key(s, c->id); #endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_TLSEXT */ @@ -4157,7 +4180,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (ii >= 0) { #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) - if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) + if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); continue; @@ -4226,7 +4249,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) #endif #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kDHr|SSL_kEDH)) + if (alg_k & (SSL_kDHr|SSL_kDHE)) { # ifndef OPENSSL_NO_RSA /* Since this refers to a certificate signed with an RSA @@ -4241,7 +4264,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) # endif } if ((s->version == SSL3_VERSION) && - (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) + (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr))) { # ifndef OPENSSL_NO_RSA p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; @@ -4271,7 +4294,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) #ifndef OPENSSL_NO_ECDSA /* ECDSA certs can be used with RSA cipher suites as well - * so we don't need to check for SSL_kECDH or SSL_kEECDH + * so we don't need to check for SSL_kECDH or SSL_kECDHE */ if (s->version >= TLS1_VERSION) {