Support converting cipher name to RFC name and vice versa
authorPaul Yang <yang.yang@baishancloud.com>
Thu, 29 Jun 2017 19:06:19 +0000 (03:06 +0800)
committerPauli <paul.dale@oracle.com>
Thu, 20 Jul 2017 21:20:14 +0000 (07:20 +1000)
Fixes: issue #3747

make SSL_CIPHER_standard_name globally available and introduce a new
function OPENSSL_cipher_name.

A new option '-convert' is also added to 'openssl ciphers' app.

Documentation and test cases are added.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3859)

15 files changed:
apps/ciphers.c
doc/man1/ciphers.pod
doc/man3/SSL_CIPHER_get_name.pod
include/openssl/ssl.h
include/openssl/ssl3.h
include/openssl/tls1.h
ssl/s3_lib.c
ssl/ssl_ciph.c
ssl/ssl_locl.h
ssl/statem/statem_clnt.c
ssl/t1_trce.c
test/build.info
test/ciphername_test.c [new file with mode: 0644]
test/recipes/80-test_ciphername.t [new file with mode: 0644]
util/libssl.num

index 3cbcc5e..83cdb55 100644 (file)
@@ -17,6 +17,7 @@
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_STDNAME,
+    OPT_CONVERT,
     OPT_SSL3,
     OPT_TLS1,
     OPT_TLS1_1,
@@ -47,15 +48,14 @@ const OPTIONS ciphers_options[] = {
 #ifndef OPENSSL_NO_TLS1_3
     {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
 #endif
-#ifndef OPENSSL_NO_SSL_TRACE
     {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
-#endif
 #ifndef OPENSSL_NO_PSK
     {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
 #endif
 #ifndef OPENSSL_NO_SRP
     {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
 #endif
+    {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
     {NULL}
 };
 
@@ -82,9 +82,7 @@ int ciphers_main(int argc, char **argv)
     STACK_OF(SSL_CIPHER) *sk = NULL;
     const SSL_METHOD *meth = TLS_server_method();
     int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
-#ifndef OPENSSL_NO_SSL_TRACE
     int stdname = 0;
-#endif
 #ifndef OPENSSL_NO_PSK
     int psk = 0;
 #endif
@@ -92,7 +90,7 @@ int ciphers_main(int argc, char **argv)
     int srp = 0;
 #endif
     const char *p;
-    char *ciphers = NULL, *prog;
+    char *ciphers = NULL, *prog, *convert = NULL;
     char buf[512];
     OPTION_CHOICE o;
     int min_version = 0, max_version = 0;
@@ -119,9 +117,10 @@ int ciphers_main(int argc, char **argv)
             use_supported = 1;
             break;
         case OPT_STDNAME:
-#ifndef OPENSSL_NO_SSL_TRACE
             stdname = verbose = 1;
-#endif
+            break;
+        case OPT_CONVERT:
+            convert = opt_arg();
             break;
         case OPT_SSL3:
             min_version = SSL3_VERSION;
@@ -163,6 +162,12 @@ int ciphers_main(int argc, char **argv)
     else if (argc != 0)
         goto opthelp;
 
+    if (convert != NULL) {
+        BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
+                   OPENSSL_cipher_name(convert));
+        goto end;
+    }
+
     ctx = SSL_CTX_new(meth);
     if (ctx == NULL)
         goto err;
@@ -225,14 +230,12 @@ int ciphers_main(int argc, char **argv)
                 else
                     BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
             }
-#ifndef OPENSSL_NO_SSL_TRACE
             if (stdname) {
                 const char *nm = SSL_CIPHER_standard_name(c);
                 if (nm == NULL)
                     nm = "UNKNOWN";
                 BIO_printf(bio_out, "%s - ", nm);
             }
-#endif
             BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
         }
     }
@@ -246,5 +249,5 @@ int ciphers_main(int argc, char **argv)
         sk_SSL_CIPHER_free(sk);
     SSL_CTX_free(ctx);
     SSL_free(ssl);
-    return (ret);
+    return ret;
 }
index 4774a54..0875a87 100644 (file)
@@ -20,6 +20,7 @@ B<openssl> B<ciphers>
 [B<-psk>]
 [B<-srp>]
 [B<-stdname>]
+[B<-convert name>]
 [B<cipherlist>]
 
 =head1 DESCRIPTION
@@ -97,8 +98,11 @@ TLSv1.1 were negotiated.
 
 =item B<-stdname>
 
-Precede each cipher suite by its standard name: only available is OpenSSL
-is built with tracing enabled (B<enable-ssl-trace> argument to Configure).
+Precede each cipher suite by its standard name.
+
+=item B<-convert name>
+
+Convert a standard cipher B<name> to its OpenSSL name.
 
 =item B<cipherlist>
 
@@ -752,6 +756,11 @@ L<s_client(1)>, L<s_server(1)>, L<ssl(7)>
 
 The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
 
+The B<-stdname> is only available if OpenSSL is built with tracing enabled
+(B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1.
+
+The B<-convert> was added in OpenSSL 1.1.1.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
index 157c162..691f9f4 100644 (file)
@@ -3,6 +3,8 @@
 =head1 NAME
 
 SSL_CIPHER_get_name,
+SSL_CIPHER_standard_name,
+OPENSSL_cipher_name,
 SSL_CIPHER_get_bits,
 SSL_CIPHER_get_version,
 SSL_CIPHER_description,
@@ -19,6 +21,8 @@ SSL_CIPHER_is_aead
  #include <openssl/ssl.h>
 
  const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+ const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher);
+ const char *OPENSSL_cipher_name(const char *stdname);
  int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
  char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
  char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
@@ -34,6 +38,14 @@ SSL_CIPHER_is_aead
 SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the
 B<cipher> is NULL, it returns "(NONE)".
 
+SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of
+B<cipher>. If the B<cipher> is NULL, it returns "(NONE)". If the B<cipher>
+has no standard name, it returns B<NULL>.
+
+OPENSSL_cipher_name() returns a pointer to the OpenSSL name of B<stdname>.
+If the B<stdname> is NULL, or B<stdname> has no corresponding OpenSSL name,
+it returns "(NONE)".
+
 SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>.
 If B<cipher> is NULL, 0 is returned.
 
@@ -127,6 +139,12 @@ rather than a fixed string, in OpenSSL 1.1.0.
 
 SSL_CIPHER_get_handshake_digest() was added in OpenSSL 1.1.1.
 
+SSL_CIPHER_standard_name() was globally available in OpenSSL 1.1.1. Before
+OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was
+required to enable this function.
+
+OPENSSL_cipher_name() was added in OpenSSL 1.1.1.
+
 =head1 SEE ALSO
 
 L<ssl(7)>, L<SSL_get_current_cipher(3)>,
index 5d8442c..5dd210d 100644 (file)
@@ -1434,6 +1434,8 @@ __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
 __owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
 __owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
 __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
+__owur const char *OPENSSL_cipher_name(const char *rfc_name);
 __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
 __owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
 __owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
@@ -2034,7 +2036,6 @@ int SSL_CTX_config(SSL_CTX *ctx, const char *name);
 # ifndef OPENSSL_NO_SSL_TRACE
 void SSL_trace(int write_p, int version, int content_type,
                const void *buf, size_t len, SSL *ssl, void *arg);
-__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
 # endif
 
 # ifndef OPENSSL_NO_SOCK
index 0bdd7ed..67e5c09 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -69,6 +69,18 @@ extern "C" {
 # define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
 # define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
 
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define SSL3_RFC_RSA_NULL_MD5                   "SSL_RSA_WITH_NULL_MD5"
+# define SSL3_RFC_RSA_NULL_SHA                   "SSL_RSA_WITH_NULL_SHA"
+# define SSL3_RFC_RSA_DES_192_CBC3_SHA           "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA       "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA       "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_ADH_DES_192_CBC_SHA            "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_RSA_IDEA_128_SHA               "SSL_RSA_WITH_IDEA_CBC_SHA"
+# define SSL3_RFC_RSA_RC4_128_MD5                "SSL_RSA_WITH_RC4_128_MD5"
+# define SSL3_RFC_RSA_RC4_128_SHA                "SSL_RSA_WITH_RC4_128_SHA"
+# define SSL3_RFC_ADH_RC4_128_MD5                "SSL_DH_anon_WITH_RC4_128_MD5"
+
 # define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
 # define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
 # define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
index d929099..3ee0cad 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -598,6 +598,171 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \
 # define TLS1_3_CK_AES_128_CCM_SHA256                     0x03001304
 # define TLS1_3_CK_AES_128_CCM_8_SHA256                   0x03001305
 
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define TLS1_RFC_RSA_WITH_AES_128_SHA                   "TLS_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA               "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA               "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA                   "TLS_DH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA                   "TLS_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA               "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA               "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA                   "TLS_DH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_NULL_SHA256                   "TLS_RSA_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_SHA256                "TLS_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA256                "TLS_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256            "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256            "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256            "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256            "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA256                "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA256                "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256            "TLS_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384            "TLS_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256        "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384        "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256            "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384            "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM                   "TLS_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM                   "TLS_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM               "TLS_DHE_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM               "TLS_DHE_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM_8                 "TLS_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM_8                 "TLS_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8             "TLS_DHE_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8             "TLS_DHE_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM                   "TLS_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM                   "TLS_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM               "TLS_DHE_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM               "TLS_DHE_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM_8                 "TLS_PSK_WITH_AES_128_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM_8                 "TLS_PSK_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8             "TLS_PSK_DHE_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8             "TLS_PSK_DHE_WITH_AES_256_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM           "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM           "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8         "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8         "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"
+# define TLS1_3_RFC_AES_128_GCM_SHA256                   "TLS_AES_128_GCM_SHA256"
+# define TLS1_3_RFC_AES_256_GCM_SHA384                   "TLS_AES_256_GCM_SHA384"
+# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256             "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_SHA256                   "TLS_AES_128_CCM_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_8_SHA256                 "TLS_AES_128_CCM_8_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA              "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA                "TLS_ECDHE_RSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA                "TLS_ECDH_anon_WITH_NULL_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA        "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA         "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA                      "TLS_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA                  "TLS_DHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA                  "TLS_RSA_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA              "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA               "TLS_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA               "TLS_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA          "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA           "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA           "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA          "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA           "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA           "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256            "TLS_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384            "TLS_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256        "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384        "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256        "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384        "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256            "TLS_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384            "TLS_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA256                   "TLS_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_PSK_WITH_NULL_SHA384                   "TLS_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256        "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384        "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256               "TLS_DHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384               "TLS_DHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256        "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384        "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256               "TLS_RSA_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384               "TLS_RSA_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA        "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA         "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA         "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256      "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384      "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA                "TLS_ECDHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256             "TLS_ECDHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384             "TLS_ECDHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA           "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA           "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305         "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305       "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305     "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305             "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305       "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305         "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305         "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256       "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256       "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256       "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256   "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256   "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256       "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA          "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA          "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA          "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA          "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256       "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384       "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_WITH_SEED_SHA                      "TLS_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA                  "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA                  "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_SEED_SHA                      "TLS_DH_anon_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA             "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA             "TLS_ECDH_anon_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA           "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA             "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_PSK_WITH_RC4_128_SHA                   "TLS_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA               "TLS_RSA_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA               "TLS_DHE_PSK_WITH_RC4_128_SHA"
+
 /*
  * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
  * ciphers names with "EDH" instead of "DHE".  Going forward, we should be
index c3adc87..3e70bce 100644 (file)
@@ -41,6 +41,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_NULL_MD5,
+     SSL3_RFC_RSA_NULL_MD5,
      SSL3_CK_RSA_NULL_MD5,
      SSL_kRSA,
      SSL_aRSA,
@@ -56,6 +57,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_NULL_SHA,
+     SSL3_RFC_RSA_NULL_SHA,
      SSL3_CK_RSA_NULL_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -72,6 +74,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_RSA_DES_192_CBC3_SHA,
      SSL3_CK_RSA_DES_192_CBC3_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -87,6 +90,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
      SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -102,6 +106,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
      SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -117,6 +122,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_ADH_DES_192_CBC_SHA,
+     SSL3_RFC_ADH_DES_192_CBC_SHA,
      SSL3_CK_ADH_DES_192_CBC_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -133,6 +139,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_RSA_WITH_AES_128_SHA,
      TLS1_CK_RSA_WITH_AES_128_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -148,6 +155,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -163,6 +171,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -178,6 +187,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_128_SHA,
+     TLS1_RFC_ADH_WITH_AES_128_SHA,
      TLS1_CK_ADH_WITH_AES_128_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -193,6 +203,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_RSA_WITH_AES_256_SHA,
      TLS1_CK_RSA_WITH_AES_256_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -208,6 +219,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -223,6 +235,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -238,6 +251,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_256_SHA,
+     TLS1_RFC_ADH_WITH_AES_256_SHA,
      TLS1_CK_ADH_WITH_AES_256_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -253,6 +267,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_WITH_NULL_SHA256,
      TLS1_CK_RSA_WITH_NULL_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -268,6 +283,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_SHA256,
      TLS1_CK_RSA_WITH_AES_128_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -283,6 +299,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_RSA_WITH_AES_256_SHA256,
      TLS1_CK_RSA_WITH_AES_256_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -298,6 +315,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
      SSL_kDHE,
      SSL_aDSS,
@@ -313,6 +331,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
      SSL_kDHE,
      SSL_aRSA,
@@ -328,6 +347,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
      SSL_kDHE,
      SSL_aDSS,
@@ -343,6 +363,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
      SSL_kDHE,
      SSL_aRSA,
@@ -358,6 +379,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_128_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_SHA256,
      TLS1_CK_ADH_WITH_AES_128_SHA256,
      SSL_kDHE,
      SSL_aNULL,
@@ -373,6 +395,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_256_SHA256,
+     TLS1_RFC_ADH_WITH_AES_256_SHA256,
      TLS1_CK_ADH_WITH_AES_256_SHA256,
      SSL_kDHE,
      SSL_aNULL,
@@ -388,6 +411,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -403,6 +427,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
      SSL_kRSA,
      SSL_aRSA,
@@ -418,6 +443,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
      SSL_kDHE,
      SSL_aRSA,
@@ -433,6 +459,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
      SSL_kDHE,
      SSL_aRSA,
@@ -448,6 +475,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
      SSL_kDHE,
      SSL_aDSS,
@@ -463,6 +491,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
      SSL_kDHE,
      SSL_aDSS,
@@ -478,6 +507,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
      SSL_kDHE,
      SSL_aNULL,
@@ -493,6 +523,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
      SSL_kDHE,
      SSL_aNULL,
@@ -508,6 +539,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_RSA_WITH_AES_128_CCM,
      TLS1_CK_RSA_WITH_AES_128_CCM,
      SSL_kRSA,
      SSL_aRSA,
@@ -523,6 +555,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_RSA_WITH_AES_256_CCM,
      TLS1_CK_RSA_WITH_AES_256_CCM,
      SSL_kRSA,
      SSL_aRSA,
@@ -538,6 +571,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
      TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
      SSL_kDHE,
      SSL_aRSA,
@@ -553,6 +587,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
      TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
      SSL_kDHE,
      SSL_aRSA,
@@ -568,6 +603,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
      TLS1_CK_RSA_WITH_AES_128_CCM_8,
      SSL_kRSA,
      SSL_aRSA,
@@ -583,6 +619,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
      TLS1_CK_RSA_WITH_AES_256_CCM_8,
      SSL_kRSA,
      SSL_aRSA,
@@ -598,6 +635,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
      TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
      SSL_kDHE,
      SSL_aRSA,
@@ -613,6 +651,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
      TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
      SSL_kDHE,
      SSL_aRSA,
@@ -628,6 +667,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_PSK_WITH_AES_128_CCM,
      TLS1_CK_PSK_WITH_AES_128_CCM,
      SSL_kPSK,
      SSL_aPSK,
@@ -643,6 +683,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_PSK_WITH_AES_256_CCM,
      TLS1_CK_PSK_WITH_AES_256_CCM,
      SSL_kPSK,
      SSL_aPSK,
@@ -658,6 +699,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
      TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -673,6 +715,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
      TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -688,6 +731,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
      TLS1_CK_PSK_WITH_AES_128_CCM_8,
      SSL_kPSK,
      SSL_aPSK,
@@ -703,6 +747,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
      TLS1_CK_PSK_WITH_AES_256_CCM_8,
      SSL_kPSK,
      SSL_aPSK,
@@ -718,6 +763,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
      TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -733,6 +779,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
      TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -748,6 +795,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -763,6 +811,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -778,6 +827,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -793,6 +843,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -808,6 +859,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_AES_128_GCM_SHA256,
+     TLS1_3_RFC_AES_128_GCM_SHA256,
      TLS1_3_CK_AES_128_GCM_SHA256,
      0, 0,
      SSL_AES128GCM,
@@ -823,6 +875,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_AES_256_GCM_SHA384,
+     TLS1_3_RFC_AES_256_GCM_SHA384,
      TLS1_3_CK_AES_256_GCM_SHA384,
      SSL_kANY,
      SSL_aANY,
@@ -839,6 +892,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+     TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
      TLS1_3_CK_CHACHA20_POLY1305_SHA256,
      SSL_kANY,
      SSL_aANY,
@@ -855,6 +909,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_AES_128_CCM_SHA256,
+     TLS1_3_RFC_AES_128_CCM_SHA256,
      TLS1_3_CK_AES_128_CCM_SHA256,
      SSL_kANY,
      SSL_aANY,
@@ -870,6 +925,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_3_TXT_AES_128_CCM_8_SHA256,
+     TLS1_3_RFC_AES_128_CCM_8_SHA256,
      TLS1_3_CK_AES_128_CCM_8_SHA256,
      SSL_kANY,
      SSL_aANY,
@@ -887,6 +943,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -903,6 +960,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -919,6 +977,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -934,6 +993,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -949,6 +1009,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
      SSL_kECDHE,
      SSL_aRSA,
@@ -965,6 +1026,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
      SSL_kECDHE,
      SSL_aRSA,
@@ -981,6 +1043,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
      SSL_kECDHE,
      SSL_aRSA,
@@ -996,6 +1059,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1011,6 +1075,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
      SSL_kECDHE,
      SSL_aNULL,
@@ -1027,6 +1092,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
      SSL_kECDHE,
      SSL_aNULL,
@@ -1043,6 +1109,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
      SSL_kECDHE,
      SSL_aNULL,
@@ -1058,6 +1125,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
      SSL_kECDHE,
      SSL_aNULL,
@@ -1073,6 +1141,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -1088,6 +1157,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -1103,6 +1173,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1118,6 +1189,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1133,6 +1205,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -1148,6 +1221,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -1163,6 +1237,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1178,6 +1253,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1196,6 +1272,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_NULL_SHA,
+     TLS1_RFC_PSK_WITH_NULL_SHA,
      TLS1_CK_PSK_WITH_NULL_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -1211,6 +1288,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
      TLS1_CK_DHE_PSK_WITH_NULL_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1226,6 +1304,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
      TLS1_CK_RSA_PSK_WITH_NULL_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1242,6 +1321,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -1258,6 +1338,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -1273,6 +1354,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -1289,6 +1371,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1305,6 +1388,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1320,6 +1404,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1336,6 +1421,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1352,6 +1438,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1367,6 +1454,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1382,6 +1470,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
      TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
      SSL_kPSK,
      SSL_aPSK,
@@ -1397,6 +1486,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
      TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
      SSL_kPSK,
      SSL_aPSK,
@@ -1412,6 +1502,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
      TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1427,6 +1518,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
      TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1442,6 +1534,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
      TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1457,6 +1550,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
      TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1472,6 +1566,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
      TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
      SSL_kPSK,
      SSL_aPSK,
@@ -1487,6 +1582,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
      TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
      SSL_kPSK,
      SSL_aPSK,
@@ -1502,6 +1598,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_PSK_WITH_NULL_SHA256,
      TLS1_CK_PSK_WITH_NULL_SHA256,
      SSL_kPSK,
      SSL_aPSK,
@@ -1517,6 +1614,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_PSK_WITH_NULL_SHA384,
      TLS1_CK_PSK_WITH_NULL_SHA384,
      SSL_kPSK,
      SSL_aPSK,
@@ -1532,6 +1630,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1547,6 +1646,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1562,6 +1662,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
      TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1577,6 +1678,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
      TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -1592,6 +1694,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1607,6 +1710,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1622,6 +1726,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
      TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1637,6 +1742,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
      TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -1654,6 +1760,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1670,6 +1777,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1685,6 +1793,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1700,6 +1809,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1715,6 +1825,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1730,6 +1841,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1745,6 +1857,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1760,6 +1873,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -1780,6 +1894,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
      SSL_kSRP,
      SSL_aSRP,
@@ -1795,6 +1910,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
      SSL_kSRP,
      SSL_aRSA,
@@ -1810,6 +1926,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
      SSL_kSRP,
      SSL_aDSS,
@@ -1826,6 +1943,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
      SSL_kSRP,
      SSL_aSRP,
@@ -1841,6 +1959,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
      SSL_kSRP,
      SSL_aRSA,
@@ -1856,6 +1975,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
      SSL_kSRP,
      SSL_aDSS,
@@ -1871,6 +1991,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
      SSL_kSRP,
      SSL_aSRP,
@@ -1886,6 +2007,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
      SSL_kSRP,
      SSL_aRSA,
@@ -1901,6 +2023,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
      SSL_kSRP,
      SSL_aDSS,
@@ -1920,6 +2043,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
      TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
      SSL_kDHE,
      SSL_aRSA,
@@ -1938,6 +2062,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
      TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
      SSL_kECDHE,
      SSL_aRSA,
@@ -1953,6 +2078,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
      TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -1971,6 +2097,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
      TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
      SSL_kPSK,
      SSL_aPSK,
@@ -1986,6 +2113,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
      TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -2001,6 +2129,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
      TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -2016,6 +2145,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
      TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -2036,6 +2166,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -2051,6 +2182,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kEDH,
      SSL_aDSS,
@@ -2066,6 +2198,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kEDH,
      SSL_aRSA,
@@ -2081,6 +2214,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kEDH,
      SSL_aNULL,
@@ -2096,6 +2230,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kRSA,
      SSL_aRSA,
@@ -2111,6 +2246,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kEDH,
      SSL_aDSS,
@@ -2126,6 +2262,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kEDH,
      SSL_aRSA,
@@ -2141,6 +2278,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
      SSL_kEDH,
      SSL_aNULL,
@@ -2156,6 +2294,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2171,6 +2310,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -2186,6 +2326,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -2201,6 +2342,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -2216,6 +2358,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2231,6 +2374,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -2246,6 +2390,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -2261,6 +2406,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -2278,6 +2424,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -2293,6 +2440,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -2308,6 +2456,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kECDHE,
      SSL_aRSA,
@@ -2323,6 +2472,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kECDHE,
      SSL_aRSA,
@@ -2341,6 +2491,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kPSK,
      SSL_aPSK,
@@ -2356,6 +2507,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kPSK,
      SSL_aPSK,
@@ -2371,6 +2523,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -2386,6 +2539,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -2401,6 +2555,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -2416,6 +2571,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -2431,6 +2587,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -2446,6 +2603,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -2466,6 +2624,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      "GOST2001-GOST89-GOST89",
+     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
      0x3000081,
      SSL_kGOST,
      SSL_aGOST01,
@@ -2481,6 +2640,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      "GOST2001-NULL-GOST94",
+     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
      0x3000083,
      SSL_kGOST,
      SSL_aGOST01,
@@ -2496,6 +2656,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      "GOST2012-GOST8912-GOST8912",
+     NULL,
      0x0300ff85,
      SSL_kGOST,
      SSL_aGOST12 | SSL_aGOST01,
@@ -2511,6 +2672,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      "GOST2012-NULL-GOST12",
+     NULL,
      0x0300ff87,
      SSL_kGOST,
      SSL_aGOST12 | SSL_aGOST01,
@@ -2529,6 +2691,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_IDEA_128_SHA,
+     SSL3_RFC_RSA_IDEA_128_SHA,
      SSL3_CK_RSA_IDEA_128_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2547,6 +2710,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_WITH_SEED_SHA,
+     TLS1_RFC_RSA_WITH_SEED_SHA,
      TLS1_CK_RSA_WITH_SEED_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2562,6 +2726,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
      SSL_kDHE,
      SSL_aDSS,
@@ -2577,6 +2742,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
      SSL_kDHE,
      SSL_aRSA,
@@ -2592,6 +2758,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ADH_WITH_SEED_SHA,
+     TLS1_RFC_ADH_WITH_SEED_SHA,
      TLS1_CK_ADH_WITH_SEED_SHA,
      SSL_kDHE,
      SSL_aNULL,
@@ -2610,6 +2777,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_RC4_128_MD5,
+     SSL3_RFC_RSA_RC4_128_MD5,
      SSL3_CK_RSA_RC4_128_MD5,
      SSL_kRSA,
      SSL_aRSA,
@@ -2625,6 +2793,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_RSA_RC4_128_SHA,
+     SSL3_RFC_RSA_RC4_128_SHA,
      SSL3_CK_RSA_RC4_128_SHA,
      SSL_kRSA,
      SSL_aRSA,
@@ -2640,6 +2809,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      SSL3_TXT_ADH_RC4_128_MD5,
+     SSL3_RFC_ADH_RC4_128_MD5,
      SSL3_CK_ADH_RC4_128_MD5,
      SSL_kDHE,
      SSL_aNULL,
@@ -2657,6 +2827,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
      TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
      SSL_kECDHEPSK,
      SSL_aPSK,
@@ -2672,6 +2843,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
      SSL_kECDHE,
      SSL_aNULL,
@@ -2687,6 +2859,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
      SSL_kECDHE,
      SSL_aECDSA,
@@ -2702,6 +2875,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
      SSL_kECDHE,
      SSL_aRSA,
@@ -2720,6 +2894,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_PSK_WITH_RC4_128_SHA,
      TLS1_CK_PSK_WITH_RC4_128_SHA,
      SSL_kPSK,
      SSL_aPSK,
@@ -2735,6 +2910,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
      TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
      SSL_kRSAPSK,
      SSL_aRSA,
@@ -2750,6 +2926,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     {
      1,
      TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
      TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
      SSL_kDHEPSK,
      SSL_aPSK,
@@ -2777,12 +2954,14 @@ static SSL_CIPHER ssl3_scsvs[] = {
     {
      0,
      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
      SSL3_CK_SCSV,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     },
     {
      0,
      "TLS_FALLBACK_SCSV",
+     "TLS_FALLBACK_SCSV",
      SSL3_CK_FALLBACK_SCSV,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     },
@@ -3605,6 +3784,33 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
     return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
 }
 
+const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
+{
+    SSL_CIPHER *c = NULL;
+    SSL_CIPHER *tbl = ssl3_ciphers;
+    size_t i;
+
+    /* this is not efficient, necessary to optimze this? */
+    for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
+        if (tbl->stdname == NULL)
+            continue;
+        if (strcmp(stdname, tbl->stdname) == 0) {
+            c = tbl;
+            break;
+        }
+    }
+    if (c == NULL) {
+        tbl = ssl3_scsvs;
+        for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
+            if (strcmp(stdname, tbl->stdname) == 0) {
+                c = tbl;
+                break;
+            }
+        }
+    }
+    return c;
+}
+
 /*
  * This function needs to check if the ciphers required are actually
  * available
index e213160..39feb1f 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -188,112 +188,112 @@ typedef struct cipher_order_st {
 
 static const SSL_CIPHER cipher_aliases[] = {
     /* "ALL" doesn't include eNULL (must be specifically enabled) */
-    {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL},
+    {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL},
     /* "COMPLEMENTOFALL" */
-    {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL},
 
     /*
      * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
      * ALL!)
      */
-    {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
+    {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
 
     /*
      * key exchange aliases (some of those using only a single bit here
      * combine multiple key exchange algs according to the RFCs, e.g. kDHE
      * combines DHE_DSS and DHE_RSA)
      */
-    {0, SSL_TXT_kRSA, 0, SSL_kRSA},
+    {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA},
 
-    {0, SSL_TXT_kEDH, 0, SSL_kDHE},
-    {0, SSL_TXT_kDHE, 0, SSL_kDHE},
-    {0, SSL_TXT_DH, 0, SSL_kDHE},
+    {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE},
+    {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE},
+    {0, SSL_TXT_DH, NULL, 0, SSL_kDHE},
 
-    {0, SSL_TXT_kEECDH, 0, SSL_kECDHE},
-    {0, SSL_TXT_kECDHE, 0, SSL_kECDHE},
-    {0, SSL_TXT_ECDH, 0, SSL_kECDHE},
+    {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE},
+    {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE},
+    {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE},
 
-    {0, SSL_TXT_kPSK, 0, SSL_kPSK},
-    {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK},
-    {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK},
-    {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK},
-    {0, SSL_TXT_kSRP, 0, SSL_kSRP},
-    {0, SSL_TXT_kGOST, 0, SSL_kGOST},
+    {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK},
+    {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK},
+    {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK},
+    {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK},
+    {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP},
+    {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST},
 
     /* server authentication aliases */
-    {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA},
-    {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS},
-    {0, SSL_TXT_DSS, 0, 0, SSL_aDSS},
-    {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL},
-    {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA},
-    {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA},
-    {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK},
-    {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01},
-    {0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12},
-    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12},
-    {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP},
+    {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA},
+    {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL},
+    {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK},
+    {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01},
+    {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12},
+    {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12},
+    {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP},
 
     /* aliases combining key exchange and server authentication */
-    {0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL},
-    {0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL},
-    {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL},
-    {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL},
-    {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL},
-    {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA},
-    {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL},
-    {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL},
-    {0, SSL_TXT_PSK, 0, SSL_PSK},
-    {0, SSL_TXT_SRP, 0, SSL_kSRP},
+    {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA},
+    {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL},
+    {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL},
+    {0, SSL_TXT_PSK, NULL, 0, SSL_PSK},
+    {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP},
 
     /* symmetric encryption aliases */
-    {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES},
-    {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4},
-    {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2},
-    {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA},
-    {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED},
-    {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL},
-    {0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
-    {0, SSL_TXT_AES128, 0, 0, 0,
+    {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES},
+    {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4},
+    {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2},
+    {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA},
+    {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED},
+    {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
+    {0, SSL_TXT_AES128, NULL, 0, 0, 0,
      SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
-    {0, SSL_TXT_AES256, 0, 0, 0,
+    {0, SSL_TXT_AES256, NULL, 0, 0, 0,
      SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
-    {0, SSL_TXT_AES, 0, 0, 0, SSL_AES},
-    {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
-    {0, SSL_TXT_AES_CCM, 0, 0, 0,
+    {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES},
+    {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
+    {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0,
      SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
-    {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
-    {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128},
-    {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256},
-    {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA},
-    {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20},
+    {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128},
+    {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
+    {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
+    {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
 
     /* MAC aliases */
-    {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5},
-    {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1},
-    {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1},
-    {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94},
-    {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
-    {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256},
-    {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384},
-    {0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256},
+    {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
+    {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94},
+    {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
+    {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256},
+    {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384},
+    {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256},
 
     /* protocol version aliases */
-    {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION},
-    {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION},
-    {0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION},
-    {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION},
+    {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION},
+    {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
 
     /* strength classes */
-    {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
-    {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
-    {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
+    {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
+    {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
+    {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
     /* FIPS 140-2 approved ciphersuite */
-    {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
+    {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
 
     /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
-    {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
+    {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0,
      SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
-    {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
+    {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0,
      SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
 
 };
@@ -310,9 +310,8 @@ static int get_optional_pkey_id(const char *pkey_name)
     int pkey_id = 0;
     ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
     if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
-                                         ameth) > 0) {
+                                         ameth) > 0)
         return pkey_id;
-    }
     return 0;
 }
 
@@ -407,19 +406,17 @@ int ssl_load_ciphers(void)
      * present, disable appropriate auth and key exchange
      */
     ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
-    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX])
         ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
-    } else {
+    else
         disabled_mac_mask |= SSL_GOST89MAC;
-    }
 
     ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
         get_optional_pkey_id("gost-mac-12");
-    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX])
         ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
-    } else {
+    else
         disabled_mac_mask |= SSL_GOST89MAC12;
-    }
 
     if (!get_optional_pkey_id("gost2001"))
         disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
@@ -481,7 +478,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 
     c = s->cipher;
     if (c == NULL)
-        return (0);
+        return 0;
     if (comp != NULL) {
         SSL_COMP ctmp;
 #ifndef OPENSSL_NO_COMP
@@ -511,9 +508,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 
     i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
 
-    if (i == -1)
+    if (i == -1) {
         *enc = NULL;
-    else {
+    else {
         if (i == SSL_ENC_NULL_IDX)
             *enc = EVP_enc_null();
         else
@@ -569,9 +566,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                  c->algorithm_mac == SSL_SHA256 &&
                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
             *enc = evp, *md = NULL;
-        return (1);
-    } else
-        return (0);
+        return 1;
+    } else {
+        return 0;
+    }
 }
 
 const EVP_MD *ssl_md(int idx)
@@ -920,7 +918,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
     number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
     if (number_uses == NULL) {
         SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
     }
 
     /*
@@ -942,7 +940,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
                                   tail_p);
 
     OPENSSL_free(number_uses);
-    return (1);
+    return 1;
 }
 
 static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -959,7 +957,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 
     retval = 1;
     l = rule_str;
-    for (;;) {
+    for ( ; ; ) {
         ch = *l;
 
         if (ch == '\0')
@@ -1030,8 +1028,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
             if (ch == '+') {
                 multi = 1;
                 l++;
-            } else
+            } else {
                 multi = 0;
+            }
 
             /*
              * Now search for the cipher alias in the ca_list. Be careful
@@ -1065,8 +1064,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     alg_mkey = ca_list[j]->algorithm_mkey;
+                }
             }
 
             if (ca_list[j]->algorithm_auth) {
@@ -1076,8 +1076,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     alg_auth = ca_list[j]->algorithm_auth;
+                }
             }
 
             if (ca_list[j]->algorithm_enc) {
@@ -1087,8 +1088,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     alg_enc = ca_list[j]->algorithm_enc;
+                }
             }
 
             if (ca_list[j]->algorithm_mac) {
@@ -1098,8 +1100,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     alg_mac = ca_list[j]->algorithm_mac;
+                }
             }
 
             if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
@@ -1111,8 +1114,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
+                }
             }
 
             if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
@@ -1124,9 +1128,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         found = 0;
                         break;
                     }
-                } else
+                } else {
                     algo_strength |=
                         ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
+                }
             }
 
             if (ca_list[j]->valid) {
@@ -1161,9 +1166,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
          */
         if (rule == CIPHER_SPECIAL) { /* special command */
             ok = 0;
-            if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0)
+            if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) {
                 ok = ssl_cipher_strength_sort(head_p, tail_p);
-            else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
+            else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
                 int level = buf[9] - '0';
                 if (level < 0 || level > 5) {
                     SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -1172,8 +1177,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                     c->sec_level = level;
                     ok = 1;
                 }
-            } else
+            } else {
                 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+            }
             if (ok == 0)
                 retval = 0;
             /*
@@ -1197,7 +1203,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
             break;              /* done */
     }
 
-    return (retval);
+    return retval;
 }
 
 #ifndef OPENSSL_NO_EC
@@ -1219,8 +1225,9 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
     if (suiteb_flags) {
         c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
         c->cert_flags |= suiteb_flags;
-    } else
+    } else {
         suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+    }
 
     if (!suiteb_flags)
         return 1;
@@ -1297,7 +1304,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
     co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
     if (co_list == NULL) {
         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-        return (NULL);          /* Failure */
+        return NULL;          /* Failure */
     }
 
     ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1415,7 +1422,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
     if (ca_list == NULL) {
         OPENSSL_free(co_list);
         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-        return (NULL);          /* Failure */
+        return NULL;          /* Failure */
     }
     ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
                                disabled_mkey, disabled_auth, disabled_enc,
@@ -1442,7 +1449,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
 
     if (!ok) {                  /* Rule processing failure */
         OPENSSL_free(co_list);
-        return (NULL);
+        return NULL;
     }
 
     /*
@@ -1451,7 +1458,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
      */
     if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
         OPENSSL_free(co_list);
-        return (NULL);
+        return NULL;
     }
 
     /*
@@ -1485,7 +1492,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
     (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
 
     sk_SSL_CIPHER_sort(*cipher_list_by_id);
-    return (cipherstack);
+    return cipherstack;
 }
 
 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
@@ -1500,8 +1507,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         buf = OPENSSL_malloc(len);
         if (buf == NULL)
             return NULL;
-    } else if (len < 128)
+    } else if (len < 128) {
         return NULL;
+    }
 
     alg_mkey = cipher->algorithm_mkey;
     alg_auth = cipher->algorithm_auth;
@@ -1677,7 +1685,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 
     BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
 
-    return (buf);
+    return buf;
 }
 
 const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
@@ -1698,8 +1706,27 @@ const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
 {
     if (c != NULL)
-        return (c->name);
-    return ("(NONE)");
+        return c->name;
+    return "(NONE)";
+}
+
+/* return the actual cipher being used in RFC standard name */
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
+{
+    if (c != NULL)
+        return c->stdname;
+    return "(NONE)";
+}
+
+/* return the OpenSSL name based on given RFC standard name */
+const char *OPENSSL_cipher_name(const char *stdname)
+{
+    const SSL_CIPHER *c;
+
+    if (stdname == NULL)
+        return "(NONE)";
+    c = ssl3_get_cipher_by_std_name(stdname);
+    return SSL_CIPHER_get_name(c);
 }
 
 /* number of bits for symmetric cipher */
@@ -1731,9 +1758,9 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
     for (i = 0; i < nn; i++) {
         ctmp = sk_SSL_COMP_value(sk, i);
         if (ctmp->id == n)
-            return (ctmp);
+            return ctmp;
     }
-    return (NULL);
+    return NULL;
 }
 
 #ifdef OPENSSL_NO_COMP
@@ -1757,7 +1784,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
 {
     load_builtin_compressions();
-    return (ssl_comp_methods);
+    return ssl_comp_methods;
 }
 
 STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
@@ -1806,7 +1833,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
     if (comp == NULL) {
         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
-        return (1);
+        return 1;
     }
 
     comp->id = id;
@@ -1817,16 +1844,16 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
                SSL_R_DUPLICATE_COMPRESSION_ID);
-        return (1);
+        return 1;
     }
     if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
         OPENSSL_free(comp);
         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
-        return (1);
+        return 1;
     }
     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-    return (0);
+    return 0;
 }
 #endif
 
index aae547a..12cc3ca 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
 struct ssl_cipher_st {
     uint32_t valid;
     const char *name;           /* text name */
+    const char *stdname;        /* RFC name */
     uint32_t id;                /* id, 4 bytes, first is version */
     /*
      * changed in 1.0.0: these four used to be portions of a single value
@@ -2151,6 +2152,7 @@ __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
 __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
 
 __owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
 __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
 __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
                                    size_t *len);
index cef0df8..1e96022 100644 (file)
@@ -3568,7 +3568,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
     if (totlen != 0) {
         if (empty_reneg_info_scsv) {
             static SSL_CIPHER scsv = {
-                0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+                0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
             };
             if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
                 SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
@@ -3577,7 +3577,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
         }
         if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
             static SSL_CIPHER scsv = {
-                0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+                0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
             };
             if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
                 SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
index ce98581..803df27 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1470,11 +1470,6 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server,
     return 1;
 }
 
-const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
-{
-    return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl);
-}
-
 void SSL_trace(int write_p, int version, int content_type,
                const void *buf, size_t msglen, SSL *ssl, void *arg)
 {
index 9664443..3d5b15e 100644 (file)
@@ -44,7 +44,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
           pkey_meth_test uitest cipherbytes_test asn1_encode_test \
           x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
           recordlentest drbgtest \
-          time_offset_test pemtest ssl_cert_table_internal_test
+          time_offset_test pemtest ssl_cert_table_internal_test ciphername_test
 
   SOURCE[aborttest]=aborttest.c
   INCLUDE[aborttest]=../include
@@ -323,6 +323,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
   INCLUDE[ssl_cert_table_internal_test]=.. ../include
   DEPEND[ssl_cert_table_internal_test]=../libcrypto libtestutil.a
 
+  SOURCE[ciphername_test]=ciphername_test.c
+  INCLUDE[ciphername_test]=.. ../include
+  DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a
+
   IF[{- !$disabled{psk} -}]
     PROGRAMS_NO_INST=dtls_mtu_test
     SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c
diff --git a/test/ciphername_test.c b/test/ciphername_test.c
new file mode 100644 (file)
index 0000000..995c352
--- /dev/null
@@ -0,0 +1,469 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 BaishanCloud. All rights reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/err.h>
+#include <openssl/e_os2.h>
+#include <openssl/ssl.h>
+#include <openssl/ssl3.h>
+#include <openssl/tls1.h>
+
+#include "e_os.h"
+#include "testutil.h"
+
+typedef struct cipher_id_name {
+    int id;
+    const char *name;
+} CIPHER_ID_NAME;
+
+/* Cipher suites, copied from t1_trce.c */
+static CIPHER_ID_NAME cipher_names[] = {
+    {0x0000, "SSL_NULL_WITH_NULL_NULL"},
+    {0x0001, "SSL_RSA_WITH_NULL_MD5"},
+    {0x0002, "SSL_RSA_WITH_NULL_SHA"},
+    {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"},
+    {0x0004, "SSL_RSA_WITH_RC4_128_MD5"},
+    {0x0005, "SSL_RSA_WITH_RC4_128_SHA"},
+    {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"},
+    {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"},
+    {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"},
+    {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"},
+    {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"},
+    {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"},
+    {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"},
+    {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"},
+    {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"},
+    {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},
+    {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
+    {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
+    {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},
+    {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"},
+    {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"},
+    {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"},
+    {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"},
+    {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"},
+    {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"},
+    {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"},
+    {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"},
+    {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"},
+    {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"},
+    {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"},
+    {0x002C, "TLS_PSK_WITH_NULL_SHA"},
+    {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"},
+    {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"},
+    {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
+    {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"},
+    {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"},
+    {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"},
+    {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"},
+    {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"},
+    {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"},
+    {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
+    {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"},
+    {0x003B, "TLS_RSA_WITH_NULL_SHA256"},
+    {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"},
+    {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"},
+    {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"},
+    {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"},
+    {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
+    {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
+    {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x008A, "TLS_PSK_WITH_RC4_128_SHA"},
+    {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"},
+    {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"},
+    {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"},
+    {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"},
+    {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"},
+    {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"},
+    {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"},
+    {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"},
+    {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"},
+    {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"},
+    {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"},
+    {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"},
+    {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"},
+    {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"},
+    {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"},
+    {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"},
+    {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"},
+    {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"},
+    {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"},
+    {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"},
+    {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B0, "TLS_PSK_WITH_NULL_SHA256"},
+    {0x00B1, "TLS_PSK_WITH_NULL_SHA384"},
+    {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"},
+    {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"},
+    {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"},
+    {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"},
+    {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"},
+    {0x5600, "TLS_FALLBACK_SCSV"},
+    {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"},
+    {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"},
+    {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"},
+    {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"},
+    {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"},
+    {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"},
+    {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"},
+    {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"},
+    {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"},
+    {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"},
+    {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"},
+    {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"},
+    {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"},
+    {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"},
+    {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"},
+    {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"},
+    {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"},
+    {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"},
+    {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"},
+    {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"},
+    {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"},
+    {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
+    {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
+    {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"},
+    {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"},
+    {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
+    {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
+    {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"},
+    {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"},
+    {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+    {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
+    {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"},
+    {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"},
+    {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
+    {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
+    {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"},
+    {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"},
+    {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"},
+    {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
+    {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"},
+    {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"},
+    {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"},
+    {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"},
+    {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"},
+    {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"},
+    {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"},
+    {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"},
+    {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09C, "TLS_RSA_WITH_AES_128_CCM"},
+    {0xC09D, "TLS_RSA_WITH_AES_256_CCM"},
+    {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"},
+    {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"},
+    {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"},
+    {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"},
+    {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"},
+    {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"},
+    {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"},
+    {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"},
+    {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"},
+    {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"},
+    {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"},
+    {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
+    {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
+    {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
+    {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0x1301, "TLS_AES_128_GCM_SHA256"},
+    {0x1302, "TLS_AES_256_GCM_SHA384"},
+    {0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
+    {0x1304, "TLS_AES_128_CCM_SHA256"},
+    {0x1305, "TLS_AES_128_CCM_8_SHA256"},
+    {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
+    {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
+};
+
+static const char *get_std_name_by_id(int id)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(cipher_names); i++)
+        if (cipher_names[i].id == id)
+            return cipher_names[i].name;
+
+    return NULL;
+}
+
+static int test_cipher_name()
+{
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk = NULL;
+    const char *ciphers = "ALL:eNULL", *p, *q, *r;
+    int i, id = 0, ret = 0;
+
+    /* tests for invalid input */
+    p = SSL_CIPHER_standard_name(NULL);
+    if (!TEST_str_eq(p, "(NONE)")) {
+        TEST_info("test_cipher_name(std) failed: NULL input doesn't return \"(NONE)\"\n");
+        goto err;
+    }
+
+    p = OPENSSL_cipher_name(NULL);
+    if (!TEST_str_eq(p, "(NONE)")) {
+        TEST_info("test_cipher_name(ossl) failed: NULL input doesn't return \"(NONE)\"\n");
+        goto err;
+    }
+
+    p = OPENSSL_cipher_name("This is not a valid cipher");
+    if (!TEST_str_eq(p, "(NONE)")) {
+        TEST_info("test_cipher_name(ossl) failed: invalid input doesn't return \"(NONE)\"\n");
+        goto err;
+    }
+
+    /* tests for valid input */
+    ctx = SSL_CTX_new(TLS_server_method());
+    if (ctx == NULL) {
+        TEST_info("test_cipher_name failed: internal error\n");
+        goto err;
+    }
+
+    if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
+        TEST_info("test_cipher_name failed: internal error\n");
+        goto err;
+    }
+
+    ssl = SSL_new(ctx);
+    if (ssl == NULL) {
+        TEST_info("test_cipher_name failed: internal error\n");
+        goto err;
+    }
+
+    sk = SSL_get_ciphers(ssl);
+    if (sk == NULL) {
+        TEST_info("test_cipher_name failed: internal error\n");
+        goto err;
+    }
+
+    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+        c = sk_SSL_CIPHER_value(sk, i);
+        id = SSL_CIPHER_get_id(c) & 0xFFFF;
+        if ((id == 0xFF85) || (id == 0xFF87))
+            /* skip GOST2012-GOST8912-GOST891 and GOST2012-NULL-GOST12 */
+            continue;
+        p = SSL_CIPHER_standard_name(c);
+        q = get_std_name_by_id(id);
+        if (!TEST_ptr(p)) {
+            TEST_info("test_cipher_name failed: expected %s, got NULL, cipher %x\n",
+                      q, id);
+            goto err;
+        }
+        /* check if p is a valid standard name */
+        if (!TEST_str_eq(p, q)) {
+            TEST_info("test_cipher_name(std) failed: expected %s, got %s, cipher %x\n",
+                       q, p, id);
+            goto err;
+        }
+        /* test OPENSSL_cipher_name */
+        q = SSL_CIPHER_get_name(c);
+        r = OPENSSL_cipher_name(p);
+        if (!TEST_str_eq(r, q)) {
+            TEST_info("test_cipher_name(ossl) failed: expected %s, got %s, cipher %x\n",
+                       q, r, id);
+            goto err;
+        }
+    }
+    ret = 1;
+err:
+    SSL_CTX_free(ctx);
+    SSL_free(ssl);
+    return ret;
+}
+
+void register_tests()
+{
+    ADD_TEST(test_cipher_name);
+}
diff --git a/test/recipes/80-test_ciphername.t b/test/recipes/80-test_ciphername.t
new file mode 100644 (file)
index 0000000..33c3d6e
--- /dev/null
@@ -0,0 +1,27 @@
+#! /usr/bin/perl
+#
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017 BaishanCloud. All rights reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test::Simple;
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw(alldisabled available_protocols);
+
+setup("test_ciphername");
+
+my $no_anytls = alldisabled(available_protocols("tls"));
+
+# If we have no protocols, then we also have no supported ciphers.
+plan skip_all => "No SSL/TLS protocol is supported by this OpenSSL build."
+    if $no_anytls;
+
+simple_test("test_ciphername", "ciphername_test");
index ae16d13..26a225c 100644 (file)
@@ -86,7 +86,7 @@ SSL_CTX_set_cookie_verify_cb            86    1_1_0   EXIST::FUNCTION:
 SSL_get_shared_sigalgs                  87     1_1_0   EXIST::FUNCTION:
 SSL_config                              88     1_1_0   EXIST::FUNCTION:
 TLSv1_1_client_method                   89     1_1_0   EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
-SSL_CIPHER_standard_name                90     1_1_0   EXIST::FUNCTION:SSL_TRACE
+SSL_CIPHER_standard_name                90     1_1_0   EXIST::FUNCTION:
 SSL_CTX_get_verify_mode                 91     1_1_0   EXIST::FUNCTION:
 SSL_get_all_async_fds                   92     1_1_0   EXIST::FUNCTION:
 SSL_CTX_check_private_key               93     1_1_0   EXIST::FUNCTION:
@@ -459,3 +459,4 @@ SSL_CIPHER_get_handshake_digest         459 1_1_1   EXIST::FUNCTION:
 SSL_SESSION_set1_master_key             460    1_1_1   EXIST::FUNCTION:
 SSL_SESSION_set_cipher                  461    1_1_1   EXIST::FUNCTION:
 SSL_SESSION_set_protocol_version        462    1_1_1   EXIST::FUNCTION:
+OPENSSL_cipher_name                     463    1_1_1   EXIST::FUNCTION: