wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Support converting cipher name to RFC name and vice versa

Browse source 
Fixes: issue #3747

make SSL_CIPHER_standard_name globally available and introduce a new
function OPENSSL_cipher_name.

A new option '-convert' is also added to 'openssl ciphers' app.

Documentation and test cases are added.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3859)
This commit is contained in:
Paul Yang 2017-06-30 03:06:19 +08:00 committed by Pauli
parent b8a437ffa0
commit bbb4ceb86e
15 changed files with 1083 additions and 144 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
apps/ciphers.c
View file

@ -17,6 +17,7 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_STDNAME,
OPT_CONVERT,
OPT_SSL3,
OPT_TLS1,
OPT_TLS1_1,
@ -47,15 +48,14 @@ const OPTIONS ciphers_options[] = {
#ifndef OPENSSL_NO_TLS1_3
{"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
#endif
#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#endif
#ifndef OPENSSL_NO_PSK
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
#endif
#ifndef OPENSSL_NO_SRP
{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
#endif
{"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
{NULL}
};
@ -82,9 +82,7 @@ int ciphers_main(int argc, char **argv)
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
#endif
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
@ -92,7 +90,7 @@ int ciphers_main(int argc, char **argv)
int srp = 0;
#endif
const char *p;
char *ciphers = NULL, *prog;
char *ciphers = NULL, *prog, *convert = NULL;
char buf[512];
OPTION_CHOICE o;
int min_version = 0, max_version = 0;
@ -119,9 +117,10 @@ int ciphers_main(int argc, char **argv)
use_supported = 1;
break;
case OPT_STDNAME:
#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
#endif
break;
case OPT_CONVERT:
convert = opt_arg();
break;
case OPT_SSL3:
min_version = SSL3_VERSION;
@ -163,6 +162,12 @@ int ciphers_main(int argc, char **argv)
else if (argc != 0)
goto opthelp;
if (convert != NULL) {
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
OPENSSL_cipher_name(convert));
goto end;
}
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
@ -225,14 +230,12 @@ int ciphers_main(int argc, char **argv)
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(bio_out, "%s - ", nm);
}
#endif
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
}
}
@ -246,5 +249,5 @@ int ciphers_main(int argc, char **argv)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
return (ret);
return ret;
}

13
doc/man1/ciphers.pod
View file

@ -20,6 +20,7 @@ B<openssl> B<ciphers>
[B<-psk>]
[B<-srp>]
[B<-stdname>]
[B<-convert name>]
[B<cipherlist>]
=head1 DESCRIPTION
@ -97,8 +98,11 @@ TLSv1.1 were negotiated.
=item B<-stdname>
Precede each cipher suite by its standard name: only available is OpenSSL
is built with tracing enabled (B<enable-ssl-trace> argument to Configure).
Precede each cipher suite by its standard name.
=item B<-convert name>
Convert a standard cipher B<name> to its OpenSSL name.
=item B<cipherlist>
@ -752,6 +756,11 @@ L<s_client(1)>, L<s_server(1)>, L<ssl(7)>
The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
The B<-stdname> is only available if OpenSSL is built with tracing enabled
(B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1.
The B<-convert> was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

18
doc/man3/SSL_CIPHER_get_name.pod
View file

@ -3,6 +3,8 @@
=head1 NAME
SSL_CIPHER_get_name,
SSL_CIPHER_standard_name,
OPENSSL_cipher_name,
SSL_CIPHER_get_bits,
SSL_CIPHER_get_version,
SSL_CIPHER_description,
@ -19,6 +21,8 @@ SSL_CIPHER_is_aead
#include <openssl/ssl.h>
const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher);
const char *OPENSSL_cipher_name(const char *stdname);
int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
@ -34,6 +38,14 @@ SSL_CIPHER_is_aead
SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the
B<cipher> is NULL, it returns "(NONE)".
SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of
B<cipher>. If the B<cipher> is NULL, it returns "(NONE)". If the B<cipher>
has no standard name, it returns B<NULL>.
OPENSSL_cipher_name() returns a pointer to the OpenSSL name of B<stdname>.
If the B<stdname> is NULL, or B<stdname> has no corresponding OpenSSL name,
it returns "(NONE)".
SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>.
If B<cipher> is NULL, 0 is returned.
@ -127,6 +139,12 @@ rather than a fixed string, in OpenSSL 1.1.0.
SSL_CIPHER_get_handshake_digest() was added in OpenSSL 1.1.1.
SSL_CIPHER_standard_name() was globally available in OpenSSL 1.1.1. Before
OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was
required to enable this function.
OPENSSL_cipher_name() was added in OpenSSL 1.1.1.
=head1 SEE ALSO
L<ssl(7)>, L<SSL_get_current_cipher(3)>,

3
include/openssl/ssl.h
View file

@ -1434,6 +1434,8 @@ __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
__owur const char *OPENSSL_cipher_name(const char *rfc_name);
__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
@ -2034,7 +2036,6 @@ int SSL_CTX_config(SSL_CTX *ctx, const char *name);
# ifndef OPENSSL_NO_SSL_TRACE
void SSL_trace(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
# endif
# ifndef OPENSSL_NO_SOCK

14
include/openssl/ssl3.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@ -69,6 +69,18 @@ extern "C" {
# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
# define SSL3_RFC_RSA_NULL_MD5 "SSL_RSA_WITH_NULL_MD5"
# define SSL3_RFC_RSA_NULL_SHA "SSL_RSA_WITH_NULL_SHA"
# define SSL3_RFC_RSA_DES_192_CBC3_SHA "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
# define SSL3_RFC_ADH_DES_192_CBC_SHA "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"
# define SSL3_RFC_RSA_IDEA_128_SHA "SSL_RSA_WITH_IDEA_CBC_SHA"
# define SSL3_RFC_RSA_RC4_128_MD5 "SSL_RSA_WITH_RC4_128_MD5"
# define SSL3_RFC_RSA_RC4_128_SHA "SSL_RSA_WITH_RC4_128_SHA"
# define SSL3_RFC_ADH_RC4_128_MD5 "SSL_DH_anon_WITH_RC4_128_MD5"
# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"

167
include/openssl/tls1.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -598,6 +598,171 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \
# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256"
# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256"
# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256"
# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384"
# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM"
# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM"
# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM"
# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM"
# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8"
# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8"
# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8"
# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8"
# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM"
# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM"
# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM"
# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM"
# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8"
# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8"
# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8"
# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"
# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256"
# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA"
# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA"
# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA"
# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA"
# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA"
# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256"
# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384"
# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"
# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384"
# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256"
# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384"
# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384"
# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256"
# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384"
# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA"
# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256"
# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384"
# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"
# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"
# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"
# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA"
# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA"
# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA"
# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA"
# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA"
/*
* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
* ciphers names with "EDH" instead of "DHE". Going forward, we should be

206
ssl/s3_lib.c
View file

File diff suppressed because it is too large Load diff

263
ssl/ssl_ciph.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -188,112 +188,112 @@ typedef struct cipher_order_st {
static const SSL_CIPHER cipher_aliases[] = {
/* "ALL" doesn't include eNULL (must be specifically enabled) */
{0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL},
{0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL},
/* "COMPLEMENTOFALL" */
{0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL},
{0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL},
/*
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
* ALL!)
*/
{0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
{0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
/*
* key exchange aliases (some of those using only a single bit here
* combine multiple key exchange algs according to the RFCs, e.g. kDHE
* combines DHE_DSS and DHE_RSA)
*/
{0, SSL_TXT_kRSA, 0, SSL_kRSA},
{0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA},
{0, SSL_TXT_kEDH, 0, SSL_kDHE},
{0, SSL_TXT_kDHE, 0, SSL_kDHE},
{0, SSL_TXT_DH, 0, SSL_kDHE},
{0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE},
{0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE},
{0, SSL_TXT_DH, NULL, 0, SSL_kDHE},
{0, SSL_TXT_kEECDH, 0, SSL_kECDHE},
{0, SSL_TXT_kECDHE, 0, SSL_kECDHE},
{0, SSL_TXT_ECDH, 0, SSL_kECDHE},
{0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE},
{0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE},
{0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE},
{0, SSL_TXT_kPSK, 0, SSL_kPSK},
{0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK},
{0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK},
{0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK},
{0, SSL_TXT_kSRP, 0, SSL_kSRP},
{0, SSL_TXT_kGOST, 0, SSL_kGOST},
{0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK},
{0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK},
{0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK},
{0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK},
{0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP},
{0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST},
/* server authentication aliases */
{0, SSL_TXT_aRSA, 0, 0, SSL_aRSA},
{0, SSL_TXT_aDSS, 0, 0, SSL_aDSS},
{0, SSL_TXT_DSS, 0, 0, SSL_aDSS},
{0, SSL_TXT_aNULL, 0, 0, SSL_aNULL},
{0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA},
{0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA},
{0, SSL_TXT_aPSK, 0, 0, SSL_aPSK},
{0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01},
{0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12},
{0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12},
{0, SSL_TXT_aSRP, 0, 0, SSL_aSRP},
{0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA},
{0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS},
{0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS},
{0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL},
{0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA},
{0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA},
{0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK},
{0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01},
{0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12},
{0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12},
{0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP},
/* aliases combining key exchange and server authentication */
{0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL},
{0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL},
{0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL},
{0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL},
{0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL},
{0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA},
{0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL},
{0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL},
{0, SSL_TXT_PSK, 0, SSL_PSK},
{0, SSL_TXT_SRP, 0, SSL_kSRP},
{0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL},
{0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL},
{0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
{0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
{0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL},
{0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA},
{0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL},
{0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL},
{0, SSL_TXT_PSK, NULL, 0, SSL_PSK},
{0, SSL_TXT_SRP, NULL, 0, SSL_kSRP},
/* symmetric encryption aliases */
{0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES},
{0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4},
{0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2},
{0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA},
{0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED},
{0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL},
{0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
{0, SSL_TXT_AES128, 0, 0, 0,
{0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES},
{0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4},
{0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2},
{0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA},
{0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED},
{0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL},
{0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
{0, SSL_TXT_AES128, NULL, 0, 0, 0,
SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
{0, SSL_TXT_AES256, 0, 0, 0,
{0, SSL_TXT_AES256, NULL, 0, 0, 0,
SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
{0, SSL_TXT_AES, 0, 0, 0, SSL_AES},
{0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
{0, SSL_TXT_AES_CCM, 0, 0, 0,
{0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES},
{0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
{0, SSL_TXT_AES_CCM, NULL, 0, 0, 0,
SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
{0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
{0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128},
{0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256},
{0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA},
{0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20},
{0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
{0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128},
{0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
{0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
{0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
/* MAC aliases */
{0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5},
{0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1},
{0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1},
{0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94},
{0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
{0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256},
{0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384},
{0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256},
{0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
{0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
{0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1},
{0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94},
{0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
{0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256},
{0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384},
{0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256},
/* protocol version aliases */
{0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION},
{0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION},
{0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION},
{0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION},
{0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
/* strength classes */
{0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
{0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
{0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
{0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
{0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
{0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
/* FIPS 140-2 approved ciphersuite */
{0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
{0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
{0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
{0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0,
SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
{0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
{0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0,
SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
};
@ -310,9 +310,8 @@ static int get_optional_pkey_id(const char *pkey_name)
int pkey_id = 0;
ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
ameth) > 0) {
ameth) > 0)
return pkey_id;
}
return 0;
}
@ -407,19 +406,17 @@ int ssl_load_ciphers(void)
* present, disable appropriate auth and key exchange
*/
ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX])
ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
} else {
else
disabled_mac_mask |= SSL_GOST89MAC;
}
ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
get_optional_pkey_id("gost-mac-12");
if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX])
ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
} else {
else
disabled_mac_mask |= SSL_GOST89MAC12;
}
if (!get_optional_pkey_id("gost2001"))
disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
@ -481,7 +478,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
c = s->cipher;
if (c == NULL)
return (0);
return 0;
if (comp != NULL) {
SSL_COMP ctmp;
#ifndef OPENSSL_NO_COMP
@ -511,9 +508,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
if (i == -1)
if (i == -1) {
*enc = NULL;
else {
} else {
if (i == SSL_ENC_NULL_IDX)
*enc = EVP_enc_null();
else
@ -569,9 +566,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
c->algorithm_mac == SSL_SHA256 &&
(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
*enc = evp, *md = NULL;
return (1);
} else
return (0);
return 1;
} else {
return 0;
}
}
const EVP_MD *ssl_md(int idx)
@ -920,7 +918,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
if (number_uses == NULL) {
SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
return (0);
return 0;
}
/*
@ -942,7 +940,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
tail_p);
OPENSSL_free(number_uses);
return (1);
return 1;
}
static int ssl_cipher_process_rulestr(const char *rule_str,
@ -959,7 +957,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
retval = 1;
l = rule_str;
for (;;) {
for ( ; ; ) {
ch = *l;
if (ch == '\0')
@ -1030,8 +1028,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
if (ch == '+') {
multi = 1;
l++;
} else
} else {
multi = 0;
}
/*
* Now search for the cipher alias in the ca_list. Be careful
@ -1065,8 +1064,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
} else
} else {
alg_mkey = ca_list[j]->algorithm_mkey;
}
}
if (ca_list[j]->algorithm_auth) {
@ -1076,8 +1076,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
} else
} else {
alg_auth = ca_list[j]->algorithm_auth;
}
}
if (ca_list[j]->algorithm_enc) {
@ -1087,8 +1088,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
} else
} else {
alg_enc = ca_list[j]->algorithm_enc;
}
}
if (ca_list[j]->algorithm_mac) {
@ -1098,8 +1100,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
} else
} else {
alg_mac = ca_list[j]->algorithm_mac;
}
}
if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
@ -1111,8 +1114,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
} else
} else {
algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
}
}
if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
@ -1124,9 +1128,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
found = 0;
break;
}
} else
} else {
algo_strength |=
ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
}
}
if (ca_list[j]->valid) {
@ -1161,9 +1166,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
*/
if (rule == CIPHER_SPECIAL) { /* special command */
ok = 0;
if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0)
if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) {
ok = ssl_cipher_strength_sort(head_p, tail_p);
else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
} else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
int level = buf[9] - '0';
if (level < 0 || level > 5) {
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@ -1172,8 +1177,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
c->sec_level = level;
ok = 1;
}
} else
} else {
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
}
if (ok == 0)
retval = 0;
/*
@ -1197,7 +1203,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
break; /* done */
}
return (retval);
return retval;
}
#ifndef OPENSSL_NO_EC
@ -1219,8 +1225,9 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
if (suiteb_flags) {
c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
c->cert_flags |= suiteb_flags;
} else
} else {
suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
}
if (!suiteb_flags)
return 1;
@ -1297,7 +1304,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
return (NULL); /* Failure */
return NULL; /* Failure */
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@ -1415,7 +1422,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (ca_list == NULL) {
OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
return (NULL); /* Failure */
return NULL; /* Failure */
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@ -1442,7 +1449,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (!ok) { /* Rule processing failure */
OPENSSL_free(co_list);
return (NULL);
return NULL;
}
/*
@ -1451,7 +1458,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
OPENSSL_free(co_list);
return (NULL);
return NULL;
}
/*
@ -1485,7 +1492,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id);
return (cipherstack);
return cipherstack;
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
@ -1500,8 +1507,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
buf = OPENSSL_malloc(len);
if (buf == NULL)
return NULL;
} else if (len < 128)
} else if (len < 128) {
return NULL;
}
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
@ -1677,7 +1685,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
return (buf);
return buf;
}
const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
@ -1698,8 +1706,27 @@ const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
{
if (c != NULL)
return (c->name);
return ("(NONE)");
return c->name;
return "(NONE)";
}
/* return the actual cipher being used in RFC standard name */
const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
{
if (c != NULL)
return c->stdname;
return "(NONE)";
}
/* return the OpenSSL name based on given RFC standard name */
const char *OPENSSL_cipher_name(const char *stdname)
{
const SSL_CIPHER *c;
if (stdname == NULL)
return "(NONE)";
c = ssl3_get_cipher_by_std_name(stdname);
return SSL_CIPHER_get_name(c);
}
/* number of bits for symmetric cipher */
@ -1731,9 +1758,9 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
for (i = 0; i < nn; i++) {
ctmp = sk_SSL_COMP_value(sk, i);
if (ctmp->id == n)
return (ctmp);
return ctmp;
}
return (NULL);
return NULL;
}
#ifdef OPENSSL_NO_COMP
@ -1757,7 +1784,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
load_builtin_compressions();
return (ssl_comp_methods);
return ssl_comp_methods;
}
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
@ -1806,7 +1833,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
if (comp == NULL) {
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
return (1);
return 1;
}
comp->id = id;
@ -1817,16 +1844,16 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_DUPLICATE_COMPRESSION_ID);
return (1);
return 1;
}
if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
OPENSSL_free(comp);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
return (1);
return 1;
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
return (0);
return 0;
}
#endif

4
ssl/ssl_locl.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -401,6 +401,7 @@
struct ssl_cipher_st {
uint32_t valid;
const char *name; /* text name */
const char *stdname; /* RFC name */
uint32_t id; /* id, 4 bytes, first is version */
/*
* changed in 1.0.0: these four used to be portions of a single value
@ -2151,6 +2152,7 @@ __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
size_t *len);

4
ssl/statem/statem_clnt.c
View file

@ -3568,7 +3568,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
if (totlen != 0) {
if (empty_reneg_info_scsv) {
static SSL_CIPHER scsv = {
0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
@ -3577,7 +3577,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
}
if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
static SSL_CIPHER scsv = {
0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);

7
ssl/t1_trce.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -1470,11 +1470,6 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, int server,
return 1;
}
const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
{
return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl);
}
void SSL_trace(int write_p, int version, int content_type,
const void *buf, size_t msglen, SSL *ssl, void *arg)
{

6
test/build.info
View file

@ -44,7 +44,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
pkey_meth_test uitest cipherbytes_test asn1_encode_test \
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
recordlentest drbgtest \
time_offset_test pemtest ssl_cert_table_internal_test
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test
SOURCE[aborttest]=aborttest.c
INCLUDE[aborttest]=../include
@ -323,6 +323,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
INCLUDE[ssl_cert_table_internal_test]=.. ../include
DEPEND[ssl_cert_table_internal_test]=../libcrypto libtestutil.a
SOURCE[ciphername_test]=ciphername_test.c
INCLUDE[ciphername_test]=.. ../include
DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a
IF[{- !$disabled{psk} -}]
PROGRAMS_NO_INST=dtls_mtu_test
SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c

469
test/ciphername_test.c Normal file
View file

@ -0,0 +1,469 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 BaishanCloud. All rights reserved.
*
* Licensed under the OpenSSL licenses, (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* https://www.openssl.org/source/license.html
* or in the file LICENSE in the source distribution.
*/
#include <stdio.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/err.h>
#include <openssl/e_os2.h>
#include <openssl/ssl.h>
#include <openssl/ssl3.h>
#include <openssl/tls1.h>
#include "e_os.h"
#include "testutil.h"
typedef struct cipher_id_name {
int id;
const char *name;
} CIPHER_ID_NAME;
/* Cipher suites, copied from t1_trce.c */
static CIPHER_ID_NAME cipher_names[] = {
{0x0000, "SSL_NULL_WITH_NULL_NULL"},
{0x0001, "SSL_RSA_WITH_NULL_MD5"},
{0x0002, "SSL_RSA_WITH_NULL_SHA"},
{0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"},
{0x0004, "SSL_RSA_WITH_RC4_128_MD5"},
{0x0005, "SSL_RSA_WITH_RC4_128_SHA"},
{0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
{0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"},
{0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"},
{0x0009, "SSL_RSA_WITH_DES_CBC_SHA"},
{0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"},
{0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
{0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"},
{0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
{0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
{0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"},
{0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
{0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
{0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"},
{0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
{0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
{0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"},
{0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
{0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"},
{0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"},
{0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
{0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"},
{0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},
{0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
{0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
{0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},
{0x0020, "TLS_KRB5_WITH_RC4_128_SHA"},
{0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"},
{0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"},
{0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"},
{0x0024, "TLS_KRB5_WITH_RC4_128_MD5"},
{0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"},
{0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"},
{0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"},
{0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"},
{0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"},
{0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"},
{0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"},
{0x002C, "TLS_PSK_WITH_NULL_SHA"},
{0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"},
{0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"},
{0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"},
{0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
{0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
{0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"},
{0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
{0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"},
{0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"},
{0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"},
{0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"},
{0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"},
{0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
{0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"},
{0x003B, "TLS_RSA_WITH_NULL_SHA256"},
{0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"},
{0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"},
{0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"},
{0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"},
{0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"},
{0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"},
{0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"},
{0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"},
{0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"},
{0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"},
{0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"},
{0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
{0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"},
{0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"},
{0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"},
{0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
{0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
{0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
{0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"},
{0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"},
{0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"},
{0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"},
{0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"},
{0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"},
{0x008A, "TLS_PSK_WITH_RC4_128_SHA"},
{0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"},
{0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"},
{0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"},
{0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"},
{0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"},
{0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"},
{0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"},
{0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"},
{0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"},
{0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"},
{0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"},
{0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"},
{0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"},
{0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"},
{0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"},
{0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"},
{0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"},
{0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"},
{0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"},
{0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"},
{0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"},
{0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"},
{0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"},
{0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"},
{0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"},
{0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"},
{0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"},
{0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"},
{0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"},
{0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"},
{0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"},
{0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"},
{0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"},
{0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"},
{0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"},
{0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"},
{0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"},
{0x00B0, "TLS_PSK_WITH_NULL_SHA256"},
{0x00B1, "TLS_PSK_WITH_NULL_SHA384"},
{0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"},
{0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"},
{0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"},
{0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"},
{0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"},
{0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"},
{0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"},
{0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"},
{0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
{0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
{0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
{0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
{0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
{0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"},
{0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
{0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
{0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
{0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
{0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
{0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"},
{0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"},
{0x5600, "TLS_FALLBACK_SCSV"},
{0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"},
{0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"},
{0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"},
{0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"},
{0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"},
{0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"},
{0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"},
{0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
{0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"},
{0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"},
{0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"},
{0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"},
{0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"},
{0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"},
{0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"},
{0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"},
{0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"},
{0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
{0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"},
{0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
{0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"},
{0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"},
{0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"},
{0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"},
{0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"},
{0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"},
{0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"},
{0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"},
{0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"},
{0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"},
{0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"},
{0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"},
{0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"},
{0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"},
{0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
{0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
{0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"},
{0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"},
{0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
{0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
{0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"},
{0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"},
{0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
{0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
{0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"},
{0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"},
{0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
{0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
{0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"},
{0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"},
{0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"},
{0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"},
{0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
{0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"},
{0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"},
{0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"},
{0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"},
{0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"},
{0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"},
{0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"},
{0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"},
{0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"},
{0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"},
{0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"},
{0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"},
{0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"},
{0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"},
{0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"},
{0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"},
{0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"},
{0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"},
{0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"},
{0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"},
{0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"},
{0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"},
{0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"},
{0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"},
{0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"},
{0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"},
{0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"},
{0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"},
{0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"},
{0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"},
{0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"},
{0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"},
{0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"},
{0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"},
{0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"},
{0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"},
{0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"},
{0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"},
{0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"},
{0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"},
{0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"},
{0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"},
{0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"},
{0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"},
{0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"},
{0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"},
{0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"},
{0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"},
{0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"},
{0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"},
{0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"},
{0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"},
{0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"},
{0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"},
{0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"},
{0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"},
{0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"},
{0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"},
{0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"},
{0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"},
{0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
{0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
{0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
{0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
{0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
{0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
{0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
{0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
{0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
{0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
{0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
{0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
{0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
{0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
{0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
{0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
{0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
{0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
{0xC09C, "TLS_RSA_WITH_AES_128_CCM"},
{0xC09D, "TLS_RSA_WITH_AES_256_CCM"},
{0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"},
{0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"},
{0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"},
{0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"},
{0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"},
{0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"},
{0xC0A4, "TLS_PSK_WITH_AES_128_CCM"},
{0xC0A5, "TLS_PSK_WITH_AES_256_CCM"},
{0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"},
{0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"},
{0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"},
{0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"},
{0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"},
{0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"},
{0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"},
{0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
{0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
{0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
{0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
{0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
{0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
{0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"},
{0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
{0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
{0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"},
{0x1301, "TLS_AES_128_GCM_SHA256"},
{0x1302, "TLS_AES_256_GCM_SHA384"},
{0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
{0x1304, "TLS_AES_128_CCM_SHA256"},
{0x1305, "TLS_AES_128_CCM_8_SHA256"},
{0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
{0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
};
static const char *get_std_name_by_id(int id)
{
size_t i;
for (i = 0; i < OSSL_NELEM(cipher_names); i++)
if (cipher_names[i].id == id)
return cipher_names[i].name;
return NULL;
}
static int test_cipher_name()
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk = NULL;
const char *ciphers = "ALL:eNULL", *p, *q, *r;
int i, id = 0, ret = 0;
/* tests for invalid input */
p = SSL_CIPHER_standard_name(NULL);
if (!TEST_str_eq(p, "(NONE)")) {
TEST_info("test_cipher_name(std) failed: NULL input doesn't return \"(NONE)\"\n");
goto err;
}
p = OPENSSL_cipher_name(NULL);
if (!TEST_str_eq(p, "(NONE)")) {
TEST_info("test_cipher_name(ossl) failed: NULL input doesn't return \"(NONE)\"\n");
goto err;
}
p = OPENSSL_cipher_name("This is not a valid cipher");
if (!TEST_str_eq(p, "(NONE)")) {
TEST_info("test_cipher_name(ossl) failed: invalid input doesn't return \"(NONE)\"\n");
goto err;
}
/* tests for valid input */
ctx = SSL_CTX_new(TLS_server_method());
if (ctx == NULL) {
TEST_info("test_cipher_name failed: internal error\n");
goto err;
}
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
TEST_info("test_cipher_name failed: internal error\n");
goto err;
}
ssl = SSL_new(ctx);
if (ssl == NULL) {
TEST_info("test_cipher_name failed: internal error\n");
goto err;
}
sk = SSL_get_ciphers(ssl);
if (sk == NULL) {
TEST_info("test_cipher_name failed: internal error\n");
goto err;
}
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
c = sk_SSL_CIPHER_value(sk, i);
id = SSL_CIPHER_get_id(c) & 0xFFFF;
if ((id == 0xFF85) || (id == 0xFF87))
/* skip GOST2012-GOST8912-GOST891 and GOST2012-NULL-GOST12 */
continue;
p = SSL_CIPHER_standard_name(c);
q = get_std_name_by_id(id);
if (!TEST_ptr(p)) {
TEST_info("test_cipher_name failed: expected %s, got NULL, cipher %x\n",
q, id);
goto err;
}
/* check if p is a valid standard name */
if (!TEST_str_eq(p, q)) {
TEST_info("test_cipher_name(std) failed: expected %s, got %s, cipher %x\n",
q, p, id);
goto err;
}
/* test OPENSSL_cipher_name */
q = SSL_CIPHER_get_name(c);
r = OPENSSL_cipher_name(p);
if (!TEST_str_eq(r, q)) {
TEST_info("test_cipher_name(ossl) failed: expected %s, got %s, cipher %x\n",
q, r, id);
goto err;
}
}
ret = 1;
err:
SSL_CTX_free(ctx);
SSL_free(ssl);
return ret;
}
void register_tests()
{
ADD_TEST(test_cipher_name);
}

27
test/recipes/80-test_ciphername.t Normal file
View file

@ -0,0 +1,27 @@
#! /usr/bin/perl
#
# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017 BaishanCloud. All rights reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use OpenSSL::Test::Simple;
use OpenSSL::Test;
use OpenSSL::Test::Utils qw(alldisabled available_protocols);
setup("test_ciphername");
my $no_anytls = alldisabled(available_protocols("tls"));
# If we have no protocols, then we also have no supported ciphers.
plan skip_all => "No SSL/TLS protocol is supported by this OpenSSL build."
if $no_anytls;
simple_test("test_ciphername", "ciphername_test");

3
util/libssl.num
View file

@ -86,7 +86,7 @@ SSL_CTX_set_cookie_verify_cb 86 1_1_0 EXIST::FUNCTION:
SSL_get_shared_sigalgs 87 1_1_0 EXIST::FUNCTION:
SSL_config 88 1_1_0 EXIST::FUNCTION:
TLSv1_1_client_method 89 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
SSL_CIPHER_standard_name 90 1_1_0 EXIST::FUNCTION:SSL_TRACE
SSL_CIPHER_standard_name 90 1_1_0 EXIST::FUNCTION:
SSL_CTX_get_verify_mode 91 1_1_0 EXIST::FUNCTION:
SSL_get_all_async_fds 92 1_1_0 EXIST::FUNCTION:
SSL_CTX_check_private_key 93 1_1_0 EXIST::FUNCTION:
@ -459,3 +459,4 @@ SSL_CIPHER_get_handshake_digest 459 1_1_1 EXIST::FUNCTION:
SSL_SESSION_set1_master_key 460 1_1_1 EXIST::FUNCTION:
SSL_SESSION_set_cipher 461 1_1_1 EXIST::FUNCTION:
SSL_SESSION_set_protocol_version 462 1_1_1 EXIST::FUNCTION:
OPENSSL_cipher_name 463 1_1_1 EXIST::FUNCTION: