]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/s3_lib.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Convert X509_REVOKED* functions to use const getters
[thirdparty/openssl.git] / ssl / s3_lib.c
CommitLineData
846e33c7
RS		 1/*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
5a4fbc69 3 *
846e33c7
RS		 4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
5a4fbc69 8 */
846e33c7 9
ea262260
BM		 10/* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
12 *
0f113f3e 13 * Portions of the attached software ("Contribution") are developed by
ea262260
BM		 14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
15 *
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
18 *
ea262260
BM		 19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
21 *
22 */
ddac1974
NL		 23/* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
25 *
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
28 * license.
29 *
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
33 *
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
37 *
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
42 *
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
47 * OTHERWISE.
48 */
d02b48c6
RE		 49
50#include <stdio.h>
ec577822 51#include <openssl/objects.h>
d02b48c6 52#include "ssl_locl.h"
dbad1690 53#include <openssl/md5.h>
3c27208f 54#include <openssl/dh.h>
a3680c8f 55#include <openssl/rand.h>
d02b48c6 56
b6eb9827 57#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
d02b48c6 58
748f2546
RS		 59/*
60 * The list of available ciphers, organized into the following
61 * groups:
62 * Always there
63 * EC
64 * PSK
65 * SRP (within that: RSA EC PSK)
66 * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
67 * Weak ciphers
68 */
69static SSL_CIPHER ssl3_ciphers[] =
70{
0f113f3e
MC		 71 {
72 1,
73 SSL3_TXT_RSA_NULL_MD5,
74 SSL3_CK_RSA_NULL_MD5,
75 SSL_kRSA,
76 SSL_aRSA,
77 SSL_eNULL,
78 SSL_MD5,
3eb2aff4 79 SSL3_VERSION, TLS1_2_VERSION,
387cf213 80 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 81 SSL_STRONG_NONE,
0f113f3e
MC		 82 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
83 0,
84 0,
85 },
0f113f3e
MC		 86 {
87 1,
88 SSL3_TXT_RSA_NULL_SHA,
89 SSL3_CK_RSA_NULL_SHA,
90 SSL_kRSA,
91 SSL_aRSA,
92 SSL_eNULL,
93 SSL_SHA1,
3eb2aff4 94 SSL3_VERSION, TLS1_2_VERSION,
387cf213 95 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 96 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 97 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
98 0,
99 0,
100 },
0f113f3e
MC		 101 {
102 1,
103 SSL3_TXT_RSA_DES_192_CBC3_SHA,
104 SSL3_CK_RSA_DES_192_CBC3_SHA,
105 SSL_kRSA,
106 SSL_aRSA,
107 SSL_3DES,
108 SSL_SHA1,
3eb2aff4 109 SSL3_VERSION, TLS1_2_VERSION,
387cf213 110 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 111 SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 112 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
113 112,
114 168,
115 },
0f113f3e
MC		 116 {
117 1,
118 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
119 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
120 SSL_kDHE,
121 SSL_aDSS,
122 SSL_3DES,
123 SSL_SHA1,
3eb2aff4 124 SSL3_VERSION, TLS1_2_VERSION,
387cf213 125 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 126 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 127 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128 112,
129 168,
130 },
0f113f3e
MC		 131 {
132 1,
133 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
134 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
135 SSL_kDHE,
136 SSL_aRSA,
137 SSL_3DES,
138 SSL_SHA1,
3eb2aff4 139 SSL3_VERSION, TLS1_2_VERSION,
387cf213 140 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 141 SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 142 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
143 112,
144 168,
145 },
0f113f3e
MC		 146 {
147 1,
148 SSL3_TXT_ADH_DES_192_CBC_SHA,
149 SSL3_CK_ADH_DES_192_CBC_SHA,
150 SSL_kDHE,
151 SSL_aNULL,
152 SSL_3DES,
153 SSL_SHA1,
3eb2aff4 154 SSL3_VERSION, TLS1_2_VERSION,
387cf213 155 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 156 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 157 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
158 112,
159 168,
160 },
0f113f3e
MC		 161 {
162 1,
163 TLS1_TXT_RSA_WITH_AES_128_SHA,
164 TLS1_CK_RSA_WITH_AES_128_SHA,
165 SSL_kRSA,
166 SSL_aRSA,
167 SSL_AES128,
168 SSL_SHA1,
3eb2aff4 169 SSL3_VERSION, TLS1_2_VERSION,
387cf213 170 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 171 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 172 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
173 128,
174 128,
175 },
0f113f3e
MC		 176 {
177 1,
178 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
179 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
180 SSL_kDHE,
181 SSL_aDSS,
182 SSL_AES128,
183 SSL_SHA1,
3eb2aff4 184 SSL3_VERSION, TLS1_2_VERSION,
387cf213 185 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 186 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 187 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
188 128,
189 128,
190 },
0f113f3e
MC		 191 {
192 1,
193 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
194 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
195 SSL_kDHE,
196 SSL_aRSA,
197 SSL_AES128,
198 SSL_SHA1,
3eb2aff4 199 SSL3_VERSION, TLS1_2_VERSION,
387cf213 200 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 201 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 202 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
203 128,
204 128,
205 },
0f113f3e
MC		 206 {
207 1,
208 TLS1_TXT_ADH_WITH_AES_128_SHA,
209 TLS1_CK_ADH_WITH_AES_128_SHA,
210 SSL_kDHE,
211 SSL_aNULL,
212 SSL_AES128,
213 SSL_SHA1,
3eb2aff4 214 SSL3_VERSION, TLS1_2_VERSION,
387cf213 215 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 216 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
218 128,
219 128,
220 },
0f113f3e
MC		 221 {
222 1,
223 TLS1_TXT_RSA_WITH_AES_256_SHA,
224 TLS1_CK_RSA_WITH_AES_256_SHA,
225 SSL_kRSA,
226 SSL_aRSA,
227 SSL_AES256,
228 SSL_SHA1,
3eb2aff4 229 SSL3_VERSION, TLS1_2_VERSION,
387cf213 230 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 231 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 232 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
233 256,
234 256,
235 },
0f113f3e
MC		 236 {
237 1,
238 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
239 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
240 SSL_kDHE,
241 SSL_aDSS,
242 SSL_AES256,
243 SSL_SHA1,
3eb2aff4 244 SSL3_VERSION, TLS1_2_VERSION,
387cf213 245 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 246 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 247 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
248 256,
249 256,
250 },
0f113f3e
MC		 251 {
252 1,
253 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
254 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
255 SSL_kDHE,
256 SSL_aRSA,
257 SSL_AES256,
258 SSL_SHA1,
3eb2aff4 259 SSL3_VERSION, TLS1_2_VERSION,
387cf213 260 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 261 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 262 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
263 256,
264 256,
265 },
0f113f3e
MC		 266 {
267 1,
268 TLS1_TXT_ADH_WITH_AES_256_SHA,
269 TLS1_CK_ADH_WITH_AES_256_SHA,
270 SSL_kDHE,
271 SSL_aNULL,
272 SSL_AES256,
273 SSL_SHA1,
3eb2aff4 274 SSL3_VERSION, TLS1_2_VERSION,
387cf213 275 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 276 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 277 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
278 256,
279 256,
280 },
0f113f3e
MC		 281 {
282 1,
283 TLS1_TXT_RSA_WITH_NULL_SHA256,
284 TLS1_CK_RSA_WITH_NULL_SHA256,
285 SSL_kRSA,
286 SSL_aRSA,
287 SSL_eNULL,
288 SSL_SHA256,
3eb2aff4
KR		 289 TLS1_2_VERSION, TLS1_2_VERSION,
290 DTLS1_2_VERSION, DTLS1_2_VERSION,
1510b5f7 291 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 292 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293 0,
294 0,
295 },
0f113f3e
MC		 296 {
297 1,
298 TLS1_TXT_RSA_WITH_AES_128_SHA256,
299 TLS1_CK_RSA_WITH_AES_128_SHA256,
300 SSL_kRSA,
301 SSL_aRSA,
302 SSL_AES128,
303 SSL_SHA256,
3eb2aff4
KR		 304 TLS1_2_VERSION, TLS1_2_VERSION,
305 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 306 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 307 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
308 128,
309 128,
310 },
0f113f3e
MC		 311 {
312 1,
313 TLS1_TXT_RSA_WITH_AES_256_SHA256,
314 TLS1_CK_RSA_WITH_AES_256_SHA256,
315 SSL_kRSA,
316 SSL_aRSA,
317 SSL_AES256,
318 SSL_SHA256,
3eb2aff4
KR		 319 TLS1_2_VERSION, TLS1_2_VERSION,
320 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 321 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
323 256,
324 256,
325 },
0f113f3e
MC		 326 {
327 1,
328 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
329 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
330 SSL_kDHE,
331 SSL_aDSS,
332 SSL_AES128,
333 SSL_SHA256,
3eb2aff4
KR		 334 TLS1_2_VERSION, TLS1_2_VERSION,
335 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 336 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 337 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
338 128,
339 128,
340 },
0f113f3e
MC		 341 {
342 1,
343 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
344 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
345 SSL_kDHE,
346 SSL_aRSA,
347 SSL_AES128,
348 SSL_SHA256,
3eb2aff4
KR		 349 TLS1_2_VERSION, TLS1_2_VERSION,
350 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 351 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
353 128,
354 128,
355 },
0f113f3e
MC		 356 {
357 1,
358 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
359 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
360 SSL_kDHE,
361 SSL_aDSS,
362 SSL_AES256,
363 SSL_SHA256,
3eb2aff4
KR		 364 TLS1_2_VERSION, TLS1_2_VERSION,
365 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 366 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 367 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
368 256,
369 256,
370 },
0f113f3e
MC		 371 {
372 1,
373 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
374 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
375 SSL_kDHE,
376 SSL_aRSA,
377 SSL_AES256,
378 SSL_SHA256,
3eb2aff4
KR		 379 TLS1_2_VERSION, TLS1_2_VERSION,
380 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 381 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 382 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 256,
384 256,
385 },
0f113f3e
MC		 386 {
387 1,
388 TLS1_TXT_ADH_WITH_AES_128_SHA256,
389 TLS1_CK_ADH_WITH_AES_128_SHA256,
390 SSL_kDHE,
391 SSL_aNULL,
392 SSL_AES128,
393 SSL_SHA256,
3eb2aff4
KR		 394 TLS1_2_VERSION, TLS1_2_VERSION,
395 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 396 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 397 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
398 128,
399 128,
400 },
0f113f3e
MC		 401 {
402 1,
403 TLS1_TXT_ADH_WITH_AES_256_SHA256,
404 TLS1_CK_ADH_WITH_AES_256_SHA256,
405 SSL_kDHE,
406 SSL_aNULL,
407 SSL_AES256,
408 SSL_SHA256,
3eb2aff4
KR		 409 TLS1_2_VERSION, TLS1_2_VERSION,
410 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 411 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 412 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
413 256,
414 256,
415 },
0f113f3e
MC		 416 {
417 1,
748f2546
RS		 418 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
419 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
420 SSL_kRSA,
421 SSL_aRSA,
422 SSL_AES128GCM,
423 SSL_AEAD,
424 TLS1_2_VERSION, TLS1_2_VERSION,
425 DTLS1_2_VERSION, DTLS1_2_VERSION,
426 SSL_HIGH | SSL_FIPS,
427 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
428 128,
429 128,
430 },
0f113f3e
MC		 431 {
432 1,
748f2546
RS		 433 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
434 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
0f113f3e
MC		 435 SSL_kRSA,
436 SSL_aRSA,
748f2546
RS		 437 SSL_AES256GCM,
438 SSL_AEAD,
439 TLS1_2_VERSION, TLS1_2_VERSION,
440 DTLS1_2_VERSION, DTLS1_2_VERSION,
441 SSL_HIGH | SSL_FIPS,
442 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 443 256,
444 256,
445 },
0f113f3e
MC		 446 {
447 1,
748f2546
RS		 448 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
0f113f3e 450 SSL_kDHE,
748f2546
RS		 451 SSL_aRSA,
452 SSL_AES128GCM,
453 SSL_AEAD,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
456 SSL_HIGH | SSL_FIPS,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
458 128,
459 128,
0f113f3e 460 },
0f113f3e
MC		 461 {
462 1,
748f2546
RS		 463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
0f113f3e
MC		 465 SSL_kDHE,
466 SSL_aRSA,
748f2546
RS		 467 SSL_AES256GCM,
468 SSL_AEAD,
469 TLS1_2_VERSION, TLS1_2_VERSION,
470 DTLS1_2_VERSION, DTLS1_2_VERSION,
471 SSL_HIGH | SSL_FIPS,
472 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 473 256,
474 256,
475 },
0f113f3e
MC		 476 {
477 1,
748f2546
RS		 478 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
479 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
0f113f3e 480 SSL_kDHE,
748f2546
RS		 481 SSL_aDSS,
482 SSL_AES128GCM,
483 SSL_AEAD,
484 TLS1_2_VERSION, TLS1_2_VERSION,
485 DTLS1_2_VERSION, DTLS1_2_VERSION,
486 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
487 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 488 128,
489 128,
490 },
0f113f3e
MC		 491 {
492 1,
748f2546
RS		 493 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
494 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
495 SSL_kDHE,
496 SSL_aDSS,
497 SSL_AES256GCM,
498 SSL_AEAD,
499 TLS1_2_VERSION, TLS1_2_VERSION,
500 DTLS1_2_VERSION, DTLS1_2_VERSION,
501 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
502 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
503 256,
504 256,
0f113f3e 505 },
0f113f3e
MC		 506 {
507 1,
748f2546
RS		 508 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
509 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
510 SSL_kDHE,
511 SSL_aNULL,
512 SSL_AES128GCM,
513 SSL_AEAD,
514 TLS1_2_VERSION, TLS1_2_VERSION,
515 DTLS1_2_VERSION, DTLS1_2_VERSION,
516 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
517 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 518 128,
519 128,
520 },
0f113f3e
MC		 521 {
522 1,
748f2546
RS		 523 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
524 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
525 SSL_kDHE,
526 SSL_aNULL,
527 SSL_AES256GCM,
528 SSL_AEAD,
529 TLS1_2_VERSION, TLS1_2_VERSION,
530 DTLS1_2_VERSION, DTLS1_2_VERSION,
531 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
532 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 533 256,
534 256,
535 },
ea6114c6
DSH		 536 {
537 1,
748f2546
RS		 538 TLS1_TXT_RSA_WITH_AES_128_CCM,
539 TLS1_CK_RSA_WITH_AES_128_CCM,
540 SSL_kRSA,
541 SSL_aRSA,
542 SSL_AES128CCM,
543 SSL_AEAD,
544 TLS1_2_VERSION, TLS1_2_VERSION,
545 DTLS1_2_VERSION, DTLS1_2_VERSION,
546 SSL_NOT_DEFAULT | SSL_HIGH,
547 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 548 128,
549 128,
550 },
ea6114c6
DSH		 551 {
552 1,
748f2546
RS		 553 TLS1_TXT_RSA_WITH_AES_256_CCM,
554 TLS1_CK_RSA_WITH_AES_256_CCM,
555 SSL_kRSA,
556 SSL_aRSA,
557 SSL_AES256CCM,
558 SSL_AEAD,
559 TLS1_2_VERSION, TLS1_2_VERSION,
560 DTLS1_2_VERSION, DTLS1_2_VERSION,
561 SSL_NOT_DEFAULT | SSL_HIGH,
562 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
563 256,
564 256,
ea6114c6 565 },
ea6114c6
DSH		 566 {
567 1,
748f2546
RS		 568 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
569 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
570 SSL_kDHE,
571 SSL_aRSA,
572 SSL_AES128CCM,
573 SSL_AEAD,
574 TLS1_2_VERSION, TLS1_2_VERSION,
575 DTLS1_2_VERSION, DTLS1_2_VERSION,
576 SSL_NOT_DEFAULT | SSL_HIGH,
577 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 578 128,
579 128,
580 },
ea6114c6
DSH		 581 {
582 1,
748f2546
RS		 583 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
584 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
585 SSL_kDHE,
586 SSL_aRSA,
587 SSL_AES256CCM,
588 SSL_AEAD,
589 TLS1_2_VERSION, TLS1_2_VERSION,
590 DTLS1_2_VERSION, DTLS1_2_VERSION,
591 SSL_NOT_DEFAULT | SSL_HIGH,
592 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 593 256,
594 256,
595 },
ea6114c6
DSH		 596 {
597 1,
748f2546
RS		 598 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
599 TLS1_CK_RSA_WITH_AES_128_CCM_8,
600 SSL_kRSA,
ea6114c6 601 SSL_aRSA,
748f2546 602 SSL_AES128CCM8,
0f113f3e 603 SSL_AEAD,
3eb2aff4
KR		 604 TLS1_2_VERSION, TLS1_2_VERSION,
605 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 606 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 607 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
608 128,
609 128,
610 },
0f113f3e
MC		 611 {
612 1,
748f2546
RS		 613 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
614 TLS1_CK_RSA_WITH_AES_256_CCM_8,
0f113f3e
MC		 615 SSL_kRSA,
616 SSL_aRSA,
748f2546 617 SSL_AES256CCM8,
0f113f3e 618 SSL_AEAD,
3eb2aff4
KR		 619 TLS1_2_VERSION, TLS1_2_VERSION,
620 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 621 SSL_NOT_DEFAULT | SSL_HIGH,
622 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 623 256,
624 256,
625 },
0f113f3e
MC		 626 {
627 1,
748f2546
RS		 628 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
629 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
0f113f3e
MC		 630 SSL_kDHE,
631 SSL_aRSA,
748f2546 632 SSL_AES128CCM8,
0f113f3e 633 SSL_AEAD,
3eb2aff4
KR		 634 TLS1_2_VERSION, TLS1_2_VERSION,
635 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 636 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 637 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
638 128,
639 128,
640 },
0f113f3e
MC		 641 {
642 1,
748f2546
RS		 643 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
644 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
0f113f3e
MC		 645 SSL_kDHE,
646 SSL_aRSA,
748f2546 647 SSL_AES256CCM8,
0f113f3e 648 SSL_AEAD,
3eb2aff4
KR		 649 TLS1_2_VERSION, TLS1_2_VERSION,
650 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 651 SSL_NOT_DEFAULT | SSL_HIGH,
652 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 653 256,
654 256,
655 },
0f113f3e
MC		 656 {
657 1,
748f2546
RS		 658 TLS1_TXT_PSK_WITH_AES_128_CCM,
659 TLS1_CK_PSK_WITH_AES_128_CCM,
660 SSL_kPSK,
661 SSL_aPSK,
662 SSL_AES128CCM,
0f113f3e 663 SSL_AEAD,
3eb2aff4
KR		 664 TLS1_2_VERSION, TLS1_2_VERSION,
665 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 666 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 667 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
668 128,
669 128,
670 },
0f113f3e
MC		 671 {
672 1,
748f2546
RS		 673 TLS1_TXT_PSK_WITH_AES_256_CCM,
674 TLS1_CK_PSK_WITH_AES_256_CCM,
675 SSL_kPSK,
676 SSL_aPSK,
677 SSL_AES256CCM,
0f113f3e 678 SSL_AEAD,
3eb2aff4
KR		 679 TLS1_2_VERSION, TLS1_2_VERSION,
680 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 681 SSL_NOT_DEFAULT | SSL_HIGH,
682 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 683 256,
684 256,
685 },
0f113f3e
MC		 686 {
687 1,
748f2546
RS		 688 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
689 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
690 SSL_kDHEPSK,
691 SSL_aPSK,
692 SSL_AES128CCM,
0f113f3e 693 SSL_AEAD,
3eb2aff4
KR		 694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 696 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
698 128,
699 128,
700 },
0f113f3e
MC		 701 {
702 1,
748f2546
RS		 703 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
704 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
705 SSL_kDHEPSK,
706 SSL_aPSK,
707 SSL_AES256CCM,
0f113f3e 708 SSL_AEAD,
3eb2aff4
KR		 709 TLS1_2_VERSION, TLS1_2_VERSION,
710 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 711 SSL_NOT_DEFAULT | SSL_HIGH,
712 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 713 256,
714 256,
715 },
547dba74
DSH		 716 {
717 1,
748f2546
RS		 718 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
719 TLS1_CK_PSK_WITH_AES_128_CCM_8,
547dba74
DSH		 720 SSL_kPSK,
721 SSL_aPSK,
748f2546 722 SSL_AES128CCM8,
547dba74 723 SSL_AEAD,
3eb2aff4
KR		 724 TLS1_2_VERSION, TLS1_2_VERSION,
725 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 726 SSL_NOT_DEFAULT | SSL_HIGH,
547dba74
DSH		 727 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
728 128,
729 128,
730 },
547dba74
DSH		 731 {
732 1,
748f2546
RS		 733 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
734 TLS1_CK_PSK_WITH_AES_256_CCM_8,
547dba74
DSH		 735 SSL_kPSK,
736 SSL_aPSK,
748f2546 737 SSL_AES256CCM8,
547dba74 738 SSL_AEAD,
3eb2aff4
KR		 739 TLS1_2_VERSION, TLS1_2_VERSION,
740 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 741 SSL_NOT_DEFAULT | SSL_HIGH,
742 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
547dba74
DSH		 743 256,
744 256,
745 },
ea6114c6
DSH		 746 {
747 1,
748f2546
RS		 748 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
749 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
ea6114c6
DSH		 750 SSL_kDHEPSK,
751 SSL_aPSK,
748f2546 752 SSL_AES128CCM8,
ea6114c6 753 SSL_AEAD,
3eb2aff4
KR		 754 TLS1_2_VERSION, TLS1_2_VERSION,
755 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 756 SSL_NOT_DEFAULT | SSL_HIGH,
ea6114c6
DSH		 757 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
758 128,
759 128,
760 },
ea6114c6
DSH		 761 {
762 1,
748f2546
RS		 763 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
764 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
765 SSL_kDHEPSK,
ea6114c6 766 SSL_aPSK,
748f2546 767 SSL_AES256CCM8,
ea6114c6 768 SSL_AEAD,
3eb2aff4
KR		 769 TLS1_2_VERSION, TLS1_2_VERSION,
770 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 771 SSL_NOT_DEFAULT | SSL_HIGH,
772 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 773 256,
774 256,
775 },
ea6114c6
DSH		 776 {
777 1,
748f2546
RS		 778 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
779 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
780 SSL_kECDHE,
781 SSL_aECDSA,
782 SSL_AES128CCM,
ea6114c6 783 SSL_AEAD,
3eb2aff4
KR		 784 TLS1_2_VERSION, TLS1_2_VERSION,
785 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 786 SSL_NOT_DEFAULT | SSL_HIGH,
ea6114c6
DSH		 787 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
788 128,
789 128,
790 },
ea6114c6
DSH		 791 {
792 1,
748f2546
RS		 793 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
794 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
795 SSL_kECDHE,
796 SSL_aECDSA,
797 SSL_AES256CCM,
ea6114c6 798 SSL_AEAD,
3eb2aff4
KR		 799 TLS1_2_VERSION, TLS1_2_VERSION,
800 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 801 SSL_NOT_DEFAULT | SSL_HIGH,
802 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 803 256,
804 256,
805 },
ea6114c6
DSH		 806 {
807 1,
748f2546
RS		 808 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
809 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
810 SSL_kECDHE,
811 SSL_aECDSA,
812 SSL_AES128CCM8,
813 SSL_AEAD,
814 TLS1_2_VERSION, TLS1_2_VERSION,
815 DTLS1_2_VERSION, DTLS1_2_VERSION,
816 SSL_NOT_DEFAULT | SSL_HIGH,
817 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 818 128,
819 128,
820 },
ea6114c6
DSH		 821 {
822 1,
748f2546
RS		 823 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
824 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
825 SSL_kECDHE,
826 SSL_aECDSA,
827 SSL_AES256CCM8,
828 SSL_AEAD,
829 TLS1_2_VERSION, TLS1_2_VERSION,
830 DTLS1_2_VERSION, DTLS1_2_VERSION,
831 SSL_NOT_DEFAULT | SSL_HIGH,
832 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 833 256,
834 256,
835 },
836
748f2546 837#ifndef OPENSSL_NO_EC
ea6114c6
DSH		 838 {
839 1,
748f2546
RS		 840 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
841 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
842 SSL_kECDHE,
843 SSL_aECDSA,
ea6114c6 844 SSL_eNULL,
748f2546
RS		 845 SSL_SHA1,
846 SSL3_VERSION, TLS1_2_VERSION,
387cf213 847 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 848 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
850 0,
851 0,
852 },
ea6114c6
DSH		 853 {
854 1,
748f2546
RS		 855 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
856 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
857 SSL_kECDHE,
858 SSL_aECDSA,
859 SSL_3DES,
860 SSL_SHA1,
861 SSL3_VERSION, TLS1_2_VERSION,
387cf213 862 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 863 SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 864 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
865 112,
866 168,
ea6114c6 867 },
ea6114c6
DSH		 868 {
869 1,
748f2546
RS		 870 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
871 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
872 SSL_kECDHE,
873 SSL_aECDSA,
ea6114c6 874 SSL_AES128,
748f2546
RS		 875 SSL_SHA1,
876 SSL3_VERSION, TLS1_2_VERSION,
387cf213 877 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 878 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 879 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
880 128,
881 128,
882 },
ea6114c6
DSH		 883 {
884 1,
748f2546
RS		 885 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
886 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
887 SSL_kECDHE,
888 SSL_aECDSA,
ea6114c6 889 SSL_AES256,
748f2546
RS		 890 SSL_SHA1,
891 SSL3_VERSION, TLS1_2_VERSION,
387cf213 892 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 893 SSL_HIGH | SSL_FIPS,
748f2546 894 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
ea6114c6
DSH		 895 256,
896 256,
897 },
ea6114c6
DSH		 898 {
899 1,
748f2546
RS		 900 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
901 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
902 SSL_kECDHE,
903 SSL_aRSA,
ea6114c6 904 SSL_eNULL,
748f2546
RS		 905 SSL_SHA1,
906 SSL3_VERSION, TLS1_2_VERSION,
387cf213 907 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 908 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 909 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
910 0,
911 0,
912 },
ea6114c6
DSH		 913 {
914 1,
748f2546
RS		 915 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
916 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
917 SSL_kECDHE,
918 SSL_aRSA,
919 SSL_3DES,
920 SSL_SHA1,
921 SSL3_VERSION, TLS1_2_VERSION,
387cf213 922 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 923 SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
925 112,
926 168,
ea6114c6 927 },
ea6114c6
DSH		 928 {
929 1,
748f2546
RS		 930 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
931 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
932 SSL_kECDHE,
ea6114c6
DSH		 933 SSL_aRSA,
934 SSL_AES128,
748f2546
RS		 935 SSL_SHA1,
936 SSL3_VERSION, TLS1_2_VERSION,
387cf213 937 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 938 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 939 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
940 128,
941 128,
942 },
ea6114c6
DSH		 943 {
944 1,
748f2546
RS		 945 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
946 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
947 SSL_kECDHE,
ea6114c6
DSH		 948 SSL_aRSA,
949 SSL_AES256,
748f2546
RS		 950 SSL_SHA1,
951 SSL3_VERSION, TLS1_2_VERSION,
387cf213 952 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 953 SSL_HIGH | SSL_FIPS,
748f2546 954 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
ea6114c6
DSH		 955 256,
956 256,
957 },
ea6114c6
DSH		 958 {
959 1,
748f2546
RS		 960 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
961 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
962 SSL_kECDHE,
963 SSL_aNULL,
ea6114c6 964 SSL_eNULL,
748f2546
RS		 965 SSL_SHA1,
966 SSL3_VERSION, TLS1_2_VERSION,
387cf213 967 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 968 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 969 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
970 0,
971 0,
972 },
ea6114c6
DSH		 973 {
974 1,
748f2546
RS		 975 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
976 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
977 SSL_kECDHE,
978 SSL_aNULL,
979 SSL_3DES,
980 SSL_SHA1,
981 SSL3_VERSION, TLS1_2_VERSION,
387cf213 982 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 983 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 984 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
985 112,
986 168,
ea6114c6 987 },
0f113f3e
MC		 988 {
989 1,
748f2546
RS		 990 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
991 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
992 SSL_kECDHE,
993 SSL_aNULL,
994 SSL_AES128,
995 SSL_SHA1,
996 SSL3_VERSION, TLS1_2_VERSION,
387cf213 997 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 998 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
999 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1000 128,
1001 128,
1002 },
0f113f3e
MC		 1003 {
1004 1,
748f2546
RS		 1005 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1006 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1007 SSL_kECDHE,
1008 SSL_aNULL,
1009 SSL_AES256,
1010 SSL_SHA1,
1011 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1012 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1013 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1014 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1015 256,
1016 256,
1017 },
1018 {
1019 1,
1020 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1021 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1022 SSL_kECDHE,
1023 SSL_aECDSA,
1024 SSL_AES128,
0f113f3e 1025 SSL_SHA256,
3eb2aff4
KR		 1026 TLS1_2_VERSION, TLS1_2_VERSION,
1027 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1028 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1029 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1030 128,
1031 128,
1032 },
0f113f3e
MC		 1033 {
1034 1,
748f2546
RS		 1035 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1036 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1037 SSL_kECDHE,
1038 SSL_aECDSA,
1039 SSL_AES256,
1040 SSL_SHA384,
3eb2aff4
KR		 1041 TLS1_2_VERSION, TLS1_2_VERSION,
1042 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1043 SSL_HIGH | SSL_FIPS,
1044 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1045 256,
1046 256,
0f113f3e 1047 },
0f113f3e
MC		 1048 {
1049 1,
748f2546
RS		 1050 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1051 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1052 SSL_kECDHE,
1053 SSL_aRSA,
1054 SSL_AES128,
0f113f3e 1055 SSL_SHA256,
3eb2aff4
KR		 1056 TLS1_2_VERSION, TLS1_2_VERSION,
1057 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1058 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1059 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1060 128,
1061 128,
1062 },
0f113f3e
MC		 1063 {
1064 1,
748f2546
RS		 1065 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1066 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1067 SSL_kECDHE,
0f113f3e 1068 SSL_aRSA,
748f2546
RS		 1069 SSL_AES256,
1070 SSL_SHA384,
3eb2aff4
KR		 1071 TLS1_2_VERSION, TLS1_2_VERSION,
1072 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1073 SSL_HIGH | SSL_FIPS,
1074 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1075 256,
1076 256,
1077 },
0f113f3e
MC		 1078 {
1079 1,
748f2546
RS		 1080 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1081 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1082 SSL_kECDHE,
1083 SSL_aECDSA,
1084 SSL_AES128GCM,
1085 SSL_AEAD,
3eb2aff4
KR		 1086 TLS1_2_VERSION, TLS1_2_VERSION,
1087 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1088 SSL_HIGH | SSL_FIPS,
0f113f3e 1089 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
748f2546
RS		 1090 128,
1091 128,
1092 },
1093 {
1094 1,
1095 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1096 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1097 SSL_kECDHE,
1098 SSL_aECDSA,
1099 SSL_AES256GCM,
1100 SSL_AEAD,
1101 TLS1_2_VERSION, TLS1_2_VERSION,
1102 DTLS1_2_VERSION, DTLS1_2_VERSION,
1103 SSL_HIGH | SSL_FIPS,
1104 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1105 256,
1106 256,
1107 },
0f113f3e
MC		 1108 {
1109 1,
748f2546
RS		 1110 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1111 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1112 SSL_kECDHE,
0f113f3e 1113 SSL_aRSA,
748f2546
RS		 1114 SSL_AES128GCM,
1115 SSL_AEAD,
3eb2aff4
KR		 1116 TLS1_2_VERSION, TLS1_2_VERSION,
1117 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1118 SSL_HIGH | SSL_FIPS,
0f113f3e 1119 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
748f2546
RS		 1120 128,
1121 128,
0f113f3e 1122 },
0f113f3e
MC		 1123 {
1124 1,
748f2546
RS		 1125 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1126 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1127 SSL_kECDHE,
1128 SSL_aRSA,
1129 SSL_AES256GCM,
1130 SSL_AEAD,
3eb2aff4
KR		 1131 TLS1_2_VERSION, TLS1_2_VERSION,
1132 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1133 SSL_HIGH | SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1135 256,
1136 256,
1137 },
748f2546 1138#endif /* OPENSSL_NO_EC */
0f113f3e 1139
748f2546 1140#ifndef OPENSSL_NO_PSK
0f113f3e
MC		 1141 {
1142 1,
748f2546
RS		 1143 TLS1_TXT_PSK_WITH_NULL_SHA,
1144 TLS1_CK_PSK_WITH_NULL_SHA,
1145 SSL_kPSK,
1146 SSL_aPSK,
0f113f3e
MC		 1147 SSL_eNULL,
1148 SSL_SHA1,
3eb2aff4 1149 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1150 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1151 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 1152 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1153 0,
1154 0,
1155 },
0f113f3e
MC		 1156 {
1157 1,
748f2546
RS		 1158 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1159 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1160 SSL_kDHEPSK,
1161 SSL_aPSK,
1162 SSL_eNULL,
0f113f3e 1163 SSL_SHA1,
3eb2aff4 1164 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1165 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1166 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1167 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1168 0,
1169 0,
0f113f3e 1170 },
0f113f3e
MC		 1171 {
1172 1,
748f2546
RS		 1173 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1174 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1175 SSL_kRSAPSK,
1176 SSL_aRSA,
1177 SSL_eNULL,
1178 SSL_SHA1,
1179 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1180 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1181 SSL_STRONG_NONE | SSL_FIPS,
1182 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1183 0,
1184 0,
1185 },
1186 {
1187 1,
1188 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1189 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1190 SSL_kPSK,
1191 SSL_aPSK,
0f113f3e
MC		 1192 SSL_3DES,
1193 SSL_SHA1,
3eb2aff4 1194 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1195 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1196 SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 1197 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1198 112,
1199 168,
1200 },
0f113f3e
MC		 1201 {
1202 1,
748f2546
RS		 1203 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1204 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1205 SSL_kPSK,
1206 SSL_aPSK,
0f113f3e
MC		 1207 SSL_AES128,
1208 SSL_SHA1,
3eb2aff4 1209 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1210 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1211 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1212 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1213 128,
1214 128,
1215 },
0f113f3e
MC		 1216 {
1217 1,
748f2546
RS		 1218 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1219 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1220 SSL_kPSK,
1221 SSL_aPSK,
0f113f3e
MC		 1222 SSL_AES256,
1223 SSL_SHA1,
3eb2aff4 1224 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1225 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1226 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1227 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1228 256,
1229 256,
1230 },
0f113f3e
MC		 1231 {
1232 1,
748f2546
RS		 1233 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1234 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1235 SSL_kDHEPSK,
1236 SSL_aPSK,
1237 SSL_3DES,
0f113f3e 1238 SSL_SHA1,
3eb2aff4 1239 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1240 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1241 SSL_MEDIUM | SSL_FIPS,
0f113f3e 1242 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1243 112,
1244 168,
0f113f3e 1245 },
0f113f3e
MC		 1246 {
1247 1,
748f2546
RS		 1248 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1249 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1250 SSL_kDHEPSK,
1251 SSL_aPSK,
1252 SSL_AES128,
1253 SSL_SHA1,
1254 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1255 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1256 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1258 128,
1259 128,
1260 },
0f113f3e
MC		 1261 {
1262 1,
748f2546
RS		 1263 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1264 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1265 SSL_kDHEPSK,
1266 SSL_aPSK,
1267 SSL_AES256,
1268 SSL_SHA1,
1269 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1270 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1271 SSL_HIGH | SSL_FIPS,
1272 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1273 256,
1274 256,
1275 },
1276 {
1277 1,
1278 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1279 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1280 SSL_kRSAPSK,
0f113f3e
MC		 1281 SSL_aRSA,
1282 SSL_3DES,
1283 SSL_SHA1,
3eb2aff4 1284 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1285 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1286 SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 1287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1288 112,
1289 168,
1290 },
0f113f3e
MC		 1291 {
1292 1,
748f2546
RS		 1293 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1294 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1295 SSL_kRSAPSK,
0f113f3e
MC		 1296 SSL_aRSA,
1297 SSL_AES128,
1298 SSL_SHA1,
3eb2aff4 1299 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1300 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1301 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1303 128,
1304 128,
1305 },
0f113f3e
MC		 1306 {
1307 1,
748f2546
RS		 1308 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1309 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1310 SSL_kRSAPSK,
0f113f3e
MC		 1311 SSL_aRSA,
1312 SSL_AES256,
1313 SSL_SHA1,
3eb2aff4 1314 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1315 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1316 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1317 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1318 256,
1319 256,
1320 },
0f113f3e
MC		 1321 {
1322 1,
748f2546
RS		 1323 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1324 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1325 SSL_kPSK,
1326 SSL_aPSK,
1327 SSL_AES128GCM,
1328 SSL_AEAD,
1329 TLS1_2_VERSION, TLS1_2_VERSION,
1330 DTLS1_2_VERSION, DTLS1_2_VERSION,
1331 SSL_HIGH | SSL_FIPS,
1332 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 1333 128,
1334 128,
1335 },
0f113f3e
MC		 1336 {
1337 1,
748f2546
RS		 1338 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1339 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1340 SSL_kPSK,
1341 SSL_aPSK,
1342 SSL_AES256GCM,
1343 SSL_AEAD,
1344 TLS1_2_VERSION, TLS1_2_VERSION,
1345 DTLS1_2_VERSION, DTLS1_2_VERSION,
1346 SSL_HIGH | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1348 256,
1349 256,
0f113f3e 1350 },
0f113f3e
MC		 1351 {
1352 1,
748f2546
RS		 1353 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1354 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1355 SSL_kDHEPSK,
1356 SSL_aPSK,
1357 SSL_AES128GCM,
1358 SSL_AEAD,
1359 TLS1_2_VERSION, TLS1_2_VERSION,
1360 DTLS1_2_VERSION, DTLS1_2_VERSION,
1361 SSL_HIGH | SSL_FIPS,
1362 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 1363 128,
1364 128,
1365 },
0f113f3e
MC		 1366 {
1367 1,
748f2546
RS		 1368 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1369 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1370 SSL_kDHEPSK,
1371 SSL_aPSK,
1372 SSL_AES256GCM,
1373 SSL_AEAD,
1374 TLS1_2_VERSION, TLS1_2_VERSION,
1375 DTLS1_2_VERSION, DTLS1_2_VERSION,
1376 SSL_HIGH | SSL_FIPS,
1377 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1378 256,
1379 256,
1380 },
0f113f3e
MC		 1381 {
1382 1,
748f2546
RS		 1383 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1384 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1385 SSL_kRSAPSK,
0f113f3e 1386 SSL_aRSA,
748f2546
RS		 1387 SSL_AES128GCM,
1388 SSL_AEAD,
1389 TLS1_2_VERSION, TLS1_2_VERSION,
1390 DTLS1_2_VERSION, DTLS1_2_VERSION,
1391 SSL_HIGH | SSL_FIPS,
1392 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1393 128,
1394 128,
0f113f3e 1395 },
0f113f3e
MC		 1396 {
1397 1,
748f2546
RS		 1398 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1399 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1400 SSL_kRSAPSK,
1401 SSL_aRSA,
1402 SSL_AES256GCM,
1403 SSL_AEAD,
1404 TLS1_2_VERSION, TLS1_2_VERSION,
1405 DTLS1_2_VERSION, DTLS1_2_VERSION,
1406 SSL_HIGH | SSL_FIPS,
1407 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1408 256,
1409 256,
0f113f3e 1410 },
0f113f3e
MC		 1411 {
1412 1,
748f2546
RS		 1413 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1414 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1415 SSL_kPSK,
1416 SSL_aPSK,
0f113f3e 1417 SSL_AES128,
748f2546
RS		 1418 SSL_SHA256,
1419 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1420 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1421 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1423 128,
1424 128,
1425 },
0f113f3e
MC		 1426 {
1427 1,
748f2546
RS		 1428 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1429 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1430 SSL_kPSK,
1431 SSL_aPSK,
1432 SSL_AES256,
1433 SSL_SHA384,
1434 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1435 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1436 SSL_HIGH | SSL_FIPS,
1437 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1438 256,
1439 256,
0f113f3e 1440 },
0f113f3e
MC		 1441 {
1442 1,
748f2546
RS		 1443 TLS1_TXT_PSK_WITH_NULL_SHA256,
1444 TLS1_CK_PSK_WITH_NULL_SHA256,
1445 SSL_kPSK,
1446 SSL_aPSK,
1447 SSL_eNULL,
1448 SSL_SHA256,
1449 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1450 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1451 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1453 0,
1454 0,
0f113f3e 1455 },
0f113f3e
MC		 1456 {
1457 1,
748f2546
RS		 1458 TLS1_TXT_PSK_WITH_NULL_SHA384,
1459 TLS1_CK_PSK_WITH_NULL_SHA384,
1460 SSL_kPSK,
1461 SSL_aPSK,
1462 SSL_eNULL,
1463 SSL_SHA384,
1464 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1465 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1466 SSL_STRONG_NONE | SSL_FIPS,
1467 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1468 0,
1469 0,
0f113f3e 1470 },
0f113f3e
MC		 1471 {
1472 1,
748f2546
RS		 1473 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1474 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1475 SSL_kDHEPSK,
1476 SSL_aPSK,
1477 SSL_AES128,
1478 SSL_SHA256,
1479 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1480 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1481 SSL_HIGH | SSL_FIPS,
0f113f3e 1482 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1483 128,
1484 128,
0f113f3e 1485 },
0f113f3e
MC		 1486 {
1487 1,
748f2546
RS		 1488 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1489 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1490 SSL_kDHEPSK,
1491 SSL_aPSK,
0f113f3e 1492 SSL_AES256,
748f2546
RS		 1493 SSL_SHA384,
1494 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1495 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1496 SSL_HIGH | SSL_FIPS,
1497 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1498 256,
1499 256,
1500 },
0f113f3e
MC		 1501 {
1502 1,
748f2546
RS		 1503 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1504 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1505 SSL_kDHEPSK,
1506 SSL_aPSK,
1507 SSL_eNULL,
0f113f3e 1508 SSL_SHA256,
748f2546 1509 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1510 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1511 SSL_STRONG_NONE | SSL_FIPS,
1512 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1513 0,
1514 0,
0f113f3e 1515 },
0f113f3e
MC		 1516 {
1517 1,
748f2546
RS		 1518 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1519 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1520 SSL_kDHEPSK,
1521 SSL_aPSK,
1522 SSL_eNULL,
0f113f3e 1523 SSL_SHA384,
748f2546 1524 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1525 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1526 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
748f2546
RS		 1528 0,
1529 0,
0f113f3e 1530 },
0f113f3e
MC		 1531 {
1532 1,
748f2546
RS		 1533 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1534 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1535 SSL_kRSAPSK,
0f113f3e
MC		 1536 SSL_aRSA,
1537 SSL_AES128,
1538 SSL_SHA256,
748f2546 1539 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1540 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1541 SSL_HIGH | SSL_FIPS,
748f2546 1542 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0f113f3e
MC		 1543 128,
1544 128,
1545 },
0f113f3e
MC		 1546 {
1547 1,
748f2546
RS		 1548 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1549 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1550 SSL_kRSAPSK,
0f113f3e
MC		 1551 SSL_aRSA,
1552 SSL_AES256,
1553 SSL_SHA384,
748f2546 1554 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1555 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1556 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1557 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1558 256,
1559 256,
1560 },
0f113f3e
MC		 1561 {
1562 1,
748f2546
RS		 1563 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1564 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1565 SSL_kRSAPSK,
0f113f3e 1566 SSL_aRSA,
748f2546
RS		 1567 SSL_eNULL,
1568 SSL_SHA256,
1569 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1570 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1571 SSL_STRONG_NONE | SSL_FIPS,
1572 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1573 0,
1574 0,
0f113f3e 1575 },
0f113f3e
MC		 1576 {
1577 1,
748f2546
RS		 1578 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1579 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1580 SSL_kRSAPSK,
0f113f3e 1581 SSL_aRSA,
748f2546
RS		 1582 SSL_eNULL,
1583 SSL_SHA384,
1584 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1585 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1586 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1587 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
748f2546
RS		 1588 0,
1589 0,
ea6114c6 1590 },
748f2546 1591# ifndef OPENSSL_NO_EC
ea6114c6
DSH		 1592 {
1593 1,
1594 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1595 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1596 SSL_kECDHEPSK,
1597 SSL_aPSK,
1598 SSL_3DES,
1599 SSL_SHA1,
3eb2aff4 1600 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1601 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1602 SSL_MEDIUM | SSL_FIPS,
ea6114c6
DSH		 1603 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1604 112,
1605 168,
1606 },
ea6114c6
DSH		 1607 {
1608 1,
1609 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1610 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1611 SSL_kECDHEPSK,
1612 SSL_aPSK,
1613 SSL_AES128,
1614 SSL_SHA1,
3eb2aff4 1615 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1616 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1617 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1618 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1619 128,
1620 128,
1621 },
ea6114c6
DSH		 1622 {
1623 1,
1624 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1625 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1626 SSL_kECDHEPSK,
1627 SSL_aPSK,
1628 SSL_AES256,
1629 SSL_SHA1,
3eb2aff4 1630 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1631 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1632 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1633 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1634 256,
1635 256,
1636 },
ea6114c6
DSH		 1637 {
1638 1,
1639 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1640 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1641 SSL_kECDHEPSK,
1642 SSL_aPSK,
1643 SSL_AES128,
1644 SSL_SHA256,
3eb2aff4 1645 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1646 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1647 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1648 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1649 128,
1650 128,
1651 },
ea6114c6
DSH		 1652 {
1653 1,
1654 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1655 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1656 SSL_kECDHEPSK,
1657 SSL_aPSK,
1658 SSL_AES256,
1659 SSL_SHA384,
3eb2aff4 1660 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1661 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1662 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1663 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1664 256,
1665 256,
1666 },
ea6114c6
DSH		 1667 {
1668 1,
1669 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1670 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1671 SSL_kECDHEPSK,
1672 SSL_aPSK,
1673 SSL_eNULL,
1674 SSL_SHA1,
3eb2aff4 1675 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1676 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1677 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1678 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1679 0,
1680 0,
1681 },
ea6114c6
DSH		 1682 {
1683 1,
1684 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1685 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1686 SSL_kECDHEPSK,
1687 SSL_aPSK,
1688 SSL_eNULL,
1689 SSL_SHA256,
3eb2aff4 1690 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1691 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1692 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1693 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1694 0,
1695 0,
1696 },
ea6114c6
DSH		 1697 {
1698 1,
1699 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1700 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1701 SSL_kECDHEPSK,
1702 SSL_aPSK,
1703 SSL_eNULL,
1704 SSL_SHA384,
3eb2aff4 1705 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1706 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1707 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1708 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1709 0,
1710 0,
1711 },
748f2546
RS		 1712# endif /* OPENSSL_NO_EC */
1713#endif /* OPENSSL_NO_PSK */
ea6114c6 1714
748f2546
RS		 1715#ifndef OPENSSL_NO_SRP
1716 {
1717 1,
1718 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1719 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1720 SSL_kSRP,
1721 SSL_aSRP,
1722 SSL_3DES,
1723 SSL_SHA1,
1724 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1725 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1726 SSL_MEDIUM,
748f2546
RS		 1727 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1728 112,
1729 168,
1730 },
1731 {
1732 1,
1733 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1734 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1735 SSL_kSRP,
1736 SSL_aRSA,
1737 SSL_3DES,
1738 SSL_SHA1,
1739 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1740 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1741 SSL_MEDIUM,
748f2546
RS		 1742 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1743 112,
1744 168,
1745 },
1746 {
1747 1,
1748 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1749 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1750 SSL_kSRP,
1751 SSL_aDSS,
1752 SSL_3DES,
1753 SSL_SHA1,
1754 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1755 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1756 SSL_NOT_DEFAULT | SSL_MEDIUM,
748f2546
RS		 1757 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1758 112,
1759 168,
1760 },
1761 {
1762 1,
1763 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1764 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1765 SSL_kSRP,
1766 SSL_aSRP,
1767 SSL_AES128,
1768 SSL_SHA1,
1769 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1770 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1771 SSL_HIGH,
1772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1773 128,
1774 128,
1775 },
1776 {
1777 1,
1778 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1779 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1780 SSL_kSRP,
1781 SSL_aRSA,
1782 SSL_AES128,
1783 SSL_SHA1,
1784 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1785 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1786 SSL_HIGH,
1787 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1788 128,
1789 128,
1790 },
1791 {
1792 1,
1793 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1794 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1795 SSL_kSRP,
1796 SSL_aDSS,
1797 SSL_AES128,
1798 SSL_SHA1,
1799 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1800 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1801 SSL_NOT_DEFAULT | SSL_HIGH,
1802 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1803 128,
1804 128,
1805 },
1806 {
1807 1,
1808 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1809 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1810 SSL_kSRP,
1811 SSL_aSRP,
1812 SSL_AES256,
1813 SSL_SHA1,
1814 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1815 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1816 SSL_HIGH,
1817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1818 256,
1819 256,
1820 },
1821 {
1822 1,
1823 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1824 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1825 SSL_kSRP,
1826 SSL_aRSA,
1827 SSL_AES256,
1828 SSL_SHA1,
1829 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1830 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1831 SSL_HIGH,
1832 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1833 256,
1834 256,
1835 },
1836 {
1837 1,
1838 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1839 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1840 SSL_kSRP,
1841 SSL_aDSS,
1842 SSL_AES256,
1843 SSL_SHA1,
1844 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1845 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1846 SSL_NOT_DEFAULT | SSL_HIGH,
1847 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1848 256,
1849 256,
1850 },
1851#endif /* OPENSSL_NO_SRP */
1852
1853#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1854# ifndef OPENSSL_NO_RSA
1855 {
1856 1,
1857 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1858 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1859 SSL_kDHE,
1860 SSL_aRSA,
1861 SSL_CHACHA20POLY1305,
1862 SSL_AEAD,
1863 TLS1_2_VERSION, TLS1_2_VERSION,
1864 DTLS1_2_VERSION, DTLS1_2_VERSION,
1865 SSL_HIGH,
1866 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1867 256,
1868 256,
1869 },
1870# endif /* OPENSSL_NO_RSA */
1871
1872# ifndef OPENSSL_NO_EC
1873 {
1874 1,
1875 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1876 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1877 SSL_kECDHE,
1878 SSL_aRSA,
1879 SSL_CHACHA20POLY1305,
1880 SSL_AEAD,
1881 TLS1_2_VERSION, TLS1_2_VERSION,
1882 DTLS1_2_VERSION, DTLS1_2_VERSION,
1883 SSL_HIGH,
1884 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1885 256,
1886 256,
1887 },
1888 {
1889 1,
1890 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1891 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1892 SSL_kECDHE,
1893 SSL_aECDSA,
1894 SSL_CHACHA20POLY1305,
1895 SSL_AEAD,
1896 TLS1_2_VERSION, TLS1_2_VERSION,
1897 DTLS1_2_VERSION, DTLS1_2_VERSION,
1898 SSL_HIGH,
1899 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1900 256,
1901 256,
1902 },
1903# endif /* OPENSSL_NO_EC */
1904
1905# ifndef OPENSSL_NO_PSK
1906 {
1907 1,
1908 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
1909 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
1910 SSL_kPSK,
1911 SSL_aPSK,
1912 SSL_CHACHA20POLY1305,
1913 SSL_AEAD,
1914 TLS1_2_VERSION, TLS1_2_VERSION,
1915 DTLS1_2_VERSION, DTLS1_2_VERSION,
1916 SSL_HIGH,
1917 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1918 256,
1919 256,
1920 },
1921 {
1922 1,
1923 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1924 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1925 SSL_kECDHEPSK,
1926 SSL_aPSK,
1927 SSL_CHACHA20POLY1305,
1928 SSL_AEAD,
1929 TLS1_2_VERSION, TLS1_2_VERSION,
1930 DTLS1_2_VERSION, DTLS1_2_VERSION,
1931 SSL_HIGH,
1932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1933 256,
1934 256,
1935 },
1936 {
1937 1,
1938 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
1939 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
1940 SSL_kDHEPSK,
1941 SSL_aPSK,
1942 SSL_CHACHA20POLY1305,
1943 SSL_AEAD,
1944 TLS1_2_VERSION, TLS1_2_VERSION,
1945 DTLS1_2_VERSION, DTLS1_2_VERSION,
1946 SSL_HIGH,
1947 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1948 256,
1949 256,
1950 },
1951 {
1952 1,
1953 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
1954 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
1955 SSL_kRSAPSK,
1956 SSL_aRSA,
1957 SSL_CHACHA20POLY1305,
1958 SSL_AEAD,
1959 TLS1_2_VERSION, TLS1_2_VERSION,
1960 DTLS1_2_VERSION, DTLS1_2_VERSION,
1961 SSL_HIGH,
1962 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1963 256,
1964 256,
1965 },
1966# endif /* OPENSSL_NO_PSK */
1967#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1968
1969#ifndef OPENSSL_NO_CAMELLIA
1970 {
1971 1,
1972 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1973 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1974 SSL_kRSA,
1975 SSL_aRSA,
1976 SSL_CAMELLIA128,
1977 SSL_SHA256,
1978 TLS1_2_VERSION, TLS1_2_VERSION,
1979 DTLS1_2_VERSION, DTLS1_2_VERSION,
1980 SSL_NOT_DEFAULT | SSL_HIGH,
1981 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1982 128,
1983 128,
1984 },
1985 {
1986 1,
1987 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1988 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1989 SSL_kEDH,
1990 SSL_aDSS,
1991 SSL_CAMELLIA128,
1992 SSL_SHA256,
1993 TLS1_2_VERSION, TLS1_2_VERSION,
1994 DTLS1_2_VERSION, DTLS1_2_VERSION,
1995 SSL_NOT_DEFAULT | SSL_HIGH,
1996 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1997 128,
1998 128,
1999 },
2000 {
2001 1,
2002 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2003 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2004 SSL_kEDH,
2005 SSL_aRSA,
2006 SSL_CAMELLIA128,
2007 SSL_SHA256,
2008 TLS1_2_VERSION, TLS1_2_VERSION,
2009 DTLS1_2_VERSION, DTLS1_2_VERSION,
2010 SSL_NOT_DEFAULT | SSL_HIGH,
2011 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2012 128,
2013 128,
2014 },
2015 {
2016 1,
2017 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2018 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2019 SSL_kEDH,
2020 SSL_aNULL,
2021 SSL_CAMELLIA128,
2022 SSL_SHA256,
2023 TLS1_2_VERSION, TLS1_2_VERSION,
2024 DTLS1_2_VERSION, DTLS1_2_VERSION,
2025 SSL_NOT_DEFAULT | SSL_HIGH,
2026 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2027 128,
2028 128,
2029 },
2030 {
2031 1,
2032 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2033 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2034 SSL_kRSA,
2035 SSL_aRSA,
2036 SSL_CAMELLIA256,
2037 SSL_SHA256,
2038 TLS1_2_VERSION, TLS1_2_VERSION,
2039 DTLS1_2_VERSION, DTLS1_2_VERSION,
2040 SSL_NOT_DEFAULT | SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2042 256,
2043 256,
2044 },
2045 {
2046 1,
2047 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2048 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2049 SSL_kEDH,
2050 SSL_aDSS,
2051 SSL_CAMELLIA256,
2052 SSL_SHA256,
2053 TLS1_2_VERSION, TLS1_2_VERSION,
2054 DTLS1_2_VERSION, DTLS1_2_VERSION,
2055 SSL_NOT_DEFAULT | SSL_HIGH,
2056 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2057 256,
2058 256,
2059 },
2060 {
2061 1,
2062 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2063 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2064 SSL_kEDH,
2065 SSL_aRSA,
2066 SSL_CAMELLIA256,
2067 SSL_SHA256,
2068 TLS1_2_VERSION, TLS1_2_VERSION,
2069 DTLS1_2_VERSION, DTLS1_2_VERSION,
2070 SSL_NOT_DEFAULT | SSL_HIGH,
2071 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2072 256,
2073 256,
2074 },
2075 {
2076 1,
2077 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2078 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2079 SSL_kEDH,
2080 SSL_aNULL,
2081 SSL_CAMELLIA256,
2082 SSL_SHA256,
2083 TLS1_2_VERSION, TLS1_2_VERSION,
2084 DTLS1_2_VERSION, DTLS1_2_VERSION,
2085 SSL_NOT_DEFAULT | SSL_HIGH,
2086 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2087 256,
2088 256,
2089 },
2090 {
2091 1,
2092 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2093 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2094 SSL_kRSA,
2095 SSL_aRSA,
2096 SSL_CAMELLIA256,
2097 SSL_SHA1,
2098 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2099 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2100 SSL_NOT_DEFAULT | SSL_HIGH,
2101 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2102 256,
2103 256,
2104 },
2105 {
2106 1,
2107 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2108 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2109 SSL_kDHE,
2110 SSL_aDSS,
2111 SSL_CAMELLIA256,
2112 SSL_SHA1,
2113 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2114 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2115 SSL_NOT_DEFAULT | SSL_HIGH,
2116 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2117 256,
2118 256,
2119 },
2120 {
2121 1,
2122 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2123 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2124 SSL_kDHE,
2125 SSL_aRSA,
2126 SSL_CAMELLIA256,
2127 SSL_SHA1,
2128 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2129 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2130 SSL_NOT_DEFAULT | SSL_HIGH,
2131 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2132 256,
2133 256,
2134 },
2135 {
2136 1,
2137 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2138 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2139 SSL_kDHE,
2140 SSL_aNULL,
2141 SSL_CAMELLIA256,
2142 SSL_SHA1,
2143 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2144 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2145 SSL_NOT_DEFAULT | SSL_HIGH,
2146 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2147 256,
2148 256,
2149 },
2150 {
2151 1,
2152 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2153 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2154 SSL_kRSA,
2155 SSL_aRSA,
2156 SSL_CAMELLIA128,
2157 SSL_SHA1,
2158 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2159 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2160 SSL_NOT_DEFAULT | SSL_HIGH,
2161 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2162 128,
2163 128,
2164 },
2165 {
2166 1,
2167 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2168 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2169 SSL_kDHE,
2170 SSL_aDSS,
2171 SSL_CAMELLIA128,
2172 SSL_SHA1,
2173 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2174 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2175 SSL_NOT_DEFAULT | SSL_HIGH,
2176 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2177 128,
2178 128,
2179 },
2180 {
2181 1,
2182 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2183 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2184 SSL_kDHE,
2185 SSL_aRSA,
2186 SSL_CAMELLIA128,
2187 SSL_SHA1,
2188 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2189 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2190 SSL_NOT_DEFAULT | SSL_HIGH,
2191 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2192 128,
2193 128,
2194 },
2195 {
2196 1,
2197 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2198 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2199 SSL_kDHE,
2200 SSL_aNULL,
2201 SSL_CAMELLIA128,
2202 SSL_SHA1,
2203 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2204 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2205 SSL_NOT_DEFAULT | SSL_HIGH,
2206 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2207 128,
2208 128,
2209 },
2210
2211# ifndef OPENSSL_NO_EC
2212 {
0f113f3e
MC		 2213 1,
2214 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2215 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2216 SSL_kECDHE,
2217 SSL_aECDSA,
2218 SSL_CAMELLIA128,
2219 SSL_SHA256,
3eb2aff4
KR		 2220 TLS1_2_VERSION, TLS1_2_VERSION,
2221 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2222 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2223 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2224 128,
748f2546
RS		 2225 128
2226 },
2227 {
0f113f3e
MC		 2228 1,
2229 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2230 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2231 SSL_kECDHE,
2232 SSL_aECDSA,
2233 SSL_CAMELLIA256,
2234 SSL_SHA384,
3eb2aff4
KR		 2235 TLS1_2_VERSION, TLS1_2_VERSION,
2236 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2237 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2238 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2239 256,
748f2546
RS		 2240 256
2241 },
2242 {
0f113f3e
MC		 2243 1,
2244 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2245 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2246 SSL_kECDHE,
2247 SSL_aRSA,
2248 SSL_CAMELLIA128,
2249 SSL_SHA256,
3eb2aff4
KR		 2250 TLS1_2_VERSION, TLS1_2_VERSION,
2251 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2252 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2253 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2254 128,
748f2546
RS		 2255 128
2256 },
2257 {
0f113f3e
MC		 2258 1,
2259 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2260 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2261 SSL_kECDHE,
2262 SSL_aRSA,
2263 SSL_CAMELLIA256,
2264 SSL_SHA384,
3eb2aff4
KR		 2265 TLS1_2_VERSION, TLS1_2_VERSION,
2266 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2267 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2269 256,
748f2546
RS		 2270 256
2271 },
2272# endif /* OPENSSL_NO_EC */
edc032b5 2273
748f2546
RS		 2274# ifndef OPENSSL_NO_PSK
2275 {
69a3a9f5
DSH		 2276 1,
2277 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2278 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2279 SSL_kPSK,
2280 SSL_aPSK,
2281 SSL_CAMELLIA128,
2282 SSL_SHA256,
3eb2aff4 2283 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2284 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2285 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2287 128,
748f2546
RS		 2288 128
2289 },
2290 {
69a3a9f5
DSH		 2291 1,
2292 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2293 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2294 SSL_kPSK,
2295 SSL_aPSK,
2296 SSL_CAMELLIA256,
2297 SSL_SHA384,
3eb2aff4 2298 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2299 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2300 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2301 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2302 256,
748f2546
RS		 2303 256
2304 },
2305 {
69a3a9f5
DSH		 2306 1,
2307 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2308 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2309 SSL_kDHEPSK,
2310 SSL_aPSK,
2311 SSL_CAMELLIA128,
2312 SSL_SHA256,
3eb2aff4 2313 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2314 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2315 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2317 128,
748f2546
RS		 2318 128
2319 },
2320 {
69a3a9f5
DSH		 2321 1,
2322 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2323 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2324 SSL_kDHEPSK,
2325 SSL_aPSK,
2326 SSL_CAMELLIA256,
2327 SSL_SHA384,
3eb2aff4 2328 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2329 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2330 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2331 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2332 256,
748f2546
RS		 2333 256
2334 },
2335 {
69a3a9f5
DSH		 2336 1,
2337 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2338 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2339 SSL_kRSAPSK,
2340 SSL_aRSA,
2341 SSL_CAMELLIA128,
2342 SSL_SHA256,
3eb2aff4 2343 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2344 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2345 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2346 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2347 128,
748f2546
RS		 2348 128
2349 },
2350 {
69a3a9f5
DSH		 2351 1,
2352 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2353 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2354 SSL_kRSAPSK,
2355 SSL_aRSA,
2356 SSL_CAMELLIA256,
2357 SSL_SHA384,
3eb2aff4 2358 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2359 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2360 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2361 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2362 256,
748f2546
RS		 2363 256
2364 },
176f85a2
DSH		 2365 {
2366 1,
748f2546
RS		 2367 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2368 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2369 SSL_kECDHEPSK,
176f85a2 2370 SSL_aPSK,
748f2546
RS		 2371 SSL_CAMELLIA128,
2372 SSL_SHA256,
2373 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2374 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2375 SSL_NOT_DEFAULT | SSL_HIGH,
748f2546 2376 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2 2377 128,
748f2546
RS		 2378 128
2379 },
176f85a2
DSH		 2380 {
2381 1,
748f2546
RS		 2382 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2383 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2384 SSL_kECDHEPSK,
176f85a2 2385 SSL_aPSK,
748f2546
RS		 2386 SSL_CAMELLIA256,
2387 SSL_SHA384,
2388 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2389 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2390 SSL_NOT_DEFAULT | SSL_HIGH,
748f2546 2391 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
176f85a2 2392 256,
748f2546
RS		 2393 256
2394 },
2395# endif /* OPENSSL_NO_PSK */
176f85a2 2396
748f2546 2397#endif /* OPENSSL_NO_CAMELLIA */
176f85a2 2398
580731af 2399#ifndef OPENSSL_NO_GOST
176f85a2
DSH		 2400 {
2401 1,
748f2546
RS		 2402 "GOST2001-GOST89-GOST89",
2403 0x3000081,
2404 SSL_kGOST,
2405 SSL_aGOST01,
2406 SSL_eGOST2814789CNT,
2407 SSL_GOST89MAC,
2408 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2409 0, 0,
748f2546
RS		 2410 SSL_HIGH,
2411 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
176f85a2 2412 256,
748f2546
RS		 2413 256
2414 },
2415 {
2416 1,
2417 "GOST2001-NULL-GOST94",
2418 0x3000083,
2419 SSL_kGOST,
2420 SSL_aGOST01,
2421 SSL_eNULL,
2422 SSL_GOST94,
2423 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2424 0, 0,
748f2546
RS		 2425 SSL_STRONG_NONE,
2426 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2427 0,
2428 0
2429 },
2430 {
2431 1,
2432 "GOST2012-GOST8912-GOST8912",
2433 0x0300ff85,
2434 SSL_kGOST,
2435 SSL_aGOST12 | SSL_aGOST01,
2436 SSL_eGOST2814789CNT12,
2437 SSL_GOST89MAC12,
2438 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2439 0, 0,
748f2546
RS		 2440 SSL_HIGH,
2441 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
176f85a2 2442 256,
748f2546
RS		 2443 256
2444 },
2445 {
2446 1,
2447 "GOST2012-NULL-GOST12",
2448 0x0300ff87,
2449 SSL_kGOST,
2450 SSL_aGOST12 | SSL_aGOST01,
2451 SSL_eNULL,
2452 SSL_GOST12_256,
2453 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2454 0, 0,
748f2546
RS		 2455 SSL_STRONG_NONE,
2456 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2457 0,
2458 0},
580731af 2459#endif /* OPENSSL_NO_GOST */
176f85a2 2460
748f2546 2461#ifndef OPENSSL_NO_IDEA
176f85a2
DSH		 2462 {
2463 1,
748f2546
RS		 2464 SSL3_TXT_RSA_IDEA_128_SHA,
2465 SSL3_CK_RSA_IDEA_128_SHA,
2466 SSL_kRSA,
2467 SSL_aRSA,
2468 SSL_IDEA,
2469 SSL_SHA1,
2470 SSL3_VERSION, TLS1_1_VERSION,
387cf213 2471 DTLS1_BAD_VER, DTLS1_VERSION,
748f2546
RS		 2472 SSL_NOT_DEFAULT | SSL_MEDIUM,
2473 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2474 128,
2475 128,
2476 },
748f2546 2477#endif
176f85a2 2478
748f2546 2479#ifndef OPENSSL_NO_SEED
176f85a2
DSH		 2480 {
2481 1,
748f2546
RS		 2482 TLS1_TXT_RSA_WITH_SEED_SHA,
2483 TLS1_CK_RSA_WITH_SEED_SHA,
2484 SSL_kRSA,
2485 SSL_aRSA,
2486 SSL_SEED,
2487 SSL_SHA1,
2488 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2489 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2490 SSL_NOT_DEFAULT | SSL_MEDIUM,
2491 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2492 128,
2493 128,
176f85a2 2494 },
176f85a2
DSH		 2495 {
2496 1,
748f2546
RS		 2497 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2498 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2499 SSL_kDHE,
2500 SSL_aDSS,
2501 SSL_SEED,
2502 SSL_SHA1,
2503 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2504 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2505 SSL_NOT_DEFAULT | SSL_MEDIUM,
2506 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2507 128,
2508 128,
2509 },
176f85a2
DSH		 2510 {
2511 1,
748f2546
RS		 2512 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2513 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2514 SSL_kDHE,
2515 SSL_aRSA,
2516 SSL_SEED,
2517 SSL_SHA1,
2518 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2519 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2520 SSL_NOT_DEFAULT | SSL_MEDIUM,
2521 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2522 128,
2523 128,
176f85a2 2524 },
176f85a2
DSH		 2525 {
2526 1,
748f2546
RS		 2527 TLS1_TXT_ADH_WITH_SEED_SHA,
2528 TLS1_CK_ADH_WITH_SEED_SHA,
2529 SSL_kDHE,
2530 SSL_aNULL,
2531 SSL_SEED,
2532 SSL_SHA1,
2533 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2534 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2535 SSL_NOT_DEFAULT | SSL_MEDIUM,
2536 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2537 128,
2538 128,
2539 },
748f2546 2540#endif /* OPENSSL_NO_SEED */
176f85a2 2541
748f2546
RS		 2542#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2543 {
2544 1,
2545 SSL3_TXT_RSA_RC4_128_MD5,
2546 SSL3_CK_RSA_RC4_128_MD5,
2547 SSL_kRSA,
2548 SSL_aRSA,
2549 SSL_RC4,
2550 SSL_MD5,
2551 SSL3_VERSION, TLS1_2_VERSION,
2552 0, 0,
2553 SSL_NOT_DEFAULT | SSL_MEDIUM,
2554 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2555 128,
2556 128,
2557 },
176f85a2
DSH		 2558 {
2559 1,
748f2546
RS		 2560 SSL3_TXT_RSA_RC4_128_SHA,
2561 SSL3_CK_RSA_RC4_128_SHA,
2562 SSL_kRSA,
2563 SSL_aRSA,
2564 SSL_RC4,
2565 SSL_SHA1,
2566 SSL3_VERSION, TLS1_2_VERSION,
2567 0, 0,
2568 SSL_NOT_DEFAULT | SSL_MEDIUM,
2569 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2570 128,
2571 128,
176f85a2 2572 },
176f85a2
DSH		 2573 {
2574 1,
748f2546
RS		 2575 SSL3_TXT_ADH_RC4_128_MD5,
2576 SSL3_CK_ADH_RC4_128_MD5,
2577 SSL_kDHE,
2578 SSL_aNULL,
2579 SSL_RC4,
2580 SSL_MD5,
2581 SSL3_VERSION, TLS1_2_VERSION,
2582 0, 0,
2583 SSL_NOT_DEFAULT | SSL_MEDIUM,
2584 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2585 128,
2586 128,
2587 },
2588
748f2546 2589# ifndef OPENSSL_NO_EC
176f85a2
DSH		 2590 {
2591 1,
748f2546
RS		 2592 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2593 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2594 SSL_kECDHEPSK,
2595 SSL_aPSK,
2596 SSL_RC4,
2597 SSL_SHA1,
2598 SSL3_VERSION, TLS1_2_VERSION,
2599 0, 0,
2600 SSL_NOT_DEFAULT | SSL_MEDIUM,
2601 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2602 128,
2603 128,
176f85a2 2604 },
a76ba82c
AP		 2605 {
2606 1,
748f2546
RS		 2607 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2608 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
a76ba82c 2609 SSL_kECDHE,
748f2546
RS		 2610 SSL_aNULL,
2611 SSL_RC4,
2612 SSL_SHA1,
2613 SSL3_VERSION, TLS1_2_VERSION,
2614 0, 0,
2615 SSL_NOT_DEFAULT | SSL_MEDIUM,
2616 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2617 128,
2618 128,
a76ba82c 2619 },
a76ba82c
AP		 2620 {
2621 1,
748f2546
RS		 2622 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2623 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
a76ba82c
AP		 2624 SSL_kECDHE,
2625 SSL_aECDSA,
748f2546
RS		 2626 SSL_RC4,
2627 SSL_SHA1,
2628 SSL3_VERSION, TLS1_2_VERSION,
2629 0, 0,
2630 SSL_NOT_DEFAULT | SSL_MEDIUM,
2631 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2632 128,
2633 128,
a76ba82c 2634 },
a76ba82c
AP		 2635 {
2636 1,
748f2546
RS		 2637 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2638 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2639 SSL_kECDHE,
a76ba82c 2640 SSL_aRSA,
748f2546
RS		 2641 SSL_RC4,
2642 SSL_SHA1,
2643 SSL3_VERSION, TLS1_2_VERSION,
2644 0, 0,
2645 SSL_NOT_DEFAULT | SSL_MEDIUM,
2646 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2647 128,
2648 128,
a76ba82c 2649 },
748f2546
RS		 2650# endif /* OPENSSL_NO_EC */
2651
a76ba82c 2652# ifndef OPENSSL_NO_PSK
a76ba82c
AP		 2653 {
2654 1,
748f2546
RS		 2655 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2656 TLS1_CK_PSK_WITH_RC4_128_SHA,
a76ba82c
AP		 2657 SSL_kPSK,
2658 SSL_aPSK,
748f2546
RS		 2659 SSL_RC4,
2660 SSL_SHA1,
2661 SSL3_VERSION, TLS1_2_VERSION,
2662 0, 0,
2663 SSL_NOT_DEFAULT | SSL_MEDIUM,
2664 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2665 128,
2666 128,
a76ba82c 2667 },
a76ba82c
AP		 2668 {
2669 1,
748f2546
RS		 2670 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2671 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2672 SSL_kRSAPSK,
2673 SSL_aRSA,
2674 SSL_RC4,
2675 SSL_SHA1,
2676 SSL3_VERSION, TLS1_2_VERSION,
2677 0, 0,
2678 SSL_NOT_DEFAULT | SSL_MEDIUM,
2679 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2680 128,
2681 128,
a76ba82c 2682 },
a76ba82c
AP		 2683 {
2684 1,
748f2546
RS		 2685 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2686 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
a76ba82c
AP		 2687 SSL_kDHEPSK,
2688 SSL_aPSK,
748f2546
RS		 2689 SSL_RC4,
2690 SSL_SHA1,
2691 SSL3_VERSION, TLS1_2_VERSION,
2692 0, 0,
2693 SSL_NOT_DEFAULT | SSL_MEDIUM,
2694 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2695 128,
2696 128,
a76ba82c 2697 },
748f2546
RS		 2698# endif /* OPENSSL_NO_PSK */
2699
2700#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
e44380a9 2701
0f113f3e
MC		 2702};
2703
748f2546
RS		 2704
2705static int cipher_compare(const void *a, const void *b)
2706{
2707 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2708 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2709
2710 return ap->id - bp->id;
2711}
2712
2713void ssl_sort_cipher_list(void)
2714{
2715 qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
2716 cipher_compare);
2717}
2718
2719
0f113f3e
MC		 2720const SSL3_ENC_METHOD SSLv3_enc_data = {
2721 ssl3_enc,
2722 n_ssl3_mac,
2723 ssl3_setup_key_block,
2724 ssl3_generate_master_secret,
2725 ssl3_change_cipher_state,
2726 ssl3_final_finish_mac,
2727 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
0f113f3e
MC		 2728 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2729 SSL3_MD_SERVER_FINISHED_CONST, 4,
2730 ssl3_alert_code,
2731 (int (*)(SSL *, unsigned char *, size_t, const char *,
2732 size_t, const unsigned char *, size_t,
2733 int use_context))ssl_undefined_function,
2734 0,
2735 SSL3_HM_HEADER_LENGTH,
2736 ssl3_set_handshake_header,
2737 ssl3_handshake_write
2738};
58964a49 2739
f3b656b2 2740long ssl3_default_timeout(void)
0f113f3e
MC		 2741{
2742 /*
2743 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2744 * http, the cache would over fill
2745 */
2746 return (60 * 60 * 2);
2747}
d02b48c6 2748
6b691a5c 2749int ssl3_num_ciphers(void)
0f113f3e
MC		 2750{
2751 return (SSL3_NUM_CIPHERS);
2752}
d02b48c6 2753
babb3798 2754const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
0f113f3e
MC		 2755{
2756 if (u < SSL3_NUM_CIPHERS)
2757 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2758 else
2759 return (NULL);
2760}
d02b48c6 2761
77d514c5 2762int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
0f113f3e
MC		 2763{
2764 unsigned char *p = (unsigned char *)s->init_buf->data;
2765 *(p++) = htype;
2766 l2n3(len, p);
2767 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2768 s->init_off = 0;
77d514c5
MC		 2769
2770 return 1;
0f113f3e 2771}
173e72e6
DSH		 2772
2773int ssl3_handshake_write(SSL *s)
0f113f3e
MC		 2774{
2775 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2776}
173e72e6 2777
6b691a5c 2778int ssl3_new(SSL *s)
0f113f3e
MC		 2779{
2780 SSL3_STATE *s3;
d02b48c6 2781
b51bce94 2782 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
0f113f3e 2783 goto err;
0f113f3e 2784 s->s3 = s3;
1e0784ff 2785
edc032b5 2786#ifndef OPENSSL_NO_SRP
61986d32 2787 if (!SSL_SRP_CTX_init(s))
69f68237 2788 goto err;
edc032b5 2789#endif
0f113f3e
MC		 2790 s->method->ssl_clear(s);
2791 return (1);
2792 err:
2793 return (0);
2794}
d02b48c6 2795
6b691a5c 2796void ssl3_free(SSL *s)
0f113f3e 2797{
a60c151a 2798 if (s == NULL || s->s3 == NULL)
0f113f3e 2799 return;
e03ddfae 2800
0f113f3e 2801 ssl3_cleanup_key_block(s);
8d92c1f8 2802
fb79abe3 2803#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
61dd9f7a
DSH		 2804 EVP_PKEY_free(s->s3->peer_tmp);
2805 s->s3->peer_tmp = NULL;
b22d7113
DSH		 2806 EVP_PKEY_free(s->s3->tmp.pkey);
2807 s->s3->tmp.pkey = NULL;
ea262260
BM		 2808#endif
2809
222561fe 2810 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
76106e60
DSH		 2811 OPENSSL_free(s->s3->tmp.ciphers_raw);
2812 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2813 OPENSSL_free(s->s3->tmp.peer_sigalgs);
85fb6fda 2814 ssl3_free_digest_list(s);
25aaa98a 2815 OPENSSL_free(s->s3->alpn_selected);
817cd0d5 2816 OPENSSL_free(s->s3->alpn_proposed);
6f017a8f 2817
edc032b5 2818#ifndef OPENSSL_NO_SRP
0f113f3e 2819 SSL_SRP_CTX_free(s);
edc032b5 2820#endif
b4faea50 2821 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
0f113f3e
MC		 2822 s->s3 = NULL;
2823}
d02b48c6 2824
6b691a5c 2825void ssl3_clear(SSL *s)
0f113f3e 2826{
0f113f3e 2827 ssl3_cleanup_key_block(s);
222561fe 2828 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
76106e60 2829 OPENSSL_free(s->s3->tmp.ciphers_raw);
76106e60 2830 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
76106e60 2831 OPENSSL_free(s->s3->tmp.peer_sigalgs);
d02b48c6 2832
fb79abe3 2833#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
b22d7113 2834 EVP_PKEY_free(s->s3->tmp.pkey);
61dd9f7a 2835 EVP_PKEY_free(s->s3->peer_tmp);
e481f9b9 2836#endif /* !OPENSSL_NO_EC */
0f113f3e 2837
85fb6fda 2838 ssl3_free_digest_list(s);
e481f9b9 2839
817cd0d5
TS		 2840 OPENSSL_free(s->s3->alpn_selected);
2841 OPENSSL_free(s->s3->alpn_proposed);
e481f9b9 2842
817cd0d5 2843 /* NULL/zero-out everything in the s3 struct */
b4faea50 2844 memset(s->s3, 0, sizeof(*s->s3));
0f113f3e
MC		 2845
2846 ssl_free_wbio_buffer(s);
2847
0f113f3e 2848 s->version = SSL3_VERSION;
ee2ffc27 2849
e481f9b9 2850#if !defined(OPENSSL_NO_NEXTPROTONEG)
b548a1f1
RS		 2851 OPENSSL_free(s->next_proto_negotiated);
2852 s->next_proto_negotiated = NULL;
2853 s->next_proto_negotiated_len = 0;
ee2ffc27 2854#endif
0f113f3e 2855}
d02b48c6 2856
edc032b5 2857#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 2858static char *srp_password_from_info_cb(SSL *s, void *arg)
2859{
7644a9ae 2860 return OPENSSL_strdup(s->srp_ctx.info);
0f113f3e 2861}
edc032b5
BL		 2862#endif
2863
0f113f3e
MC		 2864static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
2865 size_t len);
9f27b1ee 2866
a661b653 2867long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
0f113f3e
MC		 2868{
2869 int ret = 0;
58964a49 2870
0f113f3e 2871 switch (cmd) {
0f113f3e
MC		 2872 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2873 break;
2874 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2875 ret = s->s3->num_renegotiations;
2876 break;
2877 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2878 ret = s->s3->num_renegotiations;
2879 s->s3->num_renegotiations = 0;
2880 break;
2881 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2882 ret = s->s3->total_renegotiations;
2883 break;
2884 case SSL_CTRL_GET_FLAGS:
2885 ret = (int)(s->s3->flags);
2886 break;
bc36ee62 2887#ifndef OPENSSL_NO_DH
0f113f3e
MC		 2888 case SSL_CTRL_SET_TMP_DH:
2889 {
2890 DH *dh = (DH *)parg;
e2b420fd 2891 EVP_PKEY *pkdh = NULL;
0f113f3e
MC		 2892 if (dh == NULL) {
2893 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2894 return (ret);
2895 }
e2b420fd
DSH		 2896 pkdh = ssl_dh_to_pkey(dh);
2897 if (pkdh == NULL) {
2898 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2899 return 0;
2900 }
0f113f3e 2901 if (!ssl_security(s, SSL_SECOP_TMP_DH,
e2b420fd 2902 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
0f113f3e 2903 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
e2b420fd
DSH		 2904 EVP_PKEY_free(pkdh);
2905 return ret;
0f113f3e 2906 }
e2b420fd
DSH		 2907 EVP_PKEY_free(s->cert->dh_tmp);
2908 s->cert->dh_tmp = pkdh;
0f113f3e
MC		 2909 ret = 1;
2910 }
2911 break;
2912 case SSL_CTRL_SET_TMP_DH_CB:
2913 {
2914 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2915 return (ret);
2916 }
0f113f3e
MC		 2917 case SSL_CTRL_SET_DH_AUTO:
2918 s->cert->dh_tmp_auto = larg;
2919 return 1;
d3442bc7 2920#endif
10bf4fc2 2921#ifndef OPENSSL_NO_EC
0f113f3e
MC		 2922 case SSL_CTRL_SET_TMP_ECDH:
2923 {
6977e8ee
KR		 2924 const EC_GROUP *group = NULL;
2925 int nid;
0f113f3e
MC		 2926
2927 if (parg == NULL) {
2928 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
6977e8ee 2929 return 0;
0f113f3e 2930 }
6977e8ee
KR		 2931 group = EC_KEY_get0_group((const EC_KEY *)parg);
2932 if (group == NULL) {
2933 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
2934 return 0;
0f113f3e 2935 }
6977e8ee
KR		 2936 nid = EC_GROUP_get_curve_name(group);
2937 if (nid == NID_undef)
2938 return 0;
2939 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
2940 &s->tlsext_ellipticcurvelist_length,
2941 &nid, 1);
0f113f3e
MC		 2942 }
2943 break;
10bf4fc2 2944#endif /* !OPENSSL_NO_EC */
0f113f3e
MC		 2945 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2946 if (larg == TLSEXT_NAMETYPE_host_name) {
0982ecaa
VD		 2947 size_t len;
2948
b548a1f1 2949 OPENSSL_free(s->tlsext_hostname);
0f113f3e
MC		 2950 s->tlsext_hostname = NULL;
2951
2952 ret = 1;
2953 if (parg == NULL)
2954 break;
0982ecaa
VD		 2955 len = strlen((char *)parg);
2956 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
0f113f3e
MC		 2957 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2958 return 0;
2959 }
7644a9ae 2960 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
0f113f3e
MC		 2961 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2962 return 0;
2963 }
2964 } else {
2965 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2966 return 0;
2967 }
2968 break;
2969 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2970 s->tlsext_debug_arg = parg;
2971 ret = 1;
2972 break;
2973
4300aaf3 2974 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
93a9d597 2975 ret = s->tlsext_status_type;
4300aaf3
AG		 2976 break;
2977
0f113f3e
MC		 2978 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2979 s->tlsext_status_type = larg;
2980 ret = 1;
2981 break;
2982
2983 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2984 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2985 ret = 1;
2986 break;
2987
2988 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2989 s->tlsext_ocsp_exts = parg;
2990 ret = 1;
2991 break;
2992
2993 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2994 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2995 ret = 1;
2996 break;
2997
2998 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2999 s->tlsext_ocsp_ids = parg;
3000 ret = 1;
3001 break;
3002
3003 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3004 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3005 return s->tlsext_ocsp_resplen;
3006
3007 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
b548a1f1 3008 OPENSSL_free(s->tlsext_ocsp_resp);
0f113f3e
MC		 3009 s->tlsext_ocsp_resp = parg;
3010 s->tlsext_ocsp_resplen = larg;
3011 ret = 1;
3012 break;
3013
e481f9b9 3014#ifndef OPENSSL_NO_HEARTBEATS
22e3dcb7 3015 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
0f113f3e
MC		 3016 if (SSL_IS_DTLS(s))
3017 ret = dtls1_heartbeat(s);
0f113f3e
MC		 3018 break;
3019
22e3dcb7
RS		 3020 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3021 if (SSL_IS_DTLS(s))
3022 ret = s->tlsext_hb_pending;
0f113f3e
MC		 3023 break;
3024
22e3dcb7
RS		 3025 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3026 if (SSL_IS_DTLS(s)) {
3027 if (larg)
3028 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3029 else
3030 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3031 ret = 1;
3032 }
0f113f3e 3033 break;
e481f9b9 3034#endif
0f113f3e
MC		 3035
3036 case SSL_CTRL_CHAIN:
3037 if (larg)
3038 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3039 else
3040 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3041
3042 case SSL_CTRL_CHAIN_CERT:
3043 if (larg)
3044 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3045 else
3046 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3047
3048 case SSL_CTRL_GET_CHAIN_CERTS:
3049 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3050 break;
3051
3052 case SSL_CTRL_SELECT_CURRENT_CERT:
3053 return ssl_cert_select_current(s->cert, (X509 *)parg);
3054
3055 case SSL_CTRL_SET_CURRENT_CERT:
3056 if (larg == SSL_CERT_SET_SERVER) {
3057 CERT_PKEY *cpk;
3058 const SSL_CIPHER *cipher;
3059 if (!s->server)
3060 return 0;
3061 cipher = s->s3->tmp.new_cipher;
3062 if (!cipher)
3063 return 0;
3064 /*
3065 * No certificate for unauthenticated ciphersuites or using SRP
3066 * authentication
3067 */
3068 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3069 return 2;
3070 cpk = ssl_get_server_send_pkey(s);
3071 if (!cpk)
3072 return 0;
3073 s->cert->key = cpk;
3074 return 1;
3075 }
3076 return ssl_cert_set_current(s->cert, larg);
0f78819c 3077
14536c8c 3078#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3079 case SSL_CTRL_GET_CURVES:
3080 {
3081 unsigned char *clist;
3082 size_t clistlen;
3083 if (!s->session)
3084 return 0;
3085 clist = s->session->tlsext_ellipticcurvelist;
3086 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3087 if (parg) {
3088 size_t i;
3089 int *cptr = parg;
3090 unsigned int cid, nid;
3091 for (i = 0; i < clistlen; i++) {
3092 n2s(clist, cid);
ec24630a 3093 nid = tls1_ec_curve_id2nid(cid, NULL);
0f113f3e
MC		 3094 if (nid != 0)
3095 cptr[i] = nid;
3096 else
3097 cptr[i] = TLSEXT_nid_unknown | cid;
3098 }
3099 }
3100 return (int)clistlen;
3101 }
3102
3103 case SSL_CTRL_SET_CURVES:
3104 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3105 &s->tlsext_ellipticcurvelist_length,
3106 parg, larg);
3107
3108 case SSL_CTRL_SET_CURVES_LIST:
3109 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3110 &s->tlsext_ellipticcurvelist_length,
3111 parg);
3112
3113 case SSL_CTRL_GET_SHARED_CURVE:
3114 return tls1_shared_curve(s, larg);
3115
14536c8c 3116#endif
0f113f3e
MC		 3117 case SSL_CTRL_SET_SIGALGS:
3118 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3119
3120 case SSL_CTRL_SET_SIGALGS_LIST:
3121 return tls1_set_sigalgs_list(s->cert, parg, 0);
3122
3123 case SSL_CTRL_SET_CLIENT_SIGALGS:
3124 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3125
3126 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3127 return tls1_set_sigalgs_list(s->cert, parg, 1);
3128
3129 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3130 {
3131 const unsigned char **pctype = parg;
3132 if (s->server || !s->s3->tmp.cert_req)
3133 return 0;
3134 if (s->cert->ctypes) {
3135 if (pctype)
3136 *pctype = s->cert->ctypes;
3137 return (int)s->cert->ctype_num;
3138 }
3139 if (pctype)
3140 *pctype = (unsigned char *)s->s3->tmp.ctype;
3141 return s->s3->tmp.ctype_num;
3142 }
3143
3144 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3145 if (!s->server)
3146 return 0;
3147 return ssl3_set_req_cert_type(s->cert, parg, larg);
3148
3149 case SSL_CTRL_BUILD_CERT_CHAIN:
3150 return ssl_build_cert_chain(s, NULL, larg);
3151
3152 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3153 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3154
3155 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3156 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3157
3158 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3159 if (SSL_USE_SIGALGS(s)) {
389ebcec 3160 if (s->session) {
0f113f3e 3161 const EVP_MD *sig;
d376e57d 3162 sig = s->s3->tmp.peer_md;
0f113f3e
MC		 3163 if (sig) {
3164 *(int *)parg = EVP_MD_type(sig);
3165 return 1;
3166 }
3167 }
3168 return 0;
3169 }
3170 /* Might want to do something here for other versions */
3171 else
3172 return 0;
3173
3174 case SSL_CTRL_GET_SERVER_TMP_KEY:
fb79abe3
DSH		 3175#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3176 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
0f113f3e 3177 return 0;
fb79abe3
DSH		 3178 } else {
3179 EVP_PKEY_up_ref(s->s3->peer_tmp);
3180 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3181 return 1;
0f113f3e 3182 }
fb79abe3
DSH		 3183#else
3184 return 0;
3185#endif
14536c8c 3186#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3187 case SSL_CTRL_GET_EC_POINT_FORMATS:
3188 {
3189 SSL_SESSION *sess = s->session;
3190 const unsigned char **pformat = parg;
3191 if (!sess || !sess->tlsext_ecpointformatlist)
3192 return 0;
3193 *pformat = sess->tlsext_ecpointformatlist;
3194 return (int)sess->tlsext_ecpointformatlist_length;
3195 }
14536c8c 3196#endif
cf6da053 3197
0f113f3e
MC		 3198 default:
3199 break;
3200 }
3201 return (ret);
3202}
3203
3204long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3205{
3206 int ret = 0;
d3442bc7 3207
0f113f3e 3208 switch (cmd) {
bc36ee62 3209#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3210 case SSL_CTRL_SET_TMP_DH_CB:
3211 {
3212 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3213 }
3214 break;
6434abbf 3215#endif
0f113f3e
MC		 3216 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3217 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
b6981744 3218 const unsigned char *, int, void *))fp;
0f113f3e 3219 break;
e481f9b9 3220
0f113f3e
MC		 3221 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3222 {
3223 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3224 }
3225 break;
3226 default:
3227 break;
3228 }
3229 return (ret);
3230}
d02b48c6 3231
a661b653 3232long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
0f113f3e 3233{
0f113f3e 3234 switch (cmd) {
bc36ee62 3235#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3236 case SSL_CTRL_SET_TMP_DH:
3237 {
e2b420fd
DSH		 3238 DH *dh = (DH *)parg;
3239 EVP_PKEY *pkdh = NULL;
3240 if (dh == NULL) {
3241 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
0f113f3e
MC		 3242 return 0;
3243 }
e2b420fd
DSH		 3244 pkdh = ssl_dh_to_pkey(dh);
3245 if (pkdh == NULL) {
3246 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 3247 return 0;
3248 }
e2b420fd
DSH		 3249 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3250 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3251 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3252 EVP_PKEY_free(pkdh);
3253 return 1;
0f113f3e 3254 }
e2b420fd
DSH		 3255 EVP_PKEY_free(ctx->cert->dh_tmp);
3256 ctx->cert->dh_tmp = pkdh;
0f113f3e
MC		 3257 return 1;
3258 }
3259 /*
3260 * break;
3261 */
3262 case SSL_CTRL_SET_TMP_DH_CB:
3263 {
3264 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3265 return (0);
3266 }
0f113f3e
MC		 3267 case SSL_CTRL_SET_DH_AUTO:
3268 ctx->cert->dh_tmp_auto = larg;
3269 return 1;
d02b48c6 3270#endif
10bf4fc2 3271#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3272 case SSL_CTRL_SET_TMP_ECDH:
3273 {
6977e8ee
KR		 3274 const EC_GROUP *group = NULL;
3275 int nid;
0f113f3e
MC		 3276
3277 if (parg == NULL) {
6977e8ee 3278 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
0f113f3e
MC		 3279 return 0;
3280 }
6977e8ee
KR		 3281 group = EC_KEY_get0_group((const EC_KEY *)parg);
3282 if (group == NULL) {
3283 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
0f113f3e
MC		 3284 return 0;
3285 }
6977e8ee
KR		 3286 nid = EC_GROUP_get_curve_name(group);
3287 if (nid == NID_undef)
3288 return 0;
3289 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3290 &ctx->tlsext_ellipticcurvelist_length,
3291 &nid, 1);
0f113f3e
MC		 3292 }
3293 /* break; */
10bf4fc2 3294#endif /* !OPENSSL_NO_EC */
0f113f3e
MC		 3295 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3296 ctx->tlsext_servername_arg = parg;
3297 break;
3298 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3299 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3300 {
3301 unsigned char *keys = parg;
4e2e1ec9 3302 long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
d139723b
KR		 3303 sizeof(ctx->tlsext_tick_hmac_key) + sizeof(ctx->tlsext_tick_aes_key));
3304 if (keys == NULL)
4e2e1ec9
TS		 3305 return tlsext_tick_keylen;
3306 if (larg != tlsext_tick_keylen) {
0f113f3e
MC		 3307 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3308 return 0;
3309 }
3310 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
4e2e1ec9
TS		 3311 memcpy(ctx->tlsext_tick_key_name, keys,
3312 sizeof(ctx->tlsext_tick_key_name));
3313 memcpy(ctx->tlsext_tick_hmac_key,
3314 keys + sizeof(ctx->tlsext_tick_key_name),
3315 sizeof(ctx->tlsext_tick_hmac_key));
3316 memcpy(ctx->tlsext_tick_aes_key,
3317 keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
3318 sizeof(ctx->tlsext_tick_aes_key));
0f113f3e 3319 } else {
4e2e1ec9
TS		 3320 memcpy(keys, ctx->tlsext_tick_key_name,
3321 sizeof(ctx->tlsext_tick_key_name));
3322 memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
3323 ctx->tlsext_tick_hmac_key,
3324 sizeof(ctx->tlsext_tick_hmac_key));
3325 memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
3326 ctx->tlsext_tick_aes_key,
3327 sizeof(ctx->tlsext_tick_aes_key));
0f113f3e
MC		 3328 }
3329 return 1;
3330 }
3331
30b96765
MC		 3332 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3333 return ctx->tlsext_status_type;
3334
ba261f71 3335 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3336 ctx->tlsext_status_type = larg;
3337 break;
3338
0f113f3e
MC		 3339 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3340 ctx->tlsext_status_arg = parg;
3341 return 1;
0f113f3e 3342
fddfc0af
RG		 3343 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3344 *(void**)parg = ctx->tlsext_status_arg;
3345 break;
3346
3347 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3348 *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb;
3349 break;
3350
e481f9b9 3351#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3352 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3353 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
b548a1f1 3354 OPENSSL_free(ctx->srp_ctx.login);
0f113f3e
MC		 3355 ctx->srp_ctx.login = NULL;
3356 if (parg == NULL)
3357 break;
3358 if (strlen((const char *)parg) > 255
3359 || strlen((const char *)parg) < 1) {
3360 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3361 return 0;
3362 }
7644a9ae 3363 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
0f113f3e
MC		 3364 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3365 return 0;
3366 }
3367 break;
3368 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3369 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3370 srp_password_from_info_cb;
3371 ctx->srp_ctx.info = parg;
3372 break;
3373 case SSL_CTRL_SET_SRP_ARG:
3374 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3375 ctx->srp_ctx.SRP_cb_arg = parg;
3376 break;
3377
3378 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3379 ctx->srp_ctx.strength = larg;
3380 break;
e481f9b9 3381#endif
0f113f3e 3382
e481f9b9 3383#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3384 case SSL_CTRL_SET_CURVES:
3385 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3386 &ctx->tlsext_ellipticcurvelist_length,
3387 parg, larg);
3388
3389 case SSL_CTRL_SET_CURVES_LIST:
3390 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3391 &ctx->tlsext_ellipticcurvelist_length,
3392 parg);
e481f9b9 3393#endif
0f113f3e
MC		 3394 case SSL_CTRL_SET_SIGALGS:
3395 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3396
3397 case SSL_CTRL_SET_SIGALGS_LIST:
3398 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3399
3400 case SSL_CTRL_SET_CLIENT_SIGALGS:
3401 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3402
3403 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3404 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3405
3406 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3407 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3408
3409 case SSL_CTRL_BUILD_CERT_CHAIN:
3410 return ssl_build_cert_chain(NULL, ctx, larg);
3411
3412 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3413 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3414
3415 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3416 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3417
0f113f3e
MC		 3418 /* A Thawte special :-) */
3419 case SSL_CTRL_EXTRA_CHAIN_CERT:
3420 if (ctx->extra_certs == NULL) {
3c82e437
F		 3421 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3422 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3423 return 0;
3424 }
3425 }
3426 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3427 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3428 return 0;
0f113f3e 3429 }
0f113f3e
MC		 3430 break;
3431
3432 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3433 if (ctx->extra_certs == NULL && larg == 0)
3434 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3435 else
3436 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3437 break;
3438
3439 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
222561fe
RS		 3440 sk_X509_pop_free(ctx->extra_certs, X509_free);
3441 ctx->extra_certs = NULL;
0f113f3e
MC		 3442 break;
3443
3444 case SSL_CTRL_CHAIN:
3445 if (larg)
3446 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3447 else
3448 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3449
3450 case SSL_CTRL_CHAIN_CERT:
3451 if (larg)
3452 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3453 else
3454 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3455
3456 case SSL_CTRL_GET_CHAIN_CERTS:
3457 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3458 break;
3459
3460 case SSL_CTRL_SELECT_CURRENT_CERT:
3461 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3462
3463 case SSL_CTRL_SET_CURRENT_CERT:
3464 return ssl_cert_set_current(ctx->cert, larg);
3465
3466 default:
3467 return (0);
3468 }
3469 return (1);
3470}
3471
3472long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3473{
0f113f3e 3474 switch (cmd) {
bc36ee62 3475#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3476 case SSL_CTRL_SET_TMP_DH_CB:
3477 {
8ca8fc48 3478 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
0f113f3e
MC		 3479 }
3480 break;
ed3883d2 3481#endif
0f113f3e
MC		 3482 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3483 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3484 break;
3485
0f113f3e
MC		 3486 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3487 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3488 break;
3489
3490 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3491 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3492 unsigned char *,
3493 EVP_CIPHER_CTX *,
3494 HMAC_CTX *, int))fp;
3495 break;
3496
e481f9b9 3497#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3498 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3499 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3500 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3501 break;
3502 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3503 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3504 ctx->srp_ctx.TLS_ext_srp_username_callback =
3505 (int (*)(SSL *, int *, void *))fp;
3506 break;
3507 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3508 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3509 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3510 (char *(*)(SSL *, void *))fp;
3511 break;
761772d7 3512#endif
0f113f3e
MC		 3513 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3514 {
3515 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3516 }
3517 break;
3518 default:
3519 return (0);
3520 }
3521 return (1);
3522}
761772d7 3523
0f113f3e
MC		 3524/*
3525 * This function needs to check if the ciphers required are actually
3526 * available
3527 */
babb3798 3528const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
0f113f3e
MC		 3529{
3530 SSL_CIPHER c;
3531 const SSL_CIPHER *cp;
90d9e49a 3532 uint32_t id;
0f113f3e 3533
90d9e49a 3534 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
0f113f3e
MC		 3535 c.id = id;
3536 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
0f113f3e
MC		 3537 return cp;
3538}
d02b48c6 3539
6b691a5c 3540int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
0f113f3e
MC		 3541{
3542 long l;
3543
3544 if (p != NULL) {
3545 l = c->id;
3546 if ((l & 0xff000000) != 0x03000000)
3547 return (0);
3548 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3549 p[1] = ((unsigned char)(l)) & 0xFF;
3550 }
3551 return (2);
3552}
d02b48c6 3553
3eb2aff4
KR		 3554/*
3555 * ssl3_choose_cipher - choose a cipher from those offered by the client
3556 * @s: SSL connection
3557 * @clnt: ciphers offered by the client
3558 * @srvr: ciphers enabled on the server?
3559 *
3560 * Returns the selected cipher or NULL when no common ciphers.
3561 */
4a640fb6 3562const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
0f113f3e
MC		 3563 STACK_OF(SSL_CIPHER) *srvr)
3564{
4a640fb6 3565 const SSL_CIPHER *c, *ret = NULL;
0f113f3e
MC		 3566 STACK_OF(SSL_CIPHER) *prio, *allow;
3567 int i, ii, ok;
361a1191 3568 unsigned long alg_k, alg_a, mask_k, mask_a;
d02b48c6 3569
0f113f3e 3570 /* Let's see which ciphers we can support */
d02b48c6 3571
836f9960 3572#if 0
0f113f3e
MC		 3573 /*
3574 * Do not set the compare functions, because this may lead to a
3575 * reordering by "id". We want to keep the original ordering. We may pay
3576 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3577 * pay with the price of sk_SSL_CIPHER_dup().
3578 */
3579 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3580 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
836f9960 3581#endif
d02b48c6 3582
f415fa32 3583#ifdef CIPHER_DEBUG
0f113f3e
MC		 3584 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3585 (void *)srvr);
3586 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3587 c = sk_SSL_CIPHER_value(srvr, i);
3588 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3589 }
3590 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3591 (void *)clnt);
3592 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3593 c = sk_SSL_CIPHER_value(clnt, i);
3594 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3595 }
f415fa32
BL		 3596#endif
3597
0f113f3e
MC		 3598 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3599 prio = srvr;
3600 allow = clnt;
3601 } else {
3602 prio = clnt;
3603 allow = srvr;
3604 }
3605
3606 tls1_set_cert_validity(s);
2cf28d61 3607 ssl_set_masks(s);
0f113f3e
MC		 3608
3609 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3610 c = sk_SSL_CIPHER_value(prio, i);
3611
3eb2aff4
KR		 3612 /* Skip ciphers not supported by the protocol version */
3613 if (!SSL_IS_DTLS(s) &&
3614 ((s->version < c->min_tls) || (s->version > c->max_tls)))
0f113f3e 3615 continue;
3eb2aff4
KR		 3616 if (SSL_IS_DTLS(s) &&
3617 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3618 DTLS_VERSION_GT(s->version, c->max_dtls)))
2b573382 3619 continue;
0f113f3e 3620
4d69f9e6
DSH		 3621 mask_k = s->s3->tmp.mask_k;
3622 mask_a = s->s3->tmp.mask_a;
edc032b5 3623#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3624 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3625 mask_k |= SSL_kSRP;
0f113f3e 3626 mask_a |= SSL_aSRP;
0f113f3e 3627 }
edc032b5 3628#endif
0f113f3e 3629
0f113f3e
MC		 3630 alg_k = c->algorithm_mkey;
3631 alg_a = c->algorithm_auth;
52b8dad8 3632
ddac1974 3633#ifndef OPENSSL_NO_PSK
0f113f3e 3634 /* with PSK there must be server callback set */
fe5eef3a 3635 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
0f113f3e
MC		 3636 continue;
3637#endif /* OPENSSL_NO_PSK */
3638
361a1191 3639 ok = (alg_k & mask_k) && (alg_a & mask_a);
d02b48c6 3640#ifdef CIPHER_DEBUG
361a1191
KR		 3641 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3642 alg_a, mask_k, mask_a, (void *)c, c->name);
d02b48c6 3643#endif
d02b48c6 3644
0f113f3e 3645# ifndef OPENSSL_NO_EC
0f113f3e
MC		 3646 /*
3647 * if we are considering an ECC cipher suite that uses an ephemeral
3648 * EC key check it
3649 */
3650 if (alg_k & SSL_kECDHE)
3651 ok = ok && tls1_check_ec_tmp_key(s, c->id);
0f113f3e 3652# endif /* OPENSSL_NO_EC */
0f113f3e
MC		 3653
3654 if (!ok)
3655 continue;
3656 ii = sk_SSL_CIPHER_find(allow, c);
3657 if (ii >= 0) {
3658 /* Check security callback permits this cipher */
3659 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4a640fb6 3660 c->strength_bits, 0, (void *)c))
0f113f3e 3661 continue;
e481f9b9 3662#if !defined(OPENSSL_NO_EC)
0f113f3e
MC		 3663 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3664 && s->s3->is_probably_safari) {
3665 if (!ret)
3666 ret = sk_SSL_CIPHER_value(allow, ii);
3667 continue;
3668 }
d89cd382 3669#endif
0f113f3e
MC		 3670 ret = sk_SSL_CIPHER_value(allow, ii);
3671 break;
3672 }
3673 }
3674 return (ret);
3675}
d02b48c6 3676
6b691a5c 3677int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
0f113f3e
MC		 3678{
3679 int ret = 0;
90d9e49a 3680 uint32_t alg_k, alg_a = 0;
0f113f3e
MC		 3681
3682 /* If we have custom certificate types set, use them */
3683 if (s->cert->ctypes) {
3684 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
3685 return (int)s->cert->ctype_num;
3686 }
3687 /* Get mask of algorithms disabled by signature list */
3688 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
0f113f3e
MC		 3689
3690 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
d02b48c6 3691
caa97ef1 3692#ifndef OPENSSL_NO_GOST
0f113f3e
MC		 3693 if (s->version >= TLS1_VERSION) {
3694 if (alg_k & SSL_kGOST) {
0f113f3e 3695 p[ret++] = TLS_CT_GOST01_SIGN;
e44380a9
DB		 3696 p[ret++] = TLS_CT_GOST12_SIGN;
3697 p[ret++] = TLS_CT_GOST12_512_SIGN;
0f113f3e
MC		 3698 return (ret);
3699 }
3700 }
caa97ef1
DSH		 3701#endif
3702
bc71f910 3703 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
bc36ee62 3704#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3705# ifndef OPENSSL_NO_RSA
3706 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3707# endif
3708# ifndef OPENSSL_NO_DSA
3709 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3710# endif
0f113f3e 3711#endif /* !OPENSSL_NO_DH */
1e0784ff 3712 }
bc36ee62 3713#ifndef OPENSSL_NO_RSA
0f113f3e
MC		 3714 if (!(alg_a & SSL_aRSA))
3715 p[ret++] = SSL3_CT_RSA_SIGN;
d02b48c6 3716#endif
bc36ee62 3717#ifndef OPENSSL_NO_DSA
0f113f3e
MC		 3718 if (!(alg_a & SSL_aDSS))
3719 p[ret++] = SSL3_CT_DSS_SIGN;
dfeab068 3720#endif
10bf4fc2 3721#ifndef OPENSSL_NO_EC
0f113f3e 3722 /*
c66ce5eb 3723 * ECDSA certs can be used with RSA cipher suites too so we don't
0f113f3e
MC		 3724 * need to check for SSL_kECDH or SSL_kECDHE
3725 */
3726 if (s->version >= TLS1_VERSION) {
3727 if (!(alg_a & SSL_aECDSA))
3728 p[ret++] = TLS_CT_ECDSA_SIGN;
3729 }
3730#endif
3731 return (ret);
3732}
d02b48c6 3733
9f27b1ee 3734static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
0f113f3e 3735{
b548a1f1
RS		 3736 OPENSSL_free(c->ctypes);
3737 c->ctypes = NULL;
0f113f3e
MC		 3738 if (!p || !len)
3739 return 1;
3740 if (len > 0xff)
3741 return 0;
3742 c->ctypes = OPENSSL_malloc(len);
a71edf3b 3743 if (c->ctypes == NULL)
0f113f3e
MC		 3744 return 0;
3745 memcpy(c->ctypes, p, len);
3746 c->ctype_num = len;
3747 return 1;
3748}
9f27b1ee 3749
6b691a5c 3750int ssl3_shutdown(SSL *s)
0f113f3e
MC		 3751{
3752 int ret;
3753
3754 /*
3755 * Don't do anything much if we have not done the handshake or we don't
3756 * want to send messages :-)
3757 */
c874def6 3758 if (s->quiet_shutdown || SSL_in_before(s)) {
0f113f3e
MC		 3759 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3760 return (1);
3761 }
3762
3763 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3764 s->shutdown |= SSL_SENT_SHUTDOWN;
0f113f3e 3765 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
0f113f3e
MC		 3766 /*
3767 * our shutdown alert has been sent now, and if it still needs to be
3768 * written, s->s3->alert_dispatch will be true
3769 */
3770 if (s->s3->alert_dispatch)
3771 return (-1); /* return WANT_WRITE */
3772 } else if (s->s3->alert_dispatch) {
3773 /* resend it if not sent */
0f113f3e
MC		 3774 ret = s->method->ssl_dispatch_alert(s);
3775 if (ret == -1) {
3776 /*
3777 * we only get to return -1 here the 2nd/Nth invocation, we must
8483a003 3778 * have already signalled return 0 upon a previous invocation,
0f113f3e
MC		 3779 * return WANT_WRITE
3780 */
3781 return (ret);
3782 }
0f113f3e
MC		 3783 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3784 /*
3785 * If we are waiting for a close from our peer, we are closed
3786 */
657da85e 3787 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
0f113f3e
MC		 3788 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3789 return (-1); /* return WANT_READ */
3790 }
3791 }
3792
3793 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3794 !s->s3->alert_dispatch)
3795 return (1);
3796 else
3797 return (0);
3798}
d02b48c6 3799
61f5b6f3 3800int ssl3_write(SSL *s, const void *buf, int len)
0f113f3e 3801{
0f113f3e
MC		 3802 clear_sys_error();
3803 if (s->s3->renegotiate)
3804 ssl3_renegotiate_check(s);
3805
57787ac8 3806 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
0f113f3e 3807 buf, len);
0f113f3e 3808}
d02b48c6 3809
5a4fbc69 3810static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
0f113f3e
MC		 3811{
3812 int ret;
3813
3814 clear_sys_error();
3815 if (s->s3->renegotiate)
3816 ssl3_renegotiate_check(s);
3817 s->s3->in_read_app_data = 1;
3818 ret =
657da85e 3819 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
0f113f3e
MC		 3820 peek);
3821 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3822 /*
3823 * ssl3_read_bytes decided to call s->handshake_func, which called
3824 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3825 * actually found application data and thinks that application data
3826 * makes sense here; so disable handshake processing and try to read
3827 * application data again.
3828 */
024f543c 3829 ossl_statem_set_in_handshake(s, 1);
0f113f3e 3830 ret =
657da85e
MC		 3831 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3832 len, peek);
024f543c 3833 ossl_statem_set_in_handshake(s, 0);
0f113f3e
MC		 3834 } else
3835 s->s3->in_read_app_data = 0;
3836
3837 return (ret);
3838}
d02b48c6 3839
5a4fbc69 3840int ssl3_read(SSL *s, void *buf, int len)
0f113f3e
MC		 3841{
3842 return ssl3_read_internal(s, buf, len, 0);
3843}
d02b48c6 3844
e34cfcf7 3845int ssl3_peek(SSL *s, void *buf, int len)
0f113f3e
MC		 3846{
3847 return ssl3_read_internal(s, buf, len, 1);
3848}
d02b48c6 3849
6b691a5c 3850int ssl3_renegotiate(SSL *s)
0f113f3e
MC		 3851{
3852 if (s->handshake_func == NULL)
3853 return (1);
d02b48c6 3854
0f113f3e
MC		 3855 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3856 return (0);
d02b48c6 3857
0f113f3e
MC		 3858 s->s3->renegotiate = 1;
3859 return (1);
3860}
d02b48c6 3861
6b691a5c 3862int ssl3_renegotiate_check(SSL *s)
0f113f3e
MC		 3863{
3864 int ret = 0;
3865
3866 if (s->s3->renegotiate) {
f161995e
MC		 3867 if (!RECORD_LAYER_read_pending(&s->rlayer)
3868 && !RECORD_LAYER_write_pending(&s->rlayer)
db9a32e7 3869 && !SSL_in_init(s)) {
0f113f3e
MC		 3870 /*
3871 * if we are the server, and we have sent a 'RENEGOTIATE'
49ae7423
MC		 3872 * message, we need to set the state machine into the renegotiate
3873 * state.
0f113f3e 3874 */
fe3a3291 3875 ossl_statem_set_renegotiate(s);
0f113f3e
MC		 3876 s->s3->renegotiate = 0;
3877 s->s3->num_renegotiations++;
3878 s->s3->total_renegotiations++;
3879 ret = 1;
3880 }
3881 }
3882 return (ret);
3883}
3884
58964a49 3885/*
0f113f3e
MC		 3886 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3887 * handshake macs if required.
12053a81
DSH		 3888 *
3889 * If PSK and using SHA384 for TLS < 1.2 switch to default.
7409d7ad
DSH		 3890 */
3891long ssl_get_algorithm2(SSL *s)
0f113f3e 3892{
52eede5a
DSH		 3893 long alg2;
3894 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
3895 return -1;
3896 alg2 = s->s3->tmp.new_cipher->algorithm2;
12053a81
DSH		 3897 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3898 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3899 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3900 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3901 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3902 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3903 }
0f113f3e
MC		 3904 return alg2;
3905}
a3680c8f
MC		 3906
3907/*
3908 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3909 * failure, 1 on success.
3910 */
3911int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
3912{
3913 int send_time = 0;
3914
3915 if (len < 4)
3916 return 0;
3917 if (server)
3918 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
3919 else
3920 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
3921 if (send_time) {
3922 unsigned long Time = (unsigned long)time(NULL);
3923 unsigned char *p = result;
3924 l2n(Time, p);
3925 return RAND_bytes(p, len - 4);
3926 } else
3927 return RAND_bytes(result, len);
3928}
57b272b0
DSH		 3929
3930int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
3931 int free_pms)
3932{
8a0a12e5
DSH		 3933 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3934 if (alg_k & SSL_PSK) {
0907d710 3935#ifndef OPENSSL_NO_PSK
8a0a12e5
DSH		 3936 unsigned char *pskpms, *t;
3937 size_t psklen = s->s3->tmp.psklen;
3938 size_t pskpmslen;
3939
3940 /* create PSK premaster_secret */
3941
3942 /* For plain PSK "other_secret" is psklen zeroes */
3943 if (alg_k & SSL_kPSK)
3944 pmslen = psklen;
3945
3946 pskpmslen = 4 + pmslen + psklen;
3947 pskpms = OPENSSL_malloc(pskpmslen);
a784665e
DSH		 3948 if (pskpms == NULL) {
3949 s->session->master_key_length = 0;
3950 goto err;
3951 }
8a0a12e5
DSH		 3952 t = pskpms;
3953 s2n(pmslen, t);
3954 if (alg_k & SSL_kPSK)
3955 memset(t, 0, pmslen);
3956 else
3957 memcpy(t, pms, pmslen);
3958 t += pmslen;
3959 s2n(psklen, t);
3960 memcpy(t, s->s3->tmp.psk, psklen);
3961
3962 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
3963 s->s3->tmp.psk = NULL;
3964 s->session->master_key_length =
3965 s->method->ssl3_enc->generate_master_secret(s,
3966 s->session->master_key,
3967 pskpms, pskpmslen);
3968 OPENSSL_clear_free(pskpms, pskpmslen);
0907d710
MC		 3969#else
3970 /* Should never happen */
3971 s->session->master_key_length = 0;
3972 goto err;
8a0a12e5 3973#endif
0907d710 3974 } else {
8a0a12e5
DSH		 3975 s->session->master_key_length =
3976 s->method->ssl3_enc->generate_master_secret(s,
3977 s->session->master_key,
3978 pms, pmslen);
0907d710
MC		 3979 }
3980
3981 err:
8a0a12e5
DSH		 3982 if (pms) {
3983 if (free_pms)
3984 OPENSSL_clear_free(pms, pmslen);
3985 else
3986 OPENSSL_cleanse(pms, pmslen);
3987 }
57b272b0
DSH		 3988 if (s->server == 0)
3989 s->s3->tmp.pms = NULL;
3990 return s->session->master_key_length >= 0;
3991}
3f3504bd 3992
0a699a07
DSH		 3993/* Generate a private key from parameters */
3994EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
3f3504bd
DSH		 3995{
3996 EVP_PKEY_CTX *pctx = NULL;
3997 EVP_PKEY *pkey = NULL;
0a699a07
DSH		 3998
3999 if (pm == NULL)
4000 return NULL;
4001 pctx = EVP_PKEY_CTX_new(pm, NULL);
4002 if (pctx == NULL)
4003 goto err;
4004 if (EVP_PKEY_keygen_init(pctx) <= 0)
4005 goto err;
4006 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4007 EVP_PKEY_free(pkey);
4008 pkey = NULL;
4009 }
4010
4011 err:
4012 EVP_PKEY_CTX_free(pctx);
4013 return pkey;
4014}
4015#ifndef OPENSSL_NO_EC
4016/* Generate a private key a curve ID */
4017EVP_PKEY *ssl_generate_pkey_curve(int id)
4018{
4019 EVP_PKEY_CTX *pctx = NULL;
4020 EVP_PKEY *pkey = NULL;
4021 unsigned int curve_flags;
4022 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4023
4024 if (nid == 0)
4025 goto err;
4026 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4027 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
ec24630a 4028 nid = 0;
3f3504bd 4029 } else {
0a699a07 4030 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3f3504bd
DSH		 4031 }
4032 if (pctx == NULL)
4033 goto err;
4034 if (EVP_PKEY_keygen_init(pctx) <= 0)
4035 goto err;
ec24630a 4036 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
3f3504bd 4037 goto err;
3f3504bd
DSH		 4038 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4039 EVP_PKEY_free(pkey);
4040 pkey = NULL;
4041 }
4042
4043 err:
4044 EVP_PKEY_CTX_free(pctx);
4045 return pkey;
4046}
0a699a07 4047#endif
3f3504bd
DSH		 4048/* Derive premaster or master secret for ECDH/DH */
4049int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4050{
4051 int rv = 0;
4052 unsigned char *pms = NULL;
4053 size_t pmslen = 0;
4054 EVP_PKEY_CTX *pctx;
4055
4056 if (privkey == NULL || pubkey == NULL)
4057 return 0;
4058
4059 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4060
4061 if (EVP_PKEY_derive_init(pctx) <= 0
4062 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4063 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4064 goto err;
4065 }
4066
4067 pms = OPENSSL_malloc(pmslen);
4068 if (pms == NULL)
4069 goto err;
4070
4071 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4072 goto err;
4073
4074 if (s->server) {
4075 /* For server generate master secret and discard premaster */
4076 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4077 pms = NULL;
4078 } else {
4079 /* For client just save premaster secret */
4080 s->s3->tmp.pms = pms;
4081 s->s3->tmp.pmslen = pmslen;
4082 pms = NULL;
4083 rv = 1;
4084 }
4085
4086 err:
4087 OPENSSL_clear_free(pms, pmslen);
4088 EVP_PKEY_CTX_free(pctx);
4089 return rv;
4090}
6c4e6670 4091
1e0784ff 4092#ifndef OPENSSL_NO_DH
6c4e6670
DSH		 4093EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4094{
4095 EVP_PKEY *ret;
4096 if (dh == NULL)
4097 return NULL;
4098 ret = EVP_PKEY_new();
4099 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
4100 EVP_PKEY_free(ret);
4101 return NULL;
4102 }
4103 return ret;
4104}
1e0784ff 4105#endif
A mirror of the official openssl repository