]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/s3_lib.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add a comment to explain the use of |num_recs|
[thirdparty/openssl.git] / ssl / s3_lib.c
CommitLineData
58964a49 1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6
RE		 2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
0f113f3e 7 *
d02b48c6
RE		 8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e 14 *
d02b48c6
RE		 15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
0f113f3e 21 *
d02b48c6
RE		 22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
0f113f3e 36 * 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6
RE		 37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e 39 *
d02b48c6
RE		 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
0f113f3e 51 *
d02b48c6
RE		 52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
5a4fbc69 57/* ====================================================================
52b8dad8 58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
5a4fbc69
BM		 59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
0f113f3e 65 * notice, this list of conditions and the following disclaimer.
5a4fbc69
BM		 66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
ea262260
BM		 110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 *
0f113f3e 113 * Portions of the attached software ("Contribution") are developed by
ea262260
BM		 114 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
115 *
116 * The Contribution is licensed pursuant to the OpenSSL open source
117 * license provided above.
118 *
ea262260
BM		 119 * ECC cipher suite support in OpenSSL originally written by
120 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
121 *
122 */
ddac1974
NL		 123/* ====================================================================
124 * Copyright 2005 Nokia. All rights reserved.
125 *
126 * The portions of the attached software ("Contribution") is developed by
127 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
128 * license.
129 *
130 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132 * support (see RFC 4279) to OpenSSL.
133 *
134 * No patent licenses or other rights except those expressly stated in
135 * the OpenSSL open source license shall be deemed granted or received
136 * expressly, by implication, estoppel, or otherwise.
137 *
138 * No assurances are provided by Nokia that the Contribution does not
139 * infringe the patent or other intellectual property rights of any third
140 * party or that the license provides you with all the necessary rights
141 * to make use of the Contribution.
142 *
143 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
147 * OTHERWISE.
148 */
d02b48c6
RE		 149
150#include <stdio.h>
ec577822 151#include <openssl/objects.h>
d02b48c6 152#include "ssl_locl.h"
dbad1690 153#include <openssl/md5.h>
3c27208f 154#include <openssl/dh.h>
a3680c8f 155#include <openssl/rand.h>
d02b48c6 156
b6eb9827 157#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
d02b48c6 158
748f2546
RS		 159/*
160 * The list of available ciphers, organized into the following
161 * groups:
162 * Always there
163 * EC
164 * PSK
165 * SRP (within that: RSA EC PSK)
166 * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
167 * Weak ciphers
168 */
169static SSL_CIPHER ssl3_ciphers[] =
170{
0f113f3e
MC		 171 {
172 1,
173 SSL3_TXT_RSA_NULL_MD5,
174 SSL3_CK_RSA_NULL_MD5,
175 SSL_kRSA,
176 SSL_aRSA,
177 SSL_eNULL,
178 SSL_MD5,
3eb2aff4
KR		 179 SSL3_VERSION, TLS1_2_VERSION,
180 DTLS1_VERSION, DTLS1_2_VERSION,
1510b5f7 181 SSL_STRONG_NONE,
0f113f3e
MC		 182 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
183 0,
184 0,
185 },
0f113f3e
MC		 186 {
187 1,
188 SSL3_TXT_RSA_NULL_SHA,
189 SSL3_CK_RSA_NULL_SHA,
190 SSL_kRSA,
191 SSL_aRSA,
192 SSL_eNULL,
193 SSL_SHA1,
3eb2aff4
KR		 194 SSL3_VERSION, TLS1_2_VERSION,
195 DTLS1_VERSION, DTLS1_2_VERSION,
1510b5f7 196 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 197 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
198 0,
199 0,
200 },
0f113f3e
MC		 201 {
202 1,
203 SSL3_TXT_RSA_DES_192_CBC3_SHA,
204 SSL3_CK_RSA_DES_192_CBC3_SHA,
205 SSL_kRSA,
206 SSL_aRSA,
207 SSL_3DES,
208 SSL_SHA1,
3eb2aff4
KR		 209 SSL3_VERSION, TLS1_2_VERSION,
210 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 211 SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 212 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
213 112,
214 168,
215 },
0f113f3e
MC		 216 {
217 1,
218 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
219 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
220 SSL_kDHE,
221 SSL_aDSS,
222 SSL_3DES,
223 SSL_SHA1,
3eb2aff4
KR		 224 SSL3_VERSION, TLS1_2_VERSION,
225 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 226 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 227 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228 112,
229 168,
230 },
0f113f3e
MC		 231 {
232 1,
233 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
234 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
235 SSL_kDHE,
236 SSL_aRSA,
237 SSL_3DES,
238 SSL_SHA1,
3eb2aff4
KR		 239 SSL3_VERSION, TLS1_2_VERSION,
240 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 241 SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 242 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
243 112,
244 168,
245 },
0f113f3e
MC		 246 {
247 1,
248 SSL3_TXT_ADH_DES_192_CBC_SHA,
249 SSL3_CK_ADH_DES_192_CBC_SHA,
250 SSL_kDHE,
251 SSL_aNULL,
252 SSL_3DES,
253 SSL_SHA1,
3eb2aff4
KR		 254 SSL3_VERSION, TLS1_2_VERSION,
255 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 256 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
258 112,
259 168,
260 },
0f113f3e
MC		 261 {
262 1,
263 TLS1_TXT_RSA_WITH_AES_128_SHA,
264 TLS1_CK_RSA_WITH_AES_128_SHA,
265 SSL_kRSA,
266 SSL_aRSA,
267 SSL_AES128,
268 SSL_SHA1,
3eb2aff4
KR		 269 SSL3_VERSION, TLS1_2_VERSION,
270 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 271 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 272 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
273 128,
274 128,
275 },
0f113f3e
MC		 276 {
277 1,
278 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
279 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
280 SSL_kDHE,
281 SSL_aDSS,
282 SSL_AES128,
283 SSL_SHA1,
3eb2aff4
KR		 284 SSL3_VERSION, TLS1_2_VERSION,
285 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 286 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
288 128,
289 128,
290 },
0f113f3e
MC		 291 {
292 1,
293 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
294 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
295 SSL_kDHE,
296 SSL_aRSA,
297 SSL_AES128,
298 SSL_SHA1,
3eb2aff4
KR		 299 SSL3_VERSION, TLS1_2_VERSION,
300 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 301 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
303 128,
304 128,
305 },
0f113f3e
MC		 306 {
307 1,
308 TLS1_TXT_ADH_WITH_AES_128_SHA,
309 TLS1_CK_ADH_WITH_AES_128_SHA,
310 SSL_kDHE,
311 SSL_aNULL,
312 SSL_AES128,
313 SSL_SHA1,
3eb2aff4
KR		 314 SSL3_VERSION, TLS1_2_VERSION,
315 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 316 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 317 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
318 128,
319 128,
320 },
0f113f3e
MC		 321 {
322 1,
323 TLS1_TXT_RSA_WITH_AES_256_SHA,
324 TLS1_CK_RSA_WITH_AES_256_SHA,
325 SSL_kRSA,
326 SSL_aRSA,
327 SSL_AES256,
328 SSL_SHA1,
3eb2aff4
KR		 329 SSL3_VERSION, TLS1_2_VERSION,
330 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 331 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 332 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
333 256,
334 256,
335 },
0f113f3e
MC		 336 {
337 1,
338 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
339 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
340 SSL_kDHE,
341 SSL_aDSS,
342 SSL_AES256,
343 SSL_SHA1,
3eb2aff4
KR		 344 SSL3_VERSION, TLS1_2_VERSION,
345 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 346 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
348 256,
349 256,
350 },
0f113f3e
MC		 351 {
352 1,
353 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
354 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
355 SSL_kDHE,
356 SSL_aRSA,
357 SSL_AES256,
358 SSL_SHA1,
3eb2aff4
KR		 359 SSL3_VERSION, TLS1_2_VERSION,
360 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 361 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 362 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
363 256,
364 256,
365 },
0f113f3e
MC		 366 {
367 1,
368 TLS1_TXT_ADH_WITH_AES_256_SHA,
369 TLS1_CK_ADH_WITH_AES_256_SHA,
370 SSL_kDHE,
371 SSL_aNULL,
372 SSL_AES256,
373 SSL_SHA1,
3eb2aff4
KR		 374 SSL3_VERSION, TLS1_2_VERSION,
375 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 376 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
378 256,
379 256,
380 },
0f113f3e
MC		 381 {
382 1,
383 TLS1_TXT_RSA_WITH_NULL_SHA256,
384 TLS1_CK_RSA_WITH_NULL_SHA256,
385 SSL_kRSA,
386 SSL_aRSA,
387 SSL_eNULL,
388 SSL_SHA256,
3eb2aff4
KR		 389 TLS1_2_VERSION, TLS1_2_VERSION,
390 DTLS1_2_VERSION, DTLS1_2_VERSION,
1510b5f7 391 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 392 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
393 0,
394 0,
395 },
0f113f3e
MC		 396 {
397 1,
398 TLS1_TXT_RSA_WITH_AES_128_SHA256,
399 TLS1_CK_RSA_WITH_AES_128_SHA256,
400 SSL_kRSA,
401 SSL_aRSA,
402 SSL_AES128,
403 SSL_SHA256,
3eb2aff4
KR		 404 TLS1_2_VERSION, TLS1_2_VERSION,
405 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 406 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 407 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
408 128,
409 128,
410 },
0f113f3e
MC		 411 {
412 1,
413 TLS1_TXT_RSA_WITH_AES_256_SHA256,
414 TLS1_CK_RSA_WITH_AES_256_SHA256,
415 SSL_kRSA,
416 SSL_aRSA,
417 SSL_AES256,
418 SSL_SHA256,
3eb2aff4
KR		 419 TLS1_2_VERSION, TLS1_2_VERSION,
420 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 421 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
423 256,
424 256,
425 },
0f113f3e
MC		 426 {
427 1,
428 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
429 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
430 SSL_kDHE,
431 SSL_aDSS,
432 SSL_AES128,
433 SSL_SHA256,
3eb2aff4
KR		 434 TLS1_2_VERSION, TLS1_2_VERSION,
435 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 436 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 437 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
438 128,
439 128,
440 },
0f113f3e
MC		 441 {
442 1,
443 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
444 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
445 SSL_kDHE,
446 SSL_aRSA,
447 SSL_AES128,
448 SSL_SHA256,
3eb2aff4
KR		 449 TLS1_2_VERSION, TLS1_2_VERSION,
450 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 451 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
453 128,
454 128,
455 },
0f113f3e
MC		 456 {
457 1,
458 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
459 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
460 SSL_kDHE,
461 SSL_aDSS,
462 SSL_AES256,
463 SSL_SHA256,
3eb2aff4
KR		 464 TLS1_2_VERSION, TLS1_2_VERSION,
465 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 466 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 467 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
468 256,
469 256,
470 },
0f113f3e
MC		 471 {
472 1,
473 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
474 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
475 SSL_kDHE,
476 SSL_aRSA,
477 SSL_AES256,
478 SSL_SHA256,
3eb2aff4
KR		 479 TLS1_2_VERSION, TLS1_2_VERSION,
480 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 481 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 482 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
483 256,
484 256,
485 },
0f113f3e
MC		 486 {
487 1,
488 TLS1_TXT_ADH_WITH_AES_128_SHA256,
489 TLS1_CK_ADH_WITH_AES_128_SHA256,
490 SSL_kDHE,
491 SSL_aNULL,
492 SSL_AES128,
493 SSL_SHA256,
3eb2aff4
KR		 494 TLS1_2_VERSION, TLS1_2_VERSION,
495 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 496 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 497 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
498 128,
499 128,
500 },
0f113f3e
MC		 501 {
502 1,
503 TLS1_TXT_ADH_WITH_AES_256_SHA256,
504 TLS1_CK_ADH_WITH_AES_256_SHA256,
505 SSL_kDHE,
506 SSL_aNULL,
507 SSL_AES256,
508 SSL_SHA256,
3eb2aff4
KR		 509 TLS1_2_VERSION, TLS1_2_VERSION,
510 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 511 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 512 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
513 256,
514 256,
515 },
0f113f3e
MC		 516 {
517 1,
748f2546
RS		 518 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
519 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
520 SSL_kRSA,
521 SSL_aRSA,
522 SSL_AES128GCM,
523 SSL_AEAD,
524 TLS1_2_VERSION, TLS1_2_VERSION,
525 DTLS1_2_VERSION, DTLS1_2_VERSION,
526 SSL_HIGH | SSL_FIPS,
527 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
528 128,
529 128,
530 },
0f113f3e
MC		 531 {
532 1,
748f2546
RS		 533 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
534 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
0f113f3e
MC		 535 SSL_kRSA,
536 SSL_aRSA,
748f2546
RS		 537 SSL_AES256GCM,
538 SSL_AEAD,
539 TLS1_2_VERSION, TLS1_2_VERSION,
540 DTLS1_2_VERSION, DTLS1_2_VERSION,
541 SSL_HIGH | SSL_FIPS,
542 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 543 256,
544 256,
545 },
0f113f3e
MC		 546 {
547 1,
748f2546
RS		 548 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
549 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
0f113f3e 550 SSL_kDHE,
748f2546
RS		 551 SSL_aRSA,
552 SSL_AES128GCM,
553 SSL_AEAD,
554 TLS1_2_VERSION, TLS1_2_VERSION,
555 DTLS1_2_VERSION, DTLS1_2_VERSION,
556 SSL_HIGH | SSL_FIPS,
557 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
558 128,
559 128,
0f113f3e 560 },
0f113f3e
MC		 561 {
562 1,
748f2546
RS		 563 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
564 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
0f113f3e
MC		 565 SSL_kDHE,
566 SSL_aRSA,
748f2546
RS		 567 SSL_AES256GCM,
568 SSL_AEAD,
569 TLS1_2_VERSION, TLS1_2_VERSION,
570 DTLS1_2_VERSION, DTLS1_2_VERSION,
571 SSL_HIGH | SSL_FIPS,
572 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 573 256,
574 256,
575 },
0f113f3e
MC		 576 {
577 1,
748f2546
RS		 578 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
579 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
0f113f3e 580 SSL_kDHE,
748f2546
RS		 581 SSL_aDSS,
582 SSL_AES128GCM,
583 SSL_AEAD,
584 TLS1_2_VERSION, TLS1_2_VERSION,
585 DTLS1_2_VERSION, DTLS1_2_VERSION,
586 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
587 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 588 128,
589 128,
590 },
0f113f3e
MC		 591 {
592 1,
748f2546
RS		 593 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
594 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
595 SSL_kDHE,
596 SSL_aDSS,
597 SSL_AES256GCM,
598 SSL_AEAD,
599 TLS1_2_VERSION, TLS1_2_VERSION,
600 DTLS1_2_VERSION, DTLS1_2_VERSION,
601 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
602 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
603 256,
604 256,
0f113f3e 605 },
0f113f3e
MC		 606 {
607 1,
748f2546
RS		 608 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
609 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
610 SSL_kDHE,
611 SSL_aNULL,
612 SSL_AES128GCM,
613 SSL_AEAD,
614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
616 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 618 128,
619 128,
620 },
0f113f3e
MC		 621 {
622 1,
748f2546
RS		 623 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
624 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
625 SSL_kDHE,
626 SSL_aNULL,
627 SSL_AES256GCM,
628 SSL_AEAD,
629 TLS1_2_VERSION, TLS1_2_VERSION,
630 DTLS1_2_VERSION, DTLS1_2_VERSION,
631 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
632 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 633 256,
634 256,
635 },
ea6114c6
DSH		 636 {
637 1,
748f2546
RS		 638 TLS1_TXT_RSA_WITH_AES_128_CCM,
639 TLS1_CK_RSA_WITH_AES_128_CCM,
640 SSL_kRSA,
641 SSL_aRSA,
642 SSL_AES128CCM,
643 SSL_AEAD,
644 TLS1_2_VERSION, TLS1_2_VERSION,
645 DTLS1_2_VERSION, DTLS1_2_VERSION,
646 SSL_NOT_DEFAULT | SSL_HIGH,
647 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 648 128,
649 128,
650 },
ea6114c6
DSH		 651 {
652 1,
748f2546
RS		 653 TLS1_TXT_RSA_WITH_AES_256_CCM,
654 TLS1_CK_RSA_WITH_AES_256_CCM,
655 SSL_kRSA,
656 SSL_aRSA,
657 SSL_AES256CCM,
658 SSL_AEAD,
659 TLS1_2_VERSION, TLS1_2_VERSION,
660 DTLS1_2_VERSION, DTLS1_2_VERSION,
661 SSL_NOT_DEFAULT | SSL_HIGH,
662 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
663 256,
664 256,
ea6114c6 665 },
ea6114c6
DSH		 666 {
667 1,
748f2546
RS		 668 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
669 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
670 SSL_kDHE,
671 SSL_aRSA,
672 SSL_AES128CCM,
673 SSL_AEAD,
674 TLS1_2_VERSION, TLS1_2_VERSION,
675 DTLS1_2_VERSION, DTLS1_2_VERSION,
676 SSL_NOT_DEFAULT | SSL_HIGH,
677 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 678 128,
679 128,
680 },
ea6114c6
DSH		 681 {
682 1,
748f2546
RS		 683 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
684 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
685 SSL_kDHE,
686 SSL_aRSA,
687 SSL_AES256CCM,
688 SSL_AEAD,
689 TLS1_2_VERSION, TLS1_2_VERSION,
690 DTLS1_2_VERSION, DTLS1_2_VERSION,
691 SSL_NOT_DEFAULT | SSL_HIGH,
692 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 693 256,
694 256,
695 },
ea6114c6
DSH		 696 {
697 1,
748f2546
RS		 698 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
699 TLS1_CK_RSA_WITH_AES_128_CCM_8,
700 SSL_kRSA,
ea6114c6 701 SSL_aRSA,
748f2546 702 SSL_AES128CCM8,
0f113f3e 703 SSL_AEAD,
3eb2aff4
KR		 704 TLS1_2_VERSION, TLS1_2_VERSION,
705 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 706 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 707 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
708 128,
709 128,
710 },
0f113f3e
MC		 711 {
712 1,
748f2546
RS		 713 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
714 TLS1_CK_RSA_WITH_AES_256_CCM_8,
0f113f3e
MC		 715 SSL_kRSA,
716 SSL_aRSA,
748f2546 717 SSL_AES256CCM8,
0f113f3e 718 SSL_AEAD,
3eb2aff4
KR		 719 TLS1_2_VERSION, TLS1_2_VERSION,
720 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 721 SSL_NOT_DEFAULT | SSL_HIGH,
722 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 723 256,
724 256,
725 },
0f113f3e
MC		 726 {
727 1,
748f2546
RS		 728 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
729 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
0f113f3e
MC		 730 SSL_kDHE,
731 SSL_aRSA,
748f2546 732 SSL_AES128CCM8,
0f113f3e 733 SSL_AEAD,
3eb2aff4
KR		 734 TLS1_2_VERSION, TLS1_2_VERSION,
735 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 736 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 737 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
738 128,
739 128,
740 },
0f113f3e
MC		 741 {
742 1,
748f2546
RS		 743 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
744 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
0f113f3e
MC		 745 SSL_kDHE,
746 SSL_aRSA,
748f2546 747 SSL_AES256CCM8,
0f113f3e 748 SSL_AEAD,
3eb2aff4
KR		 749 TLS1_2_VERSION, TLS1_2_VERSION,
750 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 751 SSL_NOT_DEFAULT | SSL_HIGH,
752 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 753 256,
754 256,
755 },
0f113f3e
MC		 756 {
757 1,
748f2546
RS		 758 TLS1_TXT_PSK_WITH_AES_128_CCM,
759 TLS1_CK_PSK_WITH_AES_128_CCM,
760 SSL_kPSK,
761 SSL_aPSK,
762 SSL_AES128CCM,
0f113f3e 763 SSL_AEAD,
3eb2aff4
KR		 764 TLS1_2_VERSION, TLS1_2_VERSION,
765 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 766 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 767 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
768 128,
769 128,
770 },
0f113f3e
MC		 771 {
772 1,
748f2546
RS		 773 TLS1_TXT_PSK_WITH_AES_256_CCM,
774 TLS1_CK_PSK_WITH_AES_256_CCM,
775 SSL_kPSK,
776 SSL_aPSK,
777 SSL_AES256CCM,
0f113f3e 778 SSL_AEAD,
3eb2aff4
KR		 779 TLS1_2_VERSION, TLS1_2_VERSION,
780 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 781 SSL_NOT_DEFAULT | SSL_HIGH,
782 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 783 256,
784 256,
785 },
0f113f3e
MC		 786 {
787 1,
748f2546
RS		 788 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
789 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
790 SSL_kDHEPSK,
791 SSL_aPSK,
792 SSL_AES128CCM,
0f113f3e 793 SSL_AEAD,
3eb2aff4
KR		 794 TLS1_2_VERSION, TLS1_2_VERSION,
795 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 796 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 797 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
798 128,
799 128,
800 },
0f113f3e
MC		 801 {
802 1,
748f2546
RS		 803 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
804 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
805 SSL_kDHEPSK,
806 SSL_aPSK,
807 SSL_AES256CCM,
0f113f3e 808 SSL_AEAD,
3eb2aff4
KR		 809 TLS1_2_VERSION, TLS1_2_VERSION,
810 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 811 SSL_NOT_DEFAULT | SSL_HIGH,
812 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 813 256,
814 256,
815 },
547dba74
DSH		 816 {
817 1,
748f2546
RS		 818 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
819 TLS1_CK_PSK_WITH_AES_128_CCM_8,
547dba74
DSH		 820 SSL_kPSK,
821 SSL_aPSK,
748f2546 822 SSL_AES128CCM8,
547dba74 823 SSL_AEAD,
3eb2aff4
KR		 824 TLS1_2_VERSION, TLS1_2_VERSION,
825 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 826 SSL_NOT_DEFAULT | SSL_HIGH,
547dba74
DSH		 827 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
828 128,
829 128,
830 },
547dba74
DSH		 831 {
832 1,
748f2546
RS		 833 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
834 TLS1_CK_PSK_WITH_AES_256_CCM_8,
547dba74
DSH		 835 SSL_kPSK,
836 SSL_aPSK,
748f2546 837 SSL_AES256CCM8,
547dba74 838 SSL_AEAD,
3eb2aff4
KR		 839 TLS1_2_VERSION, TLS1_2_VERSION,
840 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 841 SSL_NOT_DEFAULT | SSL_HIGH,
842 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
547dba74
DSH		 843 256,
844 256,
845 },
ea6114c6
DSH		 846 {
847 1,
748f2546
RS		 848 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
849 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
ea6114c6
DSH		 850 SSL_kDHEPSK,
851 SSL_aPSK,
748f2546 852 SSL_AES128CCM8,
ea6114c6 853 SSL_AEAD,
3eb2aff4
KR		 854 TLS1_2_VERSION, TLS1_2_VERSION,
855 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 856 SSL_NOT_DEFAULT | SSL_HIGH,
ea6114c6
DSH		 857 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
858 128,
859 128,
860 },
ea6114c6
DSH		 861 {
862 1,
748f2546
RS		 863 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
864 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
865 SSL_kDHEPSK,
ea6114c6 866 SSL_aPSK,
748f2546 867 SSL_AES256CCM8,
ea6114c6 868 SSL_AEAD,
3eb2aff4
KR		 869 TLS1_2_VERSION, TLS1_2_VERSION,
870 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 871 SSL_NOT_DEFAULT | SSL_HIGH,
872 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 873 256,
874 256,
875 },
ea6114c6
DSH		 876 {
877 1,
748f2546
RS		 878 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
879 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
880 SSL_kECDHE,
881 SSL_aECDSA,
882 SSL_AES128CCM,
ea6114c6 883 SSL_AEAD,
3eb2aff4
KR		 884 TLS1_2_VERSION, TLS1_2_VERSION,
885 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 886 SSL_NOT_DEFAULT | SSL_HIGH,
ea6114c6
DSH		 887 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
888 128,
889 128,
890 },
ea6114c6
DSH		 891 {
892 1,
748f2546
RS		 893 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
894 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
895 SSL_kECDHE,
896 SSL_aECDSA,
897 SSL_AES256CCM,
ea6114c6 898 SSL_AEAD,
3eb2aff4
KR		 899 TLS1_2_VERSION, TLS1_2_VERSION,
900 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 901 SSL_NOT_DEFAULT | SSL_HIGH,
902 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 903 256,
904 256,
905 },
ea6114c6
DSH		 906 {
907 1,
748f2546
RS		 908 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
909 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
910 SSL_kECDHE,
911 SSL_aECDSA,
912 SSL_AES128CCM8,
913 SSL_AEAD,
914 TLS1_2_VERSION, TLS1_2_VERSION,
915 DTLS1_2_VERSION, DTLS1_2_VERSION,
916 SSL_NOT_DEFAULT | SSL_HIGH,
917 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 918 128,
919 128,
920 },
ea6114c6
DSH		 921 {
922 1,
748f2546
RS		 923 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
924 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
925 SSL_kECDHE,
926 SSL_aECDSA,
927 SSL_AES256CCM8,
928 SSL_AEAD,
929 TLS1_2_VERSION, TLS1_2_VERSION,
930 DTLS1_2_VERSION, DTLS1_2_VERSION,
931 SSL_NOT_DEFAULT | SSL_HIGH,
932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 933 256,
934 256,
935 },
936
748f2546 937#ifndef OPENSSL_NO_EC
ea6114c6
DSH		 938 {
939 1,
748f2546
RS		 940 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
941 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
942 SSL_kECDHE,
943 SSL_aECDSA,
ea6114c6 944 SSL_eNULL,
748f2546
RS		 945 SSL_SHA1,
946 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 947 DTLS1_VERSION, DTLS1_2_VERSION,
1510b5f7 948 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 949 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
950 0,
951 0,
952 },
ea6114c6
DSH		 953 {
954 1,
748f2546
RS		 955 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
956 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
957 SSL_kECDHE,
958 SSL_aECDSA,
959 SSL_3DES,
960 SSL_SHA1,
961 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 962 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 963 SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 964 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
965 112,
966 168,
ea6114c6 967 },
ea6114c6
DSH		 968 {
969 1,
748f2546
RS		 970 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
971 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
972 SSL_kECDHE,
973 SSL_aECDSA,
ea6114c6 974 SSL_AES128,
748f2546
RS		 975 SSL_SHA1,
976 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 977 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 978 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 979 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
980 128,
981 128,
982 },
ea6114c6
DSH		 983 {
984 1,
748f2546
RS		 985 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
986 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
987 SSL_kECDHE,
988 SSL_aECDSA,
ea6114c6 989 SSL_AES256,
748f2546
RS		 990 SSL_SHA1,
991 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 992 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 993 SSL_HIGH | SSL_FIPS,
748f2546 994 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
ea6114c6
DSH		 995 256,
996 256,
997 },
ea6114c6
DSH		 998 {
999 1,
748f2546
RS		 1000 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1001 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1002 SSL_kECDHE,
1003 SSL_aRSA,
ea6114c6 1004 SSL_eNULL,
748f2546
RS		 1005 SSL_SHA1,
1006 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 1007 DTLS1_VERSION, DTLS1_2_VERSION,
1510b5f7 1008 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1009 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1010 0,
1011 0,
1012 },
ea6114c6
DSH		 1013 {
1014 1,
748f2546
RS		 1015 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1016 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1017 SSL_kECDHE,
1018 SSL_aRSA,
1019 SSL_3DES,
1020 SSL_SHA1,
1021 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 1022 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 1023 SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 1024 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1025 112,
1026 168,
ea6114c6 1027 },
ea6114c6
DSH		 1028 {
1029 1,
748f2546
RS		 1030 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1031 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1032 SSL_kECDHE,
ea6114c6
DSH		 1033 SSL_aRSA,
1034 SSL_AES128,
748f2546
RS		 1035 SSL_SHA1,
1036 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 1037 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1038 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1039 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1040 128,
1041 128,
1042 },
ea6114c6
DSH		 1043 {
1044 1,
748f2546
RS		 1045 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1046 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1047 SSL_kECDHE,
ea6114c6
DSH		 1048 SSL_aRSA,
1049 SSL_AES256,
748f2546
RS		 1050 SSL_SHA1,
1051 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 1052 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1053 SSL_HIGH | SSL_FIPS,
748f2546 1054 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
ea6114c6
DSH		 1055 256,
1056 256,
1057 },
ea6114c6
DSH		 1058 {
1059 1,
748f2546
RS		 1060 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1061 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1062 SSL_kECDHE,
1063 SSL_aNULL,
ea6114c6 1064 SSL_eNULL,
748f2546
RS		 1065 SSL_SHA1,
1066 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 1067 DTLS1_VERSION, DTLS1_2_VERSION,
1510b5f7 1068 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1069 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1070 0,
1071 0,
1072 },
ea6114c6
DSH		 1073 {
1074 1,
748f2546
RS		 1075 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1076 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1077 SSL_kECDHE,
1078 SSL_aNULL,
1079 SSL_3DES,
1080 SSL_SHA1,
1081 SSL3_VERSION, TLS1_2_VERSION,
3eb2aff4 1082 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 1083 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 1084 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1085 112,
1086 168,
ea6114c6 1087 },
0f113f3e
MC		 1088 {
1089 1,
748f2546
RS		 1090 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1091 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1092 SSL_kECDHE,
1093 SSL_aNULL,
1094 SSL_AES128,
1095 SSL_SHA1,
1096 SSL3_VERSION, TLS1_2_VERSION,
1097 DTLS1_VERSION, DTLS1_2_VERSION,
1098 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1099 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1100 128,
1101 128,
1102 },
0f113f3e
MC		 1103 {
1104 1,
748f2546
RS		 1105 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1106 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1107 SSL_kECDHE,
1108 SSL_aNULL,
1109 SSL_AES256,
1110 SSL_SHA1,
1111 SSL3_VERSION, TLS1_2_VERSION,
1112 DTLS1_VERSION, DTLS1_2_VERSION,
1113 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1114 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1115 256,
1116 256,
1117 },
1118 {
1119 1,
1120 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1121 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1122 SSL_kECDHE,
1123 SSL_aECDSA,
1124 SSL_AES128,
0f113f3e 1125 SSL_SHA256,
3eb2aff4
KR		 1126 TLS1_2_VERSION, TLS1_2_VERSION,
1127 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1128 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1129 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1130 128,
1131 128,
1132 },
0f113f3e
MC		 1133 {
1134 1,
748f2546
RS		 1135 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1136 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1137 SSL_kECDHE,
1138 SSL_aECDSA,
1139 SSL_AES256,
1140 SSL_SHA384,
3eb2aff4
KR		 1141 TLS1_2_VERSION, TLS1_2_VERSION,
1142 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1143 SSL_HIGH | SSL_FIPS,
1144 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1145 256,
1146 256,
0f113f3e 1147 },
0f113f3e
MC		 1148 {
1149 1,
748f2546
RS		 1150 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1151 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1152 SSL_kECDHE,
1153 SSL_aRSA,
1154 SSL_AES128,
0f113f3e 1155 SSL_SHA256,
3eb2aff4
KR		 1156 TLS1_2_VERSION, TLS1_2_VERSION,
1157 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1158 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1159 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1160 128,
1161 128,
1162 },
0f113f3e
MC		 1163 {
1164 1,
748f2546
RS		 1165 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1166 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1167 SSL_kECDHE,
0f113f3e 1168 SSL_aRSA,
748f2546
RS		 1169 SSL_AES256,
1170 SSL_SHA384,
3eb2aff4
KR		 1171 TLS1_2_VERSION, TLS1_2_VERSION,
1172 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1173 SSL_HIGH | SSL_FIPS,
1174 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1175 256,
1176 256,
1177 },
0f113f3e
MC		 1178 {
1179 1,
748f2546
RS		 1180 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1181 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1182 SSL_kECDHE,
1183 SSL_aECDSA,
1184 SSL_AES128GCM,
1185 SSL_AEAD,
3eb2aff4
KR		 1186 TLS1_2_VERSION, TLS1_2_VERSION,
1187 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1188 SSL_HIGH | SSL_FIPS,
0f113f3e 1189 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
748f2546
RS		 1190 128,
1191 128,
1192 },
1193 {
1194 1,
1195 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1196 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1197 SSL_kECDHE,
1198 SSL_aECDSA,
1199 SSL_AES256GCM,
1200 SSL_AEAD,
1201 TLS1_2_VERSION, TLS1_2_VERSION,
1202 DTLS1_2_VERSION, DTLS1_2_VERSION,
1203 SSL_HIGH | SSL_FIPS,
1204 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1205 256,
1206 256,
1207 },
0f113f3e
MC		 1208 {
1209 1,
748f2546
RS		 1210 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1211 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1212 SSL_kECDHE,
0f113f3e 1213 SSL_aRSA,
748f2546
RS		 1214 SSL_AES128GCM,
1215 SSL_AEAD,
3eb2aff4
KR		 1216 TLS1_2_VERSION, TLS1_2_VERSION,
1217 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1218 SSL_HIGH | SSL_FIPS,
0f113f3e 1219 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
748f2546
RS		 1220 128,
1221 128,
0f113f3e 1222 },
0f113f3e
MC		 1223 {
1224 1,
748f2546
RS		 1225 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1226 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1227 SSL_kECDHE,
1228 SSL_aRSA,
1229 SSL_AES256GCM,
1230 SSL_AEAD,
3eb2aff4
KR		 1231 TLS1_2_VERSION, TLS1_2_VERSION,
1232 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1233 SSL_HIGH | SSL_FIPS,
1234 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1235 256,
1236 256,
1237 },
748f2546 1238#endif /* OPENSSL_NO_EC */
0f113f3e 1239
748f2546 1240#ifndef OPENSSL_NO_PSK
0f113f3e
MC		 1241 {
1242 1,
748f2546
RS		 1243 TLS1_TXT_PSK_WITH_NULL_SHA,
1244 TLS1_CK_PSK_WITH_NULL_SHA,
1245 SSL_kPSK,
1246 SSL_aPSK,
0f113f3e
MC		 1247 SSL_eNULL,
1248 SSL_SHA1,
3eb2aff4
KR		 1249 SSL3_VERSION, TLS1_2_VERSION,
1250 DTLS1_VERSION, DTLS1_2_VERSION,
1510b5f7 1251 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 1252 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1253 0,
1254 0,
1255 },
0f113f3e
MC		 1256 {
1257 1,
748f2546
RS		 1258 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1259 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1260 SSL_kDHEPSK,
1261 SSL_aPSK,
1262 SSL_eNULL,
0f113f3e 1263 SSL_SHA1,
3eb2aff4 1264 SSL3_VERSION, TLS1_2_VERSION,
748f2546
RS		 1265 DTLS1_VERSION, DTLS1_2_VERSION,
1266 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1267 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1268 0,
1269 0,
0f113f3e 1270 },
0f113f3e
MC		 1271 {
1272 1,
748f2546
RS		 1273 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1274 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1275 SSL_kRSAPSK,
1276 SSL_aRSA,
1277 SSL_eNULL,
1278 SSL_SHA1,
1279 SSL3_VERSION, TLS1_2_VERSION,
1280 DTLS1_VERSION, DTLS1_2_VERSION,
1281 SSL_STRONG_NONE | SSL_FIPS,
1282 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1283 0,
1284 0,
1285 },
1286 {
1287 1,
1288 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1289 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1290 SSL_kPSK,
1291 SSL_aPSK,
0f113f3e
MC		 1292 SSL_3DES,
1293 SSL_SHA1,
3eb2aff4
KR		 1294 SSL3_VERSION, TLS1_2_VERSION,
1295 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 1296 SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 1297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1298 112,
1299 168,
1300 },
0f113f3e
MC		 1301 {
1302 1,
748f2546
RS		 1303 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1304 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1305 SSL_kPSK,
1306 SSL_aPSK,
0f113f3e
MC		 1307 SSL_AES128,
1308 SSL_SHA1,
3eb2aff4
KR		 1309 SSL3_VERSION, TLS1_2_VERSION,
1310 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1311 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1312 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1313 128,
1314 128,
1315 },
0f113f3e
MC		 1316 {
1317 1,
748f2546
RS		 1318 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1319 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1320 SSL_kPSK,
1321 SSL_aPSK,
0f113f3e
MC		 1322 SSL_AES256,
1323 SSL_SHA1,
3eb2aff4
KR		 1324 SSL3_VERSION, TLS1_2_VERSION,
1325 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1326 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1327 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1328 256,
1329 256,
1330 },
0f113f3e
MC		 1331 {
1332 1,
748f2546
RS		 1333 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1334 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1335 SSL_kDHEPSK,
1336 SSL_aPSK,
1337 SSL_3DES,
0f113f3e 1338 SSL_SHA1,
3eb2aff4
KR		 1339 SSL3_VERSION, TLS1_2_VERSION,
1340 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 1341 SSL_MEDIUM | SSL_FIPS,
0f113f3e 1342 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1343 112,
1344 168,
0f113f3e 1345 },
0f113f3e
MC		 1346 {
1347 1,
748f2546
RS		 1348 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1349 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1350 SSL_kDHEPSK,
1351 SSL_aPSK,
1352 SSL_AES128,
1353 SSL_SHA1,
1354 SSL3_VERSION, TLS1_2_VERSION,
1355 DTLS1_VERSION, DTLS1_2_VERSION,
1356 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1358 128,
1359 128,
1360 },
0f113f3e
MC		 1361 {
1362 1,
748f2546
RS		 1363 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1364 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1365 SSL_kDHEPSK,
1366 SSL_aPSK,
1367 SSL_AES256,
1368 SSL_SHA1,
1369 SSL3_VERSION, TLS1_2_VERSION,
1370 DTLS1_VERSION, DTLS1_2_VERSION,
1371 SSL_HIGH | SSL_FIPS,
1372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1373 256,
1374 256,
1375 },
1376 {
1377 1,
1378 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1379 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1380 SSL_kRSAPSK,
0f113f3e
MC		 1381 SSL_aRSA,
1382 SSL_3DES,
1383 SSL_SHA1,
3eb2aff4
KR		 1384 SSL3_VERSION, TLS1_2_VERSION,
1385 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 1386 SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 1387 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1388 112,
1389 168,
1390 },
0f113f3e
MC		 1391 {
1392 1,
748f2546
RS		 1393 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1394 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1395 SSL_kRSAPSK,
0f113f3e
MC		 1396 SSL_aRSA,
1397 SSL_AES128,
1398 SSL_SHA1,
3eb2aff4
KR		 1399 SSL3_VERSION, TLS1_2_VERSION,
1400 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1401 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1403 128,
1404 128,
1405 },
0f113f3e
MC		 1406 {
1407 1,
748f2546
RS		 1408 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1410 SSL_kRSAPSK,
0f113f3e
MC		 1411 SSL_aRSA,
1412 SSL_AES256,
1413 SSL_SHA1,
3eb2aff4
KR		 1414 SSL3_VERSION, TLS1_2_VERSION,
1415 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1416 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1417 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1418 256,
1419 256,
1420 },
0f113f3e
MC		 1421 {
1422 1,
748f2546
RS		 1423 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1424 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1425 SSL_kPSK,
1426 SSL_aPSK,
1427 SSL_AES128GCM,
1428 SSL_AEAD,
1429 TLS1_2_VERSION, TLS1_2_VERSION,
1430 DTLS1_2_VERSION, DTLS1_2_VERSION,
1431 SSL_HIGH | SSL_FIPS,
1432 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 1433 128,
1434 128,
1435 },
0f113f3e
MC		 1436 {
1437 1,
748f2546
RS		 1438 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1439 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1440 SSL_kPSK,
1441 SSL_aPSK,
1442 SSL_AES256GCM,
1443 SSL_AEAD,
1444 TLS1_2_VERSION, TLS1_2_VERSION,
1445 DTLS1_2_VERSION, DTLS1_2_VERSION,
1446 SSL_HIGH | SSL_FIPS,
1447 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1448 256,
1449 256,
0f113f3e 1450 },
0f113f3e
MC		 1451 {
1452 1,
748f2546
RS		 1453 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1454 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1455 SSL_kDHEPSK,
1456 SSL_aPSK,
1457 SSL_AES128GCM,
1458 SSL_AEAD,
1459 TLS1_2_VERSION, TLS1_2_VERSION,
1460 DTLS1_2_VERSION, DTLS1_2_VERSION,
1461 SSL_HIGH | SSL_FIPS,
1462 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 1463 128,
1464 128,
1465 },
0f113f3e
MC		 1466 {
1467 1,
748f2546
RS		 1468 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1469 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1470 SSL_kDHEPSK,
1471 SSL_aPSK,
1472 SSL_AES256GCM,
1473 SSL_AEAD,
1474 TLS1_2_VERSION, TLS1_2_VERSION,
1475 DTLS1_2_VERSION, DTLS1_2_VERSION,
1476 SSL_HIGH | SSL_FIPS,
1477 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1478 256,
1479 256,
1480 },
0f113f3e
MC		 1481 {
1482 1,
748f2546
RS		 1483 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1484 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1485 SSL_kRSAPSK,
0f113f3e 1486 SSL_aRSA,
748f2546
RS		 1487 SSL_AES128GCM,
1488 SSL_AEAD,
1489 TLS1_2_VERSION, TLS1_2_VERSION,
1490 DTLS1_2_VERSION, DTLS1_2_VERSION,
1491 SSL_HIGH | SSL_FIPS,
1492 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1493 128,
1494 128,
0f113f3e 1495 },
0f113f3e
MC		 1496 {
1497 1,
748f2546
RS		 1498 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1499 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1500 SSL_kRSAPSK,
1501 SSL_aRSA,
1502 SSL_AES256GCM,
1503 SSL_AEAD,
1504 TLS1_2_VERSION, TLS1_2_VERSION,
1505 DTLS1_2_VERSION, DTLS1_2_VERSION,
1506 SSL_HIGH | SSL_FIPS,
1507 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1508 256,
1509 256,
0f113f3e 1510 },
0f113f3e
MC		 1511 {
1512 1,
748f2546
RS		 1513 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1514 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1515 SSL_kPSK,
1516 SSL_aPSK,
0f113f3e 1517 SSL_AES128,
748f2546
RS		 1518 SSL_SHA256,
1519 TLS1_VERSION, TLS1_2_VERSION,
3eb2aff4 1520 DTLS1_VERSION, DTLS1_2_VERSION,
748f2546 1521 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1522 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1523 128,
1524 128,
1525 },
0f113f3e
MC		 1526 {
1527 1,
748f2546
RS		 1528 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1529 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1530 SSL_kPSK,
1531 SSL_aPSK,
1532 SSL_AES256,
1533 SSL_SHA384,
1534 TLS1_VERSION, TLS1_2_VERSION,
3eb2aff4 1535 DTLS1_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1536 SSL_HIGH | SSL_FIPS,
1537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1538 256,
1539 256,
0f113f3e 1540 },
0f113f3e
MC		 1541 {
1542 1,
748f2546
RS		 1543 TLS1_TXT_PSK_WITH_NULL_SHA256,
1544 TLS1_CK_PSK_WITH_NULL_SHA256,
1545 SSL_kPSK,
1546 SSL_aPSK,
1547 SSL_eNULL,
1548 SSL_SHA256,
1549 TLS1_VERSION, TLS1_2_VERSION,
3eb2aff4 1550 DTLS1_VERSION, DTLS1_2_VERSION,
748f2546 1551 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1552 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1553 0,
1554 0,
0f113f3e 1555 },
0f113f3e
MC		 1556 {
1557 1,
748f2546
RS		 1558 TLS1_TXT_PSK_WITH_NULL_SHA384,
1559 TLS1_CK_PSK_WITH_NULL_SHA384,
1560 SSL_kPSK,
1561 SSL_aPSK,
1562 SSL_eNULL,
1563 SSL_SHA384,
1564 TLS1_VERSION, TLS1_2_VERSION,
3eb2aff4 1565 DTLS1_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1566 SSL_STRONG_NONE | SSL_FIPS,
1567 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1568 0,
1569 0,
0f113f3e 1570 },
0f113f3e
MC		 1571 {
1572 1,
748f2546
RS		 1573 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1574 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1575 SSL_kDHEPSK,
1576 SSL_aPSK,
1577 SSL_AES128,
1578 SSL_SHA256,
1579 TLS1_VERSION, TLS1_2_VERSION,
3eb2aff4 1580 DTLS1_VERSION, DTLS1_2_VERSION,
748f2546 1581 SSL_HIGH | SSL_FIPS,
0f113f3e 1582 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1583 128,
1584 128,
0f113f3e 1585 },
0f113f3e
MC		 1586 {
1587 1,
748f2546
RS		 1588 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1589 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1590 SSL_kDHEPSK,
1591 SSL_aPSK,
0f113f3e 1592 SSL_AES256,
748f2546
RS		 1593 SSL_SHA384,
1594 TLS1_VERSION, TLS1_2_VERSION,
3eb2aff4 1595 DTLS1_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1596 SSL_HIGH | SSL_FIPS,
1597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1598 256,
1599 256,
1600 },
0f113f3e
MC		 1601 {
1602 1,
748f2546
RS		 1603 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1604 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1605 SSL_kDHEPSK,
1606 SSL_aPSK,
1607 SSL_eNULL,
0f113f3e 1608 SSL_SHA256,
748f2546
RS		 1609 TLS1_VERSION, TLS1_2_VERSION,
1610 DTLS1_VERSION, DTLS1_2_VERSION,
1611 SSL_STRONG_NONE | SSL_FIPS,
1612 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1613 0,
1614 0,
0f113f3e 1615 },
0f113f3e
MC		 1616 {
1617 1,
748f2546
RS		 1618 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1619 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1620 SSL_kDHEPSK,
1621 SSL_aPSK,
1622 SSL_eNULL,
0f113f3e 1623 SSL_SHA384,
748f2546
RS		 1624 TLS1_VERSION, TLS1_2_VERSION,
1625 DTLS1_VERSION, DTLS1_2_VERSION,
1626 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1627 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
748f2546
RS		 1628 0,
1629 0,
0f113f3e 1630 },
0f113f3e
MC		 1631 {
1632 1,
748f2546
RS		 1633 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1635 SSL_kRSAPSK,
0f113f3e
MC		 1636 SSL_aRSA,
1637 SSL_AES128,
1638 SSL_SHA256,
748f2546
RS		 1639 TLS1_VERSION, TLS1_2_VERSION,
1640 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1641 SSL_HIGH | SSL_FIPS,
748f2546 1642 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0f113f3e
MC		 1643 128,
1644 128,
1645 },
0f113f3e
MC		 1646 {
1647 1,
748f2546
RS		 1648 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1649 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1650 SSL_kRSAPSK,
0f113f3e
MC		 1651 SSL_aRSA,
1652 SSL_AES256,
1653 SSL_SHA384,
748f2546
RS		 1654 TLS1_VERSION, TLS1_2_VERSION,
1655 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1656 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1657 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1658 256,
1659 256,
1660 },
0f113f3e
MC		 1661 {
1662 1,
748f2546
RS		 1663 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1664 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1665 SSL_kRSAPSK,
0f113f3e 1666 SSL_aRSA,
748f2546
RS		 1667 SSL_eNULL,
1668 SSL_SHA256,
1669 TLS1_VERSION, TLS1_2_VERSION,
1670 DTLS1_VERSION, DTLS1_2_VERSION,
1671 SSL_STRONG_NONE | SSL_FIPS,
1672 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1673 0,
1674 0,
0f113f3e 1675 },
0f113f3e
MC		 1676 {
1677 1,
748f2546
RS		 1678 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1679 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1680 SSL_kRSAPSK,
0f113f3e 1681 SSL_aRSA,
748f2546
RS		 1682 SSL_eNULL,
1683 SSL_SHA384,
1684 TLS1_VERSION, TLS1_2_VERSION,
1685 DTLS1_VERSION, DTLS1_2_VERSION,
1686 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1687 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
748f2546
RS		 1688 0,
1689 0,
ea6114c6 1690 },
748f2546 1691# ifndef OPENSSL_NO_EC
ea6114c6
DSH		 1692 {
1693 1,
1694 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1695 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1696 SSL_kECDHEPSK,
1697 SSL_aPSK,
1698 SSL_3DES,
1699 SSL_SHA1,
3eb2aff4
KR		 1700 SSL3_VERSION, TLS1_2_VERSION,
1701 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 1702 SSL_MEDIUM | SSL_FIPS,
ea6114c6
DSH		 1703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1704 112,
1705 168,
1706 },
ea6114c6
DSH		 1707 {
1708 1,
1709 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1710 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1711 SSL_kECDHEPSK,
1712 SSL_aPSK,
1713 SSL_AES128,
1714 SSL_SHA1,
3eb2aff4
KR		 1715 SSL3_VERSION, TLS1_2_VERSION,
1716 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1717 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1718 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1719 128,
1720 128,
1721 },
ea6114c6
DSH		 1722 {
1723 1,
1724 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1725 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1726 SSL_kECDHEPSK,
1727 SSL_aPSK,
1728 SSL_AES256,
1729 SSL_SHA1,
3eb2aff4
KR		 1730 SSL3_VERSION, TLS1_2_VERSION,
1731 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1732 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1733 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1734 256,
1735 256,
1736 },
ea6114c6
DSH		 1737 {
1738 1,
1739 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1740 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1741 SSL_kECDHEPSK,
1742 SSL_aPSK,
1743 SSL_AES128,
1744 SSL_SHA256,
3eb2aff4
KR		 1745 TLS1_VERSION, TLS1_2_VERSION,
1746 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1747 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1748 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1749 128,
1750 128,
1751 },
ea6114c6
DSH		 1752 {
1753 1,
1754 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1755 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1756 SSL_kECDHEPSK,
1757 SSL_aPSK,
1758 SSL_AES256,
1759 SSL_SHA384,
3eb2aff4
KR		 1760 TLS1_VERSION, TLS1_2_VERSION,
1761 DTLS1_VERSION, DTLS1_2_VERSION,
361a1191 1762 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1763 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1764 256,
1765 256,
1766 },
ea6114c6
DSH		 1767 {
1768 1,
1769 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1770 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1771 SSL_kECDHEPSK,
1772 SSL_aPSK,
1773 SSL_eNULL,
1774 SSL_SHA1,
3eb2aff4
KR		 1775 SSL3_VERSION, TLS1_2_VERSION,
1776 DTLS1_VERSION, DTLS1_2_VERSION,
1510b5f7 1777 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1778 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1779 0,
1780 0,
1781 },
ea6114c6
DSH		 1782 {
1783 1,
1784 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1785 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1786 SSL_kECDHEPSK,
1787 SSL_aPSK,
1788 SSL_eNULL,
1789 SSL_SHA256,
3eb2aff4
KR		 1790 TLS1_VERSION, TLS1_2_VERSION,
1791 DTLS1_VERSION, DTLS1_2_VERSION,
1510b5f7 1792 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1793 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1794 0,
1795 0,
1796 },
ea6114c6
DSH		 1797 {
1798 1,
1799 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1800 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1801 SSL_kECDHEPSK,
1802 SSL_aPSK,
1803 SSL_eNULL,
1804 SSL_SHA384,
3eb2aff4
KR		 1805 TLS1_VERSION, TLS1_2_VERSION,
1806 DTLS1_VERSION, DTLS1_2_VERSION,
1510b5f7 1807 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1808 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1809 0,
1810 0,
1811 },
748f2546
RS		 1812# endif /* OPENSSL_NO_EC */
1813#endif /* OPENSSL_NO_PSK */
ea6114c6 1814
748f2546
RS		 1815#ifndef OPENSSL_NO_SRP
1816 {
1817 1,
1818 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1819 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1820 SSL_kSRP,
1821 SSL_aSRP,
1822 SSL_3DES,
1823 SSL_SHA1,
1824 SSL3_VERSION, TLS1_2_VERSION,
1825 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 1826 SSL_MEDIUM,
748f2546
RS		 1827 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1828 112,
1829 168,
1830 },
1831 {
1832 1,
1833 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1834 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1835 SSL_kSRP,
1836 SSL_aRSA,
1837 SSL_3DES,
1838 SSL_SHA1,
1839 SSL3_VERSION, TLS1_2_VERSION,
1840 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 1841 SSL_MEDIUM,
748f2546
RS		 1842 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1843 112,
1844 168,
1845 },
1846 {
1847 1,
1848 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1849 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1850 SSL_kSRP,
1851 SSL_aDSS,
1852 SSL_3DES,
1853 SSL_SHA1,
1854 SSL3_VERSION, TLS1_2_VERSION,
1855 DTLS1_VERSION, DTLS1_2_VERSION,
4a8e9c22 1856 SSL_NOT_DEFAULT | SSL_MEDIUM,
748f2546
RS		 1857 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1858 112,
1859 168,
1860 },
1861 {
1862 1,
1863 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1864 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1865 SSL_kSRP,
1866 SSL_aSRP,
1867 SSL_AES128,
1868 SSL_SHA1,
1869 SSL3_VERSION, TLS1_2_VERSION,
1870 DTLS1_VERSION, DTLS1_2_VERSION,
1871 SSL_HIGH,
1872 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1873 128,
1874 128,
1875 },
1876 {
1877 1,
1878 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1879 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1880 SSL_kSRP,
1881 SSL_aRSA,
1882 SSL_AES128,
1883 SSL_SHA1,
1884 SSL3_VERSION, TLS1_2_VERSION,
1885 DTLS1_VERSION, DTLS1_2_VERSION,
1886 SSL_HIGH,
1887 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1888 128,
1889 128,
1890 },
1891 {
1892 1,
1893 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1894 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1895 SSL_kSRP,
1896 SSL_aDSS,
1897 SSL_AES128,
1898 SSL_SHA1,
1899 SSL3_VERSION, TLS1_2_VERSION,
1900 DTLS1_VERSION, DTLS1_2_VERSION,
1901 SSL_NOT_DEFAULT | SSL_HIGH,
1902 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1903 128,
1904 128,
1905 },
1906 {
1907 1,
1908 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1909 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1910 SSL_kSRP,
1911 SSL_aSRP,
1912 SSL_AES256,
1913 SSL_SHA1,
1914 SSL3_VERSION, TLS1_2_VERSION,
1915 DTLS1_VERSION, DTLS1_2_VERSION,
1916 SSL_HIGH,
1917 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1918 256,
1919 256,
1920 },
1921 {
1922 1,
1923 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1924 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1925 SSL_kSRP,
1926 SSL_aRSA,
1927 SSL_AES256,
1928 SSL_SHA1,
1929 SSL3_VERSION, TLS1_2_VERSION,
1930 DTLS1_VERSION, DTLS1_2_VERSION,
1931 SSL_HIGH,
1932 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1933 256,
1934 256,
1935 },
1936 {
1937 1,
1938 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1939 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1940 SSL_kSRP,
1941 SSL_aDSS,
1942 SSL_AES256,
1943 SSL_SHA1,
1944 SSL3_VERSION, TLS1_2_VERSION,
1945 DTLS1_VERSION, DTLS1_2_VERSION,
1946 SSL_NOT_DEFAULT | SSL_HIGH,
1947 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1948 256,
1949 256,
1950 },
1951#endif /* OPENSSL_NO_SRP */
1952
1953#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1954# ifndef OPENSSL_NO_RSA
1955 {
1956 1,
1957 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1958 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1959 SSL_kDHE,
1960 SSL_aRSA,
1961 SSL_CHACHA20POLY1305,
1962 SSL_AEAD,
1963 TLS1_2_VERSION, TLS1_2_VERSION,
1964 DTLS1_2_VERSION, DTLS1_2_VERSION,
1965 SSL_HIGH,
1966 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1967 256,
1968 256,
1969 },
1970# endif /* OPENSSL_NO_RSA */
1971
1972# ifndef OPENSSL_NO_EC
1973 {
1974 1,
1975 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1976 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1977 SSL_kECDHE,
1978 SSL_aRSA,
1979 SSL_CHACHA20POLY1305,
1980 SSL_AEAD,
1981 TLS1_2_VERSION, TLS1_2_VERSION,
1982 DTLS1_2_VERSION, DTLS1_2_VERSION,
1983 SSL_HIGH,
1984 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1985 256,
1986 256,
1987 },
1988 {
1989 1,
1990 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1991 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1992 SSL_kECDHE,
1993 SSL_aECDSA,
1994 SSL_CHACHA20POLY1305,
1995 SSL_AEAD,
1996 TLS1_2_VERSION, TLS1_2_VERSION,
1997 DTLS1_2_VERSION, DTLS1_2_VERSION,
1998 SSL_HIGH,
1999 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2000 256,
2001 256,
2002 },
2003# endif /* OPENSSL_NO_EC */
2004
2005# ifndef OPENSSL_NO_PSK
2006 {
2007 1,
2008 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2009 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2010 SSL_kPSK,
2011 SSL_aPSK,
2012 SSL_CHACHA20POLY1305,
2013 SSL_AEAD,
2014 TLS1_2_VERSION, TLS1_2_VERSION,
2015 DTLS1_2_VERSION, DTLS1_2_VERSION,
2016 SSL_HIGH,
2017 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2018 256,
2019 256,
2020 },
2021 {
2022 1,
2023 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2024 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2025 SSL_kECDHEPSK,
2026 SSL_aPSK,
2027 SSL_CHACHA20POLY1305,
2028 SSL_AEAD,
2029 TLS1_2_VERSION, TLS1_2_VERSION,
2030 DTLS1_2_VERSION, DTLS1_2_VERSION,
2031 SSL_HIGH,
2032 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2033 256,
2034 256,
2035 },
2036 {
2037 1,
2038 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2039 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2040 SSL_kDHEPSK,
2041 SSL_aPSK,
2042 SSL_CHACHA20POLY1305,
2043 SSL_AEAD,
2044 TLS1_2_VERSION, TLS1_2_VERSION,
2045 DTLS1_2_VERSION, DTLS1_2_VERSION,
2046 SSL_HIGH,
2047 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2048 256,
2049 256,
2050 },
2051 {
2052 1,
2053 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2054 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2055 SSL_kRSAPSK,
2056 SSL_aRSA,
2057 SSL_CHACHA20POLY1305,
2058 SSL_AEAD,
2059 TLS1_2_VERSION, TLS1_2_VERSION,
2060 DTLS1_2_VERSION, DTLS1_2_VERSION,
2061 SSL_HIGH,
2062 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2063 256,
2064 256,
2065 },
2066# endif /* OPENSSL_NO_PSK */
2067#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2068
2069#ifndef OPENSSL_NO_CAMELLIA
2070 {
2071 1,
2072 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2073 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2074 SSL_kRSA,
2075 SSL_aRSA,
2076 SSL_CAMELLIA128,
2077 SSL_SHA256,
2078 TLS1_2_VERSION, TLS1_2_VERSION,
2079 DTLS1_2_VERSION, DTLS1_2_VERSION,
2080 SSL_NOT_DEFAULT | SSL_HIGH,
2081 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2082 128,
2083 128,
2084 },
2085 {
2086 1,
2087 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2088 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2089 SSL_kEDH,
2090 SSL_aDSS,
2091 SSL_CAMELLIA128,
2092 SSL_SHA256,
2093 TLS1_2_VERSION, TLS1_2_VERSION,
2094 DTLS1_2_VERSION, DTLS1_2_VERSION,
2095 SSL_NOT_DEFAULT | SSL_HIGH,
2096 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2097 128,
2098 128,
2099 },
2100 {
2101 1,
2102 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2103 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2104 SSL_kEDH,
2105 SSL_aRSA,
2106 SSL_CAMELLIA128,
2107 SSL_SHA256,
2108 TLS1_2_VERSION, TLS1_2_VERSION,
2109 DTLS1_2_VERSION, DTLS1_2_VERSION,
2110 SSL_NOT_DEFAULT | SSL_HIGH,
2111 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2112 128,
2113 128,
2114 },
2115 {
2116 1,
2117 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2118 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2119 SSL_kEDH,
2120 SSL_aNULL,
2121 SSL_CAMELLIA128,
2122 SSL_SHA256,
2123 TLS1_2_VERSION, TLS1_2_VERSION,
2124 DTLS1_2_VERSION, DTLS1_2_VERSION,
2125 SSL_NOT_DEFAULT | SSL_HIGH,
2126 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2127 128,
2128 128,
2129 },
2130 {
2131 1,
2132 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2133 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2134 SSL_kRSA,
2135 SSL_aRSA,
2136 SSL_CAMELLIA256,
2137 SSL_SHA256,
2138 TLS1_2_VERSION, TLS1_2_VERSION,
2139 DTLS1_2_VERSION, DTLS1_2_VERSION,
2140 SSL_NOT_DEFAULT | SSL_HIGH,
2141 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2142 256,
2143 256,
2144 },
2145 {
2146 1,
2147 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2148 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2149 SSL_kEDH,
2150 SSL_aDSS,
2151 SSL_CAMELLIA256,
2152 SSL_SHA256,
2153 TLS1_2_VERSION, TLS1_2_VERSION,
2154 DTLS1_2_VERSION, DTLS1_2_VERSION,
2155 SSL_NOT_DEFAULT | SSL_HIGH,
2156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2157 256,
2158 256,
2159 },
2160 {
2161 1,
2162 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2163 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2164 SSL_kEDH,
2165 SSL_aRSA,
2166 SSL_CAMELLIA256,
2167 SSL_SHA256,
2168 TLS1_2_VERSION, TLS1_2_VERSION,
2169 DTLS1_2_VERSION, DTLS1_2_VERSION,
2170 SSL_NOT_DEFAULT | SSL_HIGH,
2171 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2172 256,
2173 256,
2174 },
2175 {
2176 1,
2177 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2178 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2179 SSL_kEDH,
2180 SSL_aNULL,
2181 SSL_CAMELLIA256,
2182 SSL_SHA256,
2183 TLS1_2_VERSION, TLS1_2_VERSION,
2184 DTLS1_2_VERSION, DTLS1_2_VERSION,
2185 SSL_NOT_DEFAULT | SSL_HIGH,
2186 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2187 256,
2188 256,
2189 },
2190 {
2191 1,
2192 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2193 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2194 SSL_kRSA,
2195 SSL_aRSA,
2196 SSL_CAMELLIA256,
2197 SSL_SHA1,
2198 SSL3_VERSION, TLS1_2_VERSION,
2199 DTLS1_VERSION, DTLS1_2_VERSION,
2200 SSL_NOT_DEFAULT | SSL_HIGH,
2201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2202 256,
2203 256,
2204 },
2205 {
2206 1,
2207 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2208 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2209 SSL_kDHE,
2210 SSL_aDSS,
2211 SSL_CAMELLIA256,
2212 SSL_SHA1,
2213 SSL3_VERSION, TLS1_2_VERSION,
2214 DTLS1_VERSION, DTLS1_2_VERSION,
2215 SSL_NOT_DEFAULT | SSL_HIGH,
2216 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2217 256,
2218 256,
2219 },
2220 {
2221 1,
2222 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2223 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2224 SSL_kDHE,
2225 SSL_aRSA,
2226 SSL_CAMELLIA256,
2227 SSL_SHA1,
2228 SSL3_VERSION, TLS1_2_VERSION,
2229 DTLS1_VERSION, DTLS1_2_VERSION,
2230 SSL_NOT_DEFAULT | SSL_HIGH,
2231 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2232 256,
2233 256,
2234 },
2235 {
2236 1,
2237 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2238 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2239 SSL_kDHE,
2240 SSL_aNULL,
2241 SSL_CAMELLIA256,
2242 SSL_SHA1,
2243 SSL3_VERSION, TLS1_2_VERSION,
2244 DTLS1_VERSION, DTLS1_2_VERSION,
2245 SSL_NOT_DEFAULT | SSL_HIGH,
2246 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2247 256,
2248 256,
2249 },
2250 {
2251 1,
2252 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2253 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2254 SSL_kRSA,
2255 SSL_aRSA,
2256 SSL_CAMELLIA128,
2257 SSL_SHA1,
2258 SSL3_VERSION, TLS1_2_VERSION,
2259 DTLS1_VERSION, DTLS1_2_VERSION,
2260 SSL_NOT_DEFAULT | SSL_HIGH,
2261 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2262 128,
2263 128,
2264 },
2265 {
2266 1,
2267 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2268 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2269 SSL_kDHE,
2270 SSL_aDSS,
2271 SSL_CAMELLIA128,
2272 SSL_SHA1,
2273 SSL3_VERSION, TLS1_2_VERSION,
2274 DTLS1_VERSION, DTLS1_2_VERSION,
2275 SSL_NOT_DEFAULT | SSL_HIGH,
2276 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2277 128,
2278 128,
2279 },
2280 {
2281 1,
2282 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2283 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2284 SSL_kDHE,
2285 SSL_aRSA,
2286 SSL_CAMELLIA128,
2287 SSL_SHA1,
2288 SSL3_VERSION, TLS1_2_VERSION,
2289 DTLS1_VERSION, DTLS1_2_VERSION,
2290 SSL_NOT_DEFAULT | SSL_HIGH,
2291 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2292 128,
2293 128,
2294 },
2295 {
2296 1,
2297 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2298 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2299 SSL_kDHE,
2300 SSL_aNULL,
2301 SSL_CAMELLIA128,
2302 SSL_SHA1,
2303 SSL3_VERSION, TLS1_2_VERSION,
2304 DTLS1_VERSION, DTLS1_2_VERSION,
2305 SSL_NOT_DEFAULT | SSL_HIGH,
2306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2307 128,
2308 128,
2309 },
2310
2311# ifndef OPENSSL_NO_EC
2312 {
0f113f3e
MC		 2313 1,
2314 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2315 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2316 SSL_kECDHE,
2317 SSL_aECDSA,
2318 SSL_CAMELLIA128,
2319 SSL_SHA256,
3eb2aff4
KR		 2320 TLS1_2_VERSION, TLS1_2_VERSION,
2321 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2322 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2323 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2324 128,
748f2546
RS		 2325 128
2326 },
2327 {
0f113f3e
MC		 2328 1,
2329 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2330 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2331 SSL_kECDHE,
2332 SSL_aECDSA,
2333 SSL_CAMELLIA256,
2334 SSL_SHA384,
3eb2aff4
KR		 2335 TLS1_2_VERSION, TLS1_2_VERSION,
2336 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2337 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2338 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2339 256,
748f2546
RS		 2340 256
2341 },
2342 {
0f113f3e
MC		 2343 1,
2344 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2345 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2346 SSL_kECDHE,
2347 SSL_aRSA,
2348 SSL_CAMELLIA128,
2349 SSL_SHA256,
3eb2aff4
KR		 2350 TLS1_2_VERSION, TLS1_2_VERSION,
2351 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2352 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2353 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2354 128,
748f2546
RS		 2355 128
2356 },
2357 {
0f113f3e
MC		 2358 1,
2359 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2360 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2361 SSL_kECDHE,
2362 SSL_aRSA,
2363 SSL_CAMELLIA256,
2364 SSL_SHA384,
3eb2aff4
KR		 2365 TLS1_2_VERSION, TLS1_2_VERSION,
2366 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2367 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2368 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2369 256,
748f2546
RS		 2370 256
2371 },
2372# endif /* OPENSSL_NO_EC */
edc032b5 2373
748f2546
RS		 2374# ifndef OPENSSL_NO_PSK
2375 {
69a3a9f5
DSH		 2376 1,
2377 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2378 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2379 SSL_kPSK,
2380 SSL_aPSK,
2381 SSL_CAMELLIA128,
2382 SSL_SHA256,
3eb2aff4
KR		 2383 TLS1_VERSION, TLS1_2_VERSION,
2384 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 2385 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2387 128,
748f2546
RS		 2388 128
2389 },
2390 {
69a3a9f5
DSH		 2391 1,
2392 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2393 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2394 SSL_kPSK,
2395 SSL_aPSK,
2396 SSL_CAMELLIA256,
2397 SSL_SHA384,
3eb2aff4
KR		 2398 TLS1_VERSION, TLS1_2_VERSION,
2399 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 2400 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2401 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2402 256,
748f2546
RS		 2403 256
2404 },
2405 {
69a3a9f5
DSH		 2406 1,
2407 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2408 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2409 SSL_kDHEPSK,
2410 SSL_aPSK,
2411 SSL_CAMELLIA128,
2412 SSL_SHA256,
3eb2aff4
KR		 2413 TLS1_VERSION, TLS1_2_VERSION,
2414 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 2415 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2417 128,
748f2546
RS		 2418 128
2419 },
2420 {
69a3a9f5
DSH		 2421 1,
2422 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2423 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2424 SSL_kDHEPSK,
2425 SSL_aPSK,
2426 SSL_CAMELLIA256,
2427 SSL_SHA384,
3eb2aff4
KR		 2428 TLS1_VERSION, TLS1_2_VERSION,
2429 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 2430 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2431 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2432 256,
748f2546
RS		 2433 256
2434 },
2435 {
69a3a9f5
DSH		 2436 1,
2437 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2438 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2439 SSL_kRSAPSK,
2440 SSL_aRSA,
2441 SSL_CAMELLIA128,
2442 SSL_SHA256,
3eb2aff4
KR		 2443 TLS1_VERSION, TLS1_2_VERSION,
2444 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 2445 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2446 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2447 128,
748f2546
RS		 2448 128
2449 },
2450 {
69a3a9f5
DSH		 2451 1,
2452 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2453 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2454 SSL_kRSAPSK,
2455 SSL_aRSA,
2456 SSL_CAMELLIA256,
2457 SSL_SHA384,
3eb2aff4
KR		 2458 TLS1_VERSION, TLS1_2_VERSION,
2459 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 2460 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2461 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2462 256,
748f2546
RS		 2463 256
2464 },
176f85a2
DSH		 2465 {
2466 1,
748f2546
RS		 2467 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2468 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2469 SSL_kECDHEPSK,
176f85a2 2470 SSL_aPSK,
748f2546
RS		 2471 SSL_CAMELLIA128,
2472 SSL_SHA256,
2473 TLS1_VERSION, TLS1_2_VERSION,
2474 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 2475 SSL_NOT_DEFAULT | SSL_HIGH,
748f2546 2476 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2 2477 128,
748f2546
RS		 2478 128
2479 },
176f85a2
DSH		 2480 {
2481 1,
748f2546
RS		 2482 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2483 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2484 SSL_kECDHEPSK,
176f85a2 2485 SSL_aPSK,
748f2546
RS		 2486 SSL_CAMELLIA256,
2487 SSL_SHA384,
2488 TLS1_VERSION, TLS1_2_VERSION,
2489 DTLS1_VERSION, DTLS1_2_VERSION,
a556f342 2490 SSL_NOT_DEFAULT | SSL_HIGH,
748f2546 2491 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
176f85a2 2492 256,
748f2546
RS		 2493 256
2494 },
2495# endif /* OPENSSL_NO_PSK */
176f85a2 2496
748f2546 2497#endif /* OPENSSL_NO_CAMELLIA */
176f85a2 2498
580731af 2499#ifndef OPENSSL_NO_GOST
176f85a2
DSH		 2500 {
2501 1,
748f2546
RS		 2502 "GOST2001-GOST89-GOST89",
2503 0x3000081,
2504 SSL_kGOST,
2505 SSL_aGOST01,
2506 SSL_eGOST2814789CNT,
2507 SSL_GOST89MAC,
2508 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2509 0, 0,
748f2546
RS		 2510 SSL_HIGH,
2511 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
176f85a2 2512 256,
748f2546
RS		 2513 256
2514 },
2515 {
2516 1,
2517 "GOST2001-NULL-GOST94",
2518 0x3000083,
2519 SSL_kGOST,
2520 SSL_aGOST01,
2521 SSL_eNULL,
2522 SSL_GOST94,
2523 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2524 0, 0,
748f2546
RS		 2525 SSL_STRONG_NONE,
2526 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2527 0,
2528 0
2529 },
2530 {
2531 1,
2532 "GOST2012-GOST8912-GOST8912",
2533 0x0300ff85,
2534 SSL_kGOST,
2535 SSL_aGOST12 | SSL_aGOST01,
2536 SSL_eGOST2814789CNT12,
2537 SSL_GOST89MAC12,
2538 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2539 0, 0,
748f2546
RS		 2540 SSL_HIGH,
2541 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
176f85a2 2542 256,
748f2546
RS		 2543 256
2544 },
2545 {
2546 1,
2547 "GOST2012-NULL-GOST12",
2548 0x0300ff87,
2549 SSL_kGOST,
2550 SSL_aGOST12 | SSL_aGOST01,
2551 SSL_eNULL,
2552 SSL_GOST12_256,
2553 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2554 0, 0,
748f2546
RS		 2555 SSL_STRONG_NONE,
2556 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2557 0,
2558 0},
580731af 2559#endif /* OPENSSL_NO_GOST */
176f85a2 2560
748f2546 2561#ifndef OPENSSL_NO_IDEA
176f85a2
DSH		 2562 {
2563 1,
748f2546
RS		 2564 SSL3_TXT_RSA_IDEA_128_SHA,
2565 SSL3_CK_RSA_IDEA_128_SHA,
2566 SSL_kRSA,
2567 SSL_aRSA,
2568 SSL_IDEA,
2569 SSL_SHA1,
2570 SSL3_VERSION, TLS1_1_VERSION,
2571 DTLS1_VERSION, DTLS1_VERSION,
2572 SSL_NOT_DEFAULT | SSL_MEDIUM,
2573 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2574 128,
2575 128,
2576 },
748f2546 2577#endif
176f85a2 2578
748f2546 2579#ifndef OPENSSL_NO_SEED
176f85a2
DSH		 2580 {
2581 1,
748f2546
RS		 2582 TLS1_TXT_RSA_WITH_SEED_SHA,
2583 TLS1_CK_RSA_WITH_SEED_SHA,
2584 SSL_kRSA,
2585 SSL_aRSA,
2586 SSL_SEED,
2587 SSL_SHA1,
2588 SSL3_VERSION, TLS1_2_VERSION,
2589 DTLS1_VERSION, DTLS1_2_VERSION,
2590 SSL_NOT_DEFAULT | SSL_MEDIUM,
2591 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2592 128,
2593 128,
176f85a2 2594 },
176f85a2
DSH		 2595 {
2596 1,
748f2546
RS		 2597 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2598 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2599 SSL_kDHE,
2600 SSL_aDSS,
2601 SSL_SEED,
2602 SSL_SHA1,
2603 SSL3_VERSION, TLS1_2_VERSION,
2604 DTLS1_VERSION, DTLS1_2_VERSION,
2605 SSL_NOT_DEFAULT | SSL_MEDIUM,
2606 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2607 128,
2608 128,
2609 },
176f85a2
DSH		 2610 {
2611 1,
748f2546
RS		 2612 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2613 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2614 SSL_kDHE,
2615 SSL_aRSA,
2616 SSL_SEED,
2617 SSL_SHA1,
2618 SSL3_VERSION, TLS1_2_VERSION,
2619 DTLS1_VERSION, DTLS1_2_VERSION,
2620 SSL_NOT_DEFAULT | SSL_MEDIUM,
2621 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2622 128,
2623 128,
176f85a2 2624 },
176f85a2
DSH		 2625 {
2626 1,
748f2546
RS		 2627 TLS1_TXT_ADH_WITH_SEED_SHA,
2628 TLS1_CK_ADH_WITH_SEED_SHA,
2629 SSL_kDHE,
2630 SSL_aNULL,
2631 SSL_SEED,
2632 SSL_SHA1,
2633 SSL3_VERSION, TLS1_2_VERSION,
2634 DTLS1_VERSION, DTLS1_2_VERSION,
2635 SSL_NOT_DEFAULT | SSL_MEDIUM,
2636 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2637 128,
2638 128,
2639 },
748f2546 2640#endif /* OPENSSL_NO_SEED */
176f85a2 2641
748f2546
RS		 2642#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2643 {
2644 1,
2645 SSL3_TXT_RSA_RC4_128_MD5,
2646 SSL3_CK_RSA_RC4_128_MD5,
2647 SSL_kRSA,
2648 SSL_aRSA,
2649 SSL_RC4,
2650 SSL_MD5,
2651 SSL3_VERSION, TLS1_2_VERSION,
2652 0, 0,
2653 SSL_NOT_DEFAULT | SSL_MEDIUM,
2654 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2655 128,
2656 128,
2657 },
176f85a2
DSH		 2658 {
2659 1,
748f2546
RS		 2660 SSL3_TXT_RSA_RC4_128_SHA,
2661 SSL3_CK_RSA_RC4_128_SHA,
2662 SSL_kRSA,
2663 SSL_aRSA,
2664 SSL_RC4,
2665 SSL_SHA1,
2666 SSL3_VERSION, TLS1_2_VERSION,
2667 0, 0,
2668 SSL_NOT_DEFAULT | SSL_MEDIUM,
2669 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2670 128,
2671 128,
176f85a2 2672 },
176f85a2
DSH		 2673 {
2674 1,
748f2546
RS		 2675 SSL3_TXT_ADH_RC4_128_MD5,
2676 SSL3_CK_ADH_RC4_128_MD5,
2677 SSL_kDHE,
2678 SSL_aNULL,
2679 SSL_RC4,
2680 SSL_MD5,
2681 SSL3_VERSION, TLS1_2_VERSION,
2682 0, 0,
2683 SSL_NOT_DEFAULT | SSL_MEDIUM,
2684 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2685 128,
2686 128,
2687 },
2688
748f2546 2689# ifndef OPENSSL_NO_EC
176f85a2
DSH		 2690 {
2691 1,
748f2546
RS		 2692 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2693 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2694 SSL_kECDHEPSK,
2695 SSL_aPSK,
2696 SSL_RC4,
2697 SSL_SHA1,
2698 SSL3_VERSION, TLS1_2_VERSION,
2699 0, 0,
2700 SSL_NOT_DEFAULT | SSL_MEDIUM,
2701 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2702 128,
2703 128,
176f85a2 2704 },
a76ba82c
AP		 2705 {
2706 1,
748f2546
RS		 2707 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2708 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
a76ba82c 2709 SSL_kECDHE,
748f2546
RS		 2710 SSL_aNULL,
2711 SSL_RC4,
2712 SSL_SHA1,
2713 SSL3_VERSION, TLS1_2_VERSION,
2714 0, 0,
2715 SSL_NOT_DEFAULT | SSL_MEDIUM,
2716 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2717 128,
2718 128,
a76ba82c 2719 },
a76ba82c
AP		 2720 {
2721 1,
748f2546
RS		 2722 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2723 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
a76ba82c
AP		 2724 SSL_kECDHE,
2725 SSL_aECDSA,
748f2546
RS		 2726 SSL_RC4,
2727 SSL_SHA1,
2728 SSL3_VERSION, TLS1_2_VERSION,
2729 0, 0,
2730 SSL_NOT_DEFAULT | SSL_MEDIUM,
2731 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2732 128,
2733 128,
a76ba82c 2734 },
a76ba82c
AP		 2735 {
2736 1,
748f2546
RS		 2737 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2738 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2739 SSL_kECDHE,
a76ba82c 2740 SSL_aRSA,
748f2546
RS		 2741 SSL_RC4,
2742 SSL_SHA1,
2743 SSL3_VERSION, TLS1_2_VERSION,
2744 0, 0,
2745 SSL_NOT_DEFAULT | SSL_MEDIUM,
2746 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2747 128,
2748 128,
a76ba82c 2749 },
748f2546
RS		 2750# endif /* OPENSSL_NO_EC */
2751
a76ba82c 2752# ifndef OPENSSL_NO_PSK
a76ba82c
AP		 2753 {
2754 1,
748f2546
RS		 2755 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2756 TLS1_CK_PSK_WITH_RC4_128_SHA,
a76ba82c
AP		 2757 SSL_kPSK,
2758 SSL_aPSK,
748f2546
RS		 2759 SSL_RC4,
2760 SSL_SHA1,
2761 SSL3_VERSION, TLS1_2_VERSION,
2762 0, 0,
2763 SSL_NOT_DEFAULT | SSL_MEDIUM,
2764 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2765 128,
2766 128,
a76ba82c 2767 },
a76ba82c
AP		 2768 {
2769 1,
748f2546
RS		 2770 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2771 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2772 SSL_kRSAPSK,
2773 SSL_aRSA,
2774 SSL_RC4,
2775 SSL_SHA1,
2776 SSL3_VERSION, TLS1_2_VERSION,
2777 0, 0,
2778 SSL_NOT_DEFAULT | SSL_MEDIUM,
2779 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2780 128,
2781 128,
a76ba82c 2782 },
a76ba82c
AP		 2783 {
2784 1,
748f2546
RS		 2785 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2786 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
a76ba82c
AP		 2787 SSL_kDHEPSK,
2788 SSL_aPSK,
748f2546
RS		 2789 SSL_RC4,
2790 SSL_SHA1,
2791 SSL3_VERSION, TLS1_2_VERSION,
2792 0, 0,
2793 SSL_NOT_DEFAULT | SSL_MEDIUM,
2794 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2795 128,
2796 128,
a76ba82c 2797 },
748f2546
RS		 2798# endif /* OPENSSL_NO_PSK */
2799
2800#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
e44380a9 2801
0f113f3e
MC		 2802};
2803
748f2546
RS		 2804
2805static int cipher_compare(const void *a, const void *b)
2806{
2807 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2808 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2809
2810 return ap->id - bp->id;
2811}
2812
2813void ssl_sort_cipher_list(void)
2814{
2815 qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
2816 cipher_compare);
2817}
2818
2819
0f113f3e
MC		 2820const SSL3_ENC_METHOD SSLv3_enc_data = {
2821 ssl3_enc,
2822 n_ssl3_mac,
2823 ssl3_setup_key_block,
2824 ssl3_generate_master_secret,
2825 ssl3_change_cipher_state,
2826 ssl3_final_finish_mac,
2827 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
0f113f3e
MC		 2828 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2829 SSL3_MD_SERVER_FINISHED_CONST, 4,
2830 ssl3_alert_code,
2831 (int (*)(SSL *, unsigned char *, size_t, const char *,
2832 size_t, const unsigned char *, size_t,
2833 int use_context))ssl_undefined_function,
2834 0,
2835 SSL3_HM_HEADER_LENGTH,
2836 ssl3_set_handshake_header,
2837 ssl3_handshake_write
2838};
58964a49 2839
f3b656b2 2840long ssl3_default_timeout(void)
0f113f3e
MC		 2841{
2842 /*
2843 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2844 * http, the cache would over fill
2845 */
2846 return (60 * 60 * 2);
2847}
d02b48c6 2848
6b691a5c 2849int ssl3_num_ciphers(void)
0f113f3e
MC		 2850{
2851 return (SSL3_NUM_CIPHERS);
2852}
d02b48c6 2853
babb3798 2854const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
0f113f3e
MC		 2855{
2856 if (u < SSL3_NUM_CIPHERS)
2857 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2858 else
2859 return (NULL);
2860}
d02b48c6 2861
77d514c5 2862int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
0f113f3e
MC		 2863{
2864 unsigned char *p = (unsigned char *)s->init_buf->data;
2865 *(p++) = htype;
2866 l2n3(len, p);
2867 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2868 s->init_off = 0;
77d514c5
MC		 2869
2870 return 1;
0f113f3e 2871}
173e72e6
DSH		 2872
2873int ssl3_handshake_write(SSL *s)
0f113f3e
MC		 2874{
2875 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2876}
173e72e6 2877
6b691a5c 2878int ssl3_new(SSL *s)
0f113f3e
MC		 2879{
2880 SSL3_STATE *s3;
d02b48c6 2881
b51bce94 2882 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
0f113f3e 2883 goto err;
0f113f3e 2884 s->s3 = s3;
1e0784ff 2885
edc032b5 2886#ifndef OPENSSL_NO_SRP
61986d32 2887 if (!SSL_SRP_CTX_init(s))
69f68237 2888 goto err;
edc032b5 2889#endif
0f113f3e
MC		 2890 s->method->ssl_clear(s);
2891 return (1);
2892 err:
2893 return (0);
2894}
d02b48c6 2895
6b691a5c 2896void ssl3_free(SSL *s)
0f113f3e 2897{
a60c151a 2898 if (s == NULL || s->s3 == NULL)
0f113f3e 2899 return;
e03ddfae 2900
0f113f3e 2901 ssl3_cleanup_key_block(s);
8d92c1f8 2902
fb79abe3 2903#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
61dd9f7a
DSH		 2904 EVP_PKEY_free(s->s3->peer_tmp);
2905 s->s3->peer_tmp = NULL;
b22d7113
DSH		 2906 EVP_PKEY_free(s->s3->tmp.pkey);
2907 s->s3->tmp.pkey = NULL;
ea262260
BM		 2908#endif
2909
222561fe 2910 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
76106e60
DSH		 2911 OPENSSL_free(s->s3->tmp.ciphers_raw);
2912 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2913 OPENSSL_free(s->s3->tmp.peer_sigalgs);
85fb6fda 2914 ssl3_free_digest_list(s);
25aaa98a 2915 OPENSSL_free(s->s3->alpn_selected);
817cd0d5 2916 OPENSSL_free(s->s3->alpn_proposed);
6f017a8f 2917
edc032b5 2918#ifndef OPENSSL_NO_SRP
0f113f3e 2919 SSL_SRP_CTX_free(s);
edc032b5 2920#endif
b4faea50 2921 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
0f113f3e
MC		 2922 s->s3 = NULL;
2923}
d02b48c6 2924
6b691a5c 2925void ssl3_clear(SSL *s)
0f113f3e 2926{
0f113f3e 2927 ssl3_cleanup_key_block(s);
222561fe 2928 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
76106e60 2929 OPENSSL_free(s->s3->tmp.ciphers_raw);
76106e60 2930 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
76106e60 2931 OPENSSL_free(s->s3->tmp.peer_sigalgs);
d02b48c6 2932
fb79abe3 2933#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
b22d7113 2934 EVP_PKEY_free(s->s3->tmp.pkey);
61dd9f7a 2935 EVP_PKEY_free(s->s3->peer_tmp);
e481f9b9 2936#endif /* !OPENSSL_NO_EC */
0f113f3e 2937
85fb6fda 2938 ssl3_free_digest_list(s);
e481f9b9 2939
817cd0d5
TS		 2940 OPENSSL_free(s->s3->alpn_selected);
2941 OPENSSL_free(s->s3->alpn_proposed);
e481f9b9 2942
817cd0d5 2943 /* NULL/zero-out everything in the s3 struct */
b4faea50 2944 memset(s->s3, 0, sizeof(*s->s3));
0f113f3e
MC		 2945
2946 ssl_free_wbio_buffer(s);
2947
0f113f3e 2948 s->version = SSL3_VERSION;
ee2ffc27 2949
e481f9b9 2950#if !defined(OPENSSL_NO_NEXTPROTONEG)
b548a1f1
RS		 2951 OPENSSL_free(s->next_proto_negotiated);
2952 s->next_proto_negotiated = NULL;
2953 s->next_proto_negotiated_len = 0;
ee2ffc27 2954#endif
0f113f3e 2955}
d02b48c6 2956
edc032b5 2957#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 2958static char *srp_password_from_info_cb(SSL *s, void *arg)
2959{
7644a9ae 2960 return OPENSSL_strdup(s->srp_ctx.info);
0f113f3e 2961}
edc032b5
BL		 2962#endif
2963
0f113f3e
MC		 2964static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
2965 size_t len);
9f27b1ee 2966
a661b653 2967long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
0f113f3e
MC		 2968{
2969 int ret = 0;
58964a49 2970
0f113f3e 2971 switch (cmd) {
0f113f3e
MC		 2972 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2973 break;
2974 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2975 ret = s->s3->num_renegotiations;
2976 break;
2977 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2978 ret = s->s3->num_renegotiations;
2979 s->s3->num_renegotiations = 0;
2980 break;
2981 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2982 ret = s->s3->total_renegotiations;
2983 break;
2984 case SSL_CTRL_GET_FLAGS:
2985 ret = (int)(s->s3->flags);
2986 break;
bc36ee62 2987#ifndef OPENSSL_NO_DH
0f113f3e
MC		 2988 case SSL_CTRL_SET_TMP_DH:
2989 {
2990 DH *dh = (DH *)parg;
e2b420fd 2991 EVP_PKEY *pkdh = NULL;
0f113f3e
MC		 2992 if (dh == NULL) {
2993 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2994 return (ret);
2995 }
e2b420fd
DSH		 2996 pkdh = ssl_dh_to_pkey(dh);
2997 if (pkdh == NULL) {
2998 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2999 return 0;
3000 }
0f113f3e 3001 if (!ssl_security(s, SSL_SECOP_TMP_DH,
e2b420fd 3002 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
0f113f3e 3003 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
e2b420fd
DSH		 3004 EVP_PKEY_free(pkdh);
3005 return ret;
0f113f3e 3006 }
e2b420fd
DSH		 3007 EVP_PKEY_free(s->cert->dh_tmp);
3008 s->cert->dh_tmp = pkdh;
0f113f3e
MC		 3009 ret = 1;
3010 }
3011 break;
3012 case SSL_CTRL_SET_TMP_DH_CB:
3013 {
3014 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3015 return (ret);
3016 }
0f113f3e
MC		 3017 case SSL_CTRL_SET_DH_AUTO:
3018 s->cert->dh_tmp_auto = larg;
3019 return 1;
d3442bc7 3020#endif
10bf4fc2 3021#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3022 case SSL_CTRL_SET_TMP_ECDH:
3023 {
6977e8ee
KR		 3024 const EC_GROUP *group = NULL;
3025 int nid;
0f113f3e
MC		 3026
3027 if (parg == NULL) {
3028 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
6977e8ee 3029 return 0;
0f113f3e 3030 }
6977e8ee
KR		 3031 group = EC_KEY_get0_group((const EC_KEY *)parg);
3032 if (group == NULL) {
3033 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3034 return 0;
0f113f3e 3035 }
6977e8ee
KR		 3036 nid = EC_GROUP_get_curve_name(group);
3037 if (nid == NID_undef)
3038 return 0;
3039 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3040 &s->tlsext_ellipticcurvelist_length,
3041 &nid, 1);
0f113f3e
MC		 3042 }
3043 break;
10bf4fc2 3044#endif /* !OPENSSL_NO_EC */
0f113f3e
MC		 3045 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3046 if (larg == TLSEXT_NAMETYPE_host_name) {
0982ecaa
VD		 3047 size_t len;
3048
b548a1f1 3049 OPENSSL_free(s->tlsext_hostname);
0f113f3e
MC		 3050 s->tlsext_hostname = NULL;
3051
3052 ret = 1;
3053 if (parg == NULL)
3054 break;
0982ecaa
VD		 3055 len = strlen((char *)parg);
3056 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
0f113f3e
MC		 3057 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3058 return 0;
3059 }
7644a9ae 3060 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
0f113f3e
MC		 3061 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3062 return 0;
3063 }
3064 } else {
3065 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3066 return 0;
3067 }
3068 break;
3069 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3070 s->tlsext_debug_arg = parg;
3071 ret = 1;
3072 break;
3073
0f113f3e
MC		 3074 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3075 s->tlsext_status_type = larg;
3076 ret = 1;
3077 break;
3078
3079 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3080 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3081 ret = 1;
3082 break;
3083
3084 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3085 s->tlsext_ocsp_exts = parg;
3086 ret = 1;
3087 break;
3088
3089 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3090 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3091 ret = 1;
3092 break;
3093
3094 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3095 s->tlsext_ocsp_ids = parg;
3096 ret = 1;
3097 break;
3098
3099 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3100 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3101 return s->tlsext_ocsp_resplen;
3102
3103 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
b548a1f1 3104 OPENSSL_free(s->tlsext_ocsp_resp);
0f113f3e
MC		 3105 s->tlsext_ocsp_resp = parg;
3106 s->tlsext_ocsp_resplen = larg;
3107 ret = 1;
3108 break;
3109
e481f9b9 3110#ifndef OPENSSL_NO_HEARTBEATS
22e3dcb7 3111 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
0f113f3e
MC		 3112 if (SSL_IS_DTLS(s))
3113 ret = dtls1_heartbeat(s);
0f113f3e
MC		 3114 break;
3115
22e3dcb7
RS		 3116 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3117 if (SSL_IS_DTLS(s))
3118 ret = s->tlsext_hb_pending;
0f113f3e
MC		 3119 break;
3120
22e3dcb7
RS		 3121 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3122 if (SSL_IS_DTLS(s)) {
3123 if (larg)
3124 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3125 else
3126 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3127 ret = 1;
3128 }
0f113f3e 3129 break;
e481f9b9 3130#endif
0f113f3e
MC		 3131
3132 case SSL_CTRL_CHAIN:
3133 if (larg)
3134 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3135 else
3136 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3137
3138 case SSL_CTRL_CHAIN_CERT:
3139 if (larg)
3140 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3141 else
3142 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3143
3144 case SSL_CTRL_GET_CHAIN_CERTS:
3145 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3146 break;
3147
3148 case SSL_CTRL_SELECT_CURRENT_CERT:
3149 return ssl_cert_select_current(s->cert, (X509 *)parg);
3150
3151 case SSL_CTRL_SET_CURRENT_CERT:
3152 if (larg == SSL_CERT_SET_SERVER) {
3153 CERT_PKEY *cpk;
3154 const SSL_CIPHER *cipher;
3155 if (!s->server)
3156 return 0;
3157 cipher = s->s3->tmp.new_cipher;
3158 if (!cipher)
3159 return 0;
3160 /*
3161 * No certificate for unauthenticated ciphersuites or using SRP
3162 * authentication
3163 */
3164 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3165 return 2;
3166 cpk = ssl_get_server_send_pkey(s);
3167 if (!cpk)
3168 return 0;
3169 s->cert->key = cpk;
3170 return 1;
3171 }
3172 return ssl_cert_set_current(s->cert, larg);
0f78819c 3173
14536c8c 3174#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3175 case SSL_CTRL_GET_CURVES:
3176 {
3177 unsigned char *clist;
3178 size_t clistlen;
3179 if (!s->session)
3180 return 0;
3181 clist = s->session->tlsext_ellipticcurvelist;
3182 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3183 if (parg) {
3184 size_t i;
3185 int *cptr = parg;
3186 unsigned int cid, nid;
3187 for (i = 0; i < clistlen; i++) {
3188 n2s(clist, cid);
3189 nid = tls1_ec_curve_id2nid(cid);
3190 if (nid != 0)
3191 cptr[i] = nid;
3192 else
3193 cptr[i] = TLSEXT_nid_unknown | cid;
3194 }
3195 }
3196 return (int)clistlen;
3197 }
3198
3199 case SSL_CTRL_SET_CURVES:
3200 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3201 &s->tlsext_ellipticcurvelist_length,
3202 parg, larg);
3203
3204 case SSL_CTRL_SET_CURVES_LIST:
3205 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3206 &s->tlsext_ellipticcurvelist_length,
3207 parg);
3208
3209 case SSL_CTRL_GET_SHARED_CURVE:
3210 return tls1_shared_curve(s, larg);
3211
14536c8c 3212#endif
0f113f3e
MC		 3213 case SSL_CTRL_SET_SIGALGS:
3214 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3215
3216 case SSL_CTRL_SET_SIGALGS_LIST:
3217 return tls1_set_sigalgs_list(s->cert, parg, 0);
3218
3219 case SSL_CTRL_SET_CLIENT_SIGALGS:
3220 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3221
3222 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3223 return tls1_set_sigalgs_list(s->cert, parg, 1);
3224
3225 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3226 {
3227 const unsigned char **pctype = parg;
3228 if (s->server || !s->s3->tmp.cert_req)
3229 return 0;
3230 if (s->cert->ctypes) {
3231 if (pctype)
3232 *pctype = s->cert->ctypes;
3233 return (int)s->cert->ctype_num;
3234 }
3235 if (pctype)
3236 *pctype = (unsigned char *)s->s3->tmp.ctype;
3237 return s->s3->tmp.ctype_num;
3238 }
3239
3240 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3241 if (!s->server)
3242 return 0;
3243 return ssl3_set_req_cert_type(s->cert, parg, larg);
3244
3245 case SSL_CTRL_BUILD_CERT_CHAIN:
3246 return ssl_build_cert_chain(s, NULL, larg);
3247
3248 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3249 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3250
3251 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3252 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3253
3254 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3255 if (SSL_USE_SIGALGS(s)) {
389ebcec 3256 if (s->session) {
0f113f3e 3257 const EVP_MD *sig;
d376e57d 3258 sig = s->s3->tmp.peer_md;
0f113f3e
MC		 3259 if (sig) {
3260 *(int *)parg = EVP_MD_type(sig);
3261 return 1;
3262 }
3263 }
3264 return 0;
3265 }
3266 /* Might want to do something here for other versions */
3267 else
3268 return 0;
3269
3270 case SSL_CTRL_GET_SERVER_TMP_KEY:
fb79abe3
DSH		 3271#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3272 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
0f113f3e 3273 return 0;
fb79abe3
DSH		 3274 } else {
3275 EVP_PKEY_up_ref(s->s3->peer_tmp);
3276 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3277 return 1;
0f113f3e 3278 }
fb79abe3
DSH		 3279#else
3280 return 0;
3281#endif
14536c8c 3282#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3283 case SSL_CTRL_GET_EC_POINT_FORMATS:
3284 {
3285 SSL_SESSION *sess = s->session;
3286 const unsigned char **pformat = parg;
3287 if (!sess || !sess->tlsext_ecpointformatlist)
3288 return 0;
3289 *pformat = sess->tlsext_ecpointformatlist;
3290 return (int)sess->tlsext_ecpointformatlist_length;
3291 }
14536c8c 3292#endif
cf6da053 3293
0f113f3e
MC		 3294 default:
3295 break;
3296 }
3297 return (ret);
3298}
3299
3300long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3301{
3302 int ret = 0;
d3442bc7 3303
0f113f3e 3304 switch (cmd) {
bc36ee62 3305#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3306 case SSL_CTRL_SET_TMP_DH_CB:
3307 {
3308 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3309 }
3310 break;
6434abbf 3311#endif
0f113f3e
MC		 3312 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3313 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
b6981744 3314 const unsigned char *, int, void *))fp;
0f113f3e 3315 break;
e481f9b9 3316
0f113f3e
MC		 3317 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3318 {
3319 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3320 }
3321 break;
3322 default:
3323 break;
3324 }
3325 return (ret);
3326}
d02b48c6 3327
a661b653 3328long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
0f113f3e 3329{
0f113f3e 3330 switch (cmd) {
bc36ee62 3331#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3332 case SSL_CTRL_SET_TMP_DH:
3333 {
e2b420fd
DSH		 3334 DH *dh = (DH *)parg;
3335 EVP_PKEY *pkdh = NULL;
3336 if (dh == NULL) {
3337 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
0f113f3e
MC		 3338 return 0;
3339 }
e2b420fd
DSH		 3340 pkdh = ssl_dh_to_pkey(dh);
3341 if (pkdh == NULL) {
3342 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 3343 return 0;
3344 }
e2b420fd
DSH		 3345 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3346 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3347 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3348 EVP_PKEY_free(pkdh);
3349 return 1;
0f113f3e 3350 }
e2b420fd
DSH		 3351 EVP_PKEY_free(ctx->cert->dh_tmp);
3352 ctx->cert->dh_tmp = pkdh;
0f113f3e
MC		 3353 return 1;
3354 }
3355 /*
3356 * break;
3357 */
3358 case SSL_CTRL_SET_TMP_DH_CB:
3359 {
3360 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3361 return (0);
3362 }
0f113f3e
MC		 3363 case SSL_CTRL_SET_DH_AUTO:
3364 ctx->cert->dh_tmp_auto = larg;
3365 return 1;
d02b48c6 3366#endif
10bf4fc2 3367#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3368 case SSL_CTRL_SET_TMP_ECDH:
3369 {
6977e8ee
KR		 3370 const EC_GROUP *group = NULL;
3371 int nid;
0f113f3e
MC		 3372
3373 if (parg == NULL) {
6977e8ee 3374 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
0f113f3e
MC		 3375 return 0;
3376 }
6977e8ee
KR		 3377 group = EC_KEY_get0_group((const EC_KEY *)parg);
3378 if (group == NULL) {
3379 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
0f113f3e
MC		 3380 return 0;
3381 }
6977e8ee
KR		 3382 nid = EC_GROUP_get_curve_name(group);
3383 if (nid == NID_undef)
3384 return 0;
3385 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3386 &ctx->tlsext_ellipticcurvelist_length,
3387 &nid, 1);
0f113f3e
MC		 3388 }
3389 /* break; */
10bf4fc2 3390#endif /* !OPENSSL_NO_EC */
0f113f3e
MC		 3391 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3392 ctx->tlsext_servername_arg = parg;
3393 break;
3394 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3395 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3396 {
3397 unsigned char *keys = parg;
4e2e1ec9 3398 long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
d139723b
KR		 3399 sizeof(ctx->tlsext_tick_hmac_key) + sizeof(ctx->tlsext_tick_aes_key));
3400 if (keys == NULL)
4e2e1ec9
TS		 3401 return tlsext_tick_keylen;
3402 if (larg != tlsext_tick_keylen) {
0f113f3e
MC		 3403 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3404 return 0;
3405 }
3406 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
4e2e1ec9
TS		 3407 memcpy(ctx->tlsext_tick_key_name, keys,
3408 sizeof(ctx->tlsext_tick_key_name));
3409 memcpy(ctx->tlsext_tick_hmac_key,
3410 keys + sizeof(ctx->tlsext_tick_key_name),
3411 sizeof(ctx->tlsext_tick_hmac_key));
3412 memcpy(ctx->tlsext_tick_aes_key,
3413 keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
3414 sizeof(ctx->tlsext_tick_aes_key));
0f113f3e 3415 } else {
4e2e1ec9
TS		 3416 memcpy(keys, ctx->tlsext_tick_key_name,
3417 sizeof(ctx->tlsext_tick_key_name));
3418 memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
3419 ctx->tlsext_tick_hmac_key,
3420 sizeof(ctx->tlsext_tick_hmac_key));
3421 memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
3422 ctx->tlsext_tick_aes_key,
3423 sizeof(ctx->tlsext_tick_aes_key));
0f113f3e
MC		 3424 }
3425 return 1;
3426 }
3427
ba261f71 3428 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3429 ctx->tlsext_status_type = larg;
3430 break;
3431
0f113f3e
MC		 3432 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3433 ctx->tlsext_status_arg = parg;
3434 return 1;
0f113f3e 3435
e481f9b9 3436#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3437 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3438 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
b548a1f1 3439 OPENSSL_free(ctx->srp_ctx.login);
0f113f3e
MC		 3440 ctx->srp_ctx.login = NULL;
3441 if (parg == NULL)
3442 break;
3443 if (strlen((const char *)parg) > 255
3444 || strlen((const char *)parg) < 1) {
3445 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3446 return 0;
3447 }
7644a9ae 3448 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
0f113f3e
MC		 3449 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3450 return 0;
3451 }
3452 break;
3453 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3454 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3455 srp_password_from_info_cb;
3456 ctx->srp_ctx.info = parg;
3457 break;
3458 case SSL_CTRL_SET_SRP_ARG:
3459 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3460 ctx->srp_ctx.SRP_cb_arg = parg;
3461 break;
3462
3463 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3464 ctx->srp_ctx.strength = larg;
3465 break;
e481f9b9 3466#endif
0f113f3e 3467
e481f9b9 3468#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3469 case SSL_CTRL_SET_CURVES:
3470 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3471 &ctx->tlsext_ellipticcurvelist_length,
3472 parg, larg);
3473
3474 case SSL_CTRL_SET_CURVES_LIST:
3475 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3476 &ctx->tlsext_ellipticcurvelist_length,
3477 parg);
e481f9b9 3478#endif
0f113f3e
MC		 3479 case SSL_CTRL_SET_SIGALGS:
3480 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3481
3482 case SSL_CTRL_SET_SIGALGS_LIST:
3483 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3484
3485 case SSL_CTRL_SET_CLIENT_SIGALGS:
3486 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3487
3488 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3489 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3490
3491 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3492 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3493
3494 case SSL_CTRL_BUILD_CERT_CHAIN:
3495 return ssl_build_cert_chain(NULL, ctx, larg);
3496
3497 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3498 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3499
3500 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3501 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3502
0f113f3e
MC		 3503 /* A Thawte special :-) */
3504 case SSL_CTRL_EXTRA_CHAIN_CERT:
3505 if (ctx->extra_certs == NULL) {
3506 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3507 return (0);
3508 }
3509 sk_X509_push(ctx->extra_certs, (X509 *)parg);
3510 break;
3511
3512 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3513 if (ctx->extra_certs == NULL && larg == 0)
3514 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3515 else
3516 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3517 break;
3518
3519 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
222561fe
RS		 3520 sk_X509_pop_free(ctx->extra_certs, X509_free);
3521 ctx->extra_certs = NULL;
0f113f3e
MC		 3522 break;
3523
3524 case SSL_CTRL_CHAIN:
3525 if (larg)
3526 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3527 else
3528 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3529
3530 case SSL_CTRL_CHAIN_CERT:
3531 if (larg)
3532 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3533 else
3534 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3535
3536 case SSL_CTRL_GET_CHAIN_CERTS:
3537 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3538 break;
3539
3540 case SSL_CTRL_SELECT_CURRENT_CERT:
3541 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3542
3543 case SSL_CTRL_SET_CURRENT_CERT:
3544 return ssl_cert_set_current(ctx->cert, larg);
3545
3546 default:
3547 return (0);
3548 }
3549 return (1);
3550}
3551
3552long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3553{
0f113f3e 3554 switch (cmd) {
bc36ee62 3555#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3556 case SSL_CTRL_SET_TMP_DH_CB:
3557 {
8ca8fc48 3558 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
0f113f3e
MC		 3559 }
3560 break;
ed3883d2 3561#endif
0f113f3e
MC		 3562 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3563 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3564 break;
3565
0f113f3e
MC		 3566 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3567 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3568 break;
3569
3570 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3571 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3572 unsigned char *,
3573 EVP_CIPHER_CTX *,
3574 HMAC_CTX *, int))fp;
3575 break;
3576
e481f9b9 3577#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3578 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3579 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3580 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3581 break;
3582 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3583 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3584 ctx->srp_ctx.TLS_ext_srp_username_callback =
3585 (int (*)(SSL *, int *, void *))fp;
3586 break;
3587 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3588 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3589 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3590 (char *(*)(SSL *, void *))fp;
3591 break;
761772d7 3592#endif
0f113f3e
MC		 3593 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3594 {
3595 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3596 }
3597 break;
3598 default:
3599 return (0);
3600 }
3601 return (1);
3602}
761772d7 3603
0f113f3e
MC		 3604/*
3605 * This function needs to check if the ciphers required are actually
3606 * available
3607 */
babb3798 3608const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
0f113f3e
MC		 3609{
3610 SSL_CIPHER c;
3611 const SSL_CIPHER *cp;
90d9e49a 3612 uint32_t id;
0f113f3e 3613
90d9e49a 3614 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
0f113f3e
MC		 3615 c.id = id;
3616 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
0f113f3e
MC		 3617 return cp;
3618}
d02b48c6 3619
6b691a5c 3620int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
0f113f3e
MC		 3621{
3622 long l;
3623
3624 if (p != NULL) {
3625 l = c->id;
3626 if ((l & 0xff000000) != 0x03000000)
3627 return (0);
3628 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3629 p[1] = ((unsigned char)(l)) & 0xFF;
3630 }
3631 return (2);
3632}
d02b48c6 3633
3eb2aff4
KR		 3634/*
3635 * ssl3_choose_cipher - choose a cipher from those offered by the client
3636 * @s: SSL connection
3637 * @clnt: ciphers offered by the client
3638 * @srvr: ciphers enabled on the server?
3639 *
3640 * Returns the selected cipher or NULL when no common ciphers.
3641 */
4a640fb6 3642const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
0f113f3e
MC		 3643 STACK_OF(SSL_CIPHER) *srvr)
3644{
4a640fb6 3645 const SSL_CIPHER *c, *ret = NULL;
0f113f3e
MC		 3646 STACK_OF(SSL_CIPHER) *prio, *allow;
3647 int i, ii, ok;
361a1191 3648 unsigned long alg_k, alg_a, mask_k, mask_a;
d02b48c6 3649
0f113f3e 3650 /* Let's see which ciphers we can support */
d02b48c6 3651
836f9960 3652#if 0
0f113f3e
MC		 3653 /*
3654 * Do not set the compare functions, because this may lead to a
3655 * reordering by "id". We want to keep the original ordering. We may pay
3656 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3657 * pay with the price of sk_SSL_CIPHER_dup().
3658 */
3659 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3660 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
836f9960 3661#endif
d02b48c6 3662
f415fa32 3663#ifdef CIPHER_DEBUG
0f113f3e
MC		 3664 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3665 (void *)srvr);
3666 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3667 c = sk_SSL_CIPHER_value(srvr, i);
3668 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3669 }
3670 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3671 (void *)clnt);
3672 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3673 c = sk_SSL_CIPHER_value(clnt, i);
3674 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3675 }
f415fa32
BL		 3676#endif
3677
0f113f3e
MC		 3678 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3679 prio = srvr;
3680 allow = clnt;
3681 } else {
3682 prio = clnt;
3683 allow = srvr;
3684 }
3685
3686 tls1_set_cert_validity(s);
2cf28d61 3687 ssl_set_masks(s);
0f113f3e
MC		 3688
3689 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3690 c = sk_SSL_CIPHER_value(prio, i);
3691
3eb2aff4
KR		 3692 /* Skip ciphers not supported by the protocol version */
3693 if (!SSL_IS_DTLS(s) &&
3694 ((s->version < c->min_tls) || (s->version > c->max_tls)))
0f113f3e 3695 continue;
3eb2aff4
KR		 3696 if (SSL_IS_DTLS(s) &&
3697 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3698 DTLS_VERSION_GT(s->version, c->max_dtls)))
2b573382 3699 continue;
0f113f3e 3700
4d69f9e6
DSH		 3701 mask_k = s->s3->tmp.mask_k;
3702 mask_a = s->s3->tmp.mask_a;
edc032b5 3703#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3704 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3705 mask_k |= SSL_kSRP;
0f113f3e 3706 mask_a |= SSL_aSRP;
0f113f3e 3707 }
edc032b5 3708#endif
0f113f3e 3709
0f113f3e
MC		 3710 alg_k = c->algorithm_mkey;
3711 alg_a = c->algorithm_auth;
52b8dad8 3712
ddac1974 3713#ifndef OPENSSL_NO_PSK
0f113f3e 3714 /* with PSK there must be server callback set */
fe5eef3a 3715 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
0f113f3e
MC		 3716 continue;
3717#endif /* OPENSSL_NO_PSK */
3718
361a1191 3719 ok = (alg_k & mask_k) && (alg_a & mask_a);
d02b48c6 3720#ifdef CIPHER_DEBUG
361a1191
KR		 3721 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3722 alg_a, mask_k, mask_a, (void *)c, c->name);
d02b48c6 3723#endif
d02b48c6 3724
0f113f3e 3725# ifndef OPENSSL_NO_EC
0f113f3e
MC		 3726 /*
3727 * if we are considering an ECC cipher suite that uses an ephemeral
3728 * EC key check it
3729 */
3730 if (alg_k & SSL_kECDHE)
3731 ok = ok && tls1_check_ec_tmp_key(s, c->id);
0f113f3e 3732# endif /* OPENSSL_NO_EC */
0f113f3e
MC		 3733
3734 if (!ok)
3735 continue;
3736 ii = sk_SSL_CIPHER_find(allow, c);
3737 if (ii >= 0) {
3738 /* Check security callback permits this cipher */
3739 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4a640fb6 3740 c->strength_bits, 0, (void *)c))
0f113f3e 3741 continue;
e481f9b9 3742#if !defined(OPENSSL_NO_EC)
0f113f3e
MC		 3743 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3744 && s->s3->is_probably_safari) {
3745 if (!ret)
3746 ret = sk_SSL_CIPHER_value(allow, ii);
3747 continue;
3748 }
d89cd382 3749#endif
0f113f3e
MC		 3750 ret = sk_SSL_CIPHER_value(allow, ii);
3751 break;
3752 }
3753 }
3754 return (ret);
3755}
d02b48c6 3756
6b691a5c 3757int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
0f113f3e
MC		 3758{
3759 int ret = 0;
90d9e49a 3760 uint32_t alg_k, alg_a = 0;
0f113f3e
MC		 3761
3762 /* If we have custom certificate types set, use them */
3763 if (s->cert->ctypes) {
3764 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
3765 return (int)s->cert->ctype_num;
3766 }
3767 /* Get mask of algorithms disabled by signature list */
3768 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
0f113f3e
MC		 3769
3770 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
d02b48c6 3771
caa97ef1 3772#ifndef OPENSSL_NO_GOST
0f113f3e
MC		 3773 if (s->version >= TLS1_VERSION) {
3774 if (alg_k & SSL_kGOST) {
0f113f3e 3775 p[ret++] = TLS_CT_GOST01_SIGN;
e44380a9
DB		 3776 p[ret++] = TLS_CT_GOST12_SIGN;
3777 p[ret++] = TLS_CT_GOST12_512_SIGN;
0f113f3e
MC		 3778 return (ret);
3779 }
3780 }
caa97ef1
DSH		 3781#endif
3782
bc71f910 3783 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
bc36ee62 3784#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3785# ifndef OPENSSL_NO_RSA
3786 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3787# endif
3788# ifndef OPENSSL_NO_DSA
3789 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3790# endif
0f113f3e 3791#endif /* !OPENSSL_NO_DH */
1e0784ff 3792 }
bc36ee62 3793#ifndef OPENSSL_NO_RSA
0f113f3e
MC		 3794 if (!(alg_a & SSL_aRSA))
3795 p[ret++] = SSL3_CT_RSA_SIGN;
d02b48c6 3796#endif
bc36ee62 3797#ifndef OPENSSL_NO_DSA
0f113f3e
MC		 3798 if (!(alg_a & SSL_aDSS))
3799 p[ret++] = SSL3_CT_DSS_SIGN;
dfeab068 3800#endif
10bf4fc2 3801#ifndef OPENSSL_NO_EC
0f113f3e 3802 /*
c66ce5eb 3803 * ECDSA certs can be used with RSA cipher suites too so we don't
0f113f3e
MC		 3804 * need to check for SSL_kECDH or SSL_kECDHE
3805 */
3806 if (s->version >= TLS1_VERSION) {
3807 if (!(alg_a & SSL_aECDSA))
3808 p[ret++] = TLS_CT_ECDSA_SIGN;
3809 }
3810#endif
3811 return (ret);
3812}
d02b48c6 3813
9f27b1ee 3814static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
0f113f3e 3815{
b548a1f1
RS		 3816 OPENSSL_free(c->ctypes);
3817 c->ctypes = NULL;
0f113f3e
MC		 3818 if (!p || !len)
3819 return 1;
3820 if (len > 0xff)
3821 return 0;
3822 c->ctypes = OPENSSL_malloc(len);
a71edf3b 3823 if (c->ctypes == NULL)
0f113f3e
MC		 3824 return 0;
3825 memcpy(c->ctypes, p, len);
3826 c->ctype_num = len;
3827 return 1;
3828}
9f27b1ee 3829
6b691a5c 3830int ssl3_shutdown(SSL *s)
0f113f3e
MC		 3831{
3832 int ret;
3833
3834 /*
3835 * Don't do anything much if we have not done the handshake or we don't
3836 * want to send messages :-)
3837 */
c874def6 3838 if (s->quiet_shutdown || SSL_in_before(s)) {
0f113f3e
MC		 3839 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3840 return (1);
3841 }
3842
3843 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3844 s->shutdown |= SSL_SENT_SHUTDOWN;
0f113f3e 3845 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
0f113f3e
MC		 3846 /*
3847 * our shutdown alert has been sent now, and if it still needs to be
3848 * written, s->s3->alert_dispatch will be true
3849 */
3850 if (s->s3->alert_dispatch)
3851 return (-1); /* return WANT_WRITE */
3852 } else if (s->s3->alert_dispatch) {
3853 /* resend it if not sent */
0f113f3e
MC		 3854 ret = s->method->ssl_dispatch_alert(s);
3855 if (ret == -1) {
3856 /*
3857 * we only get to return -1 here the 2nd/Nth invocation, we must
8483a003 3858 * have already signalled return 0 upon a previous invocation,
0f113f3e
MC		 3859 * return WANT_WRITE
3860 */
3861 return (ret);
3862 }
0f113f3e
MC		 3863 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3864 /*
3865 * If we are waiting for a close from our peer, we are closed
3866 */
657da85e 3867 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
0f113f3e
MC		 3868 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3869 return (-1); /* return WANT_READ */
3870 }
3871 }
3872
3873 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3874 !s->s3->alert_dispatch)
3875 return (1);
3876 else
3877 return (0);
3878}
d02b48c6 3879
61f5b6f3 3880int ssl3_write(SSL *s, const void *buf, int len)
0f113f3e 3881{
0f113f3e
MC		 3882 clear_sys_error();
3883 if (s->s3->renegotiate)
3884 ssl3_renegotiate_check(s);
3885
57787ac8 3886 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
0f113f3e 3887 buf, len);
0f113f3e 3888}
d02b48c6 3889
5a4fbc69 3890static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
0f113f3e
MC		 3891{
3892 int ret;
3893
3894 clear_sys_error();
3895 if (s->s3->renegotiate)
3896 ssl3_renegotiate_check(s);
3897 s->s3->in_read_app_data = 1;
3898 ret =
657da85e 3899 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
0f113f3e
MC		 3900 peek);
3901 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3902 /*
3903 * ssl3_read_bytes decided to call s->handshake_func, which called
3904 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3905 * actually found application data and thinks that application data
3906 * makes sense here; so disable handshake processing and try to read
3907 * application data again.
3908 */
024f543c 3909 ossl_statem_set_in_handshake(s, 1);
0f113f3e 3910 ret =
657da85e
MC		 3911 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3912 len, peek);
024f543c 3913 ossl_statem_set_in_handshake(s, 0);
0f113f3e
MC		 3914 } else
3915 s->s3->in_read_app_data = 0;
3916
3917 return (ret);
3918}
d02b48c6 3919
5a4fbc69 3920int ssl3_read(SSL *s, void *buf, int len)
0f113f3e
MC		 3921{
3922 return ssl3_read_internal(s, buf, len, 0);
3923}
d02b48c6 3924
e34cfcf7 3925int ssl3_peek(SSL *s, void *buf, int len)
0f113f3e
MC		 3926{
3927 return ssl3_read_internal(s, buf, len, 1);
3928}
d02b48c6 3929
6b691a5c 3930int ssl3_renegotiate(SSL *s)
0f113f3e
MC		 3931{
3932 if (s->handshake_func == NULL)
3933 return (1);
d02b48c6 3934
0f113f3e
MC		 3935 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3936 return (0);
d02b48c6 3937
0f113f3e
MC		 3938 s->s3->renegotiate = 1;
3939 return (1);
3940}
d02b48c6 3941
6b691a5c 3942int ssl3_renegotiate_check(SSL *s)
0f113f3e
MC		 3943{
3944 int ret = 0;
3945
3946 if (s->s3->renegotiate) {
f161995e
MC		 3947 if (!RECORD_LAYER_read_pending(&s->rlayer)
3948 && !RECORD_LAYER_write_pending(&s->rlayer)
db9a32e7 3949 && !SSL_in_init(s)) {
0f113f3e
MC		 3950 /*
3951 * if we are the server, and we have sent a 'RENEGOTIATE'
49ae7423
MC		 3952 * message, we need to set the state machine into the renegotiate
3953 * state.
0f113f3e 3954 */
fe3a3291 3955 ossl_statem_set_renegotiate(s);
0f113f3e
MC		 3956 s->s3->renegotiate = 0;
3957 s->s3->num_renegotiations++;
3958 s->s3->total_renegotiations++;
3959 ret = 1;
3960 }
3961 }
3962 return (ret);
3963}
3964
58964a49 3965/*
0f113f3e
MC		 3966 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3967 * handshake macs if required.
12053a81
DSH		 3968 *
3969 * If PSK and using SHA384 for TLS < 1.2 switch to default.
7409d7ad
DSH		 3970 */
3971long ssl_get_algorithm2(SSL *s)
0f113f3e
MC		 3972{
3973 long alg2 = s->s3->tmp.new_cipher->algorithm2;
12053a81
DSH		 3974 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3975 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3976 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3977 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3978 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3979 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3980 }
0f113f3e
MC		 3981 return alg2;
3982}
a3680c8f
MC		 3983
3984/*
3985 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3986 * failure, 1 on success.
3987 */
3988int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
3989{
3990 int send_time = 0;
3991
3992 if (len < 4)
3993 return 0;
3994 if (server)
3995 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
3996 else
3997 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
3998 if (send_time) {
3999 unsigned long Time = (unsigned long)time(NULL);
4000 unsigned char *p = result;
4001 l2n(Time, p);
4002 return RAND_bytes(p, len - 4);
4003 } else
4004 return RAND_bytes(result, len);
4005}
57b272b0
DSH		 4006
4007int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4008 int free_pms)
4009{
8a0a12e5
DSH		 4010#ifndef OPENSSL_NO_PSK
4011 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4012 if (alg_k & SSL_PSK) {
4013 unsigned char *pskpms, *t;
4014 size_t psklen = s->s3->tmp.psklen;
4015 size_t pskpmslen;
4016
4017 /* create PSK premaster_secret */
4018
4019 /* For plain PSK "other_secret" is psklen zeroes */
4020 if (alg_k & SSL_kPSK)
4021 pmslen = psklen;
4022
4023 pskpmslen = 4 + pmslen + psklen;
4024 pskpms = OPENSSL_malloc(pskpmslen);
a784665e
DSH		 4025 if (pskpms == NULL) {
4026 s->session->master_key_length = 0;
4027 goto err;
4028 }
8a0a12e5
DSH		 4029 t = pskpms;
4030 s2n(pmslen, t);
4031 if (alg_k & SSL_kPSK)
4032 memset(t, 0, pmslen);
4033 else
4034 memcpy(t, pms, pmslen);
4035 t += pmslen;
4036 s2n(psklen, t);
4037 memcpy(t, s->s3->tmp.psk, psklen);
4038
4039 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4040 s->s3->tmp.psk = NULL;
4041 s->session->master_key_length =
4042 s->method->ssl3_enc->generate_master_secret(s,
4043 s->session->master_key,
4044 pskpms, pskpmslen);
4045 OPENSSL_clear_free(pskpms, pskpmslen);
4046 } else
4047#endif
4048 s->session->master_key_length =
4049 s->method->ssl3_enc->generate_master_secret(s,
4050 s->session->master_key,
4051 pms, pmslen);
9076bd25 4052#ifndef OPENSSL_NO_PSK
a784665e 4053 err:
9076bd25 4054#endif
8a0a12e5
DSH		 4055 if (pms) {
4056 if (free_pms)
4057 OPENSSL_clear_free(pms, pmslen);
4058 else
4059 OPENSSL_cleanse(pms, pmslen);
4060 }
57b272b0
DSH		 4061 if (s->server == 0)
4062 s->s3->tmp.pms = NULL;
4063 return s->session->master_key_length >= 0;
4064}
3f3504bd
DSH		 4065
4066/* Generate a private key from parameters or a curve NID */
4067EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int nid)
4068{
4069 EVP_PKEY_CTX *pctx = NULL;
4070 EVP_PKEY *pkey = NULL;
4071 if (pm != NULL) {
4072 pctx = EVP_PKEY_CTX_new(pm, NULL);
4073 } else {
e4cf8663
DSH		 4074 /*
4075 * Generate a new key for this curve.
4076 * Should not be called if EC is disabled: if it is it will
4077 * fail with an unknown algorithm error.
4078 */
3f3504bd
DSH		 4079 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4080 }
4081 if (pctx == NULL)
4082 goto err;
4083 if (EVP_PKEY_keygen_init(pctx) <= 0)
4084 goto err;
e4cf8663 4085#ifndef OPENSSL_NO_EC
3f3504bd
DSH		 4086 if (pm == NULL && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4087 goto err;
e4cf8663 4088#endif
3f3504bd
DSH		 4089
4090 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4091 EVP_PKEY_free(pkey);
4092 pkey = NULL;
4093 }
4094
4095 err:
4096 EVP_PKEY_CTX_free(pctx);
4097 return pkey;
4098}
4099/* Derive premaster or master secret for ECDH/DH */
4100int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4101{
4102 int rv = 0;
4103 unsigned char *pms = NULL;
4104 size_t pmslen = 0;
4105 EVP_PKEY_CTX *pctx;
4106
4107 if (privkey == NULL || pubkey == NULL)
4108 return 0;
4109
4110 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4111
4112 if (EVP_PKEY_derive_init(pctx) <= 0
4113 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4114 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4115 goto err;
4116 }
4117
4118 pms = OPENSSL_malloc(pmslen);
4119 if (pms == NULL)
4120 goto err;
4121
4122 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4123 goto err;
4124
4125 if (s->server) {
4126 /* For server generate master secret and discard premaster */
4127 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4128 pms = NULL;
4129 } else {
4130 /* For client just save premaster secret */
4131 s->s3->tmp.pms = pms;
4132 s->s3->tmp.pmslen = pmslen;
4133 pms = NULL;
4134 rv = 1;
4135 }
4136
4137 err:
4138 OPENSSL_clear_free(pms, pmslen);
4139 EVP_PKEY_CTX_free(pctx);
4140 return rv;
4141}
6c4e6670 4142
1e0784ff 4143#ifndef OPENSSL_NO_DH
6c4e6670
DSH		 4144EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4145{
4146 EVP_PKEY *ret;
4147 if (dh == NULL)
4148 return NULL;
4149 ret = EVP_PKEY_new();
4150 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
4151 EVP_PKEY_free(ret);
4152 return NULL;
4153 }
4154 return ret;
4155}
1e0784ff 4156#endif
A mirror of the official openssl repository