]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/s3_lib.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Disable the test-ec completely when building with no-ec
[thirdparty/openssl.git] / ssl / s3_lib.c
CommitLineData
846e33c7 1/*
98278b96 2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
aa8f3d76 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
c80149d9 4 * Copyright 2005 Nokia. All rights reserved.
5a4fbc69 5 *
2c18d164 6 * Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7
RS		 7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
5a4fbc69 10 */
846e33c7 11
d02b48c6 12#include <stdio.h>
ec577822 13#include <openssl/objects.h>
677963e5 14#include "internal/nelem.h"
706457b7 15#include "ssl_local.h"
dbad1690 16#include <openssl/md5.h>
3c27208f 17#include <openssl/dh.h>
a3680c8f 18#include <openssl/rand.h>
77359d22 19#include <openssl/trace.h>
9f0f53b7 20#include <openssl/x509v3.h>
5b5eea4b 21#include <openssl/core_names.h>
5f8dd0f8 22#include "internal/cryptlib.h"
d02b48c6 23
f865b081 24#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
b6eb9827 25#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
650c6e41 26#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
d02b48c6 27
643a3580
MC		 28/* TLSv1.3 downgrade protection sentinel values */
29const unsigned char tls11downgrade[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
31};
32const unsigned char tls12downgrade[] = {
33 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
34};
35
f865b081
MC		 36/* The list of available TLSv1.3 ciphers */
37static SSL_CIPHER tls13_ciphers[] = {
38 {
39 1,
40 TLS1_3_RFC_AES_128_GCM_SHA256,
41 TLS1_3_RFC_AES_128_GCM_SHA256,
42 TLS1_3_CK_AES_128_GCM_SHA256,
f80c8643
MC		 43 SSL_kANY,
44 SSL_aANY,
f865b081
MC		 45 SSL_AES128GCM,
46 SSL_AEAD,
47 TLS1_3_VERSION, TLS1_3_VERSION,
f80c8643 48 0, 0,
f865b081
MC		 49 SSL_HIGH,
50 SSL_HANDSHAKE_MAC_SHA256,
51 128,
52 128,
53 }, {
54 1,
55 TLS1_3_RFC_AES_256_GCM_SHA384,
56 TLS1_3_RFC_AES_256_GCM_SHA384,
57 TLS1_3_CK_AES_256_GCM_SHA384,
58 SSL_kANY,
59 SSL_aANY,
60 SSL_AES256GCM,
61 SSL_AEAD,
62 TLS1_3_VERSION, TLS1_3_VERSION,
63 0, 0,
64 SSL_HIGH,
65 SSL_HANDSHAKE_MAC_SHA384,
66 256,
67 256,
68 },
69#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
70 {
71 1,
72 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
73 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
74 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
75 SSL_kANY,
76 SSL_aANY,
77 SSL_CHACHA20POLY1305,
78 SSL_AEAD,
79 TLS1_3_VERSION, TLS1_3_VERSION,
80 0, 0,
81 SSL_HIGH,
82 SSL_HANDSHAKE_MAC_SHA256,
83 256,
84 256,
85 },
86#endif
87 {
88 1,
89 TLS1_3_RFC_AES_128_CCM_SHA256,
90 TLS1_3_RFC_AES_128_CCM_SHA256,
91 TLS1_3_CK_AES_128_CCM_SHA256,
92 SSL_kANY,
93 SSL_aANY,
94 SSL_AES128CCM,
95 SSL_AEAD,
96 TLS1_3_VERSION, TLS1_3_VERSION,
97 0, 0,
98 SSL_NOT_DEFAULT | SSL_HIGH,
99 SSL_HANDSHAKE_MAC_SHA256,
100 128,
101 128,
102 }, {
103 1,
104 TLS1_3_RFC_AES_128_CCM_8_SHA256,
105 TLS1_3_RFC_AES_128_CCM_8_SHA256,
106 TLS1_3_CK_AES_128_CCM_8_SHA256,
107 SSL_kANY,
108 SSL_aANY,
109 SSL_AES128CCM8,
110 SSL_AEAD,
111 TLS1_3_VERSION, TLS1_3_VERSION,
112 0, 0,
113 SSL_NOT_DEFAULT | SSL_HIGH,
114 SSL_HANDSHAKE_MAC_SHA256,
115 128,
116 128,
117 }
118};
119
748f2546 120/*
ef28891b 121 * The list of available ciphers, mostly organized into the following
748f2546
RS		 122 * groups:
123 * Always there
124 * EC
125 * PSK
126 * SRP (within that: RSA EC PSK)
9bb6f829 127 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
748f2546
RS		 128 * Weak ciphers
129 */
a230b26e 130static SSL_CIPHER ssl3_ciphers[] = {
0f113f3e
MC		 131 {
132 1,
133 SSL3_TXT_RSA_NULL_MD5,
bbb4ceb8 134 SSL3_RFC_RSA_NULL_MD5,
0f113f3e
MC		 135 SSL3_CK_RSA_NULL_MD5,
136 SSL_kRSA,
137 SSL_aRSA,
138 SSL_eNULL,
139 SSL_MD5,
3eb2aff4 140 SSL3_VERSION, TLS1_2_VERSION,
387cf213 141 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 142 SSL_STRONG_NONE,
0f113f3e
MC		 143 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
144 0,
145 0,
146 },
0f113f3e
MC		 147 {
148 1,
149 SSL3_TXT_RSA_NULL_SHA,
bbb4ceb8 150 SSL3_RFC_RSA_NULL_SHA,
0f113f3e
MC		 151 SSL3_CK_RSA_NULL_SHA,
152 SSL_kRSA,
153 SSL_aRSA,
154 SSL_eNULL,
155 SSL_SHA1,
3eb2aff4 156 SSL3_VERSION, TLS1_2_VERSION,
387cf213 157 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 158 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 159 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
160 0,
161 0,
162 },
d33726b9 163#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
0f113f3e
MC		 164 {
165 1,
166 SSL3_TXT_RSA_DES_192_CBC3_SHA,
bbb4ceb8 167 SSL3_RFC_RSA_DES_192_CBC3_SHA,
0f113f3e
MC		 168 SSL3_CK_RSA_DES_192_CBC3_SHA,
169 SSL_kRSA,
170 SSL_aRSA,
171 SSL_3DES,
172 SSL_SHA1,
3eb2aff4 173 SSL3_VERSION, TLS1_2_VERSION,
387cf213 174 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 175 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 176 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
177 112,
178 168,
179 },
0f113f3e
MC		 180 {
181 1,
182 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
bbb4ceb8 183 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
0f113f3e
MC		 184 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
185 SSL_kDHE,
186 SSL_aDSS,
187 SSL_3DES,
188 SSL_SHA1,
3eb2aff4 189 SSL3_VERSION, TLS1_2_VERSION,
387cf213 190 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 191 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 192 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
193 112,
194 168,
195 },
0f113f3e
MC		 196 {
197 1,
198 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
bbb4ceb8 199 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
0f113f3e
MC		 200 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
201 SSL_kDHE,
202 SSL_aRSA,
203 SSL_3DES,
204 SSL_SHA1,
3eb2aff4 205 SSL3_VERSION, TLS1_2_VERSION,
387cf213 206 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 207 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 208 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
209 112,
210 168,
211 },
0f113f3e
MC		 212 {
213 1,
214 SSL3_TXT_ADH_DES_192_CBC_SHA,
bbb4ceb8 215 SSL3_RFC_ADH_DES_192_CBC_SHA,
0f113f3e
MC		 216 SSL3_CK_ADH_DES_192_CBC_SHA,
217 SSL_kDHE,
218 SSL_aNULL,
219 SSL_3DES,
220 SSL_SHA1,
3eb2aff4 221 SSL3_VERSION, TLS1_2_VERSION,
387cf213 222 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 223 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 224 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
225 112,
226 168,
227 },
d33726b9 228#endif
0f113f3e
MC		 229 {
230 1,
231 TLS1_TXT_RSA_WITH_AES_128_SHA,
bbb4ceb8 232 TLS1_RFC_RSA_WITH_AES_128_SHA,
0f113f3e
MC		 233 TLS1_CK_RSA_WITH_AES_128_SHA,
234 SSL_kRSA,
235 SSL_aRSA,
236 SSL_AES128,
237 SSL_SHA1,
3eb2aff4 238 SSL3_VERSION, TLS1_2_VERSION,
387cf213 239 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 240 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 241 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
242 128,
243 128,
244 },
0f113f3e
MC		 245 {
246 1,
247 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
bbb4ceb8 248 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
0f113f3e
MC		 249 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
250 SSL_kDHE,
251 SSL_aDSS,
252 SSL_AES128,
253 SSL_SHA1,
3eb2aff4 254 SSL3_VERSION, TLS1_2_VERSION,
387cf213 255 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 256 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
258 128,
259 128,
260 },
0f113f3e
MC		 261 {
262 1,
263 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
bbb4ceb8 264 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
0f113f3e
MC		 265 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
266 SSL_kDHE,
267 SSL_aRSA,
268 SSL_AES128,
269 SSL_SHA1,
3eb2aff4 270 SSL3_VERSION, TLS1_2_VERSION,
387cf213 271 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 272 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 273 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
274 128,
275 128,
276 },
0f113f3e
MC		 277 {
278 1,
279 TLS1_TXT_ADH_WITH_AES_128_SHA,
bbb4ceb8 280 TLS1_RFC_ADH_WITH_AES_128_SHA,
0f113f3e
MC		 281 TLS1_CK_ADH_WITH_AES_128_SHA,
282 SSL_kDHE,
283 SSL_aNULL,
284 SSL_AES128,
285 SSL_SHA1,
3eb2aff4 286 SSL3_VERSION, TLS1_2_VERSION,
387cf213 287 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 288 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 289 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
290 128,
291 128,
292 },
0f113f3e
MC		 293 {
294 1,
295 TLS1_TXT_RSA_WITH_AES_256_SHA,
bbb4ceb8 296 TLS1_RFC_RSA_WITH_AES_256_SHA,
0f113f3e
MC		 297 TLS1_CK_RSA_WITH_AES_256_SHA,
298 SSL_kRSA,
299 SSL_aRSA,
300 SSL_AES256,
301 SSL_SHA1,
3eb2aff4 302 SSL3_VERSION, TLS1_2_VERSION,
387cf213 303 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 304 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 305 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
306 256,
307 256,
308 },
0f113f3e
MC		 309 {
310 1,
311 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
bbb4ceb8 312 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
0f113f3e
MC		 313 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
314 SSL_kDHE,
315 SSL_aDSS,
316 SSL_AES256,
317 SSL_SHA1,
3eb2aff4 318 SSL3_VERSION, TLS1_2_VERSION,
387cf213 319 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 320 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 321 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
322 256,
323 256,
324 },
0f113f3e
MC		 325 {
326 1,
327 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
bbb4ceb8 328 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
0f113f3e
MC		 329 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
330 SSL_kDHE,
331 SSL_aRSA,
332 SSL_AES256,
333 SSL_SHA1,
3eb2aff4 334 SSL3_VERSION, TLS1_2_VERSION,
387cf213 335 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 336 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 337 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
338 256,
339 256,
340 },
0f113f3e
MC		 341 {
342 1,
343 TLS1_TXT_ADH_WITH_AES_256_SHA,
bbb4ceb8 344 TLS1_RFC_ADH_WITH_AES_256_SHA,
0f113f3e
MC		 345 TLS1_CK_ADH_WITH_AES_256_SHA,
346 SSL_kDHE,
347 SSL_aNULL,
348 SSL_AES256,
349 SSL_SHA1,
3eb2aff4 350 SSL3_VERSION, TLS1_2_VERSION,
387cf213 351 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 352 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 353 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
354 256,
355 256,
356 },
0f113f3e
MC		 357 {
358 1,
359 TLS1_TXT_RSA_WITH_NULL_SHA256,
bbb4ceb8 360 TLS1_RFC_RSA_WITH_NULL_SHA256,
0f113f3e
MC		 361 TLS1_CK_RSA_WITH_NULL_SHA256,
362 SSL_kRSA,
363 SSL_aRSA,
364 SSL_eNULL,
365 SSL_SHA256,
3eb2aff4
KR		 366 TLS1_2_VERSION, TLS1_2_VERSION,
367 DTLS1_2_VERSION, DTLS1_2_VERSION,
1510b5f7 368 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 369 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
370 0,
371 0,
372 },
0f113f3e
MC		 373 {
374 1,
375 TLS1_TXT_RSA_WITH_AES_128_SHA256,
bbb4ceb8 376 TLS1_RFC_RSA_WITH_AES_128_SHA256,
0f113f3e
MC		 377 TLS1_CK_RSA_WITH_AES_128_SHA256,
378 SSL_kRSA,
379 SSL_aRSA,
380 SSL_AES128,
381 SSL_SHA256,
3eb2aff4
KR		 382 TLS1_2_VERSION, TLS1_2_VERSION,
383 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 384 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
386 128,
387 128,
388 },
0f113f3e
MC		 389 {
390 1,
391 TLS1_TXT_RSA_WITH_AES_256_SHA256,
bbb4ceb8 392 TLS1_RFC_RSA_WITH_AES_256_SHA256,
0f113f3e
MC		 393 TLS1_CK_RSA_WITH_AES_256_SHA256,
394 SSL_kRSA,
395 SSL_aRSA,
396 SSL_AES256,
397 SSL_SHA256,
3eb2aff4
KR		 398 TLS1_2_VERSION, TLS1_2_VERSION,
399 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 400 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 401 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
402 256,
403 256,
404 },
0f113f3e
MC		 405 {
406 1,
407 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
bbb4ceb8 408 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
0f113f3e
MC		 409 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
410 SSL_kDHE,
411 SSL_aDSS,
412 SSL_AES128,
413 SSL_SHA256,
3eb2aff4
KR		 414 TLS1_2_VERSION, TLS1_2_VERSION,
415 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 416 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 417 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
418 128,
419 128,
420 },
0f113f3e
MC		 421 {
422 1,
423 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
bbb4ceb8 424 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
0f113f3e
MC		 425 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
426 SSL_kDHE,
427 SSL_aRSA,
428 SSL_AES128,
429 SSL_SHA256,
3eb2aff4
KR		 430 TLS1_2_VERSION, TLS1_2_VERSION,
431 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 432 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 433 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
434 128,
435 128,
436 },
0f113f3e
MC		 437 {
438 1,
439 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
bbb4ceb8 440 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
0f113f3e
MC		 441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
442 SSL_kDHE,
443 SSL_aDSS,
444 SSL_AES256,
445 SSL_SHA256,
3eb2aff4
KR		 446 TLS1_2_VERSION, TLS1_2_VERSION,
447 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 448 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 449 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
450 256,
451 256,
452 },
0f113f3e
MC		 453 {
454 1,
455 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
bbb4ceb8 456 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
0f113f3e
MC		 457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
458 SSL_kDHE,
459 SSL_aRSA,
460 SSL_AES256,
461 SSL_SHA256,
3eb2aff4
KR		 462 TLS1_2_VERSION, TLS1_2_VERSION,
463 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 464 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 465 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
466 256,
467 256,
468 },
0f113f3e
MC		 469 {
470 1,
471 TLS1_TXT_ADH_WITH_AES_128_SHA256,
bbb4ceb8 472 TLS1_RFC_ADH_WITH_AES_128_SHA256,
0f113f3e
MC		 473 TLS1_CK_ADH_WITH_AES_128_SHA256,
474 SSL_kDHE,
475 SSL_aNULL,
476 SSL_AES128,
477 SSL_SHA256,
3eb2aff4
KR		 478 TLS1_2_VERSION, TLS1_2_VERSION,
479 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 480 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 481 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
482 128,
483 128,
484 },
0f113f3e
MC		 485 {
486 1,
487 TLS1_TXT_ADH_WITH_AES_256_SHA256,
bbb4ceb8 488 TLS1_RFC_ADH_WITH_AES_256_SHA256,
0f113f3e
MC		 489 TLS1_CK_ADH_WITH_AES_256_SHA256,
490 SSL_kDHE,
491 SSL_aNULL,
492 SSL_AES256,
493 SSL_SHA256,
3eb2aff4
KR		 494 TLS1_2_VERSION, TLS1_2_VERSION,
495 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 496 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 497 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
498 256,
499 256,
500 },
0f113f3e
MC		 501 {
502 1,
748f2546 503 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
bbb4ceb8 504 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
748f2546
RS		 505 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
506 SSL_kRSA,
507 SSL_aRSA,
508 SSL_AES128GCM,
509 SSL_AEAD,
510 TLS1_2_VERSION, TLS1_2_VERSION,
511 DTLS1_2_VERSION, DTLS1_2_VERSION,
512 SSL_HIGH | SSL_FIPS,
513 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
514 128,
515 128,
516 },
0f113f3e
MC		 517 {
518 1,
748f2546 519 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
bbb4ceb8 520 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
748f2546 521 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
0f113f3e
MC		 522 SSL_kRSA,
523 SSL_aRSA,
748f2546
RS		 524 SSL_AES256GCM,
525 SSL_AEAD,
526 TLS1_2_VERSION, TLS1_2_VERSION,
527 DTLS1_2_VERSION, DTLS1_2_VERSION,
528 SSL_HIGH | SSL_FIPS,
529 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 530 256,
531 256,
532 },
0f113f3e
MC		 533 {
534 1,
748f2546 535 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
bbb4ceb8 536 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
748f2546 537 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
0f113f3e 538 SSL_kDHE,
748f2546
RS		 539 SSL_aRSA,
540 SSL_AES128GCM,
541 SSL_AEAD,
542 TLS1_2_VERSION, TLS1_2_VERSION,
543 DTLS1_2_VERSION, DTLS1_2_VERSION,
544 SSL_HIGH | SSL_FIPS,
545 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
546 128,
547 128,
0f113f3e 548 },
0f113f3e
MC		 549 {
550 1,
748f2546 551 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
bbb4ceb8 552 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
748f2546 553 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
0f113f3e
MC		 554 SSL_kDHE,
555 SSL_aRSA,
748f2546
RS		 556 SSL_AES256GCM,
557 SSL_AEAD,
558 TLS1_2_VERSION, TLS1_2_VERSION,
559 DTLS1_2_VERSION, DTLS1_2_VERSION,
560 SSL_HIGH | SSL_FIPS,
561 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 562 256,
563 256,
564 },
0f113f3e
MC		 565 {
566 1,
748f2546 567 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
bbb4ceb8 568 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
748f2546 569 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
0f113f3e 570 SSL_kDHE,
748f2546
RS		 571 SSL_aDSS,
572 SSL_AES128GCM,
573 SSL_AEAD,
574 TLS1_2_VERSION, TLS1_2_VERSION,
575 DTLS1_2_VERSION, DTLS1_2_VERSION,
576 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
577 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 578 128,
579 128,
580 },
0f113f3e
MC		 581 {
582 1,
748f2546 583 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
bbb4ceb8 584 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
748f2546
RS		 585 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
586 SSL_kDHE,
587 SSL_aDSS,
588 SSL_AES256GCM,
589 SSL_AEAD,
590 TLS1_2_VERSION, TLS1_2_VERSION,
591 DTLS1_2_VERSION, DTLS1_2_VERSION,
592 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
593 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
594 256,
595 256,
0f113f3e 596 },
0f113f3e
MC		 597 {
598 1,
748f2546 599 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
bbb4ceb8 600 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
748f2546
RS		 601 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
602 SSL_kDHE,
603 SSL_aNULL,
604 SSL_AES128GCM,
605 SSL_AEAD,
606 TLS1_2_VERSION, TLS1_2_VERSION,
607 DTLS1_2_VERSION, DTLS1_2_VERSION,
608 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
609 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 610 128,
611 128,
612 },
0f113f3e
MC		 613 {
614 1,
748f2546 615 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
bbb4ceb8 616 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
748f2546
RS		 617 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
618 SSL_kDHE,
619 SSL_aNULL,
620 SSL_AES256GCM,
621 SSL_AEAD,
622 TLS1_2_VERSION, TLS1_2_VERSION,
623 DTLS1_2_VERSION, DTLS1_2_VERSION,
624 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
625 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 626 256,
627 256,
628 },
ea6114c6
DSH		 629 {
630 1,
748f2546 631 TLS1_TXT_RSA_WITH_AES_128_CCM,
bbb4ceb8 632 TLS1_RFC_RSA_WITH_AES_128_CCM,
748f2546
RS		 633 TLS1_CK_RSA_WITH_AES_128_CCM,
634 SSL_kRSA,
635 SSL_aRSA,
636 SSL_AES128CCM,
637 SSL_AEAD,
638 TLS1_2_VERSION, TLS1_2_VERSION,
639 DTLS1_2_VERSION, DTLS1_2_VERSION,
640 SSL_NOT_DEFAULT | SSL_HIGH,
641 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 642 128,
643 128,
644 },
ea6114c6
DSH		 645 {
646 1,
748f2546 647 TLS1_TXT_RSA_WITH_AES_256_CCM,
bbb4ceb8 648 TLS1_RFC_RSA_WITH_AES_256_CCM,
748f2546
RS		 649 TLS1_CK_RSA_WITH_AES_256_CCM,
650 SSL_kRSA,
651 SSL_aRSA,
652 SSL_AES256CCM,
653 SSL_AEAD,
654 TLS1_2_VERSION, TLS1_2_VERSION,
655 DTLS1_2_VERSION, DTLS1_2_VERSION,
656 SSL_NOT_DEFAULT | SSL_HIGH,
657 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
658 256,
659 256,
ea6114c6 660 },
ea6114c6
DSH		 661 {
662 1,
748f2546 663 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
bbb4ceb8 664 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
748f2546
RS		 665 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
666 SSL_kDHE,
667 SSL_aRSA,
668 SSL_AES128CCM,
669 SSL_AEAD,
670 TLS1_2_VERSION, TLS1_2_VERSION,
671 DTLS1_2_VERSION, DTLS1_2_VERSION,
672 SSL_NOT_DEFAULT | SSL_HIGH,
673 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 674 128,
675 128,
676 },
ea6114c6
DSH		 677 {
678 1,
748f2546 679 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
bbb4ceb8 680 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
748f2546
RS		 681 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
682 SSL_kDHE,
683 SSL_aRSA,
684 SSL_AES256CCM,
685 SSL_AEAD,
686 TLS1_2_VERSION, TLS1_2_VERSION,
687 DTLS1_2_VERSION, DTLS1_2_VERSION,
688 SSL_NOT_DEFAULT | SSL_HIGH,
689 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 690 256,
691 256,
692 },
ea6114c6
DSH		 693 {
694 1,
748f2546 695 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
bbb4ceb8 696 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
748f2546
RS		 697 TLS1_CK_RSA_WITH_AES_128_CCM_8,
698 SSL_kRSA,
ea6114c6 699 SSL_aRSA,
748f2546 700 SSL_AES128CCM8,
0f113f3e 701 SSL_AEAD,
3eb2aff4
KR		 702 TLS1_2_VERSION, TLS1_2_VERSION,
703 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 704 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 705 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
706 128,
707 128,
708 },
0f113f3e
MC		 709 {
710 1,
748f2546 711 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
bbb4ceb8 712 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
748f2546 713 TLS1_CK_RSA_WITH_AES_256_CCM_8,
0f113f3e
MC		 714 SSL_kRSA,
715 SSL_aRSA,
748f2546 716 SSL_AES256CCM8,
0f113f3e 717 SSL_AEAD,
3eb2aff4
KR		 718 TLS1_2_VERSION, TLS1_2_VERSION,
719 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 720 SSL_NOT_DEFAULT | SSL_HIGH,
721 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 722 256,
723 256,
724 },
0f113f3e
MC		 725 {
726 1,
748f2546 727 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
bbb4ceb8 728 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
748f2546 729 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
0f113f3e
MC		 730 SSL_kDHE,
731 SSL_aRSA,
748f2546 732 SSL_AES128CCM8,
0f113f3e 733 SSL_AEAD,
3eb2aff4
KR		 734 TLS1_2_VERSION, TLS1_2_VERSION,
735 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 736 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 737 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
738 128,
739 128,
740 },
0f113f3e
MC		 741 {
742 1,
748f2546 743 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
bbb4ceb8 744 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
748f2546 745 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
0f113f3e
MC		 746 SSL_kDHE,
747 SSL_aRSA,
748f2546 748 SSL_AES256CCM8,
0f113f3e 749 SSL_AEAD,
3eb2aff4
KR		 750 TLS1_2_VERSION, TLS1_2_VERSION,
751 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 752 SSL_NOT_DEFAULT | SSL_HIGH,
753 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 754 256,
755 256,
756 },
0f113f3e
MC		 757 {
758 1,
748f2546 759 TLS1_TXT_PSK_WITH_AES_128_CCM,
bbb4ceb8 760 TLS1_RFC_PSK_WITH_AES_128_CCM,
748f2546
RS		 761 TLS1_CK_PSK_WITH_AES_128_CCM,
762 SSL_kPSK,
763 SSL_aPSK,
764 SSL_AES128CCM,
0f113f3e 765 SSL_AEAD,
3eb2aff4
KR		 766 TLS1_2_VERSION, TLS1_2_VERSION,
767 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 768 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 769 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
770 128,
771 128,
772 },
0f113f3e
MC		 773 {
774 1,
748f2546 775 TLS1_TXT_PSK_WITH_AES_256_CCM,
bbb4ceb8 776 TLS1_RFC_PSK_WITH_AES_256_CCM,
748f2546
RS		 777 TLS1_CK_PSK_WITH_AES_256_CCM,
778 SSL_kPSK,
779 SSL_aPSK,
780 SSL_AES256CCM,
0f113f3e 781 SSL_AEAD,
3eb2aff4
KR		 782 TLS1_2_VERSION, TLS1_2_VERSION,
783 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 784 SSL_NOT_DEFAULT | SSL_HIGH,
785 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 786 256,
787 256,
788 },
0f113f3e
MC		 789 {
790 1,
748f2546 791 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
bbb4ceb8 792 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
748f2546
RS		 793 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
794 SSL_kDHEPSK,
795 SSL_aPSK,
796 SSL_AES128CCM,
0f113f3e 797 SSL_AEAD,
3eb2aff4
KR		 798 TLS1_2_VERSION, TLS1_2_VERSION,
799 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 800 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 801 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
802 128,
803 128,
804 },
0f113f3e
MC		 805 {
806 1,
748f2546 807 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
bbb4ceb8 808 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
748f2546
RS		 809 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
810 SSL_kDHEPSK,
811 SSL_aPSK,
812 SSL_AES256CCM,
0f113f3e 813 SSL_AEAD,
3eb2aff4
KR		 814 TLS1_2_VERSION, TLS1_2_VERSION,
815 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 816 SSL_NOT_DEFAULT | SSL_HIGH,
817 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 818 256,
819 256,
820 },
547dba74
DSH		 821 {
822 1,
748f2546 823 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
bbb4ceb8 824 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
748f2546 825 TLS1_CK_PSK_WITH_AES_128_CCM_8,
547dba74
DSH		 826 SSL_kPSK,
827 SSL_aPSK,
748f2546 828 SSL_AES128CCM8,
547dba74 829 SSL_AEAD,
3eb2aff4
KR		 830 TLS1_2_VERSION, TLS1_2_VERSION,
831 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 832 SSL_NOT_DEFAULT | SSL_HIGH,
547dba74
DSH		 833 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
834 128,
835 128,
836 },
547dba74
DSH		 837 {
838 1,
748f2546 839 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
bbb4ceb8 840 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
748f2546 841 TLS1_CK_PSK_WITH_AES_256_CCM_8,
547dba74
DSH		 842 SSL_kPSK,
843 SSL_aPSK,
748f2546 844 SSL_AES256CCM8,
547dba74 845 SSL_AEAD,
3eb2aff4
KR		 846 TLS1_2_VERSION, TLS1_2_VERSION,
847 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 848 SSL_NOT_DEFAULT | SSL_HIGH,
849 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
547dba74
DSH		 850 256,
851 256,
852 },
ea6114c6
DSH		 853 {
854 1,
748f2546 855 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
bbb4ceb8 856 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
748f2546 857 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
ea6114c6
DSH		 858 SSL_kDHEPSK,
859 SSL_aPSK,
748f2546 860 SSL_AES128CCM8,
ea6114c6 861 SSL_AEAD,
3eb2aff4
KR		 862 TLS1_2_VERSION, TLS1_2_VERSION,
863 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 864 SSL_NOT_DEFAULT | SSL_HIGH,
ea6114c6
DSH		 865 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
866 128,
867 128,
868 },
ea6114c6
DSH		 869 {
870 1,
748f2546 871 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
bbb4ceb8 872 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
748f2546
RS		 873 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
874 SSL_kDHEPSK,
ea6114c6 875 SSL_aPSK,
748f2546 876 SSL_AES256CCM8,
ea6114c6 877 SSL_AEAD,
3eb2aff4
KR		 878 TLS1_2_VERSION, TLS1_2_VERSION,
879 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 880 SSL_NOT_DEFAULT | SSL_HIGH,
881 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 882 256,
883 256,
884 },
ea6114c6
DSH		 885 {
886 1,
748f2546 887 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
bbb4ceb8 888 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
748f2546
RS		 889 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
890 SSL_kECDHE,
891 SSL_aECDSA,
892 SSL_AES128CCM,
ea6114c6 893 SSL_AEAD,
3eb2aff4
KR		 894 TLS1_2_VERSION, TLS1_2_VERSION,
895 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 896 SSL_NOT_DEFAULT | SSL_HIGH,
ea6114c6
DSH		 897 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
898 128,
899 128,
900 },
ea6114c6
DSH		 901 {
902 1,
748f2546 903 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
bbb4ceb8 904 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
748f2546
RS		 905 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
906 SSL_kECDHE,
907 SSL_aECDSA,
908 SSL_AES256CCM,
ea6114c6 909 SSL_AEAD,
3eb2aff4
KR		 910 TLS1_2_VERSION, TLS1_2_VERSION,
911 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 912 SSL_NOT_DEFAULT | SSL_HIGH,
913 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 914 256,
915 256,
916 },
ea6114c6
DSH		 917 {
918 1,
748f2546 919 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
bbb4ceb8 920 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
748f2546
RS		 921 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
922 SSL_kECDHE,
923 SSL_aECDSA,
924 SSL_AES128CCM8,
925 SSL_AEAD,
926 TLS1_2_VERSION, TLS1_2_VERSION,
927 DTLS1_2_VERSION, DTLS1_2_VERSION,
928 SSL_NOT_DEFAULT | SSL_HIGH,
929 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 930 128,
931 128,
932 },
ea6114c6
DSH		 933 {
934 1,
748f2546 935 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
bbb4ceb8 936 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
748f2546
RS		 937 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
938 SSL_kECDHE,
939 SSL_aECDSA,
940 SSL_AES256CCM8,
941 SSL_AEAD,
942 TLS1_2_VERSION, TLS1_2_VERSION,
943 DTLS1_2_VERSION, DTLS1_2_VERSION,
944 SSL_NOT_DEFAULT | SSL_HIGH,
945 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 946 256,
947 256,
948 },
ea6114c6
DSH		 949 {
950 1,
748f2546 951 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
bbb4ceb8 952 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
748f2546
RS		 953 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
954 SSL_kECDHE,
955 SSL_aECDSA,
ea6114c6 956 SSL_eNULL,
748f2546 957 SSL_SHA1,
fe55c4a2 958 TLS1_VERSION, TLS1_2_VERSION,
387cf213 959 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 960 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 961 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
962 0,
963 0,
964 },
d33726b9 965# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
ea6114c6
DSH		 966 {
967 1,
748f2546 968 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
bbb4ceb8 969 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
748f2546
RS		 970 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
971 SSL_kECDHE,
972 SSL_aECDSA,
973 SSL_3DES,
974 SSL_SHA1,
fe55c4a2 975 TLS1_VERSION, TLS1_2_VERSION,
387cf213 976 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 977 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 978 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
979 112,
980 168,
ea6114c6 981 },
d33726b9 982# endif
ea6114c6
DSH		 983 {
984 1,
748f2546 985 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
bbb4ceb8 986 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
748f2546
RS		 987 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
988 SSL_kECDHE,
989 SSL_aECDSA,
ea6114c6 990 SSL_AES128,
748f2546 991 SSL_SHA1,
fe55c4a2 992 TLS1_VERSION, TLS1_2_VERSION,
387cf213 993 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 994 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 995 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
996 128,
997 128,
998 },
ea6114c6
DSH		 999 {
1000 1,
748f2546 1001 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
bbb4ceb8 1002 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
748f2546
RS		 1003 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1004 SSL_kECDHE,
1005 SSL_aECDSA,
ea6114c6 1006 SSL_AES256,
748f2546 1007 SSL_SHA1,
fe55c4a2 1008 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1009 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1010 SSL_HIGH | SSL_FIPS,
748f2546 1011 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
ea6114c6
DSH		 1012 256,
1013 256,
1014 },
ea6114c6
DSH		 1015 {
1016 1,
748f2546 1017 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
bbb4ceb8 1018 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
748f2546
RS		 1019 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1020 SSL_kECDHE,
1021 SSL_aRSA,
ea6114c6 1022 SSL_eNULL,
748f2546 1023 SSL_SHA1,
fe55c4a2 1024 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1025 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1026 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1027 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1028 0,
1029 0,
1030 },
d33726b9 1031# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
ea6114c6
DSH		 1032 {
1033 1,
748f2546 1034 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
bbb4ceb8 1035 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
748f2546
RS		 1036 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1037 SSL_kECDHE,
1038 SSL_aRSA,
1039 SSL_3DES,
1040 SSL_SHA1,
fe55c4a2 1041 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1042 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1043 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 1044 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1045 112,
1046 168,
ea6114c6 1047 },
d33726b9 1048# endif
ea6114c6
DSH		 1049 {
1050 1,
748f2546 1051 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
bbb4ceb8 1052 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
748f2546
RS		 1053 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1054 SSL_kECDHE,
ea6114c6
DSH		 1055 SSL_aRSA,
1056 SSL_AES128,
748f2546 1057 SSL_SHA1,
fe55c4a2 1058 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1059 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1060 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1061 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1062 128,
1063 128,
1064 },
ea6114c6
DSH		 1065 {
1066 1,
748f2546 1067 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
bbb4ceb8 1068 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
748f2546
RS		 1069 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1070 SSL_kECDHE,
ea6114c6
DSH		 1071 SSL_aRSA,
1072 SSL_AES256,
748f2546 1073 SSL_SHA1,
fe55c4a2 1074 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1075 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1076 SSL_HIGH | SSL_FIPS,
748f2546 1077 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
ea6114c6
DSH		 1078 256,
1079 256,
1080 },
ea6114c6
DSH		 1081 {
1082 1,
748f2546 1083 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
bbb4ceb8 1084 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
748f2546
RS		 1085 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1086 SSL_kECDHE,
1087 SSL_aNULL,
ea6114c6 1088 SSL_eNULL,
748f2546 1089 SSL_SHA1,
fe55c4a2 1090 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1091 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1092 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1093 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1094 0,
1095 0,
1096 },
d33726b9 1097# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
ea6114c6
DSH		 1098 {
1099 1,
748f2546 1100 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
bbb4ceb8 1101 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
748f2546
RS		 1102 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1103 SSL_kECDHE,
1104 SSL_aNULL,
1105 SSL_3DES,
1106 SSL_SHA1,
fe55c4a2 1107 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1108 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1109 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 1110 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1111 112,
1112 168,
ea6114c6 1113 },
d33726b9 1114# endif
0f113f3e
MC		 1115 {
1116 1,
748f2546 1117 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
bbb4ceb8 1118 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
748f2546
RS		 1119 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1120 SSL_kECDHE,
1121 SSL_aNULL,
1122 SSL_AES128,
1123 SSL_SHA1,
fe55c4a2 1124 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1125 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1126 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1127 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1128 128,
1129 128,
1130 },
0f113f3e
MC		 1131 {
1132 1,
748f2546 1133 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
bbb4ceb8 1134 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
748f2546
RS		 1135 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1136 SSL_kECDHE,
1137 SSL_aNULL,
1138 SSL_AES256,
1139 SSL_SHA1,
fe55c4a2 1140 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1141 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1142 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1143 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1144 256,
1145 256,
1146 },
1147 {
1148 1,
1149 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
bbb4ceb8 1150 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
748f2546
RS		 1151 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1152 SSL_kECDHE,
1153 SSL_aECDSA,
1154 SSL_AES128,
0f113f3e 1155 SSL_SHA256,
3eb2aff4
KR		 1156 TLS1_2_VERSION, TLS1_2_VERSION,
1157 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1158 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1159 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1160 128,
1161 128,
1162 },
0f113f3e
MC		 1163 {
1164 1,
748f2546 1165 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
bbb4ceb8 1166 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
748f2546
RS		 1167 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1168 SSL_kECDHE,
1169 SSL_aECDSA,
1170 SSL_AES256,
1171 SSL_SHA384,
3eb2aff4
KR		 1172 TLS1_2_VERSION, TLS1_2_VERSION,
1173 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1174 SSL_HIGH | SSL_FIPS,
1175 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1176 256,
1177 256,
0f113f3e 1178 },
0f113f3e
MC		 1179 {
1180 1,
748f2546 1181 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
bbb4ceb8 1182 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
748f2546
RS		 1183 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1184 SSL_kECDHE,
1185 SSL_aRSA,
1186 SSL_AES128,
0f113f3e 1187 SSL_SHA256,
3eb2aff4
KR		 1188 TLS1_2_VERSION, TLS1_2_VERSION,
1189 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1190 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1191 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1192 128,
1193 128,
1194 },
0f113f3e
MC		 1195 {
1196 1,
748f2546 1197 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
bbb4ceb8 1198 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
748f2546
RS		 1199 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1200 SSL_kECDHE,
0f113f3e 1201 SSL_aRSA,
748f2546
RS		 1202 SSL_AES256,
1203 SSL_SHA384,
3eb2aff4
KR		 1204 TLS1_2_VERSION, TLS1_2_VERSION,
1205 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1206 SSL_HIGH | SSL_FIPS,
1207 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1208 256,
1209 256,
1210 },
0f113f3e
MC		 1211 {
1212 1,
748f2546 1213 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1214 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1215 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1216 SSL_kECDHE,
1217 SSL_aECDSA,
1218 SSL_AES128GCM,
1219 SSL_AEAD,
3eb2aff4
KR		 1220 TLS1_2_VERSION, TLS1_2_VERSION,
1221 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1222 SSL_HIGH | SSL_FIPS,
0f113f3e 1223 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
748f2546
RS		 1224 128,
1225 128,
1226 },
1227 {
1228 1,
1229 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1230 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1231 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1232 SSL_kECDHE,
1233 SSL_aECDSA,
1234 SSL_AES256GCM,
1235 SSL_AEAD,
1236 TLS1_2_VERSION, TLS1_2_VERSION,
1237 DTLS1_2_VERSION, DTLS1_2_VERSION,
1238 SSL_HIGH | SSL_FIPS,
1239 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1240 256,
1241 256,
1242 },
0f113f3e
MC		 1243 {
1244 1,
748f2546 1245 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1246 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1247 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1248 SSL_kECDHE,
0f113f3e 1249 SSL_aRSA,
748f2546
RS		 1250 SSL_AES128GCM,
1251 SSL_AEAD,
3eb2aff4
KR		 1252 TLS1_2_VERSION, TLS1_2_VERSION,
1253 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1254 SSL_HIGH | SSL_FIPS,
0f113f3e 1255 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
748f2546
RS		 1256 128,
1257 128,
0f113f3e 1258 },
0f113f3e
MC		 1259 {
1260 1,
748f2546 1261 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1262 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1263 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1264 SSL_kECDHE,
1265 SSL_aRSA,
1266 SSL_AES256GCM,
1267 SSL_AEAD,
3eb2aff4
KR		 1268 TLS1_2_VERSION, TLS1_2_VERSION,
1269 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1270 SSL_HIGH | SSL_FIPS,
1271 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1272 256,
1273 256,
1274 },
0f113f3e
MC		 1275 {
1276 1,
748f2546 1277 TLS1_TXT_PSK_WITH_NULL_SHA,
bbb4ceb8 1278 TLS1_RFC_PSK_WITH_NULL_SHA,
748f2546
RS		 1279 TLS1_CK_PSK_WITH_NULL_SHA,
1280 SSL_kPSK,
1281 SSL_aPSK,
0f113f3e
MC		 1282 SSL_eNULL,
1283 SSL_SHA1,
3eb2aff4 1284 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1285 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1286 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 1287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1288 0,
1289 0,
1290 },
0f113f3e
MC		 1291 {
1292 1,
748f2546 1293 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
bbb4ceb8 1294 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
748f2546
RS		 1295 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1296 SSL_kDHEPSK,
1297 SSL_aPSK,
1298 SSL_eNULL,
0f113f3e 1299 SSL_SHA1,
3eb2aff4 1300 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1301 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1302 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1303 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1304 0,
1305 0,
0f113f3e 1306 },
0f113f3e
MC		 1307 {
1308 1,
748f2546 1309 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
bbb4ceb8 1310 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
748f2546
RS		 1311 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1312 SSL_kRSAPSK,
1313 SSL_aRSA,
1314 SSL_eNULL,
1315 SSL_SHA1,
1316 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1317 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1318 SSL_STRONG_NONE | SSL_FIPS,
1319 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1320 0,
1321 0,
1322 },
d33726b9 1323# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
748f2546
RS		 1324 {
1325 1,
1326 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1327 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1328 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1329 SSL_kPSK,
1330 SSL_aPSK,
0f113f3e
MC		 1331 SSL_3DES,
1332 SSL_SHA1,
3eb2aff4 1333 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1334 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1335 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 1336 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1337 112,
1338 168,
1339 },
d33726b9 1340# endif
0f113f3e
MC		 1341 {
1342 1,
748f2546 1343 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
bbb4ceb8 1344 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
748f2546
RS		 1345 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1346 SSL_kPSK,
1347 SSL_aPSK,
0f113f3e
MC		 1348 SSL_AES128,
1349 SSL_SHA1,
3eb2aff4 1350 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1351 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1352 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1353 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1354 128,
1355 128,
1356 },
0f113f3e
MC		 1357 {
1358 1,
748f2546 1359 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
bbb4ceb8 1360 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
748f2546
RS		 1361 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1362 SSL_kPSK,
1363 SSL_aPSK,
0f113f3e
MC		 1364 SSL_AES256,
1365 SSL_SHA1,
3eb2aff4 1366 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1367 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1368 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1369 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1370 256,
1371 256,
1372 },
d33726b9 1373# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
0f113f3e
MC		 1374 {
1375 1,
748f2546 1376 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1377 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1378 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1379 SSL_kDHEPSK,
1380 SSL_aPSK,
1381 SSL_3DES,
0f113f3e 1382 SSL_SHA1,
3eb2aff4 1383 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1384 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1385 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e 1386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1387 112,
1388 168,
0f113f3e 1389 },
d33726b9 1390# endif
0f113f3e
MC		 1391 {
1392 1,
748f2546 1393 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
bbb4ceb8 1394 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
748f2546
RS		 1395 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1396 SSL_kDHEPSK,
1397 SSL_aPSK,
1398 SSL_AES128,
1399 SSL_SHA1,
1400 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1401 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1402 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1403 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1404 128,
1405 128,
1406 },
0f113f3e
MC		 1407 {
1408 1,
748f2546 1409 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
bbb4ceb8 1410 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
748f2546
RS		 1411 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1412 SSL_kDHEPSK,
1413 SSL_aPSK,
1414 SSL_AES256,
1415 SSL_SHA1,
1416 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1417 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1418 SSL_HIGH | SSL_FIPS,
1419 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1420 256,
1421 256,
1422 },
d33726b9 1423# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
748f2546
RS		 1424 {
1425 1,
1426 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1427 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1428 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1429 SSL_kRSAPSK,
0f113f3e
MC		 1430 SSL_aRSA,
1431 SSL_3DES,
1432 SSL_SHA1,
3eb2aff4 1433 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1434 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1435 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 1436 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1437 112,
1438 168,
1439 },
d33726b9 1440# endif
0f113f3e
MC		 1441 {
1442 1,
748f2546 1443 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
bbb4ceb8 1444 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
748f2546
RS		 1445 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1446 SSL_kRSAPSK,
0f113f3e
MC		 1447 SSL_aRSA,
1448 SSL_AES128,
1449 SSL_SHA1,
3eb2aff4 1450 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1451 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1452 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1453 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1454 128,
1455 128,
1456 },
0f113f3e
MC		 1457 {
1458 1,
748f2546 1459 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
bbb4ceb8 1460 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
748f2546
RS		 1461 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1462 SSL_kRSAPSK,
0f113f3e
MC		 1463 SSL_aRSA,
1464 SSL_AES256,
1465 SSL_SHA1,
3eb2aff4 1466 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1467 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1468 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1469 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1470 256,
1471 256,
1472 },
0f113f3e
MC		 1473 {
1474 1,
748f2546 1475 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1476 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1477 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1478 SSL_kPSK,
1479 SSL_aPSK,
1480 SSL_AES128GCM,
1481 SSL_AEAD,
1482 TLS1_2_VERSION, TLS1_2_VERSION,
1483 DTLS1_2_VERSION, DTLS1_2_VERSION,
1484 SSL_HIGH | SSL_FIPS,
1485 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 1486 128,
1487 128,
1488 },
0f113f3e
MC		 1489 {
1490 1,
748f2546 1491 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1492 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1493 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1494 SSL_kPSK,
1495 SSL_aPSK,
1496 SSL_AES256GCM,
1497 SSL_AEAD,
1498 TLS1_2_VERSION, TLS1_2_VERSION,
1499 DTLS1_2_VERSION, DTLS1_2_VERSION,
1500 SSL_HIGH | SSL_FIPS,
1501 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1502 256,
1503 256,
0f113f3e 1504 },
0f113f3e
MC		 1505 {
1506 1,
748f2546 1507 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1508 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1509 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1510 SSL_kDHEPSK,
1511 SSL_aPSK,
1512 SSL_AES128GCM,
1513 SSL_AEAD,
1514 TLS1_2_VERSION, TLS1_2_VERSION,
1515 DTLS1_2_VERSION, DTLS1_2_VERSION,
1516 SSL_HIGH | SSL_FIPS,
1517 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 1518 128,
1519 128,
1520 },
0f113f3e
MC		 1521 {
1522 1,
748f2546 1523 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1524 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1525 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1526 SSL_kDHEPSK,
1527 SSL_aPSK,
1528 SSL_AES256GCM,
1529 SSL_AEAD,
1530 TLS1_2_VERSION, TLS1_2_VERSION,
1531 DTLS1_2_VERSION, DTLS1_2_VERSION,
1532 SSL_HIGH | SSL_FIPS,
1533 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1534 256,
1535 256,
1536 },
0f113f3e
MC		 1537 {
1538 1,
748f2546 1539 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1540 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1541 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1542 SSL_kRSAPSK,
0f113f3e 1543 SSL_aRSA,
748f2546
RS		 1544 SSL_AES128GCM,
1545 SSL_AEAD,
1546 TLS1_2_VERSION, TLS1_2_VERSION,
1547 DTLS1_2_VERSION, DTLS1_2_VERSION,
1548 SSL_HIGH | SSL_FIPS,
1549 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1550 128,
1551 128,
0f113f3e 1552 },
0f113f3e
MC		 1553 {
1554 1,
748f2546 1555 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1556 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1557 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1558 SSL_kRSAPSK,
1559 SSL_aRSA,
1560 SSL_AES256GCM,
1561 SSL_AEAD,
1562 TLS1_2_VERSION, TLS1_2_VERSION,
1563 DTLS1_2_VERSION, DTLS1_2_VERSION,
1564 SSL_HIGH | SSL_FIPS,
1565 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1566 256,
1567 256,
0f113f3e 1568 },
0f113f3e
MC		 1569 {
1570 1,
748f2546 1571 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
bbb4ceb8 1572 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
748f2546
RS		 1573 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1574 SSL_kPSK,
1575 SSL_aPSK,
0f113f3e 1576 SSL_AES128,
748f2546
RS		 1577 SSL_SHA256,
1578 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1579 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1580 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1581 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1582 128,
1583 128,
1584 },
0f113f3e
MC		 1585 {
1586 1,
748f2546 1587 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
bbb4ceb8 1588 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
748f2546
RS		 1589 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1590 SSL_kPSK,
1591 SSL_aPSK,
1592 SSL_AES256,
1593 SSL_SHA384,
1594 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1595 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1596 SSL_HIGH | SSL_FIPS,
1597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1598 256,
1599 256,
0f113f3e 1600 },
0f113f3e
MC		 1601 {
1602 1,
748f2546 1603 TLS1_TXT_PSK_WITH_NULL_SHA256,
bbb4ceb8 1604 TLS1_RFC_PSK_WITH_NULL_SHA256,
748f2546
RS		 1605 TLS1_CK_PSK_WITH_NULL_SHA256,
1606 SSL_kPSK,
1607 SSL_aPSK,
1608 SSL_eNULL,
1609 SSL_SHA256,
1610 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1611 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1612 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1613 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1614 0,
1615 0,
0f113f3e 1616 },
0f113f3e
MC		 1617 {
1618 1,
748f2546 1619 TLS1_TXT_PSK_WITH_NULL_SHA384,
bbb4ceb8 1620 TLS1_RFC_PSK_WITH_NULL_SHA384,
748f2546
RS		 1621 TLS1_CK_PSK_WITH_NULL_SHA384,
1622 SSL_kPSK,
1623 SSL_aPSK,
1624 SSL_eNULL,
1625 SSL_SHA384,
1626 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1627 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1628 SSL_STRONG_NONE | SSL_FIPS,
1629 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1630 0,
1631 0,
0f113f3e 1632 },
0f113f3e
MC		 1633 {
1634 1,
748f2546 1635 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
bbb4ceb8 1636 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
748f2546
RS		 1637 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1638 SSL_kDHEPSK,
1639 SSL_aPSK,
1640 SSL_AES128,
1641 SSL_SHA256,
1642 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1643 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1644 SSL_HIGH | SSL_FIPS,
0f113f3e 1645 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1646 128,
1647 128,
0f113f3e 1648 },
0f113f3e
MC		 1649 {
1650 1,
748f2546 1651 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
bbb4ceb8 1652 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
748f2546
RS		 1653 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1654 SSL_kDHEPSK,
1655 SSL_aPSK,
0f113f3e 1656 SSL_AES256,
748f2546
RS		 1657 SSL_SHA384,
1658 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1659 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1660 SSL_HIGH | SSL_FIPS,
1661 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1662 256,
1663 256,
1664 },
0f113f3e
MC		 1665 {
1666 1,
748f2546 1667 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
bbb4ceb8 1668 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
748f2546
RS		 1669 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1670 SSL_kDHEPSK,
1671 SSL_aPSK,
1672 SSL_eNULL,
0f113f3e 1673 SSL_SHA256,
748f2546 1674 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1675 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1676 SSL_STRONG_NONE | SSL_FIPS,
1677 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1678 0,
1679 0,
0f113f3e 1680 },
0f113f3e
MC		 1681 {
1682 1,
748f2546 1683 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
bbb4ceb8 1684 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
748f2546
RS		 1685 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1686 SSL_kDHEPSK,
1687 SSL_aPSK,
1688 SSL_eNULL,
0f113f3e 1689 SSL_SHA384,
748f2546 1690 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1691 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1692 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1693 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
748f2546
RS		 1694 0,
1695 0,
0f113f3e 1696 },
0f113f3e
MC		 1697 {
1698 1,
748f2546 1699 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
bbb4ceb8 1700 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
748f2546
RS		 1701 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1702 SSL_kRSAPSK,
0f113f3e
MC		 1703 SSL_aRSA,
1704 SSL_AES128,
1705 SSL_SHA256,
748f2546 1706 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1707 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1708 SSL_HIGH | SSL_FIPS,
748f2546 1709 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0f113f3e
MC		 1710 128,
1711 128,
1712 },
0f113f3e
MC		 1713 {
1714 1,
748f2546 1715 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
bbb4ceb8 1716 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
748f2546
RS		 1717 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1718 SSL_kRSAPSK,
0f113f3e
MC		 1719 SSL_aRSA,
1720 SSL_AES256,
1721 SSL_SHA384,
748f2546 1722 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1723 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1724 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1725 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1726 256,
1727 256,
1728 },
0f113f3e
MC		 1729 {
1730 1,
748f2546 1731 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
bbb4ceb8 1732 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
748f2546
RS		 1733 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1734 SSL_kRSAPSK,
0f113f3e 1735 SSL_aRSA,
748f2546
RS		 1736 SSL_eNULL,
1737 SSL_SHA256,
1738 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1739 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1740 SSL_STRONG_NONE | SSL_FIPS,
1741 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1742 0,
1743 0,
0f113f3e 1744 },
0f113f3e
MC		 1745 {
1746 1,
748f2546 1747 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
bbb4ceb8 1748 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
748f2546
RS		 1749 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1750 SSL_kRSAPSK,
0f113f3e 1751 SSL_aRSA,
748f2546
RS		 1752 SSL_eNULL,
1753 SSL_SHA384,
1754 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1755 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1756 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1757 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
748f2546
RS		 1758 0,
1759 0,
ea6114c6 1760 },
d33726b9 1761# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
ea6114c6
DSH		 1762 {
1763 1,
1764 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1765 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
ea6114c6
DSH		 1766 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1767 SSL_kECDHEPSK,
1768 SSL_aPSK,
1769 SSL_3DES,
1770 SSL_SHA1,
fe55c4a2 1771 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1772 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1773 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
ea6114c6
DSH		 1774 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1775 112,
1776 168,
1777 },
d33726b9 1778# endif
ea6114c6
DSH		 1779 {
1780 1,
1781 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
bbb4ceb8 1782 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
ea6114c6
DSH		 1783 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1784 SSL_kECDHEPSK,
1785 SSL_aPSK,
1786 SSL_AES128,
1787 SSL_SHA1,
fe55c4a2 1788 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1789 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1790 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1792 128,
1793 128,
1794 },
ea6114c6
DSH		 1795 {
1796 1,
1797 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
bbb4ceb8 1798 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
ea6114c6
DSH		 1799 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1800 SSL_kECDHEPSK,
1801 SSL_aPSK,
1802 SSL_AES256,
1803 SSL_SHA1,
fe55c4a2 1804 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1805 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1806 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1808 256,
1809 256,
1810 },
ea6114c6
DSH		 1811 {
1812 1,
1813 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
bbb4ceb8 1814 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
ea6114c6
DSH		 1815 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1816 SSL_kECDHEPSK,
1817 SSL_aPSK,
1818 SSL_AES128,
1819 SSL_SHA256,
3eb2aff4 1820 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1821 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1822 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1824 128,
1825 128,
1826 },
ea6114c6
DSH		 1827 {
1828 1,
1829 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
bbb4ceb8 1830 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
ea6114c6
DSH		 1831 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1832 SSL_kECDHEPSK,
1833 SSL_aPSK,
1834 SSL_AES256,
1835 SSL_SHA384,
3eb2aff4 1836 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1837 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1838 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1839 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1840 256,
1841 256,
1842 },
ea6114c6
DSH		 1843 {
1844 1,
1845 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
bbb4ceb8 1846 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
ea6114c6
DSH		 1847 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1848 SSL_kECDHEPSK,
1849 SSL_aPSK,
1850 SSL_eNULL,
1851 SSL_SHA1,
fe55c4a2 1852 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1853 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1854 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1855 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1856 0,
1857 0,
1858 },
ea6114c6
DSH		 1859 {
1860 1,
1861 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
bbb4ceb8 1862 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
ea6114c6
DSH		 1863 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1864 SSL_kECDHEPSK,
1865 SSL_aPSK,
1866 SSL_eNULL,
1867 SSL_SHA256,
3eb2aff4 1868 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1869 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1870 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1871 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1872 0,
1873 0,
1874 },
ea6114c6
DSH		 1875 {
1876 1,
1877 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
bbb4ceb8 1878 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
ea6114c6
DSH		 1879 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1880 SSL_kECDHEPSK,
1881 SSL_aPSK,
1882 SSL_eNULL,
1883 SSL_SHA384,
3eb2aff4 1884 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1885 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1886 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1887 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1888 0,
1889 0,
1890 },
1891
d33726b9 1892# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
748f2546
RS		 1893 {
1894 1,
1895 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1896 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1897 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1898 SSL_kSRP,
1899 SSL_aSRP,
1900 SSL_3DES,
1901 SSL_SHA1,
1902 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1903 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1904 SSL_NOT_DEFAULT | SSL_MEDIUM,
748f2546
RS		 1905 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1906 112,
1907 168,
1908 },
1909 {
1910 1,
1911 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1912 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1913 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1914 SSL_kSRP,
1915 SSL_aRSA,
1916 SSL_3DES,
1917 SSL_SHA1,
1918 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1919 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1920 SSL_NOT_DEFAULT | SSL_MEDIUM,
748f2546
RS		 1921 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1922 112,
1923 168,
1924 },
1925 {
1926 1,
1927 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1928 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1929 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1930 SSL_kSRP,
1931 SSL_aDSS,
1932 SSL_3DES,
1933 SSL_SHA1,
1934 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1935 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1936 SSL_NOT_DEFAULT | SSL_MEDIUM,
748f2546
RS		 1937 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1938 112,
1939 168,
1940 },
d33726b9 1941# endif
748f2546
RS		 1942 {
1943 1,
1944 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
bbb4ceb8 1945 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
748f2546
RS		 1946 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1947 SSL_kSRP,
1948 SSL_aSRP,
1949 SSL_AES128,
1950 SSL_SHA1,
1951 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1952 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1953 SSL_HIGH,
1954 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1955 128,
1956 128,
1957 },
1958 {
1959 1,
1960 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
bbb4ceb8 1961 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
748f2546
RS		 1962 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1963 SSL_kSRP,
1964 SSL_aRSA,
1965 SSL_AES128,
1966 SSL_SHA1,
1967 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1968 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1969 SSL_HIGH,
1970 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1971 128,
1972 128,
1973 },
1974 {
1975 1,
1976 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
bbb4ceb8 1977 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
748f2546
RS		 1978 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1979 SSL_kSRP,
1980 SSL_aDSS,
1981 SSL_AES128,
1982 SSL_SHA1,
1983 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1984 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1985 SSL_NOT_DEFAULT | SSL_HIGH,
1986 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1987 128,
1988 128,
1989 },
1990 {
1991 1,
1992 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
bbb4ceb8 1993 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
748f2546
RS		 1994 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1995 SSL_kSRP,
1996 SSL_aSRP,
1997 SSL_AES256,
1998 SSL_SHA1,
1999 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2000 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2001 SSL_HIGH,
2002 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2003 256,
2004 256,
2005 },
2006 {
2007 1,
2008 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
bbb4ceb8 2009 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
748f2546
RS		 2010 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2011 SSL_kSRP,
2012 SSL_aRSA,
2013 SSL_AES256,
2014 SSL_SHA1,
2015 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2016 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2017 SSL_HIGH,
2018 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2019 256,
2020 256,
2021 },
2022 {
2023 1,
2024 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
bbb4ceb8 2025 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
748f2546
RS		 2026 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2027 SSL_kSRP,
2028 SSL_aDSS,
2029 SSL_AES256,
2030 SSL_SHA1,
2031 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2032 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2033 SSL_NOT_DEFAULT | SSL_HIGH,
2034 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2035 256,
2036 256,
2037 },
748f2546
RS		 2038
2039#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
748f2546
RS		 2040 {
2041 1,
2042 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
bbb4ceb8 2043 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
748f2546
RS		 2044 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2045 SSL_kDHE,
2046 SSL_aRSA,
2047 SSL_CHACHA20POLY1305,
2048 SSL_AEAD,
2049 TLS1_2_VERSION, TLS1_2_VERSION,
2050 DTLS1_2_VERSION, DTLS1_2_VERSION,
2051 SSL_HIGH,
2052 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2053 256,
2054 256,
2055 },
748f2546
RS		 2056 {
2057 1,
2058 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
bbb4ceb8 2059 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
748f2546
RS		 2060 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2061 SSL_kECDHE,
2062 SSL_aRSA,
2063 SSL_CHACHA20POLY1305,
2064 SSL_AEAD,
2065 TLS1_2_VERSION, TLS1_2_VERSION,
2066 DTLS1_2_VERSION, DTLS1_2_VERSION,
2067 SSL_HIGH,
2068 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2069 256,
2070 256,
2071 },
2072 {
2073 1,
2074 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
bbb4ceb8 2075 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
748f2546
RS		 2076 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2077 SSL_kECDHE,
2078 SSL_aECDSA,
2079 SSL_CHACHA20POLY1305,
2080 SSL_AEAD,
2081 TLS1_2_VERSION, TLS1_2_VERSION,
2082 DTLS1_2_VERSION, DTLS1_2_VERSION,
2083 SSL_HIGH,
2084 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2085 256,
2086 256,
2087 },
748f2546
RS		 2088 {
2089 1,
2090 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
bbb4ceb8 2091 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
748f2546
RS		 2092 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2093 SSL_kPSK,
2094 SSL_aPSK,
2095 SSL_CHACHA20POLY1305,
2096 SSL_AEAD,
2097 TLS1_2_VERSION, TLS1_2_VERSION,
2098 DTLS1_2_VERSION, DTLS1_2_VERSION,
2099 SSL_HIGH,
2100 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2101 256,
2102 256,
2103 },
2104 {
2105 1,
2106 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
bbb4ceb8 2107 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
748f2546
RS		 2108 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2109 SSL_kECDHEPSK,
2110 SSL_aPSK,
2111 SSL_CHACHA20POLY1305,
2112 SSL_AEAD,
2113 TLS1_2_VERSION, TLS1_2_VERSION,
2114 DTLS1_2_VERSION, DTLS1_2_VERSION,
2115 SSL_HIGH,
2116 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2117 256,
2118 256,
2119 },
2120 {
2121 1,
2122 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
bbb4ceb8 2123 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
748f2546
RS		 2124 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2125 SSL_kDHEPSK,
2126 SSL_aPSK,
2127 SSL_CHACHA20POLY1305,
2128 SSL_AEAD,
2129 TLS1_2_VERSION, TLS1_2_VERSION,
2130 DTLS1_2_VERSION, DTLS1_2_VERSION,
2131 SSL_HIGH,
2132 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2133 256,
2134 256,
2135 },
2136 {
2137 1,
2138 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
bbb4ceb8 2139 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
748f2546
RS		 2140 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2141 SSL_kRSAPSK,
2142 SSL_aRSA,
2143 SSL_CHACHA20POLY1305,
2144 SSL_AEAD,
2145 TLS1_2_VERSION, TLS1_2_VERSION,
2146 DTLS1_2_VERSION, DTLS1_2_VERSION,
2147 SSL_HIGH,
2148 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2149 256,
2150 256,
2151 },
a230b26e
EK		 2152#endif /* !defined(OPENSSL_NO_CHACHA) &&
2153 * !defined(OPENSSL_NO_POLY1305) */
748f2546
RS		 2154
2155#ifndef OPENSSL_NO_CAMELLIA
2156 {
2157 1,
2158 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2159 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2160 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2161 SSL_kRSA,
2162 SSL_aRSA,
2163 SSL_CAMELLIA128,
2164 SSL_SHA256,
2165 TLS1_2_VERSION, TLS1_2_VERSION,
2166 DTLS1_2_VERSION, DTLS1_2_VERSION,
2167 SSL_NOT_DEFAULT | SSL_HIGH,
2168 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2169 128,
2170 128,
2171 },
2172 {
2173 1,
2174 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2175 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2176 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2177 SSL_kEDH,
2178 SSL_aDSS,
2179 SSL_CAMELLIA128,
2180 SSL_SHA256,
2181 TLS1_2_VERSION, TLS1_2_VERSION,
2182 DTLS1_2_VERSION, DTLS1_2_VERSION,
2183 SSL_NOT_DEFAULT | SSL_HIGH,
2184 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2185 128,
2186 128,
2187 },
2188 {
2189 1,
2190 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2191 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2192 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2193 SSL_kEDH,
2194 SSL_aRSA,
2195 SSL_CAMELLIA128,
2196 SSL_SHA256,
2197 TLS1_2_VERSION, TLS1_2_VERSION,
2198 DTLS1_2_VERSION, DTLS1_2_VERSION,
2199 SSL_NOT_DEFAULT | SSL_HIGH,
2200 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2201 128,
2202 128,
2203 },
2204 {
2205 1,
2206 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2207 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2208 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2209 SSL_kEDH,
2210 SSL_aNULL,
2211 SSL_CAMELLIA128,
2212 SSL_SHA256,
2213 TLS1_2_VERSION, TLS1_2_VERSION,
2214 DTLS1_2_VERSION, DTLS1_2_VERSION,
2215 SSL_NOT_DEFAULT | SSL_HIGH,
2216 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2217 128,
2218 128,
2219 },
2220 {
2221 1,
2222 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
bbb4ceb8 2223 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
748f2546
RS		 2224 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2225 SSL_kRSA,
2226 SSL_aRSA,
2227 SSL_CAMELLIA256,
2228 SSL_SHA256,
2229 TLS1_2_VERSION, TLS1_2_VERSION,
2230 DTLS1_2_VERSION, DTLS1_2_VERSION,
2231 SSL_NOT_DEFAULT | SSL_HIGH,
2232 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2233 256,
2234 256,
2235 },
2236 {
2237 1,
2238 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
bbb4ceb8 2239 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
748f2546
RS		 2240 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2241 SSL_kEDH,
2242 SSL_aDSS,
2243 SSL_CAMELLIA256,
2244 SSL_SHA256,
2245 TLS1_2_VERSION, TLS1_2_VERSION,
2246 DTLS1_2_VERSION, DTLS1_2_VERSION,
2247 SSL_NOT_DEFAULT | SSL_HIGH,
2248 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2249 256,
2250 256,
2251 },
2252 {
2253 1,
2254 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
bbb4ceb8 2255 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
748f2546
RS		 2256 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2257 SSL_kEDH,
2258 SSL_aRSA,
2259 SSL_CAMELLIA256,
2260 SSL_SHA256,
2261 TLS1_2_VERSION, TLS1_2_VERSION,
2262 DTLS1_2_VERSION, DTLS1_2_VERSION,
2263 SSL_NOT_DEFAULT | SSL_HIGH,
2264 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2265 256,
2266 256,
2267 },
2268 {
2269 1,
2270 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
bbb4ceb8 2271 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
748f2546
RS		 2272 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2273 SSL_kEDH,
2274 SSL_aNULL,
2275 SSL_CAMELLIA256,
2276 SSL_SHA256,
2277 TLS1_2_VERSION, TLS1_2_VERSION,
2278 DTLS1_2_VERSION, DTLS1_2_VERSION,
2279 SSL_NOT_DEFAULT | SSL_HIGH,
2280 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2281 256,
2282 256,
2283 },
2284 {
2285 1,
2286 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
bbb4ceb8 2287 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
748f2546
RS		 2288 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2289 SSL_kRSA,
2290 SSL_aRSA,
2291 SSL_CAMELLIA256,
2292 SSL_SHA1,
2293 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2294 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2295 SSL_NOT_DEFAULT | SSL_HIGH,
2296 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2297 256,
2298 256,
2299 },
2300 {
2301 1,
2302 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
bbb4ceb8 2303 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
748f2546
RS		 2304 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2305 SSL_kDHE,
2306 SSL_aDSS,
2307 SSL_CAMELLIA256,
2308 SSL_SHA1,
2309 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2310 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2311 SSL_NOT_DEFAULT | SSL_HIGH,
2312 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2313 256,
2314 256,
2315 },
2316 {
2317 1,
2318 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
bbb4ceb8 2319 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
748f2546
RS		 2320 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2321 SSL_kDHE,
2322 SSL_aRSA,
2323 SSL_CAMELLIA256,
2324 SSL_SHA1,
2325 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2326 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2327 SSL_NOT_DEFAULT | SSL_HIGH,
2328 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2329 256,
2330 256,
2331 },
2332 {
2333 1,
2334 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
bbb4ceb8 2335 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
748f2546
RS		 2336 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2337 SSL_kDHE,
2338 SSL_aNULL,
2339 SSL_CAMELLIA256,
2340 SSL_SHA1,
2341 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2342 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2343 SSL_NOT_DEFAULT | SSL_HIGH,
2344 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2345 256,
2346 256,
2347 },
2348 {
2349 1,
2350 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
bbb4ceb8 2351 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
748f2546
RS		 2352 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2353 SSL_kRSA,
2354 SSL_aRSA,
2355 SSL_CAMELLIA128,
2356 SSL_SHA1,
2357 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2358 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2359 SSL_NOT_DEFAULT | SSL_HIGH,
2360 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2361 128,
2362 128,
2363 },
2364 {
2365 1,
2366 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
bbb4ceb8 2367 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
748f2546
RS		 2368 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2369 SSL_kDHE,
2370 SSL_aDSS,
2371 SSL_CAMELLIA128,
2372 SSL_SHA1,
2373 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2374 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2375 SSL_NOT_DEFAULT | SSL_HIGH,
2376 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2377 128,
2378 128,
2379 },
2380 {
2381 1,
2382 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
bbb4ceb8 2383 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
748f2546
RS		 2384 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2385 SSL_kDHE,
2386 SSL_aRSA,
2387 SSL_CAMELLIA128,
2388 SSL_SHA1,
2389 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2390 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2391 SSL_NOT_DEFAULT | SSL_HIGH,
2392 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2393 128,
2394 128,
2395 },
2396 {
2397 1,
2398 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
bbb4ceb8 2399 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
748f2546
RS		 2400 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2401 SSL_kDHE,
2402 SSL_aNULL,
2403 SSL_CAMELLIA128,
2404 SSL_SHA1,
2405 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2406 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2407 SSL_NOT_DEFAULT | SSL_HIGH,
2408 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2409 128,
2410 128,
2411 },
748f2546 2412 {
0f113f3e
MC		 2413 1,
2414 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2415 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
0f113f3e
MC		 2416 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2417 SSL_kECDHE,
2418 SSL_aECDSA,
2419 SSL_CAMELLIA128,
2420 SSL_SHA256,
3eb2aff4
KR		 2421 TLS1_2_VERSION, TLS1_2_VERSION,
2422 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2423 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2424 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2425 128,
a230b26e
EK		 2426 128,
2427 },
748f2546 2428 {
0f113f3e
MC		 2429 1,
2430 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2431 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
0f113f3e
MC		 2432 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2433 SSL_kECDHE,
2434 SSL_aECDSA,
2435 SSL_CAMELLIA256,
2436 SSL_SHA384,
3eb2aff4
KR		 2437 TLS1_2_VERSION, TLS1_2_VERSION,
2438 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2439 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2440 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2441 256,
a230b26e
EK		 2442 256,
2443 },
748f2546 2444 {
0f113f3e
MC		 2445 1,
2446 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2447 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
0f113f3e
MC		 2448 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2449 SSL_kECDHE,
2450 SSL_aRSA,
2451 SSL_CAMELLIA128,
2452 SSL_SHA256,
3eb2aff4
KR		 2453 TLS1_2_VERSION, TLS1_2_VERSION,
2454 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2455 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2456 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2457 128,
a230b26e
EK		 2458 128,
2459 },
748f2546 2460 {
0f113f3e
MC		 2461 1,
2462 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2463 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
0f113f3e
MC		 2464 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2465 SSL_kECDHE,
2466 SSL_aRSA,
2467 SSL_CAMELLIA256,
2468 SSL_SHA384,
3eb2aff4
KR		 2469 TLS1_2_VERSION, TLS1_2_VERSION,
2470 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2471 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2472 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2473 256,
a230b26e
EK		 2474 256,
2475 },
748f2546 2476 {
69a3a9f5
DSH		 2477 1,
2478 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2479 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
69a3a9f5
DSH		 2480 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2481 SSL_kPSK,
2482 SSL_aPSK,
2483 SSL_CAMELLIA128,
2484 SSL_SHA256,
3eb2aff4 2485 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2486 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2487 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2488 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2489 128,
a230b26e
EK		 2490 128,
2491 },
748f2546 2492 {
69a3a9f5
DSH		 2493 1,
2494 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2495 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
69a3a9f5
DSH		 2496 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2497 SSL_kPSK,
2498 SSL_aPSK,
2499 SSL_CAMELLIA256,
2500 SSL_SHA384,
3eb2aff4 2501 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2502 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2503 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2504 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2505 256,
a230b26e
EK		 2506 256,
2507 },
748f2546 2508 {
69a3a9f5
DSH		 2509 1,
2510 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2511 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
69a3a9f5
DSH		 2512 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2513 SSL_kDHEPSK,
2514 SSL_aPSK,
2515 SSL_CAMELLIA128,
2516 SSL_SHA256,
3eb2aff4 2517 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2518 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2519 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2520 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2521 128,
a230b26e
EK		 2522 128,
2523 },
748f2546 2524 {
69a3a9f5
DSH		 2525 1,
2526 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2527 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
69a3a9f5
DSH		 2528 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2529 SSL_kDHEPSK,
2530 SSL_aPSK,
2531 SSL_CAMELLIA256,
2532 SSL_SHA384,
3eb2aff4 2533 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2534 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2535 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2536 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2537 256,
a230b26e
EK		 2538 256,
2539 },
748f2546 2540 {
69a3a9f5
DSH		 2541 1,
2542 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2543 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
69a3a9f5
DSH		 2544 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2545 SSL_kRSAPSK,
2546 SSL_aRSA,
2547 SSL_CAMELLIA128,
2548 SSL_SHA256,
3eb2aff4 2549 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2550 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2551 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2552 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2553 128,
a230b26e
EK		 2554 128,
2555 },
748f2546 2556 {
69a3a9f5
DSH		 2557 1,
2558 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2559 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
69a3a9f5
DSH		 2560 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2561 SSL_kRSAPSK,
2562 SSL_aRSA,
2563 SSL_CAMELLIA256,
2564 SSL_SHA384,
3eb2aff4 2565 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2566 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2567 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2568 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2569 256,
a230b26e
EK		 2570 256,
2571 },
176f85a2
DSH		 2572 {
2573 1,
748f2546 2574 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2575 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2576 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2577 SSL_kECDHEPSK,
176f85a2 2578 SSL_aPSK,
748f2546
RS		 2579 SSL_CAMELLIA128,
2580 SSL_SHA256,
2581 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2582 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2583 SSL_NOT_DEFAULT | SSL_HIGH,
748f2546 2584 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2 2585 128,
a230b26e
EK		 2586 128,
2587 },
176f85a2
DSH		 2588 {
2589 1,
748f2546 2590 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2591 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
748f2546
RS		 2592 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2593 SSL_kECDHEPSK,
176f85a2 2594 SSL_aPSK,
748f2546
RS		 2595 SSL_CAMELLIA256,
2596 SSL_SHA384,
2597 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2598 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2599 SSL_NOT_DEFAULT | SSL_HIGH,
748f2546 2600 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
176f85a2 2601 256,
a230b26e
EK		 2602 256,
2603 },
a230b26e 2604#endif /* OPENSSL_NO_CAMELLIA */
176f85a2 2605
580731af 2606#ifndef OPENSSL_NO_GOST
176f85a2
DSH		 2607 {
2608 1,
748f2546 2609 "GOST2001-GOST89-GOST89",
bbb4ceb8 2610 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
748f2546
RS		 2611 0x3000081,
2612 SSL_kGOST,
2613 SSL_aGOST01,
2614 SSL_eGOST2814789CNT,
2615 SSL_GOST89MAC,
2616 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2617 0, 0,
748f2546
RS		 2618 SSL_HIGH,
2619 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
176f85a2 2620 256,
a230b26e
EK		 2621 256,
2622 },
748f2546
RS		 2623 {
2624 1,
2625 "GOST2001-NULL-GOST94",
bbb4ceb8 2626 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
748f2546
RS		 2627 0x3000083,
2628 SSL_kGOST,
2629 SSL_aGOST01,
2630 SSL_eNULL,
2631 SSL_GOST94,
2632 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2633 0, 0,
748f2546
RS		 2634 SSL_STRONG_NONE,
2635 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2636 0,
a230b26e
EK		 2637 0,
2638 },
748f2546
RS		 2639 {
2640 1,
98278b96
NM		 2641 "IANA-GOST2012-GOST8912-GOST8912",
2642 NULL,
2643 0x0300c102,
2644 SSL_kGOST,
2645 SSL_aGOST12 | SSL_aGOST01,
2646 SSL_eGOST2814789CNT12,
2647 SSL_GOST89MAC12,
2648 TLS1_VERSION, TLS1_2_VERSION,
2649 0, 0,
2650 SSL_HIGH,
2651 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2652 256,
2653 256,
2654 },
2655 {
2656 1,
2657 "LEGACY-GOST2012-GOST8912-GOST8912",
bbb4ceb8 2658 NULL,
748f2546
RS		 2659 0x0300ff85,
2660 SSL_kGOST,
2661 SSL_aGOST12 | SSL_aGOST01,
2662 SSL_eGOST2814789CNT12,
2663 SSL_GOST89MAC12,
2664 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2665 0, 0,
748f2546
RS		 2666 SSL_HIGH,
2667 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
176f85a2 2668 256,
a230b26e
EK		 2669 256,
2670 },
748f2546
RS		 2671 {
2672 1,
2673 "GOST2012-NULL-GOST12",
bbb4ceb8 2674 NULL,
748f2546
RS		 2675 0x0300ff87,
2676 SSL_kGOST,
2677 SSL_aGOST12 | SSL_aGOST01,
2678 SSL_eNULL,
2679 SSL_GOST12_256,
2680 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2681 0, 0,
748f2546
RS		 2682 SSL_STRONG_NONE,
2683 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2684 0,
a230b26e
EK		 2685 0,
2686 },
5a5530a2
DB		 2687 {
2688 1,
2689 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2690 NULL,
2691 0x0300C100,
2692 SSL_kGOST18,
2693 SSL_aGOST12,
2694 SSL_KUZNYECHIK,
2695 SSL_KUZNYECHIKOMAC,
2696 TLS1_2_VERSION, TLS1_2_VERSION,
2697 0, 0,
2698 SSL_HIGH,
2699 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2700 256,
2701 256,
2702 },
2703 {
2704 1,
2705 "GOST2012-MAGMA-MAGMAOMAC",
2706 NULL,
2707 0x0300C101,
2708 SSL_kGOST18,
2709 SSL_aGOST12,
2710 SSL_MAGMA,
2711 SSL_MAGMAOMAC,
2712 TLS1_2_VERSION, TLS1_2_VERSION,
2713 0, 0,
2714 SSL_HIGH,
2715 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2716 256,
2717 256,
2718 },
a230b26e 2719#endif /* OPENSSL_NO_GOST */
176f85a2 2720
748f2546 2721#ifndef OPENSSL_NO_IDEA
176f85a2
DSH		 2722 {
2723 1,
748f2546 2724 SSL3_TXT_RSA_IDEA_128_SHA,
bbb4ceb8 2725 SSL3_RFC_RSA_IDEA_128_SHA,
748f2546
RS		 2726 SSL3_CK_RSA_IDEA_128_SHA,
2727 SSL_kRSA,
2728 SSL_aRSA,
2729 SSL_IDEA,
2730 SSL_SHA1,
2731 SSL3_VERSION, TLS1_1_VERSION,
387cf213 2732 DTLS1_BAD_VER, DTLS1_VERSION,
748f2546
RS		 2733 SSL_NOT_DEFAULT | SSL_MEDIUM,
2734 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2735 128,
2736 128,
2737 },
748f2546 2738#endif
176f85a2 2739
748f2546 2740#ifndef OPENSSL_NO_SEED
176f85a2
DSH		 2741 {
2742 1,
748f2546 2743 TLS1_TXT_RSA_WITH_SEED_SHA,
bbb4ceb8 2744 TLS1_RFC_RSA_WITH_SEED_SHA,
748f2546
RS		 2745 TLS1_CK_RSA_WITH_SEED_SHA,
2746 SSL_kRSA,
2747 SSL_aRSA,
2748 SSL_SEED,
2749 SSL_SHA1,
2750 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2751 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2752 SSL_NOT_DEFAULT | SSL_MEDIUM,
2753 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2754 128,
2755 128,
176f85a2 2756 },
176f85a2
DSH		 2757 {
2758 1,
748f2546 2759 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
bbb4ceb8 2760 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
748f2546
RS		 2761 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2762 SSL_kDHE,
2763 SSL_aDSS,
2764 SSL_SEED,
2765 SSL_SHA1,
2766 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2767 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2768 SSL_NOT_DEFAULT | SSL_MEDIUM,
2769 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2770 128,
2771 128,
2772 },
176f85a2
DSH		 2773 {
2774 1,
748f2546 2775 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
bbb4ceb8 2776 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
748f2546
RS		 2777 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2778 SSL_kDHE,
2779 SSL_aRSA,
2780 SSL_SEED,
2781 SSL_SHA1,
2782 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2783 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2784 SSL_NOT_DEFAULT | SSL_MEDIUM,
2785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2786 128,
2787 128,
176f85a2 2788 },
176f85a2
DSH		 2789 {
2790 1,
748f2546 2791 TLS1_TXT_ADH_WITH_SEED_SHA,
bbb4ceb8 2792 TLS1_RFC_ADH_WITH_SEED_SHA,
748f2546
RS		 2793 TLS1_CK_ADH_WITH_SEED_SHA,
2794 SSL_kDHE,
2795 SSL_aNULL,
2796 SSL_SEED,
2797 SSL_SHA1,
2798 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2799 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2800 SSL_NOT_DEFAULT | SSL_MEDIUM,
2801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2802 128,
2803 128,
2804 },
a230b26e 2805#endif /* OPENSSL_NO_SEED */
176f85a2 2806
748f2546
RS		 2807#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2808 {
2809 1,
2810 SSL3_TXT_RSA_RC4_128_MD5,
bbb4ceb8 2811 SSL3_RFC_RSA_RC4_128_MD5,
748f2546
RS		 2812 SSL3_CK_RSA_RC4_128_MD5,
2813 SSL_kRSA,
2814 SSL_aRSA,
2815 SSL_RC4,
2816 SSL_MD5,
2817 SSL3_VERSION, TLS1_2_VERSION,
2818 0, 0,
2819 SSL_NOT_DEFAULT | SSL_MEDIUM,
2820 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2821 128,
2822 128,
2823 },
176f85a2
DSH		 2824 {
2825 1,
748f2546 2826 SSL3_TXT_RSA_RC4_128_SHA,
bbb4ceb8 2827 SSL3_RFC_RSA_RC4_128_SHA,
748f2546
RS		 2828 SSL3_CK_RSA_RC4_128_SHA,
2829 SSL_kRSA,
2830 SSL_aRSA,
2831 SSL_RC4,
2832 SSL_SHA1,
2833 SSL3_VERSION, TLS1_2_VERSION,
2834 0, 0,
2835 SSL_NOT_DEFAULT | SSL_MEDIUM,
2836 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2837 128,
2838 128,
176f85a2 2839 },
176f85a2
DSH		 2840 {
2841 1,
748f2546 2842 SSL3_TXT_ADH_RC4_128_MD5,
bbb4ceb8 2843 SSL3_RFC_ADH_RC4_128_MD5,
748f2546
RS		 2844 SSL3_CK_ADH_RC4_128_MD5,
2845 SSL_kDHE,
2846 SSL_aNULL,
2847 SSL_RC4,
2848 SSL_MD5,
2849 SSL3_VERSION, TLS1_2_VERSION,
2850 0, 0,
2851 SSL_NOT_DEFAULT | SSL_MEDIUM,
2852 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2853 128,
2854 128,
2855 },
176f85a2
DSH		 2856 {
2857 1,
748f2546 2858 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
bbb4ceb8 2859 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
748f2546
RS		 2860 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2861 SSL_kECDHEPSK,
2862 SSL_aPSK,
2863 SSL_RC4,
2864 SSL_SHA1,
fe55c4a2 2865 TLS1_VERSION, TLS1_2_VERSION,
748f2546
RS		 2866 0, 0,
2867 SSL_NOT_DEFAULT | SSL_MEDIUM,
2868 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2869 128,
2870 128,
176f85a2 2871 },
a76ba82c
AP		 2872 {
2873 1,
748f2546 2874 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
bbb4ceb8 2875 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
748f2546 2876 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
a76ba82c 2877 SSL_kECDHE,
748f2546
RS		 2878 SSL_aNULL,
2879 SSL_RC4,
2880 SSL_SHA1,
fe55c4a2 2881 TLS1_VERSION, TLS1_2_VERSION,
748f2546
RS		 2882 0, 0,
2883 SSL_NOT_DEFAULT | SSL_MEDIUM,
2884 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2885 128,
2886 128,
a76ba82c 2887 },
a76ba82c
AP		 2888 {
2889 1,
748f2546 2890 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
bbb4ceb8 2891 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
748f2546 2892 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
a76ba82c
AP		 2893 SSL_kECDHE,
2894 SSL_aECDSA,
748f2546
RS		 2895 SSL_RC4,
2896 SSL_SHA1,
fe55c4a2 2897 TLS1_VERSION, TLS1_2_VERSION,
748f2546
RS		 2898 0, 0,
2899 SSL_NOT_DEFAULT | SSL_MEDIUM,
2900 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2901 128,
2902 128,
a76ba82c 2903 },
a76ba82c
AP		 2904 {
2905 1,
748f2546 2906 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
bbb4ceb8 2907 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
748f2546
RS		 2908 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2909 SSL_kECDHE,
a76ba82c 2910 SSL_aRSA,
748f2546
RS		 2911 SSL_RC4,
2912 SSL_SHA1,
fe55c4a2 2913 TLS1_VERSION, TLS1_2_VERSION,
748f2546
RS		 2914 0, 0,
2915 SSL_NOT_DEFAULT | SSL_MEDIUM,
2916 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2917 128,
2918 128,
a76ba82c 2919 },
a76ba82c
AP		 2920 {
2921 1,
748f2546 2922 TLS1_TXT_PSK_WITH_RC4_128_SHA,
bbb4ceb8 2923 TLS1_RFC_PSK_WITH_RC4_128_SHA,
748f2546 2924 TLS1_CK_PSK_WITH_RC4_128_SHA,
a76ba82c
AP		 2925 SSL_kPSK,
2926 SSL_aPSK,
748f2546
RS		 2927 SSL_RC4,
2928 SSL_SHA1,
2929 SSL3_VERSION, TLS1_2_VERSION,
2930 0, 0,
2931 SSL_NOT_DEFAULT | SSL_MEDIUM,
2932 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2933 128,
2934 128,
a76ba82c 2935 },
a76ba82c
AP		 2936 {
2937 1,
748f2546 2938 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
bbb4ceb8 2939 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
748f2546
RS		 2940 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2941 SSL_kRSAPSK,
2942 SSL_aRSA,
2943 SSL_RC4,
2944 SSL_SHA1,
2945 SSL3_VERSION, TLS1_2_VERSION,
2946 0, 0,
2947 SSL_NOT_DEFAULT | SSL_MEDIUM,
2948 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2949 128,
2950 128,
a76ba82c 2951 },
a76ba82c
AP		 2952 {
2953 1,
748f2546 2954 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
bbb4ceb8 2955 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
748f2546 2956 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
a76ba82c
AP		 2957 SSL_kDHEPSK,
2958 SSL_aPSK,
748f2546
RS		 2959 SSL_RC4,
2960 SSL_SHA1,
2961 SSL3_VERSION, TLS1_2_VERSION,
2962 0, 0,
2963 SSL_NOT_DEFAULT | SSL_MEDIUM,
2964 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2965 128,
2966 128,
a76ba82c 2967 },
a230b26e 2968#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
e44380a9 2969
bc326738
JS		 2970#ifndef OPENSSL_NO_ARIA
2971 {
2972 1,
2973 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2974 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2975 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2976 SSL_kRSA,
2977 SSL_aRSA,
2978 SSL_ARIA128GCM,
2979 SSL_AEAD,
2980 TLS1_2_VERSION, TLS1_2_VERSION,
2981 DTLS1_2_VERSION, DTLS1_2_VERSION,
2982 SSL_NOT_DEFAULT | SSL_HIGH,
2983 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2984 128,
2985 128,
2986 },
2987 {
2988 1,
2989 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2990 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2991 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2992 SSL_kRSA,
2993 SSL_aRSA,
2994 SSL_ARIA256GCM,
2995 SSL_AEAD,
2996 TLS1_2_VERSION, TLS1_2_VERSION,
2997 DTLS1_2_VERSION, DTLS1_2_VERSION,
2998 SSL_NOT_DEFAULT | SSL_HIGH,
2999 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3000 256,
3001 256,
3002 },
3003 {
3004 1,
3005 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3006 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3007 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3008 SSL_kDHE,
3009 SSL_aRSA,
3010 SSL_ARIA128GCM,
3011 SSL_AEAD,
3012 TLS1_2_VERSION, TLS1_2_VERSION,
3013 DTLS1_2_VERSION, DTLS1_2_VERSION,
3014 SSL_NOT_DEFAULT | SSL_HIGH,
3015 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3016 128,
3017 128,
3018 },
3019 {
3020 1,
3021 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3022 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3023 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3024 SSL_kDHE,
3025 SSL_aRSA,
3026 SSL_ARIA256GCM,
3027 SSL_AEAD,
3028 TLS1_2_VERSION, TLS1_2_VERSION,
3029 DTLS1_2_VERSION, DTLS1_2_VERSION,
3030 SSL_NOT_DEFAULT | SSL_HIGH,
3031 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3032 256,
3033 256,
3034 },
3035 {
3036 1,
3037 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3038 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3039 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3040 SSL_kDHE,
3041 SSL_aDSS,
3042 SSL_ARIA128GCM,
3043 SSL_AEAD,
3044 TLS1_2_VERSION, TLS1_2_VERSION,
3045 DTLS1_2_VERSION, DTLS1_2_VERSION,
3046 SSL_NOT_DEFAULT | SSL_HIGH,
3047 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3048 128,
3049 128,
3050 },
3051 {
3052 1,
3053 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3054 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3055 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3056 SSL_kDHE,
3057 SSL_aDSS,
3058 SSL_ARIA256GCM,
3059 SSL_AEAD,
3060 TLS1_2_VERSION, TLS1_2_VERSION,
3061 DTLS1_2_VERSION, DTLS1_2_VERSION,
3062 SSL_NOT_DEFAULT | SSL_HIGH,
3063 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3064 256,
3065 256,
3066 },
3067 {
3068 1,
3069 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3070 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3071 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3072 SSL_kECDHE,
3073 SSL_aECDSA,
3074 SSL_ARIA128GCM,
3075 SSL_AEAD,
3076 TLS1_2_VERSION, TLS1_2_VERSION,
3077 DTLS1_2_VERSION, DTLS1_2_VERSION,
3078 SSL_NOT_DEFAULT | SSL_HIGH,
3079 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3080 128,
3081 128,
3082 },
3083 {
3084 1,
3085 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3086 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3087 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3088 SSL_kECDHE,
3089 SSL_aECDSA,
3090 SSL_ARIA256GCM,
3091 SSL_AEAD,
3092 TLS1_2_VERSION, TLS1_2_VERSION,
3093 DTLS1_2_VERSION, DTLS1_2_VERSION,
3094 SSL_NOT_DEFAULT | SSL_HIGH,
3095 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3096 256,
3097 256,
3098 },
bc326738
JS		 3099 {
3100 1,
3101 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3102 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3103 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3104 SSL_kECDHE,
3105 SSL_aRSA,
3106 SSL_ARIA128GCM,
3107 SSL_AEAD,
3108 TLS1_2_VERSION, TLS1_2_VERSION,
3109 DTLS1_2_VERSION, DTLS1_2_VERSION,
3110 SSL_NOT_DEFAULT | SSL_HIGH,
3111 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3112 128,
3113 128,
3114 },
3115 {
3116 1,
3117 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3118 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3119 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3120 SSL_kECDHE,
3121 SSL_aRSA,
3122 SSL_ARIA256GCM,
3123 SSL_AEAD,
3124 TLS1_2_VERSION, TLS1_2_VERSION,
3125 DTLS1_2_VERSION, DTLS1_2_VERSION,
3126 SSL_NOT_DEFAULT | SSL_HIGH,
3127 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3128 256,
3129 256,
3130 },
3131 {
3132 1,
3133 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3134 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3135 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3136 SSL_kPSK,
3137 SSL_aPSK,
3138 SSL_ARIA128GCM,
3139 SSL_AEAD,
3140 TLS1_2_VERSION, TLS1_2_VERSION,
3141 DTLS1_2_VERSION, DTLS1_2_VERSION,
3142 SSL_NOT_DEFAULT | SSL_HIGH,
3143 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3144 128,
3145 128,
3146 },
3147 {
3148 1,
3149 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3150 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3151 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3152 SSL_kPSK,
3153 SSL_aPSK,
3154 SSL_ARIA256GCM,
3155 SSL_AEAD,
3156 TLS1_2_VERSION, TLS1_2_VERSION,
3157 DTLS1_2_VERSION, DTLS1_2_VERSION,
3158 SSL_NOT_DEFAULT | SSL_HIGH,
3159 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3160 256,
3161 256,
3162 },
3163 {
3164 1,
3165 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3166 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3167 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3168 SSL_kDHEPSK,
3169 SSL_aPSK,
3170 SSL_ARIA128GCM,
3171 SSL_AEAD,
3172 TLS1_2_VERSION, TLS1_2_VERSION,
3173 DTLS1_2_VERSION, DTLS1_2_VERSION,
3174 SSL_NOT_DEFAULT | SSL_HIGH,
3175 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3176 128,
3177 128,
3178 },
3179 {
3180 1,
3181 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3182 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3183 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3184 SSL_kDHEPSK,
3185 SSL_aPSK,
3186 SSL_ARIA256GCM,
3187 SSL_AEAD,
3188 TLS1_2_VERSION, TLS1_2_VERSION,
3189 DTLS1_2_VERSION, DTLS1_2_VERSION,
3190 SSL_NOT_DEFAULT | SSL_HIGH,
3191 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3192 256,
3193 256,
3194 },
bc326738
JS		 3195 {
3196 1,
3197 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3198 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3199 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3200 SSL_kRSAPSK,
3201 SSL_aRSA,
3202 SSL_ARIA128GCM,
3203 SSL_AEAD,
3204 TLS1_2_VERSION, TLS1_2_VERSION,
3205 DTLS1_2_VERSION, DTLS1_2_VERSION,
3206 SSL_NOT_DEFAULT | SSL_HIGH,
3207 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3208 128,
3209 128,
3210 },
3211 {
3212 1,
3213 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3214 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3215 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3216 SSL_kRSAPSK,
3217 SSL_aRSA,
3218 SSL_ARIA256GCM,
3219 SSL_AEAD,
3220 TLS1_2_VERSION, TLS1_2_VERSION,
3221 DTLS1_2_VERSION, DTLS1_2_VERSION,
3222 SSL_NOT_DEFAULT | SSL_HIGH,
3223 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3224 256,
3225 256,
3226 },
3227#endif /* OPENSSL_NO_ARIA */
0f113f3e
MC		 3228};
3229
650c6e41
BK		 3230/*
3231 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3232 * values stuffed into the ciphers field of the wire protocol for signalling
3233 * purposes.
3234 */
3235static SSL_CIPHER ssl3_scsvs[] = {
3236 {
3237 0,
3238 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
bbb4ceb8 3239 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
650c6e41
BK		 3240 SSL3_CK_SCSV,
3241 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3242 },
3243 {
3244 0,
3245 "TLS_FALLBACK_SCSV",
bbb4ceb8 3246 "TLS_FALLBACK_SCSV",
650c6e41
BK		 3247 SSL3_CK_FALLBACK_SCSV,
3248 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3249 },
3250};
3251
748f2546
RS		 3252static int cipher_compare(const void *a, const void *b)
3253{
3254 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3255 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3256
a7ff5796
RL		 3257 if (ap->id == bp->id)
3258 return 0;
3259 return ap->id < bp->id ? -1 : 1;
748f2546
RS		 3260}
3261
3262void ssl_sort_cipher_list(void)
3263{
f865b081
MC		 3264 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3265 cipher_compare);
cbe29648 3266 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
748f2546 3267 cipher_compare);
cbe29648 3268 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
748f2546
RS		 3269}
3270
fce78bd4
BE		 3271static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3272 const char * t, size_t u,
3273 const unsigned char * v, size_t w, int x)
3274{
3275 (void)r;
3276 (void)s;
3277 (void)t;
3278 (void)u;
3279 (void)v;
3280 (void)w;
3281 (void)x;
3282 return ssl_undefined_function(ssl);
3283}
3284
0f113f3e
MC		 3285const SSL3_ENC_METHOD SSLv3_enc_data = {
3286 ssl3_enc,
3287 n_ssl3_mac,
3288 ssl3_setup_key_block,
3289 ssl3_generate_master_secret,
3290 ssl3_change_cipher_state,
3291 ssl3_final_finish_mac,
0f113f3e
MC		 3292 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3293 SSL3_MD_SERVER_FINISHED_CONST, 4,
3294 ssl3_alert_code,
fce78bd4 3295 ssl_undefined_function_1,
0f113f3e 3296 0,
a29fa98c 3297 ssl3_set_handshake_header,
2c7b4dbc 3298 tls_close_construct_packet,
0f113f3e
MC		 3299 ssl3_handshake_write
3300};
58964a49 3301
f3b656b2 3302long ssl3_default_timeout(void)
0f113f3e
MC		 3303{
3304 /*
3305 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3306 * http, the cache would over fill
3307 */
3308 return (60 * 60 * 2);
3309}
d02b48c6 3310
6b691a5c 3311int ssl3_num_ciphers(void)
0f113f3e 3312{
26a7d938 3313 return SSL3_NUM_CIPHERS;
0f113f3e 3314}
d02b48c6 3315
babb3798 3316const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
0f113f3e
MC		 3317{
3318 if (u < SSL3_NUM_CIPHERS)
26a7d938 3319 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
0f113f3e 3320 else
26a7d938 3321 return NULL;
0f113f3e 3322}
d02b48c6 3323
a29fa98c 3324int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
2c7b4dbc 3325{
4a01c59f
MC		 3326 /* No header in the event of a CCS */
3327 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3328 return 1;
3329
2c7b4dbc 3330 /* Set the content type and 3 bytes for the message len */
08029dfa 3331 if (!WPACKET_put_bytes_u8(pkt, htype)
de451856 3332 || !WPACKET_start_sub_packet_u24(pkt))
2c7b4dbc
MC		 3333 return 0;
3334
3335 return 1;
3336}
3337
173e72e6 3338int ssl3_handshake_write(SSL *s)
0f113f3e
MC		 3339{
3340 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3341}
173e72e6 3342
6b691a5c 3343int ssl3_new(SSL *s)
0f113f3e 3344{
edc032b5 3345#ifndef OPENSSL_NO_SRP
61986d32 3346 if (!SSL_SRP_CTX_init(s))
e8fb288c 3347 return 0;
edc032b5 3348#endif
b77f3ed1
MC		 3349
3350 if (!s->method->ssl_clear(s))
3351 return 0;
3352
a89325e4 3353 return 1;
0f113f3e 3354}
d02b48c6 3355
6b691a5c 3356void ssl3_free(SSL *s)
0f113f3e 3357{
555cbb32 3358 if (s == NULL)
0f113f3e 3359 return;
e03ddfae 3360
0f113f3e 3361 ssl3_cleanup_key_block(s);
8d92c1f8 3362
fb79abe3 3363#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
555cbb32
TS		 3364 EVP_PKEY_free(s->s3.peer_tmp);
3365 s->s3.peer_tmp = NULL;
3366 EVP_PKEY_free(s->s3.tmp.pkey);
3367 s->s3.tmp.pkey = NULL;
ea262260
BM		 3368#endif
3369
c8f6c28a
MC		 3370 ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
3371 ssl_evp_md_free(s->s3.tmp.new_hash);
3372
555cbb32
TS		 3373 OPENSSL_free(s->s3.tmp.ctype);
3374 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3375 OPENSSL_free(s->s3.tmp.ciphers_raw);
3376 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3377 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3378 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
85fb6fda 3379 ssl3_free_digest_list(s);
555cbb32
TS		 3380 OPENSSL_free(s->s3.alpn_selected);
3381 OPENSSL_free(s->s3.alpn_proposed);
6f017a8f 3382
edc032b5 3383#ifndef OPENSSL_NO_SRP
0f113f3e 3384 SSL_SRP_CTX_free(s);
edc032b5 3385#endif
555cbb32 3386 memset(&s->s3, 0, sizeof(s->s3));
0f113f3e 3387}
d02b48c6 3388
b77f3ed1 3389int ssl3_clear(SSL *s)
0f113f3e 3390{
0f113f3e 3391 ssl3_cleanup_key_block(s);
555cbb32
TS		 3392 OPENSSL_free(s->s3.tmp.ctype);
3393 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3394 OPENSSL_free(s->s3.tmp.ciphers_raw);
3395 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3396 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3397 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
d02b48c6 3398
fb79abe3 3399#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
555cbb32
TS		 3400 EVP_PKEY_free(s->s3.tmp.pkey);
3401 EVP_PKEY_free(s->s3.peer_tmp);
a230b26e 3402#endif /* !OPENSSL_NO_EC */
0f113f3e 3403
85fb6fda 3404 ssl3_free_digest_list(s);
e481f9b9 3405
555cbb32
TS		 3406 OPENSSL_free(s->s3.alpn_selected);
3407 OPENSSL_free(s->s3.alpn_proposed);
e481f9b9 3408
817cd0d5 3409 /* NULL/zero-out everything in the s3 struct */
555cbb32 3410 memset(&s->s3, 0, sizeof(s->s3));
0f113f3e 3411
b77f3ed1
MC		 3412 if (!ssl_free_wbio_buffer(s))
3413 return 0;
0f113f3e 3414
0f113f3e 3415 s->version = SSL3_VERSION;
ee2ffc27 3416
e481f9b9 3417#if !defined(OPENSSL_NO_NEXTPROTONEG)
aff8c126
RS		 3418 OPENSSL_free(s->ext.npn);
3419 s->ext.npn = NULL;
3420 s->ext.npn_len = 0;
ee2ffc27 3421#endif
b77f3ed1
MC		 3422
3423 return 1;
0f113f3e 3424}
d02b48c6 3425
edc032b5 3426#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3427static char *srp_password_from_info_cb(SSL *s, void *arg)
3428{
7644a9ae 3429 return OPENSSL_strdup(s->srp_ctx.info);
0f113f3e 3430}
edc032b5
BL		 3431#endif
3432
5b5eea4b
SL		 3433#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
3434static int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
3435 EVP_PKEY *pkey)
3436{
3437 char name[80];
3438 int nid, ret = 0;
3439 size_t name_len;
3440
3441 if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
3442 name, sizeof(name), &name_len)) {
3443 SSLerr(0, EC_R_MISSING_PARAMETERS);
3444 return 0;
3445 }
3446 nid = OBJ_txt2nid(name);
3447 if (nid == NID_undef)
3448 goto end;
3449 ret = tls1_set_groups(pext, pextlen, &nid, 1);
3450end:
3451 EVP_PKEY_free(pkey);
3452 return ret;
3453}
3454#endif
3455
a230b26e 3456static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
9f27b1ee 3457
a661b653 3458long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
0f113f3e
MC		 3459{
3460 int ret = 0;
58964a49 3461
0f113f3e 3462 switch (cmd) {
0f113f3e
MC		 3463 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3464 break;
3465 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
555cbb32 3466 ret = s->s3.num_renegotiations;
0f113f3e
MC		 3467 break;
3468 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
555cbb32
TS		 3469 ret = s->s3.num_renegotiations;
3470 s->s3.num_renegotiations = 0;
0f113f3e
MC		 3471 break;
3472 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
555cbb32 3473 ret = s->s3.total_renegotiations;
0f113f3e
MC		 3474 break;
3475 case SSL_CTRL_GET_FLAGS:
555cbb32 3476 ret = (int)(s->s3.flags);
0f113f3e 3477 break;
13c45372 3478#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
0f113f3e
MC		 3479 case SSL_CTRL_SET_TMP_DH:
3480 {
e2b420fd 3481 EVP_PKEY *pkdh = NULL;
1b2b4755 3482 if (parg == NULL) {
6849b73c 3483 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
d9720a59 3484 return 0;
0f113f3e 3485 }
1b2b4755 3486 pkdh = ssl_dh_to_pkey(parg);
e2b420fd 3487 if (pkdh == NULL) {
6849b73c 3488 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
e2b420fd
DSH		 3489 return 0;
3490 }
163f6dc1 3491 return SSL_set0_tmp_dh_pkey(s, pkdh);
0f113f3e
MC		 3492 }
3493 break;
3494 case SSL_CTRL_SET_TMP_DH_CB:
3495 {
6849b73c 3496 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
26a7d938 3497 return ret;
0f113f3e 3498 }
5b5eea4b 3499#endif
0f113f3e
MC		 3500 case SSL_CTRL_SET_DH_AUTO:
3501 s->cert->dh_tmp_auto = larg;
3502 return 1;
5b5eea4b 3503#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
0f113f3e
MC		 3504 case SSL_CTRL_SET_TMP_ECDH:
3505 {
5b5eea4b 3506 EVP_PKEY *pkecdh = NULL;
0f113f3e
MC		 3507
3508 if (parg == NULL) {
6849b73c 3509 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
6977e8ee 3510 return 0;
0f113f3e 3511 }
5b5eea4b
SL		 3512 pkecdh = ssl_ecdh_to_pkey(parg);
3513 if (pkecdh == NULL) {
3514 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
6977e8ee 3515 return 0;
0f113f3e 3516 }
5b5eea4b
SL		 3517 return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
3518 &s->ext.supportedgroups_len,
3519 pkecdh);
0f113f3e 3520 }
10bf4fc2 3521#endif /* !OPENSSL_NO_EC */
0f113f3e 3522 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
c5d1fb78
BK		 3523 /*
3524 * TODO(OpenSSL1.2)
3525 * This API is only used for a client to set what SNI it will request
3526 * from the server, but we currently allow it to be used on servers
3527 * as well, which is a programming error. Currently we just clear
3528 * the field in SSL_do_handshake() for server SSLs, but when we can
3529 * make ABI-breaking changes, we may want to make use of this API
3530 * an error on server SSLs.
3531 */
0f113f3e 3532 if (larg == TLSEXT_NAMETYPE_host_name) {
0982ecaa
VD		 3533 size_t len;
3534
aff8c126
RS		 3535 OPENSSL_free(s->ext.hostname);
3536 s->ext.hostname = NULL;
0f113f3e
MC		 3537
3538 ret = 1;
3539 if (parg == NULL)
3540 break;
0982ecaa
VD		 3541 len = strlen((char *)parg);
3542 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
6849b73c 3543 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
0f113f3e
MC		 3544 return 0;
3545 }
aff8c126 3546 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
6849b73c 3547 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
0f113f3e
MC		 3548 return 0;
3549 }
3550 } else {
6849b73c 3551 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
0f113f3e
MC		 3552 return 0;
3553 }
3554 break;
3555 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
aff8c126 3556 s->ext.debug_arg = parg;
0f113f3e
MC		 3557 ret = 1;
3558 break;
3559
4300aaf3 3560 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
aff8c126 3561 ret = s->ext.status_type;
4300aaf3
AG		 3562 break;
3563
0f113f3e 3564 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
aff8c126 3565 s->ext.status_type = larg;
0f113f3e
MC		 3566 ret = 1;
3567 break;
3568
3569 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
aff8c126 3570 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
0f113f3e
MC		 3571 ret = 1;
3572 break;
3573
3574 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
aff8c126 3575 s->ext.ocsp.exts = parg;
0f113f3e
MC		 3576 ret = 1;
3577 break;
3578
3579 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
aff8c126 3580 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
0f113f3e
MC		 3581 ret = 1;
3582 break;
3583
3584 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
aff8c126 3585 s->ext.ocsp.ids = parg;
0f113f3e
MC		 3586 ret = 1;
3587 break;
3588
3589 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
aff8c126
RS		 3590 *(unsigned char **)parg = s->ext.ocsp.resp;
3591 if (s->ext.ocsp.resp_len == 0
3592 || s->ext.ocsp.resp_len > LONG_MAX)
8b0e934a 3593 return -1;
aff8c126 3594 return (long)s->ext.ocsp.resp_len;
0f113f3e
MC		 3595
3596 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
aff8c126
RS		 3597 OPENSSL_free(s->ext.ocsp.resp);
3598 s->ext.ocsp.resp = parg;
3599 s->ext.ocsp.resp_len = larg;
0f113f3e
MC		 3600 ret = 1;
3601 break;
3602
0f113f3e
MC		 3603 case SSL_CTRL_CHAIN:
3604 if (larg)
3605 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3606 else
3607 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3608
3609 case SSL_CTRL_CHAIN_CERT:
3610 if (larg)
3611 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3612 else
3613 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3614
3615 case SSL_CTRL_GET_CHAIN_CERTS:
3616 *(STACK_OF(X509) **)parg = s->cert->key->chain;
7bc82358 3617 ret = 1;
0f113f3e
MC		 3618 break;
3619
3620 case SSL_CTRL_SELECT_CURRENT_CERT:
3621 return ssl_cert_select_current(s->cert, (X509 *)parg);
3622
3623 case SSL_CTRL_SET_CURRENT_CERT:
3624 if (larg == SSL_CERT_SET_SERVER) {
0f113f3e
MC		 3625 const SSL_CIPHER *cipher;
3626 if (!s->server)
3627 return 0;
555cbb32 3628 cipher = s->s3.tmp.new_cipher;
f365a3e2 3629 if (cipher == NULL)
0f113f3e
MC		 3630 return 0;
3631 /*
3632 * No certificate for unauthenticated ciphersuites or using SRP
3633 * authentication
3634 */
3635 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3636 return 2;
555cbb32 3637 if (s->s3.tmp.cert == NULL)
0f113f3e 3638 return 0;
555cbb32 3639 s->cert->key = s->s3.tmp.cert;
0f113f3e
MC		 3640 return 1;
3641 }
3642 return ssl_cert_set_current(s->cert, larg);
0f78819c 3643
65dc5c3c 3644#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
de4d764e 3645 case SSL_CTRL_GET_GROUPS:
0f113f3e 3646 {
9e84a42d 3647 uint16_t *clist;
0f113f3e 3648 size_t clistlen;
aff8c126 3649
0f113f3e
MC		 3650 if (!s->session)
3651 return 0;
45436e61
MC		 3652 clist = s->ext.peer_supportedgroups;
3653 clistlen = s->ext.peer_supportedgroups_len;
0f113f3e
MC		 3654 if (parg) {
3655 size_t i;
3656 int *cptr = parg;
43b95d73 3657
0f113f3e 3658 for (i = 0; i < clistlen; i++) {
9d2d857f
MC		 3659 const TLS_GROUP_INFO *cinf
3660 = tls1_group_id_lookup(s->ctx, clist[i]);
3661
260009d8
MC		 3662 if (cinf != NULL)
3663 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3664 else
9e84a42d 3665 cptr[i] = TLSEXT_nid_unknown | clist[i];
0f113f3e
MC		 3666 }
3667 }
3668 return (int)clistlen;
3669 }
3670
de4d764e 3671 case SSL_CTRL_SET_GROUPS:
aff8c126
RS		 3672 return tls1_set_groups(&s->ext.supportedgroups,
3673 &s->ext.supportedgroups_len, parg, larg);
0f113f3e 3674
de4d764e 3675 case SSL_CTRL_SET_GROUPS_LIST:
260009d8 3676 return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups,
aff8c126 3677 &s->ext.supportedgroups_len, parg);
0f113f3e 3678
de4d764e 3679 case SSL_CTRL_GET_SHARED_GROUP:
43b95d73
DSH		 3680 {
3681 uint16_t id = tls1_shared_group(s, larg);
0f113f3e 3682
84d4b9e3 3683 if (larg != -1)
260009d8 3684 return tls1_group_id2nid(id, 1);
43b95d73
DSH		 3685 return id;
3686 }
84d4b9e3 3687 case SSL_CTRL_GET_NEGOTIATED_GROUP:
260009d8 3688 ret = tls1_group_id2nid(s->s3.group_id, 1);
84d4b9e3 3689 break;
65dc5c3c 3690#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
dbc6268f 3691
0f113f3e
MC		 3692 case SSL_CTRL_SET_SIGALGS:
3693 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3694
3695 case SSL_CTRL_SET_SIGALGS_LIST:
3696 return tls1_set_sigalgs_list(s->cert, parg, 0);
3697
3698 case SSL_CTRL_SET_CLIENT_SIGALGS:
3699 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3700
3701 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3702 return tls1_set_sigalgs_list(s->cert, parg, 1);
3703
3704 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3705 {
3706 const unsigned char **pctype = parg;
555cbb32 3707 if (s->server || !s->s3.tmp.cert_req)
0f113f3e 3708 return 0;
0f113f3e 3709 if (pctype)
555cbb32
TS		 3710 *pctype = s->s3.tmp.ctype;
3711 return s->s3.tmp.ctype_len;
0f113f3e
MC		 3712 }
3713
3714 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3715 if (!s->server)
3716 return 0;
3717 return ssl3_set_req_cert_type(s->cert, parg, larg);
3718
3719 case SSL_CTRL_BUILD_CERT_CHAIN:
3720 return ssl_build_cert_chain(s, NULL, larg);
3721
3722 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3723 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3724
3725 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3726 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3727
3728 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
555cbb32 3729 if (s->s3.tmp.peer_sigalg == NULL)
0f113f3e 3730 return 0;
555cbb32 3731 *(int *)parg = s->s3.tmp.peer_sigalg->hash;
f742cda8 3732 return 1;
0f113f3e 3733
a51c9f63 3734 case SSL_CTRL_GET_SIGNATURE_NID:
555cbb32 3735 if (s->s3.tmp.sigalg == NULL)
a51c9f63 3736 return 0;
555cbb32 3737 *(int *)parg = s->s3.tmp.sigalg->hash;
a51c9f63
VD		 3738 return 1;
3739
3740 case SSL_CTRL_GET_PEER_TMP_KEY:
fb79abe3 3741#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
555cbb32 3742 if (s->session == NULL || s->s3.peer_tmp == NULL) {
0f113f3e 3743 return 0;
fb79abe3 3744 } else {
555cbb32
TS		 3745 EVP_PKEY_up_ref(s->s3.peer_tmp);
3746 *(EVP_PKEY **)parg = s->s3.peer_tmp;
fb79abe3 3747 return 1;
0f113f3e 3748 }
fb79abe3
DSH		 3749#else
3750 return 0;
3751#endif
a51c9f63
VD		 3752
3753 case SSL_CTRL_GET_TMP_KEY:
3754#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
555cbb32 3755 if (s->session == NULL || s->s3.tmp.pkey == NULL) {
a51c9f63
VD		 3756 return 0;
3757 } else {
555cbb32
TS		 3758 EVP_PKEY_up_ref(s->s3.tmp.pkey);
3759 *(EVP_PKEY **)parg = s->s3.tmp.pkey;
a51c9f63
VD		 3760 return 1;
3761 }
3762#else
3763 return 0;
3764#endif
3765
14536c8c 3766#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3767 case SSL_CTRL_GET_EC_POINT_FORMATS:
3768 {
0f113f3e 3769 const unsigned char **pformat = parg;
aff8c126 3770
cd0fb43c 3771 if (s->ext.peer_ecpointformats == NULL)
0f113f3e 3772 return 0;
cd0fb43c
MC		 3773 *pformat = s->ext.peer_ecpointformats;
3774 return (int)s->ext.peer_ecpointformats_len;
0f113f3e 3775 }
14536c8c 3776#endif
cf6da053 3777
0f113f3e
MC		 3778 default:
3779 break;
3780 }
26a7d938 3781 return ret;
0f113f3e
MC		 3782}
3783
3784long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3785{
3786 int ret = 0;
d3442bc7 3787
0f113f3e 3788 switch (cmd) {
1b2b4755 3789#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
0f113f3e 3790 case SSL_CTRL_SET_TMP_DH_CB:
1072041b
MC		 3791 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3792 ret = 1;
0f113f3e 3793 break;
6434abbf 3794#endif
0f113f3e 3795 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
aff8c126 3796 s->ext.debug_cb = (void (*)(SSL *, int, int,
1ed327f7 3797 const unsigned char *, int, void *))fp;
1072041b 3798 ret = 1;
0f113f3e 3799 break;
e481f9b9 3800
0f113f3e 3801 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
1072041b
MC		 3802 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3803 ret = 1;
0f113f3e
MC		 3804 break;
3805 default:
3806 break;
3807 }
26a7d938 3808 return ret;
0f113f3e 3809}
d02b48c6 3810
a661b653 3811long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
0f113f3e 3812{
0f113f3e 3813 switch (cmd) {
1b2b4755 3814#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
0f113f3e
MC		 3815 case SSL_CTRL_SET_TMP_DH:
3816 {
e2b420fd 3817 EVP_PKEY *pkdh = NULL;
1b2b4755 3818 if (parg == NULL) {
6849b73c 3819 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
0f113f3e
MC		 3820 return 0;
3821 }
1b2b4755 3822 pkdh = ssl_dh_to_pkey(parg);
e2b420fd 3823 if (pkdh == NULL) {
6849b73c 3824 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 3825 return 0;
3826 }
163f6dc1 3827 return SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh);
0f113f3e 3828 }
0f113f3e
MC		 3829 case SSL_CTRL_SET_TMP_DH_CB:
3830 {
6849b73c 3831 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
26a7d938 3832 return 0;
0f113f3e 3833 }
1b2b4755 3834#endif
0f113f3e
MC		 3835 case SSL_CTRL_SET_DH_AUTO:
3836 ctx->cert->dh_tmp_auto = larg;
3837 return 1;
5b5eea4b 3838#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
0f113f3e
MC		 3839 case SSL_CTRL_SET_TMP_ECDH:
3840 {
5b5eea4b 3841 EVP_PKEY *pkecdh = NULL;
0f113f3e
MC		 3842
3843 if (parg == NULL) {
6849b73c 3844 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
0f113f3e
MC		 3845 return 0;
3846 }
5b5eea4b
SL		 3847 pkecdh = ssl_ecdh_to_pkey(parg);
3848 if (pkecdh == NULL) {
3849 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 3850 return 0;
3851 }
5b5eea4b
SL		 3852 return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3853 &ctx->ext.supportedgroups_len,
3854 pkecdh);
0f113f3e 3855 }
10bf4fc2 3856#endif /* !OPENSSL_NO_EC */
0f113f3e 3857 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
aff8c126 3858 ctx->ext.servername_arg = parg;
0f113f3e
MC		 3859 break;
3860 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3861 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3862 {
3863 unsigned char *keys = parg;
aff8c126 3864 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
4bfb96f2
TS		 3865 sizeof(ctx->ext.secure->tick_hmac_key) +
3866 sizeof(ctx->ext.secure->tick_aes_key));
d139723b 3867 if (keys == NULL)
aff8c126
RS		 3868 return tick_keylen;
3869 if (larg != tick_keylen) {
6849b73c 3870 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
0f113f3e
MC		 3871 return 0;
3872 }
3873 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
aff8c126
RS		 3874 memcpy(ctx->ext.tick_key_name, keys,
3875 sizeof(ctx->ext.tick_key_name));
4bfb96f2 3876 memcpy(ctx->ext.secure->tick_hmac_key,
aff8c126 3877 keys + sizeof(ctx->ext.tick_key_name),
4bfb96f2
TS		 3878 sizeof(ctx->ext.secure->tick_hmac_key));
3879 memcpy(ctx->ext.secure->tick_aes_key,
aff8c126 3880 keys + sizeof(ctx->ext.tick_key_name) +
4bfb96f2
TS		 3881 sizeof(ctx->ext.secure->tick_hmac_key),
3882 sizeof(ctx->ext.secure->tick_aes_key));
0f113f3e 3883 } else {
aff8c126
RS		 3884 memcpy(keys, ctx->ext.tick_key_name,
3885 sizeof(ctx->ext.tick_key_name));
3886 memcpy(keys + sizeof(ctx->ext.tick_key_name),
4bfb96f2
TS		 3887 ctx->ext.secure->tick_hmac_key,
3888 sizeof(ctx->ext.secure->tick_hmac_key));
aff8c126 3889 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
4bfb96f2
TS		 3890 sizeof(ctx->ext.secure->tick_hmac_key),
3891 ctx->ext.secure->tick_aes_key,
3892 sizeof(ctx->ext.secure->tick_aes_key));
0f113f3e
MC		 3893 }
3894 return 1;
3895 }
3896
30b96765 3897 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
aff8c126 3898 return ctx->ext.status_type;
30b96765 3899
ba261f71 3900 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
aff8c126 3901 ctx->ext.status_type = larg;
ba261f71 3902 break;
3903
0f113f3e 3904 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
aff8c126 3905 ctx->ext.status_arg = parg;
0f113f3e 3906 return 1;
0f113f3e 3907
fddfc0af 3908 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
aff8c126 3909 *(void**)parg = ctx->ext.status_arg;
fddfc0af
RG		 3910 break;
3911
3912 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
aff8c126 3913 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
fddfc0af
RG		 3914 break;
3915
e481f9b9 3916#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3917 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3918 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
b548a1f1 3919 OPENSSL_free(ctx->srp_ctx.login);
0f113f3e
MC		 3920 ctx->srp_ctx.login = NULL;
3921 if (parg == NULL)
3922 break;
a230b26e 3923 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
6849b73c 3924 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
0f113f3e
MC		 3925 return 0;
3926 }
7644a9ae 3927 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
6849b73c 3928 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
0f113f3e
MC		 3929 return 0;
3930 }
3931 break;
3932 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3933 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3934 srp_password_from_info_cb;
e655f549
DSC		 3935 if (ctx->srp_ctx.info != NULL)
3936 OPENSSL_free(ctx->srp_ctx.info);
3d484574 3937 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
6849b73c 3938 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
e655f549
DSC		 3939 return 0;
3940 }
0f113f3e
MC		 3941 break;
3942 case SSL_CTRL_SET_SRP_ARG:
3943 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3944 ctx->srp_ctx.SRP_cb_arg = parg;
3945 break;
3946
3947 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3948 ctx->srp_ctx.strength = larg;
3949 break;
e481f9b9 3950#endif
0f113f3e 3951
65dc5c3c 3952#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
de4d764e 3953 case SSL_CTRL_SET_GROUPS:
aff8c126
RS		 3954 return tls1_set_groups(&ctx->ext.supportedgroups,
3955 &ctx->ext.supportedgroups_len,
0f113f3e
MC		 3956 parg, larg);
3957
de4d764e 3958 case SSL_CTRL_SET_GROUPS_LIST:
260009d8 3959 return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
aff8c126 3960 &ctx->ext.supportedgroups_len,
0f113f3e 3961 parg);
65dc5c3c 3962#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
dbc6268f 3963
0f113f3e
MC		 3964 case SSL_CTRL_SET_SIGALGS:
3965 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3966
3967 case SSL_CTRL_SET_SIGALGS_LIST:
3968 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3969
3970 case SSL_CTRL_SET_CLIENT_SIGALGS:
3971 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3972
3973 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3974 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3975
3976 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3977 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3978
3979 case SSL_CTRL_BUILD_CERT_CHAIN:
3980 return ssl_build_cert_chain(NULL, ctx, larg);
3981
3982 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3983 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3984
3985 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3986 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3987
0f113f3e
MC		 3988 /* A Thawte special :-) */
3989 case SSL_CTRL_EXTRA_CHAIN_CERT:
3990 if (ctx->extra_certs == NULL) {
3c82e437 3991 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
6849b73c 3992 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3c82e437
F		 3993 return 0;
3994 }
3995 }
3996 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
6849b73c 3997 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3c82e437 3998 return 0;
0f113f3e 3999 }
0f113f3e
MC		 4000 break;
4001
4002 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4003 if (ctx->extra_certs == NULL && larg == 0)
4004 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4005 else
4006 *(STACK_OF(X509) **)parg = ctx->extra_certs;
4007 break;
4008
4009 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
222561fe
RS		 4010 sk_X509_pop_free(ctx->extra_certs, X509_free);
4011 ctx->extra_certs = NULL;
0f113f3e
MC		 4012 break;
4013
4014 case SSL_CTRL_CHAIN:
4015 if (larg)
4016 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4017 else
4018 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4019
4020 case SSL_CTRL_CHAIN_CERT:
4021 if (larg)
4022 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4023 else
4024 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4025
4026 case SSL_CTRL_GET_CHAIN_CERTS:
4027 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4028 break;
4029
4030 case SSL_CTRL_SELECT_CURRENT_CERT:
4031 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4032
4033 case SSL_CTRL_SET_CURRENT_CERT:
4034 return ssl_cert_set_current(ctx->cert, larg);
4035
4036 default:
26a7d938 4037 return 0;
0f113f3e 4038 }
208fb891 4039 return 1;
0f113f3e
MC		 4040}
4041
4042long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4043{
0f113f3e 4044 switch (cmd) {
1b2b4755 4045#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
0f113f3e
MC		 4046 case SSL_CTRL_SET_TMP_DH_CB:
4047 {
8ca8fc48 4048 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
0f113f3e
MC		 4049 }
4050 break;
ed3883d2 4051#endif
0f113f3e 4052 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
aff8c126 4053 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
0f113f3e
MC		 4054 break;
4055
0f113f3e 4056 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
aff8c126 4057 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
0f113f3e
MC		 4058 break;
4059
a76ce286 4060# ifndef OPENSSL_NO_DEPRECATED_3_0
0f113f3e 4061 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
aff8c126 4062 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
0f113f3e
MC		 4063 unsigned char *,
4064 EVP_CIPHER_CTX *,
4065 HMAC_CTX *, int))fp;
4066 break;
a76ce286 4067#endif
0f113f3e 4068
e481f9b9 4069#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 4070 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4071 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4072 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4073 break;
4074 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4075 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4076 ctx->srp_ctx.TLS_ext_srp_username_callback =
4077 (int (*)(SSL *, int *, void *))fp;
4078 break;
4079 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4080 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4081 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4082 (char *(*)(SSL *, void *))fp;
4083 break;
761772d7 4084#endif
0f113f3e
MC		 4085 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4086 {
4087 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4088 }
4089 break;
4090 default:
26a7d938 4091 return 0;
0f113f3e 4092 }
208fb891 4093 return 1;
0f113f3e 4094}
761772d7 4095
a76ce286
P		 4096int SSL_CTX_set_tlsext_ticket_key_evp_cb
4097 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4098 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4099{
4100 ctx->ext.ticket_key_evp_cb = fp;
4101 return 1;
4102}
4103
ec15acb6
MC		 4104const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4105{
4106 SSL_CIPHER c;
650c6e41 4107 const SSL_CIPHER *cp;
ec15acb6
MC		 4108
4109 c.id = id;
f865b081
MC		 4110 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4111 if (cp != NULL)
4112 return cp;
650c6e41
BK		 4113 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4114 if (cp != NULL)
4115 return cp;
4116 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
ec15acb6
MC		 4117}
4118
bbb4ceb8
PY		 4119const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4120{
231849bc
BK		 4121 SSL_CIPHER *tbl;
4122 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4123 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4124 SSL3_NUM_SCSVS};
bbb4ceb8 4125
3519bae5 4126 /* this is not efficient, necessary to optimize this? */
f865b081
MC		 4127 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4128 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4129 if (tbl->stdname == NULL)
4130 continue;
4131 if (strcmp(stdname, tbl->stdname) == 0) {
d93bded6 4132 return tbl;
f865b081 4133 }
bbb4ceb8
PY		 4134 }
4135 }
231849bc 4136 return NULL;
bbb4ceb8
PY		 4137}
4138
0f113f3e
MC		 4139/*
4140 * This function needs to check if the ciphers required are actually
4141 * available
4142 */
babb3798 4143const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
0f113f3e 4144{
1f5b44e9 4145 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
ec15acb6
MC		 4146 | ((uint32_t)p[0] << 8L)
4147 | (uint32_t)p[1]);
0f113f3e 4148}
d02b48c6 4149
ae2f7b37 4150int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
2c7b4dbc 4151{
34f7245b 4152 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
2c7b4dbc
MC		 4153 *len = 0;
4154 return 1;
4155 }
4156
08029dfa 4157 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
2c7b4dbc
MC		 4158 return 0;
4159
4160 *len = 2;
4161 return 1;
4162}
4163
3eb2aff4
KR		 4164/*
4165 * ssl3_choose_cipher - choose a cipher from those offered by the client
4166 * @s: SSL connection
4167 * @clnt: ciphers offered by the client
4168 * @srvr: ciphers enabled on the server?
4169 *
4170 * Returns the selected cipher or NULL when no common ciphers.
4171 */
4a640fb6 4172const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
a230b26e 4173 STACK_OF(SSL_CIPHER) *srvr)
0f113f3e 4174{
4a640fb6 4175 const SSL_CIPHER *c, *ret = NULL;
0f113f3e 4176 STACK_OF(SSL_CIPHER) *prio, *allow;
48a03162 4177 int i, ii, ok, prefer_sha256 = 0;
0de6d66d 4178 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
e1c7871d
TS		 4179#ifndef OPENSSL_NO_CHACHA
4180 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4181#endif
d02b48c6 4182
0f113f3e 4183 /* Let's see which ciphers we can support */
d02b48c6 4184
0f113f3e
MC		 4185 /*
4186 * Do not set the compare functions, because this may lead to a
4187 * reordering by "id". We want to keep the original ordering. We may pay
4188 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4189 * pay with the price of sk_SSL_CIPHER_dup().
4190 */
d02b48c6 4191
77359d22
RL		 4192 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4193 BIO_printf(trc_out, "Server has %d from %p:\n",
4194 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4195 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4196 c = sk_SSL_CIPHER_value(srvr, i);
4197 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4198 }
4199 BIO_printf(trc_out, "Client sent %d from %p:\n",
4200 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4201 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4202 c = sk_SSL_CIPHER_value(clnt, i);
4203 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4204 }
4205 } OSSL_TRACE_END(TLS_CIPHER);
f415fa32 4206
e1c7871d
TS		 4207 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4208 if (tls1_suiteb(s)) {
4209 prio = srvr;
4210 allow = clnt;
4211 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
0f113f3e
MC		 4212 prio = srvr;
4213 allow = clnt;
e1c7871d
TS		 4214#ifndef OPENSSL_NO_CHACHA
4215 /* If ChaCha20 is at the top of the client preference list,
4216 and there are ChaCha20 ciphers in the server list, then
4217 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4218 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4219 c = sk_SSL_CIPHER_value(clnt, 0);
4220 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4221 /* ChaCha20 is client preferred, check server... */
4222 int num = sk_SSL_CIPHER_num(srvr);
4223 int found = 0;
4224 for (i = 0; i < num; i++) {
4225 c = sk_SSL_CIPHER_value(srvr, i);
4226 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4227 found = 1;
4228 break;
4229 }
4230 }
4231 if (found) {
e670e903 4232 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
e1c7871d
TS		 4233 /* if reserve fails, then there's likely a memory issue */
4234 if (prio_chacha != NULL) {
4235 /* Put all ChaCha20 at the top, starting with the one we just found */
4236 sk_SSL_CIPHER_push(prio_chacha, c);
4237 for (i++; i < num; i++) {
4238 c = sk_SSL_CIPHER_value(srvr, i);
4239 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4240 sk_SSL_CIPHER_push(prio_chacha, c);
4241 }
4242 /* Pull in the rest */
4243 for (i = 0; i < num; i++) {
4244 c = sk_SSL_CIPHER_value(srvr, i);
4245 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4246 sk_SSL_CIPHER_push(prio_chacha, c);
4247 }
4248 prio = prio_chacha;
4249 }
4250 }
4251 }
4252 }
4253# endif
0f113f3e
MC		 4254 } else {
4255 prio = clnt;
4256 allow = srvr;
4257 }
4258
48a03162 4259 if (SSL_IS_TLS13(s)) {
199dc0d3 4260#ifndef OPENSSL_NO_PSK
48a03162
MC		 4261 int j;
4262
4263 /*
4264 * If we allow "old" style PSK callbacks, and we have no certificate (so
4265 * we're not going to succeed without a PSK anyway), and we're in
4266 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4267 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4268 * that.
4269 */
4270 if (s->psk_server_callback != NULL) {
4271 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4272 if (j == SSL_PKEY_NUM) {
4273 /* There are no certificates */
4274 prefer_sha256 = 1;
4275 }
4276 }
199dc0d3 4277#endif
48a03162 4278 } else {
0de6d66d
MC		 4279 tls1_set_cert_validity(s);
4280 ssl_set_masks(s);
4281 }
0f113f3e
MC		 4282
4283 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4284 c = sk_SSL_CIPHER_value(prio, i);
4285
3eb2aff4
KR		 4286 /* Skip ciphers not supported by the protocol version */
4287 if (!SSL_IS_DTLS(s) &&
a230b26e 4288 ((s->version < c->min_tls) || (s->version > c->max_tls)))
0f113f3e 4289 continue;
3eb2aff4 4290 if (SSL_IS_DTLS(s) &&
a230b26e
EK		 4291 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4292 DTLS_VERSION_GT(s->version, c->max_dtls)))
2b573382 4293 continue;
a055a881 4294
0de6d66d
MC		 4295 /*
4296 * Since TLS 1.3 ciphersuites can be used with any auth or
4297 * key exchange scheme skip tests.
4298 */
4299 if (!SSL_IS_TLS13(s)) {
555cbb32
TS		 4300 mask_k = s->s3.tmp.mask_k;
4301 mask_a = s->s3.tmp.mask_a;
edc032b5 4302#ifndef OPENSSL_NO_SRP
612ca806
DSH		 4303 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4304 mask_k |= SSL_kSRP;
4305 mask_a |= SSL_aSRP;
4306 }
edc032b5 4307#endif
0f113f3e 4308
612ca806
DSH		 4309 alg_k = c->algorithm_mkey;
4310 alg_a = c->algorithm_auth;
52b8dad8 4311
ddac1974 4312#ifndef OPENSSL_NO_PSK
612ca806
DSH		 4313 /* with PSK there must be server callback set */
4314 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4315 continue;
0f113f3e
MC		 4316#endif /* OPENSSL_NO_PSK */
4317
612ca806 4318 ok = (alg_k & mask_k) && (alg_a & mask_a);
77359d22
RL		 4319 OSSL_TRACE7(TLS_CIPHER,
4320 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4321 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
d02b48c6 4322
a230b26e 4323#ifndef OPENSSL_NO_EC
612ca806
DSH		 4324 /*
4325 * if we are considering an ECC cipher suite that uses an ephemeral
4326 * EC key check it
4327 */
4328 if (alg_k & SSL_kECDHE)
4329 ok = ok && tls1_check_ec_tmp_key(s, c->id);
a230b26e 4330#endif /* OPENSSL_NO_EC */
0f113f3e 4331
612ca806
DSH		 4332 if (!ok)
4333 continue;
4334 }
0f113f3e
MC		 4335 ii = sk_SSL_CIPHER_find(allow, c);
4336 if (ii >= 0) {
4337 /* Check security callback permits this cipher */
4338 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4a640fb6 4339 c->strength_bits, 0, (void *)c))
0f113f3e 4340 continue;
e481f9b9 4341#if !defined(OPENSSL_NO_EC)
0f113f3e 4342 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
555cbb32 4343 && s->s3.is_probably_safari) {
0f113f3e
MC		 4344 if (!ret)
4345 ret = sk_SSL_CIPHER_value(allow, ii);
4346 continue;
4347 }
d89cd382 4348#endif
48a03162
MC		 4349 if (prefer_sha256) {
4350 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4351
c8f6c28a
MC		 4352 /*
4353 * TODO: When there are no more legacy digests we can just use
4354 * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
4355 */
4356 if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
4357 OBJ_nid2sn(NID_sha256))) {
48a03162
MC		 4358 ret = tmp;
4359 break;
4360 }
4361 if (ret == NULL)
4362 ret = tmp;
4363 continue;
4364 }
0f113f3e
MC		 4365 ret = sk_SSL_CIPHER_value(allow, ii);
4366 break;
4367 }
4368 }
e1c7871d
TS		 4369#ifndef OPENSSL_NO_CHACHA
4370 sk_SSL_CIPHER_free(prio_chacha);
4371#endif
26a7d938 4372 return ret;
0f113f3e 4373}
d02b48c6 4374
28ff8ef3 4375int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
0f113f3e 4376{
90d9e49a 4377 uint32_t alg_k, alg_a = 0;
0f113f3e
MC		 4378
4379 /* If we have custom certificate types set, use them */
75c13e78
DSH		 4380 if (s->cert->ctype)
4381 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
0f113f3e
MC		 4382 /* Get mask of algorithms disabled by signature list */
4383 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
0f113f3e 4384
555cbb32 4385 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
d02b48c6 4386
caa97ef1 4387#ifndef OPENSSL_NO_GOST
28ff8ef3 4388 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
5a5530a2
DB		 4389 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4390 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4391 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4392 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4393 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4394 return 0;
4395
4396 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4397 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4398 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4399 return 0;
caa97ef1
DSH		 4400#endif
4401
bc71f910 4402 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
bc36ee62 4403#ifndef OPENSSL_NO_DH
28ff8ef3
MC		 4404 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4405 return 0;
0f113f3e 4406# ifndef OPENSSL_NO_DSA
28ff8ef3
MC		 4407 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4408 return 0;
0f113f3e 4409# endif
0f113f3e 4410#endif /* !OPENSSL_NO_DH */
1e0784ff 4411 }
28ff8ef3
MC		 4412 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4413 return 0;
bc36ee62 4414#ifndef OPENSSL_NO_DSA
28ff8ef3
MC		 4415 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4416 return 0;
dfeab068 4417#endif
10bf4fc2 4418#ifndef OPENSSL_NO_EC
0f113f3e 4419 /*
c66ce5eb 4420 * ECDSA certs can be used with RSA cipher suites too so we don't
0f113f3e
MC		 4421 * need to check for SSL_kECDH or SSL_kECDHE
4422 */
28ff8ef3
MC		 4423 if (s->version >= TLS1_VERSION
4424 && !(alg_a & SSL_aECDSA)
4425 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4426 return 0;
0f113f3e 4427#endif
28ff8ef3 4428 return 1;
0f113f3e 4429}
d02b48c6 4430
9f27b1ee 4431static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
0f113f3e 4432{
75c13e78
DSH		 4433 OPENSSL_free(c->ctype);
4434 c->ctype = NULL;
4435 c->ctype_len = 0;
4436 if (p == NULL || len == 0)
0f113f3e
MC		 4437 return 1;
4438 if (len > 0xff)
4439 return 0;
75c13e78
DSH		 4440 c->ctype = OPENSSL_memdup(p, len);
4441 if (c->ctype == NULL)
0f113f3e 4442 return 0;
75c13e78 4443 c->ctype_len = len;
0f113f3e
MC		 4444 return 1;
4445}
9f27b1ee 4446
6b691a5c 4447int ssl3_shutdown(SSL *s)
0f113f3e
MC		 4448{
4449 int ret;
4450
4451 /*
4452 * Don't do anything much if we have not done the handshake or we don't
4453 * want to send messages :-)
4454 */
c874def6 4455 if (s->quiet_shutdown || SSL_in_before(s)) {
0f113f3e 4456 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
208fb891 4457 return 1;
0f113f3e
MC		 4458 }
4459
4460 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4461 s->shutdown |= SSL_SENT_SHUTDOWN;
0f113f3e 4462 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
0f113f3e
MC		 4463 /*
4464 * our shutdown alert has been sent now, and if it still needs to be
555cbb32 4465 * written, s->s3.alert_dispatch will be true
0f113f3e 4466 */
555cbb32 4467 if (s->s3.alert_dispatch)
26a7d938 4468 return -1; /* return WANT_WRITE */
555cbb32 4469 } else if (s->s3.alert_dispatch) {
0f113f3e 4470 /* resend it if not sent */
0f113f3e
MC		 4471 ret = s->method->ssl_dispatch_alert(s);
4472 if (ret == -1) {
4473 /*
4474 * we only get to return -1 here the 2nd/Nth invocation, we must
8483a003 4475 * have already signalled return 0 upon a previous invocation,
0f113f3e
MC		 4476 * return WANT_WRITE
4477 */
26a7d938 4478 return ret;
0f113f3e 4479 }
0f113f3e 4480 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
54105ddd 4481 size_t readbytes;
0f113f3e
MC		 4482 /*
4483 * If we are waiting for a close from our peer, we are closed
4484 */
54105ddd 4485 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
0f113f3e 4486 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
eda75751 4487 return -1; /* return WANT_READ */
0f113f3e
MC		 4488 }
4489 }
4490
4491 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
555cbb32 4492 !s->s3.alert_dispatch)
208fb891 4493 return 1;
0f113f3e 4494 else
26a7d938 4495 return 0;
0f113f3e 4496}
d02b48c6 4497
7ee8627f 4498int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
0f113f3e 4499{
0f113f3e 4500 clear_sys_error();
555cbb32 4501 if (s->s3.renegotiate)
c7f47786 4502 ssl3_renegotiate_check(s, 0);
0f113f3e 4503
7ee8627f
MC		 4504 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4505 written);
0f113f3e 4506}
d02b48c6 4507
eda75751 4508static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
54105ddd 4509 size_t *readbytes)
0f113f3e
MC		 4510{
4511 int ret;
4512
4513 clear_sys_error();
555cbb32 4514 if (s->s3.renegotiate)
c7f47786 4515 ssl3_renegotiate_check(s, 0);
555cbb32 4516 s->s3.in_read_app_data = 1;
0f113f3e 4517 ret =
657da85e 4518 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
54105ddd 4519 peek, readbytes);
555cbb32 4520 if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
0f113f3e
MC		 4521 /*
4522 * ssl3_read_bytes decided to call s->handshake_func, which called
4523 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4524 * actually found application data and thinks that application data
4525 * makes sense here; so disable handshake processing and try to read
4526 * application data again.
4527 */
024f543c 4528 ossl_statem_set_in_handshake(s, 1);
0f113f3e 4529 ret =
657da85e 4530 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
54105ddd 4531 len, peek, readbytes);
024f543c 4532 ossl_statem_set_in_handshake(s, 0);
0f113f3e 4533 } else
555cbb32 4534 s->s3.in_read_app_data = 0;
0f113f3e 4535
eda75751 4536 return ret;
0f113f3e 4537}
d02b48c6 4538
54105ddd 4539int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
0f113f3e 4540{
54105ddd 4541 return ssl3_read_internal(s, buf, len, 0, readbytes);
0f113f3e 4542}
d02b48c6 4543
54105ddd 4544int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
0f113f3e 4545{
54105ddd 4546 return ssl3_read_internal(s, buf, len, 1, readbytes);
0f113f3e 4547}
d02b48c6 4548
6b691a5c 4549int ssl3_renegotiate(SSL *s)
0f113f3e
MC		 4550{
4551 if (s->handshake_func == NULL)
208fb891 4552 return 1;
d02b48c6 4553
555cbb32 4554 s->s3.renegotiate = 1;
208fb891 4555 return 1;
0f113f3e 4556}
d02b48c6 4557
c7f47786
MC		 4558/*
4559 * Check if we are waiting to do a renegotiation and if so whether now is a
4560 * good time to do it. If |initok| is true then we are being called from inside
4561 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4562 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4563 * should do a renegotiation now and sets up the state machine for it. Otherwise
4564 * returns 0.
4565 */
4566int ssl3_renegotiate_check(SSL *s, int initok)
0f113f3e
MC		 4567{
4568 int ret = 0;
4569
555cbb32 4570 if (s->s3.renegotiate) {
f161995e
MC		 4571 if (!RECORD_LAYER_read_pending(&s->rlayer)
4572 && !RECORD_LAYER_write_pending(&s->rlayer)
c7f47786 4573 && (initok || !SSL_in_init(s))) {
0f113f3e
MC		 4574 /*
4575 * if we are the server, and we have sent a 'RENEGOTIATE'
49ae7423
MC		 4576 * message, we need to set the state machine into the renegotiate
4577 * state.
0f113f3e 4578 */
fe3a3291 4579 ossl_statem_set_renegotiate(s);
555cbb32
TS		 4580 s->s3.renegotiate = 0;
4581 s->s3.num_renegotiations++;
4582 s->s3.total_renegotiations++;
0f113f3e
MC		 4583 ret = 1;
4584 }
4585 }
c7f47786 4586 return ret;
0f113f3e
MC		 4587}
4588
58964a49 4589/*
0f113f3e
MC		 4590 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4591 * handshake macs if required.
12053a81
DSH		 4592 *
4593 * If PSK and using SHA384 for TLS < 1.2 switch to default.
7409d7ad
DSH		 4594 */
4595long ssl_get_algorithm2(SSL *s)
0f113f3e 4596{
52eede5a 4597 long alg2;
555cbb32 4598 if (s->s3.tmp.new_cipher == NULL)
52eede5a 4599 return -1;
555cbb32 4600 alg2 = s->s3.tmp.new_cipher->algorithm2;
12053a81
DSH		 4601 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4602 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4603 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
555cbb32 4604 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
12053a81
DSH		 4605 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4606 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4607 }
0f113f3e
MC		 4608 return alg2;
4609}
a3680c8f
MC		 4610
4611/*
4612 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4613 * failure, 1 on success.
4614 */
f7f2a01d
MC		 4615int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4616 DOWNGRADE dgrd)
a3680c8f 4617{
f7f2a01d 4618 int send_time = 0, ret;
a3680c8f
MC		 4619
4620 if (len < 4)
4621 return 0;
4622 if (server)
4623 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4624 else
4625 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4626 if (send_time) {
4627 unsigned long Time = (unsigned long)time(NULL);
4628 unsigned char *p = result;
ae3947de 4629
a3680c8f 4630 l2n(Time, p);
8f21260b 4631 ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
f7f2a01d 4632 } else {
8f21260b 4633 ret = RAND_bytes_ex(s->ctx->libctx, result, len);
f7f2a01d 4634 }
9f22c527 4635
16cfc2c9 4636 if (ret > 0) {
b77f3ed1
MC		 4637 if (!ossl_assert(sizeof(tls11downgrade) < len)
4638 || !ossl_assert(sizeof(tls12downgrade) < len))
4639 return 0;
f7f2a01d
MC		 4640 if (dgrd == DOWNGRADE_TO_1_2)
4641 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4642 sizeof(tls12downgrade));
4643 else if (dgrd == DOWNGRADE_TO_1_1)
4644 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4645 sizeof(tls11downgrade));
4646 }
9f22c527 4647
f7f2a01d 4648 return ret;
a3680c8f 4649}
57b272b0
DSH		 4650
4651int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4652 int free_pms)
4653{
555cbb32 4654 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
8c1a5343
MC		 4655 int ret = 0;
4656
8a0a12e5 4657 if (alg_k & SSL_PSK) {
0907d710 4658#ifndef OPENSSL_NO_PSK
8a0a12e5 4659 unsigned char *pskpms, *t;
555cbb32 4660 size_t psklen = s->s3.tmp.psklen;
8a0a12e5
DSH		 4661 size_t pskpmslen;
4662
4663 /* create PSK premaster_secret */
4664
4665 /* For plain PSK "other_secret" is psklen zeroes */
4666 if (alg_k & SSL_kPSK)
4667 pmslen = psklen;
4668
4669 pskpmslen = 4 + pmslen + psklen;
4670 pskpms = OPENSSL_malloc(pskpmslen);
8c1a5343 4671 if (pskpms == NULL)
a784665e 4672 goto err;
8a0a12e5
DSH		 4673 t = pskpms;
4674 s2n(pmslen, t);
4675 if (alg_k & SSL_kPSK)
4676 memset(t, 0, pmslen);
4677 else
4678 memcpy(t, pms, pmslen);
4679 t += pmslen;
4680 s2n(psklen, t);
555cbb32 4681 memcpy(t, s->s3.tmp.psk, psklen);
8a0a12e5 4682
555cbb32
TS		 4683 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4684 s->s3.tmp.psk = NULL;
8c1a5343 4685 if (!s->method->ssl3_enc->generate_master_secret(s,
1866a0d3 4686 s->session->master_key, pskpms, pskpmslen,
f63a17d6 4687 &s->session->master_key_length)) {
c2cb1a18 4688 OPENSSL_clear_free(pskpms, pskpmslen);
f63a17d6 4689 /* SSLfatal() already called */
8c1a5343 4690 goto err;
f63a17d6 4691 }
8a0a12e5 4692 OPENSSL_clear_free(pskpms, pskpmslen);
0907d710
MC		 4693#else
4694 /* Should never happen */
0907d710 4695 goto err;
8a0a12e5 4696#endif
0907d710 4697 } else {
8c1a5343
MC		 4698 if (!s->method->ssl3_enc->generate_master_secret(s,
4699 s->session->master_key, pms, pmslen,
f63a17d6
MC		 4700 &s->session->master_key_length)) {
4701 /* SSLfatal() already called */
8c1a5343 4702 goto err;
f63a17d6 4703 }
0907d710
MC		 4704 }
4705
8c1a5343 4706 ret = 1;
0907d710 4707 err:
8a0a12e5
DSH		 4708 if (pms) {
4709 if (free_pms)
4710 OPENSSL_clear_free(pms, pmslen);
4711 else
4712 OPENSSL_cleanse(pms, pmslen);
4713 }
57b272b0 4714 if (s->server == 0)
555cbb32 4715 s->s3.tmp.pms = NULL;
8c1a5343 4716 return ret;
57b272b0 4717}
3f3504bd 4718
0a699a07 4719/* Generate a private key from parameters */
0f00ed77 4720EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
3f3504bd
DSH		 4721{
4722 EVP_PKEY_CTX *pctx = NULL;
4723 EVP_PKEY *pkey = NULL;
0a699a07
DSH		 4724
4725 if (pm == NULL)
4726 return NULL;
0f00ed77 4727 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq);
0a699a07
DSH		 4728 if (pctx == NULL)
4729 goto err;
4730 if (EVP_PKEY_keygen_init(pctx) <= 0)
4731 goto err;
4732 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4733 EVP_PKEY_free(pkey);
4734 pkey = NULL;
4735 }
4736
4737 err:
4738 EVP_PKEY_CTX_free(pctx);
4739 return pkey;
4740}
9aaecbfc 4741
43b95d73 4742/* Generate a private key from a group ID */
f63a17d6 4743EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
0a699a07 4744{
9d2d857f 4745 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
0a699a07
DSH		 4746 EVP_PKEY_CTX *pctx = NULL;
4747 EVP_PKEY *pkey = NULL;
0a699a07 4748
f63a17d6 4749 if (ginf == NULL) {
c48ffbcc 4750 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
0a699a07 4751 goto err;
f63a17d6 4752 }
d882e4ce 4753
9d2d857f 4754 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
c0bfc473
MC		 4755 s->ctx->propq);
4756
f63a17d6 4757 if (pctx == NULL) {
c48ffbcc 4758 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
3f3504bd 4759 goto err;
f63a17d6
MC		 4760 }
4761 if (EVP_PKEY_keygen_init(pctx) <= 0) {
c48ffbcc 4762 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
3f3504bd 4763 goto err;
f63a17d6 4764 }
9d2d857f 4765 if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
c48ffbcc 4766 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
9d2d857f 4767 goto err;
f63a17d6 4768 }
3f3504bd 4769 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
c48ffbcc 4770 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
3f3504bd
DSH		 4771 EVP_PKEY_free(pkey);
4772 pkey = NULL;
4773 }
4774
a230b26e 4775 err:
3f3504bd
DSH		 4776 EVP_PKEY_CTX_free(pctx);
4777 return pkey;
4778}
612f9d22
DSH		 4779
4780/*
4781 * Generate parameters from a group ID
4782 */
ada66e78 4783EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
612f9d22
DSH		 4784{
4785 EVP_PKEY_CTX *pctx = NULL;
4786 EVP_PKEY *pkey = NULL;
9d2d857f 4787 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
612f9d22
DSH		 4788
4789 if (ginf == NULL)
4790 goto err;
4791
9d2d857f 4792 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
d882e4ce 4793 s->ctx->propq);
d882e4ce 4794
612f9d22
DSH		 4795 if (pctx == NULL)
4796 goto err;
4797 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4798 goto err;
9d2d857f 4799 if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
c48ffbcc 4800 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
9d2d857f 4801 goto err;
9aaecbfc 4802 }
612f9d22
DSH		 4803 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4804 EVP_PKEY_free(pkey);
4805 pkey = NULL;
4806 }
4807
4808 err:
4809 EVP_PKEY_CTX_free(pctx);
4810 return pkey;
4811}
a230b26e 4812
a011b586 4813/* Generate secrets from pms */
a011b586
NT		 4814int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen)
4815{
4816 int rv = 0;
4817
4818 /* SSLfatal() called as appropriate in the below functions */
4819 if (SSL_IS_TLS13(s)) {
4820 /*
4821 * If we are resuming then we already generated the early secret
4822 * when we created the ClientHello, so don't recreate it.
4823 */
4824 if (!s->hit)
4825 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4826 0,
4827 (unsigned char *)&s->early_secret);
4828 else
4829 rv = 1;
4830
4831 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4832 } else {
4833 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4834 }
4835
4836 return rv;
4837}
4838
92760c21
MC		 4839/* Derive secrets for ECDH/DH */
4840int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
3f3504bd
DSH		 4841{
4842 int rv = 0;
4843 unsigned char *pms = NULL;
4844 size_t pmslen = 0;
4845 EVP_PKEY_CTX *pctx;
4846
f63a17d6 4847 if (privkey == NULL || pubkey == NULL) {
c48ffbcc 4848 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
3f3504bd 4849 return 0;
f63a17d6 4850 }
3f3504bd 4851
0f00ed77 4852 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
3f3504bd
DSH		 4853
4854 if (EVP_PKEY_derive_init(pctx) <= 0
4855 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4856 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
c48ffbcc 4857 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
3f3504bd
DSH		 4858 goto err;
4859 }
4860
6597d62b 4861#ifndef OPENSSL_NO_DH
9aaecbfc 4862 if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
4863 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
6597d62b 4864#endif
9aaecbfc 4865
3f3504bd 4866 pms = OPENSSL_malloc(pmslen);
f63a17d6 4867 if (pms == NULL) {
c48ffbcc 4868 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
3f3504bd 4869 goto err;
f63a17d6 4870 }
3f3504bd 4871
f63a17d6 4872 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
c48ffbcc 4873 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
3f3504bd 4874 goto err;
f63a17d6 4875 }
3f3504bd 4876
92760c21 4877 if (gensecret) {
f63a17d6 4878 /* SSLfatal() called as appropriate in the below functions */
a011b586
NT		 4879 rv = ssl_gensecret(s, pms, pmslen);
4880 } else {
4881 /* Save premaster secret */
4882 s->s3.tmp.pms = pms;
4883 s->s3.tmp.pmslen = pmslen;
4884 pms = NULL;
4885 rv = 1;
4886 }
4887
4888 err:
4889 OPENSSL_clear_free(pms, pmslen);
4890 EVP_PKEY_CTX_free(pctx);
4891 return rv;
4892}
4893
4894/* Decapsulate secrets for KEM */
4895int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
4896 const unsigned char *ct, size_t ctlen,
4897 int gensecret)
4898{
4899 int rv = 0;
4900 unsigned char *pms = NULL;
4901 size_t pmslen = 0;
4902 EVP_PKEY_CTX *pctx;
4903
4904 if (privkey == NULL) {
c48ffbcc 4905 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
a011b586
NT		 4906 return 0;
4907 }
4908
4909 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4910
4911 if (EVP_PKEY_decapsulate_init(pctx) <= 0
4912 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
c48ffbcc 4913 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
a011b586
NT		 4914 goto err;
4915 }
4916
4917 pms = OPENSSL_malloc(pmslen);
4918 if (pms == NULL) {
c48ffbcc 4919 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
a011b586
NT		 4920 goto err;
4921 }
4922
4923 if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
c48ffbcc 4924 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
a011b586
NT		 4925 goto err;
4926 }
4927
4928 if (gensecret) {
4929 /* SSLfatal() called as appropriate in the below functions */
4930 rv = ssl_gensecret(s, pms, pmslen);
3f3504bd 4931 } else {
0f1e51ea 4932 /* Save premaster secret */
555cbb32
TS		 4933 s->s3.tmp.pms = pms;
4934 s->s3.tmp.pmslen = pmslen;
3f3504bd
DSH		 4935 pms = NULL;
4936 rv = 1;
4937 }
4938
a230b26e 4939 err:
3f3504bd
DSH		 4940 OPENSSL_clear_free(pms, pmslen);
4941 EVP_PKEY_CTX_free(pctx);
4942 return rv;
4943}
6c4e6670 4944
8b17fbaf
NT		 4945int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
4946 unsigned char **ctp, size_t *ctlenp,
4947 int gensecret)
4948{
4949 int rv = 0;
4950 unsigned char *pms = NULL, *ct = NULL;
4951 size_t pmslen = 0, ctlen = 0;
4952 EVP_PKEY_CTX *pctx;
4953
4954 if (pubkey == NULL) {
c48ffbcc 4955 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
8b17fbaf
NT		 4956 return 0;
4957 }
4958
4959 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq);
4960
4961 if (EVP_PKEY_encapsulate_init(pctx) <= 0
4962 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
4963 || pmslen == 0 || ctlen == 0) {
c48ffbcc 4964 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
8b17fbaf
NT		 4965 goto err;
4966 }
4967
4968 pms = OPENSSL_malloc(pmslen);
4969 ct = OPENSSL_malloc(ctlen);
4970 if (pms == NULL || ct == NULL) {
c48ffbcc 4971 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
8b17fbaf
NT		 4972 goto err;
4973 }
4974
4975 if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
c48ffbcc 4976 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
8b17fbaf
NT		 4977 goto err;
4978 }
4979
4980 if (gensecret) {
4981 /* SSLfatal() called as appropriate in the below functions */
4982 rv = ssl_gensecret(s, pms, pmslen);
4983 } else {
4984 /* Save premaster secret */
4985 s->s3.tmp.pms = pms;
4986 s->s3.tmp.pmslen = pmslen;
4987 pms = NULL;
4988 rv = 1;
4989 }
4990
4991 if (rv > 0) {
4992 /* Pass ownership of ct to caller */
4993 *ctp = ct;
4994 *ctlenp = ctlen;
4995 ct = NULL;
4996 }
4997
4998 err:
4999 OPENSSL_clear_free(pms, pmslen);
5000 OPENSSL_free(ct);
5001 EVP_PKEY_CTX_free(pctx);
5002 return rv;
5003}
becbacd7
MB		 5004
5005const char *SSL_group_to_name(SSL *s, int nid) {
5006 int group_id = 0;
5007 const TLS_GROUP_INFO *cinf = NULL;
5008
5009 /* first convert to real group id for internal and external IDs */
5010 if (nid & TLSEXT_nid_unknown)
5011 group_id = nid & 0xFFFF;
5012 else
5013 group_id = tls1_nid2group_id(nid);
5014
5015 /* then look up */
5016 cinf = tls1_group_id_lookup(s->ctx, group_id);
5017
5018 if (cinf != NULL)
5019 return cinf->tlsname;
5020 return NULL;
5021}
A mirror of the official openssl repository