]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/s3_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Split out PSK preamble and RSA from process CKE code
[thirdparty/openssl.git] / ssl / s3_lib.c
1 /*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
12 *
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
15 *
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
18 *
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
21 *
22 */
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
25 *
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
28 * license.
29 *
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
33 *
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
37 *
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
42 *
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
47 * OTHERWISE.
48 */
49
50 #include <stdio.h>
51 #include <openssl/objects.h>
52 #include "ssl_locl.h"
53 #include <openssl/md5.h>
54 #include <openssl/dh.h>
55 #include <openssl/rand.h>
56
57 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
58
59 /*
60 * The list of available ciphers, organized into the following
61 * groups:
62 * Always there
63 * EC
64 * PSK
65 * SRP (within that: RSA EC PSK)
66 * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
67 * Weak ciphers
68 */
69 static SSL_CIPHER ssl3_ciphers[] =
70 {
71 {
72 1,
73 SSL3_TXT_RSA_NULL_MD5,
74 SSL3_CK_RSA_NULL_MD5,
75 SSL_kRSA,
76 SSL_aRSA,
77 SSL_eNULL,
78 SSL_MD5,
79 SSL3_VERSION, TLS1_2_VERSION,
80 DTLS1_VERSION, DTLS1_2_VERSION,
81 SSL_STRONG_NONE,
82 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
83 0,
84 0,
85 },
86 {
87 1,
88 SSL3_TXT_RSA_NULL_SHA,
89 SSL3_CK_RSA_NULL_SHA,
90 SSL_kRSA,
91 SSL_aRSA,
92 SSL_eNULL,
93 SSL_SHA1,
94 SSL3_VERSION, TLS1_2_VERSION,
95 DTLS1_VERSION, DTLS1_2_VERSION,
96 SSL_STRONG_NONE | SSL_FIPS,
97 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
98 0,
99 0,
100 },
101 {
102 1,
103 SSL3_TXT_RSA_DES_192_CBC3_SHA,
104 SSL3_CK_RSA_DES_192_CBC3_SHA,
105 SSL_kRSA,
106 SSL_aRSA,
107 SSL_3DES,
108 SSL_SHA1,
109 SSL3_VERSION, TLS1_2_VERSION,
110 DTLS1_VERSION, DTLS1_2_VERSION,
111 SSL_MEDIUM | SSL_FIPS,
112 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
113 112,
114 168,
115 },
116 {
117 1,
118 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
119 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
120 SSL_kDHE,
121 SSL_aDSS,
122 SSL_3DES,
123 SSL_SHA1,
124 SSL3_VERSION, TLS1_2_VERSION,
125 DTLS1_VERSION, DTLS1_2_VERSION,
126 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
127 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128 112,
129 168,
130 },
131 {
132 1,
133 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
134 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
135 SSL_kDHE,
136 SSL_aRSA,
137 SSL_3DES,
138 SSL_SHA1,
139 SSL3_VERSION, TLS1_2_VERSION,
140 DTLS1_VERSION, DTLS1_2_VERSION,
141 SSL_MEDIUM | SSL_FIPS,
142 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
143 112,
144 168,
145 },
146 {
147 1,
148 SSL3_TXT_ADH_DES_192_CBC_SHA,
149 SSL3_CK_ADH_DES_192_CBC_SHA,
150 SSL_kDHE,
151 SSL_aNULL,
152 SSL_3DES,
153 SSL_SHA1,
154 SSL3_VERSION, TLS1_2_VERSION,
155 DTLS1_VERSION, DTLS1_2_VERSION,
156 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
157 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
158 112,
159 168,
160 },
161 {
162 1,
163 TLS1_TXT_RSA_WITH_AES_128_SHA,
164 TLS1_CK_RSA_WITH_AES_128_SHA,
165 SSL_kRSA,
166 SSL_aRSA,
167 SSL_AES128,
168 SSL_SHA1,
169 SSL3_VERSION, TLS1_2_VERSION,
170 DTLS1_VERSION, DTLS1_2_VERSION,
171 SSL_HIGH | SSL_FIPS,
172 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
173 128,
174 128,
175 },
176 {
177 1,
178 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
179 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
180 SSL_kDHE,
181 SSL_aDSS,
182 SSL_AES128,
183 SSL_SHA1,
184 SSL3_VERSION, TLS1_2_VERSION,
185 DTLS1_VERSION, DTLS1_2_VERSION,
186 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
187 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
188 128,
189 128,
190 },
191 {
192 1,
193 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
194 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
195 SSL_kDHE,
196 SSL_aRSA,
197 SSL_AES128,
198 SSL_SHA1,
199 SSL3_VERSION, TLS1_2_VERSION,
200 DTLS1_VERSION, DTLS1_2_VERSION,
201 SSL_HIGH | SSL_FIPS,
202 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
203 128,
204 128,
205 },
206 {
207 1,
208 TLS1_TXT_ADH_WITH_AES_128_SHA,
209 TLS1_CK_ADH_WITH_AES_128_SHA,
210 SSL_kDHE,
211 SSL_aNULL,
212 SSL_AES128,
213 SSL_SHA1,
214 SSL3_VERSION, TLS1_2_VERSION,
215 DTLS1_VERSION, DTLS1_2_VERSION,
216 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
218 128,
219 128,
220 },
221 {
222 1,
223 TLS1_TXT_RSA_WITH_AES_256_SHA,
224 TLS1_CK_RSA_WITH_AES_256_SHA,
225 SSL_kRSA,
226 SSL_aRSA,
227 SSL_AES256,
228 SSL_SHA1,
229 SSL3_VERSION, TLS1_2_VERSION,
230 DTLS1_VERSION, DTLS1_2_VERSION,
231 SSL_HIGH | SSL_FIPS,
232 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
233 256,
234 256,
235 },
236 {
237 1,
238 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
239 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
240 SSL_kDHE,
241 SSL_aDSS,
242 SSL_AES256,
243 SSL_SHA1,
244 SSL3_VERSION, TLS1_2_VERSION,
245 DTLS1_VERSION, DTLS1_2_VERSION,
246 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
247 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
248 256,
249 256,
250 },
251 {
252 1,
253 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
254 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
255 SSL_kDHE,
256 SSL_aRSA,
257 SSL_AES256,
258 SSL_SHA1,
259 SSL3_VERSION, TLS1_2_VERSION,
260 DTLS1_VERSION, DTLS1_2_VERSION,
261 SSL_HIGH | SSL_FIPS,
262 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
263 256,
264 256,
265 },
266 {
267 1,
268 TLS1_TXT_ADH_WITH_AES_256_SHA,
269 TLS1_CK_ADH_WITH_AES_256_SHA,
270 SSL_kDHE,
271 SSL_aNULL,
272 SSL_AES256,
273 SSL_SHA1,
274 SSL3_VERSION, TLS1_2_VERSION,
275 DTLS1_VERSION, DTLS1_2_VERSION,
276 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
277 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
278 256,
279 256,
280 },
281 {
282 1,
283 TLS1_TXT_RSA_WITH_NULL_SHA256,
284 TLS1_CK_RSA_WITH_NULL_SHA256,
285 SSL_kRSA,
286 SSL_aRSA,
287 SSL_eNULL,
288 SSL_SHA256,
289 TLS1_2_VERSION, TLS1_2_VERSION,
290 DTLS1_2_VERSION, DTLS1_2_VERSION,
291 SSL_STRONG_NONE | SSL_FIPS,
292 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293 0,
294 0,
295 },
296 {
297 1,
298 TLS1_TXT_RSA_WITH_AES_128_SHA256,
299 TLS1_CK_RSA_WITH_AES_128_SHA256,
300 SSL_kRSA,
301 SSL_aRSA,
302 SSL_AES128,
303 SSL_SHA256,
304 TLS1_2_VERSION, TLS1_2_VERSION,
305 DTLS1_2_VERSION, DTLS1_2_VERSION,
306 SSL_HIGH | SSL_FIPS,
307 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
308 128,
309 128,
310 },
311 {
312 1,
313 TLS1_TXT_RSA_WITH_AES_256_SHA256,
314 TLS1_CK_RSA_WITH_AES_256_SHA256,
315 SSL_kRSA,
316 SSL_aRSA,
317 SSL_AES256,
318 SSL_SHA256,
319 TLS1_2_VERSION, TLS1_2_VERSION,
320 DTLS1_2_VERSION, DTLS1_2_VERSION,
321 SSL_HIGH | SSL_FIPS,
322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
323 256,
324 256,
325 },
326 {
327 1,
328 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
329 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
330 SSL_kDHE,
331 SSL_aDSS,
332 SSL_AES128,
333 SSL_SHA256,
334 TLS1_2_VERSION, TLS1_2_VERSION,
335 DTLS1_2_VERSION, DTLS1_2_VERSION,
336 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
337 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
338 128,
339 128,
340 },
341 {
342 1,
343 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
344 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
345 SSL_kDHE,
346 SSL_aRSA,
347 SSL_AES128,
348 SSL_SHA256,
349 TLS1_2_VERSION, TLS1_2_VERSION,
350 DTLS1_2_VERSION, DTLS1_2_VERSION,
351 SSL_HIGH | SSL_FIPS,
352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
353 128,
354 128,
355 },
356 {
357 1,
358 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
359 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
360 SSL_kDHE,
361 SSL_aDSS,
362 SSL_AES256,
363 SSL_SHA256,
364 TLS1_2_VERSION, TLS1_2_VERSION,
365 DTLS1_2_VERSION, DTLS1_2_VERSION,
366 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
367 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
368 256,
369 256,
370 },
371 {
372 1,
373 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
374 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
375 SSL_kDHE,
376 SSL_aRSA,
377 SSL_AES256,
378 SSL_SHA256,
379 TLS1_2_VERSION, TLS1_2_VERSION,
380 DTLS1_2_VERSION, DTLS1_2_VERSION,
381 SSL_HIGH | SSL_FIPS,
382 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 256,
384 256,
385 },
386 {
387 1,
388 TLS1_TXT_ADH_WITH_AES_128_SHA256,
389 TLS1_CK_ADH_WITH_AES_128_SHA256,
390 SSL_kDHE,
391 SSL_aNULL,
392 SSL_AES128,
393 SSL_SHA256,
394 TLS1_2_VERSION, TLS1_2_VERSION,
395 DTLS1_2_VERSION, DTLS1_2_VERSION,
396 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
397 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
398 128,
399 128,
400 },
401 {
402 1,
403 TLS1_TXT_ADH_WITH_AES_256_SHA256,
404 TLS1_CK_ADH_WITH_AES_256_SHA256,
405 SSL_kDHE,
406 SSL_aNULL,
407 SSL_AES256,
408 SSL_SHA256,
409 TLS1_2_VERSION, TLS1_2_VERSION,
410 DTLS1_2_VERSION, DTLS1_2_VERSION,
411 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
412 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
413 256,
414 256,
415 },
416 {
417 1,
418 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
419 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
420 SSL_kRSA,
421 SSL_aRSA,
422 SSL_AES128GCM,
423 SSL_AEAD,
424 TLS1_2_VERSION, TLS1_2_VERSION,
425 DTLS1_2_VERSION, DTLS1_2_VERSION,
426 SSL_HIGH | SSL_FIPS,
427 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
428 128,
429 128,
430 },
431 {
432 1,
433 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
434 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
435 SSL_kRSA,
436 SSL_aRSA,
437 SSL_AES256GCM,
438 SSL_AEAD,
439 TLS1_2_VERSION, TLS1_2_VERSION,
440 DTLS1_2_VERSION, DTLS1_2_VERSION,
441 SSL_HIGH | SSL_FIPS,
442 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
443 256,
444 256,
445 },
446 {
447 1,
448 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
450 SSL_kDHE,
451 SSL_aRSA,
452 SSL_AES128GCM,
453 SSL_AEAD,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
456 SSL_HIGH | SSL_FIPS,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
458 128,
459 128,
460 },
461 {
462 1,
463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 SSL_kDHE,
466 SSL_aRSA,
467 SSL_AES256GCM,
468 SSL_AEAD,
469 TLS1_2_VERSION, TLS1_2_VERSION,
470 DTLS1_2_VERSION, DTLS1_2_VERSION,
471 SSL_HIGH | SSL_FIPS,
472 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
473 256,
474 256,
475 },
476 {
477 1,
478 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
479 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
480 SSL_kDHE,
481 SSL_aDSS,
482 SSL_AES128GCM,
483 SSL_AEAD,
484 TLS1_2_VERSION, TLS1_2_VERSION,
485 DTLS1_2_VERSION, DTLS1_2_VERSION,
486 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
487 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
488 128,
489 128,
490 },
491 {
492 1,
493 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
494 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
495 SSL_kDHE,
496 SSL_aDSS,
497 SSL_AES256GCM,
498 SSL_AEAD,
499 TLS1_2_VERSION, TLS1_2_VERSION,
500 DTLS1_2_VERSION, DTLS1_2_VERSION,
501 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
502 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
503 256,
504 256,
505 },
506 {
507 1,
508 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
509 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
510 SSL_kDHE,
511 SSL_aNULL,
512 SSL_AES128GCM,
513 SSL_AEAD,
514 TLS1_2_VERSION, TLS1_2_VERSION,
515 DTLS1_2_VERSION, DTLS1_2_VERSION,
516 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
517 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
518 128,
519 128,
520 },
521 {
522 1,
523 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
524 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
525 SSL_kDHE,
526 SSL_aNULL,
527 SSL_AES256GCM,
528 SSL_AEAD,
529 TLS1_2_VERSION, TLS1_2_VERSION,
530 DTLS1_2_VERSION, DTLS1_2_VERSION,
531 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
532 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
533 256,
534 256,
535 },
536 {
537 1,
538 TLS1_TXT_RSA_WITH_AES_128_CCM,
539 TLS1_CK_RSA_WITH_AES_128_CCM,
540 SSL_kRSA,
541 SSL_aRSA,
542 SSL_AES128CCM,
543 SSL_AEAD,
544 TLS1_2_VERSION, TLS1_2_VERSION,
545 DTLS1_2_VERSION, DTLS1_2_VERSION,
546 SSL_NOT_DEFAULT | SSL_HIGH,
547 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
548 128,
549 128,
550 },
551 {
552 1,
553 TLS1_TXT_RSA_WITH_AES_256_CCM,
554 TLS1_CK_RSA_WITH_AES_256_CCM,
555 SSL_kRSA,
556 SSL_aRSA,
557 SSL_AES256CCM,
558 SSL_AEAD,
559 TLS1_2_VERSION, TLS1_2_VERSION,
560 DTLS1_2_VERSION, DTLS1_2_VERSION,
561 SSL_NOT_DEFAULT | SSL_HIGH,
562 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
563 256,
564 256,
565 },
566 {
567 1,
568 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
569 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
570 SSL_kDHE,
571 SSL_aRSA,
572 SSL_AES128CCM,
573 SSL_AEAD,
574 TLS1_2_VERSION, TLS1_2_VERSION,
575 DTLS1_2_VERSION, DTLS1_2_VERSION,
576 SSL_NOT_DEFAULT | SSL_HIGH,
577 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
578 128,
579 128,
580 },
581 {
582 1,
583 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
584 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
585 SSL_kDHE,
586 SSL_aRSA,
587 SSL_AES256CCM,
588 SSL_AEAD,
589 TLS1_2_VERSION, TLS1_2_VERSION,
590 DTLS1_2_VERSION, DTLS1_2_VERSION,
591 SSL_NOT_DEFAULT | SSL_HIGH,
592 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
593 256,
594 256,
595 },
596 {
597 1,
598 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
599 TLS1_CK_RSA_WITH_AES_128_CCM_8,
600 SSL_kRSA,
601 SSL_aRSA,
602 SSL_AES128CCM8,
603 SSL_AEAD,
604 TLS1_2_VERSION, TLS1_2_VERSION,
605 DTLS1_2_VERSION, DTLS1_2_VERSION,
606 SSL_NOT_DEFAULT | SSL_HIGH,
607 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
608 128,
609 128,
610 },
611 {
612 1,
613 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
614 TLS1_CK_RSA_WITH_AES_256_CCM_8,
615 SSL_kRSA,
616 SSL_aRSA,
617 SSL_AES256CCM8,
618 SSL_AEAD,
619 TLS1_2_VERSION, TLS1_2_VERSION,
620 DTLS1_2_VERSION, DTLS1_2_VERSION,
621 SSL_NOT_DEFAULT | SSL_HIGH,
622 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
623 256,
624 256,
625 },
626 {
627 1,
628 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
629 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
630 SSL_kDHE,
631 SSL_aRSA,
632 SSL_AES128CCM8,
633 SSL_AEAD,
634 TLS1_2_VERSION, TLS1_2_VERSION,
635 DTLS1_2_VERSION, DTLS1_2_VERSION,
636 SSL_NOT_DEFAULT | SSL_HIGH,
637 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
638 128,
639 128,
640 },
641 {
642 1,
643 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
644 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
645 SSL_kDHE,
646 SSL_aRSA,
647 SSL_AES256CCM8,
648 SSL_AEAD,
649 TLS1_2_VERSION, TLS1_2_VERSION,
650 DTLS1_2_VERSION, DTLS1_2_VERSION,
651 SSL_NOT_DEFAULT | SSL_HIGH,
652 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
653 256,
654 256,
655 },
656 {
657 1,
658 TLS1_TXT_PSK_WITH_AES_128_CCM,
659 TLS1_CK_PSK_WITH_AES_128_CCM,
660 SSL_kPSK,
661 SSL_aPSK,
662 SSL_AES128CCM,
663 SSL_AEAD,
664 TLS1_2_VERSION, TLS1_2_VERSION,
665 DTLS1_2_VERSION, DTLS1_2_VERSION,
666 SSL_NOT_DEFAULT | SSL_HIGH,
667 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
668 128,
669 128,
670 },
671 {
672 1,
673 TLS1_TXT_PSK_WITH_AES_256_CCM,
674 TLS1_CK_PSK_WITH_AES_256_CCM,
675 SSL_kPSK,
676 SSL_aPSK,
677 SSL_AES256CCM,
678 SSL_AEAD,
679 TLS1_2_VERSION, TLS1_2_VERSION,
680 DTLS1_2_VERSION, DTLS1_2_VERSION,
681 SSL_NOT_DEFAULT | SSL_HIGH,
682 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
683 256,
684 256,
685 },
686 {
687 1,
688 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
689 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
690 SSL_kDHEPSK,
691 SSL_aPSK,
692 SSL_AES128CCM,
693 SSL_AEAD,
694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
696 SSL_NOT_DEFAULT | SSL_HIGH,
697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
698 128,
699 128,
700 },
701 {
702 1,
703 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
704 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
705 SSL_kDHEPSK,
706 SSL_aPSK,
707 SSL_AES256CCM,
708 SSL_AEAD,
709 TLS1_2_VERSION, TLS1_2_VERSION,
710 DTLS1_2_VERSION, DTLS1_2_VERSION,
711 SSL_NOT_DEFAULT | SSL_HIGH,
712 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
713 256,
714 256,
715 },
716 {
717 1,
718 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
719 TLS1_CK_PSK_WITH_AES_128_CCM_8,
720 SSL_kPSK,
721 SSL_aPSK,
722 SSL_AES128CCM8,
723 SSL_AEAD,
724 TLS1_2_VERSION, TLS1_2_VERSION,
725 DTLS1_2_VERSION, DTLS1_2_VERSION,
726 SSL_NOT_DEFAULT | SSL_HIGH,
727 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
728 128,
729 128,
730 },
731 {
732 1,
733 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
734 TLS1_CK_PSK_WITH_AES_256_CCM_8,
735 SSL_kPSK,
736 SSL_aPSK,
737 SSL_AES256CCM8,
738 SSL_AEAD,
739 TLS1_2_VERSION, TLS1_2_VERSION,
740 DTLS1_2_VERSION, DTLS1_2_VERSION,
741 SSL_NOT_DEFAULT | SSL_HIGH,
742 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
743 256,
744 256,
745 },
746 {
747 1,
748 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
749 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
750 SSL_kDHEPSK,
751 SSL_aPSK,
752 SSL_AES128CCM8,
753 SSL_AEAD,
754 TLS1_2_VERSION, TLS1_2_VERSION,
755 DTLS1_2_VERSION, DTLS1_2_VERSION,
756 SSL_NOT_DEFAULT | SSL_HIGH,
757 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
758 128,
759 128,
760 },
761 {
762 1,
763 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
764 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
765 SSL_kDHEPSK,
766 SSL_aPSK,
767 SSL_AES256CCM8,
768 SSL_AEAD,
769 TLS1_2_VERSION, TLS1_2_VERSION,
770 DTLS1_2_VERSION, DTLS1_2_VERSION,
771 SSL_NOT_DEFAULT | SSL_HIGH,
772 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
773 256,
774 256,
775 },
776 {
777 1,
778 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
779 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
780 SSL_kECDHE,
781 SSL_aECDSA,
782 SSL_AES128CCM,
783 SSL_AEAD,
784 TLS1_2_VERSION, TLS1_2_VERSION,
785 DTLS1_2_VERSION, DTLS1_2_VERSION,
786 SSL_NOT_DEFAULT | SSL_HIGH,
787 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
788 128,
789 128,
790 },
791 {
792 1,
793 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
794 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
795 SSL_kECDHE,
796 SSL_aECDSA,
797 SSL_AES256CCM,
798 SSL_AEAD,
799 TLS1_2_VERSION, TLS1_2_VERSION,
800 DTLS1_2_VERSION, DTLS1_2_VERSION,
801 SSL_NOT_DEFAULT | SSL_HIGH,
802 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
803 256,
804 256,
805 },
806 {
807 1,
808 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
809 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
810 SSL_kECDHE,
811 SSL_aECDSA,
812 SSL_AES128CCM8,
813 SSL_AEAD,
814 TLS1_2_VERSION, TLS1_2_VERSION,
815 DTLS1_2_VERSION, DTLS1_2_VERSION,
816 SSL_NOT_DEFAULT | SSL_HIGH,
817 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
818 128,
819 128,
820 },
821 {
822 1,
823 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
824 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
825 SSL_kECDHE,
826 SSL_aECDSA,
827 SSL_AES256CCM8,
828 SSL_AEAD,
829 TLS1_2_VERSION, TLS1_2_VERSION,
830 DTLS1_2_VERSION, DTLS1_2_VERSION,
831 SSL_NOT_DEFAULT | SSL_HIGH,
832 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
833 256,
834 256,
835 },
836
837 #ifndef OPENSSL_NO_EC
838 {
839 1,
840 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
841 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
842 SSL_kECDHE,
843 SSL_aECDSA,
844 SSL_eNULL,
845 SSL_SHA1,
846 SSL3_VERSION, TLS1_2_VERSION,
847 DTLS1_VERSION, DTLS1_2_VERSION,
848 SSL_STRONG_NONE | SSL_FIPS,
849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
850 0,
851 0,
852 },
853 {
854 1,
855 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
856 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
857 SSL_kECDHE,
858 SSL_aECDSA,
859 SSL_3DES,
860 SSL_SHA1,
861 SSL3_VERSION, TLS1_2_VERSION,
862 DTLS1_VERSION, DTLS1_2_VERSION,
863 SSL_MEDIUM | SSL_FIPS,
864 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
865 112,
866 168,
867 },
868 {
869 1,
870 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
871 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
872 SSL_kECDHE,
873 SSL_aECDSA,
874 SSL_AES128,
875 SSL_SHA1,
876 SSL3_VERSION, TLS1_2_VERSION,
877 DTLS1_VERSION, DTLS1_2_VERSION,
878 SSL_HIGH | SSL_FIPS,
879 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
880 128,
881 128,
882 },
883 {
884 1,
885 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
886 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
887 SSL_kECDHE,
888 SSL_aECDSA,
889 SSL_AES256,
890 SSL_SHA1,
891 SSL3_VERSION, TLS1_2_VERSION,
892 DTLS1_VERSION, DTLS1_2_VERSION,
893 SSL_HIGH | SSL_FIPS,
894 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
895 256,
896 256,
897 },
898 {
899 1,
900 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
901 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
902 SSL_kECDHE,
903 SSL_aRSA,
904 SSL_eNULL,
905 SSL_SHA1,
906 SSL3_VERSION, TLS1_2_VERSION,
907 DTLS1_VERSION, DTLS1_2_VERSION,
908 SSL_STRONG_NONE | SSL_FIPS,
909 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
910 0,
911 0,
912 },
913 {
914 1,
915 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
916 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
917 SSL_kECDHE,
918 SSL_aRSA,
919 SSL_3DES,
920 SSL_SHA1,
921 SSL3_VERSION, TLS1_2_VERSION,
922 DTLS1_VERSION, DTLS1_2_VERSION,
923 SSL_MEDIUM | SSL_FIPS,
924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
925 112,
926 168,
927 },
928 {
929 1,
930 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
931 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
932 SSL_kECDHE,
933 SSL_aRSA,
934 SSL_AES128,
935 SSL_SHA1,
936 SSL3_VERSION, TLS1_2_VERSION,
937 DTLS1_VERSION, DTLS1_2_VERSION,
938 SSL_HIGH | SSL_FIPS,
939 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
940 128,
941 128,
942 },
943 {
944 1,
945 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
946 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
947 SSL_kECDHE,
948 SSL_aRSA,
949 SSL_AES256,
950 SSL_SHA1,
951 SSL3_VERSION, TLS1_2_VERSION,
952 DTLS1_VERSION, DTLS1_2_VERSION,
953 SSL_HIGH | SSL_FIPS,
954 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
955 256,
956 256,
957 },
958 {
959 1,
960 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
961 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
962 SSL_kECDHE,
963 SSL_aNULL,
964 SSL_eNULL,
965 SSL_SHA1,
966 SSL3_VERSION, TLS1_2_VERSION,
967 DTLS1_VERSION, DTLS1_2_VERSION,
968 SSL_STRONG_NONE | SSL_FIPS,
969 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
970 0,
971 0,
972 },
973 {
974 1,
975 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
976 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
977 SSL_kECDHE,
978 SSL_aNULL,
979 SSL_3DES,
980 SSL_SHA1,
981 SSL3_VERSION, TLS1_2_VERSION,
982 DTLS1_VERSION, DTLS1_2_VERSION,
983 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
984 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
985 112,
986 168,
987 },
988 {
989 1,
990 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
991 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
992 SSL_kECDHE,
993 SSL_aNULL,
994 SSL_AES128,
995 SSL_SHA1,
996 SSL3_VERSION, TLS1_2_VERSION,
997 DTLS1_VERSION, DTLS1_2_VERSION,
998 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
999 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1000 128,
1001 128,
1002 },
1003 {
1004 1,
1005 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1006 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1007 SSL_kECDHE,
1008 SSL_aNULL,
1009 SSL_AES256,
1010 SSL_SHA1,
1011 SSL3_VERSION, TLS1_2_VERSION,
1012 DTLS1_VERSION, DTLS1_2_VERSION,
1013 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1014 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1015 256,
1016 256,
1017 },
1018 {
1019 1,
1020 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1021 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1022 SSL_kECDHE,
1023 SSL_aECDSA,
1024 SSL_AES128,
1025 SSL_SHA256,
1026 TLS1_2_VERSION, TLS1_2_VERSION,
1027 DTLS1_2_VERSION, DTLS1_2_VERSION,
1028 SSL_HIGH | SSL_FIPS,
1029 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1030 128,
1031 128,
1032 },
1033 {
1034 1,
1035 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1036 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1037 SSL_kECDHE,
1038 SSL_aECDSA,
1039 SSL_AES256,
1040 SSL_SHA384,
1041 TLS1_2_VERSION, TLS1_2_VERSION,
1042 DTLS1_2_VERSION, DTLS1_2_VERSION,
1043 SSL_HIGH | SSL_FIPS,
1044 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1045 256,
1046 256,
1047 },
1048 {
1049 1,
1050 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1051 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1052 SSL_kECDHE,
1053 SSL_aRSA,
1054 SSL_AES128,
1055 SSL_SHA256,
1056 TLS1_2_VERSION, TLS1_2_VERSION,
1057 DTLS1_2_VERSION, DTLS1_2_VERSION,
1058 SSL_HIGH | SSL_FIPS,
1059 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1060 128,
1061 128,
1062 },
1063 {
1064 1,
1065 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1066 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1067 SSL_kECDHE,
1068 SSL_aRSA,
1069 SSL_AES256,
1070 SSL_SHA384,
1071 TLS1_2_VERSION, TLS1_2_VERSION,
1072 DTLS1_2_VERSION, DTLS1_2_VERSION,
1073 SSL_HIGH | SSL_FIPS,
1074 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1075 256,
1076 256,
1077 },
1078 {
1079 1,
1080 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1081 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1082 SSL_kECDHE,
1083 SSL_aECDSA,
1084 SSL_AES128GCM,
1085 SSL_AEAD,
1086 TLS1_2_VERSION, TLS1_2_VERSION,
1087 DTLS1_2_VERSION, DTLS1_2_VERSION,
1088 SSL_HIGH | SSL_FIPS,
1089 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1090 128,
1091 128,
1092 },
1093 {
1094 1,
1095 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1096 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1097 SSL_kECDHE,
1098 SSL_aECDSA,
1099 SSL_AES256GCM,
1100 SSL_AEAD,
1101 TLS1_2_VERSION, TLS1_2_VERSION,
1102 DTLS1_2_VERSION, DTLS1_2_VERSION,
1103 SSL_HIGH | SSL_FIPS,
1104 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1105 256,
1106 256,
1107 },
1108 {
1109 1,
1110 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1111 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1112 SSL_kECDHE,
1113 SSL_aRSA,
1114 SSL_AES128GCM,
1115 SSL_AEAD,
1116 TLS1_2_VERSION, TLS1_2_VERSION,
1117 DTLS1_2_VERSION, DTLS1_2_VERSION,
1118 SSL_HIGH | SSL_FIPS,
1119 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1120 128,
1121 128,
1122 },
1123 {
1124 1,
1125 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1126 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1127 SSL_kECDHE,
1128 SSL_aRSA,
1129 SSL_AES256GCM,
1130 SSL_AEAD,
1131 TLS1_2_VERSION, TLS1_2_VERSION,
1132 DTLS1_2_VERSION, DTLS1_2_VERSION,
1133 SSL_HIGH | SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1135 256,
1136 256,
1137 },
1138 #endif /* OPENSSL_NO_EC */
1139
1140 #ifndef OPENSSL_NO_PSK
1141 {
1142 1,
1143 TLS1_TXT_PSK_WITH_NULL_SHA,
1144 TLS1_CK_PSK_WITH_NULL_SHA,
1145 SSL_kPSK,
1146 SSL_aPSK,
1147 SSL_eNULL,
1148 SSL_SHA1,
1149 SSL3_VERSION, TLS1_2_VERSION,
1150 DTLS1_VERSION, DTLS1_2_VERSION,
1151 SSL_STRONG_NONE | SSL_FIPS,
1152 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1153 0,
1154 0,
1155 },
1156 {
1157 1,
1158 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1159 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1160 SSL_kDHEPSK,
1161 SSL_aPSK,
1162 SSL_eNULL,
1163 SSL_SHA1,
1164 SSL3_VERSION, TLS1_2_VERSION,
1165 DTLS1_VERSION, DTLS1_2_VERSION,
1166 SSL_STRONG_NONE | SSL_FIPS,
1167 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1168 0,
1169 0,
1170 },
1171 {
1172 1,
1173 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1174 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1175 SSL_kRSAPSK,
1176 SSL_aRSA,
1177 SSL_eNULL,
1178 SSL_SHA1,
1179 SSL3_VERSION, TLS1_2_VERSION,
1180 DTLS1_VERSION, DTLS1_2_VERSION,
1181 SSL_STRONG_NONE | SSL_FIPS,
1182 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1183 0,
1184 0,
1185 },
1186 {
1187 1,
1188 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1189 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1190 SSL_kPSK,
1191 SSL_aPSK,
1192 SSL_3DES,
1193 SSL_SHA1,
1194 SSL3_VERSION, TLS1_2_VERSION,
1195 DTLS1_VERSION, DTLS1_2_VERSION,
1196 SSL_MEDIUM | SSL_FIPS,
1197 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1198 112,
1199 168,
1200 },
1201 {
1202 1,
1203 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1204 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1205 SSL_kPSK,
1206 SSL_aPSK,
1207 SSL_AES128,
1208 SSL_SHA1,
1209 SSL3_VERSION, TLS1_2_VERSION,
1210 DTLS1_VERSION, DTLS1_2_VERSION,
1211 SSL_HIGH | SSL_FIPS,
1212 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1213 128,
1214 128,
1215 },
1216 {
1217 1,
1218 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1219 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1220 SSL_kPSK,
1221 SSL_aPSK,
1222 SSL_AES256,
1223 SSL_SHA1,
1224 SSL3_VERSION, TLS1_2_VERSION,
1225 DTLS1_VERSION, DTLS1_2_VERSION,
1226 SSL_HIGH | SSL_FIPS,
1227 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1228 256,
1229 256,
1230 },
1231 {
1232 1,
1233 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1234 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1235 SSL_kDHEPSK,
1236 SSL_aPSK,
1237 SSL_3DES,
1238 SSL_SHA1,
1239 SSL3_VERSION, TLS1_2_VERSION,
1240 DTLS1_VERSION, DTLS1_2_VERSION,
1241 SSL_MEDIUM | SSL_FIPS,
1242 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1243 112,
1244 168,
1245 },
1246 {
1247 1,
1248 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1249 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1250 SSL_kDHEPSK,
1251 SSL_aPSK,
1252 SSL_AES128,
1253 SSL_SHA1,
1254 SSL3_VERSION, TLS1_2_VERSION,
1255 DTLS1_VERSION, DTLS1_2_VERSION,
1256 SSL_HIGH | SSL_FIPS,
1257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1258 128,
1259 128,
1260 },
1261 {
1262 1,
1263 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1264 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1265 SSL_kDHEPSK,
1266 SSL_aPSK,
1267 SSL_AES256,
1268 SSL_SHA1,
1269 SSL3_VERSION, TLS1_2_VERSION,
1270 DTLS1_VERSION, DTLS1_2_VERSION,
1271 SSL_HIGH | SSL_FIPS,
1272 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1273 256,
1274 256,
1275 },
1276 {
1277 1,
1278 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1279 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1280 SSL_kRSAPSK,
1281 SSL_aRSA,
1282 SSL_3DES,
1283 SSL_SHA1,
1284 SSL3_VERSION, TLS1_2_VERSION,
1285 DTLS1_VERSION, DTLS1_2_VERSION,
1286 SSL_MEDIUM | SSL_FIPS,
1287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1288 112,
1289 168,
1290 },
1291 {
1292 1,
1293 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1294 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1295 SSL_kRSAPSK,
1296 SSL_aRSA,
1297 SSL_AES128,
1298 SSL_SHA1,
1299 SSL3_VERSION, TLS1_2_VERSION,
1300 DTLS1_VERSION, DTLS1_2_VERSION,
1301 SSL_HIGH | SSL_FIPS,
1302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1303 128,
1304 128,
1305 },
1306 {
1307 1,
1308 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1309 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1310 SSL_kRSAPSK,
1311 SSL_aRSA,
1312 SSL_AES256,
1313 SSL_SHA1,
1314 SSL3_VERSION, TLS1_2_VERSION,
1315 DTLS1_VERSION, DTLS1_2_VERSION,
1316 SSL_HIGH | SSL_FIPS,
1317 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1318 256,
1319 256,
1320 },
1321 {
1322 1,
1323 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1324 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1325 SSL_kPSK,
1326 SSL_aPSK,
1327 SSL_AES128GCM,
1328 SSL_AEAD,
1329 TLS1_2_VERSION, TLS1_2_VERSION,
1330 DTLS1_2_VERSION, DTLS1_2_VERSION,
1331 SSL_HIGH | SSL_FIPS,
1332 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1333 128,
1334 128,
1335 },
1336 {
1337 1,
1338 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1339 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1340 SSL_kPSK,
1341 SSL_aPSK,
1342 SSL_AES256GCM,
1343 SSL_AEAD,
1344 TLS1_2_VERSION, TLS1_2_VERSION,
1345 DTLS1_2_VERSION, DTLS1_2_VERSION,
1346 SSL_HIGH | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1348 256,
1349 256,
1350 },
1351 {
1352 1,
1353 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1354 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1355 SSL_kDHEPSK,
1356 SSL_aPSK,
1357 SSL_AES128GCM,
1358 SSL_AEAD,
1359 TLS1_2_VERSION, TLS1_2_VERSION,
1360 DTLS1_2_VERSION, DTLS1_2_VERSION,
1361 SSL_HIGH | SSL_FIPS,
1362 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1363 128,
1364 128,
1365 },
1366 {
1367 1,
1368 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1369 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1370 SSL_kDHEPSK,
1371 SSL_aPSK,
1372 SSL_AES256GCM,
1373 SSL_AEAD,
1374 TLS1_2_VERSION, TLS1_2_VERSION,
1375 DTLS1_2_VERSION, DTLS1_2_VERSION,
1376 SSL_HIGH | SSL_FIPS,
1377 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1378 256,
1379 256,
1380 },
1381 {
1382 1,
1383 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1384 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1385 SSL_kRSAPSK,
1386 SSL_aRSA,
1387 SSL_AES128GCM,
1388 SSL_AEAD,
1389 TLS1_2_VERSION, TLS1_2_VERSION,
1390 DTLS1_2_VERSION, DTLS1_2_VERSION,
1391 SSL_HIGH | SSL_FIPS,
1392 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1393 128,
1394 128,
1395 },
1396 {
1397 1,
1398 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1399 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1400 SSL_kRSAPSK,
1401 SSL_aRSA,
1402 SSL_AES256GCM,
1403 SSL_AEAD,
1404 TLS1_2_VERSION, TLS1_2_VERSION,
1405 DTLS1_2_VERSION, DTLS1_2_VERSION,
1406 SSL_HIGH | SSL_FIPS,
1407 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1408 256,
1409 256,
1410 },
1411 {
1412 1,
1413 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1414 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1415 SSL_kPSK,
1416 SSL_aPSK,
1417 SSL_AES128,
1418 SSL_SHA256,
1419 TLS1_VERSION, TLS1_2_VERSION,
1420 DTLS1_VERSION, DTLS1_2_VERSION,
1421 SSL_HIGH | SSL_FIPS,
1422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1423 128,
1424 128,
1425 },
1426 {
1427 1,
1428 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1429 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1430 SSL_kPSK,
1431 SSL_aPSK,
1432 SSL_AES256,
1433 SSL_SHA384,
1434 TLS1_VERSION, TLS1_2_VERSION,
1435 DTLS1_VERSION, DTLS1_2_VERSION,
1436 SSL_HIGH | SSL_FIPS,
1437 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1438 256,
1439 256,
1440 },
1441 {
1442 1,
1443 TLS1_TXT_PSK_WITH_NULL_SHA256,
1444 TLS1_CK_PSK_WITH_NULL_SHA256,
1445 SSL_kPSK,
1446 SSL_aPSK,
1447 SSL_eNULL,
1448 SSL_SHA256,
1449 TLS1_VERSION, TLS1_2_VERSION,
1450 DTLS1_VERSION, DTLS1_2_VERSION,
1451 SSL_STRONG_NONE | SSL_FIPS,
1452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1453 0,
1454 0,
1455 },
1456 {
1457 1,
1458 TLS1_TXT_PSK_WITH_NULL_SHA384,
1459 TLS1_CK_PSK_WITH_NULL_SHA384,
1460 SSL_kPSK,
1461 SSL_aPSK,
1462 SSL_eNULL,
1463 SSL_SHA384,
1464 TLS1_VERSION, TLS1_2_VERSION,
1465 DTLS1_VERSION, DTLS1_2_VERSION,
1466 SSL_STRONG_NONE | SSL_FIPS,
1467 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1468 0,
1469 0,
1470 },
1471 {
1472 1,
1473 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1474 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1475 SSL_kDHEPSK,
1476 SSL_aPSK,
1477 SSL_AES128,
1478 SSL_SHA256,
1479 TLS1_VERSION, TLS1_2_VERSION,
1480 DTLS1_VERSION, DTLS1_2_VERSION,
1481 SSL_HIGH | SSL_FIPS,
1482 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1483 128,
1484 128,
1485 },
1486 {
1487 1,
1488 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1489 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1490 SSL_kDHEPSK,
1491 SSL_aPSK,
1492 SSL_AES256,
1493 SSL_SHA384,
1494 TLS1_VERSION, TLS1_2_VERSION,
1495 DTLS1_VERSION, DTLS1_2_VERSION,
1496 SSL_HIGH | SSL_FIPS,
1497 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1498 256,
1499 256,
1500 },
1501 {
1502 1,
1503 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1504 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1505 SSL_kDHEPSK,
1506 SSL_aPSK,
1507 SSL_eNULL,
1508 SSL_SHA256,
1509 TLS1_VERSION, TLS1_2_VERSION,
1510 DTLS1_VERSION, DTLS1_2_VERSION,
1511 SSL_STRONG_NONE | SSL_FIPS,
1512 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1513 0,
1514 0,
1515 },
1516 {
1517 1,
1518 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1519 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1520 SSL_kDHEPSK,
1521 SSL_aPSK,
1522 SSL_eNULL,
1523 SSL_SHA384,
1524 TLS1_VERSION, TLS1_2_VERSION,
1525 DTLS1_VERSION, DTLS1_2_VERSION,
1526 SSL_STRONG_NONE | SSL_FIPS,
1527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1528 0,
1529 0,
1530 },
1531 {
1532 1,
1533 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1534 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1535 SSL_kRSAPSK,
1536 SSL_aRSA,
1537 SSL_AES128,
1538 SSL_SHA256,
1539 TLS1_VERSION, TLS1_2_VERSION,
1540 DTLS1_VERSION, DTLS1_2_VERSION,
1541 SSL_HIGH | SSL_FIPS,
1542 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1543 128,
1544 128,
1545 },
1546 {
1547 1,
1548 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1549 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1550 SSL_kRSAPSK,
1551 SSL_aRSA,
1552 SSL_AES256,
1553 SSL_SHA384,
1554 TLS1_VERSION, TLS1_2_VERSION,
1555 DTLS1_VERSION, DTLS1_2_VERSION,
1556 SSL_HIGH | SSL_FIPS,
1557 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1558 256,
1559 256,
1560 },
1561 {
1562 1,
1563 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1564 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1565 SSL_kRSAPSK,
1566 SSL_aRSA,
1567 SSL_eNULL,
1568 SSL_SHA256,
1569 TLS1_VERSION, TLS1_2_VERSION,
1570 DTLS1_VERSION, DTLS1_2_VERSION,
1571 SSL_STRONG_NONE | SSL_FIPS,
1572 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1573 0,
1574 0,
1575 },
1576 {
1577 1,
1578 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1579 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1580 SSL_kRSAPSK,
1581 SSL_aRSA,
1582 SSL_eNULL,
1583 SSL_SHA384,
1584 TLS1_VERSION, TLS1_2_VERSION,
1585 DTLS1_VERSION, DTLS1_2_VERSION,
1586 SSL_STRONG_NONE | SSL_FIPS,
1587 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1588 0,
1589 0,
1590 },
1591 # ifndef OPENSSL_NO_EC
1592 {
1593 1,
1594 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1595 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1596 SSL_kECDHEPSK,
1597 SSL_aPSK,
1598 SSL_3DES,
1599 SSL_SHA1,
1600 SSL3_VERSION, TLS1_2_VERSION,
1601 DTLS1_VERSION, DTLS1_2_VERSION,
1602 SSL_MEDIUM | SSL_FIPS,
1603 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1604 112,
1605 168,
1606 },
1607 {
1608 1,
1609 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1610 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1611 SSL_kECDHEPSK,
1612 SSL_aPSK,
1613 SSL_AES128,
1614 SSL_SHA1,
1615 SSL3_VERSION, TLS1_2_VERSION,
1616 DTLS1_VERSION, DTLS1_2_VERSION,
1617 SSL_HIGH | SSL_FIPS,
1618 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1619 128,
1620 128,
1621 },
1622 {
1623 1,
1624 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1625 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1626 SSL_kECDHEPSK,
1627 SSL_aPSK,
1628 SSL_AES256,
1629 SSL_SHA1,
1630 SSL3_VERSION, TLS1_2_VERSION,
1631 DTLS1_VERSION, DTLS1_2_VERSION,
1632 SSL_HIGH | SSL_FIPS,
1633 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1634 256,
1635 256,
1636 },
1637 {
1638 1,
1639 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1640 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1641 SSL_kECDHEPSK,
1642 SSL_aPSK,
1643 SSL_AES128,
1644 SSL_SHA256,
1645 TLS1_VERSION, TLS1_2_VERSION,
1646 DTLS1_VERSION, DTLS1_2_VERSION,
1647 SSL_HIGH | SSL_FIPS,
1648 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1649 128,
1650 128,
1651 },
1652 {
1653 1,
1654 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1655 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1656 SSL_kECDHEPSK,
1657 SSL_aPSK,
1658 SSL_AES256,
1659 SSL_SHA384,
1660 TLS1_VERSION, TLS1_2_VERSION,
1661 DTLS1_VERSION, DTLS1_2_VERSION,
1662 SSL_HIGH | SSL_FIPS,
1663 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1664 256,
1665 256,
1666 },
1667 {
1668 1,
1669 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1670 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1671 SSL_kECDHEPSK,
1672 SSL_aPSK,
1673 SSL_eNULL,
1674 SSL_SHA1,
1675 SSL3_VERSION, TLS1_2_VERSION,
1676 DTLS1_VERSION, DTLS1_2_VERSION,
1677 SSL_STRONG_NONE | SSL_FIPS,
1678 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1679 0,
1680 0,
1681 },
1682 {
1683 1,
1684 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1685 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1686 SSL_kECDHEPSK,
1687 SSL_aPSK,
1688 SSL_eNULL,
1689 SSL_SHA256,
1690 TLS1_VERSION, TLS1_2_VERSION,
1691 DTLS1_VERSION, DTLS1_2_VERSION,
1692 SSL_STRONG_NONE | SSL_FIPS,
1693 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1694 0,
1695 0,
1696 },
1697 {
1698 1,
1699 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1700 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1701 SSL_kECDHEPSK,
1702 SSL_aPSK,
1703 SSL_eNULL,
1704 SSL_SHA384,
1705 TLS1_VERSION, TLS1_2_VERSION,
1706 DTLS1_VERSION, DTLS1_2_VERSION,
1707 SSL_STRONG_NONE | SSL_FIPS,
1708 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1709 0,
1710 0,
1711 },
1712 # endif /* OPENSSL_NO_EC */
1713 #endif /* OPENSSL_NO_PSK */
1714
1715 #ifndef OPENSSL_NO_SRP
1716 {
1717 1,
1718 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1719 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1720 SSL_kSRP,
1721 SSL_aSRP,
1722 SSL_3DES,
1723 SSL_SHA1,
1724 SSL3_VERSION, TLS1_2_VERSION,
1725 DTLS1_VERSION, DTLS1_2_VERSION,
1726 SSL_MEDIUM,
1727 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1728 112,
1729 168,
1730 },
1731 {
1732 1,
1733 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1734 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1735 SSL_kSRP,
1736 SSL_aRSA,
1737 SSL_3DES,
1738 SSL_SHA1,
1739 SSL3_VERSION, TLS1_2_VERSION,
1740 DTLS1_VERSION, DTLS1_2_VERSION,
1741 SSL_MEDIUM,
1742 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1743 112,
1744 168,
1745 },
1746 {
1747 1,
1748 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1749 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1750 SSL_kSRP,
1751 SSL_aDSS,
1752 SSL_3DES,
1753 SSL_SHA1,
1754 SSL3_VERSION, TLS1_2_VERSION,
1755 DTLS1_VERSION, DTLS1_2_VERSION,
1756 SSL_NOT_DEFAULT | SSL_MEDIUM,
1757 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1758 112,
1759 168,
1760 },
1761 {
1762 1,
1763 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1764 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1765 SSL_kSRP,
1766 SSL_aSRP,
1767 SSL_AES128,
1768 SSL_SHA1,
1769 SSL3_VERSION, TLS1_2_VERSION,
1770 DTLS1_VERSION, DTLS1_2_VERSION,
1771 SSL_HIGH,
1772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1773 128,
1774 128,
1775 },
1776 {
1777 1,
1778 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1779 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1780 SSL_kSRP,
1781 SSL_aRSA,
1782 SSL_AES128,
1783 SSL_SHA1,
1784 SSL3_VERSION, TLS1_2_VERSION,
1785 DTLS1_VERSION, DTLS1_2_VERSION,
1786 SSL_HIGH,
1787 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1788 128,
1789 128,
1790 },
1791 {
1792 1,
1793 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1794 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1795 SSL_kSRP,
1796 SSL_aDSS,
1797 SSL_AES128,
1798 SSL_SHA1,
1799 SSL3_VERSION, TLS1_2_VERSION,
1800 DTLS1_VERSION, DTLS1_2_VERSION,
1801 SSL_NOT_DEFAULT | SSL_HIGH,
1802 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1803 128,
1804 128,
1805 },
1806 {
1807 1,
1808 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1809 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1810 SSL_kSRP,
1811 SSL_aSRP,
1812 SSL_AES256,
1813 SSL_SHA1,
1814 SSL3_VERSION, TLS1_2_VERSION,
1815 DTLS1_VERSION, DTLS1_2_VERSION,
1816 SSL_HIGH,
1817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1818 256,
1819 256,
1820 },
1821 {
1822 1,
1823 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1824 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1825 SSL_kSRP,
1826 SSL_aRSA,
1827 SSL_AES256,
1828 SSL_SHA1,
1829 SSL3_VERSION, TLS1_2_VERSION,
1830 DTLS1_VERSION, DTLS1_2_VERSION,
1831 SSL_HIGH,
1832 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1833 256,
1834 256,
1835 },
1836 {
1837 1,
1838 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1839 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1840 SSL_kSRP,
1841 SSL_aDSS,
1842 SSL_AES256,
1843 SSL_SHA1,
1844 SSL3_VERSION, TLS1_2_VERSION,
1845 DTLS1_VERSION, DTLS1_2_VERSION,
1846 SSL_NOT_DEFAULT | SSL_HIGH,
1847 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1848 256,
1849 256,
1850 },
1851 #endif /* OPENSSL_NO_SRP */
1852
1853 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1854 # ifndef OPENSSL_NO_RSA
1855 {
1856 1,
1857 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1858 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1859 SSL_kDHE,
1860 SSL_aRSA,
1861 SSL_CHACHA20POLY1305,
1862 SSL_AEAD,
1863 TLS1_2_VERSION, TLS1_2_VERSION,
1864 DTLS1_2_VERSION, DTLS1_2_VERSION,
1865 SSL_HIGH,
1866 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1867 256,
1868 256,
1869 },
1870 # endif /* OPENSSL_NO_RSA */
1871
1872 # ifndef OPENSSL_NO_EC
1873 {
1874 1,
1875 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1876 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1877 SSL_kECDHE,
1878 SSL_aRSA,
1879 SSL_CHACHA20POLY1305,
1880 SSL_AEAD,
1881 TLS1_2_VERSION, TLS1_2_VERSION,
1882 DTLS1_2_VERSION, DTLS1_2_VERSION,
1883 SSL_HIGH,
1884 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1885 256,
1886 256,
1887 },
1888 {
1889 1,
1890 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1891 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1892 SSL_kECDHE,
1893 SSL_aECDSA,
1894 SSL_CHACHA20POLY1305,
1895 SSL_AEAD,
1896 TLS1_2_VERSION, TLS1_2_VERSION,
1897 DTLS1_2_VERSION, DTLS1_2_VERSION,
1898 SSL_HIGH,
1899 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1900 256,
1901 256,
1902 },
1903 # endif /* OPENSSL_NO_EC */
1904
1905 # ifndef OPENSSL_NO_PSK
1906 {
1907 1,
1908 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
1909 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
1910 SSL_kPSK,
1911 SSL_aPSK,
1912 SSL_CHACHA20POLY1305,
1913 SSL_AEAD,
1914 TLS1_2_VERSION, TLS1_2_VERSION,
1915 DTLS1_2_VERSION, DTLS1_2_VERSION,
1916 SSL_HIGH,
1917 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1918 256,
1919 256,
1920 },
1921 {
1922 1,
1923 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1924 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1925 SSL_kECDHEPSK,
1926 SSL_aPSK,
1927 SSL_CHACHA20POLY1305,
1928 SSL_AEAD,
1929 TLS1_2_VERSION, TLS1_2_VERSION,
1930 DTLS1_2_VERSION, DTLS1_2_VERSION,
1931 SSL_HIGH,
1932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1933 256,
1934 256,
1935 },
1936 {
1937 1,
1938 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
1939 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
1940 SSL_kDHEPSK,
1941 SSL_aPSK,
1942 SSL_CHACHA20POLY1305,
1943 SSL_AEAD,
1944 TLS1_2_VERSION, TLS1_2_VERSION,
1945 DTLS1_2_VERSION, DTLS1_2_VERSION,
1946 SSL_HIGH,
1947 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1948 256,
1949 256,
1950 },
1951 {
1952 1,
1953 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
1954 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
1955 SSL_kRSAPSK,
1956 SSL_aRSA,
1957 SSL_CHACHA20POLY1305,
1958 SSL_AEAD,
1959 TLS1_2_VERSION, TLS1_2_VERSION,
1960 DTLS1_2_VERSION, DTLS1_2_VERSION,
1961 SSL_HIGH,
1962 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1963 256,
1964 256,
1965 },
1966 # endif /* OPENSSL_NO_PSK */
1967 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1968
1969 #ifndef OPENSSL_NO_CAMELLIA
1970 {
1971 1,
1972 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1973 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1974 SSL_kRSA,
1975 SSL_aRSA,
1976 SSL_CAMELLIA128,
1977 SSL_SHA256,
1978 TLS1_2_VERSION, TLS1_2_VERSION,
1979 DTLS1_2_VERSION, DTLS1_2_VERSION,
1980 SSL_NOT_DEFAULT | SSL_HIGH,
1981 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1982 128,
1983 128,
1984 },
1985 {
1986 1,
1987 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1988 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1989 SSL_kEDH,
1990 SSL_aDSS,
1991 SSL_CAMELLIA128,
1992 SSL_SHA256,
1993 TLS1_2_VERSION, TLS1_2_VERSION,
1994 DTLS1_2_VERSION, DTLS1_2_VERSION,
1995 SSL_NOT_DEFAULT | SSL_HIGH,
1996 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1997 128,
1998 128,
1999 },
2000 {
2001 1,
2002 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2003 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2004 SSL_kEDH,
2005 SSL_aRSA,
2006 SSL_CAMELLIA128,
2007 SSL_SHA256,
2008 TLS1_2_VERSION, TLS1_2_VERSION,
2009 DTLS1_2_VERSION, DTLS1_2_VERSION,
2010 SSL_NOT_DEFAULT | SSL_HIGH,
2011 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2012 128,
2013 128,
2014 },
2015 {
2016 1,
2017 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2018 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2019 SSL_kEDH,
2020 SSL_aNULL,
2021 SSL_CAMELLIA128,
2022 SSL_SHA256,
2023 TLS1_2_VERSION, TLS1_2_VERSION,
2024 DTLS1_2_VERSION, DTLS1_2_VERSION,
2025 SSL_NOT_DEFAULT | SSL_HIGH,
2026 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2027 128,
2028 128,
2029 },
2030 {
2031 1,
2032 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2033 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2034 SSL_kRSA,
2035 SSL_aRSA,
2036 SSL_CAMELLIA256,
2037 SSL_SHA256,
2038 TLS1_2_VERSION, TLS1_2_VERSION,
2039 DTLS1_2_VERSION, DTLS1_2_VERSION,
2040 SSL_NOT_DEFAULT | SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2042 256,
2043 256,
2044 },
2045 {
2046 1,
2047 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2048 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2049 SSL_kEDH,
2050 SSL_aDSS,
2051 SSL_CAMELLIA256,
2052 SSL_SHA256,
2053 TLS1_2_VERSION, TLS1_2_VERSION,
2054 DTLS1_2_VERSION, DTLS1_2_VERSION,
2055 SSL_NOT_DEFAULT | SSL_HIGH,
2056 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2057 256,
2058 256,
2059 },
2060 {
2061 1,
2062 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2063 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2064 SSL_kEDH,
2065 SSL_aRSA,
2066 SSL_CAMELLIA256,
2067 SSL_SHA256,
2068 TLS1_2_VERSION, TLS1_2_VERSION,
2069 DTLS1_2_VERSION, DTLS1_2_VERSION,
2070 SSL_NOT_DEFAULT | SSL_HIGH,
2071 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2072 256,
2073 256,
2074 },
2075 {
2076 1,
2077 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2078 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2079 SSL_kEDH,
2080 SSL_aNULL,
2081 SSL_CAMELLIA256,
2082 SSL_SHA256,
2083 TLS1_2_VERSION, TLS1_2_VERSION,
2084 DTLS1_2_VERSION, DTLS1_2_VERSION,
2085 SSL_NOT_DEFAULT | SSL_HIGH,
2086 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2087 256,
2088 256,
2089 },
2090 {
2091 1,
2092 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2093 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2094 SSL_kRSA,
2095 SSL_aRSA,
2096 SSL_CAMELLIA256,
2097 SSL_SHA1,
2098 SSL3_VERSION, TLS1_2_VERSION,
2099 DTLS1_VERSION, DTLS1_2_VERSION,
2100 SSL_NOT_DEFAULT | SSL_HIGH,
2101 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2102 256,
2103 256,
2104 },
2105 {
2106 1,
2107 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2108 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2109 SSL_kDHE,
2110 SSL_aDSS,
2111 SSL_CAMELLIA256,
2112 SSL_SHA1,
2113 SSL3_VERSION, TLS1_2_VERSION,
2114 DTLS1_VERSION, DTLS1_2_VERSION,
2115 SSL_NOT_DEFAULT | SSL_HIGH,
2116 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2117 256,
2118 256,
2119 },
2120 {
2121 1,
2122 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2123 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2124 SSL_kDHE,
2125 SSL_aRSA,
2126 SSL_CAMELLIA256,
2127 SSL_SHA1,
2128 SSL3_VERSION, TLS1_2_VERSION,
2129 DTLS1_VERSION, DTLS1_2_VERSION,
2130 SSL_NOT_DEFAULT | SSL_HIGH,
2131 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2132 256,
2133 256,
2134 },
2135 {
2136 1,
2137 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2138 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2139 SSL_kDHE,
2140 SSL_aNULL,
2141 SSL_CAMELLIA256,
2142 SSL_SHA1,
2143 SSL3_VERSION, TLS1_2_VERSION,
2144 DTLS1_VERSION, DTLS1_2_VERSION,
2145 SSL_NOT_DEFAULT | SSL_HIGH,
2146 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2147 256,
2148 256,
2149 },
2150 {
2151 1,
2152 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2153 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2154 SSL_kRSA,
2155 SSL_aRSA,
2156 SSL_CAMELLIA128,
2157 SSL_SHA1,
2158 SSL3_VERSION, TLS1_2_VERSION,
2159 DTLS1_VERSION, DTLS1_2_VERSION,
2160 SSL_NOT_DEFAULT | SSL_HIGH,
2161 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2162 128,
2163 128,
2164 },
2165 {
2166 1,
2167 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2168 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2169 SSL_kDHE,
2170 SSL_aDSS,
2171 SSL_CAMELLIA128,
2172 SSL_SHA1,
2173 SSL3_VERSION, TLS1_2_VERSION,
2174 DTLS1_VERSION, DTLS1_2_VERSION,
2175 SSL_NOT_DEFAULT | SSL_HIGH,
2176 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2177 128,
2178 128,
2179 },
2180 {
2181 1,
2182 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2183 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2184 SSL_kDHE,
2185 SSL_aRSA,
2186 SSL_CAMELLIA128,
2187 SSL_SHA1,
2188 SSL3_VERSION, TLS1_2_VERSION,
2189 DTLS1_VERSION, DTLS1_2_VERSION,
2190 SSL_NOT_DEFAULT | SSL_HIGH,
2191 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2192 128,
2193 128,
2194 },
2195 {
2196 1,
2197 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2198 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2199 SSL_kDHE,
2200 SSL_aNULL,
2201 SSL_CAMELLIA128,
2202 SSL_SHA1,
2203 SSL3_VERSION, TLS1_2_VERSION,
2204 DTLS1_VERSION, DTLS1_2_VERSION,
2205 SSL_NOT_DEFAULT | SSL_HIGH,
2206 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2207 128,
2208 128,
2209 },
2210
2211 # ifndef OPENSSL_NO_EC
2212 {
2213 1,
2214 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2215 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2216 SSL_kECDHE,
2217 SSL_aECDSA,
2218 SSL_CAMELLIA128,
2219 SSL_SHA256,
2220 TLS1_2_VERSION, TLS1_2_VERSION,
2221 DTLS1_2_VERSION, DTLS1_2_VERSION,
2222 SSL_NOT_DEFAULT | SSL_HIGH,
2223 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2224 128,
2225 128
2226 },
2227 {
2228 1,
2229 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2230 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2231 SSL_kECDHE,
2232 SSL_aECDSA,
2233 SSL_CAMELLIA256,
2234 SSL_SHA384,
2235 TLS1_2_VERSION, TLS1_2_VERSION,
2236 DTLS1_2_VERSION, DTLS1_2_VERSION,
2237 SSL_NOT_DEFAULT | SSL_HIGH,
2238 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2239 256,
2240 256
2241 },
2242 {
2243 1,
2244 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2245 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2246 SSL_kECDHE,
2247 SSL_aRSA,
2248 SSL_CAMELLIA128,
2249 SSL_SHA256,
2250 TLS1_2_VERSION, TLS1_2_VERSION,
2251 DTLS1_2_VERSION, DTLS1_2_VERSION,
2252 SSL_NOT_DEFAULT | SSL_HIGH,
2253 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2254 128,
2255 128
2256 },
2257 {
2258 1,
2259 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2260 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2261 SSL_kECDHE,
2262 SSL_aRSA,
2263 SSL_CAMELLIA256,
2264 SSL_SHA384,
2265 TLS1_2_VERSION, TLS1_2_VERSION,
2266 DTLS1_2_VERSION, DTLS1_2_VERSION,
2267 SSL_NOT_DEFAULT | SSL_HIGH,
2268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2269 256,
2270 256
2271 },
2272 # endif /* OPENSSL_NO_EC */
2273
2274 # ifndef OPENSSL_NO_PSK
2275 {
2276 1,
2277 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2278 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2279 SSL_kPSK,
2280 SSL_aPSK,
2281 SSL_CAMELLIA128,
2282 SSL_SHA256,
2283 TLS1_VERSION, TLS1_2_VERSION,
2284 DTLS1_VERSION, DTLS1_2_VERSION,
2285 SSL_NOT_DEFAULT | SSL_HIGH,
2286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2287 128,
2288 128
2289 },
2290 {
2291 1,
2292 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2293 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2294 SSL_kPSK,
2295 SSL_aPSK,
2296 SSL_CAMELLIA256,
2297 SSL_SHA384,
2298 TLS1_VERSION, TLS1_2_VERSION,
2299 DTLS1_VERSION, DTLS1_2_VERSION,
2300 SSL_NOT_DEFAULT | SSL_HIGH,
2301 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2302 256,
2303 256
2304 },
2305 {
2306 1,
2307 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2308 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2309 SSL_kDHEPSK,
2310 SSL_aPSK,
2311 SSL_CAMELLIA128,
2312 SSL_SHA256,
2313 TLS1_VERSION, TLS1_2_VERSION,
2314 DTLS1_VERSION, DTLS1_2_VERSION,
2315 SSL_NOT_DEFAULT | SSL_HIGH,
2316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2317 128,
2318 128
2319 },
2320 {
2321 1,
2322 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2323 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2324 SSL_kDHEPSK,
2325 SSL_aPSK,
2326 SSL_CAMELLIA256,
2327 SSL_SHA384,
2328 TLS1_VERSION, TLS1_2_VERSION,
2329 DTLS1_VERSION, DTLS1_2_VERSION,
2330 SSL_NOT_DEFAULT | SSL_HIGH,
2331 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2332 256,
2333 256
2334 },
2335 {
2336 1,
2337 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2338 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2339 SSL_kRSAPSK,
2340 SSL_aRSA,
2341 SSL_CAMELLIA128,
2342 SSL_SHA256,
2343 TLS1_VERSION, TLS1_2_VERSION,
2344 DTLS1_VERSION, DTLS1_2_VERSION,
2345 SSL_NOT_DEFAULT | SSL_HIGH,
2346 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2347 128,
2348 128
2349 },
2350 {
2351 1,
2352 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2353 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2354 SSL_kRSAPSK,
2355 SSL_aRSA,
2356 SSL_CAMELLIA256,
2357 SSL_SHA384,
2358 TLS1_VERSION, TLS1_2_VERSION,
2359 DTLS1_VERSION, DTLS1_2_VERSION,
2360 SSL_NOT_DEFAULT | SSL_HIGH,
2361 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2362 256,
2363 256
2364 },
2365 {
2366 1,
2367 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2368 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2369 SSL_kECDHEPSK,
2370 SSL_aPSK,
2371 SSL_CAMELLIA128,
2372 SSL_SHA256,
2373 TLS1_VERSION, TLS1_2_VERSION,
2374 DTLS1_VERSION, DTLS1_2_VERSION,
2375 SSL_NOT_DEFAULT | SSL_HIGH,
2376 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2377 128,
2378 128
2379 },
2380 {
2381 1,
2382 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2383 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2384 SSL_kECDHEPSK,
2385 SSL_aPSK,
2386 SSL_CAMELLIA256,
2387 SSL_SHA384,
2388 TLS1_VERSION, TLS1_2_VERSION,
2389 DTLS1_VERSION, DTLS1_2_VERSION,
2390 SSL_NOT_DEFAULT | SSL_HIGH,
2391 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2392 256,
2393 256
2394 },
2395 # endif /* OPENSSL_NO_PSK */
2396
2397 #endif /* OPENSSL_NO_CAMELLIA */
2398
2399 #ifndef OPENSSL_NO_GOST
2400 {
2401 1,
2402 "GOST2001-GOST89-GOST89",
2403 0x3000081,
2404 SSL_kGOST,
2405 SSL_aGOST01,
2406 SSL_eGOST2814789CNT,
2407 SSL_GOST89MAC,
2408 TLS1_VERSION, TLS1_2_VERSION,
2409 0, 0,
2410 SSL_HIGH,
2411 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2412 256,
2413 256
2414 },
2415 {
2416 1,
2417 "GOST2001-NULL-GOST94",
2418 0x3000083,
2419 SSL_kGOST,
2420 SSL_aGOST01,
2421 SSL_eNULL,
2422 SSL_GOST94,
2423 TLS1_VERSION, TLS1_2_VERSION,
2424 0, 0,
2425 SSL_STRONG_NONE,
2426 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2427 0,
2428 0
2429 },
2430 {
2431 1,
2432 "GOST2012-GOST8912-GOST8912",
2433 0x0300ff85,
2434 SSL_kGOST,
2435 SSL_aGOST12 | SSL_aGOST01,
2436 SSL_eGOST2814789CNT12,
2437 SSL_GOST89MAC12,
2438 TLS1_VERSION, TLS1_2_VERSION,
2439 0, 0,
2440 SSL_HIGH,
2441 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2442 256,
2443 256
2444 },
2445 {
2446 1,
2447 "GOST2012-NULL-GOST12",
2448 0x0300ff87,
2449 SSL_kGOST,
2450 SSL_aGOST12 | SSL_aGOST01,
2451 SSL_eNULL,
2452 SSL_GOST12_256,
2453 TLS1_VERSION, TLS1_2_VERSION,
2454 0, 0,
2455 SSL_STRONG_NONE,
2456 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2457 0,
2458 0},
2459 #endif /* OPENSSL_NO_GOST */
2460
2461 #ifndef OPENSSL_NO_IDEA
2462 {
2463 1,
2464 SSL3_TXT_RSA_IDEA_128_SHA,
2465 SSL3_CK_RSA_IDEA_128_SHA,
2466 SSL_kRSA,
2467 SSL_aRSA,
2468 SSL_IDEA,
2469 SSL_SHA1,
2470 SSL3_VERSION, TLS1_1_VERSION,
2471 DTLS1_VERSION, DTLS1_VERSION,
2472 SSL_NOT_DEFAULT | SSL_MEDIUM,
2473 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2474 128,
2475 128,
2476 },
2477 #endif
2478
2479 #ifndef OPENSSL_NO_SEED
2480 {
2481 1,
2482 TLS1_TXT_RSA_WITH_SEED_SHA,
2483 TLS1_CK_RSA_WITH_SEED_SHA,
2484 SSL_kRSA,
2485 SSL_aRSA,
2486 SSL_SEED,
2487 SSL_SHA1,
2488 SSL3_VERSION, TLS1_2_VERSION,
2489 DTLS1_VERSION, DTLS1_2_VERSION,
2490 SSL_NOT_DEFAULT | SSL_MEDIUM,
2491 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2492 128,
2493 128,
2494 },
2495 {
2496 1,
2497 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2498 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2499 SSL_kDHE,
2500 SSL_aDSS,
2501 SSL_SEED,
2502 SSL_SHA1,
2503 SSL3_VERSION, TLS1_2_VERSION,
2504 DTLS1_VERSION, DTLS1_2_VERSION,
2505 SSL_NOT_DEFAULT | SSL_MEDIUM,
2506 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2507 128,
2508 128,
2509 },
2510 {
2511 1,
2512 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2513 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2514 SSL_kDHE,
2515 SSL_aRSA,
2516 SSL_SEED,
2517 SSL_SHA1,
2518 SSL3_VERSION, TLS1_2_VERSION,
2519 DTLS1_VERSION, DTLS1_2_VERSION,
2520 SSL_NOT_DEFAULT | SSL_MEDIUM,
2521 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2522 128,
2523 128,
2524 },
2525 {
2526 1,
2527 TLS1_TXT_ADH_WITH_SEED_SHA,
2528 TLS1_CK_ADH_WITH_SEED_SHA,
2529 SSL_kDHE,
2530 SSL_aNULL,
2531 SSL_SEED,
2532 SSL_SHA1,
2533 SSL3_VERSION, TLS1_2_VERSION,
2534 DTLS1_VERSION, DTLS1_2_VERSION,
2535 SSL_NOT_DEFAULT | SSL_MEDIUM,
2536 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2537 128,
2538 128,
2539 },
2540 #endif /* OPENSSL_NO_SEED */
2541
2542 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2543 {
2544 1,
2545 SSL3_TXT_RSA_RC4_128_MD5,
2546 SSL3_CK_RSA_RC4_128_MD5,
2547 SSL_kRSA,
2548 SSL_aRSA,
2549 SSL_RC4,
2550 SSL_MD5,
2551 SSL3_VERSION, TLS1_2_VERSION,
2552 0, 0,
2553 SSL_NOT_DEFAULT | SSL_MEDIUM,
2554 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2555 128,
2556 128,
2557 },
2558 {
2559 1,
2560 SSL3_TXT_RSA_RC4_128_SHA,
2561 SSL3_CK_RSA_RC4_128_SHA,
2562 SSL_kRSA,
2563 SSL_aRSA,
2564 SSL_RC4,
2565 SSL_SHA1,
2566 SSL3_VERSION, TLS1_2_VERSION,
2567 0, 0,
2568 SSL_NOT_DEFAULT | SSL_MEDIUM,
2569 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2570 128,
2571 128,
2572 },
2573 {
2574 1,
2575 SSL3_TXT_ADH_RC4_128_MD5,
2576 SSL3_CK_ADH_RC4_128_MD5,
2577 SSL_kDHE,
2578 SSL_aNULL,
2579 SSL_RC4,
2580 SSL_MD5,
2581 SSL3_VERSION, TLS1_2_VERSION,
2582 0, 0,
2583 SSL_NOT_DEFAULT | SSL_MEDIUM,
2584 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2585 128,
2586 128,
2587 },
2588
2589 # ifndef OPENSSL_NO_EC
2590 {
2591 1,
2592 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2593 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2594 SSL_kECDHEPSK,
2595 SSL_aPSK,
2596 SSL_RC4,
2597 SSL_SHA1,
2598 SSL3_VERSION, TLS1_2_VERSION,
2599 0, 0,
2600 SSL_NOT_DEFAULT | SSL_MEDIUM,
2601 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2602 128,
2603 128,
2604 },
2605 {
2606 1,
2607 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2608 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2609 SSL_kECDHE,
2610 SSL_aNULL,
2611 SSL_RC4,
2612 SSL_SHA1,
2613 SSL3_VERSION, TLS1_2_VERSION,
2614 0, 0,
2615 SSL_NOT_DEFAULT | SSL_MEDIUM,
2616 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2617 128,
2618 128,
2619 },
2620 {
2621 1,
2622 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2623 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2624 SSL_kECDHE,
2625 SSL_aECDSA,
2626 SSL_RC4,
2627 SSL_SHA1,
2628 SSL3_VERSION, TLS1_2_VERSION,
2629 0, 0,
2630 SSL_NOT_DEFAULT | SSL_MEDIUM,
2631 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2632 128,
2633 128,
2634 },
2635 {
2636 1,
2637 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2638 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2639 SSL_kECDHE,
2640 SSL_aRSA,
2641 SSL_RC4,
2642 SSL_SHA1,
2643 SSL3_VERSION, TLS1_2_VERSION,
2644 0, 0,
2645 SSL_NOT_DEFAULT | SSL_MEDIUM,
2646 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2647 128,
2648 128,
2649 },
2650 # endif /* OPENSSL_NO_EC */
2651
2652 # ifndef OPENSSL_NO_PSK
2653 {
2654 1,
2655 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2656 TLS1_CK_PSK_WITH_RC4_128_SHA,
2657 SSL_kPSK,
2658 SSL_aPSK,
2659 SSL_RC4,
2660 SSL_SHA1,
2661 SSL3_VERSION, TLS1_2_VERSION,
2662 0, 0,
2663 SSL_NOT_DEFAULT | SSL_MEDIUM,
2664 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2665 128,
2666 128,
2667 },
2668 {
2669 1,
2670 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2671 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2672 SSL_kRSAPSK,
2673 SSL_aRSA,
2674 SSL_RC4,
2675 SSL_SHA1,
2676 SSL3_VERSION, TLS1_2_VERSION,
2677 0, 0,
2678 SSL_NOT_DEFAULT | SSL_MEDIUM,
2679 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2680 128,
2681 128,
2682 },
2683 {
2684 1,
2685 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2686 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2687 SSL_kDHEPSK,
2688 SSL_aPSK,
2689 SSL_RC4,
2690 SSL_SHA1,
2691 SSL3_VERSION, TLS1_2_VERSION,
2692 0, 0,
2693 SSL_NOT_DEFAULT | SSL_MEDIUM,
2694 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2695 128,
2696 128,
2697 },
2698 # endif /* OPENSSL_NO_PSK */
2699
2700 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2701
2702 };
2703
2704
2705 static int cipher_compare(const void *a, const void *b)
2706 {
2707 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2708 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2709
2710 return ap->id - bp->id;
2711 }
2712
2713 void ssl_sort_cipher_list(void)
2714 {
2715 qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
2716 cipher_compare);
2717 }
2718
2719
2720 const SSL3_ENC_METHOD SSLv3_enc_data = {
2721 ssl3_enc,
2722 n_ssl3_mac,
2723 ssl3_setup_key_block,
2724 ssl3_generate_master_secret,
2725 ssl3_change_cipher_state,
2726 ssl3_final_finish_mac,
2727 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2728 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2729 SSL3_MD_SERVER_FINISHED_CONST, 4,
2730 ssl3_alert_code,
2731 (int (*)(SSL *, unsigned char *, size_t, const char *,
2732 size_t, const unsigned char *, size_t,
2733 int use_context))ssl_undefined_function,
2734 0,
2735 SSL3_HM_HEADER_LENGTH,
2736 ssl3_set_handshake_header,
2737 ssl3_handshake_write
2738 };
2739
2740 long ssl3_default_timeout(void)
2741 {
2742 /*
2743 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2744 * http, the cache would over fill
2745 */
2746 return (60 * 60 * 2);
2747 }
2748
2749 int ssl3_num_ciphers(void)
2750 {
2751 return (SSL3_NUM_CIPHERS);
2752 }
2753
2754 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2755 {
2756 if (u < SSL3_NUM_CIPHERS)
2757 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2758 else
2759 return (NULL);
2760 }
2761
2762 int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2763 {
2764 unsigned char *p = (unsigned char *)s->init_buf->data;
2765 *(p++) = htype;
2766 l2n3(len, p);
2767 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2768 s->init_off = 0;
2769
2770 return 1;
2771 }
2772
2773 int ssl3_handshake_write(SSL *s)
2774 {
2775 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2776 }
2777
2778 int ssl3_new(SSL *s)
2779 {
2780 SSL3_STATE *s3;
2781
2782 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2783 goto err;
2784 s->s3 = s3;
2785
2786 #ifndef OPENSSL_NO_SRP
2787 if (!SSL_SRP_CTX_init(s))
2788 goto err;
2789 #endif
2790 s->method->ssl_clear(s);
2791 return (1);
2792 err:
2793 return (0);
2794 }
2795
2796 void ssl3_free(SSL *s)
2797 {
2798 if (s == NULL || s->s3 == NULL)
2799 return;
2800
2801 ssl3_cleanup_key_block(s);
2802
2803 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2804 EVP_PKEY_free(s->s3->peer_tmp);
2805 s->s3->peer_tmp = NULL;
2806 EVP_PKEY_free(s->s3->tmp.pkey);
2807 s->s3->tmp.pkey = NULL;
2808 #endif
2809
2810 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2811 OPENSSL_free(s->s3->tmp.ciphers_raw);
2812 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2813 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2814 ssl3_free_digest_list(s);
2815 OPENSSL_free(s->s3->alpn_selected);
2816 OPENSSL_free(s->s3->alpn_proposed);
2817
2818 #ifndef OPENSSL_NO_SRP
2819 SSL_SRP_CTX_free(s);
2820 #endif
2821 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2822 s->s3 = NULL;
2823 }
2824
2825 void ssl3_clear(SSL *s)
2826 {
2827 ssl3_cleanup_key_block(s);
2828 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2829 OPENSSL_free(s->s3->tmp.ciphers_raw);
2830 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2831 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2832
2833 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2834 EVP_PKEY_free(s->s3->tmp.pkey);
2835 EVP_PKEY_free(s->s3->peer_tmp);
2836 #endif /* !OPENSSL_NO_EC */
2837
2838 ssl3_free_digest_list(s);
2839
2840 OPENSSL_free(s->s3->alpn_selected);
2841 OPENSSL_free(s->s3->alpn_proposed);
2842
2843 /* NULL/zero-out everything in the s3 struct */
2844 memset(s->s3, 0, sizeof(*s->s3));
2845
2846 ssl_free_wbio_buffer(s);
2847
2848 s->version = SSL3_VERSION;
2849
2850 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2851 OPENSSL_free(s->next_proto_negotiated);
2852 s->next_proto_negotiated = NULL;
2853 s->next_proto_negotiated_len = 0;
2854 #endif
2855 }
2856
2857 #ifndef OPENSSL_NO_SRP
2858 static char *srp_password_from_info_cb(SSL *s, void *arg)
2859 {
2860 return OPENSSL_strdup(s->srp_ctx.info);
2861 }
2862 #endif
2863
2864 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
2865 size_t len);
2866
2867 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2868 {
2869 int ret = 0;
2870
2871 switch (cmd) {
2872 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2873 break;
2874 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2875 ret = s->s3->num_renegotiations;
2876 break;
2877 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2878 ret = s->s3->num_renegotiations;
2879 s->s3->num_renegotiations = 0;
2880 break;
2881 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2882 ret = s->s3->total_renegotiations;
2883 break;
2884 case SSL_CTRL_GET_FLAGS:
2885 ret = (int)(s->s3->flags);
2886 break;
2887 #ifndef OPENSSL_NO_DH
2888 case SSL_CTRL_SET_TMP_DH:
2889 {
2890 DH *dh = (DH *)parg;
2891 EVP_PKEY *pkdh = NULL;
2892 if (dh == NULL) {
2893 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2894 return (ret);
2895 }
2896 pkdh = ssl_dh_to_pkey(dh);
2897 if (pkdh == NULL) {
2898 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2899 return 0;
2900 }
2901 if (!ssl_security(s, SSL_SECOP_TMP_DH,
2902 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
2903 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
2904 EVP_PKEY_free(pkdh);
2905 return ret;
2906 }
2907 EVP_PKEY_free(s->cert->dh_tmp);
2908 s->cert->dh_tmp = pkdh;
2909 ret = 1;
2910 }
2911 break;
2912 case SSL_CTRL_SET_TMP_DH_CB:
2913 {
2914 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2915 return (ret);
2916 }
2917 case SSL_CTRL_SET_DH_AUTO:
2918 s->cert->dh_tmp_auto = larg;
2919 return 1;
2920 #endif
2921 #ifndef OPENSSL_NO_EC
2922 case SSL_CTRL_SET_TMP_ECDH:
2923 {
2924 const EC_GROUP *group = NULL;
2925 int nid;
2926
2927 if (parg == NULL) {
2928 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2929 return 0;
2930 }
2931 group = EC_KEY_get0_group((const EC_KEY *)parg);
2932 if (group == NULL) {
2933 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
2934 return 0;
2935 }
2936 nid = EC_GROUP_get_curve_name(group);
2937 if (nid == NID_undef)
2938 return 0;
2939 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
2940 &s->tlsext_ellipticcurvelist_length,
2941 &nid, 1);
2942 }
2943 break;
2944 #endif /* !OPENSSL_NO_EC */
2945 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2946 if (larg == TLSEXT_NAMETYPE_host_name) {
2947 size_t len;
2948
2949 OPENSSL_free(s->tlsext_hostname);
2950 s->tlsext_hostname = NULL;
2951
2952 ret = 1;
2953 if (parg == NULL)
2954 break;
2955 len = strlen((char *)parg);
2956 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
2957 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2958 return 0;
2959 }
2960 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
2961 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2962 return 0;
2963 }
2964 } else {
2965 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2966 return 0;
2967 }
2968 break;
2969 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2970 s->tlsext_debug_arg = parg;
2971 ret = 1;
2972 break;
2973
2974 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
2975 ret = s->tlsext_status_type;
2976 break;
2977
2978 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2979 s->tlsext_status_type = larg;
2980 ret = 1;
2981 break;
2982
2983 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2984 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2985 ret = 1;
2986 break;
2987
2988 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2989 s->tlsext_ocsp_exts = parg;
2990 ret = 1;
2991 break;
2992
2993 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2994 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2995 ret = 1;
2996 break;
2997
2998 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2999 s->tlsext_ocsp_ids = parg;
3000 ret = 1;
3001 break;
3002
3003 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3004 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3005 return s->tlsext_ocsp_resplen;
3006
3007 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3008 OPENSSL_free(s->tlsext_ocsp_resp);
3009 s->tlsext_ocsp_resp = parg;
3010 s->tlsext_ocsp_resplen = larg;
3011 ret = 1;
3012 break;
3013
3014 #ifndef OPENSSL_NO_HEARTBEATS
3015 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3016 if (SSL_IS_DTLS(s))
3017 ret = dtls1_heartbeat(s);
3018 break;
3019
3020 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3021 if (SSL_IS_DTLS(s))
3022 ret = s->tlsext_hb_pending;
3023 break;
3024
3025 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3026 if (SSL_IS_DTLS(s)) {
3027 if (larg)
3028 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3029 else
3030 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3031 ret = 1;
3032 }
3033 break;
3034 #endif
3035
3036 case SSL_CTRL_CHAIN:
3037 if (larg)
3038 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3039 else
3040 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3041
3042 case SSL_CTRL_CHAIN_CERT:
3043 if (larg)
3044 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3045 else
3046 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3047
3048 case SSL_CTRL_GET_CHAIN_CERTS:
3049 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3050 break;
3051
3052 case SSL_CTRL_SELECT_CURRENT_CERT:
3053 return ssl_cert_select_current(s->cert, (X509 *)parg);
3054
3055 case SSL_CTRL_SET_CURRENT_CERT:
3056 if (larg == SSL_CERT_SET_SERVER) {
3057 CERT_PKEY *cpk;
3058 const SSL_CIPHER *cipher;
3059 if (!s->server)
3060 return 0;
3061 cipher = s->s3->tmp.new_cipher;
3062 if (!cipher)
3063 return 0;
3064 /*
3065 * No certificate for unauthenticated ciphersuites or using SRP
3066 * authentication
3067 */
3068 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3069 return 2;
3070 cpk = ssl_get_server_send_pkey(s);
3071 if (!cpk)
3072 return 0;
3073 s->cert->key = cpk;
3074 return 1;
3075 }
3076 return ssl_cert_set_current(s->cert, larg);
3077
3078 #ifndef OPENSSL_NO_EC
3079 case SSL_CTRL_GET_CURVES:
3080 {
3081 unsigned char *clist;
3082 size_t clistlen;
3083 if (!s->session)
3084 return 0;
3085 clist = s->session->tlsext_ellipticcurvelist;
3086 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3087 if (parg) {
3088 size_t i;
3089 int *cptr = parg;
3090 unsigned int cid, nid;
3091 for (i = 0; i < clistlen; i++) {
3092 n2s(clist, cid);
3093 nid = tls1_ec_curve_id2nid(cid);
3094 if (nid != 0)
3095 cptr[i] = nid;
3096 else
3097 cptr[i] = TLSEXT_nid_unknown | cid;
3098 }
3099 }
3100 return (int)clistlen;
3101 }
3102
3103 case SSL_CTRL_SET_CURVES:
3104 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3105 &s->tlsext_ellipticcurvelist_length,
3106 parg, larg);
3107
3108 case SSL_CTRL_SET_CURVES_LIST:
3109 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3110 &s->tlsext_ellipticcurvelist_length,
3111 parg);
3112
3113 case SSL_CTRL_GET_SHARED_CURVE:
3114 return tls1_shared_curve(s, larg);
3115
3116 #endif
3117 case SSL_CTRL_SET_SIGALGS:
3118 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3119
3120 case SSL_CTRL_SET_SIGALGS_LIST:
3121 return tls1_set_sigalgs_list(s->cert, parg, 0);
3122
3123 case SSL_CTRL_SET_CLIENT_SIGALGS:
3124 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3125
3126 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3127 return tls1_set_sigalgs_list(s->cert, parg, 1);
3128
3129 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3130 {
3131 const unsigned char **pctype = parg;
3132 if (s->server || !s->s3->tmp.cert_req)
3133 return 0;
3134 if (s->cert->ctypes) {
3135 if (pctype)
3136 *pctype = s->cert->ctypes;
3137 return (int)s->cert->ctype_num;
3138 }
3139 if (pctype)
3140 *pctype = (unsigned char *)s->s3->tmp.ctype;
3141 return s->s3->tmp.ctype_num;
3142 }
3143
3144 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3145 if (!s->server)
3146 return 0;
3147 return ssl3_set_req_cert_type(s->cert, parg, larg);
3148
3149 case SSL_CTRL_BUILD_CERT_CHAIN:
3150 return ssl_build_cert_chain(s, NULL, larg);
3151
3152 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3153 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3154
3155 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3156 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3157
3158 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3159 if (SSL_USE_SIGALGS(s)) {
3160 if (s->session) {
3161 const EVP_MD *sig;
3162 sig = s->s3->tmp.peer_md;
3163 if (sig) {
3164 *(int *)parg = EVP_MD_type(sig);
3165 return 1;
3166 }
3167 }
3168 return 0;
3169 }
3170 /* Might want to do something here for other versions */
3171 else
3172 return 0;
3173
3174 case SSL_CTRL_GET_SERVER_TMP_KEY:
3175 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3176 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3177 return 0;
3178 } else {
3179 EVP_PKEY_up_ref(s->s3->peer_tmp);
3180 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3181 return 1;
3182 }
3183 #else
3184 return 0;
3185 #endif
3186 #ifndef OPENSSL_NO_EC
3187 case SSL_CTRL_GET_EC_POINT_FORMATS:
3188 {
3189 SSL_SESSION *sess = s->session;
3190 const unsigned char **pformat = parg;
3191 if (!sess || !sess->tlsext_ecpointformatlist)
3192 return 0;
3193 *pformat = sess->tlsext_ecpointformatlist;
3194 return (int)sess->tlsext_ecpointformatlist_length;
3195 }
3196 #endif
3197
3198 default:
3199 break;
3200 }
3201 return (ret);
3202 }
3203
3204 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3205 {
3206 int ret = 0;
3207
3208 switch (cmd) {
3209 #ifndef OPENSSL_NO_DH
3210 case SSL_CTRL_SET_TMP_DH_CB:
3211 {
3212 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3213 }
3214 break;
3215 #endif
3216 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3217 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3218 const unsigned char *, int, void *))fp;
3219 break;
3220
3221 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3222 {
3223 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3224 }
3225 break;
3226 default:
3227 break;
3228 }
3229 return (ret);
3230 }
3231
3232 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3233 {
3234 switch (cmd) {
3235 #ifndef OPENSSL_NO_DH
3236 case SSL_CTRL_SET_TMP_DH:
3237 {
3238 DH *dh = (DH *)parg;
3239 EVP_PKEY *pkdh = NULL;
3240 if (dh == NULL) {
3241 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3242 return 0;
3243 }
3244 pkdh = ssl_dh_to_pkey(dh);
3245 if (pkdh == NULL) {
3246 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3247 return 0;
3248 }
3249 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3250 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3251 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3252 EVP_PKEY_free(pkdh);
3253 return 1;
3254 }
3255 EVP_PKEY_free(ctx->cert->dh_tmp);
3256 ctx->cert->dh_tmp = pkdh;
3257 return 1;
3258 }
3259 /*
3260 * break;
3261 */
3262 case SSL_CTRL_SET_TMP_DH_CB:
3263 {
3264 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3265 return (0);
3266 }
3267 case SSL_CTRL_SET_DH_AUTO:
3268 ctx->cert->dh_tmp_auto = larg;
3269 return 1;
3270 #endif
3271 #ifndef OPENSSL_NO_EC
3272 case SSL_CTRL_SET_TMP_ECDH:
3273 {
3274 const EC_GROUP *group = NULL;
3275 int nid;
3276
3277 if (parg == NULL) {
3278 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3279 return 0;
3280 }
3281 group = EC_KEY_get0_group((const EC_KEY *)parg);
3282 if (group == NULL) {
3283 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3284 return 0;
3285 }
3286 nid = EC_GROUP_get_curve_name(group);
3287 if (nid == NID_undef)
3288 return 0;
3289 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3290 &ctx->tlsext_ellipticcurvelist_length,
3291 &nid, 1);
3292 }
3293 /* break; */
3294 #endif /* !OPENSSL_NO_EC */
3295 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3296 ctx->tlsext_servername_arg = parg;
3297 break;
3298 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3299 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3300 {
3301 unsigned char *keys = parg;
3302 long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
3303 sizeof(ctx->tlsext_tick_hmac_key) + sizeof(ctx->tlsext_tick_aes_key));
3304 if (keys == NULL)
3305 return tlsext_tick_keylen;
3306 if (larg != tlsext_tick_keylen) {
3307 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3308 return 0;
3309 }
3310 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3311 memcpy(ctx->tlsext_tick_key_name, keys,
3312 sizeof(ctx->tlsext_tick_key_name));
3313 memcpy(ctx->tlsext_tick_hmac_key,
3314 keys + sizeof(ctx->tlsext_tick_key_name),
3315 sizeof(ctx->tlsext_tick_hmac_key));
3316 memcpy(ctx->tlsext_tick_aes_key,
3317 keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
3318 sizeof(ctx->tlsext_tick_aes_key));
3319 } else {
3320 memcpy(keys, ctx->tlsext_tick_key_name,
3321 sizeof(ctx->tlsext_tick_key_name));
3322 memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
3323 ctx->tlsext_tick_hmac_key,
3324 sizeof(ctx->tlsext_tick_hmac_key));
3325 memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
3326 ctx->tlsext_tick_aes_key,
3327 sizeof(ctx->tlsext_tick_aes_key));
3328 }
3329 return 1;
3330 }
3331
3332 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3333 return ctx->tlsext_status_type;
3334
3335 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3336 ctx->tlsext_status_type = larg;
3337 break;
3338
3339 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3340 ctx->tlsext_status_arg = parg;
3341 return 1;
3342
3343 #ifndef OPENSSL_NO_SRP
3344 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3345 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3346 OPENSSL_free(ctx->srp_ctx.login);
3347 ctx->srp_ctx.login = NULL;
3348 if (parg == NULL)
3349 break;
3350 if (strlen((const char *)parg) > 255
3351 || strlen((const char *)parg) < 1) {
3352 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3353 return 0;
3354 }
3355 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3356 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3357 return 0;
3358 }
3359 break;
3360 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3361 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3362 srp_password_from_info_cb;
3363 ctx->srp_ctx.info = parg;
3364 break;
3365 case SSL_CTRL_SET_SRP_ARG:
3366 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3367 ctx->srp_ctx.SRP_cb_arg = parg;
3368 break;
3369
3370 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3371 ctx->srp_ctx.strength = larg;
3372 break;
3373 #endif
3374
3375 #ifndef OPENSSL_NO_EC
3376 case SSL_CTRL_SET_CURVES:
3377 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3378 &ctx->tlsext_ellipticcurvelist_length,
3379 parg, larg);
3380
3381 case SSL_CTRL_SET_CURVES_LIST:
3382 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3383 &ctx->tlsext_ellipticcurvelist_length,
3384 parg);
3385 #endif
3386 case SSL_CTRL_SET_SIGALGS:
3387 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3388
3389 case SSL_CTRL_SET_SIGALGS_LIST:
3390 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3391
3392 case SSL_CTRL_SET_CLIENT_SIGALGS:
3393 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3394
3395 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3396 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3397
3398 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3399 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3400
3401 case SSL_CTRL_BUILD_CERT_CHAIN:
3402 return ssl_build_cert_chain(NULL, ctx, larg);
3403
3404 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3405 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3406
3407 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3408 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3409
3410 /* A Thawte special :-) */
3411 case SSL_CTRL_EXTRA_CHAIN_CERT:
3412 if (ctx->extra_certs == NULL) {
3413 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3414 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3415 return 0;
3416 }
3417 }
3418 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3419 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3420 return 0;
3421 }
3422 break;
3423
3424 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3425 if (ctx->extra_certs == NULL && larg == 0)
3426 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3427 else
3428 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3429 break;
3430
3431 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3432 sk_X509_pop_free(ctx->extra_certs, X509_free);
3433 ctx->extra_certs = NULL;
3434 break;
3435
3436 case SSL_CTRL_CHAIN:
3437 if (larg)
3438 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3439 else
3440 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3441
3442 case SSL_CTRL_CHAIN_CERT:
3443 if (larg)
3444 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3445 else
3446 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3447
3448 case SSL_CTRL_GET_CHAIN_CERTS:
3449 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3450 break;
3451
3452 case SSL_CTRL_SELECT_CURRENT_CERT:
3453 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3454
3455 case SSL_CTRL_SET_CURRENT_CERT:
3456 return ssl_cert_set_current(ctx->cert, larg);
3457
3458 default:
3459 return (0);
3460 }
3461 return (1);
3462 }
3463
3464 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3465 {
3466 switch (cmd) {
3467 #ifndef OPENSSL_NO_DH
3468 case SSL_CTRL_SET_TMP_DH_CB:
3469 {
3470 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3471 }
3472 break;
3473 #endif
3474 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3475 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3476 break;
3477
3478 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3479 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3480 break;
3481
3482 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3483 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3484 unsigned char *,
3485 EVP_CIPHER_CTX *,
3486 HMAC_CTX *, int))fp;
3487 break;
3488
3489 #ifndef OPENSSL_NO_SRP
3490 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3491 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3492 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3493 break;
3494 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3495 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3496 ctx->srp_ctx.TLS_ext_srp_username_callback =
3497 (int (*)(SSL *, int *, void *))fp;
3498 break;
3499 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3500 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3501 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3502 (char *(*)(SSL *, void *))fp;
3503 break;
3504 #endif
3505 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3506 {
3507 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3508 }
3509 break;
3510 default:
3511 return (0);
3512 }
3513 return (1);
3514 }
3515
3516 /*
3517 * This function needs to check if the ciphers required are actually
3518 * available
3519 */
3520 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3521 {
3522 SSL_CIPHER c;
3523 const SSL_CIPHER *cp;
3524 uint32_t id;
3525
3526 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
3527 c.id = id;
3528 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3529 return cp;
3530 }
3531
3532 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3533 {
3534 long l;
3535
3536 if (p != NULL) {
3537 l = c->id;
3538 if ((l & 0xff000000) != 0x03000000)
3539 return (0);
3540 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3541 p[1] = ((unsigned char)(l)) & 0xFF;
3542 }
3543 return (2);
3544 }
3545
3546 /*
3547 * ssl3_choose_cipher - choose a cipher from those offered by the client
3548 * @s: SSL connection
3549 * @clnt: ciphers offered by the client
3550 * @srvr: ciphers enabled on the server?
3551 *
3552 * Returns the selected cipher or NULL when no common ciphers.
3553 */
3554 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3555 STACK_OF(SSL_CIPHER) *srvr)
3556 {
3557 const SSL_CIPHER *c, *ret = NULL;
3558 STACK_OF(SSL_CIPHER) *prio, *allow;
3559 int i, ii, ok;
3560 unsigned long alg_k, alg_a, mask_k, mask_a;
3561
3562 /* Let's see which ciphers we can support */
3563
3564 #if 0
3565 /*
3566 * Do not set the compare functions, because this may lead to a
3567 * reordering by "id". We want to keep the original ordering. We may pay
3568 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3569 * pay with the price of sk_SSL_CIPHER_dup().
3570 */
3571 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3572 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3573 #endif
3574
3575 #ifdef CIPHER_DEBUG
3576 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3577 (void *)srvr);
3578 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3579 c = sk_SSL_CIPHER_value(srvr, i);
3580 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3581 }
3582 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3583 (void *)clnt);
3584 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3585 c = sk_SSL_CIPHER_value(clnt, i);
3586 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3587 }
3588 #endif
3589
3590 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3591 prio = srvr;
3592 allow = clnt;
3593 } else {
3594 prio = clnt;
3595 allow = srvr;
3596 }
3597
3598 tls1_set_cert_validity(s);
3599 ssl_set_masks(s);
3600
3601 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3602 c = sk_SSL_CIPHER_value(prio, i);
3603
3604 /* Skip ciphers not supported by the protocol version */
3605 if (!SSL_IS_DTLS(s) &&
3606 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3607 continue;
3608 if (SSL_IS_DTLS(s) &&
3609 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3610 DTLS_VERSION_GT(s->version, c->max_dtls)))
3611 continue;
3612
3613 mask_k = s->s3->tmp.mask_k;
3614 mask_a = s->s3->tmp.mask_a;
3615 #ifndef OPENSSL_NO_SRP
3616 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3617 mask_k |= SSL_kSRP;
3618 mask_a |= SSL_aSRP;
3619 }
3620 #endif
3621
3622 alg_k = c->algorithm_mkey;
3623 alg_a = c->algorithm_auth;
3624
3625 #ifndef OPENSSL_NO_PSK
3626 /* with PSK there must be server callback set */
3627 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3628 continue;
3629 #endif /* OPENSSL_NO_PSK */
3630
3631 ok = (alg_k & mask_k) && (alg_a & mask_a);
3632 #ifdef CIPHER_DEBUG
3633 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3634 alg_a, mask_k, mask_a, (void *)c, c->name);
3635 #endif
3636
3637 # ifndef OPENSSL_NO_EC
3638 /*
3639 * if we are considering an ECC cipher suite that uses an ephemeral
3640 * EC key check it
3641 */
3642 if (alg_k & SSL_kECDHE)
3643 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3644 # endif /* OPENSSL_NO_EC */
3645
3646 if (!ok)
3647 continue;
3648 ii = sk_SSL_CIPHER_find(allow, c);
3649 if (ii >= 0) {
3650 /* Check security callback permits this cipher */
3651 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3652 c->strength_bits, 0, (void *)c))
3653 continue;
3654 #if !defined(OPENSSL_NO_EC)
3655 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3656 && s->s3->is_probably_safari) {
3657 if (!ret)
3658 ret = sk_SSL_CIPHER_value(allow, ii);
3659 continue;
3660 }
3661 #endif
3662 ret = sk_SSL_CIPHER_value(allow, ii);
3663 break;
3664 }
3665 }
3666 return (ret);
3667 }
3668
3669 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3670 {
3671 int ret = 0;
3672 uint32_t alg_k, alg_a = 0;
3673
3674 /* If we have custom certificate types set, use them */
3675 if (s->cert->ctypes) {
3676 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
3677 return (int)s->cert->ctype_num;
3678 }
3679 /* Get mask of algorithms disabled by signature list */
3680 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3681
3682 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3683
3684 #ifndef OPENSSL_NO_GOST
3685 if (s->version >= TLS1_VERSION) {
3686 if (alg_k & SSL_kGOST) {
3687 p[ret++] = TLS_CT_GOST01_SIGN;
3688 p[ret++] = TLS_CT_GOST12_SIGN;
3689 p[ret++] = TLS_CT_GOST12_512_SIGN;
3690 return (ret);
3691 }
3692 }
3693 #endif
3694
3695 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3696 #ifndef OPENSSL_NO_DH
3697 # ifndef OPENSSL_NO_RSA
3698 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3699 # endif
3700 # ifndef OPENSSL_NO_DSA
3701 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3702 # endif
3703 #endif /* !OPENSSL_NO_DH */
3704 }
3705 #ifndef OPENSSL_NO_RSA
3706 if (!(alg_a & SSL_aRSA))
3707 p[ret++] = SSL3_CT_RSA_SIGN;
3708 #endif
3709 #ifndef OPENSSL_NO_DSA
3710 if (!(alg_a & SSL_aDSS))
3711 p[ret++] = SSL3_CT_DSS_SIGN;
3712 #endif
3713 #ifndef OPENSSL_NO_EC
3714 /*
3715 * ECDSA certs can be used with RSA cipher suites too so we don't
3716 * need to check for SSL_kECDH or SSL_kECDHE
3717 */
3718 if (s->version >= TLS1_VERSION) {
3719 if (!(alg_a & SSL_aECDSA))
3720 p[ret++] = TLS_CT_ECDSA_SIGN;
3721 }
3722 #endif
3723 return (ret);
3724 }
3725
3726 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3727 {
3728 OPENSSL_free(c->ctypes);
3729 c->ctypes = NULL;
3730 if (!p || !len)
3731 return 1;
3732 if (len > 0xff)
3733 return 0;
3734 c->ctypes = OPENSSL_malloc(len);
3735 if (c->ctypes == NULL)
3736 return 0;
3737 memcpy(c->ctypes, p, len);
3738 c->ctype_num = len;
3739 return 1;
3740 }
3741
3742 int ssl3_shutdown(SSL *s)
3743 {
3744 int ret;
3745
3746 /*
3747 * Don't do anything much if we have not done the handshake or we don't
3748 * want to send messages :-)
3749 */
3750 if (s->quiet_shutdown || SSL_in_before(s)) {
3751 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3752 return (1);
3753 }
3754
3755 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3756 s->shutdown |= SSL_SENT_SHUTDOWN;
3757 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3758 /*
3759 * our shutdown alert has been sent now, and if it still needs to be
3760 * written, s->s3->alert_dispatch will be true
3761 */
3762 if (s->s3->alert_dispatch)
3763 return (-1); /* return WANT_WRITE */
3764 } else if (s->s3->alert_dispatch) {
3765 /* resend it if not sent */
3766 ret = s->method->ssl_dispatch_alert(s);
3767 if (ret == -1) {
3768 /*
3769 * we only get to return -1 here the 2nd/Nth invocation, we must
3770 * have already signalled return 0 upon a previous invocation,
3771 * return WANT_WRITE
3772 */
3773 return (ret);
3774 }
3775 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3776 /*
3777 * If we are waiting for a close from our peer, we are closed
3778 */
3779 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
3780 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3781 return (-1); /* return WANT_READ */
3782 }
3783 }
3784
3785 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3786 !s->s3->alert_dispatch)
3787 return (1);
3788 else
3789 return (0);
3790 }
3791
3792 int ssl3_write(SSL *s, const void *buf, int len)
3793 {
3794 clear_sys_error();
3795 if (s->s3->renegotiate)
3796 ssl3_renegotiate_check(s);
3797
3798 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
3799 buf, len);
3800 }
3801
3802 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3803 {
3804 int ret;
3805
3806 clear_sys_error();
3807 if (s->s3->renegotiate)
3808 ssl3_renegotiate_check(s);
3809 s->s3->in_read_app_data = 1;
3810 ret =
3811 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3812 peek);
3813 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3814 /*
3815 * ssl3_read_bytes decided to call s->handshake_func, which called
3816 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3817 * actually found application data and thinks that application data
3818 * makes sense here; so disable handshake processing and try to read
3819 * application data again.
3820 */
3821 ossl_statem_set_in_handshake(s, 1);
3822 ret =
3823 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3824 len, peek);
3825 ossl_statem_set_in_handshake(s, 0);
3826 } else
3827 s->s3->in_read_app_data = 0;
3828
3829 return (ret);
3830 }
3831
3832 int ssl3_read(SSL *s, void *buf, int len)
3833 {
3834 return ssl3_read_internal(s, buf, len, 0);
3835 }
3836
3837 int ssl3_peek(SSL *s, void *buf, int len)
3838 {
3839 return ssl3_read_internal(s, buf, len, 1);
3840 }
3841
3842 int ssl3_renegotiate(SSL *s)
3843 {
3844 if (s->handshake_func == NULL)
3845 return (1);
3846
3847 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3848 return (0);
3849
3850 s->s3->renegotiate = 1;
3851 return (1);
3852 }
3853
3854 int ssl3_renegotiate_check(SSL *s)
3855 {
3856 int ret = 0;
3857
3858 if (s->s3->renegotiate) {
3859 if (!RECORD_LAYER_read_pending(&s->rlayer)
3860 && !RECORD_LAYER_write_pending(&s->rlayer)
3861 && !SSL_in_init(s)) {
3862 /*
3863 * if we are the server, and we have sent a 'RENEGOTIATE'
3864 * message, we need to set the state machine into the renegotiate
3865 * state.
3866 */
3867 ossl_statem_set_renegotiate(s);
3868 s->s3->renegotiate = 0;
3869 s->s3->num_renegotiations++;
3870 s->s3->total_renegotiations++;
3871 ret = 1;
3872 }
3873 }
3874 return (ret);
3875 }
3876
3877 /*
3878 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3879 * handshake macs if required.
3880 *
3881 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3882 */
3883 long ssl_get_algorithm2(SSL *s)
3884 {
3885 long alg2 = s->s3->tmp.new_cipher->algorithm2;
3886 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3887 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3888 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3889 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3890 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3891 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3892 }
3893 return alg2;
3894 }
3895
3896 /*
3897 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3898 * failure, 1 on success.
3899 */
3900 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
3901 {
3902 int send_time = 0;
3903
3904 if (len < 4)
3905 return 0;
3906 if (server)
3907 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
3908 else
3909 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
3910 if (send_time) {
3911 unsigned long Time = (unsigned long)time(NULL);
3912 unsigned char *p = result;
3913 l2n(Time, p);
3914 return RAND_bytes(p, len - 4);
3915 } else
3916 return RAND_bytes(result, len);
3917 }
3918
3919 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
3920 int free_pms)
3921 {
3922 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3923 if (alg_k & SSL_PSK) {
3924 #ifndef OPENSSL_NO_PSK
3925 unsigned char *pskpms, *t;
3926 size_t psklen = s->s3->tmp.psklen;
3927 size_t pskpmslen;
3928
3929 /* create PSK premaster_secret */
3930
3931 /* For plain PSK "other_secret" is psklen zeroes */
3932 if (alg_k & SSL_kPSK)
3933 pmslen = psklen;
3934
3935 pskpmslen = 4 + pmslen + psklen;
3936 pskpms = OPENSSL_malloc(pskpmslen);
3937 if (pskpms == NULL) {
3938 s->session->master_key_length = 0;
3939 goto err;
3940 }
3941 t = pskpms;
3942 s2n(pmslen, t);
3943 if (alg_k & SSL_kPSK)
3944 memset(t, 0, pmslen);
3945 else
3946 memcpy(t, pms, pmslen);
3947 t += pmslen;
3948 s2n(psklen, t);
3949 memcpy(t, s->s3->tmp.psk, psklen);
3950
3951 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
3952 s->s3->tmp.psk = NULL;
3953 s->session->master_key_length =
3954 s->method->ssl3_enc->generate_master_secret(s,
3955 s->session->master_key,
3956 pskpms, pskpmslen);
3957 OPENSSL_clear_free(pskpms, pskpmslen);
3958 #else
3959 /* Should never happen */
3960 s->session->master_key_length = 0;
3961 goto err;
3962 #endif
3963 } else {
3964 s->session->master_key_length =
3965 s->method->ssl3_enc->generate_master_secret(s,
3966 s->session->master_key,
3967 pms, pmslen);
3968 }
3969
3970 err:
3971 if (pms) {
3972 if (free_pms)
3973 OPENSSL_clear_free(pms, pmslen);
3974 else
3975 OPENSSL_cleanse(pms, pmslen);
3976 }
3977 if (s->server == 0)
3978 s->s3->tmp.pms = NULL;
3979 return s->session->master_key_length >= 0;
3980 }
3981
3982 /* Generate a private key from parameters or a curve NID */
3983 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int nid)
3984 {
3985 EVP_PKEY_CTX *pctx = NULL;
3986 EVP_PKEY *pkey = NULL;
3987 if (pm != NULL) {
3988 pctx = EVP_PKEY_CTX_new(pm, NULL);
3989 } else {
3990 /*
3991 * Generate a new key for this curve.
3992 * Should not be called if EC is disabled: if it is it will
3993 * fail with an unknown algorithm error.
3994 */
3995 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3996 }
3997 if (pctx == NULL)
3998 goto err;
3999 if (EVP_PKEY_keygen_init(pctx) <= 0)
4000 goto err;
4001 #ifndef OPENSSL_NO_EC
4002 if (pm == NULL && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4003 goto err;
4004 #endif
4005
4006 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4007 EVP_PKEY_free(pkey);
4008 pkey = NULL;
4009 }
4010
4011 err:
4012 EVP_PKEY_CTX_free(pctx);
4013 return pkey;
4014 }
4015 /* Derive premaster or master secret for ECDH/DH */
4016 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4017 {
4018 int rv = 0;
4019 unsigned char *pms = NULL;
4020 size_t pmslen = 0;
4021 EVP_PKEY_CTX *pctx;
4022
4023 if (privkey == NULL || pubkey == NULL)
4024 return 0;
4025
4026 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4027
4028 if (EVP_PKEY_derive_init(pctx) <= 0
4029 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4030 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4031 goto err;
4032 }
4033
4034 pms = OPENSSL_malloc(pmslen);
4035 if (pms == NULL)
4036 goto err;
4037
4038 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4039 goto err;
4040
4041 if (s->server) {
4042 /* For server generate master secret and discard premaster */
4043 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4044 pms = NULL;
4045 } else {
4046 /* For client just save premaster secret */
4047 s->s3->tmp.pms = pms;
4048 s->s3->tmp.pmslen = pmslen;
4049 pms = NULL;
4050 rv = 1;
4051 }
4052
4053 err:
4054 OPENSSL_clear_free(pms, pmslen);
4055 EVP_PKEY_CTX_free(pctx);
4056 return rv;
4057 }
4058
4059 #ifndef OPENSSL_NO_DH
4060 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4061 {
4062 EVP_PKEY *ret;
4063 if (dh == NULL)
4064 return NULL;
4065 ret = EVP_PKEY_new();
4066 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
4067 EVP_PKEY_free(ret);
4068 return NULL;
4069 }
4070 return ret;
4071 }
4072 #endif
A mirror of the official openssl repository