]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/s3_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
threads_pthread.c: change inline to ossl_inline
[thirdparty/openssl.git] / ssl / s3_lib.c
1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include "internal/cryptlib.h"
23
24 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
25 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
26 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
27
28 /* TLSv1.3 downgrade protection sentinel values */
29 const unsigned char tls11downgrade[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
31 };
32 const unsigned char tls12downgrade[] = {
33 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
34 };
35
36 /* The list of available TLSv1.3 ciphers */
37 static SSL_CIPHER tls13_ciphers[] = {
38 {
39 1,
40 TLS1_3_RFC_AES_128_GCM_SHA256,
41 TLS1_3_RFC_AES_128_GCM_SHA256,
42 TLS1_3_CK_AES_128_GCM_SHA256,
43 SSL_kANY,
44 SSL_aANY,
45 SSL_AES128GCM,
46 SSL_AEAD,
47 TLS1_3_VERSION, TLS1_3_VERSION,
48 0, 0,
49 SSL_HIGH,
50 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
51 128,
52 128,
53 }, {
54 1,
55 TLS1_3_RFC_AES_256_GCM_SHA384,
56 TLS1_3_RFC_AES_256_GCM_SHA384,
57 TLS1_3_CK_AES_256_GCM_SHA384,
58 SSL_kANY,
59 SSL_aANY,
60 SSL_AES256GCM,
61 SSL_AEAD,
62 TLS1_3_VERSION, TLS1_3_VERSION,
63 0, 0,
64 SSL_HIGH,
65 SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
66 256,
67 256,
68 },
69 {
70 1,
71 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
72 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
73 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
74 SSL_kANY,
75 SSL_aANY,
76 SSL_CHACHA20POLY1305,
77 SSL_AEAD,
78 TLS1_3_VERSION, TLS1_3_VERSION,
79 0, 0,
80 SSL_HIGH,
81 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
82 256,
83 256,
84 },
85 {
86 1,
87 TLS1_3_RFC_AES_128_CCM_SHA256,
88 TLS1_3_RFC_AES_128_CCM_SHA256,
89 TLS1_3_CK_AES_128_CCM_SHA256,
90 SSL_kANY,
91 SSL_aANY,
92 SSL_AES128CCM,
93 SSL_AEAD,
94 TLS1_3_VERSION, TLS1_3_VERSION,
95 0, 0,
96 SSL_NOT_DEFAULT | SSL_HIGH,
97 SSL_HANDSHAKE_MAC_SHA256,
98 128,
99 128,
100 }, {
101 1,
102 TLS1_3_RFC_AES_128_CCM_8_SHA256,
103 TLS1_3_RFC_AES_128_CCM_8_SHA256,
104 TLS1_3_CK_AES_128_CCM_8_SHA256,
105 SSL_kANY,
106 SSL_aANY,
107 SSL_AES128CCM8,
108 SSL_AEAD,
109 TLS1_3_VERSION, TLS1_3_VERSION,
110 0, 0,
111 SSL_NOT_DEFAULT | SSL_MEDIUM,
112 SSL_HANDSHAKE_MAC_SHA256,
113 64, /* CCM8 uses a short tag, so we have a low security strength */
114 128,
115 },
116 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
117 {
118 1,
119 TLS1_3_RFC_SHA256_SHA256,
120 TLS1_3_RFC_SHA256_SHA256,
121 TLS1_3_CK_SHA256_SHA256,
122 SSL_kANY,
123 SSL_aANY,
124 SSL_eNULL,
125 SSL_SHA256,
126 TLS1_3_VERSION, TLS1_3_VERSION,
127 0, 0,
128 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
129 SSL_HANDSHAKE_MAC_SHA256,
130 0,
131 256,
132 }, {
133 1,
134 TLS1_3_RFC_SHA384_SHA384,
135 TLS1_3_RFC_SHA384_SHA384,
136 TLS1_3_CK_SHA384_SHA384,
137 SSL_kANY,
138 SSL_aANY,
139 SSL_eNULL,
140 SSL_SHA384,
141 TLS1_3_VERSION, TLS1_3_VERSION,
142 0, 0,
143 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
144 SSL_HANDSHAKE_MAC_SHA384,
145 0,
146 384,
147 },
148 #endif
149 };
150
151 /*
152 * The list of available ciphers, mostly organized into the following
153 * groups:
154 * Always there
155 * EC
156 * PSK
157 * SRP (within that: RSA EC PSK)
158 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
159 * Weak ciphers
160 */
161 static SSL_CIPHER ssl3_ciphers[] = {
162 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
163 {
164 1,
165 SSL3_TXT_RSA_NULL_MD5,
166 SSL3_RFC_RSA_NULL_MD5,
167 SSL3_CK_RSA_NULL_MD5,
168 SSL_kRSA,
169 SSL_aRSA,
170 SSL_eNULL,
171 SSL_MD5,
172 SSL3_VERSION, TLS1_2_VERSION,
173 DTLS1_BAD_VER, DTLS1_2_VERSION,
174 SSL_STRONG_NONE,
175 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176 0,
177 0,
178 },
179 {
180 1,
181 SSL3_TXT_RSA_NULL_SHA,
182 SSL3_RFC_RSA_NULL_SHA,
183 SSL3_CK_RSA_NULL_SHA,
184 SSL_kRSA,
185 SSL_aRSA,
186 SSL_eNULL,
187 SSL_SHA1,
188 SSL3_VERSION, TLS1_2_VERSION,
189 DTLS1_BAD_VER, DTLS1_2_VERSION,
190 SSL_STRONG_NONE | SSL_FIPS,
191 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
192 0,
193 0,
194 },
195 #endif
196 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
197 {
198 1,
199 SSL3_TXT_RSA_DES_192_CBC3_SHA,
200 SSL3_RFC_RSA_DES_192_CBC3_SHA,
201 SSL3_CK_RSA_DES_192_CBC3_SHA,
202 SSL_kRSA,
203 SSL_aRSA,
204 SSL_3DES,
205 SSL_SHA1,
206 SSL3_VERSION, TLS1_2_VERSION,
207 DTLS1_BAD_VER, DTLS1_2_VERSION,
208 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
209 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
210 112,
211 168,
212 },
213 {
214 1,
215 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
216 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
217 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
218 SSL_kDHE,
219 SSL_aDSS,
220 SSL_3DES,
221 SSL_SHA1,
222 SSL3_VERSION, TLS1_2_VERSION,
223 DTLS1_BAD_VER, DTLS1_2_VERSION,
224 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
225 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
226 112,
227 168,
228 },
229 {
230 1,
231 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
232 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
233 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
234 SSL_kDHE,
235 SSL_aRSA,
236 SSL_3DES,
237 SSL_SHA1,
238 SSL3_VERSION, TLS1_2_VERSION,
239 DTLS1_BAD_VER, DTLS1_2_VERSION,
240 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
241 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
242 112,
243 168,
244 },
245 {
246 1,
247 SSL3_TXT_ADH_DES_192_CBC_SHA,
248 SSL3_RFC_ADH_DES_192_CBC_SHA,
249 SSL3_CK_ADH_DES_192_CBC_SHA,
250 SSL_kDHE,
251 SSL_aNULL,
252 SSL_3DES,
253 SSL_SHA1,
254 SSL3_VERSION, TLS1_2_VERSION,
255 DTLS1_BAD_VER, DTLS1_2_VERSION,
256 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
258 112,
259 168,
260 },
261 #endif
262 {
263 1,
264 TLS1_TXT_RSA_WITH_AES_128_SHA,
265 TLS1_RFC_RSA_WITH_AES_128_SHA,
266 TLS1_CK_RSA_WITH_AES_128_SHA,
267 SSL_kRSA,
268 SSL_aRSA,
269 SSL_AES128,
270 SSL_SHA1,
271 SSL3_VERSION, TLS1_2_VERSION,
272 DTLS1_BAD_VER, DTLS1_2_VERSION,
273 SSL_HIGH | SSL_FIPS,
274 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
275 128,
276 128,
277 },
278 {
279 1,
280 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
281 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
282 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
283 SSL_kDHE,
284 SSL_aDSS,
285 SSL_AES128,
286 SSL_SHA1,
287 SSL3_VERSION, TLS1_2_VERSION,
288 DTLS1_BAD_VER, DTLS1_2_VERSION,
289 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
290 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
291 128,
292 128,
293 },
294 {
295 1,
296 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
297 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
298 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
299 SSL_kDHE,
300 SSL_aRSA,
301 SSL_AES128,
302 SSL_SHA1,
303 SSL3_VERSION, TLS1_2_VERSION,
304 DTLS1_BAD_VER, DTLS1_2_VERSION,
305 SSL_HIGH | SSL_FIPS,
306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
307 128,
308 128,
309 },
310 {
311 1,
312 TLS1_TXT_ADH_WITH_AES_128_SHA,
313 TLS1_RFC_ADH_WITH_AES_128_SHA,
314 TLS1_CK_ADH_WITH_AES_128_SHA,
315 SSL_kDHE,
316 SSL_aNULL,
317 SSL_AES128,
318 SSL_SHA1,
319 SSL3_VERSION, TLS1_2_VERSION,
320 DTLS1_BAD_VER, DTLS1_2_VERSION,
321 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
323 128,
324 128,
325 },
326 {
327 1,
328 TLS1_TXT_RSA_WITH_AES_256_SHA,
329 TLS1_RFC_RSA_WITH_AES_256_SHA,
330 TLS1_CK_RSA_WITH_AES_256_SHA,
331 SSL_kRSA,
332 SSL_aRSA,
333 SSL_AES256,
334 SSL_SHA1,
335 SSL3_VERSION, TLS1_2_VERSION,
336 DTLS1_BAD_VER, DTLS1_2_VERSION,
337 SSL_HIGH | SSL_FIPS,
338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
339 256,
340 256,
341 },
342 {
343 1,
344 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
345 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
346 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
347 SSL_kDHE,
348 SSL_aDSS,
349 SSL_AES256,
350 SSL_SHA1,
351 SSL3_VERSION, TLS1_2_VERSION,
352 DTLS1_BAD_VER, DTLS1_2_VERSION,
353 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
354 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
355 256,
356 256,
357 },
358 {
359 1,
360 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
361 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
362 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
363 SSL_kDHE,
364 SSL_aRSA,
365 SSL_AES256,
366 SSL_SHA1,
367 SSL3_VERSION, TLS1_2_VERSION,
368 DTLS1_BAD_VER, DTLS1_2_VERSION,
369 SSL_HIGH | SSL_FIPS,
370 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
371 256,
372 256,
373 },
374 {
375 1,
376 TLS1_TXT_ADH_WITH_AES_256_SHA,
377 TLS1_RFC_ADH_WITH_AES_256_SHA,
378 TLS1_CK_ADH_WITH_AES_256_SHA,
379 SSL_kDHE,
380 SSL_aNULL,
381 SSL_AES256,
382 SSL_SHA1,
383 SSL3_VERSION, TLS1_2_VERSION,
384 DTLS1_BAD_VER, DTLS1_2_VERSION,
385 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
387 256,
388 256,
389 },
390 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
391 {
392 1,
393 TLS1_TXT_RSA_WITH_NULL_SHA256,
394 TLS1_RFC_RSA_WITH_NULL_SHA256,
395 TLS1_CK_RSA_WITH_NULL_SHA256,
396 SSL_kRSA,
397 SSL_aRSA,
398 SSL_eNULL,
399 SSL_SHA256,
400 TLS1_2_VERSION, TLS1_2_VERSION,
401 DTLS1_2_VERSION, DTLS1_2_VERSION,
402 SSL_STRONG_NONE | SSL_FIPS,
403 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
404 0,
405 0,
406 },
407 #endif
408 {
409 1,
410 TLS1_TXT_RSA_WITH_AES_128_SHA256,
411 TLS1_RFC_RSA_WITH_AES_128_SHA256,
412 TLS1_CK_RSA_WITH_AES_128_SHA256,
413 SSL_kRSA,
414 SSL_aRSA,
415 SSL_AES128,
416 SSL_SHA256,
417 TLS1_2_VERSION, TLS1_2_VERSION,
418 DTLS1_2_VERSION, DTLS1_2_VERSION,
419 SSL_HIGH | SSL_FIPS,
420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
421 128,
422 128,
423 },
424 {
425 1,
426 TLS1_TXT_RSA_WITH_AES_256_SHA256,
427 TLS1_RFC_RSA_WITH_AES_256_SHA256,
428 TLS1_CK_RSA_WITH_AES_256_SHA256,
429 SSL_kRSA,
430 SSL_aRSA,
431 SSL_AES256,
432 SSL_SHA256,
433 TLS1_2_VERSION, TLS1_2_VERSION,
434 DTLS1_2_VERSION, DTLS1_2_VERSION,
435 SSL_HIGH | SSL_FIPS,
436 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
437 256,
438 256,
439 },
440 {
441 1,
442 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
443 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
444 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
445 SSL_kDHE,
446 SSL_aDSS,
447 SSL_AES128,
448 SSL_SHA256,
449 TLS1_2_VERSION, TLS1_2_VERSION,
450 DTLS1_2_VERSION, DTLS1_2_VERSION,
451 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
453 128,
454 128,
455 },
456 {
457 1,
458 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
459 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
460 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
461 SSL_kDHE,
462 SSL_aRSA,
463 SSL_AES128,
464 SSL_SHA256,
465 TLS1_2_VERSION, TLS1_2_VERSION,
466 DTLS1_2_VERSION, DTLS1_2_VERSION,
467 SSL_HIGH | SSL_FIPS,
468 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
469 128,
470 128,
471 },
472 {
473 1,
474 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
475 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
476 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
477 SSL_kDHE,
478 SSL_aDSS,
479 SSL_AES256,
480 SSL_SHA256,
481 TLS1_2_VERSION, TLS1_2_VERSION,
482 DTLS1_2_VERSION, DTLS1_2_VERSION,
483 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
484 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
485 256,
486 256,
487 },
488 {
489 1,
490 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
491 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
492 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
493 SSL_kDHE,
494 SSL_aRSA,
495 SSL_AES256,
496 SSL_SHA256,
497 TLS1_2_VERSION, TLS1_2_VERSION,
498 DTLS1_2_VERSION, DTLS1_2_VERSION,
499 SSL_HIGH | SSL_FIPS,
500 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
501 256,
502 256,
503 },
504 {
505 1,
506 TLS1_TXT_ADH_WITH_AES_128_SHA256,
507 TLS1_RFC_ADH_WITH_AES_128_SHA256,
508 TLS1_CK_ADH_WITH_AES_128_SHA256,
509 SSL_kDHE,
510 SSL_aNULL,
511 SSL_AES128,
512 SSL_SHA256,
513 TLS1_2_VERSION, TLS1_2_VERSION,
514 DTLS1_2_VERSION, DTLS1_2_VERSION,
515 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
516 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
517 128,
518 128,
519 },
520 {
521 1,
522 TLS1_TXT_ADH_WITH_AES_256_SHA256,
523 TLS1_RFC_ADH_WITH_AES_256_SHA256,
524 TLS1_CK_ADH_WITH_AES_256_SHA256,
525 SSL_kDHE,
526 SSL_aNULL,
527 SSL_AES256,
528 SSL_SHA256,
529 TLS1_2_VERSION, TLS1_2_VERSION,
530 DTLS1_2_VERSION, DTLS1_2_VERSION,
531 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
532 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
533 256,
534 256,
535 },
536 {
537 1,
538 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
539 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
540 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
541 SSL_kRSA,
542 SSL_aRSA,
543 SSL_AES128GCM,
544 SSL_AEAD,
545 TLS1_2_VERSION, TLS1_2_VERSION,
546 DTLS1_2_VERSION, DTLS1_2_VERSION,
547 SSL_HIGH | SSL_FIPS,
548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
549 128,
550 128,
551 },
552 {
553 1,
554 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
555 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
556 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
557 SSL_kRSA,
558 SSL_aRSA,
559 SSL_AES256GCM,
560 SSL_AEAD,
561 TLS1_2_VERSION, TLS1_2_VERSION,
562 DTLS1_2_VERSION, DTLS1_2_VERSION,
563 SSL_HIGH | SSL_FIPS,
564 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
565 256,
566 256,
567 },
568 {
569 1,
570 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
571 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
572 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
573 SSL_kDHE,
574 SSL_aRSA,
575 SSL_AES128GCM,
576 SSL_AEAD,
577 TLS1_2_VERSION, TLS1_2_VERSION,
578 DTLS1_2_VERSION, DTLS1_2_VERSION,
579 SSL_HIGH | SSL_FIPS,
580 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
581 128,
582 128,
583 },
584 {
585 1,
586 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
587 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
588 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
589 SSL_kDHE,
590 SSL_aRSA,
591 SSL_AES256GCM,
592 SSL_AEAD,
593 TLS1_2_VERSION, TLS1_2_VERSION,
594 DTLS1_2_VERSION, DTLS1_2_VERSION,
595 SSL_HIGH | SSL_FIPS,
596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
597 256,
598 256,
599 },
600 {
601 1,
602 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
603 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
604 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
605 SSL_kDHE,
606 SSL_aDSS,
607 SSL_AES128GCM,
608 SSL_AEAD,
609 TLS1_2_VERSION, TLS1_2_VERSION,
610 DTLS1_2_VERSION, DTLS1_2_VERSION,
611 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
612 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
613 128,
614 128,
615 },
616 {
617 1,
618 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
619 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
620 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
621 SSL_kDHE,
622 SSL_aDSS,
623 SSL_AES256GCM,
624 SSL_AEAD,
625 TLS1_2_VERSION, TLS1_2_VERSION,
626 DTLS1_2_VERSION, DTLS1_2_VERSION,
627 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
628 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
629 256,
630 256,
631 },
632 {
633 1,
634 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
635 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
636 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
637 SSL_kDHE,
638 SSL_aNULL,
639 SSL_AES128GCM,
640 SSL_AEAD,
641 TLS1_2_VERSION, TLS1_2_VERSION,
642 DTLS1_2_VERSION, DTLS1_2_VERSION,
643 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
644 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
645 128,
646 128,
647 },
648 {
649 1,
650 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
651 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
652 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
653 SSL_kDHE,
654 SSL_aNULL,
655 SSL_AES256GCM,
656 SSL_AEAD,
657 TLS1_2_VERSION, TLS1_2_VERSION,
658 DTLS1_2_VERSION, DTLS1_2_VERSION,
659 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
660 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
661 256,
662 256,
663 },
664 {
665 1,
666 TLS1_TXT_RSA_WITH_AES_128_CCM,
667 TLS1_RFC_RSA_WITH_AES_128_CCM,
668 TLS1_CK_RSA_WITH_AES_128_CCM,
669 SSL_kRSA,
670 SSL_aRSA,
671 SSL_AES128CCM,
672 SSL_AEAD,
673 TLS1_2_VERSION, TLS1_2_VERSION,
674 DTLS1_2_VERSION, DTLS1_2_VERSION,
675 SSL_NOT_DEFAULT | SSL_HIGH,
676 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
677 128,
678 128,
679 },
680 {
681 1,
682 TLS1_TXT_RSA_WITH_AES_256_CCM,
683 TLS1_RFC_RSA_WITH_AES_256_CCM,
684 TLS1_CK_RSA_WITH_AES_256_CCM,
685 SSL_kRSA,
686 SSL_aRSA,
687 SSL_AES256CCM,
688 SSL_AEAD,
689 TLS1_2_VERSION, TLS1_2_VERSION,
690 DTLS1_2_VERSION, DTLS1_2_VERSION,
691 SSL_NOT_DEFAULT | SSL_HIGH,
692 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
693 256,
694 256,
695 },
696 {
697 1,
698 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
699 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
700 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
701 SSL_kDHE,
702 SSL_aRSA,
703 SSL_AES128CCM,
704 SSL_AEAD,
705 TLS1_2_VERSION, TLS1_2_VERSION,
706 DTLS1_2_VERSION, DTLS1_2_VERSION,
707 SSL_NOT_DEFAULT | SSL_HIGH,
708 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
709 128,
710 128,
711 },
712 {
713 1,
714 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
715 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
716 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
717 SSL_kDHE,
718 SSL_aRSA,
719 SSL_AES256CCM,
720 SSL_AEAD,
721 TLS1_2_VERSION, TLS1_2_VERSION,
722 DTLS1_2_VERSION, DTLS1_2_VERSION,
723 SSL_NOT_DEFAULT | SSL_HIGH,
724 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
725 256,
726 256,
727 },
728 {
729 1,
730 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
731 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
732 TLS1_CK_RSA_WITH_AES_128_CCM_8,
733 SSL_kRSA,
734 SSL_aRSA,
735 SSL_AES128CCM8,
736 SSL_AEAD,
737 TLS1_2_VERSION, TLS1_2_VERSION,
738 DTLS1_2_VERSION, DTLS1_2_VERSION,
739 SSL_NOT_DEFAULT | SSL_MEDIUM,
740 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
741 64, /* CCM8 uses a short tag, so we have a low security strength */
742 128,
743 },
744 {
745 1,
746 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
747 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
748 TLS1_CK_RSA_WITH_AES_256_CCM_8,
749 SSL_kRSA,
750 SSL_aRSA,
751 SSL_AES256CCM8,
752 SSL_AEAD,
753 TLS1_2_VERSION, TLS1_2_VERSION,
754 DTLS1_2_VERSION, DTLS1_2_VERSION,
755 SSL_NOT_DEFAULT | SSL_MEDIUM,
756 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
757 64, /* CCM8 uses a short tag, so we have a low security strength */
758 256,
759 },
760 {
761 1,
762 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
763 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
764 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
765 SSL_kDHE,
766 SSL_aRSA,
767 SSL_AES128CCM8,
768 SSL_AEAD,
769 TLS1_2_VERSION, TLS1_2_VERSION,
770 DTLS1_2_VERSION, DTLS1_2_VERSION,
771 SSL_NOT_DEFAULT | SSL_MEDIUM,
772 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
773 64, /* CCM8 uses a short tag, so we have a low security strength */
774 128,
775 },
776 {
777 1,
778 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
779 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
780 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
781 SSL_kDHE,
782 SSL_aRSA,
783 SSL_AES256CCM8,
784 SSL_AEAD,
785 TLS1_2_VERSION, TLS1_2_VERSION,
786 DTLS1_2_VERSION, DTLS1_2_VERSION,
787 SSL_NOT_DEFAULT | SSL_MEDIUM,
788 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
789 64, /* CCM8 uses a short tag, so we have a low security strength */
790 256,
791 },
792 {
793 1,
794 TLS1_TXT_PSK_WITH_AES_128_CCM,
795 TLS1_RFC_PSK_WITH_AES_128_CCM,
796 TLS1_CK_PSK_WITH_AES_128_CCM,
797 SSL_kPSK,
798 SSL_aPSK,
799 SSL_AES128CCM,
800 SSL_AEAD,
801 TLS1_2_VERSION, TLS1_2_VERSION,
802 DTLS1_2_VERSION, DTLS1_2_VERSION,
803 SSL_NOT_DEFAULT | SSL_HIGH,
804 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
805 128,
806 128,
807 },
808 {
809 1,
810 TLS1_TXT_PSK_WITH_AES_256_CCM,
811 TLS1_RFC_PSK_WITH_AES_256_CCM,
812 TLS1_CK_PSK_WITH_AES_256_CCM,
813 SSL_kPSK,
814 SSL_aPSK,
815 SSL_AES256CCM,
816 SSL_AEAD,
817 TLS1_2_VERSION, TLS1_2_VERSION,
818 DTLS1_2_VERSION, DTLS1_2_VERSION,
819 SSL_NOT_DEFAULT | SSL_HIGH,
820 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
821 256,
822 256,
823 },
824 {
825 1,
826 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
827 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
828 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
829 SSL_kDHEPSK,
830 SSL_aPSK,
831 SSL_AES128CCM,
832 SSL_AEAD,
833 TLS1_2_VERSION, TLS1_2_VERSION,
834 DTLS1_2_VERSION, DTLS1_2_VERSION,
835 SSL_NOT_DEFAULT | SSL_HIGH,
836 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
837 128,
838 128,
839 },
840 {
841 1,
842 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
843 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
844 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
845 SSL_kDHEPSK,
846 SSL_aPSK,
847 SSL_AES256CCM,
848 SSL_AEAD,
849 TLS1_2_VERSION, TLS1_2_VERSION,
850 DTLS1_2_VERSION, DTLS1_2_VERSION,
851 SSL_NOT_DEFAULT | SSL_HIGH,
852 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
853 256,
854 256,
855 },
856 {
857 1,
858 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
859 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
860 TLS1_CK_PSK_WITH_AES_128_CCM_8,
861 SSL_kPSK,
862 SSL_aPSK,
863 SSL_AES128CCM8,
864 SSL_AEAD,
865 TLS1_2_VERSION, TLS1_2_VERSION,
866 DTLS1_2_VERSION, DTLS1_2_VERSION,
867 SSL_NOT_DEFAULT | SSL_MEDIUM,
868 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
869 64, /* CCM8 uses a short tag, so we have a low security strength */
870 128,
871 },
872 {
873 1,
874 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
875 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
876 TLS1_CK_PSK_WITH_AES_256_CCM_8,
877 SSL_kPSK,
878 SSL_aPSK,
879 SSL_AES256CCM8,
880 SSL_AEAD,
881 TLS1_2_VERSION, TLS1_2_VERSION,
882 DTLS1_2_VERSION, DTLS1_2_VERSION,
883 SSL_NOT_DEFAULT | SSL_MEDIUM,
884 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
885 64, /* CCM8 uses a short tag, so we have a low security strength */
886 256,
887 },
888 {
889 1,
890 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
891 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
892 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
893 SSL_kDHEPSK,
894 SSL_aPSK,
895 SSL_AES128CCM8,
896 SSL_AEAD,
897 TLS1_2_VERSION, TLS1_2_VERSION,
898 DTLS1_2_VERSION, DTLS1_2_VERSION,
899 SSL_NOT_DEFAULT | SSL_MEDIUM,
900 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
901 64, /* CCM8 uses a short tag, so we have a low security strength */
902 128,
903 },
904 {
905 1,
906 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
907 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
908 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
909 SSL_kDHEPSK,
910 SSL_aPSK,
911 SSL_AES256CCM8,
912 SSL_AEAD,
913 TLS1_2_VERSION, TLS1_2_VERSION,
914 DTLS1_2_VERSION, DTLS1_2_VERSION,
915 SSL_NOT_DEFAULT | SSL_MEDIUM,
916 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
917 64, /* CCM8 uses a short tag, so we have a low security strength */
918 256,
919 },
920 {
921 1,
922 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
923 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
924 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
925 SSL_kECDHE,
926 SSL_aECDSA,
927 SSL_AES128CCM,
928 SSL_AEAD,
929 TLS1_2_VERSION, TLS1_2_VERSION,
930 DTLS1_2_VERSION, DTLS1_2_VERSION,
931 SSL_NOT_DEFAULT | SSL_HIGH,
932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
933 128,
934 128,
935 },
936 {
937 1,
938 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
939 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
940 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
941 SSL_kECDHE,
942 SSL_aECDSA,
943 SSL_AES256CCM,
944 SSL_AEAD,
945 TLS1_2_VERSION, TLS1_2_VERSION,
946 DTLS1_2_VERSION, DTLS1_2_VERSION,
947 SSL_NOT_DEFAULT | SSL_HIGH,
948 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
949 256,
950 256,
951 },
952 {
953 1,
954 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
955 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
956 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
957 SSL_kECDHE,
958 SSL_aECDSA,
959 SSL_AES128CCM8,
960 SSL_AEAD,
961 TLS1_2_VERSION, TLS1_2_VERSION,
962 DTLS1_2_VERSION, DTLS1_2_VERSION,
963 SSL_NOT_DEFAULT | SSL_MEDIUM,
964 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
965 64, /* CCM8 uses a short tag, so we have a low security strength */
966 128,
967 },
968 {
969 1,
970 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
971 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
972 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
973 SSL_kECDHE,
974 SSL_aECDSA,
975 SSL_AES256CCM8,
976 SSL_AEAD,
977 TLS1_2_VERSION, TLS1_2_VERSION,
978 DTLS1_2_VERSION, DTLS1_2_VERSION,
979 SSL_NOT_DEFAULT | SSL_MEDIUM,
980 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
981 64, /* CCM8 uses a short tag, so we have a low security strength */
982 256,
983 },
984 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
985 {
986 1,
987 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
988 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
989 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
990 SSL_kECDHE,
991 SSL_aECDSA,
992 SSL_eNULL,
993 SSL_SHA1,
994 TLS1_VERSION, TLS1_2_VERSION,
995 DTLS1_BAD_VER, DTLS1_2_VERSION,
996 SSL_STRONG_NONE | SSL_FIPS,
997 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
998 0,
999 0,
1000 },
1001 #endif
1002 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1003 {
1004 1,
1005 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1006 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1007 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1008 SSL_kECDHE,
1009 SSL_aECDSA,
1010 SSL_3DES,
1011 SSL_SHA1,
1012 TLS1_VERSION, TLS1_2_VERSION,
1013 DTLS1_BAD_VER, DTLS1_2_VERSION,
1014 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1015 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1016 112,
1017 168,
1018 },
1019 # endif
1020 {
1021 1,
1022 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1023 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1024 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1025 SSL_kECDHE,
1026 SSL_aECDSA,
1027 SSL_AES128,
1028 SSL_SHA1,
1029 TLS1_VERSION, TLS1_2_VERSION,
1030 DTLS1_BAD_VER, DTLS1_2_VERSION,
1031 SSL_HIGH | SSL_FIPS,
1032 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1033 128,
1034 128,
1035 },
1036 {
1037 1,
1038 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1039 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1040 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1041 SSL_kECDHE,
1042 SSL_aECDSA,
1043 SSL_AES256,
1044 SSL_SHA1,
1045 TLS1_VERSION, TLS1_2_VERSION,
1046 DTLS1_BAD_VER, DTLS1_2_VERSION,
1047 SSL_HIGH | SSL_FIPS,
1048 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1049 256,
1050 256,
1051 },
1052 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1053 {
1054 1,
1055 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1056 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1057 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1058 SSL_kECDHE,
1059 SSL_aRSA,
1060 SSL_eNULL,
1061 SSL_SHA1,
1062 TLS1_VERSION, TLS1_2_VERSION,
1063 DTLS1_BAD_VER, DTLS1_2_VERSION,
1064 SSL_STRONG_NONE | SSL_FIPS,
1065 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1066 0,
1067 0,
1068 },
1069 #endif
1070 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1071 {
1072 1,
1073 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1074 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1075 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1076 SSL_kECDHE,
1077 SSL_aRSA,
1078 SSL_3DES,
1079 SSL_SHA1,
1080 TLS1_VERSION, TLS1_2_VERSION,
1081 DTLS1_BAD_VER, DTLS1_2_VERSION,
1082 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1083 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1084 112,
1085 168,
1086 },
1087 # endif
1088 {
1089 1,
1090 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1091 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1092 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1093 SSL_kECDHE,
1094 SSL_aRSA,
1095 SSL_AES128,
1096 SSL_SHA1,
1097 TLS1_VERSION, TLS1_2_VERSION,
1098 DTLS1_BAD_VER, DTLS1_2_VERSION,
1099 SSL_HIGH | SSL_FIPS,
1100 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1101 128,
1102 128,
1103 },
1104 {
1105 1,
1106 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1107 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1108 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1109 SSL_kECDHE,
1110 SSL_aRSA,
1111 SSL_AES256,
1112 SSL_SHA1,
1113 TLS1_VERSION, TLS1_2_VERSION,
1114 DTLS1_BAD_VER, DTLS1_2_VERSION,
1115 SSL_HIGH | SSL_FIPS,
1116 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1117 256,
1118 256,
1119 },
1120 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1121 {
1122 1,
1123 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1124 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1125 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1126 SSL_kECDHE,
1127 SSL_aNULL,
1128 SSL_eNULL,
1129 SSL_SHA1,
1130 TLS1_VERSION, TLS1_2_VERSION,
1131 DTLS1_BAD_VER, DTLS1_2_VERSION,
1132 SSL_STRONG_NONE | SSL_FIPS,
1133 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1134 0,
1135 0,
1136 },
1137 #endif
1138 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1139 {
1140 1,
1141 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1142 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1143 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1144 SSL_kECDHE,
1145 SSL_aNULL,
1146 SSL_3DES,
1147 SSL_SHA1,
1148 TLS1_VERSION, TLS1_2_VERSION,
1149 DTLS1_BAD_VER, DTLS1_2_VERSION,
1150 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1151 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1152 112,
1153 168,
1154 },
1155 # endif
1156 {
1157 1,
1158 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1159 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1160 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1161 SSL_kECDHE,
1162 SSL_aNULL,
1163 SSL_AES128,
1164 SSL_SHA1,
1165 TLS1_VERSION, TLS1_2_VERSION,
1166 DTLS1_BAD_VER, DTLS1_2_VERSION,
1167 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1168 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1169 128,
1170 128,
1171 },
1172 {
1173 1,
1174 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1175 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1176 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1177 SSL_kECDHE,
1178 SSL_aNULL,
1179 SSL_AES256,
1180 SSL_SHA1,
1181 TLS1_VERSION, TLS1_2_VERSION,
1182 DTLS1_BAD_VER, DTLS1_2_VERSION,
1183 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1184 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1185 256,
1186 256,
1187 },
1188 {
1189 1,
1190 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1191 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1192 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1193 SSL_kECDHE,
1194 SSL_aECDSA,
1195 SSL_AES128,
1196 SSL_SHA256,
1197 TLS1_2_VERSION, TLS1_2_VERSION,
1198 DTLS1_2_VERSION, DTLS1_2_VERSION,
1199 SSL_HIGH | SSL_FIPS,
1200 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1201 128,
1202 128,
1203 },
1204 {
1205 1,
1206 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1207 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1208 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1209 SSL_kECDHE,
1210 SSL_aECDSA,
1211 SSL_AES256,
1212 SSL_SHA384,
1213 TLS1_2_VERSION, TLS1_2_VERSION,
1214 DTLS1_2_VERSION, DTLS1_2_VERSION,
1215 SSL_HIGH | SSL_FIPS,
1216 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1217 256,
1218 256,
1219 },
1220 {
1221 1,
1222 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1223 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1224 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1225 SSL_kECDHE,
1226 SSL_aRSA,
1227 SSL_AES128,
1228 SSL_SHA256,
1229 TLS1_2_VERSION, TLS1_2_VERSION,
1230 DTLS1_2_VERSION, DTLS1_2_VERSION,
1231 SSL_HIGH | SSL_FIPS,
1232 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1233 128,
1234 128,
1235 },
1236 {
1237 1,
1238 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1239 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1240 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1241 SSL_kECDHE,
1242 SSL_aRSA,
1243 SSL_AES256,
1244 SSL_SHA384,
1245 TLS1_2_VERSION, TLS1_2_VERSION,
1246 DTLS1_2_VERSION, DTLS1_2_VERSION,
1247 SSL_HIGH | SSL_FIPS,
1248 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1249 256,
1250 256,
1251 },
1252 {
1253 1,
1254 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1255 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1256 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1257 SSL_kECDHE,
1258 SSL_aECDSA,
1259 SSL_AES128GCM,
1260 SSL_AEAD,
1261 TLS1_2_VERSION, TLS1_2_VERSION,
1262 DTLS1_2_VERSION, DTLS1_2_VERSION,
1263 SSL_HIGH | SSL_FIPS,
1264 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1265 128,
1266 128,
1267 },
1268 {
1269 1,
1270 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1271 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1272 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1273 SSL_kECDHE,
1274 SSL_aECDSA,
1275 SSL_AES256GCM,
1276 SSL_AEAD,
1277 TLS1_2_VERSION, TLS1_2_VERSION,
1278 DTLS1_2_VERSION, DTLS1_2_VERSION,
1279 SSL_HIGH | SSL_FIPS,
1280 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1281 256,
1282 256,
1283 },
1284 {
1285 1,
1286 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1287 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1288 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1289 SSL_kECDHE,
1290 SSL_aRSA,
1291 SSL_AES128GCM,
1292 SSL_AEAD,
1293 TLS1_2_VERSION, TLS1_2_VERSION,
1294 DTLS1_2_VERSION, DTLS1_2_VERSION,
1295 SSL_HIGH | SSL_FIPS,
1296 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1297 128,
1298 128,
1299 },
1300 {
1301 1,
1302 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1303 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1304 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1305 SSL_kECDHE,
1306 SSL_aRSA,
1307 SSL_AES256GCM,
1308 SSL_AEAD,
1309 TLS1_2_VERSION, TLS1_2_VERSION,
1310 DTLS1_2_VERSION, DTLS1_2_VERSION,
1311 SSL_HIGH | SSL_FIPS,
1312 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1313 256,
1314 256,
1315 },
1316 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1317 {
1318 1,
1319 TLS1_TXT_PSK_WITH_NULL_SHA,
1320 TLS1_RFC_PSK_WITH_NULL_SHA,
1321 TLS1_CK_PSK_WITH_NULL_SHA,
1322 SSL_kPSK,
1323 SSL_aPSK,
1324 SSL_eNULL,
1325 SSL_SHA1,
1326 SSL3_VERSION, TLS1_2_VERSION,
1327 DTLS1_BAD_VER, DTLS1_2_VERSION,
1328 SSL_STRONG_NONE | SSL_FIPS,
1329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1330 0,
1331 0,
1332 },
1333 {
1334 1,
1335 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1336 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1337 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1338 SSL_kDHEPSK,
1339 SSL_aPSK,
1340 SSL_eNULL,
1341 SSL_SHA1,
1342 SSL3_VERSION, TLS1_2_VERSION,
1343 DTLS1_BAD_VER, DTLS1_2_VERSION,
1344 SSL_STRONG_NONE | SSL_FIPS,
1345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1346 0,
1347 0,
1348 },
1349 {
1350 1,
1351 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1352 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1353 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1354 SSL_kRSAPSK,
1355 SSL_aRSA,
1356 SSL_eNULL,
1357 SSL_SHA1,
1358 SSL3_VERSION, TLS1_2_VERSION,
1359 DTLS1_BAD_VER, DTLS1_2_VERSION,
1360 SSL_STRONG_NONE | SSL_FIPS,
1361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1362 0,
1363 0,
1364 },
1365 #endif
1366 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1367 {
1368 1,
1369 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1370 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1371 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1372 SSL_kPSK,
1373 SSL_aPSK,
1374 SSL_3DES,
1375 SSL_SHA1,
1376 SSL3_VERSION, TLS1_2_VERSION,
1377 DTLS1_BAD_VER, DTLS1_2_VERSION,
1378 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1379 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1380 112,
1381 168,
1382 },
1383 # endif
1384 {
1385 1,
1386 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1387 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1388 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1389 SSL_kPSK,
1390 SSL_aPSK,
1391 SSL_AES128,
1392 SSL_SHA1,
1393 SSL3_VERSION, TLS1_2_VERSION,
1394 DTLS1_BAD_VER, DTLS1_2_VERSION,
1395 SSL_HIGH | SSL_FIPS,
1396 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1397 128,
1398 128,
1399 },
1400 {
1401 1,
1402 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1403 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1404 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1405 SSL_kPSK,
1406 SSL_aPSK,
1407 SSL_AES256,
1408 SSL_SHA1,
1409 SSL3_VERSION, TLS1_2_VERSION,
1410 DTLS1_BAD_VER, DTLS1_2_VERSION,
1411 SSL_HIGH | SSL_FIPS,
1412 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1413 256,
1414 256,
1415 },
1416 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1417 {
1418 1,
1419 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1420 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1421 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1422 SSL_kDHEPSK,
1423 SSL_aPSK,
1424 SSL_3DES,
1425 SSL_SHA1,
1426 SSL3_VERSION, TLS1_2_VERSION,
1427 DTLS1_BAD_VER, DTLS1_2_VERSION,
1428 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1429 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1430 112,
1431 168,
1432 },
1433 # endif
1434 {
1435 1,
1436 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1437 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1438 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1439 SSL_kDHEPSK,
1440 SSL_aPSK,
1441 SSL_AES128,
1442 SSL_SHA1,
1443 SSL3_VERSION, TLS1_2_VERSION,
1444 DTLS1_BAD_VER, DTLS1_2_VERSION,
1445 SSL_HIGH | SSL_FIPS,
1446 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1447 128,
1448 128,
1449 },
1450 {
1451 1,
1452 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1453 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1454 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1455 SSL_kDHEPSK,
1456 SSL_aPSK,
1457 SSL_AES256,
1458 SSL_SHA1,
1459 SSL3_VERSION, TLS1_2_VERSION,
1460 DTLS1_BAD_VER, DTLS1_2_VERSION,
1461 SSL_HIGH | SSL_FIPS,
1462 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1463 256,
1464 256,
1465 },
1466 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1467 {
1468 1,
1469 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1470 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1471 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1472 SSL_kRSAPSK,
1473 SSL_aRSA,
1474 SSL_3DES,
1475 SSL_SHA1,
1476 SSL3_VERSION, TLS1_2_VERSION,
1477 DTLS1_BAD_VER, DTLS1_2_VERSION,
1478 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1479 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1480 112,
1481 168,
1482 },
1483 # endif
1484 {
1485 1,
1486 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1487 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1488 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1489 SSL_kRSAPSK,
1490 SSL_aRSA,
1491 SSL_AES128,
1492 SSL_SHA1,
1493 SSL3_VERSION, TLS1_2_VERSION,
1494 DTLS1_BAD_VER, DTLS1_2_VERSION,
1495 SSL_HIGH | SSL_FIPS,
1496 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1497 128,
1498 128,
1499 },
1500 {
1501 1,
1502 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1503 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1504 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1505 SSL_kRSAPSK,
1506 SSL_aRSA,
1507 SSL_AES256,
1508 SSL_SHA1,
1509 SSL3_VERSION, TLS1_2_VERSION,
1510 DTLS1_BAD_VER, DTLS1_2_VERSION,
1511 SSL_HIGH | SSL_FIPS,
1512 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1513 256,
1514 256,
1515 },
1516 {
1517 1,
1518 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1519 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1520 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1521 SSL_kPSK,
1522 SSL_aPSK,
1523 SSL_AES128GCM,
1524 SSL_AEAD,
1525 TLS1_2_VERSION, TLS1_2_VERSION,
1526 DTLS1_2_VERSION, DTLS1_2_VERSION,
1527 SSL_HIGH | SSL_FIPS,
1528 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1529 128,
1530 128,
1531 },
1532 {
1533 1,
1534 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1535 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1536 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1537 SSL_kPSK,
1538 SSL_aPSK,
1539 SSL_AES256GCM,
1540 SSL_AEAD,
1541 TLS1_2_VERSION, TLS1_2_VERSION,
1542 DTLS1_2_VERSION, DTLS1_2_VERSION,
1543 SSL_HIGH | SSL_FIPS,
1544 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1545 256,
1546 256,
1547 },
1548 {
1549 1,
1550 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1551 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1552 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1553 SSL_kDHEPSK,
1554 SSL_aPSK,
1555 SSL_AES128GCM,
1556 SSL_AEAD,
1557 TLS1_2_VERSION, TLS1_2_VERSION,
1558 DTLS1_2_VERSION, DTLS1_2_VERSION,
1559 SSL_HIGH | SSL_FIPS,
1560 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1561 128,
1562 128,
1563 },
1564 {
1565 1,
1566 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1567 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1568 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1569 SSL_kDHEPSK,
1570 SSL_aPSK,
1571 SSL_AES256GCM,
1572 SSL_AEAD,
1573 TLS1_2_VERSION, TLS1_2_VERSION,
1574 DTLS1_2_VERSION, DTLS1_2_VERSION,
1575 SSL_HIGH | SSL_FIPS,
1576 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1577 256,
1578 256,
1579 },
1580 {
1581 1,
1582 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1583 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1584 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1585 SSL_kRSAPSK,
1586 SSL_aRSA,
1587 SSL_AES128GCM,
1588 SSL_AEAD,
1589 TLS1_2_VERSION, TLS1_2_VERSION,
1590 DTLS1_2_VERSION, DTLS1_2_VERSION,
1591 SSL_HIGH | SSL_FIPS,
1592 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1593 128,
1594 128,
1595 },
1596 {
1597 1,
1598 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1599 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1600 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1601 SSL_kRSAPSK,
1602 SSL_aRSA,
1603 SSL_AES256GCM,
1604 SSL_AEAD,
1605 TLS1_2_VERSION, TLS1_2_VERSION,
1606 DTLS1_2_VERSION, DTLS1_2_VERSION,
1607 SSL_HIGH | SSL_FIPS,
1608 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1609 256,
1610 256,
1611 },
1612 {
1613 1,
1614 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1615 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1616 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1617 SSL_kPSK,
1618 SSL_aPSK,
1619 SSL_AES128,
1620 SSL_SHA256,
1621 TLS1_VERSION, TLS1_2_VERSION,
1622 DTLS1_BAD_VER, DTLS1_2_VERSION,
1623 SSL_HIGH | SSL_FIPS,
1624 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1625 128,
1626 128,
1627 },
1628 {
1629 1,
1630 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1631 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1632 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1633 SSL_kPSK,
1634 SSL_aPSK,
1635 SSL_AES256,
1636 SSL_SHA384,
1637 TLS1_VERSION, TLS1_2_VERSION,
1638 DTLS1_BAD_VER, DTLS1_2_VERSION,
1639 SSL_HIGH | SSL_FIPS,
1640 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1641 256,
1642 256,
1643 },
1644 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1645 {
1646 1,
1647 TLS1_TXT_PSK_WITH_NULL_SHA256,
1648 TLS1_RFC_PSK_WITH_NULL_SHA256,
1649 TLS1_CK_PSK_WITH_NULL_SHA256,
1650 SSL_kPSK,
1651 SSL_aPSK,
1652 SSL_eNULL,
1653 SSL_SHA256,
1654 TLS1_VERSION, TLS1_2_VERSION,
1655 DTLS1_BAD_VER, DTLS1_2_VERSION,
1656 SSL_STRONG_NONE | SSL_FIPS,
1657 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1658 0,
1659 0,
1660 },
1661 {
1662 1,
1663 TLS1_TXT_PSK_WITH_NULL_SHA384,
1664 TLS1_RFC_PSK_WITH_NULL_SHA384,
1665 TLS1_CK_PSK_WITH_NULL_SHA384,
1666 SSL_kPSK,
1667 SSL_aPSK,
1668 SSL_eNULL,
1669 SSL_SHA384,
1670 TLS1_VERSION, TLS1_2_VERSION,
1671 DTLS1_BAD_VER, DTLS1_2_VERSION,
1672 SSL_STRONG_NONE | SSL_FIPS,
1673 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1674 0,
1675 0,
1676 },
1677 #endif
1678 {
1679 1,
1680 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1681 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1682 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1683 SSL_kDHEPSK,
1684 SSL_aPSK,
1685 SSL_AES128,
1686 SSL_SHA256,
1687 TLS1_VERSION, TLS1_2_VERSION,
1688 DTLS1_BAD_VER, DTLS1_2_VERSION,
1689 SSL_HIGH | SSL_FIPS,
1690 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1691 128,
1692 128,
1693 },
1694 {
1695 1,
1696 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1697 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1698 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1699 SSL_kDHEPSK,
1700 SSL_aPSK,
1701 SSL_AES256,
1702 SSL_SHA384,
1703 TLS1_VERSION, TLS1_2_VERSION,
1704 DTLS1_BAD_VER, DTLS1_2_VERSION,
1705 SSL_HIGH | SSL_FIPS,
1706 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1707 256,
1708 256,
1709 },
1710 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1711 {
1712 1,
1713 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1714 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1715 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1716 SSL_kDHEPSK,
1717 SSL_aPSK,
1718 SSL_eNULL,
1719 SSL_SHA256,
1720 TLS1_VERSION, TLS1_2_VERSION,
1721 DTLS1_BAD_VER, DTLS1_2_VERSION,
1722 SSL_STRONG_NONE | SSL_FIPS,
1723 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1724 0,
1725 0,
1726 },
1727 {
1728 1,
1729 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1730 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1731 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1732 SSL_kDHEPSK,
1733 SSL_aPSK,
1734 SSL_eNULL,
1735 SSL_SHA384,
1736 TLS1_VERSION, TLS1_2_VERSION,
1737 DTLS1_BAD_VER, DTLS1_2_VERSION,
1738 SSL_STRONG_NONE | SSL_FIPS,
1739 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1740 0,
1741 0,
1742 },
1743 #endif
1744 {
1745 1,
1746 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1747 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1748 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1749 SSL_kRSAPSK,
1750 SSL_aRSA,
1751 SSL_AES128,
1752 SSL_SHA256,
1753 TLS1_VERSION, TLS1_2_VERSION,
1754 DTLS1_BAD_VER, DTLS1_2_VERSION,
1755 SSL_HIGH | SSL_FIPS,
1756 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1757 128,
1758 128,
1759 },
1760 {
1761 1,
1762 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1763 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1764 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1765 SSL_kRSAPSK,
1766 SSL_aRSA,
1767 SSL_AES256,
1768 SSL_SHA384,
1769 TLS1_VERSION, TLS1_2_VERSION,
1770 DTLS1_BAD_VER, DTLS1_2_VERSION,
1771 SSL_HIGH | SSL_FIPS,
1772 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1773 256,
1774 256,
1775 },
1776 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1777 {
1778 1,
1779 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1780 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1781 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1782 SSL_kRSAPSK,
1783 SSL_aRSA,
1784 SSL_eNULL,
1785 SSL_SHA256,
1786 TLS1_VERSION, TLS1_2_VERSION,
1787 DTLS1_BAD_VER, DTLS1_2_VERSION,
1788 SSL_STRONG_NONE | SSL_FIPS,
1789 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1790 0,
1791 0,
1792 },
1793 {
1794 1,
1795 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1796 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1797 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1798 SSL_kRSAPSK,
1799 SSL_aRSA,
1800 SSL_eNULL,
1801 SSL_SHA384,
1802 TLS1_VERSION, TLS1_2_VERSION,
1803 DTLS1_BAD_VER, DTLS1_2_VERSION,
1804 SSL_STRONG_NONE | SSL_FIPS,
1805 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1806 0,
1807 0,
1808 },
1809 #endif
1810 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1811 {
1812 1,
1813 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1814 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1815 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1816 SSL_kECDHEPSK,
1817 SSL_aPSK,
1818 SSL_3DES,
1819 SSL_SHA1,
1820 TLS1_VERSION, TLS1_2_VERSION,
1821 DTLS1_BAD_VER, DTLS1_2_VERSION,
1822 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1824 112,
1825 168,
1826 },
1827 # endif
1828 {
1829 1,
1830 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1831 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1832 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1833 SSL_kECDHEPSK,
1834 SSL_aPSK,
1835 SSL_AES128,
1836 SSL_SHA1,
1837 TLS1_VERSION, TLS1_2_VERSION,
1838 DTLS1_BAD_VER, DTLS1_2_VERSION,
1839 SSL_HIGH | SSL_FIPS,
1840 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1841 128,
1842 128,
1843 },
1844 {
1845 1,
1846 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1847 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1848 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1849 SSL_kECDHEPSK,
1850 SSL_aPSK,
1851 SSL_AES256,
1852 SSL_SHA1,
1853 TLS1_VERSION, TLS1_2_VERSION,
1854 DTLS1_BAD_VER, DTLS1_2_VERSION,
1855 SSL_HIGH | SSL_FIPS,
1856 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1857 256,
1858 256,
1859 },
1860 {
1861 1,
1862 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1863 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1864 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1865 SSL_kECDHEPSK,
1866 SSL_aPSK,
1867 SSL_AES128,
1868 SSL_SHA256,
1869 TLS1_VERSION, TLS1_2_VERSION,
1870 DTLS1_BAD_VER, DTLS1_2_VERSION,
1871 SSL_HIGH | SSL_FIPS,
1872 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1873 128,
1874 128,
1875 },
1876 {
1877 1,
1878 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1879 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1880 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1881 SSL_kECDHEPSK,
1882 SSL_aPSK,
1883 SSL_AES256,
1884 SSL_SHA384,
1885 TLS1_VERSION, TLS1_2_VERSION,
1886 DTLS1_BAD_VER, DTLS1_2_VERSION,
1887 SSL_HIGH | SSL_FIPS,
1888 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1889 256,
1890 256,
1891 },
1892 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1893 {
1894 1,
1895 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1896 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1897 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1898 SSL_kECDHEPSK,
1899 SSL_aPSK,
1900 SSL_eNULL,
1901 SSL_SHA1,
1902 TLS1_VERSION, TLS1_2_VERSION,
1903 DTLS1_BAD_VER, DTLS1_2_VERSION,
1904 SSL_STRONG_NONE | SSL_FIPS,
1905 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1906 0,
1907 0,
1908 },
1909 {
1910 1,
1911 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1912 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1913 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1914 SSL_kECDHEPSK,
1915 SSL_aPSK,
1916 SSL_eNULL,
1917 SSL_SHA256,
1918 TLS1_VERSION, TLS1_2_VERSION,
1919 DTLS1_BAD_VER, DTLS1_2_VERSION,
1920 SSL_STRONG_NONE | SSL_FIPS,
1921 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1922 0,
1923 0,
1924 },
1925 {
1926 1,
1927 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1928 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1929 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1930 SSL_kECDHEPSK,
1931 SSL_aPSK,
1932 SSL_eNULL,
1933 SSL_SHA384,
1934 TLS1_VERSION, TLS1_2_VERSION,
1935 DTLS1_BAD_VER, DTLS1_2_VERSION,
1936 SSL_STRONG_NONE | SSL_FIPS,
1937 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1938 0,
1939 0,
1940 },
1941 #endif
1942 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1943 {
1944 1,
1945 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1946 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1947 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1948 SSL_kSRP,
1949 SSL_aSRP,
1950 SSL_3DES,
1951 SSL_SHA1,
1952 SSL3_VERSION, TLS1_2_VERSION,
1953 DTLS1_BAD_VER, DTLS1_2_VERSION,
1954 SSL_NOT_DEFAULT | SSL_MEDIUM,
1955 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1956 112,
1957 168,
1958 },
1959 {
1960 1,
1961 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1962 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1963 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1964 SSL_kSRP,
1965 SSL_aRSA,
1966 SSL_3DES,
1967 SSL_SHA1,
1968 SSL3_VERSION, TLS1_2_VERSION,
1969 DTLS1_BAD_VER, DTLS1_2_VERSION,
1970 SSL_NOT_DEFAULT | SSL_MEDIUM,
1971 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1972 112,
1973 168,
1974 },
1975 {
1976 1,
1977 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1978 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1979 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1980 SSL_kSRP,
1981 SSL_aDSS,
1982 SSL_3DES,
1983 SSL_SHA1,
1984 SSL3_VERSION, TLS1_2_VERSION,
1985 DTLS1_BAD_VER, DTLS1_2_VERSION,
1986 SSL_NOT_DEFAULT | SSL_MEDIUM,
1987 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1988 112,
1989 168,
1990 },
1991 # endif
1992 {
1993 1,
1994 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1995 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1996 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1997 SSL_kSRP,
1998 SSL_aSRP,
1999 SSL_AES128,
2000 SSL_SHA1,
2001 SSL3_VERSION, TLS1_2_VERSION,
2002 DTLS1_BAD_VER, DTLS1_2_VERSION,
2003 SSL_HIGH,
2004 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2005 128,
2006 128,
2007 },
2008 {
2009 1,
2010 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2011 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2012 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2013 SSL_kSRP,
2014 SSL_aRSA,
2015 SSL_AES128,
2016 SSL_SHA1,
2017 SSL3_VERSION, TLS1_2_VERSION,
2018 DTLS1_BAD_VER, DTLS1_2_VERSION,
2019 SSL_HIGH,
2020 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2021 128,
2022 128,
2023 },
2024 {
2025 1,
2026 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2027 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2028 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2029 SSL_kSRP,
2030 SSL_aDSS,
2031 SSL_AES128,
2032 SSL_SHA1,
2033 SSL3_VERSION, TLS1_2_VERSION,
2034 DTLS1_BAD_VER, DTLS1_2_VERSION,
2035 SSL_NOT_DEFAULT | SSL_HIGH,
2036 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2037 128,
2038 128,
2039 },
2040 {
2041 1,
2042 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2043 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2044 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2045 SSL_kSRP,
2046 SSL_aSRP,
2047 SSL_AES256,
2048 SSL_SHA1,
2049 SSL3_VERSION, TLS1_2_VERSION,
2050 DTLS1_BAD_VER, DTLS1_2_VERSION,
2051 SSL_HIGH,
2052 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2053 256,
2054 256,
2055 },
2056 {
2057 1,
2058 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2059 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2060 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2061 SSL_kSRP,
2062 SSL_aRSA,
2063 SSL_AES256,
2064 SSL_SHA1,
2065 SSL3_VERSION, TLS1_2_VERSION,
2066 DTLS1_BAD_VER, DTLS1_2_VERSION,
2067 SSL_HIGH,
2068 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2069 256,
2070 256,
2071 },
2072 {
2073 1,
2074 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2075 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2076 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2077 SSL_kSRP,
2078 SSL_aDSS,
2079 SSL_AES256,
2080 SSL_SHA1,
2081 SSL3_VERSION, TLS1_2_VERSION,
2082 DTLS1_BAD_VER, DTLS1_2_VERSION,
2083 SSL_NOT_DEFAULT | SSL_HIGH,
2084 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2085 256,
2086 256,
2087 },
2088
2089 {
2090 1,
2091 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2092 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2093 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2094 SSL_kDHE,
2095 SSL_aRSA,
2096 SSL_CHACHA20POLY1305,
2097 SSL_AEAD,
2098 TLS1_2_VERSION, TLS1_2_VERSION,
2099 DTLS1_2_VERSION, DTLS1_2_VERSION,
2100 SSL_HIGH,
2101 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2102 256,
2103 256,
2104 },
2105 {
2106 1,
2107 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2108 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2109 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2110 SSL_kECDHE,
2111 SSL_aRSA,
2112 SSL_CHACHA20POLY1305,
2113 SSL_AEAD,
2114 TLS1_2_VERSION, TLS1_2_VERSION,
2115 DTLS1_2_VERSION, DTLS1_2_VERSION,
2116 SSL_HIGH,
2117 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2118 256,
2119 256,
2120 },
2121 {
2122 1,
2123 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2124 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2125 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2126 SSL_kECDHE,
2127 SSL_aECDSA,
2128 SSL_CHACHA20POLY1305,
2129 SSL_AEAD,
2130 TLS1_2_VERSION, TLS1_2_VERSION,
2131 DTLS1_2_VERSION, DTLS1_2_VERSION,
2132 SSL_HIGH,
2133 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2134 256,
2135 256,
2136 },
2137 {
2138 1,
2139 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2140 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2141 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2142 SSL_kPSK,
2143 SSL_aPSK,
2144 SSL_CHACHA20POLY1305,
2145 SSL_AEAD,
2146 TLS1_2_VERSION, TLS1_2_VERSION,
2147 DTLS1_2_VERSION, DTLS1_2_VERSION,
2148 SSL_HIGH,
2149 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2150 256,
2151 256,
2152 },
2153 {
2154 1,
2155 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2156 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2157 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2158 SSL_kECDHEPSK,
2159 SSL_aPSK,
2160 SSL_CHACHA20POLY1305,
2161 SSL_AEAD,
2162 TLS1_2_VERSION, TLS1_2_VERSION,
2163 DTLS1_2_VERSION, DTLS1_2_VERSION,
2164 SSL_HIGH,
2165 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2166 256,
2167 256,
2168 },
2169 {
2170 1,
2171 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2172 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2173 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2174 SSL_kDHEPSK,
2175 SSL_aPSK,
2176 SSL_CHACHA20POLY1305,
2177 SSL_AEAD,
2178 TLS1_2_VERSION, TLS1_2_VERSION,
2179 DTLS1_2_VERSION, DTLS1_2_VERSION,
2180 SSL_HIGH,
2181 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2182 256,
2183 256,
2184 },
2185 {
2186 1,
2187 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2188 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2189 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2190 SSL_kRSAPSK,
2191 SSL_aRSA,
2192 SSL_CHACHA20POLY1305,
2193 SSL_AEAD,
2194 TLS1_2_VERSION, TLS1_2_VERSION,
2195 DTLS1_2_VERSION, DTLS1_2_VERSION,
2196 SSL_HIGH,
2197 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2198 256,
2199 256,
2200 },
2201
2202 {
2203 1,
2204 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2205 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2206 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2207 SSL_kRSA,
2208 SSL_aRSA,
2209 SSL_CAMELLIA128,
2210 SSL_SHA256,
2211 TLS1_2_VERSION, TLS1_2_VERSION,
2212 DTLS1_2_VERSION, DTLS1_2_VERSION,
2213 SSL_NOT_DEFAULT | SSL_HIGH,
2214 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2215 128,
2216 128,
2217 },
2218 {
2219 1,
2220 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2221 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2222 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2223 SSL_kDHE,
2224 SSL_aDSS,
2225 SSL_CAMELLIA128,
2226 SSL_SHA256,
2227 TLS1_2_VERSION, TLS1_2_VERSION,
2228 DTLS1_2_VERSION, DTLS1_2_VERSION,
2229 SSL_NOT_DEFAULT | SSL_HIGH,
2230 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2231 128,
2232 128,
2233 },
2234 {
2235 1,
2236 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2237 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2238 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2239 SSL_kDHE,
2240 SSL_aRSA,
2241 SSL_CAMELLIA128,
2242 SSL_SHA256,
2243 TLS1_2_VERSION, TLS1_2_VERSION,
2244 DTLS1_2_VERSION, DTLS1_2_VERSION,
2245 SSL_NOT_DEFAULT | SSL_HIGH,
2246 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2247 128,
2248 128,
2249 },
2250 {
2251 1,
2252 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2253 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2254 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2255 SSL_kDHE,
2256 SSL_aNULL,
2257 SSL_CAMELLIA128,
2258 SSL_SHA256,
2259 TLS1_2_VERSION, TLS1_2_VERSION,
2260 DTLS1_2_VERSION, DTLS1_2_VERSION,
2261 SSL_NOT_DEFAULT | SSL_HIGH,
2262 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2263 128,
2264 128,
2265 },
2266 {
2267 1,
2268 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2269 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2270 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2271 SSL_kRSA,
2272 SSL_aRSA,
2273 SSL_CAMELLIA256,
2274 SSL_SHA256,
2275 TLS1_2_VERSION, TLS1_2_VERSION,
2276 DTLS1_2_VERSION, DTLS1_2_VERSION,
2277 SSL_NOT_DEFAULT | SSL_HIGH,
2278 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2279 256,
2280 256,
2281 },
2282 {
2283 1,
2284 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2285 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2286 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2287 SSL_kDHE,
2288 SSL_aDSS,
2289 SSL_CAMELLIA256,
2290 SSL_SHA256,
2291 TLS1_2_VERSION, TLS1_2_VERSION,
2292 DTLS1_2_VERSION, DTLS1_2_VERSION,
2293 SSL_NOT_DEFAULT | SSL_HIGH,
2294 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2295 256,
2296 256,
2297 },
2298 {
2299 1,
2300 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2301 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2302 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2303 SSL_kDHE,
2304 SSL_aRSA,
2305 SSL_CAMELLIA256,
2306 SSL_SHA256,
2307 TLS1_2_VERSION, TLS1_2_VERSION,
2308 DTLS1_2_VERSION, DTLS1_2_VERSION,
2309 SSL_NOT_DEFAULT | SSL_HIGH,
2310 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2311 256,
2312 256,
2313 },
2314 {
2315 1,
2316 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2317 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2318 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2319 SSL_kDHE,
2320 SSL_aNULL,
2321 SSL_CAMELLIA256,
2322 SSL_SHA256,
2323 TLS1_2_VERSION, TLS1_2_VERSION,
2324 DTLS1_2_VERSION, DTLS1_2_VERSION,
2325 SSL_NOT_DEFAULT | SSL_HIGH,
2326 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2327 256,
2328 256,
2329 },
2330 {
2331 1,
2332 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2333 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2334 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2335 SSL_kRSA,
2336 SSL_aRSA,
2337 SSL_CAMELLIA256,
2338 SSL_SHA1,
2339 SSL3_VERSION, TLS1_2_VERSION,
2340 DTLS1_BAD_VER, DTLS1_2_VERSION,
2341 SSL_NOT_DEFAULT | SSL_HIGH,
2342 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2343 256,
2344 256,
2345 },
2346 {
2347 1,
2348 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2349 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2350 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2351 SSL_kDHE,
2352 SSL_aDSS,
2353 SSL_CAMELLIA256,
2354 SSL_SHA1,
2355 SSL3_VERSION, TLS1_2_VERSION,
2356 DTLS1_BAD_VER, DTLS1_2_VERSION,
2357 SSL_NOT_DEFAULT | SSL_HIGH,
2358 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2359 256,
2360 256,
2361 },
2362 {
2363 1,
2364 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2365 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2366 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2367 SSL_kDHE,
2368 SSL_aRSA,
2369 SSL_CAMELLIA256,
2370 SSL_SHA1,
2371 SSL3_VERSION, TLS1_2_VERSION,
2372 DTLS1_BAD_VER, DTLS1_2_VERSION,
2373 SSL_NOT_DEFAULT | SSL_HIGH,
2374 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2375 256,
2376 256,
2377 },
2378 {
2379 1,
2380 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2381 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2382 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2383 SSL_kDHE,
2384 SSL_aNULL,
2385 SSL_CAMELLIA256,
2386 SSL_SHA1,
2387 SSL3_VERSION, TLS1_2_VERSION,
2388 DTLS1_BAD_VER, DTLS1_2_VERSION,
2389 SSL_NOT_DEFAULT | SSL_HIGH,
2390 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2391 256,
2392 256,
2393 },
2394 {
2395 1,
2396 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2397 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2398 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2399 SSL_kRSA,
2400 SSL_aRSA,
2401 SSL_CAMELLIA128,
2402 SSL_SHA1,
2403 SSL3_VERSION, TLS1_2_VERSION,
2404 DTLS1_BAD_VER, DTLS1_2_VERSION,
2405 SSL_NOT_DEFAULT | SSL_HIGH,
2406 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2407 128,
2408 128,
2409 },
2410 {
2411 1,
2412 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2413 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2414 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2415 SSL_kDHE,
2416 SSL_aDSS,
2417 SSL_CAMELLIA128,
2418 SSL_SHA1,
2419 SSL3_VERSION, TLS1_2_VERSION,
2420 DTLS1_BAD_VER, DTLS1_2_VERSION,
2421 SSL_NOT_DEFAULT | SSL_HIGH,
2422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2423 128,
2424 128,
2425 },
2426 {
2427 1,
2428 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2429 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2430 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2431 SSL_kDHE,
2432 SSL_aRSA,
2433 SSL_CAMELLIA128,
2434 SSL_SHA1,
2435 SSL3_VERSION, TLS1_2_VERSION,
2436 DTLS1_BAD_VER, DTLS1_2_VERSION,
2437 SSL_NOT_DEFAULT | SSL_HIGH,
2438 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2439 128,
2440 128,
2441 },
2442 {
2443 1,
2444 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2445 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2446 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2447 SSL_kDHE,
2448 SSL_aNULL,
2449 SSL_CAMELLIA128,
2450 SSL_SHA1,
2451 SSL3_VERSION, TLS1_2_VERSION,
2452 DTLS1_BAD_VER, DTLS1_2_VERSION,
2453 SSL_NOT_DEFAULT | SSL_HIGH,
2454 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2455 128,
2456 128,
2457 },
2458 {
2459 1,
2460 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2461 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2462 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2463 SSL_kECDHE,
2464 SSL_aECDSA,
2465 SSL_CAMELLIA128,
2466 SSL_SHA256,
2467 TLS1_2_VERSION, TLS1_2_VERSION,
2468 DTLS1_2_VERSION, DTLS1_2_VERSION,
2469 SSL_NOT_DEFAULT | SSL_HIGH,
2470 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2471 128,
2472 128,
2473 },
2474 {
2475 1,
2476 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2477 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2478 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2479 SSL_kECDHE,
2480 SSL_aECDSA,
2481 SSL_CAMELLIA256,
2482 SSL_SHA384,
2483 TLS1_2_VERSION, TLS1_2_VERSION,
2484 DTLS1_2_VERSION, DTLS1_2_VERSION,
2485 SSL_NOT_DEFAULT | SSL_HIGH,
2486 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2487 256,
2488 256,
2489 },
2490 {
2491 1,
2492 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2493 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2494 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2495 SSL_kECDHE,
2496 SSL_aRSA,
2497 SSL_CAMELLIA128,
2498 SSL_SHA256,
2499 TLS1_2_VERSION, TLS1_2_VERSION,
2500 DTLS1_2_VERSION, DTLS1_2_VERSION,
2501 SSL_NOT_DEFAULT | SSL_HIGH,
2502 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2503 128,
2504 128,
2505 },
2506 {
2507 1,
2508 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2509 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2510 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2511 SSL_kECDHE,
2512 SSL_aRSA,
2513 SSL_CAMELLIA256,
2514 SSL_SHA384,
2515 TLS1_2_VERSION, TLS1_2_VERSION,
2516 DTLS1_2_VERSION, DTLS1_2_VERSION,
2517 SSL_NOT_DEFAULT | SSL_HIGH,
2518 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2519 256,
2520 256,
2521 },
2522 {
2523 1,
2524 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2525 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2526 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2527 SSL_kPSK,
2528 SSL_aPSK,
2529 SSL_CAMELLIA128,
2530 SSL_SHA256,
2531 TLS1_VERSION, TLS1_2_VERSION,
2532 DTLS1_BAD_VER, DTLS1_2_VERSION,
2533 SSL_NOT_DEFAULT | SSL_HIGH,
2534 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2535 128,
2536 128,
2537 },
2538 {
2539 1,
2540 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2541 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2542 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2543 SSL_kPSK,
2544 SSL_aPSK,
2545 SSL_CAMELLIA256,
2546 SSL_SHA384,
2547 TLS1_VERSION, TLS1_2_VERSION,
2548 DTLS1_BAD_VER, DTLS1_2_VERSION,
2549 SSL_NOT_DEFAULT | SSL_HIGH,
2550 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2551 256,
2552 256,
2553 },
2554 {
2555 1,
2556 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2557 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2558 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2559 SSL_kDHEPSK,
2560 SSL_aPSK,
2561 SSL_CAMELLIA128,
2562 SSL_SHA256,
2563 TLS1_VERSION, TLS1_2_VERSION,
2564 DTLS1_BAD_VER, DTLS1_2_VERSION,
2565 SSL_NOT_DEFAULT | SSL_HIGH,
2566 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2567 128,
2568 128,
2569 },
2570 {
2571 1,
2572 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2573 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2574 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2575 SSL_kDHEPSK,
2576 SSL_aPSK,
2577 SSL_CAMELLIA256,
2578 SSL_SHA384,
2579 TLS1_VERSION, TLS1_2_VERSION,
2580 DTLS1_BAD_VER, DTLS1_2_VERSION,
2581 SSL_NOT_DEFAULT | SSL_HIGH,
2582 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2583 256,
2584 256,
2585 },
2586 {
2587 1,
2588 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2589 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2590 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2591 SSL_kRSAPSK,
2592 SSL_aRSA,
2593 SSL_CAMELLIA128,
2594 SSL_SHA256,
2595 TLS1_VERSION, TLS1_2_VERSION,
2596 DTLS1_BAD_VER, DTLS1_2_VERSION,
2597 SSL_NOT_DEFAULT | SSL_HIGH,
2598 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2599 128,
2600 128,
2601 },
2602 {
2603 1,
2604 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2605 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2606 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2607 SSL_kRSAPSK,
2608 SSL_aRSA,
2609 SSL_CAMELLIA256,
2610 SSL_SHA384,
2611 TLS1_VERSION, TLS1_2_VERSION,
2612 DTLS1_BAD_VER, DTLS1_2_VERSION,
2613 SSL_NOT_DEFAULT | SSL_HIGH,
2614 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2615 256,
2616 256,
2617 },
2618 {
2619 1,
2620 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2621 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2622 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2623 SSL_kECDHEPSK,
2624 SSL_aPSK,
2625 SSL_CAMELLIA128,
2626 SSL_SHA256,
2627 TLS1_VERSION, TLS1_2_VERSION,
2628 DTLS1_BAD_VER, DTLS1_2_VERSION,
2629 SSL_NOT_DEFAULT | SSL_HIGH,
2630 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2631 128,
2632 128,
2633 },
2634 {
2635 1,
2636 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2637 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2638 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2639 SSL_kECDHEPSK,
2640 SSL_aPSK,
2641 SSL_CAMELLIA256,
2642 SSL_SHA384,
2643 TLS1_VERSION, TLS1_2_VERSION,
2644 DTLS1_BAD_VER, DTLS1_2_VERSION,
2645 SSL_NOT_DEFAULT | SSL_HIGH,
2646 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2647 256,
2648 256,
2649 },
2650
2651 #ifndef OPENSSL_NO_GOST
2652 {
2653 1,
2654 "GOST2001-GOST89-GOST89",
2655 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2656 0x3000081,
2657 SSL_kGOST,
2658 SSL_aGOST01,
2659 SSL_eGOST2814789CNT,
2660 SSL_GOST89MAC,
2661 TLS1_VERSION, TLS1_2_VERSION,
2662 0, 0,
2663 SSL_HIGH,
2664 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2665 256,
2666 256,
2667 },
2668 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2669 {
2670 1,
2671 "GOST2001-NULL-GOST94",
2672 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2673 0x3000083,
2674 SSL_kGOST,
2675 SSL_aGOST01,
2676 SSL_eNULL,
2677 SSL_GOST94,
2678 TLS1_VERSION, TLS1_2_VERSION,
2679 0, 0,
2680 SSL_STRONG_NONE,
2681 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2682 0,
2683 0,
2684 },
2685 # endif
2686 {
2687 1,
2688 "IANA-GOST2012-GOST8912-GOST8912",
2689 NULL,
2690 0x0300c102,
2691 SSL_kGOST,
2692 SSL_aGOST12 | SSL_aGOST01,
2693 SSL_eGOST2814789CNT12,
2694 SSL_GOST89MAC12,
2695 TLS1_VERSION, TLS1_2_VERSION,
2696 0, 0,
2697 SSL_HIGH,
2698 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2699 256,
2700 256,
2701 },
2702 {
2703 1,
2704 "LEGACY-GOST2012-GOST8912-GOST8912",
2705 NULL,
2706 0x0300ff85,
2707 SSL_kGOST,
2708 SSL_aGOST12 | SSL_aGOST01,
2709 SSL_eGOST2814789CNT12,
2710 SSL_GOST89MAC12,
2711 TLS1_VERSION, TLS1_2_VERSION,
2712 0, 0,
2713 SSL_HIGH,
2714 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2715 256,
2716 256,
2717 },
2718 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2719 {
2720 1,
2721 "GOST2012-NULL-GOST12",
2722 NULL,
2723 0x0300ff87,
2724 SSL_kGOST,
2725 SSL_aGOST12 | SSL_aGOST01,
2726 SSL_eNULL,
2727 SSL_GOST12_256,
2728 TLS1_VERSION, TLS1_2_VERSION,
2729 0, 0,
2730 SSL_STRONG_NONE,
2731 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2732 0,
2733 0,
2734 },
2735 # endif
2736 {
2737 1,
2738 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2739 NULL,
2740 0x0300C100,
2741 SSL_kGOST18,
2742 SSL_aGOST12,
2743 SSL_KUZNYECHIK,
2744 SSL_KUZNYECHIKOMAC,
2745 TLS1_2_VERSION, TLS1_2_VERSION,
2746 0, 0,
2747 SSL_HIGH,
2748 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2749 256,
2750 256,
2751 },
2752 {
2753 1,
2754 "GOST2012-MAGMA-MAGMAOMAC",
2755 NULL,
2756 0x0300C101,
2757 SSL_kGOST18,
2758 SSL_aGOST12,
2759 SSL_MAGMA,
2760 SSL_MAGMAOMAC,
2761 TLS1_2_VERSION, TLS1_2_VERSION,
2762 0, 0,
2763 SSL_HIGH,
2764 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2765 256,
2766 256,
2767 },
2768 #endif /* OPENSSL_NO_GOST */
2769
2770 {
2771 1,
2772 SSL3_TXT_RSA_IDEA_128_SHA,
2773 SSL3_RFC_RSA_IDEA_128_SHA,
2774 SSL3_CK_RSA_IDEA_128_SHA,
2775 SSL_kRSA,
2776 SSL_aRSA,
2777 SSL_IDEA,
2778 SSL_SHA1,
2779 SSL3_VERSION, TLS1_1_VERSION,
2780 DTLS1_BAD_VER, DTLS1_VERSION,
2781 SSL_NOT_DEFAULT | SSL_MEDIUM,
2782 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2783 128,
2784 128,
2785 },
2786
2787 {
2788 1,
2789 TLS1_TXT_RSA_WITH_SEED_SHA,
2790 TLS1_RFC_RSA_WITH_SEED_SHA,
2791 TLS1_CK_RSA_WITH_SEED_SHA,
2792 SSL_kRSA,
2793 SSL_aRSA,
2794 SSL_SEED,
2795 SSL_SHA1,
2796 SSL3_VERSION, TLS1_2_VERSION,
2797 DTLS1_BAD_VER, DTLS1_2_VERSION,
2798 SSL_NOT_DEFAULT | SSL_MEDIUM,
2799 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2800 128,
2801 128,
2802 },
2803 {
2804 1,
2805 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2806 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2807 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2808 SSL_kDHE,
2809 SSL_aDSS,
2810 SSL_SEED,
2811 SSL_SHA1,
2812 SSL3_VERSION, TLS1_2_VERSION,
2813 DTLS1_BAD_VER, DTLS1_2_VERSION,
2814 SSL_NOT_DEFAULT | SSL_MEDIUM,
2815 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2816 128,
2817 128,
2818 },
2819 {
2820 1,
2821 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2822 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2823 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2824 SSL_kDHE,
2825 SSL_aRSA,
2826 SSL_SEED,
2827 SSL_SHA1,
2828 SSL3_VERSION, TLS1_2_VERSION,
2829 DTLS1_BAD_VER, DTLS1_2_VERSION,
2830 SSL_NOT_DEFAULT | SSL_MEDIUM,
2831 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2832 128,
2833 128,
2834 },
2835 {
2836 1,
2837 TLS1_TXT_ADH_WITH_SEED_SHA,
2838 TLS1_RFC_ADH_WITH_SEED_SHA,
2839 TLS1_CK_ADH_WITH_SEED_SHA,
2840 SSL_kDHE,
2841 SSL_aNULL,
2842 SSL_SEED,
2843 SSL_SHA1,
2844 SSL3_VERSION, TLS1_2_VERSION,
2845 DTLS1_BAD_VER, DTLS1_2_VERSION,
2846 SSL_NOT_DEFAULT | SSL_MEDIUM,
2847 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2848 128,
2849 128,
2850 },
2851
2852 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2853 {
2854 1,
2855 SSL3_TXT_RSA_RC4_128_MD5,
2856 SSL3_RFC_RSA_RC4_128_MD5,
2857 SSL3_CK_RSA_RC4_128_MD5,
2858 SSL_kRSA,
2859 SSL_aRSA,
2860 SSL_RC4,
2861 SSL_MD5,
2862 SSL3_VERSION, TLS1_2_VERSION,
2863 0, 0,
2864 SSL_NOT_DEFAULT | SSL_MEDIUM,
2865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2866 80,
2867 128,
2868 },
2869 {
2870 1,
2871 SSL3_TXT_RSA_RC4_128_SHA,
2872 SSL3_RFC_RSA_RC4_128_SHA,
2873 SSL3_CK_RSA_RC4_128_SHA,
2874 SSL_kRSA,
2875 SSL_aRSA,
2876 SSL_RC4,
2877 SSL_SHA1,
2878 SSL3_VERSION, TLS1_2_VERSION,
2879 0, 0,
2880 SSL_NOT_DEFAULT | SSL_MEDIUM,
2881 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2882 80,
2883 128,
2884 },
2885 {
2886 1,
2887 SSL3_TXT_ADH_RC4_128_MD5,
2888 SSL3_RFC_ADH_RC4_128_MD5,
2889 SSL3_CK_ADH_RC4_128_MD5,
2890 SSL_kDHE,
2891 SSL_aNULL,
2892 SSL_RC4,
2893 SSL_MD5,
2894 SSL3_VERSION, TLS1_2_VERSION,
2895 0, 0,
2896 SSL_NOT_DEFAULT | SSL_MEDIUM,
2897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2898 80,
2899 128,
2900 },
2901 {
2902 1,
2903 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2904 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2905 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2906 SSL_kECDHEPSK,
2907 SSL_aPSK,
2908 SSL_RC4,
2909 SSL_SHA1,
2910 TLS1_VERSION, TLS1_2_VERSION,
2911 0, 0,
2912 SSL_NOT_DEFAULT | SSL_MEDIUM,
2913 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2914 80,
2915 128,
2916 },
2917 {
2918 1,
2919 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2920 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2921 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2922 SSL_kECDHE,
2923 SSL_aNULL,
2924 SSL_RC4,
2925 SSL_SHA1,
2926 TLS1_VERSION, TLS1_2_VERSION,
2927 0, 0,
2928 SSL_NOT_DEFAULT | SSL_MEDIUM,
2929 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2930 80,
2931 128,
2932 },
2933 {
2934 1,
2935 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2936 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2937 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2938 SSL_kECDHE,
2939 SSL_aECDSA,
2940 SSL_RC4,
2941 SSL_SHA1,
2942 TLS1_VERSION, TLS1_2_VERSION,
2943 0, 0,
2944 SSL_NOT_DEFAULT | SSL_MEDIUM,
2945 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2946 80,
2947 128,
2948 },
2949 {
2950 1,
2951 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2952 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2953 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2954 SSL_kECDHE,
2955 SSL_aRSA,
2956 SSL_RC4,
2957 SSL_SHA1,
2958 TLS1_VERSION, TLS1_2_VERSION,
2959 0, 0,
2960 SSL_NOT_DEFAULT | SSL_MEDIUM,
2961 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2962 80,
2963 128,
2964 },
2965 {
2966 1,
2967 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2968 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2969 TLS1_CK_PSK_WITH_RC4_128_SHA,
2970 SSL_kPSK,
2971 SSL_aPSK,
2972 SSL_RC4,
2973 SSL_SHA1,
2974 SSL3_VERSION, TLS1_2_VERSION,
2975 0, 0,
2976 SSL_NOT_DEFAULT | SSL_MEDIUM,
2977 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2978 80,
2979 128,
2980 },
2981 {
2982 1,
2983 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2984 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2985 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2986 SSL_kRSAPSK,
2987 SSL_aRSA,
2988 SSL_RC4,
2989 SSL_SHA1,
2990 SSL3_VERSION, TLS1_2_VERSION,
2991 0, 0,
2992 SSL_NOT_DEFAULT | SSL_MEDIUM,
2993 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2994 80,
2995 128,
2996 },
2997 {
2998 1,
2999 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3000 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3001 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3002 SSL_kDHEPSK,
3003 SSL_aPSK,
3004 SSL_RC4,
3005 SSL_SHA1,
3006 SSL3_VERSION, TLS1_2_VERSION,
3007 0, 0,
3008 SSL_NOT_DEFAULT | SSL_MEDIUM,
3009 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3010 80,
3011 128,
3012 },
3013 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3014
3015 {
3016 1,
3017 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3018 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3019 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3020 SSL_kRSA,
3021 SSL_aRSA,
3022 SSL_ARIA128GCM,
3023 SSL_AEAD,
3024 TLS1_2_VERSION, TLS1_2_VERSION,
3025 DTLS1_2_VERSION, DTLS1_2_VERSION,
3026 SSL_NOT_DEFAULT | SSL_HIGH,
3027 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3028 128,
3029 128,
3030 },
3031 {
3032 1,
3033 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3034 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3035 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3036 SSL_kRSA,
3037 SSL_aRSA,
3038 SSL_ARIA256GCM,
3039 SSL_AEAD,
3040 TLS1_2_VERSION, TLS1_2_VERSION,
3041 DTLS1_2_VERSION, DTLS1_2_VERSION,
3042 SSL_NOT_DEFAULT | SSL_HIGH,
3043 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3044 256,
3045 256,
3046 },
3047 {
3048 1,
3049 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3050 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3051 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052 SSL_kDHE,
3053 SSL_aRSA,
3054 SSL_ARIA128GCM,
3055 SSL_AEAD,
3056 TLS1_2_VERSION, TLS1_2_VERSION,
3057 DTLS1_2_VERSION, DTLS1_2_VERSION,
3058 SSL_NOT_DEFAULT | SSL_HIGH,
3059 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3060 128,
3061 128,
3062 },
3063 {
3064 1,
3065 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3066 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3067 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068 SSL_kDHE,
3069 SSL_aRSA,
3070 SSL_ARIA256GCM,
3071 SSL_AEAD,
3072 TLS1_2_VERSION, TLS1_2_VERSION,
3073 DTLS1_2_VERSION, DTLS1_2_VERSION,
3074 SSL_NOT_DEFAULT | SSL_HIGH,
3075 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3076 256,
3077 256,
3078 },
3079 {
3080 1,
3081 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3082 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3083 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3084 SSL_kDHE,
3085 SSL_aDSS,
3086 SSL_ARIA128GCM,
3087 SSL_AEAD,
3088 TLS1_2_VERSION, TLS1_2_VERSION,
3089 DTLS1_2_VERSION, DTLS1_2_VERSION,
3090 SSL_NOT_DEFAULT | SSL_HIGH,
3091 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3092 128,
3093 128,
3094 },
3095 {
3096 1,
3097 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3098 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3099 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3100 SSL_kDHE,
3101 SSL_aDSS,
3102 SSL_ARIA256GCM,
3103 SSL_AEAD,
3104 TLS1_2_VERSION, TLS1_2_VERSION,
3105 DTLS1_2_VERSION, DTLS1_2_VERSION,
3106 SSL_NOT_DEFAULT | SSL_HIGH,
3107 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3108 256,
3109 256,
3110 },
3111 {
3112 1,
3113 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3114 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3115 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3116 SSL_kECDHE,
3117 SSL_aECDSA,
3118 SSL_ARIA128GCM,
3119 SSL_AEAD,
3120 TLS1_2_VERSION, TLS1_2_VERSION,
3121 DTLS1_2_VERSION, DTLS1_2_VERSION,
3122 SSL_NOT_DEFAULT | SSL_HIGH,
3123 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3124 128,
3125 128,
3126 },
3127 {
3128 1,
3129 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3130 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3131 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3132 SSL_kECDHE,
3133 SSL_aECDSA,
3134 SSL_ARIA256GCM,
3135 SSL_AEAD,
3136 TLS1_2_VERSION, TLS1_2_VERSION,
3137 DTLS1_2_VERSION, DTLS1_2_VERSION,
3138 SSL_NOT_DEFAULT | SSL_HIGH,
3139 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3140 256,
3141 256,
3142 },
3143 {
3144 1,
3145 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3146 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3147 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3148 SSL_kECDHE,
3149 SSL_aRSA,
3150 SSL_ARIA128GCM,
3151 SSL_AEAD,
3152 TLS1_2_VERSION, TLS1_2_VERSION,
3153 DTLS1_2_VERSION, DTLS1_2_VERSION,
3154 SSL_NOT_DEFAULT | SSL_HIGH,
3155 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3156 128,
3157 128,
3158 },
3159 {
3160 1,
3161 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3162 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3163 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3164 SSL_kECDHE,
3165 SSL_aRSA,
3166 SSL_ARIA256GCM,
3167 SSL_AEAD,
3168 TLS1_2_VERSION, TLS1_2_VERSION,
3169 DTLS1_2_VERSION, DTLS1_2_VERSION,
3170 SSL_NOT_DEFAULT | SSL_HIGH,
3171 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3172 256,
3173 256,
3174 },
3175 {
3176 1,
3177 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3178 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3179 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3180 SSL_kPSK,
3181 SSL_aPSK,
3182 SSL_ARIA128GCM,
3183 SSL_AEAD,
3184 TLS1_2_VERSION, TLS1_2_VERSION,
3185 DTLS1_2_VERSION, DTLS1_2_VERSION,
3186 SSL_NOT_DEFAULT | SSL_HIGH,
3187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3188 128,
3189 128,
3190 },
3191 {
3192 1,
3193 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3194 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3195 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3196 SSL_kPSK,
3197 SSL_aPSK,
3198 SSL_ARIA256GCM,
3199 SSL_AEAD,
3200 TLS1_2_VERSION, TLS1_2_VERSION,
3201 DTLS1_2_VERSION, DTLS1_2_VERSION,
3202 SSL_NOT_DEFAULT | SSL_HIGH,
3203 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3204 256,
3205 256,
3206 },
3207 {
3208 1,
3209 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3210 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3211 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3212 SSL_kDHEPSK,
3213 SSL_aPSK,
3214 SSL_ARIA128GCM,
3215 SSL_AEAD,
3216 TLS1_2_VERSION, TLS1_2_VERSION,
3217 DTLS1_2_VERSION, DTLS1_2_VERSION,
3218 SSL_NOT_DEFAULT | SSL_HIGH,
3219 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3220 128,
3221 128,
3222 },
3223 {
3224 1,
3225 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3226 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3227 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3228 SSL_kDHEPSK,
3229 SSL_aPSK,
3230 SSL_ARIA256GCM,
3231 SSL_AEAD,
3232 TLS1_2_VERSION, TLS1_2_VERSION,
3233 DTLS1_2_VERSION, DTLS1_2_VERSION,
3234 SSL_NOT_DEFAULT | SSL_HIGH,
3235 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3236 256,
3237 256,
3238 },
3239 {
3240 1,
3241 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3242 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3243 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3244 SSL_kRSAPSK,
3245 SSL_aRSA,
3246 SSL_ARIA128GCM,
3247 SSL_AEAD,
3248 TLS1_2_VERSION, TLS1_2_VERSION,
3249 DTLS1_2_VERSION, DTLS1_2_VERSION,
3250 SSL_NOT_DEFAULT | SSL_HIGH,
3251 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3252 128,
3253 128,
3254 },
3255 {
3256 1,
3257 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3258 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3259 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3260 SSL_kRSAPSK,
3261 SSL_aRSA,
3262 SSL_ARIA256GCM,
3263 SSL_AEAD,
3264 TLS1_2_VERSION, TLS1_2_VERSION,
3265 DTLS1_2_VERSION, DTLS1_2_VERSION,
3266 SSL_NOT_DEFAULT | SSL_HIGH,
3267 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3268 256,
3269 256,
3270 },
3271 };
3272
3273 /*
3274 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3275 * values stuffed into the ciphers field of the wire protocol for signalling
3276 * purposes.
3277 */
3278 static SSL_CIPHER ssl3_scsvs[] = {
3279 {
3280 0,
3281 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3282 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3283 SSL3_CK_SCSV,
3284 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3285 },
3286 {
3287 0,
3288 "TLS_FALLBACK_SCSV",
3289 "TLS_FALLBACK_SCSV",
3290 SSL3_CK_FALLBACK_SCSV,
3291 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3292 },
3293 };
3294
3295 static int cipher_compare(const void *a, const void *b)
3296 {
3297 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3298 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3299
3300 if (ap->id == bp->id)
3301 return 0;
3302 return ap->id < bp->id ? -1 : 1;
3303 }
3304
3305 void ssl_sort_cipher_list(void)
3306 {
3307 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3308 cipher_compare);
3309 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3310 cipher_compare);
3311 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3312 }
3313
3314 static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3315 size_t s, const char *t, size_t u,
3316 const unsigned char *v, size_t w, int x)
3317 {
3318 (void)r;
3319 (void)s;
3320 (void)t;
3321 (void)u;
3322 (void)v;
3323 (void)w;
3324 (void)x;
3325 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3326 }
3327
3328 const SSL3_ENC_METHOD SSLv3_enc_data = {
3329 ssl3_setup_key_block,
3330 ssl3_generate_master_secret,
3331 ssl3_change_cipher_state,
3332 ssl3_final_finish_mac,
3333 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3334 SSL3_MD_SERVER_FINISHED_CONST, 4,
3335 ssl3_alert_code,
3336 sslcon_undefined_function_1,
3337 0,
3338 ssl3_set_handshake_header,
3339 tls_close_construct_packet,
3340 ssl3_handshake_write
3341 };
3342
3343 OSSL_TIME ssl3_default_timeout(void)
3344 {
3345 /*
3346 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3347 * http, the cache would over fill
3348 */
3349 return ossl_seconds2time(60 * 60 * 2);
3350 }
3351
3352 int ssl3_num_ciphers(void)
3353 {
3354 return SSL3_NUM_CIPHERS;
3355 }
3356
3357 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3358 {
3359 if (u < SSL3_NUM_CIPHERS)
3360 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3361 else
3362 return NULL;
3363 }
3364
3365 int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3366 {
3367 /* No header in the event of a CCS */
3368 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3369 return 1;
3370
3371 /* Set the content type and 3 bytes for the message len */
3372 if (!WPACKET_put_bytes_u8(pkt, htype)
3373 || !WPACKET_start_sub_packet_u24(pkt))
3374 return 0;
3375
3376 return 1;
3377 }
3378
3379 int ssl3_handshake_write(SSL_CONNECTION *s)
3380 {
3381 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3382 }
3383
3384 int ssl3_new(SSL *s)
3385 {
3386 #ifndef OPENSSL_NO_SRP
3387 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3388
3389 if (sc == NULL)
3390 return 0;
3391
3392 if (!ssl_srp_ctx_init_intern(sc))
3393 return 0;
3394 #endif
3395
3396 if (!s->method->ssl_clear(s))
3397 return 0;
3398
3399 return 1;
3400 }
3401
3402 void ssl3_free(SSL *s)
3403 {
3404 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3405
3406 if (sc == NULL)
3407 return;
3408
3409 ssl3_cleanup_key_block(sc);
3410
3411 EVP_PKEY_free(sc->s3.peer_tmp);
3412 sc->s3.peer_tmp = NULL;
3413 EVP_PKEY_free(sc->s3.tmp.pkey);
3414 sc->s3.tmp.pkey = NULL;
3415
3416 ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3417 ssl_evp_md_free(sc->s3.tmp.new_hash);
3418
3419 OPENSSL_free(sc->s3.tmp.ctype);
3420 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3421 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3422 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3423 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3424 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3425 OPENSSL_free(sc->s3.tmp.valid_flags);
3426 ssl3_free_digest_list(sc);
3427 OPENSSL_free(sc->s3.alpn_selected);
3428 OPENSSL_free(sc->s3.alpn_proposed);
3429
3430 #ifndef OPENSSL_NO_PSK
3431 OPENSSL_free(sc->s3.tmp.psk);
3432 #endif
3433
3434 #ifndef OPENSSL_NO_SRP
3435 ssl_srp_ctx_free_intern(sc);
3436 #endif
3437 memset(&sc->s3, 0, sizeof(sc->s3));
3438 }
3439
3440 int ssl3_clear(SSL *s)
3441 {
3442 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3443 int flags;
3444
3445 if (sc == NULL)
3446 return 0;
3447
3448 ssl3_cleanup_key_block(sc);
3449 OPENSSL_free(sc->s3.tmp.ctype);
3450 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3451 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3452 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3453 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3454 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3455 OPENSSL_free(sc->s3.tmp.valid_flags);
3456
3457 EVP_PKEY_free(sc->s3.tmp.pkey);
3458 EVP_PKEY_free(sc->s3.peer_tmp);
3459
3460 ssl3_free_digest_list(sc);
3461
3462 OPENSSL_free(sc->s3.alpn_selected);
3463 OPENSSL_free(sc->s3.alpn_proposed);
3464
3465 /*
3466 * NULL/zero-out everything in the s3 struct, but remember if we are doing
3467 * QUIC.
3468 */
3469 flags = sc->s3.flags & TLS1_FLAGS_QUIC;
3470 memset(&sc->s3, 0, sizeof(sc->s3));
3471 sc->s3.flags |= flags;
3472
3473 if (!ssl_free_wbio_buffer(sc))
3474 return 0;
3475
3476 sc->version = SSL3_VERSION;
3477
3478 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3479 OPENSSL_free(sc->ext.npn);
3480 sc->ext.npn = NULL;
3481 sc->ext.npn_len = 0;
3482 #endif
3483
3484 return 1;
3485 }
3486
3487 #ifndef OPENSSL_NO_SRP
3488 static char *srp_password_from_info_cb(SSL *s, void *arg)
3489 {
3490 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3491
3492 if (sc == NULL)
3493 return NULL;
3494
3495 return OPENSSL_strdup(sc->srp_ctx.info);
3496 }
3497 #endif
3498
3499 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3500
3501 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3502 {
3503 int ret = 0;
3504 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3505
3506 if (sc == NULL)
3507 return ret;
3508
3509 switch (cmd) {
3510 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3511 break;
3512 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3513 ret = sc->s3.num_renegotiations;
3514 break;
3515 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3516 ret = sc->s3.num_renegotiations;
3517 sc->s3.num_renegotiations = 0;
3518 break;
3519 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3520 ret = sc->s3.total_renegotiations;
3521 break;
3522 case SSL_CTRL_GET_FLAGS:
3523 ret = (int)(sc->s3.flags);
3524 break;
3525 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3526 case SSL_CTRL_SET_TMP_DH:
3527 {
3528 EVP_PKEY *pkdh = NULL;
3529 if (parg == NULL) {
3530 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3531 return 0;
3532 }
3533 pkdh = ssl_dh_to_pkey(parg);
3534 if (pkdh == NULL) {
3535 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3536 return 0;
3537 }
3538 if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3539 EVP_PKEY_free(pkdh);
3540 return 0;
3541 }
3542 return 1;
3543 }
3544 break;
3545 case SSL_CTRL_SET_TMP_DH_CB:
3546 {
3547 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3548 return ret;
3549 }
3550 #endif
3551 case SSL_CTRL_SET_DH_AUTO:
3552 sc->cert->dh_tmp_auto = larg;
3553 return 1;
3554 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3555 case SSL_CTRL_SET_TMP_ECDH:
3556 {
3557 if (parg == NULL) {
3558 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3559 return 0;
3560 }
3561 return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
3562 &sc->ext.supportedgroups_len,
3563 parg);
3564 }
3565 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3566 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3567 /*
3568 * This API is only used for a client to set what SNI it will request
3569 * from the server, but we currently allow it to be used on servers
3570 * as well, which is a programming error. Currently we just clear
3571 * the field in SSL_do_handshake() for server SSLs, but when we can
3572 * make ABI-breaking changes, we may want to make use of this API
3573 * an error on server SSLs.
3574 */
3575 if (larg == TLSEXT_NAMETYPE_host_name) {
3576 size_t len;
3577
3578 OPENSSL_free(sc->ext.hostname);
3579 sc->ext.hostname = NULL;
3580
3581 ret = 1;
3582 if (parg == NULL)
3583 break;
3584 len = strlen((char *)parg);
3585 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3586 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3587 return 0;
3588 }
3589 if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3590 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3591 return 0;
3592 }
3593 } else {
3594 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3595 return 0;
3596 }
3597 break;
3598 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3599 sc->ext.debug_arg = parg;
3600 ret = 1;
3601 break;
3602
3603 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3604 ret = sc->ext.status_type;
3605 break;
3606
3607 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3608 sc->ext.status_type = larg;
3609 ret = 1;
3610 break;
3611
3612 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3613 *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
3614 ret = 1;
3615 break;
3616
3617 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3618 sc->ext.ocsp.exts = parg;
3619 ret = 1;
3620 break;
3621
3622 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3623 *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
3624 ret = 1;
3625 break;
3626
3627 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3628 sc->ext.ocsp.ids = parg;
3629 ret = 1;
3630 break;
3631
3632 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3633 *(unsigned char **)parg = sc->ext.ocsp.resp;
3634 if (sc->ext.ocsp.resp_len == 0
3635 || sc->ext.ocsp.resp_len > LONG_MAX)
3636 return -1;
3637 return (long)sc->ext.ocsp.resp_len;
3638
3639 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3640 OPENSSL_free(sc->ext.ocsp.resp);
3641 sc->ext.ocsp.resp = parg;
3642 sc->ext.ocsp.resp_len = larg;
3643 ret = 1;
3644 break;
3645
3646 case SSL_CTRL_CHAIN:
3647 if (larg)
3648 return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
3649 else
3650 return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
3651
3652 case SSL_CTRL_CHAIN_CERT:
3653 if (larg)
3654 return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
3655 else
3656 return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
3657
3658 case SSL_CTRL_GET_CHAIN_CERTS:
3659 *(STACK_OF(X509) **)parg = sc->cert->key->chain;
3660 ret = 1;
3661 break;
3662
3663 case SSL_CTRL_SELECT_CURRENT_CERT:
3664 return ssl_cert_select_current(sc->cert, (X509 *)parg);
3665
3666 case SSL_CTRL_SET_CURRENT_CERT:
3667 if (larg == SSL_CERT_SET_SERVER) {
3668 const SSL_CIPHER *cipher;
3669 if (!sc->server)
3670 return 0;
3671 cipher = sc->s3.tmp.new_cipher;
3672 if (cipher == NULL)
3673 return 0;
3674 /*
3675 * No certificate for unauthenticated ciphersuites or using SRP
3676 * authentication
3677 */
3678 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3679 return 2;
3680 if (sc->s3.tmp.cert == NULL)
3681 return 0;
3682 sc->cert->key = sc->s3.tmp.cert;
3683 return 1;
3684 }
3685 return ssl_cert_set_current(sc->cert, larg);
3686
3687 case SSL_CTRL_GET_GROUPS:
3688 {
3689 uint16_t *clist;
3690 size_t clistlen;
3691
3692 if (!sc->session)
3693 return 0;
3694 clist = sc->ext.peer_supportedgroups;
3695 clistlen = sc->ext.peer_supportedgroups_len;
3696 if (parg) {
3697 size_t i;
3698 int *cptr = parg;
3699
3700 for (i = 0; i < clistlen; i++) {
3701 const TLS_GROUP_INFO *cinf
3702 = tls1_group_id_lookup(s->ctx, clist[i]);
3703
3704 if (cinf != NULL)
3705 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3706 else
3707 cptr[i] = TLSEXT_nid_unknown | clist[i];
3708 }
3709 }
3710 return (int)clistlen;
3711 }
3712
3713 case SSL_CTRL_SET_GROUPS:
3714 return tls1_set_groups(&sc->ext.supportedgroups,
3715 &sc->ext.supportedgroups_len, parg, larg);
3716
3717 case SSL_CTRL_SET_GROUPS_LIST:
3718 return tls1_set_groups_list(s->ctx, &sc->ext.supportedgroups,
3719 &sc->ext.supportedgroups_len, parg);
3720
3721 case SSL_CTRL_GET_SHARED_GROUP:
3722 {
3723 uint16_t id = tls1_shared_group(sc, larg);
3724
3725 if (larg != -1)
3726 return tls1_group_id2nid(id, 1);
3727 return id;
3728 }
3729 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3730 {
3731 unsigned int id;
3732
3733 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
3734 id = sc->s3.group_id;
3735 else
3736 id = sc->session->kex_group;
3737 ret = tls1_group_id2nid(id, 1);
3738 break;
3739 }
3740 case SSL_CTRL_SET_SIGALGS:
3741 return tls1_set_sigalgs(sc->cert, parg, larg, 0);
3742
3743 case SSL_CTRL_SET_SIGALGS_LIST:
3744 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
3745
3746 case SSL_CTRL_SET_CLIENT_SIGALGS:
3747 return tls1_set_sigalgs(sc->cert, parg, larg, 1);
3748
3749 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3750 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
3751
3752 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3753 {
3754 const unsigned char **pctype = parg;
3755 if (sc->server || !sc->s3.tmp.cert_req)
3756 return 0;
3757 if (pctype)
3758 *pctype = sc->s3.tmp.ctype;
3759 return sc->s3.tmp.ctype_len;
3760 }
3761
3762 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3763 if (!sc->server)
3764 return 0;
3765 return ssl3_set_req_cert_type(sc->cert, parg, larg);
3766
3767 case SSL_CTRL_BUILD_CERT_CHAIN:
3768 return ssl_build_cert_chain(sc, NULL, larg);
3769
3770 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3771 return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
3772
3773 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3774 return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
3775
3776 case SSL_CTRL_GET_VERIFY_CERT_STORE:
3777 return ssl_cert_get_cert_store(sc->cert, parg, 0);
3778
3779 case SSL_CTRL_GET_CHAIN_CERT_STORE:
3780 return ssl_cert_get_cert_store(sc->cert, parg, 1);
3781
3782 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3783 if (sc->s3.tmp.peer_sigalg == NULL)
3784 return 0;
3785 *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
3786 return 1;
3787
3788 case SSL_CTRL_GET_SIGNATURE_NID:
3789 if (sc->s3.tmp.sigalg == NULL)
3790 return 0;
3791 *(int *)parg = sc->s3.tmp.sigalg->hash;
3792 return 1;
3793
3794 case SSL_CTRL_GET_PEER_TMP_KEY:
3795 if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
3796 return 0;
3797 } else {
3798 EVP_PKEY_up_ref(sc->s3.peer_tmp);
3799 *(EVP_PKEY **)parg = sc->s3.peer_tmp;
3800 return 1;
3801 }
3802
3803 case SSL_CTRL_GET_TMP_KEY:
3804 if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
3805 return 0;
3806 } else {
3807 EVP_PKEY_up_ref(sc->s3.tmp.pkey);
3808 *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
3809 return 1;
3810 }
3811
3812 case SSL_CTRL_GET_EC_POINT_FORMATS:
3813 {
3814 const unsigned char **pformat = parg;
3815
3816 if (sc->ext.peer_ecpointformats == NULL)
3817 return 0;
3818 *pformat = sc->ext.peer_ecpointformats;
3819 return (int)sc->ext.peer_ecpointformats_len;
3820 }
3821
3822 case SSL_CTRL_GET_IANA_GROUPS:
3823 {
3824 if (parg != NULL) {
3825 *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
3826 }
3827 return (int)sc->ext.peer_supportedgroups_len;
3828 }
3829
3830 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
3831 sc->msg_callback_arg = parg;
3832 return 1;
3833
3834 default:
3835 break;
3836 }
3837 return ret;
3838 }
3839
3840 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3841 {
3842 int ret = 0;
3843 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3844
3845 if (sc == NULL)
3846 return ret;
3847
3848 switch (cmd) {
3849 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3850 case SSL_CTRL_SET_TMP_DH_CB:
3851 sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3852 ret = 1;
3853 break;
3854 #endif
3855 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3856 sc->ext.debug_cb = (void (*)(SSL *, int, int,
3857 const unsigned char *, int, void *))fp;
3858 ret = 1;
3859 break;
3860
3861 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3862 sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3863 ret = 1;
3864 break;
3865
3866 case SSL_CTRL_SET_MSG_CALLBACK:
3867 sc->msg_callback = (ossl_msg_cb)fp;
3868 return 1;
3869 default:
3870 break;
3871 }
3872 return ret;
3873 }
3874
3875 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3876 {
3877 switch (cmd) {
3878 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3879 case SSL_CTRL_SET_TMP_DH:
3880 {
3881 EVP_PKEY *pkdh = NULL;
3882 if (parg == NULL) {
3883 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3884 return 0;
3885 }
3886 pkdh = ssl_dh_to_pkey(parg);
3887 if (pkdh == NULL) {
3888 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3889 return 0;
3890 }
3891 if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
3892 EVP_PKEY_free(pkdh);
3893 return 0;
3894 }
3895 return 1;
3896 }
3897 case SSL_CTRL_SET_TMP_DH_CB:
3898 {
3899 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3900 return 0;
3901 }
3902 #endif
3903 case SSL_CTRL_SET_DH_AUTO:
3904 ctx->cert->dh_tmp_auto = larg;
3905 return 1;
3906 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3907 case SSL_CTRL_SET_TMP_ECDH:
3908 {
3909 if (parg == NULL) {
3910 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3911 return 0;
3912 }
3913 return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3914 &ctx->ext.supportedgroups_len,
3915 parg);
3916 }
3917 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3918 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3919 ctx->ext.servername_arg = parg;
3920 break;
3921 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3922 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3923 {
3924 unsigned char *keys = parg;
3925 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3926 sizeof(ctx->ext.secure->tick_hmac_key) +
3927 sizeof(ctx->ext.secure->tick_aes_key));
3928 if (keys == NULL)
3929 return tick_keylen;
3930 if (larg != tick_keylen) {
3931 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3932 return 0;
3933 }
3934 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3935 memcpy(ctx->ext.tick_key_name, keys,
3936 sizeof(ctx->ext.tick_key_name));
3937 memcpy(ctx->ext.secure->tick_hmac_key,
3938 keys + sizeof(ctx->ext.tick_key_name),
3939 sizeof(ctx->ext.secure->tick_hmac_key));
3940 memcpy(ctx->ext.secure->tick_aes_key,
3941 keys + sizeof(ctx->ext.tick_key_name) +
3942 sizeof(ctx->ext.secure->tick_hmac_key),
3943 sizeof(ctx->ext.secure->tick_aes_key));
3944 } else {
3945 memcpy(keys, ctx->ext.tick_key_name,
3946 sizeof(ctx->ext.tick_key_name));
3947 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3948 ctx->ext.secure->tick_hmac_key,
3949 sizeof(ctx->ext.secure->tick_hmac_key));
3950 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3951 sizeof(ctx->ext.secure->tick_hmac_key),
3952 ctx->ext.secure->tick_aes_key,
3953 sizeof(ctx->ext.secure->tick_aes_key));
3954 }
3955 return 1;
3956 }
3957
3958 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3959 return ctx->ext.status_type;
3960
3961 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3962 ctx->ext.status_type = larg;
3963 break;
3964
3965 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3966 ctx->ext.status_arg = parg;
3967 return 1;
3968
3969 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3970 *(void**)parg = ctx->ext.status_arg;
3971 break;
3972
3973 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3974 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3975 break;
3976
3977 #ifndef OPENSSL_NO_SRP
3978 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3979 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3980 OPENSSL_free(ctx->srp_ctx.login);
3981 ctx->srp_ctx.login = NULL;
3982 if (parg == NULL)
3983 break;
3984 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3985 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
3986 return 0;
3987 }
3988 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3989 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3990 return 0;
3991 }
3992 break;
3993 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3994 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3995 srp_password_from_info_cb;
3996 if (ctx->srp_ctx.info != NULL)
3997 OPENSSL_free(ctx->srp_ctx.info);
3998 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3999 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4000 return 0;
4001 }
4002 break;
4003 case SSL_CTRL_SET_SRP_ARG:
4004 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4005 ctx->srp_ctx.SRP_cb_arg = parg;
4006 break;
4007
4008 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4009 ctx->srp_ctx.strength = larg;
4010 break;
4011 #endif
4012
4013 case SSL_CTRL_SET_GROUPS:
4014 return tls1_set_groups(&ctx->ext.supportedgroups,
4015 &ctx->ext.supportedgroups_len,
4016 parg, larg);
4017
4018 case SSL_CTRL_SET_GROUPS_LIST:
4019 return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
4020 &ctx->ext.supportedgroups_len,
4021 parg);
4022
4023 case SSL_CTRL_SET_SIGALGS:
4024 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4025
4026 case SSL_CTRL_SET_SIGALGS_LIST:
4027 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4028
4029 case SSL_CTRL_SET_CLIENT_SIGALGS:
4030 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4031
4032 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4033 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4034
4035 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4036 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4037
4038 case SSL_CTRL_BUILD_CERT_CHAIN:
4039 return ssl_build_cert_chain(NULL, ctx, larg);
4040
4041 case SSL_CTRL_SET_VERIFY_CERT_STORE:
4042 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4043
4044 case SSL_CTRL_SET_CHAIN_CERT_STORE:
4045 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4046
4047 case SSL_CTRL_GET_VERIFY_CERT_STORE:
4048 return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4049
4050 case SSL_CTRL_GET_CHAIN_CERT_STORE:
4051 return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4052
4053 /* A Thawte special :-) */
4054 case SSL_CTRL_EXTRA_CHAIN_CERT:
4055 if (ctx->extra_certs == NULL) {
4056 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4057 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4058 return 0;
4059 }
4060 }
4061 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4062 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4063 return 0;
4064 }
4065 break;
4066
4067 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4068 if (ctx->extra_certs == NULL && larg == 0)
4069 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4070 else
4071 *(STACK_OF(X509) **)parg = ctx->extra_certs;
4072 break;
4073
4074 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4075 OSSL_STACK_OF_X509_free(ctx->extra_certs);
4076 ctx->extra_certs = NULL;
4077 break;
4078
4079 case SSL_CTRL_CHAIN:
4080 if (larg)
4081 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4082 else
4083 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4084
4085 case SSL_CTRL_CHAIN_CERT:
4086 if (larg)
4087 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4088 else
4089 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4090
4091 case SSL_CTRL_GET_CHAIN_CERTS:
4092 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4093 break;
4094
4095 case SSL_CTRL_SELECT_CURRENT_CERT:
4096 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4097
4098 case SSL_CTRL_SET_CURRENT_CERT:
4099 return ssl_cert_set_current(ctx->cert, larg);
4100
4101 default:
4102 return 0;
4103 }
4104 return 1;
4105 }
4106
4107 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4108 {
4109 switch (cmd) {
4110 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4111 case SSL_CTRL_SET_TMP_DH_CB:
4112 {
4113 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4114 }
4115 break;
4116 #endif
4117 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4118 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4119 break;
4120
4121 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4122 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4123 break;
4124
4125 # ifndef OPENSSL_NO_DEPRECATED_3_0
4126 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4127 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4128 unsigned char *,
4129 EVP_CIPHER_CTX *,
4130 HMAC_CTX *, int))fp;
4131 break;
4132 #endif
4133
4134 #ifndef OPENSSL_NO_SRP
4135 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4136 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4137 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4138 break;
4139 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4140 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4141 ctx->srp_ctx.TLS_ext_srp_username_callback =
4142 (int (*)(SSL *, int *, void *))fp;
4143 break;
4144 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4145 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4146 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4147 (char *(*)(SSL *, void *))fp;
4148 break;
4149 #endif
4150 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4151 {
4152 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4153 }
4154 break;
4155 default:
4156 return 0;
4157 }
4158 return 1;
4159 }
4160
4161 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4162 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4163 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4164 {
4165 ctx->ext.ticket_key_evp_cb = fp;
4166 return 1;
4167 }
4168
4169 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4170 {
4171 SSL_CIPHER c;
4172 const SSL_CIPHER *cp;
4173
4174 c.id = id;
4175 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4176 if (cp != NULL)
4177 return cp;
4178 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4179 if (cp != NULL)
4180 return cp;
4181 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4182 }
4183
4184 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4185 {
4186 SSL_CIPHER *tbl;
4187 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4188 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4189 SSL3_NUM_SCSVS};
4190
4191 /* this is not efficient, necessary to optimize this? */
4192 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4193 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4194 if (tbl->stdname == NULL)
4195 continue;
4196 if (strcmp(stdname, tbl->stdname) == 0) {
4197 return tbl;
4198 }
4199 }
4200 }
4201 return NULL;
4202 }
4203
4204 /*
4205 * This function needs to check if the ciphers required are actually
4206 * available
4207 */
4208 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4209 {
4210 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4211 | ((uint32_t)p[0] << 8L)
4212 | (uint32_t)p[1]);
4213 }
4214
4215 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4216 {
4217 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4218 *len = 0;
4219 return 1;
4220 }
4221
4222 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4223 return 0;
4224
4225 *len = 2;
4226 return 1;
4227 }
4228
4229 /*
4230 * ssl3_choose_cipher - choose a cipher from those offered by the client
4231 * @s: SSL connection
4232 * @clnt: ciphers offered by the client
4233 * @srvr: ciphers enabled on the server?
4234 *
4235 * Returns the selected cipher or NULL when no common ciphers.
4236 */
4237 const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4238 STACK_OF(SSL_CIPHER) *srvr)
4239 {
4240 const SSL_CIPHER *c, *ret = NULL;
4241 STACK_OF(SSL_CIPHER) *prio, *allow;
4242 int i, ii, ok, prefer_sha256 = 0;
4243 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4244 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4245
4246 /* Let's see which ciphers we can support */
4247
4248 /*
4249 * Do not set the compare functions, because this may lead to a
4250 * reordering by "id". We want to keep the original ordering. We may pay
4251 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4252 * pay with the price of sk_SSL_CIPHER_dup().
4253 */
4254
4255 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4256 BIO_printf(trc_out, "Server has %d from %p:\n",
4257 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4258 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4259 c = sk_SSL_CIPHER_value(srvr, i);
4260 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4261 }
4262 BIO_printf(trc_out, "Client sent %d from %p:\n",
4263 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4264 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4265 c = sk_SSL_CIPHER_value(clnt, i);
4266 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4267 }
4268 } OSSL_TRACE_END(TLS_CIPHER);
4269
4270 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4271 if (tls1_suiteb(s)) {
4272 prio = srvr;
4273 allow = clnt;
4274 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4275 prio = srvr;
4276 allow = clnt;
4277
4278 /* If ChaCha20 is at the top of the client preference list,
4279 and there are ChaCha20 ciphers in the server list, then
4280 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4281 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4282 c = sk_SSL_CIPHER_value(clnt, 0);
4283 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4284 /* ChaCha20 is client preferred, check server... */
4285 int num = sk_SSL_CIPHER_num(srvr);
4286 int found = 0;
4287 for (i = 0; i < num; i++) {
4288 c = sk_SSL_CIPHER_value(srvr, i);
4289 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4290 found = 1;
4291 break;
4292 }
4293 }
4294 if (found) {
4295 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4296 /* if reserve fails, then there's likely a memory issue */
4297 if (prio_chacha != NULL) {
4298 /* Put all ChaCha20 at the top, starting with the one we just found */
4299 sk_SSL_CIPHER_push(prio_chacha, c);
4300 for (i++; i < num; i++) {
4301 c = sk_SSL_CIPHER_value(srvr, i);
4302 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4303 sk_SSL_CIPHER_push(prio_chacha, c);
4304 }
4305 /* Pull in the rest */
4306 for (i = 0; i < num; i++) {
4307 c = sk_SSL_CIPHER_value(srvr, i);
4308 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4309 sk_SSL_CIPHER_push(prio_chacha, c);
4310 }
4311 prio = prio_chacha;
4312 }
4313 }
4314 }
4315 }
4316 } else {
4317 prio = clnt;
4318 allow = srvr;
4319 }
4320
4321 if (SSL_CONNECTION_IS_TLS13(s)) {
4322 #ifndef OPENSSL_NO_PSK
4323 size_t j;
4324
4325 /*
4326 * If we allow "old" style PSK callbacks, and we have no certificate (so
4327 * we're not going to succeed without a PSK anyway), and we're in
4328 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4329 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4330 * that.
4331 */
4332 if (s->psk_server_callback != NULL) {
4333 for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, j); j++);
4334 if (j == s->ssl_pkey_num) {
4335 /* There are no certificates */
4336 prefer_sha256 = 1;
4337 }
4338 }
4339 #endif
4340 } else {
4341 tls1_set_cert_validity(s);
4342 ssl_set_masks(s);
4343 }
4344
4345 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4346 int minversion, maxversion;
4347
4348 c = sk_SSL_CIPHER_value(prio, i);
4349 minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4350 maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4351
4352 /* Skip ciphers not supported by the protocol version */
4353 if (ssl_version_cmp(s, s->version, minversion) < 0
4354 || ssl_version_cmp(s, s->version, maxversion) > 0)
4355 continue;
4356
4357 /*
4358 * Since TLS 1.3 ciphersuites can be used with any auth or
4359 * key exchange scheme skip tests.
4360 */
4361 if (!SSL_CONNECTION_IS_TLS13(s)) {
4362 mask_k = s->s3.tmp.mask_k;
4363 mask_a = s->s3.tmp.mask_a;
4364 #ifndef OPENSSL_NO_SRP
4365 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4366 mask_k |= SSL_kSRP;
4367 mask_a |= SSL_aSRP;
4368 }
4369 #endif
4370
4371 alg_k = c->algorithm_mkey;
4372 alg_a = c->algorithm_auth;
4373
4374 #ifndef OPENSSL_NO_PSK
4375 /* with PSK there must be server callback set */
4376 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4377 continue;
4378 #endif /* OPENSSL_NO_PSK */
4379
4380 ok = (alg_k & mask_k) && (alg_a & mask_a);
4381 OSSL_TRACE7(TLS_CIPHER,
4382 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4383 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4384
4385 /*
4386 * if we are considering an ECC cipher suite that uses an ephemeral
4387 * EC key check it
4388 */
4389 if (alg_k & SSL_kECDHE)
4390 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4391
4392 if (!ok)
4393 continue;
4394 }
4395 ii = sk_SSL_CIPHER_find(allow, c);
4396 if (ii >= 0) {
4397 /* Check security callback permits this cipher */
4398 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4399 c->strength_bits, 0, (void *)c))
4400 continue;
4401
4402 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4403 && s->s3.is_probably_safari) {
4404 if (!ret)
4405 ret = sk_SSL_CIPHER_value(allow, ii);
4406 continue;
4407 }
4408
4409 if (prefer_sha256) {
4410 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4411 const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4412 tmp->algorithm2);
4413
4414 if (md != NULL
4415 && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4416 ret = tmp;
4417 break;
4418 }
4419 if (ret == NULL)
4420 ret = tmp;
4421 continue;
4422 }
4423 ret = sk_SSL_CIPHER_value(allow, ii);
4424 break;
4425 }
4426 }
4427
4428 sk_SSL_CIPHER_free(prio_chacha);
4429
4430 return ret;
4431 }
4432
4433 int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4434 {
4435 uint32_t alg_k, alg_a = 0;
4436
4437 /* If we have custom certificate types set, use them */
4438 if (s->cert->ctype)
4439 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4440 /* Get mask of algorithms disabled by signature list */
4441 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4442
4443 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4444
4445 #ifndef OPENSSL_NO_GOST
4446 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4447 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4448 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4449 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4450 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4451 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4452 return 0;
4453
4454 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4455 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4456 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4457 return 0;
4458 #endif
4459
4460 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4461 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4462 return 0;
4463 if (!(alg_a & SSL_aDSS)
4464 && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4465 return 0;
4466 }
4467 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4468 return 0;
4469 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4470 return 0;
4471
4472 /*
4473 * ECDSA certs can be used with RSA cipher suites too so we don't
4474 * need to check for SSL_kECDH or SSL_kECDHE
4475 */
4476 if (s->version >= TLS1_VERSION
4477 && !(alg_a & SSL_aECDSA)
4478 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4479 return 0;
4480
4481 return 1;
4482 }
4483
4484 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4485 {
4486 OPENSSL_free(c->ctype);
4487 c->ctype = NULL;
4488 c->ctype_len = 0;
4489 if (p == NULL || len == 0)
4490 return 1;
4491 if (len > 0xff)
4492 return 0;
4493 c->ctype = OPENSSL_memdup(p, len);
4494 if (c->ctype == NULL)
4495 return 0;
4496 c->ctype_len = len;
4497 return 1;
4498 }
4499
4500 int ssl3_shutdown(SSL *s)
4501 {
4502 int ret;
4503 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4504
4505 if (sc == NULL)
4506 return 0;
4507
4508 /*
4509 * Don't do anything much if we have not done the handshake or we don't
4510 * want to send messages :-)
4511 */
4512 if (sc->quiet_shutdown || SSL_in_before(s)) {
4513 sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4514 return 1;
4515 }
4516
4517 if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4518 sc->shutdown |= SSL_SENT_SHUTDOWN;
4519 ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4520 /*
4521 * our shutdown alert has been sent now, and if it still needs to be
4522 * written, s->s3.alert_dispatch will be > 0
4523 */
4524 if (sc->s3.alert_dispatch > 0)
4525 return -1; /* return WANT_WRITE */
4526 } else if (sc->s3.alert_dispatch > 0) {
4527 /* resend it if not sent */
4528 ret = s->method->ssl_dispatch_alert(s);
4529 if (ret == -1) {
4530 /*
4531 * we only get to return -1 here the 2nd/Nth invocation, we must
4532 * have already signalled return 0 upon a previous invocation,
4533 * return WANT_WRITE
4534 */
4535 return ret;
4536 }
4537 } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4538 size_t readbytes;
4539 /*
4540 * If we are waiting for a close from our peer, we are closed
4541 */
4542 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4543 if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4544 return -1; /* return WANT_READ */
4545 }
4546 }
4547
4548 if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
4549 && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
4550 return 1;
4551 else
4552 return 0;
4553 }
4554
4555 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4556 {
4557 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4558
4559 if (sc == NULL)
4560 return 0;
4561
4562 clear_sys_error();
4563 if (sc->s3.renegotiate)
4564 ssl3_renegotiate_check(s, 0);
4565
4566 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4567 written);
4568 }
4569
4570 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4571 size_t *readbytes)
4572 {
4573 int ret;
4574 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4575
4576 if (sc == NULL)
4577 return 0;
4578
4579 clear_sys_error();
4580 if (sc->s3.renegotiate)
4581 ssl3_renegotiate_check(s, 0);
4582 sc->s3.in_read_app_data = 1;
4583 ret =
4584 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4585 peek, readbytes);
4586 if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
4587 /*
4588 * ssl3_read_bytes decided to call s->handshake_func, which called
4589 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4590 * actually found application data and thinks that application data
4591 * makes sense here; so disable handshake processing and try to read
4592 * application data again.
4593 */
4594 ossl_statem_set_in_handshake(sc, 1);
4595 ret =
4596 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4597 len, peek, readbytes);
4598 ossl_statem_set_in_handshake(sc, 0);
4599 } else
4600 sc->s3.in_read_app_data = 0;
4601
4602 return ret;
4603 }
4604
4605 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4606 {
4607 return ssl3_read_internal(s, buf, len, 0, readbytes);
4608 }
4609
4610 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4611 {
4612 return ssl3_read_internal(s, buf, len, 1, readbytes);
4613 }
4614
4615 int ssl3_renegotiate(SSL *s)
4616 {
4617 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4618
4619 if (sc == NULL)
4620 return 0;
4621
4622 if (sc->handshake_func == NULL)
4623 return 1;
4624
4625 sc->s3.renegotiate = 1;
4626 return 1;
4627 }
4628
4629 /*
4630 * Check if we are waiting to do a renegotiation and if so whether now is a
4631 * good time to do it. If |initok| is true then we are being called from inside
4632 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4633 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4634 * should do a renegotiation now and sets up the state machine for it. Otherwise
4635 * returns 0.
4636 */
4637 int ssl3_renegotiate_check(SSL *s, int initok)
4638 {
4639 int ret = 0;
4640 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4641
4642 if (sc == NULL)
4643 return 0;
4644
4645 if (sc->s3.renegotiate) {
4646 if (!RECORD_LAYER_read_pending(&sc->rlayer)
4647 && !RECORD_LAYER_write_pending(&sc->rlayer)
4648 && (initok || !SSL_in_init(s))) {
4649 /*
4650 * if we are the server, and we have sent a 'RENEGOTIATE'
4651 * message, we need to set the state machine into the renegotiate
4652 * state.
4653 */
4654 ossl_statem_set_renegotiate(sc);
4655 sc->s3.renegotiate = 0;
4656 sc->s3.num_renegotiations++;
4657 sc->s3.total_renegotiations++;
4658 ret = 1;
4659 }
4660 }
4661 return ret;
4662 }
4663
4664 /*
4665 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4666 * handshake macs if required.
4667 *
4668 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4669 */
4670 long ssl_get_algorithm2(SSL_CONNECTION *s)
4671 {
4672 long alg2;
4673 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4674
4675 if (s->s3.tmp.new_cipher == NULL)
4676 return -1;
4677 alg2 = s->s3.tmp.new_cipher->algorithm2;
4678 if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4679 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4680 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4681 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4682 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4683 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4684 }
4685 return alg2;
4686 }
4687
4688 /*
4689 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4690 * failure, 1 on success.
4691 */
4692 int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
4693 unsigned char *result, size_t len,
4694 DOWNGRADE dgrd)
4695 {
4696 int send_time = 0, ret;
4697
4698 if (len < 4)
4699 return 0;
4700 if (server)
4701 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4702 else
4703 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4704 if (send_time) {
4705 unsigned long Time = (unsigned long)time(NULL);
4706 unsigned char *p = result;
4707
4708 l2n(Time, p);
4709 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
4710 } else {
4711 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
4712 }
4713
4714 if (ret > 0) {
4715 if (!ossl_assert(sizeof(tls11downgrade) < len)
4716 || !ossl_assert(sizeof(tls12downgrade) < len))
4717 return 0;
4718 if (dgrd == DOWNGRADE_TO_1_2)
4719 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4720 sizeof(tls12downgrade));
4721 else if (dgrd == DOWNGRADE_TO_1_1)
4722 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4723 sizeof(tls11downgrade));
4724 }
4725
4726 return ret;
4727 }
4728
4729 int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
4730 size_t pmslen, int free_pms)
4731 {
4732 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4733 int ret = 0;
4734 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4735
4736 if (alg_k & SSL_PSK) {
4737 #ifndef OPENSSL_NO_PSK
4738 unsigned char *pskpms, *t;
4739 size_t psklen = s->s3.tmp.psklen;
4740 size_t pskpmslen;
4741
4742 /* create PSK premaster_secret */
4743
4744 /* For plain PSK "other_secret" is psklen zeroes */
4745 if (alg_k & SSL_kPSK)
4746 pmslen = psklen;
4747
4748 pskpmslen = 4 + pmslen + psklen;
4749 pskpms = OPENSSL_malloc(pskpmslen);
4750 if (pskpms == NULL)
4751 goto err;
4752 t = pskpms;
4753 s2n(pmslen, t);
4754 if (alg_k & SSL_kPSK)
4755 memset(t, 0, pmslen);
4756 else
4757 memcpy(t, pms, pmslen);
4758 t += pmslen;
4759 s2n(psklen, t);
4760 memcpy(t, s->s3.tmp.psk, psklen);
4761
4762 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4763 s->s3.tmp.psk = NULL;
4764 s->s3.tmp.psklen = 0;
4765 if (!ssl->method->ssl3_enc->generate_master_secret(s,
4766 s->session->master_key, pskpms, pskpmslen,
4767 &s->session->master_key_length)) {
4768 OPENSSL_clear_free(pskpms, pskpmslen);
4769 /* SSLfatal() already called */
4770 goto err;
4771 }
4772 OPENSSL_clear_free(pskpms, pskpmslen);
4773 #else
4774 /* Should never happen */
4775 goto err;
4776 #endif
4777 } else {
4778 if (!ssl->method->ssl3_enc->generate_master_secret(s,
4779 s->session->master_key, pms, pmslen,
4780 &s->session->master_key_length)) {
4781 /* SSLfatal() already called */
4782 goto err;
4783 }
4784 }
4785
4786 ret = 1;
4787 err:
4788 if (pms) {
4789 if (free_pms)
4790 OPENSSL_clear_free(pms, pmslen);
4791 else
4792 OPENSSL_cleanse(pms, pmslen);
4793 }
4794 if (s->server == 0) {
4795 s->s3.tmp.pms = NULL;
4796 s->s3.tmp.pmslen = 0;
4797 }
4798 return ret;
4799 }
4800
4801 /* Generate a private key from parameters */
4802 EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
4803 {
4804 EVP_PKEY_CTX *pctx = NULL;
4805 EVP_PKEY *pkey = NULL;
4806 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4807
4808 if (pm == NULL)
4809 return NULL;
4810 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
4811 if (pctx == NULL)
4812 goto err;
4813 if (EVP_PKEY_keygen_init(pctx) <= 0)
4814 goto err;
4815 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4816 EVP_PKEY_free(pkey);
4817 pkey = NULL;
4818 }
4819
4820 err:
4821 EVP_PKEY_CTX_free(pctx);
4822 return pkey;
4823 }
4824
4825 /* Generate a private key from a group ID */
4826 EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
4827 {
4828 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4829 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4830 EVP_PKEY_CTX *pctx = NULL;
4831 EVP_PKEY *pkey = NULL;
4832
4833 if (ginf == NULL) {
4834 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4835 goto err;
4836 }
4837
4838 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4839 sctx->propq);
4840
4841 if (pctx == NULL) {
4842 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4843 goto err;
4844 }
4845 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4846 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4847 goto err;
4848 }
4849 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4850 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4851 goto err;
4852 }
4853 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4854 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4855 EVP_PKEY_free(pkey);
4856 pkey = NULL;
4857 }
4858
4859 err:
4860 EVP_PKEY_CTX_free(pctx);
4861 return pkey;
4862 }
4863
4864 /*
4865 * Generate parameters from a group ID
4866 */
4867 EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
4868 {
4869 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4870 EVP_PKEY_CTX *pctx = NULL;
4871 EVP_PKEY *pkey = NULL;
4872 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4873
4874 if (ginf == NULL)
4875 goto err;
4876
4877 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4878 sctx->propq);
4879
4880 if (pctx == NULL)
4881 goto err;
4882 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4883 goto err;
4884 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4885 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4886 goto err;
4887 }
4888 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4889 EVP_PKEY_free(pkey);
4890 pkey = NULL;
4891 }
4892
4893 err:
4894 EVP_PKEY_CTX_free(pctx);
4895 return pkey;
4896 }
4897
4898 /* Generate secrets from pms */
4899 int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
4900 {
4901 int rv = 0;
4902
4903 /* SSLfatal() called as appropriate in the below functions */
4904 if (SSL_CONNECTION_IS_TLS13(s)) {
4905 /*
4906 * If we are resuming then we already generated the early secret
4907 * when we created the ClientHello, so don't recreate it.
4908 */
4909 if (!s->hit)
4910 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4911 0,
4912 (unsigned char *)&s->early_secret);
4913 else
4914 rv = 1;
4915
4916 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4917 } else {
4918 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4919 }
4920
4921 return rv;
4922 }
4923
4924 /* Derive secrets for ECDH/DH */
4925 int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4926 {
4927 int rv = 0;
4928 unsigned char *pms = NULL;
4929 size_t pmslen = 0;
4930 EVP_PKEY_CTX *pctx;
4931 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4932
4933 if (privkey == NULL || pubkey == NULL) {
4934 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4935 return 0;
4936 }
4937
4938 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
4939
4940 if (EVP_PKEY_derive_init(pctx) <= 0
4941 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4942 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4943 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4944 goto err;
4945 }
4946
4947 if (SSL_CONNECTION_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
4948 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4949
4950 pms = OPENSSL_malloc(pmslen);
4951 if (pms == NULL) {
4952 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
4953 goto err;
4954 }
4955
4956 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4957 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4958 goto err;
4959 }
4960
4961 if (gensecret) {
4962 /* SSLfatal() called as appropriate in the below functions */
4963 rv = ssl_gensecret(s, pms, pmslen);
4964 } else {
4965 /* Save premaster secret */
4966 s->s3.tmp.pms = pms;
4967 s->s3.tmp.pmslen = pmslen;
4968 pms = NULL;
4969 rv = 1;
4970 }
4971
4972 err:
4973 OPENSSL_clear_free(pms, pmslen);
4974 EVP_PKEY_CTX_free(pctx);
4975 return rv;
4976 }
4977
4978 /* Decapsulate secrets for KEM */
4979 int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
4980 const unsigned char *ct, size_t ctlen,
4981 int gensecret)
4982 {
4983 int rv = 0;
4984 unsigned char *pms = NULL;
4985 size_t pmslen = 0;
4986 EVP_PKEY_CTX *pctx;
4987 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4988
4989 if (privkey == NULL) {
4990 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4991 return 0;
4992 }
4993
4994 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
4995
4996 if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
4997 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
4998 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4999 goto err;
5000 }
5001
5002 pms = OPENSSL_malloc(pmslen);
5003 if (pms == NULL) {
5004 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5005 goto err;
5006 }
5007
5008 if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5009 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5010 goto err;
5011 }
5012
5013 if (gensecret) {
5014 /* SSLfatal() called as appropriate in the below functions */
5015 rv = ssl_gensecret(s, pms, pmslen);
5016 } else {
5017 /* Save premaster secret */
5018 s->s3.tmp.pms = pms;
5019 s->s3.tmp.pmslen = pmslen;
5020 pms = NULL;
5021 rv = 1;
5022 }
5023
5024 err:
5025 OPENSSL_clear_free(pms, pmslen);
5026 EVP_PKEY_CTX_free(pctx);
5027 return rv;
5028 }
5029
5030 int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5031 unsigned char **ctp, size_t *ctlenp,
5032 int gensecret)
5033 {
5034 int rv = 0;
5035 unsigned char *pms = NULL, *ct = NULL;
5036 size_t pmslen = 0, ctlen = 0;
5037 EVP_PKEY_CTX *pctx;
5038 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5039
5040 if (pubkey == NULL) {
5041 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5042 return 0;
5043 }
5044
5045 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5046
5047 if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5048 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5049 || pmslen == 0 || ctlen == 0) {
5050 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5051 goto err;
5052 }
5053
5054 pms = OPENSSL_malloc(pmslen);
5055 ct = OPENSSL_malloc(ctlen);
5056 if (pms == NULL || ct == NULL) {
5057 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5058 goto err;
5059 }
5060
5061 if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5062 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5063 goto err;
5064 }
5065
5066 if (gensecret) {
5067 /* SSLfatal() called as appropriate in the below functions */
5068 rv = ssl_gensecret(s, pms, pmslen);
5069 } else {
5070 /* Save premaster secret */
5071 s->s3.tmp.pms = pms;
5072 s->s3.tmp.pmslen = pmslen;
5073 pms = NULL;
5074 rv = 1;
5075 }
5076
5077 if (rv > 0) {
5078 /* Pass ownership of ct to caller */
5079 *ctp = ct;
5080 *ctlenp = ctlen;
5081 ct = NULL;
5082 }
5083
5084 err:
5085 OPENSSL_clear_free(pms, pmslen);
5086 OPENSSL_free(ct);
5087 EVP_PKEY_CTX_free(pctx);
5088 return rv;
5089 }
5090
5091 const char *SSL_get0_group_name(SSL *s)
5092 {
5093 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5094 unsigned int id;
5095
5096 if (sc == NULL)
5097 return NULL;
5098
5099 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5100 id = sc->s3.group_id;
5101 else
5102 id = sc->session->kex_group;
5103
5104 return tls1_group_id2name(s->ctx, id);
5105 }
5106
5107 const char *SSL_group_to_name(SSL *s, int nid) {
5108 int group_id = 0;
5109 const TLS_GROUP_INFO *cinf = NULL;
5110
5111 /* first convert to real group id for internal and external IDs */
5112 if (nid & TLSEXT_nid_unknown)
5113 group_id = nid & 0xFFFF;
5114 else
5115 group_id = tls1_nid2group_id(nid);
5116
5117 /* then look up */
5118 cinf = tls1_group_id_lookup(s->ctx, group_id);
5119
5120 if (cinf != NULL)
5121 return cinf->tlsname;
5122 return NULL;
5123 }
A mirror of the official openssl repository