]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/s3_lib.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Replace some usage of SSLerr with SSLfatal()
[thirdparty/openssl.git] / ssl / s3_lib.c
CommitLineData
846e33c7 1/*
9bb6f829 2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
aa8f3d76 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
c80149d9 4 * Copyright 2005 Nokia. All rights reserved.
5a4fbc69 5 *
846e33c7
RS		 6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
5a4fbc69 10 */
846e33c7 11
d02b48c6 12#include <stdio.h>
ec577822 13#include <openssl/objects.h>
677963e5 14#include "internal/nelem.h"
d02b48c6 15#include "ssl_locl.h"
dbad1690 16#include <openssl/md5.h>
3c27208f 17#include <openssl/dh.h>
a3680c8f 18#include <openssl/rand.h>
5f8dd0f8 19#include "internal/cryptlib.h"
d02b48c6 20
b6eb9827 21#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
650c6e41 22#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
d02b48c6 23
643a3580
MC		 24/* TLSv1.3 downgrade protection sentinel values */
25const unsigned char tls11downgrade[] = {
26 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
27};
28const unsigned char tls12downgrade[] = {
29 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
30};
31
748f2546 32/*
ef28891b 33 * The list of available ciphers, mostly organized into the following
748f2546
RS		 34 * groups:
35 * Always there
36 * EC
37 * PSK
38 * SRP (within that: RSA EC PSK)
9bb6f829 39 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
748f2546
RS		 40 * Weak ciphers
41 */
a230b26e 42static SSL_CIPHER ssl3_ciphers[] = {
0f113f3e
MC		 43 {
44 1,
45 SSL3_TXT_RSA_NULL_MD5,
bbb4ceb8 46 SSL3_RFC_RSA_NULL_MD5,
0f113f3e
MC		 47 SSL3_CK_RSA_NULL_MD5,
48 SSL_kRSA,
49 SSL_aRSA,
50 SSL_eNULL,
51 SSL_MD5,
3eb2aff4 52 SSL3_VERSION, TLS1_2_VERSION,
387cf213 53 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 54 SSL_STRONG_NONE,
0f113f3e
MC		 55 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56 0,
57 0,
58 },
0f113f3e
MC		 59 {
60 1,
61 SSL3_TXT_RSA_NULL_SHA,
bbb4ceb8 62 SSL3_RFC_RSA_NULL_SHA,
0f113f3e
MC		 63 SSL3_CK_RSA_NULL_SHA,
64 SSL_kRSA,
65 SSL_aRSA,
66 SSL_eNULL,
67 SSL_SHA1,
3eb2aff4 68 SSL3_VERSION, TLS1_2_VERSION,
387cf213 69 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 70 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 71 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
72 0,
73 0,
74 },
d33726b9 75#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
0f113f3e
MC		 76 {
77 1,
78 SSL3_TXT_RSA_DES_192_CBC3_SHA,
bbb4ceb8 79 SSL3_RFC_RSA_DES_192_CBC3_SHA,
0f113f3e
MC		 80 SSL3_CK_RSA_DES_192_CBC3_SHA,
81 SSL_kRSA,
82 SSL_aRSA,
83 SSL_3DES,
84 SSL_SHA1,
3eb2aff4 85 SSL3_VERSION, TLS1_2_VERSION,
387cf213 86 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 87 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 88 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
89 112,
90 168,
91 },
0f113f3e
MC		 92 {
93 1,
94 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
bbb4ceb8 95 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
0f113f3e
MC		 96 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
97 SSL_kDHE,
98 SSL_aDSS,
99 SSL_3DES,
100 SSL_SHA1,
3eb2aff4 101 SSL3_VERSION, TLS1_2_VERSION,
387cf213 102 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 103 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 104 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
105 112,
106 168,
107 },
0f113f3e
MC		 108 {
109 1,
110 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
bbb4ceb8 111 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
0f113f3e
MC		 112 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
113 SSL_kDHE,
114 SSL_aRSA,
115 SSL_3DES,
116 SSL_SHA1,
3eb2aff4 117 SSL3_VERSION, TLS1_2_VERSION,
387cf213 118 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 119 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 120 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
121 112,
122 168,
123 },
0f113f3e
MC		 124 {
125 1,
126 SSL3_TXT_ADH_DES_192_CBC_SHA,
bbb4ceb8 127 SSL3_RFC_ADH_DES_192_CBC_SHA,
0f113f3e
MC		 128 SSL3_CK_ADH_DES_192_CBC_SHA,
129 SSL_kDHE,
130 SSL_aNULL,
131 SSL_3DES,
132 SSL_SHA1,
3eb2aff4 133 SSL3_VERSION, TLS1_2_VERSION,
387cf213 134 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 135 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 136 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
137 112,
138 168,
139 },
d33726b9 140#endif
0f113f3e
MC		 141 {
142 1,
143 TLS1_TXT_RSA_WITH_AES_128_SHA,
bbb4ceb8 144 TLS1_RFC_RSA_WITH_AES_128_SHA,
0f113f3e
MC		 145 TLS1_CK_RSA_WITH_AES_128_SHA,
146 SSL_kRSA,
147 SSL_aRSA,
148 SSL_AES128,
149 SSL_SHA1,
3eb2aff4 150 SSL3_VERSION, TLS1_2_VERSION,
387cf213 151 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 152 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 153 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
154 128,
155 128,
156 },
0f113f3e
MC		 157 {
158 1,
159 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
bbb4ceb8 160 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
0f113f3e
MC		 161 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
162 SSL_kDHE,
163 SSL_aDSS,
164 SSL_AES128,
165 SSL_SHA1,
3eb2aff4 166 SSL3_VERSION, TLS1_2_VERSION,
387cf213 167 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 168 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 169 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
170 128,
171 128,
172 },
0f113f3e
MC		 173 {
174 1,
175 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
bbb4ceb8 176 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
0f113f3e
MC		 177 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
178 SSL_kDHE,
179 SSL_aRSA,
180 SSL_AES128,
181 SSL_SHA1,
3eb2aff4 182 SSL3_VERSION, TLS1_2_VERSION,
387cf213 183 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 184 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
186 128,
187 128,
188 },
0f113f3e
MC		 189 {
190 1,
191 TLS1_TXT_ADH_WITH_AES_128_SHA,
bbb4ceb8 192 TLS1_RFC_ADH_WITH_AES_128_SHA,
0f113f3e
MC		 193 TLS1_CK_ADH_WITH_AES_128_SHA,
194 SSL_kDHE,
195 SSL_aNULL,
196 SSL_AES128,
197 SSL_SHA1,
3eb2aff4 198 SSL3_VERSION, TLS1_2_VERSION,
387cf213 199 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 200 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
202 128,
203 128,
204 },
0f113f3e
MC		 205 {
206 1,
207 TLS1_TXT_RSA_WITH_AES_256_SHA,
bbb4ceb8 208 TLS1_RFC_RSA_WITH_AES_256_SHA,
0f113f3e
MC		 209 TLS1_CK_RSA_WITH_AES_256_SHA,
210 SSL_kRSA,
211 SSL_aRSA,
212 SSL_AES256,
213 SSL_SHA1,
3eb2aff4 214 SSL3_VERSION, TLS1_2_VERSION,
387cf213 215 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 216 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
218 256,
219 256,
220 },
0f113f3e
MC		 221 {
222 1,
223 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
bbb4ceb8 224 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
0f113f3e
MC		 225 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
226 SSL_kDHE,
227 SSL_aDSS,
228 SSL_AES256,
229 SSL_SHA1,
3eb2aff4 230 SSL3_VERSION, TLS1_2_VERSION,
387cf213 231 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 232 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
234 256,
235 256,
236 },
0f113f3e
MC		 237 {
238 1,
239 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
bbb4ceb8 240 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
0f113f3e
MC		 241 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
242 SSL_kDHE,
243 SSL_aRSA,
244 SSL_AES256,
245 SSL_SHA1,
3eb2aff4 246 SSL3_VERSION, TLS1_2_VERSION,
387cf213 247 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 248 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
250 256,
251 256,
252 },
0f113f3e
MC		 253 {
254 1,
255 TLS1_TXT_ADH_WITH_AES_256_SHA,
bbb4ceb8 256 TLS1_RFC_ADH_WITH_AES_256_SHA,
0f113f3e
MC		 257 TLS1_CK_ADH_WITH_AES_256_SHA,
258 SSL_kDHE,
259 SSL_aNULL,
260 SSL_AES256,
261 SSL_SHA1,
3eb2aff4 262 SSL3_VERSION, TLS1_2_VERSION,
387cf213 263 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 264 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
266 256,
267 256,
268 },
0f113f3e
MC		 269 {
270 1,
271 TLS1_TXT_RSA_WITH_NULL_SHA256,
bbb4ceb8 272 TLS1_RFC_RSA_WITH_NULL_SHA256,
0f113f3e
MC		 273 TLS1_CK_RSA_WITH_NULL_SHA256,
274 SSL_kRSA,
275 SSL_aRSA,
276 SSL_eNULL,
277 SSL_SHA256,
3eb2aff4
KR		 278 TLS1_2_VERSION, TLS1_2_VERSION,
279 DTLS1_2_VERSION, DTLS1_2_VERSION,
1510b5f7 280 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
282 0,
283 0,
284 },
0f113f3e
MC		 285 {
286 1,
287 TLS1_TXT_RSA_WITH_AES_128_SHA256,
bbb4ceb8 288 TLS1_RFC_RSA_WITH_AES_128_SHA256,
0f113f3e
MC		 289 TLS1_CK_RSA_WITH_AES_128_SHA256,
290 SSL_kRSA,
291 SSL_aRSA,
292 SSL_AES128,
293 SSL_SHA256,
3eb2aff4
KR		 294 TLS1_2_VERSION, TLS1_2_VERSION,
295 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 296 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
298 128,
299 128,
300 },
0f113f3e
MC		 301 {
302 1,
303 TLS1_TXT_RSA_WITH_AES_256_SHA256,
bbb4ceb8 304 TLS1_RFC_RSA_WITH_AES_256_SHA256,
0f113f3e
MC		 305 TLS1_CK_RSA_WITH_AES_256_SHA256,
306 SSL_kRSA,
307 SSL_aRSA,
308 SSL_AES256,
309 SSL_SHA256,
3eb2aff4
KR		 310 TLS1_2_VERSION, TLS1_2_VERSION,
311 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 312 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
314 256,
315 256,
316 },
0f113f3e
MC		 317 {
318 1,
319 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
bbb4ceb8 320 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
0f113f3e
MC		 321 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
322 SSL_kDHE,
323 SSL_aDSS,
324 SSL_AES128,
325 SSL_SHA256,
3eb2aff4
KR		 326 TLS1_2_VERSION, TLS1_2_VERSION,
327 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 328 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
330 128,
331 128,
332 },
0f113f3e
MC		 333 {
334 1,
335 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
bbb4ceb8 336 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
0f113f3e
MC		 337 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
338 SSL_kDHE,
339 SSL_aRSA,
340 SSL_AES128,
341 SSL_SHA256,
3eb2aff4
KR		 342 TLS1_2_VERSION, TLS1_2_VERSION,
343 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 344 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
346 128,
347 128,
348 },
0f113f3e
MC		 349 {
350 1,
351 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
bbb4ceb8 352 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
0f113f3e
MC		 353 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
354 SSL_kDHE,
355 SSL_aDSS,
356 SSL_AES256,
357 SSL_SHA256,
3eb2aff4
KR		 358 TLS1_2_VERSION, TLS1_2_VERSION,
359 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 360 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 361 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
362 256,
363 256,
364 },
0f113f3e
MC		 365 {
366 1,
367 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
bbb4ceb8 368 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
0f113f3e
MC		 369 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
370 SSL_kDHE,
371 SSL_aRSA,
372 SSL_AES256,
373 SSL_SHA256,
3eb2aff4
KR		 374 TLS1_2_VERSION, TLS1_2_VERSION,
375 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 376 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
378 256,
379 256,
380 },
0f113f3e
MC		 381 {
382 1,
383 TLS1_TXT_ADH_WITH_AES_128_SHA256,
bbb4ceb8 384 TLS1_RFC_ADH_WITH_AES_128_SHA256,
0f113f3e
MC		 385 TLS1_CK_ADH_WITH_AES_128_SHA256,
386 SSL_kDHE,
387 SSL_aNULL,
388 SSL_AES128,
389 SSL_SHA256,
3eb2aff4
KR		 390 TLS1_2_VERSION, TLS1_2_VERSION,
391 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 392 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 393 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
394 128,
395 128,
396 },
0f113f3e
MC		 397 {
398 1,
399 TLS1_TXT_ADH_WITH_AES_256_SHA256,
bbb4ceb8 400 TLS1_RFC_ADH_WITH_AES_256_SHA256,
0f113f3e
MC		 401 TLS1_CK_ADH_WITH_AES_256_SHA256,
402 SSL_kDHE,
403 SSL_aNULL,
404 SSL_AES256,
405 SSL_SHA256,
3eb2aff4
KR		 406 TLS1_2_VERSION, TLS1_2_VERSION,
407 DTLS1_2_VERSION, DTLS1_2_VERSION,
361a1191 408 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
410 256,
411 256,
412 },
0f113f3e
MC		 413 {
414 1,
748f2546 415 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
bbb4ceb8 416 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
748f2546
RS		 417 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
418 SSL_kRSA,
419 SSL_aRSA,
420 SSL_AES128GCM,
421 SSL_AEAD,
422 TLS1_2_VERSION, TLS1_2_VERSION,
423 DTLS1_2_VERSION, DTLS1_2_VERSION,
424 SSL_HIGH | SSL_FIPS,
425 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
426 128,
427 128,
428 },
0f113f3e
MC		 429 {
430 1,
748f2546 431 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
bbb4ceb8 432 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
748f2546 433 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
0f113f3e
MC		 434 SSL_kRSA,
435 SSL_aRSA,
748f2546
RS		 436 SSL_AES256GCM,
437 SSL_AEAD,
438 TLS1_2_VERSION, TLS1_2_VERSION,
439 DTLS1_2_VERSION, DTLS1_2_VERSION,
440 SSL_HIGH | SSL_FIPS,
441 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 442 256,
443 256,
444 },
0f113f3e
MC		 445 {
446 1,
748f2546 447 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
bbb4ceb8 448 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
748f2546 449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
0f113f3e 450 SSL_kDHE,
748f2546
RS		 451 SSL_aRSA,
452 SSL_AES128GCM,
453 SSL_AEAD,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
456 SSL_HIGH | SSL_FIPS,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
458 128,
459 128,
0f113f3e 460 },
0f113f3e
MC		 461 {
462 1,
748f2546 463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
bbb4ceb8 464 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
748f2546 465 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
0f113f3e
MC		 466 SSL_kDHE,
467 SSL_aRSA,
748f2546
RS		 468 SSL_AES256GCM,
469 SSL_AEAD,
470 TLS1_2_VERSION, TLS1_2_VERSION,
471 DTLS1_2_VERSION, DTLS1_2_VERSION,
472 SSL_HIGH | SSL_FIPS,
473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 474 256,
475 256,
476 },
0f113f3e
MC		 477 {
478 1,
748f2546 479 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
bbb4ceb8 480 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
748f2546 481 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
0f113f3e 482 SSL_kDHE,
748f2546
RS		 483 SSL_aDSS,
484 SSL_AES128GCM,
485 SSL_AEAD,
486 TLS1_2_VERSION, TLS1_2_VERSION,
487 DTLS1_2_VERSION, DTLS1_2_VERSION,
488 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
489 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 490 128,
491 128,
492 },
0f113f3e
MC		 493 {
494 1,
748f2546 495 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
bbb4ceb8 496 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
748f2546
RS		 497 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
498 SSL_kDHE,
499 SSL_aDSS,
500 SSL_AES256GCM,
501 SSL_AEAD,
502 TLS1_2_VERSION, TLS1_2_VERSION,
503 DTLS1_2_VERSION, DTLS1_2_VERSION,
504 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
505 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
506 256,
507 256,
0f113f3e 508 },
0f113f3e
MC		 509 {
510 1,
748f2546 511 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
bbb4ceb8 512 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
748f2546
RS		 513 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
514 SSL_kDHE,
515 SSL_aNULL,
516 SSL_AES128GCM,
517 SSL_AEAD,
518 TLS1_2_VERSION, TLS1_2_VERSION,
519 DTLS1_2_VERSION, DTLS1_2_VERSION,
520 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
521 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 522 128,
523 128,
524 },
0f113f3e
MC		 525 {
526 1,
748f2546 527 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
bbb4ceb8 528 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
748f2546
RS		 529 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
530 SSL_kDHE,
531 SSL_aNULL,
532 SSL_AES256GCM,
533 SSL_AEAD,
534 TLS1_2_VERSION, TLS1_2_VERSION,
535 DTLS1_2_VERSION, DTLS1_2_VERSION,
536 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 538 256,
539 256,
540 },
ea6114c6
DSH		 541 {
542 1,
748f2546 543 TLS1_TXT_RSA_WITH_AES_128_CCM,
bbb4ceb8 544 TLS1_RFC_RSA_WITH_AES_128_CCM,
748f2546
RS		 545 TLS1_CK_RSA_WITH_AES_128_CCM,
546 SSL_kRSA,
547 SSL_aRSA,
548 SSL_AES128CCM,
549 SSL_AEAD,
550 TLS1_2_VERSION, TLS1_2_VERSION,
551 DTLS1_2_VERSION, DTLS1_2_VERSION,
552 SSL_NOT_DEFAULT | SSL_HIGH,
553 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 554 128,
555 128,
556 },
ea6114c6
DSH		 557 {
558 1,
748f2546 559 TLS1_TXT_RSA_WITH_AES_256_CCM,
bbb4ceb8 560 TLS1_RFC_RSA_WITH_AES_256_CCM,
748f2546
RS		 561 TLS1_CK_RSA_WITH_AES_256_CCM,
562 SSL_kRSA,
563 SSL_aRSA,
564 SSL_AES256CCM,
565 SSL_AEAD,
566 TLS1_2_VERSION, TLS1_2_VERSION,
567 DTLS1_2_VERSION, DTLS1_2_VERSION,
568 SSL_NOT_DEFAULT | SSL_HIGH,
569 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
570 256,
571 256,
ea6114c6 572 },
ea6114c6
DSH		 573 {
574 1,
748f2546 575 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
bbb4ceb8 576 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
748f2546
RS		 577 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
578 SSL_kDHE,
579 SSL_aRSA,
580 SSL_AES128CCM,
581 SSL_AEAD,
582 TLS1_2_VERSION, TLS1_2_VERSION,
583 DTLS1_2_VERSION, DTLS1_2_VERSION,
584 SSL_NOT_DEFAULT | SSL_HIGH,
585 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 586 128,
587 128,
588 },
ea6114c6
DSH		 589 {
590 1,
748f2546 591 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
bbb4ceb8 592 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
748f2546
RS		 593 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
594 SSL_kDHE,
595 SSL_aRSA,
596 SSL_AES256CCM,
597 SSL_AEAD,
598 TLS1_2_VERSION, TLS1_2_VERSION,
599 DTLS1_2_VERSION, DTLS1_2_VERSION,
600 SSL_NOT_DEFAULT | SSL_HIGH,
601 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 602 256,
603 256,
604 },
ea6114c6
DSH		 605 {
606 1,
748f2546 607 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
bbb4ceb8 608 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
748f2546
RS		 609 TLS1_CK_RSA_WITH_AES_128_CCM_8,
610 SSL_kRSA,
ea6114c6 611 SSL_aRSA,
748f2546 612 SSL_AES128CCM8,
0f113f3e 613 SSL_AEAD,
3eb2aff4
KR		 614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 616 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
618 128,
619 128,
620 },
0f113f3e
MC		 621 {
622 1,
748f2546 623 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
bbb4ceb8 624 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
748f2546 625 TLS1_CK_RSA_WITH_AES_256_CCM_8,
0f113f3e
MC		 626 SSL_kRSA,
627 SSL_aRSA,
748f2546 628 SSL_AES256CCM8,
0f113f3e 629 SSL_AEAD,
3eb2aff4
KR		 630 TLS1_2_VERSION, TLS1_2_VERSION,
631 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 632 SSL_NOT_DEFAULT | SSL_HIGH,
633 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 634 256,
635 256,
636 },
0f113f3e
MC		 637 {
638 1,
748f2546 639 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
bbb4ceb8 640 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
748f2546 641 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
0f113f3e
MC		 642 SSL_kDHE,
643 SSL_aRSA,
748f2546 644 SSL_AES128CCM8,
0f113f3e 645 SSL_AEAD,
3eb2aff4
KR		 646 TLS1_2_VERSION, TLS1_2_VERSION,
647 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 648 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 649 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
650 128,
651 128,
652 },
0f113f3e
MC		 653 {
654 1,
748f2546 655 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
bbb4ceb8 656 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
748f2546 657 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
0f113f3e
MC		 658 SSL_kDHE,
659 SSL_aRSA,
748f2546 660 SSL_AES256CCM8,
0f113f3e 661 SSL_AEAD,
3eb2aff4
KR		 662 TLS1_2_VERSION, TLS1_2_VERSION,
663 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 664 SSL_NOT_DEFAULT | SSL_HIGH,
665 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 666 256,
667 256,
668 },
0f113f3e
MC		 669 {
670 1,
748f2546 671 TLS1_TXT_PSK_WITH_AES_128_CCM,
bbb4ceb8 672 TLS1_RFC_PSK_WITH_AES_128_CCM,
748f2546
RS		 673 TLS1_CK_PSK_WITH_AES_128_CCM,
674 SSL_kPSK,
675 SSL_aPSK,
676 SSL_AES128CCM,
0f113f3e 677 SSL_AEAD,
3eb2aff4
KR		 678 TLS1_2_VERSION, TLS1_2_VERSION,
679 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 680 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 681 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
682 128,
683 128,
684 },
0f113f3e
MC		 685 {
686 1,
748f2546 687 TLS1_TXT_PSK_WITH_AES_256_CCM,
bbb4ceb8 688 TLS1_RFC_PSK_WITH_AES_256_CCM,
748f2546
RS		 689 TLS1_CK_PSK_WITH_AES_256_CCM,
690 SSL_kPSK,
691 SSL_aPSK,
692 SSL_AES256CCM,
0f113f3e 693 SSL_AEAD,
3eb2aff4
KR		 694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 696 SSL_NOT_DEFAULT | SSL_HIGH,
697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 698 256,
699 256,
700 },
0f113f3e
MC		 701 {
702 1,
748f2546 703 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
bbb4ceb8 704 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
748f2546
RS		 705 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
706 SSL_kDHEPSK,
707 SSL_aPSK,
708 SSL_AES128CCM,
0f113f3e 709 SSL_AEAD,
3eb2aff4
KR		 710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 712 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
714 128,
715 128,
716 },
0f113f3e
MC		 717 {
718 1,
748f2546 719 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
bbb4ceb8 720 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
748f2546
RS		 721 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
722 SSL_kDHEPSK,
723 SSL_aPSK,
724 SSL_AES256CCM,
0f113f3e 725 SSL_AEAD,
3eb2aff4
KR		 726 TLS1_2_VERSION, TLS1_2_VERSION,
727 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 728 SSL_NOT_DEFAULT | SSL_HIGH,
729 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 730 256,
731 256,
732 },
547dba74
DSH		 733 {
734 1,
748f2546 735 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
bbb4ceb8 736 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
748f2546 737 TLS1_CK_PSK_WITH_AES_128_CCM_8,
547dba74
DSH		 738 SSL_kPSK,
739 SSL_aPSK,
748f2546 740 SSL_AES128CCM8,
547dba74 741 SSL_AEAD,
3eb2aff4
KR		 742 TLS1_2_VERSION, TLS1_2_VERSION,
743 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 744 SSL_NOT_DEFAULT | SSL_HIGH,
547dba74
DSH		 745 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
746 128,
747 128,
748 },
547dba74
DSH		 749 {
750 1,
748f2546 751 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
bbb4ceb8 752 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
748f2546 753 TLS1_CK_PSK_WITH_AES_256_CCM_8,
547dba74
DSH		 754 SSL_kPSK,
755 SSL_aPSK,
748f2546 756 SSL_AES256CCM8,
547dba74 757 SSL_AEAD,
3eb2aff4
KR		 758 TLS1_2_VERSION, TLS1_2_VERSION,
759 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 760 SSL_NOT_DEFAULT | SSL_HIGH,
761 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
547dba74
DSH		 762 256,
763 256,
764 },
ea6114c6
DSH		 765 {
766 1,
748f2546 767 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
bbb4ceb8 768 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
748f2546 769 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
ea6114c6
DSH		 770 SSL_kDHEPSK,
771 SSL_aPSK,
748f2546 772 SSL_AES128CCM8,
ea6114c6 773 SSL_AEAD,
3eb2aff4
KR		 774 TLS1_2_VERSION, TLS1_2_VERSION,
775 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 776 SSL_NOT_DEFAULT | SSL_HIGH,
ea6114c6
DSH		 777 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
778 128,
779 128,
780 },
ea6114c6
DSH		 781 {
782 1,
748f2546 783 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
bbb4ceb8 784 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
748f2546
RS		 785 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
786 SSL_kDHEPSK,
ea6114c6 787 SSL_aPSK,
748f2546 788 SSL_AES256CCM8,
ea6114c6 789 SSL_AEAD,
3eb2aff4
KR		 790 TLS1_2_VERSION, TLS1_2_VERSION,
791 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 792 SSL_NOT_DEFAULT | SSL_HIGH,
793 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 794 256,
795 256,
796 },
ea6114c6
DSH		 797 {
798 1,
748f2546 799 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
bbb4ceb8 800 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
748f2546
RS		 801 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
802 SSL_kECDHE,
803 SSL_aECDSA,
804 SSL_AES128CCM,
ea6114c6 805 SSL_AEAD,
3eb2aff4
KR		 806 TLS1_2_VERSION, TLS1_2_VERSION,
807 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 808 SSL_NOT_DEFAULT | SSL_HIGH,
ea6114c6
DSH		 809 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
810 128,
811 128,
812 },
ea6114c6
DSH		 813 {
814 1,
748f2546 815 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
bbb4ceb8 816 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
748f2546
RS		 817 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
818 SSL_kECDHE,
819 SSL_aECDSA,
820 SSL_AES256CCM,
ea6114c6 821 SSL_AEAD,
3eb2aff4
KR		 822 TLS1_2_VERSION, TLS1_2_VERSION,
823 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 824 SSL_NOT_DEFAULT | SSL_HIGH,
825 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 826 256,
827 256,
828 },
ea6114c6
DSH		 829 {
830 1,
748f2546 831 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
bbb4ceb8 832 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
748f2546
RS		 833 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
834 SSL_kECDHE,
835 SSL_aECDSA,
836 SSL_AES128CCM8,
837 SSL_AEAD,
838 TLS1_2_VERSION, TLS1_2_VERSION,
839 DTLS1_2_VERSION, DTLS1_2_VERSION,
840 SSL_NOT_DEFAULT | SSL_HIGH,
841 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 842 128,
843 128,
844 },
ea6114c6
DSH		 845 {
846 1,
748f2546 847 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
bbb4ceb8 848 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
748f2546
RS		 849 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
850 SSL_kECDHE,
851 SSL_aECDSA,
852 SSL_AES256CCM8,
853 SSL_AEAD,
854 TLS1_2_VERSION, TLS1_2_VERSION,
855 DTLS1_2_VERSION, DTLS1_2_VERSION,
856 SSL_NOT_DEFAULT | SSL_HIGH,
857 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
ea6114c6
DSH		 858 256,
859 256,
860 },
582a17d6
MC		 861 {
862 1,
863 TLS1_3_TXT_AES_128_GCM_SHA256,
bbb4ceb8 864 TLS1_3_RFC_AES_128_GCM_SHA256,
582a17d6 865 TLS1_3_CK_AES_128_GCM_SHA256,
9c92ea45 866 0, 0,
582a17d6
MC		 867 SSL_AES128GCM,
868 SSL_AEAD,
869 TLS1_3_VERSION, TLS1_3_VERSION,
f68521ee
DSH		 870 SSL_kANY,
871 SSL_aANY,
872 SSL_HIGH,
873 SSL_HANDSHAKE_MAC_SHA256,
874 128,
875 128,
876 },
877 {
878 1,
879 TLS1_3_TXT_AES_256_GCM_SHA384,
bbb4ceb8 880 TLS1_3_RFC_AES_256_GCM_SHA384,
f68521ee
DSH		 881 TLS1_3_CK_AES_256_GCM_SHA384,
882 SSL_kANY,
883 SSL_aANY,
884 SSL_AES256GCM,
885 SSL_AEAD,
886 TLS1_3_VERSION, TLS1_3_VERSION,
582a17d6
MC		 887 0, 0,
888 SSL_HIGH,
f68521ee
DSH		 889 SSL_HANDSHAKE_MAC_SHA384,
890 256,
891 256,
892 },
893#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
894 {
895 1,
896 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
bbb4ceb8 897 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
f68521ee
DSH		 898 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
899 SSL_kANY,
900 SSL_aANY,
901 SSL_CHACHA20POLY1305,
902 SSL_AEAD,
903 TLS1_3_VERSION, TLS1_3_VERSION,
904 0, 0,
905 SSL_HIGH,
906 SSL_HANDSHAKE_MAC_SHA256,
907 256,
908 256,
909 },
910#endif
911 {
912 1,
913 TLS1_3_TXT_AES_128_CCM_SHA256,
bbb4ceb8 914 TLS1_3_RFC_AES_128_CCM_SHA256,
f68521ee
DSH		 915 TLS1_3_CK_AES_128_CCM_SHA256,
916 SSL_kANY,
917 SSL_aANY,
918 SSL_AES128CCM,
919 SSL_AEAD,
920 TLS1_3_VERSION, TLS1_3_VERSION,
921 0, 0,
922 SSL_NOT_DEFAULT | SSL_HIGH,
923 SSL_HANDSHAKE_MAC_SHA256,
924 128,
925 128,
926 },
927 {
928 1,
929 TLS1_3_TXT_AES_128_CCM_8_SHA256,
bbb4ceb8 930 TLS1_3_RFC_AES_128_CCM_8_SHA256,
f68521ee
DSH		 931 TLS1_3_CK_AES_128_CCM_8_SHA256,
932 SSL_kANY,
933 SSL_aANY,
934 SSL_AES128CCM8,
935 SSL_AEAD,
936 TLS1_3_VERSION, TLS1_3_VERSION,
937 0, 0,
938 SSL_NOT_DEFAULT | SSL_HIGH,
939 SSL_HANDSHAKE_MAC_SHA256,
582a17d6
MC		 940 128,
941 128,
942 },
ea6114c6 943
748f2546 944#ifndef OPENSSL_NO_EC
ea6114c6
DSH		 945 {
946 1,
748f2546 947 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
bbb4ceb8 948 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
748f2546
RS		 949 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
950 SSL_kECDHE,
951 SSL_aECDSA,
ea6114c6 952 SSL_eNULL,
748f2546 953 SSL_SHA1,
fe55c4a2 954 TLS1_VERSION, TLS1_2_VERSION,
387cf213 955 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 956 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
958 0,
959 0,
960 },
d33726b9 961# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
ea6114c6
DSH		 962 {
963 1,
748f2546 964 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
bbb4ceb8 965 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
748f2546
RS		 966 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967 SSL_kECDHE,
968 SSL_aECDSA,
969 SSL_3DES,
970 SSL_SHA1,
fe55c4a2 971 TLS1_VERSION, TLS1_2_VERSION,
387cf213 972 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 973 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 974 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
975 112,
976 168,
ea6114c6 977 },
d33726b9 978# endif
ea6114c6
DSH		 979 {
980 1,
748f2546 981 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
bbb4ceb8 982 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
748f2546
RS		 983 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984 SSL_kECDHE,
985 SSL_aECDSA,
ea6114c6 986 SSL_AES128,
748f2546 987 SSL_SHA1,
fe55c4a2 988 TLS1_VERSION, TLS1_2_VERSION,
387cf213 989 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 990 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 991 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
992 128,
993 128,
994 },
ea6114c6
DSH		 995 {
996 1,
748f2546 997 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
bbb4ceb8 998 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
748f2546
RS		 999 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000 SSL_kECDHE,
1001 SSL_aECDSA,
ea6114c6 1002 SSL_AES256,
748f2546 1003 SSL_SHA1,
fe55c4a2 1004 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1005 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1006 SSL_HIGH | SSL_FIPS,
748f2546 1007 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
ea6114c6
DSH		 1008 256,
1009 256,
1010 },
ea6114c6
DSH		 1011 {
1012 1,
748f2546 1013 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
bbb4ceb8 1014 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
748f2546
RS		 1015 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1016 SSL_kECDHE,
1017 SSL_aRSA,
ea6114c6 1018 SSL_eNULL,
748f2546 1019 SSL_SHA1,
fe55c4a2 1020 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1021 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1022 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1023 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1024 0,
1025 0,
1026 },
d33726b9 1027# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
ea6114c6
DSH		 1028 {
1029 1,
748f2546 1030 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
bbb4ceb8 1031 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
748f2546
RS		 1032 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033 SSL_kECDHE,
1034 SSL_aRSA,
1035 SSL_3DES,
1036 SSL_SHA1,
fe55c4a2 1037 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1038 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1039 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 1040 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1041 112,
1042 168,
ea6114c6 1043 },
d33726b9 1044# endif
ea6114c6
DSH		 1045 {
1046 1,
748f2546 1047 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
bbb4ceb8 1048 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
748f2546
RS		 1049 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050 SSL_kECDHE,
ea6114c6
DSH		 1051 SSL_aRSA,
1052 SSL_AES128,
748f2546 1053 SSL_SHA1,
fe55c4a2 1054 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1055 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1056 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1057 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1058 128,
1059 128,
1060 },
ea6114c6
DSH		 1061 {
1062 1,
748f2546 1063 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
bbb4ceb8 1064 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
748f2546
RS		 1065 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066 SSL_kECDHE,
ea6114c6
DSH		 1067 SSL_aRSA,
1068 SSL_AES256,
748f2546 1069 SSL_SHA1,
fe55c4a2 1070 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1071 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1072 SSL_HIGH | SSL_FIPS,
748f2546 1073 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
ea6114c6
DSH		 1074 256,
1075 256,
1076 },
ea6114c6
DSH		 1077 {
1078 1,
748f2546 1079 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
bbb4ceb8 1080 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
748f2546
RS		 1081 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1082 SSL_kECDHE,
1083 SSL_aNULL,
ea6114c6 1084 SSL_eNULL,
748f2546 1085 SSL_SHA1,
fe55c4a2 1086 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1087 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1088 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1089 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1090 0,
1091 0,
1092 },
d33726b9 1093# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
ea6114c6
DSH		 1094 {
1095 1,
748f2546 1096 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
bbb4ceb8 1097 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
748f2546
RS		 1098 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099 SSL_kECDHE,
1100 SSL_aNULL,
1101 SSL_3DES,
1102 SSL_SHA1,
fe55c4a2 1103 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1104 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1105 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
748f2546
RS		 1106 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1107 112,
1108 168,
ea6114c6 1109 },
d33726b9 1110# endif
0f113f3e
MC		 1111 {
1112 1,
748f2546 1113 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
bbb4ceb8 1114 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
748f2546
RS		 1115 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1116 SSL_kECDHE,
1117 SSL_aNULL,
1118 SSL_AES128,
1119 SSL_SHA1,
fe55c4a2 1120 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1121 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1122 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1123 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1124 128,
1125 128,
1126 },
0f113f3e
MC		 1127 {
1128 1,
748f2546 1129 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
bbb4ceb8 1130 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
748f2546
RS		 1131 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1132 SSL_kECDHE,
1133 SSL_aNULL,
1134 SSL_AES256,
1135 SSL_SHA1,
fe55c4a2 1136 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1137 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1138 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1139 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1140 256,
1141 256,
1142 },
1143 {
1144 1,
1145 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
bbb4ceb8 1146 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
748f2546
RS		 1147 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148 SSL_kECDHE,
1149 SSL_aECDSA,
1150 SSL_AES128,
0f113f3e 1151 SSL_SHA256,
3eb2aff4
KR		 1152 TLS1_2_VERSION, TLS1_2_VERSION,
1153 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1154 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1155 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1156 128,
1157 128,
1158 },
0f113f3e
MC		 1159 {
1160 1,
748f2546 1161 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
bbb4ceb8 1162 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
748f2546
RS		 1163 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164 SSL_kECDHE,
1165 SSL_aECDSA,
1166 SSL_AES256,
1167 SSL_SHA384,
3eb2aff4
KR		 1168 TLS1_2_VERSION, TLS1_2_VERSION,
1169 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1170 SSL_HIGH | SSL_FIPS,
1171 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1172 256,
1173 256,
0f113f3e 1174 },
0f113f3e
MC		 1175 {
1176 1,
748f2546 1177 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
bbb4ceb8 1178 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
748f2546
RS		 1179 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1180 SSL_kECDHE,
1181 SSL_aRSA,
1182 SSL_AES128,
0f113f3e 1183 SSL_SHA256,
3eb2aff4
KR		 1184 TLS1_2_VERSION, TLS1_2_VERSION,
1185 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1186 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1188 128,
1189 128,
1190 },
0f113f3e
MC		 1191 {
1192 1,
748f2546 1193 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
bbb4ceb8 1194 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
748f2546
RS		 1195 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1196 SSL_kECDHE,
0f113f3e 1197 SSL_aRSA,
748f2546
RS		 1198 SSL_AES256,
1199 SSL_SHA384,
3eb2aff4
KR		 1200 TLS1_2_VERSION, TLS1_2_VERSION,
1201 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1202 SSL_HIGH | SSL_FIPS,
1203 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1204 256,
1205 256,
1206 },
0f113f3e
MC		 1207 {
1208 1,
748f2546 1209 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1210 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1211 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212 SSL_kECDHE,
1213 SSL_aECDSA,
1214 SSL_AES128GCM,
1215 SSL_AEAD,
3eb2aff4
KR		 1216 TLS1_2_VERSION, TLS1_2_VERSION,
1217 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1218 SSL_HIGH | SSL_FIPS,
0f113f3e 1219 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
748f2546
RS		 1220 128,
1221 128,
1222 },
1223 {
1224 1,
1225 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1226 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1227 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228 SSL_kECDHE,
1229 SSL_aECDSA,
1230 SSL_AES256GCM,
1231 SSL_AEAD,
1232 TLS1_2_VERSION, TLS1_2_VERSION,
1233 DTLS1_2_VERSION, DTLS1_2_VERSION,
1234 SSL_HIGH | SSL_FIPS,
1235 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1236 256,
1237 256,
1238 },
0f113f3e
MC		 1239 {
1240 1,
748f2546 1241 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1242 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1243 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244 SSL_kECDHE,
0f113f3e 1245 SSL_aRSA,
748f2546
RS		 1246 SSL_AES128GCM,
1247 SSL_AEAD,
3eb2aff4
KR		 1248 TLS1_2_VERSION, TLS1_2_VERSION,
1249 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546 1250 SSL_HIGH | SSL_FIPS,
0f113f3e 1251 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
748f2546
RS		 1252 128,
1253 128,
0f113f3e 1254 },
0f113f3e
MC		 1255 {
1256 1,
748f2546 1257 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1258 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1259 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260 SSL_kECDHE,
1261 SSL_aRSA,
1262 SSL_AES256GCM,
1263 SSL_AEAD,
3eb2aff4
KR		 1264 TLS1_2_VERSION, TLS1_2_VERSION,
1265 DTLS1_2_VERSION, DTLS1_2_VERSION,
748f2546
RS		 1266 SSL_HIGH | SSL_FIPS,
1267 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1268 256,
1269 256,
1270 },
a230b26e 1271#endif /* OPENSSL_NO_EC */
0f113f3e 1272
748f2546 1273#ifndef OPENSSL_NO_PSK
0f113f3e
MC		 1274 {
1275 1,
748f2546 1276 TLS1_TXT_PSK_WITH_NULL_SHA,
bbb4ceb8 1277 TLS1_RFC_PSK_WITH_NULL_SHA,
748f2546
RS		 1278 TLS1_CK_PSK_WITH_NULL_SHA,
1279 SSL_kPSK,
1280 SSL_aPSK,
0f113f3e
MC		 1281 SSL_eNULL,
1282 SSL_SHA1,
3eb2aff4 1283 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1284 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1285 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e
MC		 1286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1287 0,
1288 0,
1289 },
0f113f3e
MC		 1290 {
1291 1,
748f2546 1292 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
bbb4ceb8 1293 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
748f2546
RS		 1294 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1295 SSL_kDHEPSK,
1296 SSL_aPSK,
1297 SSL_eNULL,
0f113f3e 1298 SSL_SHA1,
3eb2aff4 1299 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1300 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1301 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1303 0,
1304 0,
0f113f3e 1305 },
0f113f3e
MC		 1306 {
1307 1,
748f2546 1308 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
bbb4ceb8 1309 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
748f2546
RS		 1310 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1311 SSL_kRSAPSK,
1312 SSL_aRSA,
1313 SSL_eNULL,
1314 SSL_SHA1,
1315 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1316 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1317 SSL_STRONG_NONE | SSL_FIPS,
1318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1319 0,
1320 0,
1321 },
d33726b9 1322# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
748f2546
RS		 1323 {
1324 1,
1325 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1326 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1327 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1328 SSL_kPSK,
1329 SSL_aPSK,
0f113f3e
MC		 1330 SSL_3DES,
1331 SSL_SHA1,
3eb2aff4 1332 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1333 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1334 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 1335 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1336 112,
1337 168,
1338 },
d33726b9 1339# endif
0f113f3e
MC		 1340 {
1341 1,
748f2546 1342 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
bbb4ceb8 1343 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
748f2546
RS		 1344 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1345 SSL_kPSK,
1346 SSL_aPSK,
0f113f3e
MC		 1347 SSL_AES128,
1348 SSL_SHA1,
3eb2aff4 1349 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1350 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1351 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1353 128,
1354 128,
1355 },
0f113f3e
MC		 1356 {
1357 1,
748f2546 1358 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
bbb4ceb8 1359 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
748f2546
RS		 1360 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1361 SSL_kPSK,
1362 SSL_aPSK,
0f113f3e
MC		 1363 SSL_AES256,
1364 SSL_SHA1,
3eb2aff4 1365 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1366 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1367 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1368 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1369 256,
1370 256,
1371 },
d33726b9 1372# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
0f113f3e
MC		 1373 {
1374 1,
748f2546 1375 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1376 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1377 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1378 SSL_kDHEPSK,
1379 SSL_aPSK,
1380 SSL_3DES,
0f113f3e 1381 SSL_SHA1,
3eb2aff4 1382 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1383 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1384 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e 1385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1386 112,
1387 168,
0f113f3e 1388 },
d33726b9 1389# endif
0f113f3e
MC		 1390 {
1391 1,
748f2546 1392 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
bbb4ceb8 1393 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
748f2546
RS		 1394 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1395 SSL_kDHEPSK,
1396 SSL_aPSK,
1397 SSL_AES128,
1398 SSL_SHA1,
1399 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1400 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1401 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1403 128,
1404 128,
1405 },
0f113f3e
MC		 1406 {
1407 1,
748f2546 1408 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
bbb4ceb8 1409 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
748f2546
RS		 1410 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1411 SSL_kDHEPSK,
1412 SSL_aPSK,
1413 SSL_AES256,
1414 SSL_SHA1,
1415 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1416 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1417 SSL_HIGH | SSL_FIPS,
1418 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1419 256,
1420 256,
1421 },
d33726b9 1422# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
748f2546
RS		 1423 {
1424 1,
1425 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1426 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1427 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1428 SSL_kRSAPSK,
0f113f3e
MC		 1429 SSL_aRSA,
1430 SSL_3DES,
1431 SSL_SHA1,
3eb2aff4 1432 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1433 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1434 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
0f113f3e
MC		 1435 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1436 112,
1437 168,
1438 },
d33726b9 1439# endif
0f113f3e
MC		 1440 {
1441 1,
748f2546 1442 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
bbb4ceb8 1443 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
748f2546
RS		 1444 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1445 SSL_kRSAPSK,
0f113f3e
MC		 1446 SSL_aRSA,
1447 SSL_AES128,
1448 SSL_SHA1,
3eb2aff4 1449 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1450 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1451 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1453 128,
1454 128,
1455 },
0f113f3e
MC		 1456 {
1457 1,
748f2546 1458 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
bbb4ceb8 1459 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
748f2546
RS		 1460 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1461 SSL_kRSAPSK,
0f113f3e
MC		 1462 SSL_aRSA,
1463 SSL_AES256,
1464 SSL_SHA1,
3eb2aff4 1465 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1466 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1467 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1468 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1469 256,
1470 256,
1471 },
0f113f3e
MC		 1472 {
1473 1,
748f2546 1474 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1475 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1476 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1477 SSL_kPSK,
1478 SSL_aPSK,
1479 SSL_AES128GCM,
1480 SSL_AEAD,
1481 TLS1_2_VERSION, TLS1_2_VERSION,
1482 DTLS1_2_VERSION, DTLS1_2_VERSION,
1483 SSL_HIGH | SSL_FIPS,
1484 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 1485 128,
1486 128,
1487 },
0f113f3e
MC		 1488 {
1489 1,
748f2546 1490 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1491 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1492 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1493 SSL_kPSK,
1494 SSL_aPSK,
1495 SSL_AES256GCM,
1496 SSL_AEAD,
1497 TLS1_2_VERSION, TLS1_2_VERSION,
1498 DTLS1_2_VERSION, DTLS1_2_VERSION,
1499 SSL_HIGH | SSL_FIPS,
1500 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1501 256,
1502 256,
0f113f3e 1503 },
0f113f3e
MC		 1504 {
1505 1,
748f2546 1506 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1507 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1508 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1509 SSL_kDHEPSK,
1510 SSL_aPSK,
1511 SSL_AES128GCM,
1512 SSL_AEAD,
1513 TLS1_2_VERSION, TLS1_2_VERSION,
1514 DTLS1_2_VERSION, DTLS1_2_VERSION,
1515 SSL_HIGH | SSL_FIPS,
1516 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
0f113f3e
MC		 1517 128,
1518 128,
1519 },
0f113f3e
MC		 1520 {
1521 1,
748f2546 1522 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1523 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1524 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1525 SSL_kDHEPSK,
1526 SSL_aPSK,
1527 SSL_AES256GCM,
1528 SSL_AEAD,
1529 TLS1_2_VERSION, TLS1_2_VERSION,
1530 DTLS1_2_VERSION, DTLS1_2_VERSION,
1531 SSL_HIGH | SSL_FIPS,
1532 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1533 256,
1534 256,
1535 },
0f113f3e
MC		 1536 {
1537 1,
748f2546 1538 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
bbb4ceb8 1539 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
748f2546
RS		 1540 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1541 SSL_kRSAPSK,
0f113f3e 1542 SSL_aRSA,
748f2546
RS		 1543 SSL_AES128GCM,
1544 SSL_AEAD,
1545 TLS1_2_VERSION, TLS1_2_VERSION,
1546 DTLS1_2_VERSION, DTLS1_2_VERSION,
1547 SSL_HIGH | SSL_FIPS,
1548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1549 128,
1550 128,
0f113f3e 1551 },
0f113f3e
MC		 1552 {
1553 1,
748f2546 1554 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
bbb4ceb8 1555 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
748f2546
RS		 1556 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1557 SSL_kRSAPSK,
1558 SSL_aRSA,
1559 SSL_AES256GCM,
1560 SSL_AEAD,
1561 TLS1_2_VERSION, TLS1_2_VERSION,
1562 DTLS1_2_VERSION, DTLS1_2_VERSION,
1563 SSL_HIGH | SSL_FIPS,
1564 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1565 256,
1566 256,
0f113f3e 1567 },
0f113f3e
MC		 1568 {
1569 1,
748f2546 1570 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
bbb4ceb8 1571 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
748f2546
RS		 1572 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1573 SSL_kPSK,
1574 SSL_aPSK,
0f113f3e 1575 SSL_AES128,
748f2546
RS		 1576 SSL_SHA256,
1577 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1578 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1579 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1580 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1581 128,
1582 128,
1583 },
0f113f3e
MC		 1584 {
1585 1,
748f2546 1586 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
bbb4ceb8 1587 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
748f2546
RS		 1588 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1589 SSL_kPSK,
1590 SSL_aPSK,
1591 SSL_AES256,
1592 SSL_SHA384,
1593 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1594 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1595 SSL_HIGH | SSL_FIPS,
1596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1597 256,
1598 256,
0f113f3e 1599 },
0f113f3e
MC		 1600 {
1601 1,
748f2546 1602 TLS1_TXT_PSK_WITH_NULL_SHA256,
bbb4ceb8 1603 TLS1_RFC_PSK_WITH_NULL_SHA256,
748f2546
RS		 1604 TLS1_CK_PSK_WITH_NULL_SHA256,
1605 SSL_kPSK,
1606 SSL_aPSK,
1607 SSL_eNULL,
1608 SSL_SHA256,
1609 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1610 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1611 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1612 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1613 0,
1614 0,
0f113f3e 1615 },
0f113f3e
MC		 1616 {
1617 1,
748f2546 1618 TLS1_TXT_PSK_WITH_NULL_SHA384,
bbb4ceb8 1619 TLS1_RFC_PSK_WITH_NULL_SHA384,
748f2546
RS		 1620 TLS1_CK_PSK_WITH_NULL_SHA384,
1621 SSL_kPSK,
1622 SSL_aPSK,
1623 SSL_eNULL,
1624 SSL_SHA384,
1625 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1626 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1627 SSL_STRONG_NONE | SSL_FIPS,
1628 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1629 0,
1630 0,
0f113f3e 1631 },
0f113f3e
MC		 1632 {
1633 1,
748f2546 1634 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
bbb4ceb8 1635 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
748f2546
RS		 1636 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1637 SSL_kDHEPSK,
1638 SSL_aPSK,
1639 SSL_AES128,
1640 SSL_SHA256,
1641 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1642 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1643 SSL_HIGH | SSL_FIPS,
0f113f3e 1644 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
748f2546
RS		 1645 128,
1646 128,
0f113f3e 1647 },
0f113f3e
MC		 1648 {
1649 1,
748f2546 1650 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
bbb4ceb8 1651 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
748f2546
RS		 1652 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1653 SSL_kDHEPSK,
1654 SSL_aPSK,
0f113f3e 1655 SSL_AES256,
748f2546
RS		 1656 SSL_SHA384,
1657 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1658 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1659 SSL_HIGH | SSL_FIPS,
1660 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0f113f3e
MC		 1661 256,
1662 256,
1663 },
0f113f3e
MC		 1664 {
1665 1,
748f2546 1666 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
bbb4ceb8 1667 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
748f2546
RS		 1668 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1669 SSL_kDHEPSK,
1670 SSL_aPSK,
1671 SSL_eNULL,
0f113f3e 1672 SSL_SHA256,
748f2546 1673 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1674 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1675 SSL_STRONG_NONE | SSL_FIPS,
1676 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1677 0,
1678 0,
0f113f3e 1679 },
0f113f3e
MC		 1680 {
1681 1,
748f2546 1682 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
bbb4ceb8 1683 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
748f2546
RS		 1684 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1685 SSL_kDHEPSK,
1686 SSL_aPSK,
1687 SSL_eNULL,
0f113f3e 1688 SSL_SHA384,
748f2546 1689 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1690 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1691 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1692 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
748f2546
RS		 1693 0,
1694 0,
0f113f3e 1695 },
0f113f3e
MC		 1696 {
1697 1,
748f2546 1698 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
bbb4ceb8 1699 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
748f2546
RS		 1700 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1701 SSL_kRSAPSK,
0f113f3e
MC		 1702 SSL_aRSA,
1703 SSL_AES128,
1704 SSL_SHA256,
748f2546 1705 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1706 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1707 SSL_HIGH | SSL_FIPS,
748f2546 1708 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0f113f3e
MC		 1709 128,
1710 128,
1711 },
0f113f3e
MC		 1712 {
1713 1,
748f2546 1714 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
bbb4ceb8 1715 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
748f2546
RS		 1716 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1717 SSL_kRSAPSK,
0f113f3e
MC		 1718 SSL_aRSA,
1719 SSL_AES256,
1720 SSL_SHA384,
748f2546 1721 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1722 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1723 SSL_HIGH | SSL_FIPS,
0f113f3e
MC		 1724 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1725 256,
1726 256,
1727 },
0f113f3e
MC		 1728 {
1729 1,
748f2546 1730 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
bbb4ceb8 1731 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
748f2546
RS		 1732 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1733 SSL_kRSAPSK,
0f113f3e 1734 SSL_aRSA,
748f2546
RS		 1735 SSL_eNULL,
1736 SSL_SHA256,
1737 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1738 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1739 SSL_STRONG_NONE | SSL_FIPS,
1740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1741 0,
1742 0,
0f113f3e 1743 },
0f113f3e
MC		 1744 {
1745 1,
748f2546 1746 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
bbb4ceb8 1747 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
748f2546
RS		 1748 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1749 SSL_kRSAPSK,
0f113f3e 1750 SSL_aRSA,
748f2546
RS		 1751 SSL_eNULL,
1752 SSL_SHA384,
1753 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1754 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546 1755 SSL_STRONG_NONE | SSL_FIPS,
0f113f3e 1756 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
748f2546
RS		 1757 0,
1758 0,
ea6114c6 1759 },
748f2546 1760# ifndef OPENSSL_NO_EC
d33726b9 1761# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
ea6114c6
DSH		 1762 {
1763 1,
1764 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1765 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
ea6114c6
DSH		 1766 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1767 SSL_kECDHEPSK,
1768 SSL_aPSK,
1769 SSL_3DES,
1770 SSL_SHA1,
fe55c4a2 1771 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1772 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1773 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
ea6114c6
DSH		 1774 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1775 112,
1776 168,
1777 },
d33726b9 1778# endif
ea6114c6
DSH		 1779 {
1780 1,
1781 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
bbb4ceb8 1782 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
ea6114c6
DSH		 1783 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1784 SSL_kECDHEPSK,
1785 SSL_aPSK,
1786 SSL_AES128,
1787 SSL_SHA1,
fe55c4a2 1788 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1789 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1790 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1792 128,
1793 128,
1794 },
ea6114c6
DSH		 1795 {
1796 1,
1797 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
bbb4ceb8 1798 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
ea6114c6
DSH		 1799 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1800 SSL_kECDHEPSK,
1801 SSL_aPSK,
1802 SSL_AES256,
1803 SSL_SHA1,
fe55c4a2 1804 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1805 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1806 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1808 256,
1809 256,
1810 },
ea6114c6
DSH		 1811 {
1812 1,
1813 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
bbb4ceb8 1814 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
ea6114c6
DSH		 1815 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1816 SSL_kECDHEPSK,
1817 SSL_aPSK,
1818 SSL_AES128,
1819 SSL_SHA256,
3eb2aff4 1820 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1821 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1822 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1824 128,
1825 128,
1826 },
ea6114c6
DSH		 1827 {
1828 1,
1829 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
bbb4ceb8 1830 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
ea6114c6
DSH		 1831 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1832 SSL_kECDHEPSK,
1833 SSL_aPSK,
1834 SSL_AES256,
1835 SSL_SHA384,
3eb2aff4 1836 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1837 DTLS1_BAD_VER, DTLS1_2_VERSION,
361a1191 1838 SSL_HIGH | SSL_FIPS,
ea6114c6
DSH		 1839 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1840 256,
1841 256,
1842 },
ea6114c6
DSH		 1843 {
1844 1,
1845 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
bbb4ceb8 1846 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
ea6114c6
DSH		 1847 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1848 SSL_kECDHEPSK,
1849 SSL_aPSK,
1850 SSL_eNULL,
1851 SSL_SHA1,
fe55c4a2 1852 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1853 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1854 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1855 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1856 0,
1857 0,
1858 },
ea6114c6
DSH		 1859 {
1860 1,
1861 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
bbb4ceb8 1862 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
ea6114c6
DSH		 1863 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1864 SSL_kECDHEPSK,
1865 SSL_aPSK,
1866 SSL_eNULL,
1867 SSL_SHA256,
3eb2aff4 1868 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1869 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1870 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1871 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1872 0,
1873 0,
1874 },
ea6114c6
DSH		 1875 {
1876 1,
1877 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
bbb4ceb8 1878 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
ea6114c6
DSH		 1879 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1880 SSL_kECDHEPSK,
1881 SSL_aPSK,
1882 SSL_eNULL,
1883 SSL_SHA384,
3eb2aff4 1884 TLS1_VERSION, TLS1_2_VERSION,
387cf213 1885 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510b5f7 1886 SSL_STRONG_NONE | SSL_FIPS,
ea6114c6
DSH		 1887 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1888 0,
1889 0,
1890 },
a230b26e
EK		 1891# endif /* OPENSSL_NO_EC */
1892#endif /* OPENSSL_NO_PSK */
ea6114c6 1893
748f2546 1894#ifndef OPENSSL_NO_SRP
d33726b9 1895# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
748f2546
RS		 1896 {
1897 1,
1898 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1899 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1900 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1901 SSL_kSRP,
1902 SSL_aSRP,
1903 SSL_3DES,
1904 SSL_SHA1,
1905 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1906 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1907 SSL_NOT_DEFAULT | SSL_MEDIUM,
748f2546
RS		 1908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1909 112,
1910 168,
1911 },
1912 {
1913 1,
1914 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1915 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1916 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1917 SSL_kSRP,
1918 SSL_aRSA,
1919 SSL_3DES,
1920 SSL_SHA1,
1921 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1922 DTLS1_BAD_VER, DTLS1_2_VERSION,
ef28891b 1923 SSL_NOT_DEFAULT | SSL_MEDIUM,
748f2546
RS		 1924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1925 112,
1926 168,
1927 },
1928 {
1929 1,
1930 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
bbb4ceb8 1931 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
748f2546
RS		 1932 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1933 SSL_kSRP,
1934 SSL_aDSS,
1935 SSL_3DES,
1936 SSL_SHA1,
1937 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1938 DTLS1_BAD_VER, DTLS1_2_VERSION,
4a8e9c22 1939 SSL_NOT_DEFAULT | SSL_MEDIUM,
748f2546
RS		 1940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1941 112,
1942 168,
1943 },
d33726b9 1944# endif
748f2546
RS		 1945 {
1946 1,
1947 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
bbb4ceb8 1948 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
748f2546
RS		 1949 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1950 SSL_kSRP,
1951 SSL_aSRP,
1952 SSL_AES128,
1953 SSL_SHA1,
1954 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1955 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1956 SSL_HIGH,
1957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1958 128,
1959 128,
1960 },
1961 {
1962 1,
1963 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
bbb4ceb8 1964 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
748f2546
RS		 1965 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1966 SSL_kSRP,
1967 SSL_aRSA,
1968 SSL_AES128,
1969 SSL_SHA1,
1970 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1971 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1972 SSL_HIGH,
1973 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1974 128,
1975 128,
1976 },
1977 {
1978 1,
1979 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
bbb4ceb8 1980 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
748f2546
RS		 1981 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1982 SSL_kSRP,
1983 SSL_aDSS,
1984 SSL_AES128,
1985 SSL_SHA1,
1986 SSL3_VERSION, TLS1_2_VERSION,
387cf213 1987 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 1988 SSL_NOT_DEFAULT | SSL_HIGH,
1989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1990 128,
1991 128,
1992 },
1993 {
1994 1,
1995 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
bbb4ceb8 1996 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
748f2546
RS		 1997 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1998 SSL_kSRP,
1999 SSL_aSRP,
2000 SSL_AES256,
2001 SSL_SHA1,
2002 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2003 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2004 SSL_HIGH,
2005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2006 256,
2007 256,
2008 },
2009 {
2010 1,
2011 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
bbb4ceb8 2012 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
748f2546
RS		 2013 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2014 SSL_kSRP,
2015 SSL_aRSA,
2016 SSL_AES256,
2017 SSL_SHA1,
2018 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2019 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2020 SSL_HIGH,
2021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2022 256,
2023 256,
2024 },
2025 {
2026 1,
2027 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
bbb4ceb8 2028 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
748f2546
RS		 2029 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2030 SSL_kSRP,
2031 SSL_aDSS,
2032 SSL_AES256,
2033 SSL_SHA1,
2034 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2035 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2036 SSL_NOT_DEFAULT | SSL_HIGH,
2037 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2038 256,
2039 256,
2040 },
a230b26e 2041#endif /* OPENSSL_NO_SRP */
748f2546
RS		 2042
2043#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2044# ifndef OPENSSL_NO_RSA
2045 {
2046 1,
2047 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
bbb4ceb8 2048 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
748f2546
RS		 2049 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2050 SSL_kDHE,
2051 SSL_aRSA,
2052 SSL_CHACHA20POLY1305,
2053 SSL_AEAD,
2054 TLS1_2_VERSION, TLS1_2_VERSION,
2055 DTLS1_2_VERSION, DTLS1_2_VERSION,
2056 SSL_HIGH,
2057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2058 256,
2059 256,
2060 },
a230b26e 2061# endif /* OPENSSL_NO_RSA */
748f2546
RS		 2062
2063# ifndef OPENSSL_NO_EC
2064 {
2065 1,
2066 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
bbb4ceb8 2067 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
748f2546
RS		 2068 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2069 SSL_kECDHE,
2070 SSL_aRSA,
2071 SSL_CHACHA20POLY1305,
2072 SSL_AEAD,
2073 TLS1_2_VERSION, TLS1_2_VERSION,
2074 DTLS1_2_VERSION, DTLS1_2_VERSION,
2075 SSL_HIGH,
2076 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2077 256,
2078 256,
2079 },
2080 {
2081 1,
2082 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
bbb4ceb8 2083 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
748f2546
RS		 2084 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2085 SSL_kECDHE,
2086 SSL_aECDSA,
2087 SSL_CHACHA20POLY1305,
2088 SSL_AEAD,
2089 TLS1_2_VERSION, TLS1_2_VERSION,
2090 DTLS1_2_VERSION, DTLS1_2_VERSION,
2091 SSL_HIGH,
2092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2093 256,
2094 256,
2095 },
a230b26e 2096# endif /* OPENSSL_NO_EC */
748f2546
RS		 2097
2098# ifndef OPENSSL_NO_PSK
2099 {
2100 1,
2101 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
bbb4ceb8 2102 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
748f2546
RS		 2103 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2104 SSL_kPSK,
2105 SSL_aPSK,
2106 SSL_CHACHA20POLY1305,
2107 SSL_AEAD,
2108 TLS1_2_VERSION, TLS1_2_VERSION,
2109 DTLS1_2_VERSION, DTLS1_2_VERSION,
2110 SSL_HIGH,
2111 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2112 256,
2113 256,
2114 },
2115 {
2116 1,
2117 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
bbb4ceb8 2118 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
748f2546
RS		 2119 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2120 SSL_kECDHEPSK,
2121 SSL_aPSK,
2122 SSL_CHACHA20POLY1305,
2123 SSL_AEAD,
2124 TLS1_2_VERSION, TLS1_2_VERSION,
2125 DTLS1_2_VERSION, DTLS1_2_VERSION,
2126 SSL_HIGH,
2127 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2128 256,
2129 256,
2130 },
2131 {
2132 1,
2133 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
bbb4ceb8 2134 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
748f2546
RS		 2135 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2136 SSL_kDHEPSK,
2137 SSL_aPSK,
2138 SSL_CHACHA20POLY1305,
2139 SSL_AEAD,
2140 TLS1_2_VERSION, TLS1_2_VERSION,
2141 DTLS1_2_VERSION, DTLS1_2_VERSION,
2142 SSL_HIGH,
2143 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2144 256,
2145 256,
2146 },
2147 {
2148 1,
2149 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
bbb4ceb8 2150 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
748f2546
RS		 2151 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2152 SSL_kRSAPSK,
2153 SSL_aRSA,
2154 SSL_CHACHA20POLY1305,
2155 SSL_AEAD,
2156 TLS1_2_VERSION, TLS1_2_VERSION,
2157 DTLS1_2_VERSION, DTLS1_2_VERSION,
2158 SSL_HIGH,
2159 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2160 256,
2161 256,
2162 },
a230b26e
EK		 2163# endif /* OPENSSL_NO_PSK */
2164#endif /* !defined(OPENSSL_NO_CHACHA) &&
2165 * !defined(OPENSSL_NO_POLY1305) */
748f2546
RS		 2166
2167#ifndef OPENSSL_NO_CAMELLIA
2168 {
2169 1,
2170 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2171 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2172 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2173 SSL_kRSA,
2174 SSL_aRSA,
2175 SSL_CAMELLIA128,
2176 SSL_SHA256,
2177 TLS1_2_VERSION, TLS1_2_VERSION,
2178 DTLS1_2_VERSION, DTLS1_2_VERSION,
2179 SSL_NOT_DEFAULT | SSL_HIGH,
2180 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2181 128,
2182 128,
2183 },
2184 {
2185 1,
2186 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2187 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2188 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2189 SSL_kEDH,
2190 SSL_aDSS,
2191 SSL_CAMELLIA128,
2192 SSL_SHA256,
2193 TLS1_2_VERSION, TLS1_2_VERSION,
2194 DTLS1_2_VERSION, DTLS1_2_VERSION,
2195 SSL_NOT_DEFAULT | SSL_HIGH,
2196 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2197 128,
2198 128,
2199 },
2200 {
2201 1,
2202 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2203 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2204 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2205 SSL_kEDH,
2206 SSL_aRSA,
2207 SSL_CAMELLIA128,
2208 SSL_SHA256,
2209 TLS1_2_VERSION, TLS1_2_VERSION,
2210 DTLS1_2_VERSION, DTLS1_2_VERSION,
2211 SSL_NOT_DEFAULT | SSL_HIGH,
2212 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2213 128,
2214 128,
2215 },
2216 {
2217 1,
2218 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2219 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2220 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2221 SSL_kEDH,
2222 SSL_aNULL,
2223 SSL_CAMELLIA128,
2224 SSL_SHA256,
2225 TLS1_2_VERSION, TLS1_2_VERSION,
2226 DTLS1_2_VERSION, DTLS1_2_VERSION,
2227 SSL_NOT_DEFAULT | SSL_HIGH,
2228 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2229 128,
2230 128,
2231 },
2232 {
2233 1,
2234 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
bbb4ceb8 2235 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
748f2546
RS		 2236 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2237 SSL_kRSA,
2238 SSL_aRSA,
2239 SSL_CAMELLIA256,
2240 SSL_SHA256,
2241 TLS1_2_VERSION, TLS1_2_VERSION,
2242 DTLS1_2_VERSION, DTLS1_2_VERSION,
2243 SSL_NOT_DEFAULT | SSL_HIGH,
2244 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2245 256,
2246 256,
2247 },
2248 {
2249 1,
2250 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
bbb4ceb8 2251 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
748f2546
RS		 2252 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2253 SSL_kEDH,
2254 SSL_aDSS,
2255 SSL_CAMELLIA256,
2256 SSL_SHA256,
2257 TLS1_2_VERSION, TLS1_2_VERSION,
2258 DTLS1_2_VERSION, DTLS1_2_VERSION,
2259 SSL_NOT_DEFAULT | SSL_HIGH,
2260 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2261 256,
2262 256,
2263 },
2264 {
2265 1,
2266 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
bbb4ceb8 2267 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
748f2546
RS		 2268 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2269 SSL_kEDH,
2270 SSL_aRSA,
2271 SSL_CAMELLIA256,
2272 SSL_SHA256,
2273 TLS1_2_VERSION, TLS1_2_VERSION,
2274 DTLS1_2_VERSION, DTLS1_2_VERSION,
2275 SSL_NOT_DEFAULT | SSL_HIGH,
2276 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2277 256,
2278 256,
2279 },
2280 {
2281 1,
2282 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
bbb4ceb8 2283 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
748f2546
RS		 2284 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2285 SSL_kEDH,
2286 SSL_aNULL,
2287 SSL_CAMELLIA256,
2288 SSL_SHA256,
2289 TLS1_2_VERSION, TLS1_2_VERSION,
2290 DTLS1_2_VERSION, DTLS1_2_VERSION,
2291 SSL_NOT_DEFAULT | SSL_HIGH,
2292 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2293 256,
2294 256,
2295 },
2296 {
2297 1,
2298 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
bbb4ceb8 2299 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
748f2546
RS		 2300 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2301 SSL_kRSA,
2302 SSL_aRSA,
2303 SSL_CAMELLIA256,
2304 SSL_SHA1,
2305 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2306 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2307 SSL_NOT_DEFAULT | SSL_HIGH,
2308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2309 256,
2310 256,
2311 },
2312 {
2313 1,
2314 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
bbb4ceb8 2315 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
748f2546
RS		 2316 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2317 SSL_kDHE,
2318 SSL_aDSS,
2319 SSL_CAMELLIA256,
2320 SSL_SHA1,
2321 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2322 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2323 SSL_NOT_DEFAULT | SSL_HIGH,
2324 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2325 256,
2326 256,
2327 },
2328 {
2329 1,
2330 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
bbb4ceb8 2331 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
748f2546
RS		 2332 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2333 SSL_kDHE,
2334 SSL_aRSA,
2335 SSL_CAMELLIA256,
2336 SSL_SHA1,
2337 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2338 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2339 SSL_NOT_DEFAULT | SSL_HIGH,
2340 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2341 256,
2342 256,
2343 },
2344 {
2345 1,
2346 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
bbb4ceb8 2347 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
748f2546
RS		 2348 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2349 SSL_kDHE,
2350 SSL_aNULL,
2351 SSL_CAMELLIA256,
2352 SSL_SHA1,
2353 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2354 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2355 SSL_NOT_DEFAULT | SSL_HIGH,
2356 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2357 256,
2358 256,
2359 },
2360 {
2361 1,
2362 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
bbb4ceb8 2363 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
748f2546
RS		 2364 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2365 SSL_kRSA,
2366 SSL_aRSA,
2367 SSL_CAMELLIA128,
2368 SSL_SHA1,
2369 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2370 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2371 SSL_NOT_DEFAULT | SSL_HIGH,
2372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2373 128,
2374 128,
2375 },
2376 {
2377 1,
2378 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
bbb4ceb8 2379 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
748f2546
RS		 2380 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2381 SSL_kDHE,
2382 SSL_aDSS,
2383 SSL_CAMELLIA128,
2384 SSL_SHA1,
2385 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2386 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2387 SSL_NOT_DEFAULT | SSL_HIGH,
2388 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2389 128,
2390 128,
2391 },
2392 {
2393 1,
2394 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
bbb4ceb8 2395 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
748f2546
RS		 2396 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2397 SSL_kDHE,
2398 SSL_aRSA,
2399 SSL_CAMELLIA128,
2400 SSL_SHA1,
2401 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2402 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2403 SSL_NOT_DEFAULT | SSL_HIGH,
2404 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2405 128,
2406 128,
2407 },
2408 {
2409 1,
2410 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
bbb4ceb8 2411 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
748f2546
RS		 2412 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2413 SSL_kDHE,
2414 SSL_aNULL,
2415 SSL_CAMELLIA128,
2416 SSL_SHA1,
2417 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2418 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2419 SSL_NOT_DEFAULT | SSL_HIGH,
2420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2421 128,
2422 128,
2423 },
2424
2425# ifndef OPENSSL_NO_EC
2426 {
0f113f3e
MC		 2427 1,
2428 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2429 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
0f113f3e
MC		 2430 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2431 SSL_kECDHE,
2432 SSL_aECDSA,
2433 SSL_CAMELLIA128,
2434 SSL_SHA256,
3eb2aff4
KR		 2435 TLS1_2_VERSION, TLS1_2_VERSION,
2436 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2437 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2438 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2439 128,
a230b26e
EK		 2440 128,
2441 },
748f2546 2442 {
0f113f3e
MC		 2443 1,
2444 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2445 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
0f113f3e
MC		 2446 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2447 SSL_kECDHE,
2448 SSL_aECDSA,
2449 SSL_CAMELLIA256,
2450 SSL_SHA384,
3eb2aff4
KR		 2451 TLS1_2_VERSION, TLS1_2_VERSION,
2452 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2453 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2454 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2455 256,
a230b26e
EK		 2456 256,
2457 },
748f2546 2458 {
0f113f3e
MC		 2459 1,
2460 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2461 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
0f113f3e
MC		 2462 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2463 SSL_kECDHE,
2464 SSL_aRSA,
2465 SSL_CAMELLIA128,
2466 SSL_SHA256,
3eb2aff4
KR		 2467 TLS1_2_VERSION, TLS1_2_VERSION,
2468 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2469 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2470 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2471 128,
a230b26e
EK		 2472 128,
2473 },
748f2546 2474 {
0f113f3e
MC		 2475 1,
2476 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2477 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
0f113f3e
MC		 2478 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2479 SSL_kECDHE,
2480 SSL_aRSA,
2481 SSL_CAMELLIA256,
2482 SSL_SHA384,
3eb2aff4
KR		 2483 TLS1_2_VERSION, TLS1_2_VERSION,
2484 DTLS1_2_VERSION, DTLS1_2_VERSION,
a556f342 2485 SSL_NOT_DEFAULT | SSL_HIGH,
0f113f3e
MC		 2486 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2487 256,
a230b26e
EK		 2488 256,
2489 },
2490# endif /* OPENSSL_NO_EC */
edc032b5 2491
748f2546
RS		 2492# ifndef OPENSSL_NO_PSK
2493 {
69a3a9f5
DSH		 2494 1,
2495 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2496 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
69a3a9f5
DSH		 2497 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2498 SSL_kPSK,
2499 SSL_aPSK,
2500 SSL_CAMELLIA128,
2501 SSL_SHA256,
3eb2aff4 2502 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2503 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2504 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2505 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2506 128,
a230b26e
EK		 2507 128,
2508 },
748f2546 2509 {
69a3a9f5
DSH		 2510 1,
2511 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2512 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
69a3a9f5
DSH		 2513 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2514 SSL_kPSK,
2515 SSL_aPSK,
2516 SSL_CAMELLIA256,
2517 SSL_SHA384,
3eb2aff4 2518 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2519 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2520 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2521 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2522 256,
a230b26e
EK		 2523 256,
2524 },
748f2546 2525 {
69a3a9f5
DSH		 2526 1,
2527 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2528 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
69a3a9f5
DSH		 2529 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2530 SSL_kDHEPSK,
2531 SSL_aPSK,
2532 SSL_CAMELLIA128,
2533 SSL_SHA256,
3eb2aff4 2534 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2535 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2536 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2537 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2538 128,
a230b26e
EK		 2539 128,
2540 },
748f2546 2541 {
69a3a9f5
DSH		 2542 1,
2543 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2544 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
69a3a9f5
DSH		 2545 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2546 SSL_kDHEPSK,
2547 SSL_aPSK,
2548 SSL_CAMELLIA256,
2549 SSL_SHA384,
3eb2aff4 2550 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2551 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2552 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2553 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2554 256,
a230b26e
EK		 2555 256,
2556 },
748f2546 2557 {
69a3a9f5
DSH		 2558 1,
2559 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2560 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
69a3a9f5
DSH		 2561 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2562 SSL_kRSAPSK,
2563 SSL_aRSA,
2564 SSL_CAMELLIA128,
2565 SSL_SHA256,
3eb2aff4 2566 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2567 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2568 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2569 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2570 128,
a230b26e
EK		 2571 128,
2572 },
748f2546 2573 {
69a3a9f5
DSH		 2574 1,
2575 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2576 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
69a3a9f5
DSH		 2577 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2578 SSL_kRSAPSK,
2579 SSL_aRSA,
2580 SSL_CAMELLIA256,
2581 SSL_SHA384,
3eb2aff4 2582 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2583 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2584 SSL_NOT_DEFAULT | SSL_HIGH,
69a3a9f5
DSH		 2585 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2586 256,
a230b26e
EK		 2587 256,
2588 },
176f85a2
DSH		 2589 {
2590 1,
748f2546 2591 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
bbb4ceb8 2592 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
748f2546
RS		 2593 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2594 SSL_kECDHEPSK,
176f85a2 2595 SSL_aPSK,
748f2546
RS		 2596 SSL_CAMELLIA128,
2597 SSL_SHA256,
2598 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2599 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2600 SSL_NOT_DEFAULT | SSL_HIGH,
748f2546 2601 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2 2602 128,
a230b26e
EK		 2603 128,
2604 },
176f85a2
DSH		 2605 {
2606 1,
748f2546 2607 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
bbb4ceb8 2608 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
748f2546
RS		 2609 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2610 SSL_kECDHEPSK,
176f85a2 2611 SSL_aPSK,
748f2546
RS		 2612 SSL_CAMELLIA256,
2613 SSL_SHA384,
2614 TLS1_VERSION, TLS1_2_VERSION,
387cf213 2615 DTLS1_BAD_VER, DTLS1_2_VERSION,
a556f342 2616 SSL_NOT_DEFAULT | SSL_HIGH,
748f2546 2617 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
176f85a2 2618 256,
a230b26e
EK		 2619 256,
2620 },
2621# endif /* OPENSSL_NO_PSK */
176f85a2 2622
a230b26e 2623#endif /* OPENSSL_NO_CAMELLIA */
176f85a2 2624
580731af 2625#ifndef OPENSSL_NO_GOST
176f85a2
DSH		 2626 {
2627 1,
748f2546 2628 "GOST2001-GOST89-GOST89",
bbb4ceb8 2629 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
748f2546
RS		 2630 0x3000081,
2631 SSL_kGOST,
2632 SSL_aGOST01,
2633 SSL_eGOST2814789CNT,
2634 SSL_GOST89MAC,
2635 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2636 0, 0,
748f2546
RS		 2637 SSL_HIGH,
2638 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
176f85a2 2639 256,
a230b26e
EK		 2640 256,
2641 },
748f2546
RS		 2642 {
2643 1,
2644 "GOST2001-NULL-GOST94",
bbb4ceb8 2645 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
748f2546
RS		 2646 0x3000083,
2647 SSL_kGOST,
2648 SSL_aGOST01,
2649 SSL_eNULL,
2650 SSL_GOST94,
2651 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2652 0, 0,
748f2546
RS		 2653 SSL_STRONG_NONE,
2654 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2655 0,
a230b26e
EK		 2656 0,
2657 },
748f2546
RS		 2658 {
2659 1,
2660 "GOST2012-GOST8912-GOST8912",
bbb4ceb8 2661 NULL,
748f2546
RS		 2662 0x0300ff85,
2663 SSL_kGOST,
2664 SSL_aGOST12 | SSL_aGOST01,
2665 SSL_eGOST2814789CNT12,
2666 SSL_GOST89MAC12,
2667 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2668 0, 0,
748f2546
RS		 2669 SSL_HIGH,
2670 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
176f85a2 2671 256,
a230b26e
EK		 2672 256,
2673 },
748f2546
RS		 2674 {
2675 1,
2676 "GOST2012-NULL-GOST12",
bbb4ceb8 2677 NULL,
748f2546
RS		 2678 0x0300ff87,
2679 SSL_kGOST,
2680 SSL_aGOST12 | SSL_aGOST01,
2681 SSL_eNULL,
2682 SSL_GOST12_256,
2683 TLS1_VERSION, TLS1_2_VERSION,
48c16012 2684 0, 0,
748f2546
RS		 2685 SSL_STRONG_NONE,
2686 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2687 0,
a230b26e
EK		 2688 0,
2689 },
2690#endif /* OPENSSL_NO_GOST */
176f85a2 2691
748f2546 2692#ifndef OPENSSL_NO_IDEA
176f85a2
DSH		 2693 {
2694 1,
748f2546 2695 SSL3_TXT_RSA_IDEA_128_SHA,
bbb4ceb8 2696 SSL3_RFC_RSA_IDEA_128_SHA,
748f2546
RS		 2697 SSL3_CK_RSA_IDEA_128_SHA,
2698 SSL_kRSA,
2699 SSL_aRSA,
2700 SSL_IDEA,
2701 SSL_SHA1,
2702 SSL3_VERSION, TLS1_1_VERSION,
387cf213 2703 DTLS1_BAD_VER, DTLS1_VERSION,
748f2546
RS		 2704 SSL_NOT_DEFAULT | SSL_MEDIUM,
2705 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2706 128,
2707 128,
2708 },
748f2546 2709#endif
176f85a2 2710
748f2546 2711#ifndef OPENSSL_NO_SEED
176f85a2
DSH		 2712 {
2713 1,
748f2546 2714 TLS1_TXT_RSA_WITH_SEED_SHA,
bbb4ceb8 2715 TLS1_RFC_RSA_WITH_SEED_SHA,
748f2546
RS		 2716 TLS1_CK_RSA_WITH_SEED_SHA,
2717 SSL_kRSA,
2718 SSL_aRSA,
2719 SSL_SEED,
2720 SSL_SHA1,
2721 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2722 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2723 SSL_NOT_DEFAULT | SSL_MEDIUM,
2724 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2725 128,
2726 128,
176f85a2 2727 },
176f85a2
DSH		 2728 {
2729 1,
748f2546 2730 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
bbb4ceb8 2731 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
748f2546
RS		 2732 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2733 SSL_kDHE,
2734 SSL_aDSS,
2735 SSL_SEED,
2736 SSL_SHA1,
2737 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2738 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2739 SSL_NOT_DEFAULT | SSL_MEDIUM,
2740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2741 128,
2742 128,
2743 },
176f85a2
DSH		 2744 {
2745 1,
748f2546 2746 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
bbb4ceb8 2747 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
748f2546
RS		 2748 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2749 SSL_kDHE,
2750 SSL_aRSA,
2751 SSL_SEED,
2752 SSL_SHA1,
2753 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2754 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2755 SSL_NOT_DEFAULT | SSL_MEDIUM,
2756 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2757 128,
2758 128,
176f85a2 2759 },
176f85a2
DSH		 2760 {
2761 1,
748f2546 2762 TLS1_TXT_ADH_WITH_SEED_SHA,
bbb4ceb8 2763 TLS1_RFC_ADH_WITH_SEED_SHA,
748f2546
RS		 2764 TLS1_CK_ADH_WITH_SEED_SHA,
2765 SSL_kDHE,
2766 SSL_aNULL,
2767 SSL_SEED,
2768 SSL_SHA1,
2769 SSL3_VERSION, TLS1_2_VERSION,
387cf213 2770 DTLS1_BAD_VER, DTLS1_2_VERSION,
748f2546
RS		 2771 SSL_NOT_DEFAULT | SSL_MEDIUM,
2772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2773 128,
2774 128,
2775 },
a230b26e 2776#endif /* OPENSSL_NO_SEED */
176f85a2 2777
748f2546
RS		 2778#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2779 {
2780 1,
2781 SSL3_TXT_RSA_RC4_128_MD5,
bbb4ceb8 2782 SSL3_RFC_RSA_RC4_128_MD5,
748f2546
RS		 2783 SSL3_CK_RSA_RC4_128_MD5,
2784 SSL_kRSA,
2785 SSL_aRSA,
2786 SSL_RC4,
2787 SSL_MD5,
2788 SSL3_VERSION, TLS1_2_VERSION,
2789 0, 0,
2790 SSL_NOT_DEFAULT | SSL_MEDIUM,
2791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2792 128,
2793 128,
2794 },
176f85a2
DSH		 2795 {
2796 1,
748f2546 2797 SSL3_TXT_RSA_RC4_128_SHA,
bbb4ceb8 2798 SSL3_RFC_RSA_RC4_128_SHA,
748f2546
RS		 2799 SSL3_CK_RSA_RC4_128_SHA,
2800 SSL_kRSA,
2801 SSL_aRSA,
2802 SSL_RC4,
2803 SSL_SHA1,
2804 SSL3_VERSION, TLS1_2_VERSION,
2805 0, 0,
2806 SSL_NOT_DEFAULT | SSL_MEDIUM,
2807 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2808 128,
2809 128,
176f85a2 2810 },
176f85a2
DSH		 2811 {
2812 1,
748f2546 2813 SSL3_TXT_ADH_RC4_128_MD5,
bbb4ceb8 2814 SSL3_RFC_ADH_RC4_128_MD5,
748f2546
RS		 2815 SSL3_CK_ADH_RC4_128_MD5,
2816 SSL_kDHE,
2817 SSL_aNULL,
2818 SSL_RC4,
2819 SSL_MD5,
2820 SSL3_VERSION, TLS1_2_VERSION,
2821 0, 0,
2822 SSL_NOT_DEFAULT | SSL_MEDIUM,
2823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176f85a2
DSH		 2824 128,
2825 128,
2826 },
2827
748f2546 2828# ifndef OPENSSL_NO_EC
176f85a2
DSH		 2829 {
2830 1,
748f2546 2831 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
bbb4ceb8 2832 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
748f2546
RS		 2833 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2834 SSL_kECDHEPSK,
2835 SSL_aPSK,
2836 SSL_RC4,
2837 SSL_SHA1,
fe55c4a2 2838 TLS1_VERSION, TLS1_2_VERSION,
748f2546
RS		 2839 0, 0,
2840 SSL_NOT_DEFAULT | SSL_MEDIUM,
2841 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2842 128,
2843 128,
176f85a2 2844 },
a76ba82c
AP		 2845 {
2846 1,
748f2546 2847 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
bbb4ceb8 2848 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
748f2546 2849 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
a76ba82c 2850 SSL_kECDHE,
748f2546
RS		 2851 SSL_aNULL,
2852 SSL_RC4,
2853 SSL_SHA1,
fe55c4a2 2854 TLS1_VERSION, TLS1_2_VERSION,
748f2546
RS		 2855 0, 0,
2856 SSL_NOT_DEFAULT | SSL_MEDIUM,
2857 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2858 128,
2859 128,
a76ba82c 2860 },
a76ba82c
AP		 2861 {
2862 1,
748f2546 2863 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
bbb4ceb8 2864 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
748f2546 2865 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
a76ba82c
AP		 2866 SSL_kECDHE,
2867 SSL_aECDSA,
748f2546
RS		 2868 SSL_RC4,
2869 SSL_SHA1,
fe55c4a2 2870 TLS1_VERSION, TLS1_2_VERSION,
748f2546
RS		 2871 0, 0,
2872 SSL_NOT_DEFAULT | SSL_MEDIUM,
2873 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2874 128,
2875 128,
a76ba82c 2876 },
a76ba82c
AP		 2877 {
2878 1,
748f2546 2879 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
bbb4ceb8 2880 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
748f2546
RS		 2881 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2882 SSL_kECDHE,
a76ba82c 2883 SSL_aRSA,
748f2546
RS		 2884 SSL_RC4,
2885 SSL_SHA1,
fe55c4a2 2886 TLS1_VERSION, TLS1_2_VERSION,
748f2546
RS		 2887 0, 0,
2888 SSL_NOT_DEFAULT | SSL_MEDIUM,
2889 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2890 128,
2891 128,
a76ba82c 2892 },
a230b26e 2893# endif /* OPENSSL_NO_EC */
748f2546 2894
a76ba82c 2895# ifndef OPENSSL_NO_PSK
a76ba82c
AP		 2896 {
2897 1,
748f2546 2898 TLS1_TXT_PSK_WITH_RC4_128_SHA,
bbb4ceb8 2899 TLS1_RFC_PSK_WITH_RC4_128_SHA,
748f2546 2900 TLS1_CK_PSK_WITH_RC4_128_SHA,
a76ba82c
AP		 2901 SSL_kPSK,
2902 SSL_aPSK,
748f2546
RS		 2903 SSL_RC4,
2904 SSL_SHA1,
2905 SSL3_VERSION, TLS1_2_VERSION,
2906 0, 0,
2907 SSL_NOT_DEFAULT | SSL_MEDIUM,
2908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2909 128,
2910 128,
a76ba82c 2911 },
a76ba82c
AP		 2912 {
2913 1,
748f2546 2914 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
bbb4ceb8 2915 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
748f2546
RS		 2916 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2917 SSL_kRSAPSK,
2918 SSL_aRSA,
2919 SSL_RC4,
2920 SSL_SHA1,
2921 SSL3_VERSION, TLS1_2_VERSION,
2922 0, 0,
2923 SSL_NOT_DEFAULT | SSL_MEDIUM,
2924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2925 128,
2926 128,
a76ba82c 2927 },
a76ba82c
AP		 2928 {
2929 1,
748f2546 2930 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
bbb4ceb8 2931 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
748f2546 2932 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
a76ba82c
AP		 2933 SSL_kDHEPSK,
2934 SSL_aPSK,
748f2546
RS		 2935 SSL_RC4,
2936 SSL_SHA1,
2937 SSL3_VERSION, TLS1_2_VERSION,
2938 0, 0,
2939 SSL_NOT_DEFAULT | SSL_MEDIUM,
2940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2941 128,
2942 128,
a76ba82c 2943 },
a230b26e 2944# endif /* OPENSSL_NO_PSK */
748f2546 2945
a230b26e 2946#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
e44380a9 2947
bc326738
JS		 2948#ifndef OPENSSL_NO_ARIA
2949 {
2950 1,
2951 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2952 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2953 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2954 SSL_kRSA,
2955 SSL_aRSA,
2956 SSL_ARIA128GCM,
2957 SSL_AEAD,
2958 TLS1_2_VERSION, TLS1_2_VERSION,
2959 DTLS1_2_VERSION, DTLS1_2_VERSION,
2960 SSL_NOT_DEFAULT | SSL_HIGH,
2961 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2962 128,
2963 128,
2964 },
2965 {
2966 1,
2967 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2968 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2969 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2970 SSL_kRSA,
2971 SSL_aRSA,
2972 SSL_ARIA256GCM,
2973 SSL_AEAD,
2974 TLS1_2_VERSION, TLS1_2_VERSION,
2975 DTLS1_2_VERSION, DTLS1_2_VERSION,
2976 SSL_NOT_DEFAULT | SSL_HIGH,
2977 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2978 256,
2979 256,
2980 },
2981 {
2982 1,
2983 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2984 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2985 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2986 SSL_kDHE,
2987 SSL_aRSA,
2988 SSL_ARIA128GCM,
2989 SSL_AEAD,
2990 TLS1_2_VERSION, TLS1_2_VERSION,
2991 DTLS1_2_VERSION, DTLS1_2_VERSION,
2992 SSL_NOT_DEFAULT | SSL_HIGH,
2993 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2994 128,
2995 128,
2996 },
2997 {
2998 1,
2999 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3000 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3001 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3002 SSL_kDHE,
3003 SSL_aRSA,
3004 SSL_ARIA256GCM,
3005 SSL_AEAD,
3006 TLS1_2_VERSION, TLS1_2_VERSION,
3007 DTLS1_2_VERSION, DTLS1_2_VERSION,
3008 SSL_NOT_DEFAULT | SSL_HIGH,
3009 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3010 256,
3011 256,
3012 },
3013 {
3014 1,
3015 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3016 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3017 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3018 SSL_kDHE,
3019 SSL_aDSS,
3020 SSL_ARIA128GCM,
3021 SSL_AEAD,
3022 TLS1_2_VERSION, TLS1_2_VERSION,
3023 DTLS1_2_VERSION, DTLS1_2_VERSION,
3024 SSL_NOT_DEFAULT | SSL_HIGH,
3025 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3026 128,
3027 128,
3028 },
3029 {
3030 1,
3031 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3032 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3033 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3034 SSL_kDHE,
3035 SSL_aDSS,
3036 SSL_ARIA256GCM,
3037 SSL_AEAD,
3038 TLS1_2_VERSION, TLS1_2_VERSION,
3039 DTLS1_2_VERSION, DTLS1_2_VERSION,
3040 SSL_NOT_DEFAULT | SSL_HIGH,
3041 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3042 256,
3043 256,
3044 },
3045 {
3046 1,
3047 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3048 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3049 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3050 SSL_kECDHE,
3051 SSL_aECDSA,
3052 SSL_ARIA128GCM,
3053 SSL_AEAD,
3054 TLS1_2_VERSION, TLS1_2_VERSION,
3055 DTLS1_2_VERSION, DTLS1_2_VERSION,
3056 SSL_NOT_DEFAULT | SSL_HIGH,
3057 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3058 128,
3059 128,
3060 },
3061 {
3062 1,
3063 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3064 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3065 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3066 SSL_kECDHE,
3067 SSL_aECDSA,
3068 SSL_ARIA256GCM,
3069 SSL_AEAD,
3070 TLS1_2_VERSION, TLS1_2_VERSION,
3071 DTLS1_2_VERSION, DTLS1_2_VERSION,
3072 SSL_NOT_DEFAULT | SSL_HIGH,
3073 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3074 256,
3075 256,
3076 },
3077
3078 {
3079 1,
3080 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3081 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3082 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3083 SSL_kECDHE,
3084 SSL_aRSA,
3085 SSL_ARIA128GCM,
3086 SSL_AEAD,
3087 TLS1_2_VERSION, TLS1_2_VERSION,
3088 DTLS1_2_VERSION, DTLS1_2_VERSION,
3089 SSL_NOT_DEFAULT | SSL_HIGH,
3090 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3091 128,
3092 128,
3093 },
3094 {
3095 1,
3096 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3097 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3098 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3099 SSL_kECDHE,
3100 SSL_aRSA,
3101 SSL_ARIA256GCM,
3102 SSL_AEAD,
3103 TLS1_2_VERSION, TLS1_2_VERSION,
3104 DTLS1_2_VERSION, DTLS1_2_VERSION,
3105 SSL_NOT_DEFAULT | SSL_HIGH,
3106 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3107 256,
3108 256,
3109 },
3110 {
3111 1,
3112 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3113 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3114 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3115 SSL_kPSK,
3116 SSL_aPSK,
3117 SSL_ARIA128GCM,
3118 SSL_AEAD,
3119 TLS1_2_VERSION, TLS1_2_VERSION,
3120 DTLS1_2_VERSION, DTLS1_2_VERSION,
3121 SSL_NOT_DEFAULT | SSL_HIGH,
3122 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3123 128,
3124 128,
3125 },
3126 {
3127 1,
3128 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3129 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3130 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3131 SSL_kPSK,
3132 SSL_aPSK,
3133 SSL_ARIA256GCM,
3134 SSL_AEAD,
3135 TLS1_2_VERSION, TLS1_2_VERSION,
3136 DTLS1_2_VERSION, DTLS1_2_VERSION,
3137 SSL_NOT_DEFAULT | SSL_HIGH,
3138 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3139 256,
3140 256,
3141 },
3142 {
3143 1,
3144 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3145 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3146 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3147 SSL_kDHEPSK,
3148 SSL_aPSK,
3149 SSL_ARIA128GCM,
3150 SSL_AEAD,
3151 TLS1_2_VERSION, TLS1_2_VERSION,
3152 DTLS1_2_VERSION, DTLS1_2_VERSION,
3153 SSL_NOT_DEFAULT | SSL_HIGH,
3154 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3155 128,
3156 128,
3157 },
3158 {
3159 1,
3160 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3161 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3162 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3163 SSL_kDHEPSK,
3164 SSL_aPSK,
3165 SSL_ARIA256GCM,
3166 SSL_AEAD,
3167 TLS1_2_VERSION, TLS1_2_VERSION,
3168 DTLS1_2_VERSION, DTLS1_2_VERSION,
3169 SSL_NOT_DEFAULT | SSL_HIGH,
3170 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3171 256,
3172 256,
3173 },
3174
3175 {
3176 1,
3177 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3178 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3179 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3180 SSL_kRSAPSK,
3181 SSL_aRSA,
3182 SSL_ARIA128GCM,
3183 SSL_AEAD,
3184 TLS1_2_VERSION, TLS1_2_VERSION,
3185 DTLS1_2_VERSION, DTLS1_2_VERSION,
3186 SSL_NOT_DEFAULT | SSL_HIGH,
3187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3188 128,
3189 128,
3190 },
3191 {
3192 1,
3193 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3194 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3195 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3196 SSL_kRSAPSK,
3197 SSL_aRSA,
3198 SSL_ARIA256GCM,
3199 SSL_AEAD,
3200 TLS1_2_VERSION, TLS1_2_VERSION,
3201 DTLS1_2_VERSION, DTLS1_2_VERSION,
3202 SSL_NOT_DEFAULT | SSL_HIGH,
3203 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3204 256,
3205 256,
3206 },
3207#endif /* OPENSSL_NO_ARIA */
0f113f3e
MC		 3208};
3209
650c6e41
BK		 3210/*
3211 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3212 * values stuffed into the ciphers field of the wire protocol for signalling
3213 * purposes.
3214 */
3215static SSL_CIPHER ssl3_scsvs[] = {
3216 {
3217 0,
3218 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
bbb4ceb8 3219 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
650c6e41
BK		 3220 SSL3_CK_SCSV,
3221 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3222 },
3223 {
3224 0,
3225 "TLS_FALLBACK_SCSV",
bbb4ceb8 3226 "TLS_FALLBACK_SCSV",
650c6e41
BK		 3227 SSL3_CK_FALLBACK_SCSV,
3228 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3229 },
3230};
3231
748f2546
RS		 3232static int cipher_compare(const void *a, const void *b)
3233{
3234 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3235 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3236
a7ff5796
RL		 3237 if (ap->id == bp->id)
3238 return 0;
3239 return ap->id < bp->id ? -1 : 1;
748f2546
RS		 3240}
3241
3242void ssl_sort_cipher_list(void)
3243{
650c6e41 3244 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
748f2546 3245 cipher_compare);
650c6e41 3246 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
748f2546
RS		 3247}
3248
0f113f3e
MC		 3249const SSL3_ENC_METHOD SSLv3_enc_data = {
3250 ssl3_enc,
3251 n_ssl3_mac,
3252 ssl3_setup_key_block,
3253 ssl3_generate_master_secret,
3254 ssl3_change_cipher_state,
3255 ssl3_final_finish_mac,
0f113f3e
MC		 3256 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3257 SSL3_MD_SERVER_FINISHED_CONST, 4,
3258 ssl3_alert_code,
3259 (int (*)(SSL *, unsigned char *, size_t, const char *,
3260 size_t, const unsigned char *, size_t,
3261 int use_context))ssl_undefined_function,
3262 0,
a29fa98c 3263 ssl3_set_handshake_header,
2c7b4dbc 3264 tls_close_construct_packet,
0f113f3e
MC		 3265 ssl3_handshake_write
3266};
58964a49 3267
f3b656b2 3268long ssl3_default_timeout(void)
0f113f3e
MC		 3269{
3270 /*
3271 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3272 * http, the cache would over fill
3273 */
3274 return (60 * 60 * 2);
3275}
d02b48c6 3276
6b691a5c 3277int ssl3_num_ciphers(void)
0f113f3e 3278{
26a7d938 3279 return SSL3_NUM_CIPHERS;
0f113f3e 3280}
d02b48c6 3281
babb3798 3282const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
0f113f3e
MC		 3283{
3284 if (u < SSL3_NUM_CIPHERS)
26a7d938 3285 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
0f113f3e 3286 else
26a7d938 3287 return NULL;
0f113f3e 3288}
d02b48c6 3289
a29fa98c 3290int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
2c7b4dbc 3291{
4a01c59f
MC		 3292 /* No header in the event of a CCS */
3293 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3294 return 1;
3295
2c7b4dbc 3296 /* Set the content type and 3 bytes for the message len */
08029dfa 3297 if (!WPACKET_put_bytes_u8(pkt, htype)
de451856 3298 || !WPACKET_start_sub_packet_u24(pkt))
2c7b4dbc
MC		 3299 return 0;
3300
3301 return 1;
3302}
3303
173e72e6 3304int ssl3_handshake_write(SSL *s)
0f113f3e
MC		 3305{
3306 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3307}
173e72e6 3308
6b691a5c 3309int ssl3_new(SSL *s)
0f113f3e
MC		 3310{
3311 SSL3_STATE *s3;
d02b48c6 3312
b51bce94 3313 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
0f113f3e 3314 goto err;
0f113f3e 3315 s->s3 = s3;
1e0784ff 3316
edc032b5 3317#ifndef OPENSSL_NO_SRP
61986d32 3318 if (!SSL_SRP_CTX_init(s))
a230b26e 3319 goto err;
edc032b5 3320#endif
b77f3ed1
MC		 3321
3322 if (!s->method->ssl_clear(s))
3323 return 0;
3324
a89325e4 3325 return 1;
0f113f3e 3326 err:
a89325e4 3327 return 0;
0f113f3e 3328}
d02b48c6 3329
6b691a5c 3330void ssl3_free(SSL *s)
0f113f3e 3331{
a60c151a 3332 if (s == NULL || s->s3 == NULL)
0f113f3e 3333 return;
e03ddfae 3334
0f113f3e 3335 ssl3_cleanup_key_block(s);
8d92c1f8 3336
fb79abe3 3337#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
61dd9f7a
DSH		 3338 EVP_PKEY_free(s->s3->peer_tmp);
3339 s->s3->peer_tmp = NULL;
b22d7113
DSH		 3340 EVP_PKEY_free(s->s3->tmp.pkey);
3341 s->s3->tmp.pkey = NULL;
ea262260
BM		 3342#endif
3343
75c13e78 3344 OPENSSL_free(s->s3->tmp.ctype);
fa7c2637 3345 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
76106e60
DSH		 3346 OPENSSL_free(s->s3->tmp.ciphers_raw);
3347 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3348 OPENSSL_free(s->s3->tmp.peer_sigalgs);
85fb6fda 3349 ssl3_free_digest_list(s);
25aaa98a 3350 OPENSSL_free(s->s3->alpn_selected);
817cd0d5 3351 OPENSSL_free(s->s3->alpn_proposed);
6f017a8f 3352
edc032b5 3353#ifndef OPENSSL_NO_SRP
0f113f3e 3354 SSL_SRP_CTX_free(s);
edc032b5 3355#endif
b4faea50 3356 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
0f113f3e
MC		 3357 s->s3 = NULL;
3358}
d02b48c6 3359
b77f3ed1 3360int ssl3_clear(SSL *s)
0f113f3e 3361{
0f113f3e 3362 ssl3_cleanup_key_block(s);
75c13e78 3363 OPENSSL_free(s->s3->tmp.ctype);
fa7c2637 3364 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
76106e60 3365 OPENSSL_free(s->s3->tmp.ciphers_raw);
76106e60 3366 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
76106e60 3367 OPENSSL_free(s->s3->tmp.peer_sigalgs);
d02b48c6 3368
fb79abe3 3369#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
b22d7113 3370 EVP_PKEY_free(s->s3->tmp.pkey);
61dd9f7a 3371 EVP_PKEY_free(s->s3->peer_tmp);
a230b26e 3372#endif /* !OPENSSL_NO_EC */
0f113f3e 3373
85fb6fda 3374 ssl3_free_digest_list(s);
e481f9b9 3375
817cd0d5
TS		 3376 OPENSSL_free(s->s3->alpn_selected);
3377 OPENSSL_free(s->s3->alpn_proposed);
e481f9b9 3378
817cd0d5 3379 /* NULL/zero-out everything in the s3 struct */
b4faea50 3380 memset(s->s3, 0, sizeof(*s->s3));
0f113f3e 3381
b77f3ed1
MC		 3382 if (!ssl_free_wbio_buffer(s))
3383 return 0;
0f113f3e 3384
0f113f3e 3385 s->version = SSL3_VERSION;
ee2ffc27 3386
e481f9b9 3387#if !defined(OPENSSL_NO_NEXTPROTONEG)
aff8c126
RS		 3388 OPENSSL_free(s->ext.npn);
3389 s->ext.npn = NULL;
3390 s->ext.npn_len = 0;
ee2ffc27 3391#endif
b77f3ed1
MC		 3392
3393 return 1;
0f113f3e 3394}
d02b48c6 3395
edc032b5 3396#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3397static char *srp_password_from_info_cb(SSL *s, void *arg)
3398{
7644a9ae 3399 return OPENSSL_strdup(s->srp_ctx.info);
0f113f3e 3400}
edc032b5
BL		 3401#endif
3402
a230b26e 3403static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
9f27b1ee 3404
a661b653 3405long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
0f113f3e
MC		 3406{
3407 int ret = 0;
58964a49 3408
0f113f3e 3409 switch (cmd) {
0f113f3e
MC		 3410 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3411 break;
3412 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3413 ret = s->s3->num_renegotiations;
3414 break;
3415 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3416 ret = s->s3->num_renegotiations;
3417 s->s3->num_renegotiations = 0;
3418 break;
3419 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3420 ret = s->s3->total_renegotiations;
3421 break;
3422 case SSL_CTRL_GET_FLAGS:
3423 ret = (int)(s->s3->flags);
3424 break;
bc36ee62 3425#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3426 case SSL_CTRL_SET_TMP_DH:
3427 {
3428 DH *dh = (DH *)parg;
e2b420fd 3429 EVP_PKEY *pkdh = NULL;
0f113f3e
MC		 3430 if (dh == NULL) {
3431 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
26a7d938 3432 return ret;
0f113f3e 3433 }
e2b420fd
DSH		 3434 pkdh = ssl_dh_to_pkey(dh);
3435 if (pkdh == NULL) {
3436 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3437 return 0;
3438 }
0f113f3e 3439 if (!ssl_security(s, SSL_SECOP_TMP_DH,
e2b420fd 3440 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
0f113f3e 3441 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
e2b420fd
DSH		 3442 EVP_PKEY_free(pkdh);
3443 return ret;
0f113f3e 3444 }
e2b420fd
DSH		 3445 EVP_PKEY_free(s->cert->dh_tmp);
3446 s->cert->dh_tmp = pkdh;
0f113f3e
MC		 3447 ret = 1;
3448 }
3449 break;
3450 case SSL_CTRL_SET_TMP_DH_CB:
3451 {
3452 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
26a7d938 3453 return ret;
0f113f3e 3454 }
0f113f3e
MC		 3455 case SSL_CTRL_SET_DH_AUTO:
3456 s->cert->dh_tmp_auto = larg;
3457 return 1;
d3442bc7 3458#endif
10bf4fc2 3459#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3460 case SSL_CTRL_SET_TMP_ECDH:
3461 {
6977e8ee
KR		 3462 const EC_GROUP *group = NULL;
3463 int nid;
0f113f3e
MC		 3464
3465 if (parg == NULL) {
3466 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
6977e8ee 3467 return 0;
0f113f3e 3468 }
6977e8ee
KR		 3469 group = EC_KEY_get0_group((const EC_KEY *)parg);
3470 if (group == NULL) {
3471 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3472 return 0;
0f113f3e 3473 }
6977e8ee
KR		 3474 nid = EC_GROUP_get_curve_name(group);
3475 if (nid == NID_undef)
3476 return 0;
aff8c126
RS		 3477 return tls1_set_groups(&s->ext.supportedgroups,
3478 &s->ext.supportedgroups_len,
6977e8ee 3479 &nid, 1);
0f113f3e
MC		 3480 }
3481 break;
10bf4fc2 3482#endif /* !OPENSSL_NO_EC */
0f113f3e
MC		 3483 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3484 if (larg == TLSEXT_NAMETYPE_host_name) {
0982ecaa
VD		 3485 size_t len;
3486
aff8c126
RS		 3487 OPENSSL_free(s->ext.hostname);
3488 s->ext.hostname = NULL;
0f113f3e
MC		 3489
3490 ret = 1;
3491 if (parg == NULL)
3492 break;
0982ecaa
VD		 3493 len = strlen((char *)parg);
3494 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
0f113f3e
MC		 3495 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3496 return 0;
3497 }
aff8c126 3498 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
0f113f3e
MC		 3499 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3500 return 0;
3501 }
3502 } else {
3503 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3504 return 0;
3505 }
3506 break;
3507 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
aff8c126 3508 s->ext.debug_arg = parg;
0f113f3e
MC		 3509 ret = 1;
3510 break;
3511
4300aaf3 3512 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
aff8c126 3513 ret = s->ext.status_type;
4300aaf3
AG		 3514 break;
3515
0f113f3e 3516 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
aff8c126 3517 s->ext.status_type = larg;
0f113f3e
MC		 3518 ret = 1;
3519 break;
3520
3521 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
aff8c126 3522 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
0f113f3e
MC		 3523 ret = 1;
3524 break;
3525
3526 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
aff8c126 3527 s->ext.ocsp.exts = parg;
0f113f3e
MC		 3528 ret = 1;
3529 break;
3530
3531 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
aff8c126 3532 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
0f113f3e
MC		 3533 ret = 1;
3534 break;
3535
3536 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
aff8c126 3537 s->ext.ocsp.ids = parg;
0f113f3e
MC		 3538 ret = 1;
3539 break;
3540
3541 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
aff8c126
RS		 3542 *(unsigned char **)parg = s->ext.ocsp.resp;
3543 if (s->ext.ocsp.resp_len == 0
3544 || s->ext.ocsp.resp_len > LONG_MAX)
8b0e934a 3545 return -1;
aff8c126 3546 return (long)s->ext.ocsp.resp_len;
0f113f3e
MC		 3547
3548 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
aff8c126
RS		 3549 OPENSSL_free(s->ext.ocsp.resp);
3550 s->ext.ocsp.resp = parg;
3551 s->ext.ocsp.resp_len = larg;
0f113f3e
MC		 3552 ret = 1;
3553 break;
3554
b612799a
RL		 3555#ifndef OPENSSL_NO_HEARTBEATS
3556 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3557 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3558 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3559 break;
3560#endif
3561
0f113f3e
MC		 3562 case SSL_CTRL_CHAIN:
3563 if (larg)
3564 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3565 else
3566 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3567
3568 case SSL_CTRL_CHAIN_CERT:
3569 if (larg)
3570 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3571 else
3572 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3573
3574 case SSL_CTRL_GET_CHAIN_CERTS:
3575 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3576 break;
3577
3578 case SSL_CTRL_SELECT_CURRENT_CERT:
3579 return ssl_cert_select_current(s->cert, (X509 *)parg);
3580
3581 case SSL_CTRL_SET_CURRENT_CERT:
3582 if (larg == SSL_CERT_SET_SERVER) {
0f113f3e
MC		 3583 const SSL_CIPHER *cipher;
3584 if (!s->server)
3585 return 0;
3586 cipher = s->s3->tmp.new_cipher;
f365a3e2 3587 if (cipher == NULL)
0f113f3e
MC		 3588 return 0;
3589 /*
3590 * No certificate for unauthenticated ciphersuites or using SRP
3591 * authentication
3592 */
3593 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3594 return 2;
a497cf25 3595 if (s->s3->tmp.cert == NULL)
0f113f3e 3596 return 0;
a497cf25 3597 s->cert->key = s->s3->tmp.cert;
0f113f3e
MC		 3598 return 1;
3599 }
3600 return ssl_cert_set_current(s->cert, larg);
0f78819c 3601
14536c8c 3602#ifndef OPENSSL_NO_EC
de4d764e 3603 case SSL_CTRL_GET_GROUPS:
0f113f3e 3604 {
9e84a42d 3605 uint16_t *clist;
0f113f3e 3606 size_t clistlen;
aff8c126 3607
0f113f3e
MC		 3608 if (!s->session)
3609 return 0;
aff8c126 3610 clist = s->session->ext.supportedgroups;
9e84a42d 3611 clistlen = s->session->ext.supportedgroups_len;
0f113f3e
MC		 3612 if (parg) {
3613 size_t i;
3614 int *cptr = parg;
43b95d73 3615
0f113f3e 3616 for (i = 0; i < clistlen; i++) {
43b95d73
DSH		 3617 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3618
3619 if (cinf != NULL)
3620 cptr[i] = cinf->nid;
0f113f3e 3621 else
9e84a42d 3622 cptr[i] = TLSEXT_nid_unknown | clist[i];
0f113f3e
MC		 3623 }
3624 }
3625 return (int)clistlen;
3626 }
3627
de4d764e 3628 case SSL_CTRL_SET_GROUPS:
aff8c126
RS		 3629 return tls1_set_groups(&s->ext.supportedgroups,
3630 &s->ext.supportedgroups_len, parg, larg);
0f113f3e 3631
de4d764e 3632 case SSL_CTRL_SET_GROUPS_LIST:
aff8c126
RS		 3633 return tls1_set_groups_list(&s->ext.supportedgroups,
3634 &s->ext.supportedgroups_len, parg);
0f113f3e 3635
de4d764e 3636 case SSL_CTRL_GET_SHARED_GROUP:
43b95d73
DSH		 3637 {
3638 uint16_t id = tls1_shared_group(s, larg);
0f113f3e 3639
43b95d73
DSH		 3640 if (larg != -1) {
3641 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3642
3643 return ginf == NULL ? 0 : ginf->nid;
3644 }
3645 return id;
3646 }
14536c8c 3647#endif
0f113f3e
MC		 3648 case SSL_CTRL_SET_SIGALGS:
3649 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3650
3651 case SSL_CTRL_SET_SIGALGS_LIST:
3652 return tls1_set_sigalgs_list(s->cert, parg, 0);
3653
3654 case SSL_CTRL_SET_CLIENT_SIGALGS:
3655 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3656
3657 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3658 return tls1_set_sigalgs_list(s->cert, parg, 1);
3659
3660 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3661 {
3662 const unsigned char **pctype = parg;
3663 if (s->server || !s->s3->tmp.cert_req)
3664 return 0;
0f113f3e 3665 if (pctype)
75c13e78
DSH		 3666 *pctype = s->s3->tmp.ctype;
3667 return s->s3->tmp.ctype_len;
0f113f3e
MC		 3668 }
3669
3670 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3671 if (!s->server)
3672 return 0;
3673 return ssl3_set_req_cert_type(s->cert, parg, larg);
3674
3675 case SSL_CTRL_BUILD_CERT_CHAIN:
3676 return ssl_build_cert_chain(s, NULL, larg);
3677
3678 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3679 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3680
3681 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3682 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3683
3684 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
f742cda8 3685 if (s->s3->tmp.peer_sigalg == NULL)
0f113f3e 3686 return 0;
f742cda8
DSH		 3687 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3688 return 1;
0f113f3e
MC		 3689
3690 case SSL_CTRL_GET_SERVER_TMP_KEY:
fb79abe3
DSH		 3691#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3692 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
0f113f3e 3693 return 0;
fb79abe3
DSH		 3694 } else {
3695 EVP_PKEY_up_ref(s->s3->peer_tmp);
3696 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3697 return 1;
0f113f3e 3698 }
fb79abe3
DSH		 3699#else
3700 return 0;
3701#endif
14536c8c 3702#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3703 case SSL_CTRL_GET_EC_POINT_FORMATS:
3704 {
3705 SSL_SESSION *sess = s->session;
3706 const unsigned char **pformat = parg;
aff8c126
RS		 3707
3708 if (sess == NULL || sess->ext.ecpointformats == NULL)
0f113f3e 3709 return 0;
aff8c126
RS		 3710 *pformat = sess->ext.ecpointformats;
3711 return (int)sess->ext.ecpointformats_len;
0f113f3e 3712 }
14536c8c 3713#endif
cf6da053 3714
0f113f3e
MC		 3715 default:
3716 break;
3717 }
26a7d938 3718 return ret;
0f113f3e
MC		 3719}
3720
3721long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3722{
3723 int ret = 0;
d3442bc7 3724
0f113f3e 3725 switch (cmd) {
bc36ee62 3726#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3727 case SSL_CTRL_SET_TMP_DH_CB:
3728 {
3729 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3730 }
3731 break;
6434abbf 3732#endif
0f113f3e 3733 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
aff8c126 3734 s->ext.debug_cb = (void (*)(SSL *, int, int,
1ed327f7 3735 const unsigned char *, int, void *))fp;
0f113f3e 3736 break;
e481f9b9 3737
0f113f3e
MC		 3738 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3739 {
3740 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3741 }
3742 break;
3743 default:
3744 break;
3745 }
26a7d938 3746 return ret;
0f113f3e 3747}
d02b48c6 3748
a661b653 3749long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
0f113f3e 3750{
0f113f3e 3751 switch (cmd) {
bc36ee62 3752#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3753 case SSL_CTRL_SET_TMP_DH:
3754 {
e2b420fd
DSH		 3755 DH *dh = (DH *)parg;
3756 EVP_PKEY *pkdh = NULL;
3757 if (dh == NULL) {
3758 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
0f113f3e
MC		 3759 return 0;
3760 }
e2b420fd
DSH		 3761 pkdh = ssl_dh_to_pkey(dh);
3762 if (pkdh == NULL) {
3763 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
0f113f3e
MC		 3764 return 0;
3765 }
e2b420fd
DSH		 3766 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3767 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3768 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3769 EVP_PKEY_free(pkdh);
3770 return 1;
0f113f3e 3771 }
e2b420fd
DSH		 3772 EVP_PKEY_free(ctx->cert->dh_tmp);
3773 ctx->cert->dh_tmp = pkdh;
0f113f3e
MC		 3774 return 1;
3775 }
0f113f3e
MC		 3776 case SSL_CTRL_SET_TMP_DH_CB:
3777 {
3778 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
26a7d938 3779 return 0;
0f113f3e 3780 }
0f113f3e
MC		 3781 case SSL_CTRL_SET_DH_AUTO:
3782 ctx->cert->dh_tmp_auto = larg;
3783 return 1;
d02b48c6 3784#endif
10bf4fc2 3785#ifndef OPENSSL_NO_EC
0f113f3e
MC		 3786 case SSL_CTRL_SET_TMP_ECDH:
3787 {
6977e8ee
KR		 3788 const EC_GROUP *group = NULL;
3789 int nid;
0f113f3e
MC		 3790
3791 if (parg == NULL) {
6977e8ee 3792 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
0f113f3e
MC		 3793 return 0;
3794 }
6977e8ee
KR		 3795 group = EC_KEY_get0_group((const EC_KEY *)parg);
3796 if (group == NULL) {
3797 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
0f113f3e
MC		 3798 return 0;
3799 }
6977e8ee
KR		 3800 nid = EC_GROUP_get_curve_name(group);
3801 if (nid == NID_undef)
3802 return 0;
aff8c126
RS		 3803 return tls1_set_groups(&ctx->ext.supportedgroups,
3804 &ctx->ext.supportedgroups_len,
6977e8ee 3805 &nid, 1);
0f113f3e 3806 }
10bf4fc2 3807#endif /* !OPENSSL_NO_EC */
0f113f3e 3808 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
aff8c126 3809 ctx->ext.servername_arg = parg;
0f113f3e
MC		 3810 break;
3811 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3812 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3813 {
3814 unsigned char *keys = parg;
aff8c126
RS		 3815 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3816 sizeof(ctx->ext.tick_hmac_key) +
3817 sizeof(ctx->ext.tick_aes_key));
d139723b 3818 if (keys == NULL)
aff8c126
RS		 3819 return tick_keylen;
3820 if (larg != tick_keylen) {
0f113f3e
MC		 3821 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3822 return 0;
3823 }
3824 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
aff8c126
RS		 3825 memcpy(ctx->ext.tick_key_name, keys,
3826 sizeof(ctx->ext.tick_key_name));
3827 memcpy(ctx->ext.tick_hmac_key,
3828 keys + sizeof(ctx->ext.tick_key_name),
3829 sizeof(ctx->ext.tick_hmac_key));
3830 memcpy(ctx->ext.tick_aes_key,
3831 keys + sizeof(ctx->ext.tick_key_name) +
3832 sizeof(ctx->ext.tick_hmac_key),
3833 sizeof(ctx->ext.tick_aes_key));
0f113f3e 3834 } else {
aff8c126
RS		 3835 memcpy(keys, ctx->ext.tick_key_name,
3836 sizeof(ctx->ext.tick_key_name));
3837 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3838 ctx->ext.tick_hmac_key,
3839 sizeof(ctx->ext.tick_hmac_key));
3840 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3841 sizeof(ctx->ext.tick_hmac_key),
3842 ctx->ext.tick_aes_key,
3843 sizeof(ctx->ext.tick_aes_key));
0f113f3e
MC		 3844 }
3845 return 1;
3846 }
3847
30b96765 3848 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
aff8c126 3849 return ctx->ext.status_type;
30b96765 3850
ba261f71 3851 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
aff8c126 3852 ctx->ext.status_type = larg;
ba261f71 3853 break;
3854
0f113f3e 3855 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
aff8c126 3856 ctx->ext.status_arg = parg;
0f113f3e 3857 return 1;
0f113f3e 3858
fddfc0af 3859 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
aff8c126 3860 *(void**)parg = ctx->ext.status_arg;
fddfc0af
RG		 3861 break;
3862
3863 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
aff8c126 3864 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
fddfc0af
RG		 3865 break;
3866
e481f9b9 3867#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 3868 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3869 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
b548a1f1 3870 OPENSSL_free(ctx->srp_ctx.login);
0f113f3e
MC		 3871 ctx->srp_ctx.login = NULL;
3872 if (parg == NULL)
3873 break;
a230b26e 3874 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
0f113f3e
MC		 3875 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3876 return 0;
3877 }
7644a9ae 3878 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
0f113f3e
MC		 3879 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3880 return 0;
3881 }
3882 break;
3883 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3884 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3885 srp_password_from_info_cb;
e655f549
DSC		 3886 if (ctx->srp_ctx.info != NULL)
3887 OPENSSL_free(ctx->srp_ctx.info);
3888 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3889 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3890 return 0;
3891 }
0f113f3e
MC		 3892 break;
3893 case SSL_CTRL_SET_SRP_ARG:
3894 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3895 ctx->srp_ctx.SRP_cb_arg = parg;
3896 break;
3897
3898 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3899 ctx->srp_ctx.strength = larg;
3900 break;
e481f9b9 3901#endif
0f113f3e 3902
e481f9b9 3903#ifndef OPENSSL_NO_EC
de4d764e 3904 case SSL_CTRL_SET_GROUPS:
aff8c126
RS		 3905 return tls1_set_groups(&ctx->ext.supportedgroups,
3906 &ctx->ext.supportedgroups_len,
0f113f3e
MC		 3907 parg, larg);
3908
de4d764e 3909 case SSL_CTRL_SET_GROUPS_LIST:
aff8c126
RS		 3910 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3911 &ctx->ext.supportedgroups_len,
0f113f3e 3912 parg);
e481f9b9 3913#endif
0f113f3e
MC		 3914 case SSL_CTRL_SET_SIGALGS:
3915 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3916
3917 case SSL_CTRL_SET_SIGALGS_LIST:
3918 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3919
3920 case SSL_CTRL_SET_CLIENT_SIGALGS:
3921 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3922
3923 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3924 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3925
3926 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3927 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3928
3929 case SSL_CTRL_BUILD_CERT_CHAIN:
3930 return ssl_build_cert_chain(NULL, ctx, larg);
3931
3932 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3933 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3934
3935 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3936 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3937
0f113f3e
MC		 3938 /* A Thawte special :-) */
3939 case SSL_CTRL_EXTRA_CHAIN_CERT:
3940 if (ctx->extra_certs == NULL) {
3c82e437
F		 3941 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3942 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3943 return 0;
3944 }
3945 }
3946 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3947 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3948 return 0;
0f113f3e 3949 }
0f113f3e
MC		 3950 break;
3951
3952 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3953 if (ctx->extra_certs == NULL && larg == 0)
3954 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3955 else
3956 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3957 break;
3958
3959 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
222561fe
RS		 3960 sk_X509_pop_free(ctx->extra_certs, X509_free);
3961 ctx->extra_certs = NULL;
0f113f3e
MC		 3962 break;
3963
3964 case SSL_CTRL_CHAIN:
3965 if (larg)
3966 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3967 else
3968 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3969
3970 case SSL_CTRL_CHAIN_CERT:
3971 if (larg)
3972 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3973 else
3974 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3975
3976 case SSL_CTRL_GET_CHAIN_CERTS:
3977 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3978 break;
3979
3980 case SSL_CTRL_SELECT_CURRENT_CERT:
3981 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3982
3983 case SSL_CTRL_SET_CURRENT_CERT:
3984 return ssl_cert_set_current(ctx->cert, larg);
3985
3986 default:
26a7d938 3987 return 0;
0f113f3e 3988 }
208fb891 3989 return 1;
0f113f3e
MC		 3990}
3991
3992long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3993{
0f113f3e 3994 switch (cmd) {
bc36ee62 3995#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3996 case SSL_CTRL_SET_TMP_DH_CB:
3997 {
8ca8fc48 3998 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
0f113f3e
MC		 3999 }
4000 break;
ed3883d2 4001#endif
0f113f3e 4002 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
aff8c126 4003 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
0f113f3e
MC		 4004 break;
4005
0f113f3e 4006 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
aff8c126 4007 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
0f113f3e
MC		 4008 break;
4009
4010 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
aff8c126 4011 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
0f113f3e
MC		 4012 unsigned char *,
4013 EVP_CIPHER_CTX *,
4014 HMAC_CTX *, int))fp;
4015 break;
4016
e481f9b9 4017#ifndef OPENSSL_NO_SRP
0f113f3e
MC		 4018 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4019 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4020 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4021 break;
4022 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4023 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4024 ctx->srp_ctx.TLS_ext_srp_username_callback =
4025 (int (*)(SSL *, int *, void *))fp;
4026 break;
4027 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4028 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4029 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4030 (char *(*)(SSL *, void *))fp;
4031 break;
761772d7 4032#endif
0f113f3e
MC		 4033 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4034 {
4035 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4036 }
4037 break;
4038 default:
26a7d938 4039 return 0;
0f113f3e 4040 }
208fb891 4041 return 1;
0f113f3e 4042}
761772d7 4043
ec15acb6
MC		 4044const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4045{
4046 SSL_CIPHER c;
650c6e41 4047 const SSL_CIPHER *cp;
ec15acb6
MC		 4048
4049 c.id = id;
650c6e41
BK		 4050 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4051 if (cp != NULL)
4052 return cp;
4053 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
ec15acb6
MC		 4054}
4055
bbb4ceb8
PY		 4056const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4057{
4058 SSL_CIPHER *c = NULL;
4059 SSL_CIPHER *tbl = ssl3_ciphers;
4060 size_t i;
4061
3519bae5 4062 /* this is not efficient, necessary to optimize this? */
bbb4ceb8
PY		 4063 for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
4064 if (tbl->stdname == NULL)
4065 continue;
4066 if (strcmp(stdname, tbl->stdname) == 0) {
4067 c = tbl;
4068 break;
4069 }
4070 }
4071 if (c == NULL) {
4072 tbl = ssl3_scsvs;
4073 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4074 if (strcmp(stdname, tbl->stdname) == 0) {
4075 c = tbl;
4076 break;
4077 }
4078 }
4079 }
4080 return c;
4081}
4082
0f113f3e
MC		 4083/*
4084 * This function needs to check if the ciphers required are actually
4085 * available
4086 */
babb3798 4087const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
0f113f3e 4088{
1f5b44e9 4089 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
ec15acb6
MC		 4090 | ((uint32_t)p[0] << 8L)
4091 | (uint32_t)p[1]);
0f113f3e 4092}
d02b48c6 4093
ae2f7b37 4094int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
2c7b4dbc 4095{
34f7245b 4096 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
2c7b4dbc
MC		 4097 *len = 0;
4098 return 1;
4099 }
4100
08029dfa 4101 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
2c7b4dbc
MC		 4102 return 0;
4103
4104 *len = 2;
4105 return 1;
4106}
4107
3eb2aff4
KR		 4108/*
4109 * ssl3_choose_cipher - choose a cipher from those offered by the client
4110 * @s: SSL connection
4111 * @clnt: ciphers offered by the client
4112 * @srvr: ciphers enabled on the server?
4113 *
4114 * Returns the selected cipher or NULL when no common ciphers.
4115 */
4a640fb6 4116const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
a230b26e 4117 STACK_OF(SSL_CIPHER) *srvr)
0f113f3e 4118{
4a640fb6 4119 const SSL_CIPHER *c, *ret = NULL;
0f113f3e
MC		 4120 STACK_OF(SSL_CIPHER) *prio, *allow;
4121 int i, ii, ok;
0de6d66d 4122 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
e1c7871d
TS		 4123#ifndef OPENSSL_NO_CHACHA
4124 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4125#endif
d02b48c6 4126
0f113f3e 4127 /* Let's see which ciphers we can support */
d02b48c6 4128
0f113f3e
MC		 4129 /*
4130 * Do not set the compare functions, because this may lead to a
4131 * reordering by "id". We want to keep the original ordering. We may pay
4132 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4133 * pay with the price of sk_SSL_CIPHER_dup().
4134 */
d02b48c6 4135
f415fa32 4136#ifdef CIPHER_DEBUG
0f113f3e
MC		 4137 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4138 (void *)srvr);
4139 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4140 c = sk_SSL_CIPHER_value(srvr, i);
4141 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4142 }
4143 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4144 (void *)clnt);
4145 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4146 c = sk_SSL_CIPHER_value(clnt, i);
4147 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4148 }
f415fa32
BL		 4149#endif
4150
e1c7871d
TS		 4151 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4152 if (tls1_suiteb(s)) {
4153 prio = srvr;
4154 allow = clnt;
4155 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
0f113f3e
MC		 4156 prio = srvr;
4157 allow = clnt;
e1c7871d
TS		 4158#ifndef OPENSSL_NO_CHACHA
4159 /* If ChaCha20 is at the top of the client preference list,
4160 and there are ChaCha20 ciphers in the server list, then
4161 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4162 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4163 c = sk_SSL_CIPHER_value(clnt, 0);
4164 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4165 /* ChaCha20 is client preferred, check server... */
4166 int num = sk_SSL_CIPHER_num(srvr);
4167 int found = 0;
4168 for (i = 0; i < num; i++) {
4169 c = sk_SSL_CIPHER_value(srvr, i);
4170 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4171 found = 1;
4172 break;
4173 }
4174 }
4175 if (found) {
e670e903 4176 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
e1c7871d
TS		 4177 /* if reserve fails, then there's likely a memory issue */
4178 if (prio_chacha != NULL) {
4179 /* Put all ChaCha20 at the top, starting with the one we just found */
4180 sk_SSL_CIPHER_push(prio_chacha, c);
4181 for (i++; i < num; i++) {
4182 c = sk_SSL_CIPHER_value(srvr, i);
4183 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4184 sk_SSL_CIPHER_push(prio_chacha, c);
4185 }
4186 /* Pull in the rest */
4187 for (i = 0; i < num; i++) {
4188 c = sk_SSL_CIPHER_value(srvr, i);
4189 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4190 sk_SSL_CIPHER_push(prio_chacha, c);
4191 }
4192 prio = prio_chacha;
4193 }
4194 }
4195 }
4196 }
4197# endif
0f113f3e
MC		 4198 } else {
4199 prio = clnt;
4200 allow = srvr;
4201 }
4202
0de6d66d
MC		 4203 if (!SSL_IS_TLS13(s)) {
4204 tls1_set_cert_validity(s);
4205 ssl_set_masks(s);
4206 }
0f113f3e
MC		 4207
4208 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4209 c = sk_SSL_CIPHER_value(prio, i);
4210
3eb2aff4
KR		 4211 /* Skip ciphers not supported by the protocol version */
4212 if (!SSL_IS_DTLS(s) &&
a230b26e 4213 ((s->version < c->min_tls) || (s->version > c->max_tls)))
0f113f3e 4214 continue;
3eb2aff4 4215 if (SSL_IS_DTLS(s) &&
a230b26e
EK		 4216 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4217 DTLS_VERSION_GT(s->version, c->max_dtls)))
2b573382 4218 continue;
a055a881 4219
0de6d66d
MC		 4220 /*
4221 * Since TLS 1.3 ciphersuites can be used with any auth or
4222 * key exchange scheme skip tests.
4223 */
4224 if (!SSL_IS_TLS13(s)) {
612ca806
DSH		 4225 mask_k = s->s3->tmp.mask_k;
4226 mask_a = s->s3->tmp.mask_a;
edc032b5 4227#ifndef OPENSSL_NO_SRP
612ca806
DSH		 4228 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4229 mask_k |= SSL_kSRP;
4230 mask_a |= SSL_aSRP;
4231 }
edc032b5 4232#endif
0f113f3e 4233
612ca806
DSH		 4234 alg_k = c->algorithm_mkey;
4235 alg_a = c->algorithm_auth;
52b8dad8 4236
ddac1974 4237#ifndef OPENSSL_NO_PSK
612ca806
DSH		 4238 /* with PSK there must be server callback set */
4239 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4240 continue;
0f113f3e
MC		 4241#endif /* OPENSSL_NO_PSK */
4242
612ca806 4243 ok = (alg_k & mask_k) && (alg_a & mask_a);
d02b48c6 4244#ifdef CIPHER_DEBUG
612ca806
DSH		 4245 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4246 alg_a, mask_k, mask_a, (void *)c, c->name);
d02b48c6 4247#endif
d02b48c6 4248
a230b26e 4249#ifndef OPENSSL_NO_EC
612ca806
DSH		 4250 /*
4251 * if we are considering an ECC cipher suite that uses an ephemeral
4252 * EC key check it
4253 */
4254 if (alg_k & SSL_kECDHE)
4255 ok = ok && tls1_check_ec_tmp_key(s, c->id);
a230b26e 4256#endif /* OPENSSL_NO_EC */
0f113f3e 4257
612ca806
DSH		 4258 if (!ok)
4259 continue;
4260 }
0f113f3e
MC		 4261 ii = sk_SSL_CIPHER_find(allow, c);
4262 if (ii >= 0) {
4263 /* Check security callback permits this cipher */
4264 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4a640fb6 4265 c->strength_bits, 0, (void *)c))
0f113f3e 4266 continue;
e481f9b9 4267#if !defined(OPENSSL_NO_EC)
0f113f3e
MC		 4268 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4269 && s->s3->is_probably_safari) {
4270 if (!ret)
4271 ret = sk_SSL_CIPHER_value(allow, ii);
4272 continue;
4273 }
d89cd382 4274#endif
0f113f3e
MC		 4275 ret = sk_SSL_CIPHER_value(allow, ii);
4276 break;
4277 }
4278 }
e1c7871d
TS		 4279#ifndef OPENSSL_NO_CHACHA
4280 sk_SSL_CIPHER_free(prio_chacha);
4281#endif
26a7d938 4282 return ret;
0f113f3e 4283}
d02b48c6 4284
28ff8ef3 4285int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
0f113f3e 4286{
90d9e49a 4287 uint32_t alg_k, alg_a = 0;
0f113f3e
MC		 4288
4289 /* If we have custom certificate types set, use them */
75c13e78
DSH		 4290 if (s->cert->ctype)
4291 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
0f113f3e
MC		 4292 /* Get mask of algorithms disabled by signature list */
4293 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
0f113f3e
MC		 4294
4295 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
d02b48c6 4296
caa97ef1 4297#ifndef OPENSSL_NO_GOST
28ff8ef3
MC		 4298 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4299 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4300 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4301 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
caa97ef1
DSH		 4302#endif
4303
bc71f910 4304 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
bc36ee62 4305#ifndef OPENSSL_NO_DH
0f113f3e 4306# ifndef OPENSSL_NO_RSA
28ff8ef3
MC		 4307 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4308 return 0;
0f113f3e
MC		 4309# endif
4310# ifndef OPENSSL_NO_DSA
28ff8ef3
MC		 4311 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4312 return 0;
0f113f3e 4313# endif
0f113f3e 4314#endif /* !OPENSSL_NO_DH */
1e0784ff 4315 }
bc36ee62 4316#ifndef OPENSSL_NO_RSA
28ff8ef3
MC		 4317 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4318 return 0;
d02b48c6 4319#endif
bc36ee62 4320#ifndef OPENSSL_NO_DSA
28ff8ef3
MC		 4321 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4322 return 0;
dfeab068 4323#endif
10bf4fc2 4324#ifndef OPENSSL_NO_EC
0f113f3e 4325 /*
c66ce5eb 4326 * ECDSA certs can be used with RSA cipher suites too so we don't
0f113f3e
MC		 4327 * need to check for SSL_kECDH or SSL_kECDHE
4328 */
28ff8ef3
MC		 4329 if (s->version >= TLS1_VERSION
4330 && !(alg_a & SSL_aECDSA)
4331 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4332 return 0;
0f113f3e 4333#endif
28ff8ef3 4334 return 1;
0f113f3e 4335}
d02b48c6 4336
9f27b1ee 4337static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
0f113f3e 4338{
75c13e78
DSH		 4339 OPENSSL_free(c->ctype);
4340 c->ctype = NULL;
4341 c->ctype_len = 0;
4342 if (p == NULL || len == 0)
0f113f3e
MC		 4343 return 1;
4344 if (len > 0xff)
4345 return 0;
75c13e78
DSH		 4346 c->ctype = OPENSSL_memdup(p, len);
4347 if (c->ctype == NULL)
0f113f3e 4348 return 0;
75c13e78 4349 c->ctype_len = len;
0f113f3e
MC		 4350 return 1;
4351}
9f27b1ee 4352
6b691a5c 4353int ssl3_shutdown(SSL *s)
0f113f3e
MC		 4354{
4355 int ret;
4356
4357 /*
4358 * Don't do anything much if we have not done the handshake or we don't
4359 * want to send messages :-)
4360 */
c874def6 4361 if (s->quiet_shutdown || SSL_in_before(s)) {
0f113f3e 4362 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
208fb891 4363 return 1;
0f113f3e
MC		 4364 }
4365
4366 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4367 s->shutdown |= SSL_SENT_SHUTDOWN;
0f113f3e 4368 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
0f113f3e
MC		 4369 /*
4370 * our shutdown alert has been sent now, and if it still needs to be
4371 * written, s->s3->alert_dispatch will be true
4372 */
4373 if (s->s3->alert_dispatch)
26a7d938 4374 return -1; /* return WANT_WRITE */
0f113f3e
MC		 4375 } else if (s->s3->alert_dispatch) {
4376 /* resend it if not sent */
0f113f3e
MC		 4377 ret = s->method->ssl_dispatch_alert(s);
4378 if (ret == -1) {
4379 /*
4380 * we only get to return -1 here the 2nd/Nth invocation, we must
8483a003 4381 * have already signalled return 0 upon a previous invocation,
0f113f3e
MC		 4382 * return WANT_WRITE
4383 */
26a7d938 4384 return ret;
0f113f3e 4385 }
0f113f3e 4386 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
54105ddd 4387 size_t readbytes;
0f113f3e
MC		 4388 /*
4389 * If we are waiting for a close from our peer, we are closed
4390 */
54105ddd 4391 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
0f113f3e 4392 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
eda75751 4393 return -1; /* return WANT_READ */
0f113f3e
MC		 4394 }
4395 }
4396
4397 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4398 !s->s3->alert_dispatch)
208fb891 4399 return 1;
0f113f3e 4400 else
26a7d938 4401 return 0;
0f113f3e 4402}
d02b48c6 4403
7ee8627f 4404int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
0f113f3e 4405{
0f113f3e
MC		 4406 clear_sys_error();
4407 if (s->s3->renegotiate)
c7f47786 4408 ssl3_renegotiate_check(s, 0);
0f113f3e 4409
7ee8627f
MC		 4410 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4411 written);
0f113f3e 4412}
d02b48c6 4413
eda75751 4414static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
54105ddd 4415 size_t *readbytes)
0f113f3e
MC		 4416{
4417 int ret;
4418
4419 clear_sys_error();
4420 if (s->s3->renegotiate)
c7f47786 4421 ssl3_renegotiate_check(s, 0);
0f113f3e
MC		 4422 s->s3->in_read_app_data = 1;
4423 ret =
657da85e 4424 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
54105ddd 4425 peek, readbytes);
0f113f3e
MC		 4426 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4427 /*
4428 * ssl3_read_bytes decided to call s->handshake_func, which called
4429 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4430 * actually found application data and thinks that application data
4431 * makes sense here; so disable handshake processing and try to read
4432 * application data again.
4433 */
024f543c 4434 ossl_statem_set_in_handshake(s, 1);
0f113f3e 4435 ret =
657da85e 4436 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
54105ddd 4437 len, peek, readbytes);
024f543c 4438 ossl_statem_set_in_handshake(s, 0);
0f113f3e
MC		 4439 } else
4440 s->s3->in_read_app_data = 0;
4441
eda75751 4442 return ret;
0f113f3e 4443}
d02b48c6 4444
54105ddd 4445int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
0f113f3e 4446{
54105ddd 4447 return ssl3_read_internal(s, buf, len, 0, readbytes);
0f113f3e 4448}
d02b48c6 4449
54105ddd 4450int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
0f113f3e 4451{
54105ddd 4452 return ssl3_read_internal(s, buf, len, 1, readbytes);
0f113f3e 4453}
d02b48c6 4454
6b691a5c 4455int ssl3_renegotiate(SSL *s)
0f113f3e
MC		 4456{
4457 if (s->handshake_func == NULL)
208fb891 4458 return 1;
d02b48c6 4459
0f113f3e 4460 s->s3->renegotiate = 1;
208fb891 4461 return 1;
0f113f3e 4462}
d02b48c6 4463
c7f47786
MC		 4464/*
4465 * Check if we are waiting to do a renegotiation and if so whether now is a
4466 * good time to do it. If |initok| is true then we are being called from inside
4467 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4468 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4469 * should do a renegotiation now and sets up the state machine for it. Otherwise
4470 * returns 0.
4471 */
4472int ssl3_renegotiate_check(SSL *s, int initok)
0f113f3e
MC		 4473{
4474 int ret = 0;
4475
4476 if (s->s3->renegotiate) {
f161995e
MC		 4477 if (!RECORD_LAYER_read_pending(&s->rlayer)
4478 && !RECORD_LAYER_write_pending(&s->rlayer)
c7f47786 4479 && (initok || !SSL_in_init(s))) {
0f113f3e
MC		 4480 /*
4481 * if we are the server, and we have sent a 'RENEGOTIATE'
49ae7423
MC		 4482 * message, we need to set the state machine into the renegotiate
4483 * state.
0f113f3e 4484 */
fe3a3291 4485 ossl_statem_set_renegotiate(s);
0f113f3e
MC		 4486 s->s3->renegotiate = 0;
4487 s->s3->num_renegotiations++;
4488 s->s3->total_renegotiations++;
4489 ret = 1;
4490 }
4491 }
c7f47786 4492 return ret;
0f113f3e
MC		 4493}
4494
58964a49 4495/*
0f113f3e
MC		 4496 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4497 * handshake macs if required.
12053a81
DSH		 4498 *
4499 * If PSK and using SHA384 for TLS < 1.2 switch to default.
7409d7ad
DSH		 4500 */
4501long ssl_get_algorithm2(SSL *s)
0f113f3e 4502{
52eede5a
DSH		 4503 long alg2;
4504 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4505 return -1;
4506 alg2 = s->s3->tmp.new_cipher->algorithm2;
12053a81
DSH		 4507 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4508 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4509 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4510 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4511 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4512 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4513 }
0f113f3e
MC		 4514 return alg2;
4515}
a3680c8f
MC		 4516
4517/*
4518 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4519 * failure, 1 on success.
4520 */
f7f2a01d
MC		 4521int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4522 DOWNGRADE dgrd)
a3680c8f 4523{
f7f2a01d 4524 int send_time = 0, ret;
a3680c8f
MC		 4525
4526 if (len < 4)
4527 return 0;
4528 if (server)
4529 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4530 else
4531 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4532 if (send_time) {
4533 unsigned long Time = (unsigned long)time(NULL);
4534 unsigned char *p = result;
ae3947de 4535
a3680c8f 4536 l2n(Time, p);
ae3947de 4537 ret = ssl_randbytes(s, p, len - 4);
f7f2a01d 4538 } else {
ae3947de 4539 ret = ssl_randbytes(s, result, len);
f7f2a01d
MC		 4540 }
4541#ifndef OPENSSL_NO_TLS13DOWNGRADE
4542 if (ret) {
b77f3ed1
MC		 4543 if (!ossl_assert(sizeof(tls11downgrade) < len)
4544 || !ossl_assert(sizeof(tls12downgrade) < len))
4545 return 0;
f7f2a01d
MC		 4546 if (dgrd == DOWNGRADE_TO_1_2)
4547 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4548 sizeof(tls12downgrade));
4549 else if (dgrd == DOWNGRADE_TO_1_1)
4550 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4551 sizeof(tls11downgrade));
4552 }
4553#endif
4554 return ret;
a3680c8f 4555}
57b272b0
DSH		 4556
4557int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4558 int free_pms)
4559{
8a0a12e5 4560 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
8c1a5343
MC		 4561 int ret = 0;
4562
8a0a12e5 4563 if (alg_k & SSL_PSK) {
0907d710 4564#ifndef OPENSSL_NO_PSK
8a0a12e5
DSH		 4565 unsigned char *pskpms, *t;
4566 size_t psklen = s->s3->tmp.psklen;
4567 size_t pskpmslen;
4568
4569 /* create PSK premaster_secret */
4570
4571 /* For plain PSK "other_secret" is psklen zeroes */
4572 if (alg_k & SSL_kPSK)
4573 pmslen = psklen;
4574
4575 pskpmslen = 4 + pmslen + psklen;
4576 pskpms = OPENSSL_malloc(pskpmslen);
8c1a5343 4577 if (pskpms == NULL)
a784665e 4578 goto err;
8a0a12e5
DSH		 4579 t = pskpms;
4580 s2n(pmslen, t);
4581 if (alg_k & SSL_kPSK)
4582 memset(t, 0, pmslen);
4583 else
4584 memcpy(t, pms, pmslen);
4585 t += pmslen;
4586 s2n(psklen, t);
4587 memcpy(t, s->s3->tmp.psk, psklen);
4588
4589 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4590 s->s3->tmp.psk = NULL;
8c1a5343
MC		 4591 if (!s->method->ssl3_enc->generate_master_secret(s,
4592 s->session->master_key,pskpms, pskpmslen,
4593 &s->session->master_key_length))
4594 goto err;
8a0a12e5 4595 OPENSSL_clear_free(pskpms, pskpmslen);
0907d710
MC		 4596#else
4597 /* Should never happen */
0907d710 4598 goto err;
8a0a12e5 4599#endif
0907d710 4600 } else {
8c1a5343
MC		 4601 if (!s->method->ssl3_enc->generate_master_secret(s,
4602 s->session->master_key, pms, pmslen,
4603 &s->session->master_key_length))
4604 goto err;
0907d710
MC		 4605 }
4606
8c1a5343 4607 ret = 1;
0907d710 4608 err:
8a0a12e5
DSH		 4609 if (pms) {
4610 if (free_pms)
4611 OPENSSL_clear_free(pms, pmslen);
4612 else
4613 OPENSSL_cleanse(pms, pmslen);
4614 }
57b272b0
DSH		 4615 if (s->server == 0)
4616 s->s3->tmp.pms = NULL;
8c1a5343 4617 return ret;
57b272b0 4618}
3f3504bd 4619
0a699a07
DSH		 4620/* Generate a private key from parameters */
4621EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
3f3504bd
DSH		 4622{
4623 EVP_PKEY_CTX *pctx = NULL;
4624 EVP_PKEY *pkey = NULL;
0a699a07
DSH		 4625
4626 if (pm == NULL)
4627 return NULL;
4628 pctx = EVP_PKEY_CTX_new(pm, NULL);
4629 if (pctx == NULL)
4630 goto err;
4631 if (EVP_PKEY_keygen_init(pctx) <= 0)
4632 goto err;
4633 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4634 EVP_PKEY_free(pkey);
4635 pkey = NULL;
4636 }
4637
4638 err:
4639 EVP_PKEY_CTX_free(pctx);
4640 return pkey;
4641}
4642#ifndef OPENSSL_NO_EC
43b95d73
DSH		 4643/* Generate a private key from a group ID */
4644EVP_PKEY *ssl_generate_pkey_group(uint16_t id)
0a699a07
DSH		 4645{
4646 EVP_PKEY_CTX *pctx = NULL;
4647 EVP_PKEY *pkey = NULL;
43b95d73
DSH		 4648 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4649 uint16_t gtype;
0a699a07 4650
43b95d73 4651 if (ginf == NULL)
0a699a07 4652 goto err;
43b95d73
DSH		 4653 gtype = ginf->flags & TLS_CURVE_TYPE;
4654 if (gtype == TLS_CURVE_CUSTOM)
4655 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4656 else
0a699a07 4657 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3f3504bd
DSH		 4658 if (pctx == NULL)
4659 goto err;
4660 if (EVP_PKEY_keygen_init(pctx) <= 0)
4661 goto err;
43b95d73
DSH		 4662 if (gtype != TLS_CURVE_CUSTOM
4663 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
3f3504bd 4664 goto err;
3f3504bd
DSH		 4665 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4666 EVP_PKEY_free(pkey);
4667 pkey = NULL;
4668 }
4669
a230b26e 4670 err:
3f3504bd
DSH		 4671 EVP_PKEY_CTX_free(pctx);
4672 return pkey;
4673}
612f9d22
DSH		 4674
4675/*
4676 * Generate parameters from a group ID
4677 */
4678EVP_PKEY *ssl_generate_param_group(uint16_t id)
4679{
4680 EVP_PKEY_CTX *pctx = NULL;
4681 EVP_PKEY *pkey = NULL;
4682 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4683
4684 if (ginf == NULL)
4685 goto err;
4686
4687 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4688 pkey = EVP_PKEY_new();
4689 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4690 return pkey;
4691 EVP_PKEY_free(pkey);
4692 return NULL;
4693 }
4694
4695 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4696 if (pctx == NULL)
4697 goto err;
4698 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4699 goto err;
4700 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4701 goto err;
4702 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4703 EVP_PKEY_free(pkey);
4704 pkey = NULL;
4705 }
4706
4707 err:
4708 EVP_PKEY_CTX_free(pctx);
4709 return pkey;
4710}
0a699a07 4711#endif
a230b26e 4712
92760c21
MC		 4713/* Derive secrets for ECDH/DH */
4714int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
3f3504bd
DSH		 4715{
4716 int rv = 0;
4717 unsigned char *pms = NULL;
4718 size_t pmslen = 0;
4719 EVP_PKEY_CTX *pctx;
4720
4721 if (privkey == NULL || pubkey == NULL)
4722 return 0;
4723
4724 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4725
4726 if (EVP_PKEY_derive_init(pctx) <= 0
4727 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4728 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4729 goto err;
4730 }
4731
4732 pms = OPENSSL_malloc(pmslen);
4733 if (pms == NULL)
4734 goto err;
4735
4736 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4737 goto err;
4738
92760c21
MC		 4739 if (gensecret) {
4740 if (SSL_IS_TLS13(s)) {
4741 /*
ec15acb6
MC		 4742 * If we are resuming then we already generated the early secret
4743 * when we created the ClientHello, so don't recreate it.
92760c21 4744 */
ec15acb6
MC		 4745 if (!s->hit)
4746 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4747 0,
4748 (unsigned char *)&s->early_secret);
0247086d
MC		 4749 else
4750 rv = 1;
4751
ec15acb6 4752 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
92760c21 4753 } else {
c8ab3a46 4754 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
92760c21 4755 }
3f3504bd 4756 } else {
0f1e51ea 4757 /* Save premaster secret */
3f3504bd
DSH		 4758 s->s3->tmp.pms = pms;
4759 s->s3->tmp.pmslen = pmslen;
4760 pms = NULL;
4761 rv = 1;
4762 }
4763
a230b26e 4764 err:
3f3504bd
DSH		 4765 OPENSSL_clear_free(pms, pmslen);
4766 EVP_PKEY_CTX_free(pctx);
4767 return rv;
4768}
6c4e6670 4769
1e0784ff 4770#ifndef OPENSSL_NO_DH
6c4e6670
DSH		 4771EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4772{
4773 EVP_PKEY *ret;
4774 if (dh == NULL)
4775 return NULL;
4776 ret = EVP_PKEY_new();
4777 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
4778 EVP_PKEY_free(ret);
4779 return NULL;
4780 }
4781 return ret;
4782}
1e0784ff 4783#endif
A mirror of the official openssl repository