2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include "internal/cryptlib.h"
23 DEFINE_STACK_OF(X509_NAME
)
25 DEFINE_STACK_OF_CONST(SSL_CIPHER
)
27 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
28 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
29 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
31 /* TLSv1.3 downgrade protection sentinel values */
32 const unsigned char tls11downgrade
[] = {
33 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
35 const unsigned char tls12downgrade
[] = {
36 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
39 /* The list of available TLSv1.3 ciphers */
40 static SSL_CIPHER tls13_ciphers
[] = {
43 TLS1_3_RFC_AES_128_GCM_SHA256
,
44 TLS1_3_RFC_AES_128_GCM_SHA256
,
45 TLS1_3_CK_AES_128_GCM_SHA256
,
50 TLS1_3_VERSION
, TLS1_3_VERSION
,
53 SSL_HANDSHAKE_MAC_SHA256
,
58 TLS1_3_RFC_AES_256_GCM_SHA384
,
59 TLS1_3_RFC_AES_256_GCM_SHA384
,
60 TLS1_3_CK_AES_256_GCM_SHA384
,
65 TLS1_3_VERSION
, TLS1_3_VERSION
,
68 SSL_HANDSHAKE_MAC_SHA384
,
72 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
75 TLS1_3_RFC_CHACHA20_POLY1305_SHA256
,
76 TLS1_3_RFC_CHACHA20_POLY1305_SHA256
,
77 TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
82 TLS1_3_VERSION
, TLS1_3_VERSION
,
85 SSL_HANDSHAKE_MAC_SHA256
,
92 TLS1_3_RFC_AES_128_CCM_SHA256
,
93 TLS1_3_RFC_AES_128_CCM_SHA256
,
94 TLS1_3_CK_AES_128_CCM_SHA256
,
99 TLS1_3_VERSION
, TLS1_3_VERSION
,
101 SSL_NOT_DEFAULT
| SSL_HIGH
,
102 SSL_HANDSHAKE_MAC_SHA256
,
107 TLS1_3_RFC_AES_128_CCM_8_SHA256
,
108 TLS1_3_RFC_AES_128_CCM_8_SHA256
,
109 TLS1_3_CK_AES_128_CCM_8_SHA256
,
114 TLS1_3_VERSION
, TLS1_3_VERSION
,
116 SSL_NOT_DEFAULT
| SSL_HIGH
,
117 SSL_HANDSHAKE_MAC_SHA256
,
124 * The list of available ciphers, mostly organized into the following
129 * SRP (within that: RSA EC PSK)
130 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
133 static SSL_CIPHER ssl3_ciphers
[] = {
136 SSL3_TXT_RSA_NULL_MD5
,
137 SSL3_RFC_RSA_NULL_MD5
,
138 SSL3_CK_RSA_NULL_MD5
,
143 SSL3_VERSION
, TLS1_2_VERSION
,
144 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
146 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
152 SSL3_TXT_RSA_NULL_SHA
,
153 SSL3_RFC_RSA_NULL_SHA
,
154 SSL3_CK_RSA_NULL_SHA
,
159 SSL3_VERSION
, TLS1_2_VERSION
,
160 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
161 SSL_STRONG_NONE
| SSL_FIPS
,
162 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
166 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
169 SSL3_TXT_RSA_DES_192_CBC3_SHA
,
170 SSL3_RFC_RSA_DES_192_CBC3_SHA
,
171 SSL3_CK_RSA_DES_192_CBC3_SHA
,
176 SSL3_VERSION
, TLS1_2_VERSION
,
177 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
178 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
179 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
185 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA
,
186 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA
,
187 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
,
192 SSL3_VERSION
, TLS1_2_VERSION
,
193 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
194 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
195 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
201 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA
,
202 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA
,
203 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
,
208 SSL3_VERSION
, TLS1_2_VERSION
,
209 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
210 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
211 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
217 SSL3_TXT_ADH_DES_192_CBC_SHA
,
218 SSL3_RFC_ADH_DES_192_CBC_SHA
,
219 SSL3_CK_ADH_DES_192_CBC_SHA
,
224 SSL3_VERSION
, TLS1_2_VERSION
,
225 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
226 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
227 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
234 TLS1_TXT_RSA_WITH_AES_128_SHA
,
235 TLS1_RFC_RSA_WITH_AES_128_SHA
,
236 TLS1_CK_RSA_WITH_AES_128_SHA
,
241 SSL3_VERSION
, TLS1_2_VERSION
,
242 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
244 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
250 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA
,
251 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA
,
252 TLS1_CK_DHE_DSS_WITH_AES_128_SHA
,
257 SSL3_VERSION
, TLS1_2_VERSION
,
258 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
259 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
260 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
266 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
,
267 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA
,
268 TLS1_CK_DHE_RSA_WITH_AES_128_SHA
,
273 SSL3_VERSION
, TLS1_2_VERSION
,
274 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
276 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
282 TLS1_TXT_ADH_WITH_AES_128_SHA
,
283 TLS1_RFC_ADH_WITH_AES_128_SHA
,
284 TLS1_CK_ADH_WITH_AES_128_SHA
,
289 SSL3_VERSION
, TLS1_2_VERSION
,
290 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
291 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
292 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
298 TLS1_TXT_RSA_WITH_AES_256_SHA
,
299 TLS1_RFC_RSA_WITH_AES_256_SHA
,
300 TLS1_CK_RSA_WITH_AES_256_SHA
,
305 SSL3_VERSION
, TLS1_2_VERSION
,
306 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
308 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
314 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA
,
315 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA
,
316 TLS1_CK_DHE_DSS_WITH_AES_256_SHA
,
321 SSL3_VERSION
, TLS1_2_VERSION
,
322 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
323 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
324 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
330 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
,
331 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA
,
332 TLS1_CK_DHE_RSA_WITH_AES_256_SHA
,
337 SSL3_VERSION
, TLS1_2_VERSION
,
338 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
340 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
346 TLS1_TXT_ADH_WITH_AES_256_SHA
,
347 TLS1_RFC_ADH_WITH_AES_256_SHA
,
348 TLS1_CK_ADH_WITH_AES_256_SHA
,
353 SSL3_VERSION
, TLS1_2_VERSION
,
354 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
355 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
356 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
362 TLS1_TXT_RSA_WITH_NULL_SHA256
,
363 TLS1_RFC_RSA_WITH_NULL_SHA256
,
364 TLS1_CK_RSA_WITH_NULL_SHA256
,
369 TLS1_2_VERSION
, TLS1_2_VERSION
,
370 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
371 SSL_STRONG_NONE
| SSL_FIPS
,
372 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
378 TLS1_TXT_RSA_WITH_AES_128_SHA256
,
379 TLS1_RFC_RSA_WITH_AES_128_SHA256
,
380 TLS1_CK_RSA_WITH_AES_128_SHA256
,
385 TLS1_2_VERSION
, TLS1_2_VERSION
,
386 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
388 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
394 TLS1_TXT_RSA_WITH_AES_256_SHA256
,
395 TLS1_RFC_RSA_WITH_AES_256_SHA256
,
396 TLS1_CK_RSA_WITH_AES_256_SHA256
,
401 TLS1_2_VERSION
, TLS1_2_VERSION
,
402 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
404 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
410 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256
,
411 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256
,
412 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256
,
417 TLS1_2_VERSION
, TLS1_2_VERSION
,
418 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
419 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
420 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
426 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
,
427 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256
,
428 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256
,
433 TLS1_2_VERSION
, TLS1_2_VERSION
,
434 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
436 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
442 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256
,
443 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256
,
444 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256
,
449 TLS1_2_VERSION
, TLS1_2_VERSION
,
450 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
451 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
452 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
458 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
,
459 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256
,
460 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256
,
465 TLS1_2_VERSION
, TLS1_2_VERSION
,
466 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
468 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
474 TLS1_TXT_ADH_WITH_AES_128_SHA256
,
475 TLS1_RFC_ADH_WITH_AES_128_SHA256
,
476 TLS1_CK_ADH_WITH_AES_128_SHA256
,
481 TLS1_2_VERSION
, TLS1_2_VERSION
,
482 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
483 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
484 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
490 TLS1_TXT_ADH_WITH_AES_256_SHA256
,
491 TLS1_RFC_ADH_WITH_AES_256_SHA256
,
492 TLS1_CK_ADH_WITH_AES_256_SHA256
,
497 TLS1_2_VERSION
, TLS1_2_VERSION
,
498 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
499 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
500 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
506 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256
,
507 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256
,
508 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256
,
513 TLS1_2_VERSION
, TLS1_2_VERSION
,
514 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
516 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
522 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384
,
523 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384
,
524 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384
,
529 TLS1_2_VERSION
, TLS1_2_VERSION
,
530 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
532 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
538 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
,
539 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256
,
540 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256
,
545 TLS1_2_VERSION
, TLS1_2_VERSION
,
546 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
548 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
554 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
,
555 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384
,
556 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384
,
561 TLS1_2_VERSION
, TLS1_2_VERSION
,
562 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
564 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
570 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256
,
571 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256
,
572 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256
,
577 TLS1_2_VERSION
, TLS1_2_VERSION
,
578 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
579 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
580 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
586 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384
,
587 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384
,
588 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384
,
593 TLS1_2_VERSION
, TLS1_2_VERSION
,
594 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
595 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
596 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
602 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256
,
603 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256
,
604 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256
,
609 TLS1_2_VERSION
, TLS1_2_VERSION
,
610 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
611 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
612 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
618 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384
,
619 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384
,
620 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384
,
625 TLS1_2_VERSION
, TLS1_2_VERSION
,
626 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
627 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
628 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
634 TLS1_TXT_RSA_WITH_AES_128_CCM
,
635 TLS1_RFC_RSA_WITH_AES_128_CCM
,
636 TLS1_CK_RSA_WITH_AES_128_CCM
,
641 TLS1_2_VERSION
, TLS1_2_VERSION
,
642 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
643 SSL_NOT_DEFAULT
| SSL_HIGH
,
644 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
650 TLS1_TXT_RSA_WITH_AES_256_CCM
,
651 TLS1_RFC_RSA_WITH_AES_256_CCM
,
652 TLS1_CK_RSA_WITH_AES_256_CCM
,
657 TLS1_2_VERSION
, TLS1_2_VERSION
,
658 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
659 SSL_NOT_DEFAULT
| SSL_HIGH
,
660 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
666 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM
,
667 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM
,
668 TLS1_CK_DHE_RSA_WITH_AES_128_CCM
,
673 TLS1_2_VERSION
, TLS1_2_VERSION
,
674 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
675 SSL_NOT_DEFAULT
| SSL_HIGH
,
676 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
682 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM
,
683 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM
,
684 TLS1_CK_DHE_RSA_WITH_AES_256_CCM
,
689 TLS1_2_VERSION
, TLS1_2_VERSION
,
690 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
691 SSL_NOT_DEFAULT
| SSL_HIGH
,
692 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
698 TLS1_TXT_RSA_WITH_AES_128_CCM_8
,
699 TLS1_RFC_RSA_WITH_AES_128_CCM_8
,
700 TLS1_CK_RSA_WITH_AES_128_CCM_8
,
705 TLS1_2_VERSION
, TLS1_2_VERSION
,
706 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
707 SSL_NOT_DEFAULT
| SSL_HIGH
,
708 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
714 TLS1_TXT_RSA_WITH_AES_256_CCM_8
,
715 TLS1_RFC_RSA_WITH_AES_256_CCM_8
,
716 TLS1_CK_RSA_WITH_AES_256_CCM_8
,
721 TLS1_2_VERSION
, TLS1_2_VERSION
,
722 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
723 SSL_NOT_DEFAULT
| SSL_HIGH
,
724 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
730 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8
,
731 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8
,
732 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8
,
737 TLS1_2_VERSION
, TLS1_2_VERSION
,
738 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
739 SSL_NOT_DEFAULT
| SSL_HIGH
,
740 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
746 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8
,
747 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8
,
748 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8
,
753 TLS1_2_VERSION
, TLS1_2_VERSION
,
754 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
755 SSL_NOT_DEFAULT
| SSL_HIGH
,
756 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
762 TLS1_TXT_PSK_WITH_AES_128_CCM
,
763 TLS1_RFC_PSK_WITH_AES_128_CCM
,
764 TLS1_CK_PSK_WITH_AES_128_CCM
,
769 TLS1_2_VERSION
, TLS1_2_VERSION
,
770 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
771 SSL_NOT_DEFAULT
| SSL_HIGH
,
772 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
778 TLS1_TXT_PSK_WITH_AES_256_CCM
,
779 TLS1_RFC_PSK_WITH_AES_256_CCM
,
780 TLS1_CK_PSK_WITH_AES_256_CCM
,
785 TLS1_2_VERSION
, TLS1_2_VERSION
,
786 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
787 SSL_NOT_DEFAULT
| SSL_HIGH
,
788 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
794 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM
,
795 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM
,
796 TLS1_CK_DHE_PSK_WITH_AES_128_CCM
,
801 TLS1_2_VERSION
, TLS1_2_VERSION
,
802 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
803 SSL_NOT_DEFAULT
| SSL_HIGH
,
804 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
810 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM
,
811 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM
,
812 TLS1_CK_DHE_PSK_WITH_AES_256_CCM
,
817 TLS1_2_VERSION
, TLS1_2_VERSION
,
818 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
819 SSL_NOT_DEFAULT
| SSL_HIGH
,
820 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
826 TLS1_TXT_PSK_WITH_AES_128_CCM_8
,
827 TLS1_RFC_PSK_WITH_AES_128_CCM_8
,
828 TLS1_CK_PSK_WITH_AES_128_CCM_8
,
833 TLS1_2_VERSION
, TLS1_2_VERSION
,
834 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
835 SSL_NOT_DEFAULT
| SSL_HIGH
,
836 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
842 TLS1_TXT_PSK_WITH_AES_256_CCM_8
,
843 TLS1_RFC_PSK_WITH_AES_256_CCM_8
,
844 TLS1_CK_PSK_WITH_AES_256_CCM_8
,
849 TLS1_2_VERSION
, TLS1_2_VERSION
,
850 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
851 SSL_NOT_DEFAULT
| SSL_HIGH
,
852 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
858 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8
,
859 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8
,
860 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8
,
865 TLS1_2_VERSION
, TLS1_2_VERSION
,
866 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
867 SSL_NOT_DEFAULT
| SSL_HIGH
,
868 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
874 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8
,
875 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8
,
876 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8
,
881 TLS1_2_VERSION
, TLS1_2_VERSION
,
882 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
883 SSL_NOT_DEFAULT
| SSL_HIGH
,
884 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
890 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM
,
891 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM
,
892 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM
,
897 TLS1_2_VERSION
, TLS1_2_VERSION
,
898 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
899 SSL_NOT_DEFAULT
| SSL_HIGH
,
900 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
906 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM
,
907 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM
,
908 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM
,
913 TLS1_2_VERSION
, TLS1_2_VERSION
,
914 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
915 SSL_NOT_DEFAULT
| SSL_HIGH
,
916 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
922 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
923 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
924 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8
,
929 TLS1_2_VERSION
, TLS1_2_VERSION
,
930 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
931 SSL_NOT_DEFAULT
| SSL_HIGH
,
932 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
938 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
939 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
940 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8
,
945 TLS1_2_VERSION
, TLS1_2_VERSION
,
946 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
947 SSL_NOT_DEFAULT
| SSL_HIGH
,
948 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
954 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA
,
955 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA
,
956 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA
,
961 TLS1_VERSION
, TLS1_2_VERSION
,
962 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
963 SSL_STRONG_NONE
| SSL_FIPS
,
964 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
968 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
971 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
972 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
973 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
978 TLS1_VERSION
, TLS1_2_VERSION
,
979 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
980 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
981 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
988 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
989 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
990 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
995 TLS1_VERSION
, TLS1_2_VERSION
,
996 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
998 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1004 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1005 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1006 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1011 TLS1_VERSION
, TLS1_2_VERSION
,
1012 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1013 SSL_HIGH
| SSL_FIPS
,
1014 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1020 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA
,
1021 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA
,
1022 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA
,
1027 TLS1_VERSION
, TLS1_2_VERSION
,
1028 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1029 SSL_STRONG_NONE
| SSL_FIPS
,
1030 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1034 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1037 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1038 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1039 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1044 TLS1_VERSION
, TLS1_2_VERSION
,
1045 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1046 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1047 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1054 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1055 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1056 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1061 TLS1_VERSION
, TLS1_2_VERSION
,
1062 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1063 SSL_HIGH
| SSL_FIPS
,
1064 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1070 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1071 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1072 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1077 TLS1_VERSION
, TLS1_2_VERSION
,
1078 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1079 SSL_HIGH
| SSL_FIPS
,
1080 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1086 TLS1_TXT_ECDH_anon_WITH_NULL_SHA
,
1087 TLS1_RFC_ECDH_anon_WITH_NULL_SHA
,
1088 TLS1_CK_ECDH_anon_WITH_NULL_SHA
,
1093 TLS1_VERSION
, TLS1_2_VERSION
,
1094 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1095 SSL_STRONG_NONE
| SSL_FIPS
,
1096 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1100 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1103 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1104 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1105 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1110 TLS1_VERSION
, TLS1_2_VERSION
,
1111 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1112 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1113 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1120 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA
,
1121 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA
,
1122 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA
,
1127 TLS1_VERSION
, TLS1_2_VERSION
,
1128 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1129 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1130 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1136 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA
,
1137 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA
,
1138 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA
,
1143 TLS1_VERSION
, TLS1_2_VERSION
,
1144 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1145 SSL_NOT_DEFAULT
| SSL_HIGH
| SSL_FIPS
,
1146 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1152 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1153 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1154 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1159 TLS1_2_VERSION
, TLS1_2_VERSION
,
1160 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1161 SSL_HIGH
| SSL_FIPS
,
1162 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1168 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1169 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1170 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1175 TLS1_2_VERSION
, TLS1_2_VERSION
,
1176 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1177 SSL_HIGH
| SSL_FIPS
,
1178 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1184 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256
,
1185 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256
,
1186 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256
,
1191 TLS1_2_VERSION
, TLS1_2_VERSION
,
1192 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1193 SSL_HIGH
| SSL_FIPS
,
1194 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1200 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384
,
1201 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384
,
1202 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384
,
1207 TLS1_2_VERSION
, TLS1_2_VERSION
,
1208 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1209 SSL_HIGH
| SSL_FIPS
,
1210 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1216 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1217 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1218 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1223 TLS1_2_VERSION
, TLS1_2_VERSION
,
1224 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1225 SSL_HIGH
| SSL_FIPS
,
1226 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1232 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1233 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1234 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1239 TLS1_2_VERSION
, TLS1_2_VERSION
,
1240 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1241 SSL_HIGH
| SSL_FIPS
,
1242 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1248 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1249 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1250 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1255 TLS1_2_VERSION
, TLS1_2_VERSION
,
1256 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1257 SSL_HIGH
| SSL_FIPS
,
1258 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1264 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1265 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1266 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1271 TLS1_2_VERSION
, TLS1_2_VERSION
,
1272 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1273 SSL_HIGH
| SSL_FIPS
,
1274 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1280 TLS1_TXT_PSK_WITH_NULL_SHA
,
1281 TLS1_RFC_PSK_WITH_NULL_SHA
,
1282 TLS1_CK_PSK_WITH_NULL_SHA
,
1287 SSL3_VERSION
, TLS1_2_VERSION
,
1288 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1289 SSL_STRONG_NONE
| SSL_FIPS
,
1290 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1296 TLS1_TXT_DHE_PSK_WITH_NULL_SHA
,
1297 TLS1_RFC_DHE_PSK_WITH_NULL_SHA
,
1298 TLS1_CK_DHE_PSK_WITH_NULL_SHA
,
1303 SSL3_VERSION
, TLS1_2_VERSION
,
1304 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1305 SSL_STRONG_NONE
| SSL_FIPS
,
1306 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1312 TLS1_TXT_RSA_PSK_WITH_NULL_SHA
,
1313 TLS1_RFC_RSA_PSK_WITH_NULL_SHA
,
1314 TLS1_CK_RSA_PSK_WITH_NULL_SHA
,
1319 SSL3_VERSION
, TLS1_2_VERSION
,
1320 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1321 SSL_STRONG_NONE
| SSL_FIPS
,
1322 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1326 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1329 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA
,
1330 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA
,
1331 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA
,
1336 SSL3_VERSION
, TLS1_2_VERSION
,
1337 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1338 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1339 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1346 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA
,
1347 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA
,
1348 TLS1_CK_PSK_WITH_AES_128_CBC_SHA
,
1353 SSL3_VERSION
, TLS1_2_VERSION
,
1354 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1355 SSL_HIGH
| SSL_FIPS
,
1356 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1362 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA
,
1363 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA
,
1364 TLS1_CK_PSK_WITH_AES_256_CBC_SHA
,
1369 SSL3_VERSION
, TLS1_2_VERSION
,
1370 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1371 SSL_HIGH
| SSL_FIPS
,
1372 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1376 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1379 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1380 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1381 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1386 SSL3_VERSION
, TLS1_2_VERSION
,
1387 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1388 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1389 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1396 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA
,
1397 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA
,
1398 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA
,
1403 SSL3_VERSION
, TLS1_2_VERSION
,
1404 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1405 SSL_HIGH
| SSL_FIPS
,
1406 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1412 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA
,
1413 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA
,
1414 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA
,
1419 SSL3_VERSION
, TLS1_2_VERSION
,
1420 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1421 SSL_HIGH
| SSL_FIPS
,
1422 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1426 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1429 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1430 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1431 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA
,
1436 SSL3_VERSION
, TLS1_2_VERSION
,
1437 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1438 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1439 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1446 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA
,
1447 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA
,
1448 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA
,
1453 SSL3_VERSION
, TLS1_2_VERSION
,
1454 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1455 SSL_HIGH
| SSL_FIPS
,
1456 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1462 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA
,
1463 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA
,
1464 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA
,
1469 SSL3_VERSION
, TLS1_2_VERSION
,
1470 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1471 SSL_HIGH
| SSL_FIPS
,
1472 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1478 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256
,
1479 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256
,
1480 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256
,
1485 TLS1_2_VERSION
, TLS1_2_VERSION
,
1486 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1487 SSL_HIGH
| SSL_FIPS
,
1488 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1494 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384
,
1495 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384
,
1496 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384
,
1501 TLS1_2_VERSION
, TLS1_2_VERSION
,
1502 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1503 SSL_HIGH
| SSL_FIPS
,
1504 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1510 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1511 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1512 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256
,
1517 TLS1_2_VERSION
, TLS1_2_VERSION
,
1518 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1519 SSL_HIGH
| SSL_FIPS
,
1520 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1526 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1527 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1528 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384
,
1533 TLS1_2_VERSION
, TLS1_2_VERSION
,
1534 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1535 SSL_HIGH
| SSL_FIPS
,
1536 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1542 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1543 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1544 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256
,
1549 TLS1_2_VERSION
, TLS1_2_VERSION
,
1550 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1551 SSL_HIGH
| SSL_FIPS
,
1552 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
1558 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1559 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1560 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384
,
1565 TLS1_2_VERSION
, TLS1_2_VERSION
,
1566 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
1567 SSL_HIGH
| SSL_FIPS
,
1568 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1574 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256
,
1575 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256
,
1576 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256
,
1581 TLS1_VERSION
, TLS1_2_VERSION
,
1582 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1583 SSL_HIGH
| SSL_FIPS
,
1584 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1590 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384
,
1591 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384
,
1592 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384
,
1597 TLS1_VERSION
, TLS1_2_VERSION
,
1598 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1599 SSL_HIGH
| SSL_FIPS
,
1600 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1606 TLS1_TXT_PSK_WITH_NULL_SHA256
,
1607 TLS1_RFC_PSK_WITH_NULL_SHA256
,
1608 TLS1_CK_PSK_WITH_NULL_SHA256
,
1613 TLS1_VERSION
, TLS1_2_VERSION
,
1614 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1615 SSL_STRONG_NONE
| SSL_FIPS
,
1616 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1622 TLS1_TXT_PSK_WITH_NULL_SHA384
,
1623 TLS1_RFC_PSK_WITH_NULL_SHA384
,
1624 TLS1_CK_PSK_WITH_NULL_SHA384
,
1629 TLS1_VERSION
, TLS1_2_VERSION
,
1630 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1631 SSL_STRONG_NONE
| SSL_FIPS
,
1632 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1638 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1639 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1640 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256
,
1645 TLS1_VERSION
, TLS1_2_VERSION
,
1646 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1647 SSL_HIGH
| SSL_FIPS
,
1648 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1654 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1655 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1656 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384
,
1661 TLS1_VERSION
, TLS1_2_VERSION
,
1662 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1663 SSL_HIGH
| SSL_FIPS
,
1664 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1670 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256
,
1671 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256
,
1672 TLS1_CK_DHE_PSK_WITH_NULL_SHA256
,
1677 TLS1_VERSION
, TLS1_2_VERSION
,
1678 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1679 SSL_STRONG_NONE
| SSL_FIPS
,
1680 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1686 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384
,
1687 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384
,
1688 TLS1_CK_DHE_PSK_WITH_NULL_SHA384
,
1693 TLS1_VERSION
, TLS1_2_VERSION
,
1694 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1695 SSL_STRONG_NONE
| SSL_FIPS
,
1696 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1702 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1703 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1704 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256
,
1709 TLS1_VERSION
, TLS1_2_VERSION
,
1710 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1711 SSL_HIGH
| SSL_FIPS
,
1712 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1718 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1719 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1720 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384
,
1725 TLS1_VERSION
, TLS1_2_VERSION
,
1726 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1727 SSL_HIGH
| SSL_FIPS
,
1728 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1734 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256
,
1735 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256
,
1736 TLS1_CK_RSA_PSK_WITH_NULL_SHA256
,
1741 TLS1_VERSION
, TLS1_2_VERSION
,
1742 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1743 SSL_STRONG_NONE
| SSL_FIPS
,
1744 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1750 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384
,
1751 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384
,
1752 TLS1_CK_RSA_PSK_WITH_NULL_SHA384
,
1757 TLS1_VERSION
, TLS1_2_VERSION
,
1758 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1759 SSL_STRONG_NONE
| SSL_FIPS
,
1760 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1764 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1767 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1768 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1769 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
,
1774 TLS1_VERSION
, TLS1_2_VERSION
,
1775 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1776 SSL_NOT_DEFAULT
| SSL_MEDIUM
| SSL_FIPS
,
1777 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1784 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1785 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1786 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA
,
1791 TLS1_VERSION
, TLS1_2_VERSION
,
1792 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1793 SSL_HIGH
| SSL_FIPS
,
1794 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1800 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1801 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1802 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA
,
1807 TLS1_VERSION
, TLS1_2_VERSION
,
1808 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1809 SSL_HIGH
| SSL_FIPS
,
1810 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1816 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1817 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1818 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256
,
1823 TLS1_VERSION
, TLS1_2_VERSION
,
1824 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1825 SSL_HIGH
| SSL_FIPS
,
1826 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1832 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1833 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1834 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384
,
1839 TLS1_VERSION
, TLS1_2_VERSION
,
1840 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1841 SSL_HIGH
| SSL_FIPS
,
1842 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1848 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA
,
1849 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA
,
1850 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA
,
1855 TLS1_VERSION
, TLS1_2_VERSION
,
1856 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1857 SSL_STRONG_NONE
| SSL_FIPS
,
1858 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1864 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256
,
1865 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256
,
1866 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256
,
1871 TLS1_VERSION
, TLS1_2_VERSION
,
1872 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1873 SSL_STRONG_NONE
| SSL_FIPS
,
1874 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1880 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384
,
1881 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384
,
1882 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384
,
1887 TLS1_VERSION
, TLS1_2_VERSION
,
1888 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1889 SSL_STRONG_NONE
| SSL_FIPS
,
1890 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
1895 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1898 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1899 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1900 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA
,
1905 SSL3_VERSION
, TLS1_2_VERSION
,
1906 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1907 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1908 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1914 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1915 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1916 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
,
1921 SSL3_VERSION
, TLS1_2_VERSION
,
1922 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1923 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1924 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1930 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1931 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1932 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
,
1937 SSL3_VERSION
, TLS1_2_VERSION
,
1938 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1939 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
1940 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1947 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA
,
1948 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA
,
1949 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA
,
1954 SSL3_VERSION
, TLS1_2_VERSION
,
1955 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1957 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1963 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1964 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1965 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
,
1970 SSL3_VERSION
, TLS1_2_VERSION
,
1971 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1973 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1979 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1980 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1981 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
,
1986 SSL3_VERSION
, TLS1_2_VERSION
,
1987 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
1988 SSL_NOT_DEFAULT
| SSL_HIGH
,
1989 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
1995 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA
,
1996 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA
,
1997 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA
,
2002 SSL3_VERSION
, TLS1_2_VERSION
,
2003 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2005 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2011 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
2012 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
2013 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
,
2018 SSL3_VERSION
, TLS1_2_VERSION
,
2019 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2021 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2027 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
2028 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
2029 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
,
2034 SSL3_VERSION
, TLS1_2_VERSION
,
2035 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2036 SSL_NOT_DEFAULT
| SSL_HIGH
,
2037 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2042 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2045 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305
,
2046 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305
,
2047 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305
,
2050 SSL_CHACHA20POLY1305
,
2052 TLS1_2_VERSION
, TLS1_2_VERSION
,
2053 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2055 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2061 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
2062 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
2063 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
2066 SSL_CHACHA20POLY1305
,
2068 TLS1_2_VERSION
, TLS1_2_VERSION
,
2069 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2071 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2077 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
2078 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
2079 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
2082 SSL_CHACHA20POLY1305
,
2084 TLS1_2_VERSION
, TLS1_2_VERSION
,
2085 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2087 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2093 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305
,
2094 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305
,
2095 TLS1_CK_PSK_WITH_CHACHA20_POLY1305
,
2098 SSL_CHACHA20POLY1305
,
2100 TLS1_2_VERSION
, TLS1_2_VERSION
,
2101 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2103 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2109 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2110 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2111 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305
,
2114 SSL_CHACHA20POLY1305
,
2116 TLS1_2_VERSION
, TLS1_2_VERSION
,
2117 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2119 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2125 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305
,
2126 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305
,
2127 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305
,
2130 SSL_CHACHA20POLY1305
,
2132 TLS1_2_VERSION
, TLS1_2_VERSION
,
2133 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2135 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2141 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305
,
2142 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305
,
2143 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305
,
2146 SSL_CHACHA20POLY1305
,
2148 TLS1_2_VERSION
, TLS1_2_VERSION
,
2149 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2151 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2155 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2156 * !defined(OPENSSL_NO_POLY1305) */
2158 #ifndef OPENSSL_NO_CAMELLIA
2161 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2162 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2163 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2168 TLS1_2_VERSION
, TLS1_2_VERSION
,
2169 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2170 SSL_NOT_DEFAULT
| SSL_HIGH
,
2171 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2177 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2178 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2179 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
,
2184 TLS1_2_VERSION
, TLS1_2_VERSION
,
2185 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2186 SSL_NOT_DEFAULT
| SSL_HIGH
,
2187 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2193 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2194 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2195 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2200 TLS1_2_VERSION
, TLS1_2_VERSION
,
2201 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2202 SSL_NOT_DEFAULT
| SSL_HIGH
,
2203 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2209 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2210 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2211 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
2216 TLS1_2_VERSION
, TLS1_2_VERSION
,
2217 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2218 SSL_NOT_DEFAULT
| SSL_HIGH
,
2219 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2225 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2226 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2227 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2232 TLS1_2_VERSION
, TLS1_2_VERSION
,
2233 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2234 SSL_NOT_DEFAULT
| SSL_HIGH
,
2235 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2241 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2242 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2243 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
,
2248 TLS1_2_VERSION
, TLS1_2_VERSION
,
2249 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2250 SSL_NOT_DEFAULT
| SSL_HIGH
,
2251 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2257 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2258 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2259 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
2264 TLS1_2_VERSION
, TLS1_2_VERSION
,
2265 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2266 SSL_NOT_DEFAULT
| SSL_HIGH
,
2267 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2273 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2274 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2275 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
2280 TLS1_2_VERSION
, TLS1_2_VERSION
,
2281 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2282 SSL_NOT_DEFAULT
| SSL_HIGH
,
2283 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2289 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2290 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2291 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2296 SSL3_VERSION
, TLS1_2_VERSION
,
2297 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2298 SSL_NOT_DEFAULT
| SSL_HIGH
,
2299 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2305 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2306 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2307 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
,
2312 SSL3_VERSION
, TLS1_2_VERSION
,
2313 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2314 SSL_NOT_DEFAULT
| SSL_HIGH
,
2315 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2321 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2322 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2323 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
2328 SSL3_VERSION
, TLS1_2_VERSION
,
2329 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2330 SSL_NOT_DEFAULT
| SSL_HIGH
,
2331 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2337 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2338 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2339 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA
,
2344 SSL3_VERSION
, TLS1_2_VERSION
,
2345 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2346 SSL_NOT_DEFAULT
| SSL_HIGH
,
2347 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2353 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2354 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2355 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2360 SSL3_VERSION
, TLS1_2_VERSION
,
2361 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2362 SSL_NOT_DEFAULT
| SSL_HIGH
,
2363 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2369 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2370 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2371 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
,
2376 SSL3_VERSION
, TLS1_2_VERSION
,
2377 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2378 SSL_NOT_DEFAULT
| SSL_HIGH
,
2379 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2385 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2386 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2387 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
2392 SSL3_VERSION
, TLS1_2_VERSION
,
2393 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2394 SSL_NOT_DEFAULT
| SSL_HIGH
,
2395 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2401 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2402 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2403 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA
,
2408 SSL3_VERSION
, TLS1_2_VERSION
,
2409 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2410 SSL_NOT_DEFAULT
| SSL_HIGH
,
2411 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2417 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2418 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2419 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
,
2424 TLS1_2_VERSION
, TLS1_2_VERSION
,
2425 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2426 SSL_NOT_DEFAULT
| SSL_HIGH
,
2427 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2433 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2434 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2435 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
,
2440 TLS1_2_VERSION
, TLS1_2_VERSION
,
2441 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2442 SSL_NOT_DEFAULT
| SSL_HIGH
,
2443 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2449 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2450 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2451 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
2456 TLS1_2_VERSION
, TLS1_2_VERSION
,
2457 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2458 SSL_NOT_DEFAULT
| SSL_HIGH
,
2459 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2465 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2466 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2467 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
,
2472 TLS1_2_VERSION
, TLS1_2_VERSION
,
2473 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2474 SSL_NOT_DEFAULT
| SSL_HIGH
,
2475 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2481 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2482 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2483 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2488 TLS1_VERSION
, TLS1_2_VERSION
,
2489 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2490 SSL_NOT_DEFAULT
| SSL_HIGH
,
2491 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2497 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2498 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2499 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2504 TLS1_VERSION
, TLS1_2_VERSION
,
2505 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2506 SSL_NOT_DEFAULT
| SSL_HIGH
,
2507 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2513 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2514 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2515 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2520 TLS1_VERSION
, TLS1_2_VERSION
,
2521 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2522 SSL_NOT_DEFAULT
| SSL_HIGH
,
2523 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2529 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2530 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2531 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2536 TLS1_VERSION
, TLS1_2_VERSION
,
2537 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2538 SSL_NOT_DEFAULT
| SSL_HIGH
,
2539 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2545 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2546 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2547 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2552 TLS1_VERSION
, TLS1_2_VERSION
,
2553 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2554 SSL_NOT_DEFAULT
| SSL_HIGH
,
2555 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2561 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2562 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2563 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2568 TLS1_VERSION
, TLS1_2_VERSION
,
2569 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2570 SSL_NOT_DEFAULT
| SSL_HIGH
,
2571 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2577 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2578 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2579 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
,
2584 TLS1_VERSION
, TLS1_2_VERSION
,
2585 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2586 SSL_NOT_DEFAULT
| SSL_HIGH
,
2587 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2593 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2594 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2595 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
,
2600 TLS1_VERSION
, TLS1_2_VERSION
,
2601 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2602 SSL_NOT_DEFAULT
| SSL_HIGH
,
2603 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
2607 #endif /* OPENSSL_NO_CAMELLIA */
2609 #ifndef OPENSSL_NO_GOST
2612 "GOST2001-GOST89-GOST89",
2613 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2617 SSL_eGOST2814789CNT
,
2619 TLS1_VERSION
, TLS1_2_VERSION
,
2622 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
| TLS1_STREAM_MAC
,
2628 "GOST2001-NULL-GOST94",
2629 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2635 TLS1_VERSION
, TLS1_2_VERSION
,
2638 SSL_HANDSHAKE_MAC_GOST94
| TLS1_PRF_GOST94
,
2644 "IANA-GOST2012-GOST8912-GOST8912",
2648 SSL_aGOST12
| SSL_aGOST01
,
2649 SSL_eGOST2814789CNT12
,
2651 TLS1_VERSION
, TLS1_2_VERSION
,
2654 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2660 "LEGACY-GOST2012-GOST8912-GOST8912",
2664 SSL_aGOST12
| SSL_aGOST01
,
2665 SSL_eGOST2814789CNT12
,
2667 TLS1_VERSION
, TLS1_2_VERSION
,
2670 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2676 "GOST2012-NULL-GOST12",
2680 SSL_aGOST12
| SSL_aGOST01
,
2683 TLS1_VERSION
, TLS1_2_VERSION
,
2686 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_STREAM_MAC
,
2692 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2699 TLS1_2_VERSION
, TLS1_2_VERSION
,
2702 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_TLSTREE
,
2708 "GOST2012-MAGMA-MAGMAOMAC",
2715 TLS1_2_VERSION
, TLS1_2_VERSION
,
2718 SSL_HANDSHAKE_MAC_GOST12_256
| TLS1_PRF_GOST12_256
| TLS1_TLSTREE
,
2722 #endif /* OPENSSL_NO_GOST */
2724 #ifndef OPENSSL_NO_IDEA
2727 SSL3_TXT_RSA_IDEA_128_SHA
,
2728 SSL3_RFC_RSA_IDEA_128_SHA
,
2729 SSL3_CK_RSA_IDEA_128_SHA
,
2734 SSL3_VERSION
, TLS1_1_VERSION
,
2735 DTLS1_BAD_VER
, DTLS1_VERSION
,
2736 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2737 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2743 #ifndef OPENSSL_NO_SEED
2746 TLS1_TXT_RSA_WITH_SEED_SHA
,
2747 TLS1_RFC_RSA_WITH_SEED_SHA
,
2748 TLS1_CK_RSA_WITH_SEED_SHA
,
2753 SSL3_VERSION
, TLS1_2_VERSION
,
2754 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2755 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2756 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2762 TLS1_TXT_DHE_DSS_WITH_SEED_SHA
,
2763 TLS1_RFC_DHE_DSS_WITH_SEED_SHA
,
2764 TLS1_CK_DHE_DSS_WITH_SEED_SHA
,
2769 SSL3_VERSION
, TLS1_2_VERSION
,
2770 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2771 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2772 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2778 TLS1_TXT_DHE_RSA_WITH_SEED_SHA
,
2779 TLS1_RFC_DHE_RSA_WITH_SEED_SHA
,
2780 TLS1_CK_DHE_RSA_WITH_SEED_SHA
,
2785 SSL3_VERSION
, TLS1_2_VERSION
,
2786 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2787 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2788 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2794 TLS1_TXT_ADH_WITH_SEED_SHA
,
2795 TLS1_RFC_ADH_WITH_SEED_SHA
,
2796 TLS1_CK_ADH_WITH_SEED_SHA
,
2801 SSL3_VERSION
, TLS1_2_VERSION
,
2802 DTLS1_BAD_VER
, DTLS1_2_VERSION
,
2803 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2804 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2808 #endif /* OPENSSL_NO_SEED */
2810 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2813 SSL3_TXT_RSA_RC4_128_MD5
,
2814 SSL3_RFC_RSA_RC4_128_MD5
,
2815 SSL3_CK_RSA_RC4_128_MD5
,
2820 SSL3_VERSION
, TLS1_2_VERSION
,
2822 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2823 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2829 SSL3_TXT_RSA_RC4_128_SHA
,
2830 SSL3_RFC_RSA_RC4_128_SHA
,
2831 SSL3_CK_RSA_RC4_128_SHA
,
2836 SSL3_VERSION
, TLS1_2_VERSION
,
2838 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2839 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2845 SSL3_TXT_ADH_RC4_128_MD5
,
2846 SSL3_RFC_ADH_RC4_128_MD5
,
2847 SSL3_CK_ADH_RC4_128_MD5
,
2852 SSL3_VERSION
, TLS1_2_VERSION
,
2854 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2855 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2861 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA
,
2862 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA
,
2863 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA
,
2868 TLS1_VERSION
, TLS1_2_VERSION
,
2870 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2871 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2877 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA
,
2878 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA
,
2879 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA
,
2884 TLS1_VERSION
, TLS1_2_VERSION
,
2886 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2887 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2893 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2894 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2895 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA
,
2900 TLS1_VERSION
, TLS1_2_VERSION
,
2902 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2903 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2909 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA
,
2910 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA
,
2911 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA
,
2916 TLS1_VERSION
, TLS1_2_VERSION
,
2918 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2919 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2925 TLS1_TXT_PSK_WITH_RC4_128_SHA
,
2926 TLS1_RFC_PSK_WITH_RC4_128_SHA
,
2927 TLS1_CK_PSK_WITH_RC4_128_SHA
,
2932 SSL3_VERSION
, TLS1_2_VERSION
,
2934 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2935 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2941 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA
,
2942 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA
,
2943 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA
,
2948 SSL3_VERSION
, TLS1_2_VERSION
,
2950 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2951 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2957 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA
,
2958 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA
,
2959 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA
,
2964 SSL3_VERSION
, TLS1_2_VERSION
,
2966 SSL_NOT_DEFAULT
| SSL_MEDIUM
,
2967 SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
,
2971 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2973 #ifndef OPENSSL_NO_ARIA
2976 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256
,
2977 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256
,
2978 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256
,
2983 TLS1_2_VERSION
, TLS1_2_VERSION
,
2984 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
2985 SSL_NOT_DEFAULT
| SSL_HIGH
,
2986 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
2992 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384
,
2993 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384
,
2994 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384
,
2999 TLS1_2_VERSION
, TLS1_2_VERSION
,
3000 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3001 SSL_NOT_DEFAULT
| SSL_HIGH
,
3002 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3008 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3009 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3010 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3015 TLS1_2_VERSION
, TLS1_2_VERSION
,
3016 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3017 SSL_NOT_DEFAULT
| SSL_HIGH
,
3018 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3024 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3025 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3026 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3031 TLS1_2_VERSION
, TLS1_2_VERSION
,
3032 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3033 SSL_NOT_DEFAULT
| SSL_HIGH
,
3034 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3040 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256
,
3041 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256
,
3042 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256
,
3047 TLS1_2_VERSION
, TLS1_2_VERSION
,
3048 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3049 SSL_NOT_DEFAULT
| SSL_HIGH
,
3050 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3056 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384
,
3057 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384
,
3058 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384
,
3063 TLS1_2_VERSION
, TLS1_2_VERSION
,
3064 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3065 SSL_NOT_DEFAULT
| SSL_HIGH
,
3066 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3072 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
,
3073 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
,
3074 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
,
3079 TLS1_2_VERSION
, TLS1_2_VERSION
,
3080 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3081 SSL_NOT_DEFAULT
| SSL_HIGH
,
3082 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3088 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
,
3089 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
,
3090 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
,
3095 TLS1_2_VERSION
, TLS1_2_VERSION
,
3096 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3097 SSL_NOT_DEFAULT
| SSL_HIGH
,
3098 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3104 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3105 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3106 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
,
3111 TLS1_2_VERSION
, TLS1_2_VERSION
,
3112 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3113 SSL_NOT_DEFAULT
| SSL_HIGH
,
3114 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3120 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3121 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3122 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
,
3127 TLS1_2_VERSION
, TLS1_2_VERSION
,
3128 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3129 SSL_NOT_DEFAULT
| SSL_HIGH
,
3130 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3136 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256
,
3137 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256
,
3138 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256
,
3143 TLS1_2_VERSION
, TLS1_2_VERSION
,
3144 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3145 SSL_NOT_DEFAULT
| SSL_HIGH
,
3146 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3152 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384
,
3153 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384
,
3154 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384
,
3159 TLS1_2_VERSION
, TLS1_2_VERSION
,
3160 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3161 SSL_NOT_DEFAULT
| SSL_HIGH
,
3162 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3168 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256
,
3169 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256
,
3170 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256
,
3175 TLS1_2_VERSION
, TLS1_2_VERSION
,
3176 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3177 SSL_NOT_DEFAULT
| SSL_HIGH
,
3178 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3184 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384
,
3185 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384
,
3186 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384
,
3191 TLS1_2_VERSION
, TLS1_2_VERSION
,
3192 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3193 SSL_NOT_DEFAULT
| SSL_HIGH
,
3194 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3200 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256
,
3201 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256
,
3202 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256
,
3207 TLS1_2_VERSION
, TLS1_2_VERSION
,
3208 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3209 SSL_NOT_DEFAULT
| SSL_HIGH
,
3210 SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
,
3216 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384
,
3217 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384
,
3218 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384
,
3223 TLS1_2_VERSION
, TLS1_2_VERSION
,
3224 DTLS1_2_VERSION
, DTLS1_2_VERSION
,
3225 SSL_NOT_DEFAULT
| SSL_HIGH
,
3226 SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
,
3230 #endif /* OPENSSL_NO_ARIA */
3234 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3235 * values stuffed into the ciphers field of the wire protocol for signalling
3238 static SSL_CIPHER ssl3_scsvs
[] = {
3241 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3242 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3244 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3248 "TLS_FALLBACK_SCSV",
3249 "TLS_FALLBACK_SCSV",
3250 SSL3_CK_FALLBACK_SCSV
,
3251 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3255 static int cipher_compare(const void *a
, const void *b
)
3257 const SSL_CIPHER
*ap
= (const SSL_CIPHER
*)a
;
3258 const SSL_CIPHER
*bp
= (const SSL_CIPHER
*)b
;
3260 if (ap
->id
== bp
->id
)
3262 return ap
->id
< bp
->id
? -1 : 1;
3265 void ssl_sort_cipher_list(void)
3267 qsort(tls13_ciphers
, TLS13_NUM_CIPHERS
, sizeof(tls13_ciphers
[0]),
3269 qsort(ssl3_ciphers
, SSL3_NUM_CIPHERS
, sizeof(ssl3_ciphers
[0]),
3271 qsort(ssl3_scsvs
, SSL3_NUM_SCSVS
, sizeof(ssl3_scsvs
[0]), cipher_compare
);
3274 static int ssl_undefined_function_1(SSL
*ssl
, unsigned char *r
, size_t s
,
3275 const char * t
, size_t u
,
3276 const unsigned char * v
, size_t w
, int x
)
3285 return ssl_undefined_function(ssl
);
3288 const SSL3_ENC_METHOD SSLv3_enc_data
= {
3291 ssl3_setup_key_block
,
3292 ssl3_generate_master_secret
,
3293 ssl3_change_cipher_state
,
3294 ssl3_final_finish_mac
,
3295 SSL3_MD_CLIENT_FINISHED_CONST
, 4,
3296 SSL3_MD_SERVER_FINISHED_CONST
, 4,
3298 ssl_undefined_function_1
,
3300 ssl3_set_handshake_header
,
3301 tls_close_construct_packet
,
3302 ssl3_handshake_write
3305 long ssl3_default_timeout(void)
3308 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3309 * http, the cache would over fill
3311 return (60 * 60 * 2);
3314 int ssl3_num_ciphers(void)
3316 return SSL3_NUM_CIPHERS
;
3319 const SSL_CIPHER
*ssl3_get_cipher(unsigned int u
)
3321 if (u
< SSL3_NUM_CIPHERS
)
3322 return &(ssl3_ciphers
[SSL3_NUM_CIPHERS
- 1 - u
]);
3327 int ssl3_set_handshake_header(SSL
*s
, WPACKET
*pkt
, int htype
)
3329 /* No header in the event of a CCS */
3330 if (htype
== SSL3_MT_CHANGE_CIPHER_SPEC
)
3333 /* Set the content type and 3 bytes for the message len */
3334 if (!WPACKET_put_bytes_u8(pkt
, htype
)
3335 || !WPACKET_start_sub_packet_u24(pkt
))
3341 int ssl3_handshake_write(SSL
*s
)
3343 return ssl3_do_write(s
, SSL3_RT_HANDSHAKE
);
3346 int ssl3_new(SSL
*s
)
3348 #ifndef OPENSSL_NO_SRP
3349 if (!SSL_SRP_CTX_init(s
))
3353 if (!s
->method
->ssl_clear(s
))
3359 void ssl3_free(SSL
*s
)
3364 ssl3_cleanup_key_block(s
);
3366 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3367 EVP_PKEY_free(s
->s3
.peer_tmp
);
3368 s
->s3
.peer_tmp
= NULL
;
3369 EVP_PKEY_free(s
->s3
.tmp
.pkey
);
3370 s
->s3
.tmp
.pkey
= NULL
;
3373 ssl_evp_cipher_free(s
->s3
.tmp
.new_sym_enc
);
3374 ssl_evp_md_free(s
->s3
.tmp
.new_hash
);
3376 OPENSSL_free(s
->s3
.tmp
.ctype
);
3377 sk_X509_NAME_pop_free(s
->s3
.tmp
.peer_ca_names
, X509_NAME_free
);
3378 OPENSSL_free(s
->s3
.tmp
.ciphers_raw
);
3379 OPENSSL_clear_free(s
->s3
.tmp
.pms
, s
->s3
.tmp
.pmslen
);
3380 OPENSSL_free(s
->s3
.tmp
.peer_sigalgs
);
3381 OPENSSL_free(s
->s3
.tmp
.peer_cert_sigalgs
);
3382 ssl3_free_digest_list(s
);
3383 OPENSSL_free(s
->s3
.alpn_selected
);
3384 OPENSSL_free(s
->s3
.alpn_proposed
);
3386 #ifndef OPENSSL_NO_SRP
3387 SSL_SRP_CTX_free(s
);
3389 memset(&s
->s3
, 0, sizeof(s
->s3
));
3392 int ssl3_clear(SSL
*s
)
3394 ssl3_cleanup_key_block(s
);
3395 OPENSSL_free(s
->s3
.tmp
.ctype
);
3396 sk_X509_NAME_pop_free(s
->s3
.tmp
.peer_ca_names
, X509_NAME_free
);
3397 OPENSSL_free(s
->s3
.tmp
.ciphers_raw
);
3398 OPENSSL_clear_free(s
->s3
.tmp
.pms
, s
->s3
.tmp
.pmslen
);
3399 OPENSSL_free(s
->s3
.tmp
.peer_sigalgs
);
3400 OPENSSL_free(s
->s3
.tmp
.peer_cert_sigalgs
);
3402 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3403 EVP_PKEY_free(s
->s3
.tmp
.pkey
);
3404 EVP_PKEY_free(s
->s3
.peer_tmp
);
3405 #endif /* !OPENSSL_NO_EC */
3407 ssl3_free_digest_list(s
);
3409 OPENSSL_free(s
->s3
.alpn_selected
);
3410 OPENSSL_free(s
->s3
.alpn_proposed
);
3412 /* NULL/zero-out everything in the s3 struct */
3413 memset(&s
->s3
, 0, sizeof(s
->s3
));
3415 if (!ssl_free_wbio_buffer(s
))
3418 s
->version
= SSL3_VERSION
;
3420 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3421 OPENSSL_free(s
->ext
.npn
);
3429 #ifndef OPENSSL_NO_SRP
3430 static char *srp_password_from_info_cb(SSL
*s
, void *arg
)
3432 return OPENSSL_strdup(s
->srp_ctx
.info
);
3436 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
);
3438 long ssl3_ctrl(SSL
*s
, int cmd
, long larg
, void *parg
)
3443 case SSL_CTRL_GET_CLIENT_CERT_REQUEST
:
3445 case SSL_CTRL_GET_NUM_RENEGOTIATIONS
:
3446 ret
= s
->s3
.num_renegotiations
;
3448 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS
:
3449 ret
= s
->s3
.num_renegotiations
;
3450 s
->s3
.num_renegotiations
= 0;
3452 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS
:
3453 ret
= s
->s3
.total_renegotiations
;
3455 case SSL_CTRL_GET_FLAGS
:
3456 ret
= (int)(s
->s3
.flags
);
3458 #ifndef OPENSSL_NO_DH
3459 case SSL_CTRL_SET_TMP_DH
:
3461 DH
*dh
= (DH
*)parg
;
3462 EVP_PKEY
*pkdh
= NULL
;
3464 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3467 pkdh
= ssl_dh_to_pkey(dh
);
3469 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_MALLOC_FAILURE
);
3472 if (!ssl_security(s
, SSL_SECOP_TMP_DH
,
3473 EVP_PKEY_security_bits(pkdh
), 0, pkdh
)) {
3474 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_DH_KEY_TOO_SMALL
);
3475 EVP_PKEY_free(pkdh
);
3478 EVP_PKEY_free(s
->cert
->dh_tmp
);
3479 s
->cert
->dh_tmp
= pkdh
;
3483 case SSL_CTRL_SET_TMP_DH_CB
:
3485 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3488 case SSL_CTRL_SET_DH_AUTO
:
3489 s
->cert
->dh_tmp_auto
= larg
;
3492 #ifndef OPENSSL_NO_EC
3493 case SSL_CTRL_SET_TMP_ECDH
:
3495 const EC_GROUP
*group
= NULL
;
3499 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3502 group
= EC_KEY_get0_group((const EC_KEY
*)parg
);
3503 if (group
== NULL
) {
3504 SSLerr(SSL_F_SSL3_CTRL
, EC_R_MISSING_PARAMETERS
);
3507 nid
= EC_GROUP_get_curve_name(group
);
3508 if (nid
== NID_undef
)
3510 return tls1_set_groups(&s
->ext
.supportedgroups
,
3511 &s
->ext
.supportedgroups_len
,
3515 #endif /* !OPENSSL_NO_EC */
3516 case SSL_CTRL_SET_TLSEXT_HOSTNAME
:
3519 * This API is only used for a client to set what SNI it will request
3520 * from the server, but we currently allow it to be used on servers
3521 * as well, which is a programming error. Currently we just clear
3522 * the field in SSL_do_handshake() for server SSLs, but when we can
3523 * make ABI-breaking changes, we may want to make use of this API
3524 * an error on server SSLs.
3526 if (larg
== TLSEXT_NAMETYPE_host_name
) {
3529 OPENSSL_free(s
->ext
.hostname
);
3530 s
->ext
.hostname
= NULL
;
3535 len
= strlen((char *)parg
);
3536 if (len
== 0 || len
> TLSEXT_MAXLEN_host_name
) {
3537 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME
);
3540 if ((s
->ext
.hostname
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3541 SSLerr(SSL_F_SSL3_CTRL
, ERR_R_INTERNAL_ERROR
);
3545 SSLerr(SSL_F_SSL3_CTRL
, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE
);
3549 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG
:
3550 s
->ext
.debug_arg
= parg
;
3554 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3555 ret
= s
->ext
.status_type
;
3558 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3559 s
->ext
.status_type
= larg
;
3563 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS
:
3564 *(STACK_OF(X509_EXTENSION
) **)parg
= s
->ext
.ocsp
.exts
;
3568 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS
:
3569 s
->ext
.ocsp
.exts
= parg
;
3573 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS
:
3574 *(STACK_OF(OCSP_RESPID
) **)parg
= s
->ext
.ocsp
.ids
;
3578 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS
:
3579 s
->ext
.ocsp
.ids
= parg
;
3583 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3584 *(unsigned char **)parg
= s
->ext
.ocsp
.resp
;
3585 if (s
->ext
.ocsp
.resp_len
== 0
3586 || s
->ext
.ocsp
.resp_len
> LONG_MAX
)
3588 return (long)s
->ext
.ocsp
.resp_len
;
3590 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
:
3591 OPENSSL_free(s
->ext
.ocsp
.resp
);
3592 s
->ext
.ocsp
.resp
= parg
;
3593 s
->ext
.ocsp
.resp_len
= larg
;
3597 case SSL_CTRL_CHAIN
:
3599 return ssl_cert_set1_chain(s
, NULL
, (STACK_OF(X509
) *)parg
);
3601 return ssl_cert_set0_chain(s
, NULL
, (STACK_OF(X509
) *)parg
);
3603 case SSL_CTRL_CHAIN_CERT
:
3605 return ssl_cert_add1_chain_cert(s
, NULL
, (X509
*)parg
);
3607 return ssl_cert_add0_chain_cert(s
, NULL
, (X509
*)parg
);
3609 case SSL_CTRL_GET_CHAIN_CERTS
:
3610 *(STACK_OF(X509
) **)parg
= s
->cert
->key
->chain
;
3614 case SSL_CTRL_SELECT_CURRENT_CERT
:
3615 return ssl_cert_select_current(s
->cert
, (X509
*)parg
);
3617 case SSL_CTRL_SET_CURRENT_CERT
:
3618 if (larg
== SSL_CERT_SET_SERVER
) {
3619 const SSL_CIPHER
*cipher
;
3622 cipher
= s
->s3
.tmp
.new_cipher
;
3626 * No certificate for unauthenticated ciphersuites or using SRP
3629 if (cipher
->algorithm_auth
& (SSL_aNULL
| SSL_aSRP
))
3631 if (s
->s3
.tmp
.cert
== NULL
)
3633 s
->cert
->key
= s
->s3
.tmp
.cert
;
3636 return ssl_cert_set_current(s
->cert
, larg
);
3638 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3639 case SSL_CTRL_GET_GROUPS
:
3646 clist
= s
->ext
.peer_supportedgroups
;
3647 clistlen
= s
->ext
.peer_supportedgroups_len
;
3652 for (i
= 0; i
< clistlen
; i
++) {
3653 const TLS_GROUP_INFO
*cinf
3654 = tls1_group_id_lookup(s
->ctx
, clist
[i
]);
3657 cptr
[i
] = tls1_group_id2nid(cinf
->group_id
, 1);
3659 cptr
[i
] = TLSEXT_nid_unknown
| clist
[i
];
3662 return (int)clistlen
;
3665 case SSL_CTRL_SET_GROUPS
:
3666 return tls1_set_groups(&s
->ext
.supportedgroups
,
3667 &s
->ext
.supportedgroups_len
, parg
, larg
);
3669 case SSL_CTRL_SET_GROUPS_LIST
:
3670 return tls1_set_groups_list(s
->ctx
, &s
->ext
.supportedgroups
,
3671 &s
->ext
.supportedgroups_len
, parg
);
3673 case SSL_CTRL_GET_SHARED_GROUP
:
3675 uint16_t id
= tls1_shared_group(s
, larg
);
3678 return tls1_group_id2nid(id
, 1);
3681 case SSL_CTRL_GET_NEGOTIATED_GROUP
:
3682 ret
= tls1_group_id2nid(s
->s3
.group_id
, 1);
3684 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3686 case SSL_CTRL_SET_SIGALGS
:
3687 return tls1_set_sigalgs(s
->cert
, parg
, larg
, 0);
3689 case SSL_CTRL_SET_SIGALGS_LIST
:
3690 return tls1_set_sigalgs_list(s
->cert
, parg
, 0);
3692 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3693 return tls1_set_sigalgs(s
->cert
, parg
, larg
, 1);
3695 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3696 return tls1_set_sigalgs_list(s
->cert
, parg
, 1);
3698 case SSL_CTRL_GET_CLIENT_CERT_TYPES
:
3700 const unsigned char **pctype
= parg
;
3701 if (s
->server
|| !s
->s3
.tmp
.cert_req
)
3704 *pctype
= s
->s3
.tmp
.ctype
;
3705 return s
->s3
.tmp
.ctype_len
;
3708 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3711 return ssl3_set_req_cert_type(s
->cert
, parg
, larg
);
3713 case SSL_CTRL_BUILD_CERT_CHAIN
:
3714 return ssl_build_cert_chain(s
, NULL
, larg
);
3716 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3717 return ssl_cert_set_cert_store(s
->cert
, parg
, 0, larg
);
3719 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3720 return ssl_cert_set_cert_store(s
->cert
, parg
, 1, larg
);
3722 case SSL_CTRL_GET_PEER_SIGNATURE_NID
:
3723 if (s
->s3
.tmp
.peer_sigalg
== NULL
)
3725 *(int *)parg
= s
->s3
.tmp
.peer_sigalg
->hash
;
3728 case SSL_CTRL_GET_SIGNATURE_NID
:
3729 if (s
->s3
.tmp
.sigalg
== NULL
)
3731 *(int *)parg
= s
->s3
.tmp
.sigalg
->hash
;
3734 case SSL_CTRL_GET_PEER_TMP_KEY
:
3735 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3736 if (s
->session
== NULL
|| s
->s3
.peer_tmp
== NULL
) {
3739 EVP_PKEY_up_ref(s
->s3
.peer_tmp
);
3740 *(EVP_PKEY
**)parg
= s
->s3
.peer_tmp
;
3747 case SSL_CTRL_GET_TMP_KEY
:
3748 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3749 if (s
->session
== NULL
|| s
->s3
.tmp
.pkey
== NULL
) {
3752 EVP_PKEY_up_ref(s
->s3
.tmp
.pkey
);
3753 *(EVP_PKEY
**)parg
= s
->s3
.tmp
.pkey
;
3760 #ifndef OPENSSL_NO_EC
3761 case SSL_CTRL_GET_EC_POINT_FORMATS
:
3763 const unsigned char **pformat
= parg
;
3765 if (s
->ext
.peer_ecpointformats
== NULL
)
3767 *pformat
= s
->ext
.peer_ecpointformats
;
3768 return (int)s
->ext
.peer_ecpointformats_len
;
3778 long ssl3_callback_ctrl(SSL
*s
, int cmd
, void (*fp
) (void))
3783 #ifndef OPENSSL_NO_DH
3784 case SSL_CTRL_SET_TMP_DH_CB
:
3786 s
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
3790 case SSL_CTRL_SET_TLSEXT_DEBUG_CB
:
3791 s
->ext
.debug_cb
= (void (*)(SSL
*, int, int,
3792 const unsigned char *, int, void *))fp
;
3795 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
3797 s
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
3806 long ssl3_ctx_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
3809 #ifndef OPENSSL_NO_DH
3810 case SSL_CTRL_SET_TMP_DH
:
3812 DH
*dh
= (DH
*)parg
;
3813 EVP_PKEY
*pkdh
= NULL
;
3815 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3818 pkdh
= ssl_dh_to_pkey(dh
);
3820 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
3823 if (!ssl_ctx_security(ctx
, SSL_SECOP_TMP_DH
,
3824 EVP_PKEY_security_bits(pkdh
), 0, pkdh
)) {
3825 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_DH_KEY_TOO_SMALL
);
3826 EVP_PKEY_free(pkdh
);
3829 EVP_PKEY_free(ctx
->cert
->dh_tmp
);
3830 ctx
->cert
->dh_tmp
= pkdh
;
3833 case SSL_CTRL_SET_TMP_DH_CB
:
3835 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
3838 case SSL_CTRL_SET_DH_AUTO
:
3839 ctx
->cert
->dh_tmp_auto
= larg
;
3842 #ifndef OPENSSL_NO_EC
3843 case SSL_CTRL_SET_TMP_ECDH
:
3845 const EC_GROUP
*group
= NULL
;
3849 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
3852 group
= EC_KEY_get0_group((const EC_KEY
*)parg
);
3853 if (group
== NULL
) {
3854 SSLerr(SSL_F_SSL3_CTX_CTRL
, EC_R_MISSING_PARAMETERS
);
3857 nid
= EC_GROUP_get_curve_name(group
);
3858 if (nid
== NID_undef
)
3860 return tls1_set_groups(&ctx
->ext
.supportedgroups
,
3861 &ctx
->ext
.supportedgroups_len
,
3864 #endif /* !OPENSSL_NO_EC */
3865 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
:
3866 ctx
->ext
.servername_arg
= parg
;
3868 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS
:
3869 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS
:
3871 unsigned char *keys
= parg
;
3872 long tick_keylen
= (sizeof(ctx
->ext
.tick_key_name
) +
3873 sizeof(ctx
->ext
.secure
->tick_hmac_key
) +
3874 sizeof(ctx
->ext
.secure
->tick_aes_key
));
3877 if (larg
!= tick_keylen
) {
3878 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_INVALID_TICKET_KEYS_LENGTH
);
3881 if (cmd
== SSL_CTRL_SET_TLSEXT_TICKET_KEYS
) {
3882 memcpy(ctx
->ext
.tick_key_name
, keys
,
3883 sizeof(ctx
->ext
.tick_key_name
));
3884 memcpy(ctx
->ext
.secure
->tick_hmac_key
,
3885 keys
+ sizeof(ctx
->ext
.tick_key_name
),
3886 sizeof(ctx
->ext
.secure
->tick_hmac_key
));
3887 memcpy(ctx
->ext
.secure
->tick_aes_key
,
3888 keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3889 sizeof(ctx
->ext
.secure
->tick_hmac_key
),
3890 sizeof(ctx
->ext
.secure
->tick_aes_key
));
3892 memcpy(keys
, ctx
->ext
.tick_key_name
,
3893 sizeof(ctx
->ext
.tick_key_name
));
3894 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
),
3895 ctx
->ext
.secure
->tick_hmac_key
,
3896 sizeof(ctx
->ext
.secure
->tick_hmac_key
));
3897 memcpy(keys
+ sizeof(ctx
->ext
.tick_key_name
) +
3898 sizeof(ctx
->ext
.secure
->tick_hmac_key
),
3899 ctx
->ext
.secure
->tick_aes_key
,
3900 sizeof(ctx
->ext
.secure
->tick_aes_key
));
3905 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
3906 return ctx
->ext
.status_type
;
3908 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
3909 ctx
->ext
.status_type
= larg
;
3912 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG
:
3913 ctx
->ext
.status_arg
= parg
;
3916 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
:
3917 *(void**)parg
= ctx
->ext
.status_arg
;
3920 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
:
3921 *(int (**)(SSL
*, void*))parg
= ctx
->ext
.status_cb
;
3924 #ifndef OPENSSL_NO_SRP
3925 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME
:
3926 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3927 OPENSSL_free(ctx
->srp_ctx
.login
);
3928 ctx
->srp_ctx
.login
= NULL
;
3931 if (strlen((const char *)parg
) > 255 || strlen((const char *)parg
) < 1) {
3932 SSLerr(SSL_F_SSL3_CTX_CTRL
, SSL_R_INVALID_SRP_USERNAME
);
3935 if ((ctx
->srp_ctx
.login
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3936 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_INTERNAL_ERROR
);
3940 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD
:
3941 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
3942 srp_password_from_info_cb
;
3943 if (ctx
->srp_ctx
.info
!= NULL
)
3944 OPENSSL_free(ctx
->srp_ctx
.info
);
3945 if ((ctx
->srp_ctx
.info
= OPENSSL_strdup((char *)parg
)) == NULL
) {
3946 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_INTERNAL_ERROR
);
3950 case SSL_CTRL_SET_SRP_ARG
:
3951 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
3952 ctx
->srp_ctx
.SRP_cb_arg
= parg
;
3955 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH
:
3956 ctx
->srp_ctx
.strength
= larg
;
3960 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3961 case SSL_CTRL_SET_GROUPS
:
3962 return tls1_set_groups(&ctx
->ext
.supportedgroups
,
3963 &ctx
->ext
.supportedgroups_len
,
3966 case SSL_CTRL_SET_GROUPS_LIST
:
3967 return tls1_set_groups_list(ctx
, &ctx
->ext
.supportedgroups
,
3968 &ctx
->ext
.supportedgroups_len
,
3970 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3972 case SSL_CTRL_SET_SIGALGS
:
3973 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 0);
3975 case SSL_CTRL_SET_SIGALGS_LIST
:
3976 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 0);
3978 case SSL_CTRL_SET_CLIENT_SIGALGS
:
3979 return tls1_set_sigalgs(ctx
->cert
, parg
, larg
, 1);
3981 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST
:
3982 return tls1_set_sigalgs_list(ctx
->cert
, parg
, 1);
3984 case SSL_CTRL_SET_CLIENT_CERT_TYPES
:
3985 return ssl3_set_req_cert_type(ctx
->cert
, parg
, larg
);
3987 case SSL_CTRL_BUILD_CERT_CHAIN
:
3988 return ssl_build_cert_chain(NULL
, ctx
, larg
);
3990 case SSL_CTRL_SET_VERIFY_CERT_STORE
:
3991 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 0, larg
);
3993 case SSL_CTRL_SET_CHAIN_CERT_STORE
:
3994 return ssl_cert_set_cert_store(ctx
->cert
, parg
, 1, larg
);
3996 /* A Thawte special :-) */
3997 case SSL_CTRL_EXTRA_CHAIN_CERT
:
3998 if (ctx
->extra_certs
== NULL
) {
3999 if ((ctx
->extra_certs
= sk_X509_new_null()) == NULL
) {
4000 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
4004 if (!X509v3_cache_extensions((X509
*)parg
, ctx
->libctx
, ctx
->propq
)) {
4005 SSLerr(0, ERR_LIB_X509
);
4008 if (!sk_X509_push(ctx
->extra_certs
, (X509
*)parg
)) {
4009 SSLerr(SSL_F_SSL3_CTX_CTRL
, ERR_R_MALLOC_FAILURE
);
4014 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS
:
4015 if (ctx
->extra_certs
== NULL
&& larg
== 0)
4016 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
4018 *(STACK_OF(X509
) **)parg
= ctx
->extra_certs
;
4021 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS
:
4022 sk_X509_pop_free(ctx
->extra_certs
, X509_free
);
4023 ctx
->extra_certs
= NULL
;
4026 case SSL_CTRL_CHAIN
:
4028 return ssl_cert_set1_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
4030 return ssl_cert_set0_chain(NULL
, ctx
, (STACK_OF(X509
) *)parg
);
4032 case SSL_CTRL_CHAIN_CERT
:
4034 return ssl_cert_add1_chain_cert(NULL
, ctx
, (X509
*)parg
);
4036 return ssl_cert_add0_chain_cert(NULL
, ctx
, (X509
*)parg
);
4038 case SSL_CTRL_GET_CHAIN_CERTS
:
4039 *(STACK_OF(X509
) **)parg
= ctx
->cert
->key
->chain
;
4042 case SSL_CTRL_SELECT_CURRENT_CERT
:
4043 return ssl_cert_select_current(ctx
->cert
, (X509
*)parg
);
4045 case SSL_CTRL_SET_CURRENT_CERT
:
4046 return ssl_cert_set_current(ctx
->cert
, larg
);
4054 long ssl3_ctx_callback_ctrl(SSL_CTX
*ctx
, int cmd
, void (*fp
) (void))
4057 #ifndef OPENSSL_NO_DH
4058 case SSL_CTRL_SET_TMP_DH_CB
:
4060 ctx
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
4064 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
:
4065 ctx
->ext
.servername_cb
= (int (*)(SSL
*, int *, void *))fp
;
4068 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
:
4069 ctx
->ext
.status_cb
= (int (*)(SSL
*, void *))fp
;
4072 # ifndef OPENSSL_NO_DEPRECATED_3_0
4073 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
:
4074 ctx
->ext
.ticket_key_cb
= (int (*)(SSL
*, unsigned char *,
4077 HMAC_CTX
*, int))fp
;
4081 #ifndef OPENSSL_NO_SRP
4082 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB
:
4083 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
4084 ctx
->srp_ctx
.SRP_verify_param_callback
= (int (*)(SSL
*, void *))fp
;
4086 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
:
4087 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
4088 ctx
->srp_ctx
.TLS_ext_srp_username_callback
=
4089 (int (*)(SSL
*, int *, void *))fp
;
4091 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB
:
4092 ctx
->srp_ctx
.srp_Mask
|= SSL_kSRP
;
4093 ctx
->srp_ctx
.SRP_give_srp_client_pwd_callback
=
4094 (char *(*)(SSL
*, void *))fp
;
4097 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB
:
4099 ctx
->not_resumable_session_cb
= (int (*)(SSL
*, int))fp
;
4108 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4109 (SSL_CTX
*ctx
, int (*fp
)(SSL
*, unsigned char *, unsigned char *,
4110 EVP_CIPHER_CTX
*, EVP_MAC_CTX
*, int))
4112 ctx
->ext
.ticket_key_evp_cb
= fp
;
4116 const SSL_CIPHER
*ssl3_get_cipher_by_id(uint32_t id
)
4119 const SSL_CIPHER
*cp
;
4122 cp
= OBJ_bsearch_ssl_cipher_id(&c
, tls13_ciphers
, TLS13_NUM_CIPHERS
);
4125 cp
= OBJ_bsearch_ssl_cipher_id(&c
, ssl3_ciphers
, SSL3_NUM_CIPHERS
);
4128 return OBJ_bsearch_ssl_cipher_id(&c
, ssl3_scsvs
, SSL3_NUM_SCSVS
);
4131 const SSL_CIPHER
*ssl3_get_cipher_by_std_name(const char *stdname
)
4133 SSL_CIPHER
*c
= NULL
, *tbl
;
4134 SSL_CIPHER
*alltabs
[] = {tls13_ciphers
, ssl3_ciphers
};
4135 size_t i
, j
, tblsize
[] = {TLS13_NUM_CIPHERS
, SSL3_NUM_CIPHERS
};
4137 /* this is not efficient, necessary to optimize this? */
4138 for (j
= 0; j
< OSSL_NELEM(alltabs
); j
++) {
4139 for (i
= 0, tbl
= alltabs
[j
]; i
< tblsize
[j
]; i
++, tbl
++) {
4140 if (tbl
->stdname
== NULL
)
4142 if (strcmp(stdname
, tbl
->stdname
) == 0) {
4150 for (i
= 0; i
< SSL3_NUM_SCSVS
; i
++, tbl
++) {
4151 if (strcmp(stdname
, tbl
->stdname
) == 0) {
4161 * This function needs to check if the ciphers required are actually
4164 const SSL_CIPHER
*ssl3_get_cipher_by_char(const unsigned char *p
)
4166 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4167 | ((uint32_t)p
[0] << 8L)
4171 int ssl3_put_cipher_by_char(const SSL_CIPHER
*c
, WPACKET
*pkt
, size_t *len
)
4173 if ((c
->id
& 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG
) {
4178 if (!WPACKET_put_bytes_u16(pkt
, c
->id
& 0xffff))
4186 * ssl3_choose_cipher - choose a cipher from those offered by the client
4187 * @s: SSL connection
4188 * @clnt: ciphers offered by the client
4189 * @srvr: ciphers enabled on the server?
4191 * Returns the selected cipher or NULL when no common ciphers.
4193 const SSL_CIPHER
*ssl3_choose_cipher(SSL
*s
, STACK_OF(SSL_CIPHER
) *clnt
,
4194 STACK_OF(SSL_CIPHER
) *srvr
)
4196 const SSL_CIPHER
*c
, *ret
= NULL
;
4197 STACK_OF(SSL_CIPHER
) *prio
, *allow
;
4198 int i
, ii
, ok
, prefer_sha256
= 0;
4199 unsigned long alg_k
= 0, alg_a
= 0, mask_k
= 0, mask_a
= 0;
4200 #ifndef OPENSSL_NO_CHACHA
4201 STACK_OF(SSL_CIPHER
) *prio_chacha
= NULL
;
4204 /* Let's see which ciphers we can support */
4207 * Do not set the compare functions, because this may lead to a
4208 * reordering by "id". We want to keep the original ordering. We may pay
4209 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4210 * pay with the price of sk_SSL_CIPHER_dup().
4213 OSSL_TRACE_BEGIN(TLS_CIPHER
) {
4214 BIO_printf(trc_out
, "Server has %d from %p:\n",
4215 sk_SSL_CIPHER_num(srvr
), (void *)srvr
);
4216 for (i
= 0; i
< sk_SSL_CIPHER_num(srvr
); ++i
) {
4217 c
= sk_SSL_CIPHER_value(srvr
, i
);
4218 BIO_printf(trc_out
, "%p:%s\n", (void *)c
, c
->name
);
4220 BIO_printf(trc_out
, "Client sent %d from %p:\n",
4221 sk_SSL_CIPHER_num(clnt
), (void *)clnt
);
4222 for (i
= 0; i
< sk_SSL_CIPHER_num(clnt
); ++i
) {
4223 c
= sk_SSL_CIPHER_value(clnt
, i
);
4224 BIO_printf(trc_out
, "%p:%s\n", (void *)c
, c
->name
);
4226 } OSSL_TRACE_END(TLS_CIPHER
);
4228 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4229 if (tls1_suiteb(s
)) {
4232 } else if (s
->options
& SSL_OP_CIPHER_SERVER_PREFERENCE
) {
4235 #ifndef OPENSSL_NO_CHACHA
4236 /* If ChaCha20 is at the top of the client preference list,
4237 and there are ChaCha20 ciphers in the server list, then
4238 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4239 if (s
->options
& SSL_OP_PRIORITIZE_CHACHA
&& sk_SSL_CIPHER_num(clnt
) > 0) {
4240 c
= sk_SSL_CIPHER_value(clnt
, 0);
4241 if (c
->algorithm_enc
== SSL_CHACHA20POLY1305
) {
4242 /* ChaCha20 is client preferred, check server... */
4243 int num
= sk_SSL_CIPHER_num(srvr
);
4245 for (i
= 0; i
< num
; i
++) {
4246 c
= sk_SSL_CIPHER_value(srvr
, i
);
4247 if (c
->algorithm_enc
== SSL_CHACHA20POLY1305
) {
4253 prio_chacha
= sk_SSL_CIPHER_new_reserve(NULL
, num
);
4254 /* if reserve fails, then there's likely a memory issue */
4255 if (prio_chacha
!= NULL
) {
4256 /* Put all ChaCha20 at the top, starting with the one we just found */
4257 sk_SSL_CIPHER_push(prio_chacha
, c
);
4258 for (i
++; i
< num
; i
++) {
4259 c
= sk_SSL_CIPHER_value(srvr
, i
);
4260 if (c
->algorithm_enc
== SSL_CHACHA20POLY1305
)
4261 sk_SSL_CIPHER_push(prio_chacha
, c
);
4263 /* Pull in the rest */
4264 for (i
= 0; i
< num
; i
++) {
4265 c
= sk_SSL_CIPHER_value(srvr
, i
);
4266 if (c
->algorithm_enc
!= SSL_CHACHA20POLY1305
)
4267 sk_SSL_CIPHER_push(prio_chacha
, c
);
4280 if (SSL_IS_TLS13(s
)) {
4281 #ifndef OPENSSL_NO_PSK
4285 * If we allow "old" style PSK callbacks, and we have no certificate (so
4286 * we're not going to succeed without a PSK anyway), and we're in
4287 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4288 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4291 if (s
->psk_server_callback
!= NULL
) {
4292 for (j
= 0; j
< SSL_PKEY_NUM
&& !ssl_has_cert(s
, j
); j
++);
4293 if (j
== SSL_PKEY_NUM
) {
4294 /* There are no certificates */
4300 tls1_set_cert_validity(s
);
4304 for (i
= 0; i
< sk_SSL_CIPHER_num(prio
); i
++) {
4305 c
= sk_SSL_CIPHER_value(prio
, i
);
4307 /* Skip ciphers not supported by the protocol version */
4308 if (!SSL_IS_DTLS(s
) &&
4309 ((s
->version
< c
->min_tls
) || (s
->version
> c
->max_tls
)))
4311 if (SSL_IS_DTLS(s
) &&
4312 (DTLS_VERSION_LT(s
->version
, c
->min_dtls
) ||
4313 DTLS_VERSION_GT(s
->version
, c
->max_dtls
)))
4317 * Since TLS 1.3 ciphersuites can be used with any auth or
4318 * key exchange scheme skip tests.
4320 if (!SSL_IS_TLS13(s
)) {
4321 mask_k
= s
->s3
.tmp
.mask_k
;
4322 mask_a
= s
->s3
.tmp
.mask_a
;
4323 #ifndef OPENSSL_NO_SRP
4324 if (s
->srp_ctx
.srp_Mask
& SSL_kSRP
) {
4330 alg_k
= c
->algorithm_mkey
;
4331 alg_a
= c
->algorithm_auth
;
4333 #ifndef OPENSSL_NO_PSK
4334 /* with PSK there must be server callback set */
4335 if ((alg_k
& SSL_PSK
) && s
->psk_server_callback
== NULL
)
4337 #endif /* OPENSSL_NO_PSK */
4339 ok
= (alg_k
& mask_k
) && (alg_a
& mask_a
);
4340 OSSL_TRACE7(TLS_CIPHER
,
4341 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4342 ok
, alg_k
, alg_a
, mask_k
, mask_a
, (void *)c
, c
->name
);
4344 #ifndef OPENSSL_NO_EC
4346 * if we are considering an ECC cipher suite that uses an ephemeral
4349 if (alg_k
& SSL_kECDHE
)
4350 ok
= ok
&& tls1_check_ec_tmp_key(s
, c
->id
);
4351 #endif /* OPENSSL_NO_EC */
4356 ii
= sk_SSL_CIPHER_find(allow
, c
);
4358 /* Check security callback permits this cipher */
4359 if (!ssl_security(s
, SSL_SECOP_CIPHER_SHARED
,
4360 c
->strength_bits
, 0, (void *)c
))
4362 #if !defined(OPENSSL_NO_EC)
4363 if ((alg_k
& SSL_kECDHE
) && (alg_a
& SSL_aECDSA
)
4364 && s
->s3
.is_probably_safari
) {
4366 ret
= sk_SSL_CIPHER_value(allow
, ii
);
4370 if (prefer_sha256
) {
4371 const SSL_CIPHER
*tmp
= sk_SSL_CIPHER_value(allow
, ii
);
4374 * TODO: When there are no more legacy digests we can just use
4375 * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
4377 if (EVP_MD_is_a(ssl_md(s
->ctx
, tmp
->algorithm2
),
4378 OBJ_nid2sn(NID_sha256
))) {
4386 ret
= sk_SSL_CIPHER_value(allow
, ii
);
4390 #ifndef OPENSSL_NO_CHACHA
4391 sk_SSL_CIPHER_free(prio_chacha
);
4396 int ssl3_get_req_cert_type(SSL
*s
, WPACKET
*pkt
)
4398 uint32_t alg_k
, alg_a
= 0;
4400 /* If we have custom certificate types set, use them */
4402 return WPACKET_memcpy(pkt
, s
->cert
->ctype
, s
->cert
->ctype_len
);
4403 /* Get mask of algorithms disabled by signature list */
4404 ssl_set_sig_mask(&alg_a
, s
, SSL_SECOP_SIGALG_MASK
);
4406 alg_k
= s
->s3
.tmp
.new_cipher
->algorithm_mkey
;
4408 #ifndef OPENSSL_NO_GOST
4409 if (s
->version
>= TLS1_VERSION
&& (alg_k
& SSL_kGOST
))
4410 if (!WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST01_SIGN
)
4411 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_SIGN
)
4412 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_512_SIGN
)
4413 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_LEGACY_SIGN
)
4414 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_LEGACY_512_SIGN
))
4417 if (s
->version
>= TLS1_2_VERSION
&& (alg_k
& SSL_kGOST18
))
4418 if (!WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_SIGN
)
4419 || !WPACKET_put_bytes_u8(pkt
, TLS_CT_GOST12_IANA_512_SIGN
))
4423 if ((s
->version
== SSL3_VERSION
) && (alg_k
& SSL_kDHE
)) {
4424 #ifndef OPENSSL_NO_DH
4425 # ifndef OPENSSL_NO_RSA
4426 if (!WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_EPHEMERAL_DH
))
4429 # ifndef OPENSSL_NO_DSA
4430 if (!WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_EPHEMERAL_DH
))
4433 #endif /* !OPENSSL_NO_DH */
4435 #ifndef OPENSSL_NO_RSA
4436 if (!(alg_a
& SSL_aRSA
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_RSA_SIGN
))
4439 #ifndef OPENSSL_NO_DSA
4440 if (!(alg_a
& SSL_aDSS
) && !WPACKET_put_bytes_u8(pkt
, SSL3_CT_DSS_SIGN
))
4443 #ifndef OPENSSL_NO_EC
4445 * ECDSA certs can be used with RSA cipher suites too so we don't
4446 * need to check for SSL_kECDH or SSL_kECDHE
4448 if (s
->version
>= TLS1_VERSION
4449 && !(alg_a
& SSL_aECDSA
)
4450 && !WPACKET_put_bytes_u8(pkt
, TLS_CT_ECDSA_SIGN
))
4456 static int ssl3_set_req_cert_type(CERT
*c
, const unsigned char *p
, size_t len
)
4458 OPENSSL_free(c
->ctype
);
4461 if (p
== NULL
|| len
== 0)
4465 c
->ctype
= OPENSSL_memdup(p
, len
);
4466 if (c
->ctype
== NULL
)
4472 int ssl3_shutdown(SSL
*s
)
4477 * Don't do anything much if we have not done the handshake or we don't
4478 * want to send messages :-)
4480 if (s
->quiet_shutdown
|| SSL_in_before(s
)) {
4481 s
->shutdown
= (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
);
4485 if (!(s
->shutdown
& SSL_SENT_SHUTDOWN
)) {
4486 s
->shutdown
|= SSL_SENT_SHUTDOWN
;
4487 ssl3_send_alert(s
, SSL3_AL_WARNING
, SSL_AD_CLOSE_NOTIFY
);
4489 * our shutdown alert has been sent now, and if it still needs to be
4490 * written, s->s3.alert_dispatch will be true
4492 if (s
->s3
.alert_dispatch
)
4493 return -1; /* return WANT_WRITE */
4494 } else if (s
->s3
.alert_dispatch
) {
4495 /* resend it if not sent */
4496 ret
= s
->method
->ssl_dispatch_alert(s
);
4499 * we only get to return -1 here the 2nd/Nth invocation, we must
4500 * have already signalled return 0 upon a previous invocation,
4505 } else if (!(s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
4508 * If we are waiting for a close from our peer, we are closed
4510 s
->method
->ssl_read_bytes(s
, 0, NULL
, NULL
, 0, 0, &readbytes
);
4511 if (!(s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
4512 return -1; /* return WANT_READ */
4516 if ((s
->shutdown
== (SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
)) &&
4517 !s
->s3
.alert_dispatch
)
4523 int ssl3_write(SSL
*s
, const void *buf
, size_t len
, size_t *written
)
4526 if (s
->s3
.renegotiate
)
4527 ssl3_renegotiate_check(s
, 0);
4529 return s
->method
->ssl_write_bytes(s
, SSL3_RT_APPLICATION_DATA
, buf
, len
,
4533 static int ssl3_read_internal(SSL
*s
, void *buf
, size_t len
, int peek
,
4539 if (s
->s3
.renegotiate
)
4540 ssl3_renegotiate_check(s
, 0);
4541 s
->s3
.in_read_app_data
= 1;
4543 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
, len
,
4545 if ((ret
== -1) && (s
->s3
.in_read_app_data
== 2)) {
4547 * ssl3_read_bytes decided to call s->handshake_func, which called
4548 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4549 * actually found application data and thinks that application data
4550 * makes sense here; so disable handshake processing and try to read
4551 * application data again.
4553 ossl_statem_set_in_handshake(s
, 1);
4555 s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, NULL
, buf
,
4556 len
, peek
, readbytes
);
4557 ossl_statem_set_in_handshake(s
, 0);
4559 s
->s3
.in_read_app_data
= 0;
4564 int ssl3_read(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
4566 return ssl3_read_internal(s
, buf
, len
, 0, readbytes
);
4569 int ssl3_peek(SSL
*s
, void *buf
, size_t len
, size_t *readbytes
)
4571 return ssl3_read_internal(s
, buf
, len
, 1, readbytes
);
4574 int ssl3_renegotiate(SSL
*s
)
4576 if (s
->handshake_func
== NULL
)
4579 s
->s3
.renegotiate
= 1;
4584 * Check if we are waiting to do a renegotiation and if so whether now is a
4585 * good time to do it. If |initok| is true then we are being called from inside
4586 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4587 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4588 * should do a renegotiation now and sets up the state machine for it. Otherwise
4591 int ssl3_renegotiate_check(SSL
*s
, int initok
)
4595 if (s
->s3
.renegotiate
) {
4596 if (!RECORD_LAYER_read_pending(&s
->rlayer
)
4597 && !RECORD_LAYER_write_pending(&s
->rlayer
)
4598 && (initok
|| !SSL_in_init(s
))) {
4600 * if we are the server, and we have sent a 'RENEGOTIATE'
4601 * message, we need to set the state machine into the renegotiate
4604 ossl_statem_set_renegotiate(s
);
4605 s
->s3
.renegotiate
= 0;
4606 s
->s3
.num_renegotiations
++;
4607 s
->s3
.total_renegotiations
++;
4615 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4616 * handshake macs if required.
4618 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4620 long ssl_get_algorithm2(SSL
*s
)
4623 if (s
->s3
.tmp
.new_cipher
== NULL
)
4625 alg2
= s
->s3
.tmp
.new_cipher
->algorithm2
;
4626 if (s
->method
->ssl3_enc
->enc_flags
& SSL_ENC_FLAG_SHA256_PRF
) {
4627 if (alg2
== (SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
))
4628 return SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
;
4629 } else if (s
->s3
.tmp
.new_cipher
->algorithm_mkey
& SSL_PSK
) {
4630 if (alg2
== (SSL_HANDSHAKE_MAC_SHA384
| TLS1_PRF_SHA384
))
4631 return SSL_HANDSHAKE_MAC_DEFAULT
| TLS1_PRF
;
4637 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4638 * failure, 1 on success.
4640 int ssl_fill_hello_random(SSL
*s
, int server
, unsigned char *result
, size_t len
,
4643 int send_time
= 0, ret
;
4648 send_time
= (s
->mode
& SSL_MODE_SEND_SERVERHELLO_TIME
) != 0;
4650 send_time
= (s
->mode
& SSL_MODE_SEND_CLIENTHELLO_TIME
) != 0;
4652 unsigned long Time
= (unsigned long)time(NULL
);
4653 unsigned char *p
= result
;
4656 ret
= RAND_bytes_ex(s
->ctx
->libctx
, p
, len
- 4);
4658 ret
= RAND_bytes_ex(s
->ctx
->libctx
, result
, len
);
4662 if (!ossl_assert(sizeof(tls11downgrade
) < len
)
4663 || !ossl_assert(sizeof(tls12downgrade
) < len
))
4665 if (dgrd
== DOWNGRADE_TO_1_2
)
4666 memcpy(result
+ len
- sizeof(tls12downgrade
), tls12downgrade
,
4667 sizeof(tls12downgrade
));
4668 else if (dgrd
== DOWNGRADE_TO_1_1
)
4669 memcpy(result
+ len
- sizeof(tls11downgrade
), tls11downgrade
,
4670 sizeof(tls11downgrade
));
4676 int ssl_generate_master_secret(SSL
*s
, unsigned char *pms
, size_t pmslen
,
4679 unsigned long alg_k
= s
->s3
.tmp
.new_cipher
->algorithm_mkey
;
4682 if (alg_k
& SSL_PSK
) {
4683 #ifndef OPENSSL_NO_PSK
4684 unsigned char *pskpms
, *t
;
4685 size_t psklen
= s
->s3
.tmp
.psklen
;
4688 /* create PSK premaster_secret */
4690 /* For plain PSK "other_secret" is psklen zeroes */
4691 if (alg_k
& SSL_kPSK
)
4694 pskpmslen
= 4 + pmslen
+ psklen
;
4695 pskpms
= OPENSSL_malloc(pskpmslen
);
4700 if (alg_k
& SSL_kPSK
)
4701 memset(t
, 0, pmslen
);
4703 memcpy(t
, pms
, pmslen
);
4706 memcpy(t
, s
->s3
.tmp
.psk
, psklen
);
4708 OPENSSL_clear_free(s
->s3
.tmp
.psk
, psklen
);
4709 s
->s3
.tmp
.psk
= NULL
;
4710 if (!s
->method
->ssl3_enc
->generate_master_secret(s
,
4711 s
->session
->master_key
, pskpms
, pskpmslen
,
4712 &s
->session
->master_key_length
)) {
4713 OPENSSL_clear_free(pskpms
, pskpmslen
);
4714 /* SSLfatal() already called */
4717 OPENSSL_clear_free(pskpms
, pskpmslen
);
4719 /* Should never happen */
4723 if (!s
->method
->ssl3_enc
->generate_master_secret(s
,
4724 s
->session
->master_key
, pms
, pmslen
,
4725 &s
->session
->master_key_length
)) {
4726 /* SSLfatal() already called */
4735 OPENSSL_clear_free(pms
, pmslen
);
4737 OPENSSL_cleanse(pms
, pmslen
);
4740 s
->s3
.tmp
.pms
= NULL
;
4744 /* Generate a private key from parameters */
4745 EVP_PKEY
*ssl_generate_pkey(SSL
*s
, EVP_PKEY
*pm
)
4747 EVP_PKEY_CTX
*pctx
= NULL
;
4748 EVP_PKEY
*pkey
= NULL
;
4752 pctx
= EVP_PKEY_CTX_new_from_pkey(s
->ctx
->libctx
, pm
, s
->ctx
->propq
);
4755 if (EVP_PKEY_keygen_init(pctx
) <= 0)
4757 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4758 EVP_PKEY_free(pkey
);
4763 EVP_PKEY_CTX_free(pctx
);
4767 /* Generate a private key from a group ID */
4768 EVP_PKEY
*ssl_generate_pkey_group(SSL
*s
, uint16_t id
)
4770 const TLS_GROUP_INFO
*ginf
= tls1_group_id_lookup(s
->ctx
, id
);
4771 EVP_PKEY_CTX
*pctx
= NULL
;
4772 EVP_PKEY
*pkey
= NULL
;
4775 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4776 ERR_R_INTERNAL_ERROR
);
4780 pctx
= EVP_PKEY_CTX_new_from_name(s
->ctx
->libctx
, ginf
->algorithm
,
4784 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4785 ERR_R_MALLOC_FAILURE
);
4788 if (EVP_PKEY_keygen_init(pctx
) <= 0) {
4789 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4793 if (!EVP_PKEY_CTX_set_group_name(pctx
, ginf
->realname
)) {
4794 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4798 if (EVP_PKEY_keygen(pctx
, &pkey
) <= 0) {
4799 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4801 EVP_PKEY_free(pkey
);
4806 EVP_PKEY_CTX_free(pctx
);
4811 * Generate parameters from a group ID
4813 EVP_PKEY
*ssl_generate_param_group(SSL
*s
, uint16_t id
)
4815 EVP_PKEY_CTX
*pctx
= NULL
;
4816 EVP_PKEY
*pkey
= NULL
;
4817 const TLS_GROUP_INFO
*ginf
= tls1_group_id_lookup(s
->ctx
, id
);
4822 pctx
= EVP_PKEY_CTX_new_from_name(s
->ctx
->libctx
, ginf
->algorithm
,
4827 if (EVP_PKEY_paramgen_init(pctx
) <= 0)
4829 if (!EVP_PKEY_CTX_set_group_name(pctx
, ginf
->realname
)) {
4830 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_GENERATE_PKEY_GROUP
,
4834 if (EVP_PKEY_paramgen(pctx
, &pkey
) <= 0) {
4835 EVP_PKEY_free(pkey
);
4840 EVP_PKEY_CTX_free(pctx
);
4844 /* Derive secrets for ECDH/DH */
4845 int ssl_derive(SSL
*s
, EVP_PKEY
*privkey
, EVP_PKEY
*pubkey
, int gensecret
)
4848 unsigned char *pms
= NULL
;
4852 if (privkey
== NULL
|| pubkey
== NULL
) {
4853 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_DERIVE
,
4854 ERR_R_INTERNAL_ERROR
);
4858 pctx
= EVP_PKEY_CTX_new_from_pkey(s
->ctx
->libctx
, privkey
, s
->ctx
->propq
);
4860 if (EVP_PKEY_derive_init(pctx
) <= 0
4861 || EVP_PKEY_derive_set_peer(pctx
, pubkey
) <= 0
4862 || EVP_PKEY_derive(pctx
, NULL
, &pmslen
) <= 0) {
4863 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_DERIVE
,
4864 ERR_R_INTERNAL_ERROR
);
4868 #ifndef OPENSSL_NO_DH
4869 if (SSL_IS_TLS13(s
) && EVP_PKEY_id(privkey
) == EVP_PKEY_DH
)
4870 EVP_PKEY_CTX_set_dh_pad(pctx
, 1);
4873 pms
= OPENSSL_malloc(pmslen
);
4875 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_DERIVE
,
4876 ERR_R_MALLOC_FAILURE
);
4880 if (EVP_PKEY_derive(pctx
, pms
, &pmslen
) <= 0) {
4881 SSLfatal(s
, SSL_AD_INTERNAL_ERROR
, SSL_F_SSL_DERIVE
,
4882 ERR_R_INTERNAL_ERROR
);
4887 /* SSLfatal() called as appropriate in the below functions */
4888 if (SSL_IS_TLS13(s
)) {
4890 * If we are resuming then we already generated the early secret
4891 * when we created the ClientHello, so don't recreate it.
4894 rv
= tls13_generate_secret(s
, ssl_handshake_md(s
), NULL
, NULL
,
4896 (unsigned char *)&s
->early_secret
);
4900 rv
= rv
&& tls13_generate_handshake_secret(s
, pms
, pmslen
);
4902 rv
= ssl_generate_master_secret(s
, pms
, pmslen
, 0);
4905 /* Save premaster secret */
4906 s
->s3
.tmp
.pms
= pms
;
4907 s
->s3
.tmp
.pmslen
= pmslen
;
4913 OPENSSL_clear_free(pms
, pmslen
);
4914 EVP_PKEY_CTX_free(pctx
);
4918 #ifndef OPENSSL_NO_DH
4919 EVP_PKEY
*ssl_dh_to_pkey(DH
*dh
)
4924 ret
= EVP_PKEY_new();
4925 if (EVP_PKEY_set1_DH(ret
, dh
) <= 0) {