]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/s3_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call
[thirdparty/openssl.git] / ssl / s3_lib.c
1 /*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include "internal/cryptlib.h"
22
23 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
24 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
25 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
26
27 /* TLSv1.3 downgrade protection sentinel values */
28 const unsigned char tls11downgrade[] = {
29 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
30 };
31 const unsigned char tls12downgrade[] = {
32 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
33 };
34
35 /* The list of available TLSv1.3 ciphers */
36 static SSL_CIPHER tls13_ciphers[] = {
37 {
38 1,
39 TLS1_3_RFC_AES_128_GCM_SHA256,
40 TLS1_3_RFC_AES_128_GCM_SHA256,
41 TLS1_3_CK_AES_128_GCM_SHA256,
42 SSL_kANY,
43 SSL_aANY,
44 SSL_AES128GCM,
45 SSL_AEAD,
46 TLS1_3_VERSION, TLS1_3_VERSION,
47 0, 0,
48 SSL_HIGH,
49 SSL_HANDSHAKE_MAC_SHA256,
50 128,
51 128,
52 }, {
53 1,
54 TLS1_3_RFC_AES_256_GCM_SHA384,
55 TLS1_3_RFC_AES_256_GCM_SHA384,
56 TLS1_3_CK_AES_256_GCM_SHA384,
57 SSL_kANY,
58 SSL_aANY,
59 SSL_AES256GCM,
60 SSL_AEAD,
61 TLS1_3_VERSION, TLS1_3_VERSION,
62 0, 0,
63 SSL_HIGH,
64 SSL_HANDSHAKE_MAC_SHA384,
65 256,
66 256,
67 },
68 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
69 {
70 1,
71 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
72 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
73 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
74 SSL_kANY,
75 SSL_aANY,
76 SSL_CHACHA20POLY1305,
77 SSL_AEAD,
78 TLS1_3_VERSION, TLS1_3_VERSION,
79 0, 0,
80 SSL_HIGH,
81 SSL_HANDSHAKE_MAC_SHA256,
82 256,
83 256,
84 },
85 #endif
86 {
87 1,
88 TLS1_3_RFC_AES_128_CCM_SHA256,
89 TLS1_3_RFC_AES_128_CCM_SHA256,
90 TLS1_3_CK_AES_128_CCM_SHA256,
91 SSL_kANY,
92 SSL_aANY,
93 SSL_AES128CCM,
94 SSL_AEAD,
95 TLS1_3_VERSION, TLS1_3_VERSION,
96 0, 0,
97 SSL_NOT_DEFAULT | SSL_HIGH,
98 SSL_HANDSHAKE_MAC_SHA256,
99 128,
100 128,
101 }, {
102 1,
103 TLS1_3_RFC_AES_128_CCM_8_SHA256,
104 TLS1_3_RFC_AES_128_CCM_8_SHA256,
105 TLS1_3_CK_AES_128_CCM_8_SHA256,
106 SSL_kANY,
107 SSL_aANY,
108 SSL_AES128CCM8,
109 SSL_AEAD,
110 TLS1_3_VERSION, TLS1_3_VERSION,
111 0, 0,
112 SSL_NOT_DEFAULT | SSL_HIGH,
113 SSL_HANDSHAKE_MAC_SHA256,
114 128,
115 128,
116 }
117 };
118
119 /*
120 * The list of available ciphers, mostly organized into the following
121 * groups:
122 * Always there
123 * EC
124 * PSK
125 * SRP (within that: RSA EC PSK)
126 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
127 * Weak ciphers
128 */
129 static SSL_CIPHER ssl3_ciphers[] = {
130 {
131 1,
132 SSL3_TXT_RSA_NULL_MD5,
133 SSL3_RFC_RSA_NULL_MD5,
134 SSL3_CK_RSA_NULL_MD5,
135 SSL_kRSA,
136 SSL_aRSA,
137 SSL_eNULL,
138 SSL_MD5,
139 SSL3_VERSION, TLS1_2_VERSION,
140 DTLS1_BAD_VER, DTLS1_2_VERSION,
141 SSL_STRONG_NONE,
142 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
143 0,
144 0,
145 },
146 {
147 1,
148 SSL3_TXT_RSA_NULL_SHA,
149 SSL3_RFC_RSA_NULL_SHA,
150 SSL3_CK_RSA_NULL_SHA,
151 SSL_kRSA,
152 SSL_aRSA,
153 SSL_eNULL,
154 SSL_SHA1,
155 SSL3_VERSION, TLS1_2_VERSION,
156 DTLS1_BAD_VER, DTLS1_2_VERSION,
157 SSL_STRONG_NONE | SSL_FIPS,
158 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
159 0,
160 0,
161 },
162 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
163 {
164 1,
165 SSL3_TXT_RSA_DES_192_CBC3_SHA,
166 SSL3_RFC_RSA_DES_192_CBC3_SHA,
167 SSL3_CK_RSA_DES_192_CBC3_SHA,
168 SSL_kRSA,
169 SSL_aRSA,
170 SSL_3DES,
171 SSL_SHA1,
172 SSL3_VERSION, TLS1_2_VERSION,
173 DTLS1_BAD_VER, DTLS1_2_VERSION,
174 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
175 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176 112,
177 168,
178 },
179 {
180 1,
181 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
182 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
183 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
184 SSL_kDHE,
185 SSL_aDSS,
186 SSL_3DES,
187 SSL_SHA1,
188 SSL3_VERSION, TLS1_2_VERSION,
189 DTLS1_BAD_VER, DTLS1_2_VERSION,
190 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
191 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
192 112,
193 168,
194 },
195 {
196 1,
197 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
198 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
199 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
200 SSL_kDHE,
201 SSL_aRSA,
202 SSL_3DES,
203 SSL_SHA1,
204 SSL3_VERSION, TLS1_2_VERSION,
205 DTLS1_BAD_VER, DTLS1_2_VERSION,
206 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
207 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
208 112,
209 168,
210 },
211 {
212 1,
213 SSL3_TXT_ADH_DES_192_CBC_SHA,
214 SSL3_RFC_ADH_DES_192_CBC_SHA,
215 SSL3_CK_ADH_DES_192_CBC_SHA,
216 SSL_kDHE,
217 SSL_aNULL,
218 SSL_3DES,
219 SSL_SHA1,
220 SSL3_VERSION, TLS1_2_VERSION,
221 DTLS1_BAD_VER, DTLS1_2_VERSION,
222 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
223 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
224 112,
225 168,
226 },
227 #endif
228 {
229 1,
230 TLS1_TXT_RSA_WITH_AES_128_SHA,
231 TLS1_RFC_RSA_WITH_AES_128_SHA,
232 TLS1_CK_RSA_WITH_AES_128_SHA,
233 SSL_kRSA,
234 SSL_aRSA,
235 SSL_AES128,
236 SSL_SHA1,
237 SSL3_VERSION, TLS1_2_VERSION,
238 DTLS1_BAD_VER, DTLS1_2_VERSION,
239 SSL_HIGH | SSL_FIPS,
240 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
241 128,
242 128,
243 },
244 {
245 1,
246 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
247 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
248 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
249 SSL_kDHE,
250 SSL_aDSS,
251 SSL_AES128,
252 SSL_SHA1,
253 SSL3_VERSION, TLS1_2_VERSION,
254 DTLS1_BAD_VER, DTLS1_2_VERSION,
255 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
256 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
257 128,
258 128,
259 },
260 {
261 1,
262 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
263 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
264 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
265 SSL_kDHE,
266 SSL_aRSA,
267 SSL_AES128,
268 SSL_SHA1,
269 SSL3_VERSION, TLS1_2_VERSION,
270 DTLS1_BAD_VER, DTLS1_2_VERSION,
271 SSL_HIGH | SSL_FIPS,
272 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
273 128,
274 128,
275 },
276 {
277 1,
278 TLS1_TXT_ADH_WITH_AES_128_SHA,
279 TLS1_RFC_ADH_WITH_AES_128_SHA,
280 TLS1_CK_ADH_WITH_AES_128_SHA,
281 SSL_kDHE,
282 SSL_aNULL,
283 SSL_AES128,
284 SSL_SHA1,
285 SSL3_VERSION, TLS1_2_VERSION,
286 DTLS1_BAD_VER, DTLS1_2_VERSION,
287 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
288 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
289 128,
290 128,
291 },
292 {
293 1,
294 TLS1_TXT_RSA_WITH_AES_256_SHA,
295 TLS1_RFC_RSA_WITH_AES_256_SHA,
296 TLS1_CK_RSA_WITH_AES_256_SHA,
297 SSL_kRSA,
298 SSL_aRSA,
299 SSL_AES256,
300 SSL_SHA1,
301 SSL3_VERSION, TLS1_2_VERSION,
302 DTLS1_BAD_VER, DTLS1_2_VERSION,
303 SSL_HIGH | SSL_FIPS,
304 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
305 256,
306 256,
307 },
308 {
309 1,
310 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
311 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
312 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
313 SSL_kDHE,
314 SSL_aDSS,
315 SSL_AES256,
316 SSL_SHA1,
317 SSL3_VERSION, TLS1_2_VERSION,
318 DTLS1_BAD_VER, DTLS1_2_VERSION,
319 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
320 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
321 256,
322 256,
323 },
324 {
325 1,
326 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
327 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
328 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
329 SSL_kDHE,
330 SSL_aRSA,
331 SSL_AES256,
332 SSL_SHA1,
333 SSL3_VERSION, TLS1_2_VERSION,
334 DTLS1_BAD_VER, DTLS1_2_VERSION,
335 SSL_HIGH | SSL_FIPS,
336 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
337 256,
338 256,
339 },
340 {
341 1,
342 TLS1_TXT_ADH_WITH_AES_256_SHA,
343 TLS1_RFC_ADH_WITH_AES_256_SHA,
344 TLS1_CK_ADH_WITH_AES_256_SHA,
345 SSL_kDHE,
346 SSL_aNULL,
347 SSL_AES256,
348 SSL_SHA1,
349 SSL3_VERSION, TLS1_2_VERSION,
350 DTLS1_BAD_VER, DTLS1_2_VERSION,
351 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
353 256,
354 256,
355 },
356 {
357 1,
358 TLS1_TXT_RSA_WITH_NULL_SHA256,
359 TLS1_RFC_RSA_WITH_NULL_SHA256,
360 TLS1_CK_RSA_WITH_NULL_SHA256,
361 SSL_kRSA,
362 SSL_aRSA,
363 SSL_eNULL,
364 SSL_SHA256,
365 TLS1_2_VERSION, TLS1_2_VERSION,
366 DTLS1_2_VERSION, DTLS1_2_VERSION,
367 SSL_STRONG_NONE | SSL_FIPS,
368 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
369 0,
370 0,
371 },
372 {
373 1,
374 TLS1_TXT_RSA_WITH_AES_128_SHA256,
375 TLS1_RFC_RSA_WITH_AES_128_SHA256,
376 TLS1_CK_RSA_WITH_AES_128_SHA256,
377 SSL_kRSA,
378 SSL_aRSA,
379 SSL_AES128,
380 SSL_SHA256,
381 TLS1_2_VERSION, TLS1_2_VERSION,
382 DTLS1_2_VERSION, DTLS1_2_VERSION,
383 SSL_HIGH | SSL_FIPS,
384 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
385 128,
386 128,
387 },
388 {
389 1,
390 TLS1_TXT_RSA_WITH_AES_256_SHA256,
391 TLS1_RFC_RSA_WITH_AES_256_SHA256,
392 TLS1_CK_RSA_WITH_AES_256_SHA256,
393 SSL_kRSA,
394 SSL_aRSA,
395 SSL_AES256,
396 SSL_SHA256,
397 TLS1_2_VERSION, TLS1_2_VERSION,
398 DTLS1_2_VERSION, DTLS1_2_VERSION,
399 SSL_HIGH | SSL_FIPS,
400 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
401 256,
402 256,
403 },
404 {
405 1,
406 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
407 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
408 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
409 SSL_kDHE,
410 SSL_aDSS,
411 SSL_AES128,
412 SSL_SHA256,
413 TLS1_2_VERSION, TLS1_2_VERSION,
414 DTLS1_2_VERSION, DTLS1_2_VERSION,
415 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
417 128,
418 128,
419 },
420 {
421 1,
422 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
423 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
424 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
425 SSL_kDHE,
426 SSL_aRSA,
427 SSL_AES128,
428 SSL_SHA256,
429 TLS1_2_VERSION, TLS1_2_VERSION,
430 DTLS1_2_VERSION, DTLS1_2_VERSION,
431 SSL_HIGH | SSL_FIPS,
432 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
433 128,
434 128,
435 },
436 {
437 1,
438 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
439 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
440 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
441 SSL_kDHE,
442 SSL_aDSS,
443 SSL_AES256,
444 SSL_SHA256,
445 TLS1_2_VERSION, TLS1_2_VERSION,
446 DTLS1_2_VERSION, DTLS1_2_VERSION,
447 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
448 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
449 256,
450 256,
451 },
452 {
453 1,
454 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
455 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
456 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
457 SSL_kDHE,
458 SSL_aRSA,
459 SSL_AES256,
460 SSL_SHA256,
461 TLS1_2_VERSION, TLS1_2_VERSION,
462 DTLS1_2_VERSION, DTLS1_2_VERSION,
463 SSL_HIGH | SSL_FIPS,
464 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
465 256,
466 256,
467 },
468 {
469 1,
470 TLS1_TXT_ADH_WITH_AES_128_SHA256,
471 TLS1_RFC_ADH_WITH_AES_128_SHA256,
472 TLS1_CK_ADH_WITH_AES_128_SHA256,
473 SSL_kDHE,
474 SSL_aNULL,
475 SSL_AES128,
476 SSL_SHA256,
477 TLS1_2_VERSION, TLS1_2_VERSION,
478 DTLS1_2_VERSION, DTLS1_2_VERSION,
479 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
480 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
481 128,
482 128,
483 },
484 {
485 1,
486 TLS1_TXT_ADH_WITH_AES_256_SHA256,
487 TLS1_RFC_ADH_WITH_AES_256_SHA256,
488 TLS1_CK_ADH_WITH_AES_256_SHA256,
489 SSL_kDHE,
490 SSL_aNULL,
491 SSL_AES256,
492 SSL_SHA256,
493 TLS1_2_VERSION, TLS1_2_VERSION,
494 DTLS1_2_VERSION, DTLS1_2_VERSION,
495 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
496 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
497 256,
498 256,
499 },
500 {
501 1,
502 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
503 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
504 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
505 SSL_kRSA,
506 SSL_aRSA,
507 SSL_AES128GCM,
508 SSL_AEAD,
509 TLS1_2_VERSION, TLS1_2_VERSION,
510 DTLS1_2_VERSION, DTLS1_2_VERSION,
511 SSL_HIGH | SSL_FIPS,
512 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
513 128,
514 128,
515 },
516 {
517 1,
518 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
519 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
520 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
521 SSL_kRSA,
522 SSL_aRSA,
523 SSL_AES256GCM,
524 SSL_AEAD,
525 TLS1_2_VERSION, TLS1_2_VERSION,
526 DTLS1_2_VERSION, DTLS1_2_VERSION,
527 SSL_HIGH | SSL_FIPS,
528 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
529 256,
530 256,
531 },
532 {
533 1,
534 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
535 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
536 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
537 SSL_kDHE,
538 SSL_aRSA,
539 SSL_AES128GCM,
540 SSL_AEAD,
541 TLS1_2_VERSION, TLS1_2_VERSION,
542 DTLS1_2_VERSION, DTLS1_2_VERSION,
543 SSL_HIGH | SSL_FIPS,
544 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
545 128,
546 128,
547 },
548 {
549 1,
550 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
551 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
552 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
553 SSL_kDHE,
554 SSL_aRSA,
555 SSL_AES256GCM,
556 SSL_AEAD,
557 TLS1_2_VERSION, TLS1_2_VERSION,
558 DTLS1_2_VERSION, DTLS1_2_VERSION,
559 SSL_HIGH | SSL_FIPS,
560 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
561 256,
562 256,
563 },
564 {
565 1,
566 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
567 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
568 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
569 SSL_kDHE,
570 SSL_aDSS,
571 SSL_AES128GCM,
572 SSL_AEAD,
573 TLS1_2_VERSION, TLS1_2_VERSION,
574 DTLS1_2_VERSION, DTLS1_2_VERSION,
575 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
576 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
577 128,
578 128,
579 },
580 {
581 1,
582 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
583 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
584 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
585 SSL_kDHE,
586 SSL_aDSS,
587 SSL_AES256GCM,
588 SSL_AEAD,
589 TLS1_2_VERSION, TLS1_2_VERSION,
590 DTLS1_2_VERSION, DTLS1_2_VERSION,
591 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
592 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
593 256,
594 256,
595 },
596 {
597 1,
598 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
599 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
600 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
601 SSL_kDHE,
602 SSL_aNULL,
603 SSL_AES128GCM,
604 SSL_AEAD,
605 TLS1_2_VERSION, TLS1_2_VERSION,
606 DTLS1_2_VERSION, DTLS1_2_VERSION,
607 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
608 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
609 128,
610 128,
611 },
612 {
613 1,
614 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
615 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
616 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
617 SSL_kDHE,
618 SSL_aNULL,
619 SSL_AES256GCM,
620 SSL_AEAD,
621 TLS1_2_VERSION, TLS1_2_VERSION,
622 DTLS1_2_VERSION, DTLS1_2_VERSION,
623 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
624 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
625 256,
626 256,
627 },
628 {
629 1,
630 TLS1_TXT_RSA_WITH_AES_128_CCM,
631 TLS1_RFC_RSA_WITH_AES_128_CCM,
632 TLS1_CK_RSA_WITH_AES_128_CCM,
633 SSL_kRSA,
634 SSL_aRSA,
635 SSL_AES128CCM,
636 SSL_AEAD,
637 TLS1_2_VERSION, TLS1_2_VERSION,
638 DTLS1_2_VERSION, DTLS1_2_VERSION,
639 SSL_NOT_DEFAULT | SSL_HIGH,
640 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
641 128,
642 128,
643 },
644 {
645 1,
646 TLS1_TXT_RSA_WITH_AES_256_CCM,
647 TLS1_RFC_RSA_WITH_AES_256_CCM,
648 TLS1_CK_RSA_WITH_AES_256_CCM,
649 SSL_kRSA,
650 SSL_aRSA,
651 SSL_AES256CCM,
652 SSL_AEAD,
653 TLS1_2_VERSION, TLS1_2_VERSION,
654 DTLS1_2_VERSION, DTLS1_2_VERSION,
655 SSL_NOT_DEFAULT | SSL_HIGH,
656 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
657 256,
658 256,
659 },
660 {
661 1,
662 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
663 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
664 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
665 SSL_kDHE,
666 SSL_aRSA,
667 SSL_AES128CCM,
668 SSL_AEAD,
669 TLS1_2_VERSION, TLS1_2_VERSION,
670 DTLS1_2_VERSION, DTLS1_2_VERSION,
671 SSL_NOT_DEFAULT | SSL_HIGH,
672 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
673 128,
674 128,
675 },
676 {
677 1,
678 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
679 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
680 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
681 SSL_kDHE,
682 SSL_aRSA,
683 SSL_AES256CCM,
684 SSL_AEAD,
685 TLS1_2_VERSION, TLS1_2_VERSION,
686 DTLS1_2_VERSION, DTLS1_2_VERSION,
687 SSL_NOT_DEFAULT | SSL_HIGH,
688 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
689 256,
690 256,
691 },
692 {
693 1,
694 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
695 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
696 TLS1_CK_RSA_WITH_AES_128_CCM_8,
697 SSL_kRSA,
698 SSL_aRSA,
699 SSL_AES128CCM8,
700 SSL_AEAD,
701 TLS1_2_VERSION, TLS1_2_VERSION,
702 DTLS1_2_VERSION, DTLS1_2_VERSION,
703 SSL_NOT_DEFAULT | SSL_HIGH,
704 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
705 128,
706 128,
707 },
708 {
709 1,
710 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
711 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
712 TLS1_CK_RSA_WITH_AES_256_CCM_8,
713 SSL_kRSA,
714 SSL_aRSA,
715 SSL_AES256CCM8,
716 SSL_AEAD,
717 TLS1_2_VERSION, TLS1_2_VERSION,
718 DTLS1_2_VERSION, DTLS1_2_VERSION,
719 SSL_NOT_DEFAULT | SSL_HIGH,
720 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
721 256,
722 256,
723 },
724 {
725 1,
726 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
727 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
728 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
729 SSL_kDHE,
730 SSL_aRSA,
731 SSL_AES128CCM8,
732 SSL_AEAD,
733 TLS1_2_VERSION, TLS1_2_VERSION,
734 DTLS1_2_VERSION, DTLS1_2_VERSION,
735 SSL_NOT_DEFAULT | SSL_HIGH,
736 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
737 128,
738 128,
739 },
740 {
741 1,
742 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
743 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
744 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
745 SSL_kDHE,
746 SSL_aRSA,
747 SSL_AES256CCM8,
748 SSL_AEAD,
749 TLS1_2_VERSION, TLS1_2_VERSION,
750 DTLS1_2_VERSION, DTLS1_2_VERSION,
751 SSL_NOT_DEFAULT | SSL_HIGH,
752 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
753 256,
754 256,
755 },
756 {
757 1,
758 TLS1_TXT_PSK_WITH_AES_128_CCM,
759 TLS1_RFC_PSK_WITH_AES_128_CCM,
760 TLS1_CK_PSK_WITH_AES_128_CCM,
761 SSL_kPSK,
762 SSL_aPSK,
763 SSL_AES128CCM,
764 SSL_AEAD,
765 TLS1_2_VERSION, TLS1_2_VERSION,
766 DTLS1_2_VERSION, DTLS1_2_VERSION,
767 SSL_NOT_DEFAULT | SSL_HIGH,
768 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
769 128,
770 128,
771 },
772 {
773 1,
774 TLS1_TXT_PSK_WITH_AES_256_CCM,
775 TLS1_RFC_PSK_WITH_AES_256_CCM,
776 TLS1_CK_PSK_WITH_AES_256_CCM,
777 SSL_kPSK,
778 SSL_aPSK,
779 SSL_AES256CCM,
780 SSL_AEAD,
781 TLS1_2_VERSION, TLS1_2_VERSION,
782 DTLS1_2_VERSION, DTLS1_2_VERSION,
783 SSL_NOT_DEFAULT | SSL_HIGH,
784 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
785 256,
786 256,
787 },
788 {
789 1,
790 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
791 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
792 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
793 SSL_kDHEPSK,
794 SSL_aPSK,
795 SSL_AES128CCM,
796 SSL_AEAD,
797 TLS1_2_VERSION, TLS1_2_VERSION,
798 DTLS1_2_VERSION, DTLS1_2_VERSION,
799 SSL_NOT_DEFAULT | SSL_HIGH,
800 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
801 128,
802 128,
803 },
804 {
805 1,
806 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
807 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
808 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
809 SSL_kDHEPSK,
810 SSL_aPSK,
811 SSL_AES256CCM,
812 SSL_AEAD,
813 TLS1_2_VERSION, TLS1_2_VERSION,
814 DTLS1_2_VERSION, DTLS1_2_VERSION,
815 SSL_NOT_DEFAULT | SSL_HIGH,
816 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
817 256,
818 256,
819 },
820 {
821 1,
822 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
823 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
824 TLS1_CK_PSK_WITH_AES_128_CCM_8,
825 SSL_kPSK,
826 SSL_aPSK,
827 SSL_AES128CCM8,
828 SSL_AEAD,
829 TLS1_2_VERSION, TLS1_2_VERSION,
830 DTLS1_2_VERSION, DTLS1_2_VERSION,
831 SSL_NOT_DEFAULT | SSL_HIGH,
832 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
833 128,
834 128,
835 },
836 {
837 1,
838 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
839 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
840 TLS1_CK_PSK_WITH_AES_256_CCM_8,
841 SSL_kPSK,
842 SSL_aPSK,
843 SSL_AES256CCM8,
844 SSL_AEAD,
845 TLS1_2_VERSION, TLS1_2_VERSION,
846 DTLS1_2_VERSION, DTLS1_2_VERSION,
847 SSL_NOT_DEFAULT | SSL_HIGH,
848 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
849 256,
850 256,
851 },
852 {
853 1,
854 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
855 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
856 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
857 SSL_kDHEPSK,
858 SSL_aPSK,
859 SSL_AES128CCM8,
860 SSL_AEAD,
861 TLS1_2_VERSION, TLS1_2_VERSION,
862 DTLS1_2_VERSION, DTLS1_2_VERSION,
863 SSL_NOT_DEFAULT | SSL_HIGH,
864 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
865 128,
866 128,
867 },
868 {
869 1,
870 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
871 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
872 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
873 SSL_kDHEPSK,
874 SSL_aPSK,
875 SSL_AES256CCM8,
876 SSL_AEAD,
877 TLS1_2_VERSION, TLS1_2_VERSION,
878 DTLS1_2_VERSION, DTLS1_2_VERSION,
879 SSL_NOT_DEFAULT | SSL_HIGH,
880 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
881 256,
882 256,
883 },
884 {
885 1,
886 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
887 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
888 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
889 SSL_kECDHE,
890 SSL_aECDSA,
891 SSL_AES128CCM,
892 SSL_AEAD,
893 TLS1_2_VERSION, TLS1_2_VERSION,
894 DTLS1_2_VERSION, DTLS1_2_VERSION,
895 SSL_NOT_DEFAULT | SSL_HIGH,
896 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
897 128,
898 128,
899 },
900 {
901 1,
902 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
903 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
904 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
905 SSL_kECDHE,
906 SSL_aECDSA,
907 SSL_AES256CCM,
908 SSL_AEAD,
909 TLS1_2_VERSION, TLS1_2_VERSION,
910 DTLS1_2_VERSION, DTLS1_2_VERSION,
911 SSL_NOT_DEFAULT | SSL_HIGH,
912 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
913 256,
914 256,
915 },
916 {
917 1,
918 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
919 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
920 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
921 SSL_kECDHE,
922 SSL_aECDSA,
923 SSL_AES128CCM8,
924 SSL_AEAD,
925 TLS1_2_VERSION, TLS1_2_VERSION,
926 DTLS1_2_VERSION, DTLS1_2_VERSION,
927 SSL_NOT_DEFAULT | SSL_HIGH,
928 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
929 128,
930 128,
931 },
932 {
933 1,
934 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
935 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
936 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
937 SSL_kECDHE,
938 SSL_aECDSA,
939 SSL_AES256CCM8,
940 SSL_AEAD,
941 TLS1_2_VERSION, TLS1_2_VERSION,
942 DTLS1_2_VERSION, DTLS1_2_VERSION,
943 SSL_NOT_DEFAULT | SSL_HIGH,
944 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
945 256,
946 256,
947 },
948 {
949 1,
950 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
951 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
952 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
953 SSL_kECDHE,
954 SSL_aECDSA,
955 SSL_eNULL,
956 SSL_SHA1,
957 TLS1_VERSION, TLS1_2_VERSION,
958 DTLS1_BAD_VER, DTLS1_2_VERSION,
959 SSL_STRONG_NONE | SSL_FIPS,
960 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
961 0,
962 0,
963 },
964 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
965 {
966 1,
967 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
968 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
969 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
970 SSL_kECDHE,
971 SSL_aECDSA,
972 SSL_3DES,
973 SSL_SHA1,
974 TLS1_VERSION, TLS1_2_VERSION,
975 DTLS1_BAD_VER, DTLS1_2_VERSION,
976 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
977 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
978 112,
979 168,
980 },
981 # endif
982 {
983 1,
984 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
985 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
986 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
987 SSL_kECDHE,
988 SSL_aECDSA,
989 SSL_AES128,
990 SSL_SHA1,
991 TLS1_VERSION, TLS1_2_VERSION,
992 DTLS1_BAD_VER, DTLS1_2_VERSION,
993 SSL_HIGH | SSL_FIPS,
994 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
995 128,
996 128,
997 },
998 {
999 1,
1000 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1001 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1002 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1003 SSL_kECDHE,
1004 SSL_aECDSA,
1005 SSL_AES256,
1006 SSL_SHA1,
1007 TLS1_VERSION, TLS1_2_VERSION,
1008 DTLS1_BAD_VER, DTLS1_2_VERSION,
1009 SSL_HIGH | SSL_FIPS,
1010 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1011 256,
1012 256,
1013 },
1014 {
1015 1,
1016 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1017 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1018 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1019 SSL_kECDHE,
1020 SSL_aRSA,
1021 SSL_eNULL,
1022 SSL_SHA1,
1023 TLS1_VERSION, TLS1_2_VERSION,
1024 DTLS1_BAD_VER, DTLS1_2_VERSION,
1025 SSL_STRONG_NONE | SSL_FIPS,
1026 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1027 0,
1028 0,
1029 },
1030 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1031 {
1032 1,
1033 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1034 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1035 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1036 SSL_kECDHE,
1037 SSL_aRSA,
1038 SSL_3DES,
1039 SSL_SHA1,
1040 TLS1_VERSION, TLS1_2_VERSION,
1041 DTLS1_BAD_VER, DTLS1_2_VERSION,
1042 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1043 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1044 112,
1045 168,
1046 },
1047 # endif
1048 {
1049 1,
1050 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1051 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1052 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1053 SSL_kECDHE,
1054 SSL_aRSA,
1055 SSL_AES128,
1056 SSL_SHA1,
1057 TLS1_VERSION, TLS1_2_VERSION,
1058 DTLS1_BAD_VER, DTLS1_2_VERSION,
1059 SSL_HIGH | SSL_FIPS,
1060 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1061 128,
1062 128,
1063 },
1064 {
1065 1,
1066 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1067 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1068 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1069 SSL_kECDHE,
1070 SSL_aRSA,
1071 SSL_AES256,
1072 SSL_SHA1,
1073 TLS1_VERSION, TLS1_2_VERSION,
1074 DTLS1_BAD_VER, DTLS1_2_VERSION,
1075 SSL_HIGH | SSL_FIPS,
1076 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1077 256,
1078 256,
1079 },
1080 {
1081 1,
1082 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1083 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1084 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1085 SSL_kECDHE,
1086 SSL_aNULL,
1087 SSL_eNULL,
1088 SSL_SHA1,
1089 TLS1_VERSION, TLS1_2_VERSION,
1090 DTLS1_BAD_VER, DTLS1_2_VERSION,
1091 SSL_STRONG_NONE | SSL_FIPS,
1092 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1093 0,
1094 0,
1095 },
1096 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1097 {
1098 1,
1099 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1100 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1101 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1102 SSL_kECDHE,
1103 SSL_aNULL,
1104 SSL_3DES,
1105 SSL_SHA1,
1106 TLS1_VERSION, TLS1_2_VERSION,
1107 DTLS1_BAD_VER, DTLS1_2_VERSION,
1108 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1109 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1110 112,
1111 168,
1112 },
1113 # endif
1114 {
1115 1,
1116 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1117 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1118 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1119 SSL_kECDHE,
1120 SSL_aNULL,
1121 SSL_AES128,
1122 SSL_SHA1,
1123 TLS1_VERSION, TLS1_2_VERSION,
1124 DTLS1_BAD_VER, DTLS1_2_VERSION,
1125 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1126 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1127 128,
1128 128,
1129 },
1130 {
1131 1,
1132 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1133 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1134 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1135 SSL_kECDHE,
1136 SSL_aNULL,
1137 SSL_AES256,
1138 SSL_SHA1,
1139 TLS1_VERSION, TLS1_2_VERSION,
1140 DTLS1_BAD_VER, DTLS1_2_VERSION,
1141 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1142 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1143 256,
1144 256,
1145 },
1146 {
1147 1,
1148 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1149 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1150 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1151 SSL_kECDHE,
1152 SSL_aECDSA,
1153 SSL_AES128,
1154 SSL_SHA256,
1155 TLS1_2_VERSION, TLS1_2_VERSION,
1156 DTLS1_2_VERSION, DTLS1_2_VERSION,
1157 SSL_HIGH | SSL_FIPS,
1158 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1159 128,
1160 128,
1161 },
1162 {
1163 1,
1164 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1165 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1166 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1167 SSL_kECDHE,
1168 SSL_aECDSA,
1169 SSL_AES256,
1170 SSL_SHA384,
1171 TLS1_2_VERSION, TLS1_2_VERSION,
1172 DTLS1_2_VERSION, DTLS1_2_VERSION,
1173 SSL_HIGH | SSL_FIPS,
1174 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1175 256,
1176 256,
1177 },
1178 {
1179 1,
1180 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1181 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1182 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1183 SSL_kECDHE,
1184 SSL_aRSA,
1185 SSL_AES128,
1186 SSL_SHA256,
1187 TLS1_2_VERSION, TLS1_2_VERSION,
1188 DTLS1_2_VERSION, DTLS1_2_VERSION,
1189 SSL_HIGH | SSL_FIPS,
1190 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1191 128,
1192 128,
1193 },
1194 {
1195 1,
1196 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1197 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1198 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1199 SSL_kECDHE,
1200 SSL_aRSA,
1201 SSL_AES256,
1202 SSL_SHA384,
1203 TLS1_2_VERSION, TLS1_2_VERSION,
1204 DTLS1_2_VERSION, DTLS1_2_VERSION,
1205 SSL_HIGH | SSL_FIPS,
1206 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1207 256,
1208 256,
1209 },
1210 {
1211 1,
1212 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1213 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1214 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1215 SSL_kECDHE,
1216 SSL_aECDSA,
1217 SSL_AES128GCM,
1218 SSL_AEAD,
1219 TLS1_2_VERSION, TLS1_2_VERSION,
1220 DTLS1_2_VERSION, DTLS1_2_VERSION,
1221 SSL_HIGH | SSL_FIPS,
1222 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1223 128,
1224 128,
1225 },
1226 {
1227 1,
1228 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1229 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1230 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1231 SSL_kECDHE,
1232 SSL_aECDSA,
1233 SSL_AES256GCM,
1234 SSL_AEAD,
1235 TLS1_2_VERSION, TLS1_2_VERSION,
1236 DTLS1_2_VERSION, DTLS1_2_VERSION,
1237 SSL_HIGH | SSL_FIPS,
1238 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1239 256,
1240 256,
1241 },
1242 {
1243 1,
1244 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1245 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1246 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1247 SSL_kECDHE,
1248 SSL_aRSA,
1249 SSL_AES128GCM,
1250 SSL_AEAD,
1251 TLS1_2_VERSION, TLS1_2_VERSION,
1252 DTLS1_2_VERSION, DTLS1_2_VERSION,
1253 SSL_HIGH | SSL_FIPS,
1254 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1255 128,
1256 128,
1257 },
1258 {
1259 1,
1260 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1261 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1262 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1263 SSL_kECDHE,
1264 SSL_aRSA,
1265 SSL_AES256GCM,
1266 SSL_AEAD,
1267 TLS1_2_VERSION, TLS1_2_VERSION,
1268 DTLS1_2_VERSION, DTLS1_2_VERSION,
1269 SSL_HIGH | SSL_FIPS,
1270 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1271 256,
1272 256,
1273 },
1274 {
1275 1,
1276 TLS1_TXT_PSK_WITH_NULL_SHA,
1277 TLS1_RFC_PSK_WITH_NULL_SHA,
1278 TLS1_CK_PSK_WITH_NULL_SHA,
1279 SSL_kPSK,
1280 SSL_aPSK,
1281 SSL_eNULL,
1282 SSL_SHA1,
1283 SSL3_VERSION, TLS1_2_VERSION,
1284 DTLS1_BAD_VER, DTLS1_2_VERSION,
1285 SSL_STRONG_NONE | SSL_FIPS,
1286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1287 0,
1288 0,
1289 },
1290 {
1291 1,
1292 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1293 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1294 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1295 SSL_kDHEPSK,
1296 SSL_aPSK,
1297 SSL_eNULL,
1298 SSL_SHA1,
1299 SSL3_VERSION, TLS1_2_VERSION,
1300 DTLS1_BAD_VER, DTLS1_2_VERSION,
1301 SSL_STRONG_NONE | SSL_FIPS,
1302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1303 0,
1304 0,
1305 },
1306 {
1307 1,
1308 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1309 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1310 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1311 SSL_kRSAPSK,
1312 SSL_aRSA,
1313 SSL_eNULL,
1314 SSL_SHA1,
1315 SSL3_VERSION, TLS1_2_VERSION,
1316 DTLS1_BAD_VER, DTLS1_2_VERSION,
1317 SSL_STRONG_NONE | SSL_FIPS,
1318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1319 0,
1320 0,
1321 },
1322 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1323 {
1324 1,
1325 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1326 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1327 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1328 SSL_kPSK,
1329 SSL_aPSK,
1330 SSL_3DES,
1331 SSL_SHA1,
1332 SSL3_VERSION, TLS1_2_VERSION,
1333 DTLS1_BAD_VER, DTLS1_2_VERSION,
1334 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1335 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1336 112,
1337 168,
1338 },
1339 # endif
1340 {
1341 1,
1342 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1343 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1344 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1345 SSL_kPSK,
1346 SSL_aPSK,
1347 SSL_AES128,
1348 SSL_SHA1,
1349 SSL3_VERSION, TLS1_2_VERSION,
1350 DTLS1_BAD_VER, DTLS1_2_VERSION,
1351 SSL_HIGH | SSL_FIPS,
1352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1353 128,
1354 128,
1355 },
1356 {
1357 1,
1358 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1359 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1360 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1361 SSL_kPSK,
1362 SSL_aPSK,
1363 SSL_AES256,
1364 SSL_SHA1,
1365 SSL3_VERSION, TLS1_2_VERSION,
1366 DTLS1_BAD_VER, DTLS1_2_VERSION,
1367 SSL_HIGH | SSL_FIPS,
1368 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1369 256,
1370 256,
1371 },
1372 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1373 {
1374 1,
1375 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1378 SSL_kDHEPSK,
1379 SSL_aPSK,
1380 SSL_3DES,
1381 SSL_SHA1,
1382 SSL3_VERSION, TLS1_2_VERSION,
1383 DTLS1_BAD_VER, DTLS1_2_VERSION,
1384 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1386 112,
1387 168,
1388 },
1389 # endif
1390 {
1391 1,
1392 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1393 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1395 SSL_kDHEPSK,
1396 SSL_aPSK,
1397 SSL_AES128,
1398 SSL_SHA1,
1399 SSL3_VERSION, TLS1_2_VERSION,
1400 DTLS1_BAD_VER, DTLS1_2_VERSION,
1401 SSL_HIGH | SSL_FIPS,
1402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1403 128,
1404 128,
1405 },
1406 {
1407 1,
1408 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1411 SSL_kDHEPSK,
1412 SSL_aPSK,
1413 SSL_AES256,
1414 SSL_SHA1,
1415 SSL3_VERSION, TLS1_2_VERSION,
1416 DTLS1_BAD_VER, DTLS1_2_VERSION,
1417 SSL_HIGH | SSL_FIPS,
1418 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1419 256,
1420 256,
1421 },
1422 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1423 {
1424 1,
1425 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1428 SSL_kRSAPSK,
1429 SSL_aRSA,
1430 SSL_3DES,
1431 SSL_SHA1,
1432 SSL3_VERSION, TLS1_2_VERSION,
1433 DTLS1_BAD_VER, DTLS1_2_VERSION,
1434 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1435 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1436 112,
1437 168,
1438 },
1439 # endif
1440 {
1441 1,
1442 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1443 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1445 SSL_kRSAPSK,
1446 SSL_aRSA,
1447 SSL_AES128,
1448 SSL_SHA1,
1449 SSL3_VERSION, TLS1_2_VERSION,
1450 DTLS1_BAD_VER, DTLS1_2_VERSION,
1451 SSL_HIGH | SSL_FIPS,
1452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1453 128,
1454 128,
1455 },
1456 {
1457 1,
1458 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1459 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1461 SSL_kRSAPSK,
1462 SSL_aRSA,
1463 SSL_AES256,
1464 SSL_SHA1,
1465 SSL3_VERSION, TLS1_2_VERSION,
1466 DTLS1_BAD_VER, DTLS1_2_VERSION,
1467 SSL_HIGH | SSL_FIPS,
1468 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1469 256,
1470 256,
1471 },
1472 {
1473 1,
1474 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1475 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1477 SSL_kPSK,
1478 SSL_aPSK,
1479 SSL_AES128GCM,
1480 SSL_AEAD,
1481 TLS1_2_VERSION, TLS1_2_VERSION,
1482 DTLS1_2_VERSION, DTLS1_2_VERSION,
1483 SSL_HIGH | SSL_FIPS,
1484 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1485 128,
1486 128,
1487 },
1488 {
1489 1,
1490 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1491 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1492 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1493 SSL_kPSK,
1494 SSL_aPSK,
1495 SSL_AES256GCM,
1496 SSL_AEAD,
1497 TLS1_2_VERSION, TLS1_2_VERSION,
1498 DTLS1_2_VERSION, DTLS1_2_VERSION,
1499 SSL_HIGH | SSL_FIPS,
1500 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1501 256,
1502 256,
1503 },
1504 {
1505 1,
1506 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1509 SSL_kDHEPSK,
1510 SSL_aPSK,
1511 SSL_AES128GCM,
1512 SSL_AEAD,
1513 TLS1_2_VERSION, TLS1_2_VERSION,
1514 DTLS1_2_VERSION, DTLS1_2_VERSION,
1515 SSL_HIGH | SSL_FIPS,
1516 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1517 128,
1518 128,
1519 },
1520 {
1521 1,
1522 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1525 SSL_kDHEPSK,
1526 SSL_aPSK,
1527 SSL_AES256GCM,
1528 SSL_AEAD,
1529 TLS1_2_VERSION, TLS1_2_VERSION,
1530 DTLS1_2_VERSION, DTLS1_2_VERSION,
1531 SSL_HIGH | SSL_FIPS,
1532 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1533 256,
1534 256,
1535 },
1536 {
1537 1,
1538 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1541 SSL_kRSAPSK,
1542 SSL_aRSA,
1543 SSL_AES128GCM,
1544 SSL_AEAD,
1545 TLS1_2_VERSION, TLS1_2_VERSION,
1546 DTLS1_2_VERSION, DTLS1_2_VERSION,
1547 SSL_HIGH | SSL_FIPS,
1548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1549 128,
1550 128,
1551 },
1552 {
1553 1,
1554 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1557 SSL_kRSAPSK,
1558 SSL_aRSA,
1559 SSL_AES256GCM,
1560 SSL_AEAD,
1561 TLS1_2_VERSION, TLS1_2_VERSION,
1562 DTLS1_2_VERSION, DTLS1_2_VERSION,
1563 SSL_HIGH | SSL_FIPS,
1564 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1565 256,
1566 256,
1567 },
1568 {
1569 1,
1570 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1571 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1572 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1573 SSL_kPSK,
1574 SSL_aPSK,
1575 SSL_AES128,
1576 SSL_SHA256,
1577 TLS1_VERSION, TLS1_2_VERSION,
1578 DTLS1_BAD_VER, DTLS1_2_VERSION,
1579 SSL_HIGH | SSL_FIPS,
1580 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1581 128,
1582 128,
1583 },
1584 {
1585 1,
1586 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1587 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1588 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1589 SSL_kPSK,
1590 SSL_aPSK,
1591 SSL_AES256,
1592 SSL_SHA384,
1593 TLS1_VERSION, TLS1_2_VERSION,
1594 DTLS1_BAD_VER, DTLS1_2_VERSION,
1595 SSL_HIGH | SSL_FIPS,
1596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1597 256,
1598 256,
1599 },
1600 {
1601 1,
1602 TLS1_TXT_PSK_WITH_NULL_SHA256,
1603 TLS1_RFC_PSK_WITH_NULL_SHA256,
1604 TLS1_CK_PSK_WITH_NULL_SHA256,
1605 SSL_kPSK,
1606 SSL_aPSK,
1607 SSL_eNULL,
1608 SSL_SHA256,
1609 TLS1_VERSION, TLS1_2_VERSION,
1610 DTLS1_BAD_VER, DTLS1_2_VERSION,
1611 SSL_STRONG_NONE | SSL_FIPS,
1612 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1613 0,
1614 0,
1615 },
1616 {
1617 1,
1618 TLS1_TXT_PSK_WITH_NULL_SHA384,
1619 TLS1_RFC_PSK_WITH_NULL_SHA384,
1620 TLS1_CK_PSK_WITH_NULL_SHA384,
1621 SSL_kPSK,
1622 SSL_aPSK,
1623 SSL_eNULL,
1624 SSL_SHA384,
1625 TLS1_VERSION, TLS1_2_VERSION,
1626 DTLS1_BAD_VER, DTLS1_2_VERSION,
1627 SSL_STRONG_NONE | SSL_FIPS,
1628 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1629 0,
1630 0,
1631 },
1632 {
1633 1,
1634 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1637 SSL_kDHEPSK,
1638 SSL_aPSK,
1639 SSL_AES128,
1640 SSL_SHA256,
1641 TLS1_VERSION, TLS1_2_VERSION,
1642 DTLS1_BAD_VER, DTLS1_2_VERSION,
1643 SSL_HIGH | SSL_FIPS,
1644 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1645 128,
1646 128,
1647 },
1648 {
1649 1,
1650 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1653 SSL_kDHEPSK,
1654 SSL_aPSK,
1655 SSL_AES256,
1656 SSL_SHA384,
1657 TLS1_VERSION, TLS1_2_VERSION,
1658 DTLS1_BAD_VER, DTLS1_2_VERSION,
1659 SSL_HIGH | SSL_FIPS,
1660 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1661 256,
1662 256,
1663 },
1664 {
1665 1,
1666 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1667 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1668 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1669 SSL_kDHEPSK,
1670 SSL_aPSK,
1671 SSL_eNULL,
1672 SSL_SHA256,
1673 TLS1_VERSION, TLS1_2_VERSION,
1674 DTLS1_BAD_VER, DTLS1_2_VERSION,
1675 SSL_STRONG_NONE | SSL_FIPS,
1676 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1677 0,
1678 0,
1679 },
1680 {
1681 1,
1682 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1683 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1684 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1685 SSL_kDHEPSK,
1686 SSL_aPSK,
1687 SSL_eNULL,
1688 SSL_SHA384,
1689 TLS1_VERSION, TLS1_2_VERSION,
1690 DTLS1_BAD_VER, DTLS1_2_VERSION,
1691 SSL_STRONG_NONE | SSL_FIPS,
1692 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1693 0,
1694 0,
1695 },
1696 {
1697 1,
1698 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1701 SSL_kRSAPSK,
1702 SSL_aRSA,
1703 SSL_AES128,
1704 SSL_SHA256,
1705 TLS1_VERSION, TLS1_2_VERSION,
1706 DTLS1_BAD_VER, DTLS1_2_VERSION,
1707 SSL_HIGH | SSL_FIPS,
1708 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1709 128,
1710 128,
1711 },
1712 {
1713 1,
1714 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1717 SSL_kRSAPSK,
1718 SSL_aRSA,
1719 SSL_AES256,
1720 SSL_SHA384,
1721 TLS1_VERSION, TLS1_2_VERSION,
1722 DTLS1_BAD_VER, DTLS1_2_VERSION,
1723 SSL_HIGH | SSL_FIPS,
1724 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1725 256,
1726 256,
1727 },
1728 {
1729 1,
1730 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1731 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1732 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1733 SSL_kRSAPSK,
1734 SSL_aRSA,
1735 SSL_eNULL,
1736 SSL_SHA256,
1737 TLS1_VERSION, TLS1_2_VERSION,
1738 DTLS1_BAD_VER, DTLS1_2_VERSION,
1739 SSL_STRONG_NONE | SSL_FIPS,
1740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1741 0,
1742 0,
1743 },
1744 {
1745 1,
1746 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1747 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1748 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1749 SSL_kRSAPSK,
1750 SSL_aRSA,
1751 SSL_eNULL,
1752 SSL_SHA384,
1753 TLS1_VERSION, TLS1_2_VERSION,
1754 DTLS1_BAD_VER, DTLS1_2_VERSION,
1755 SSL_STRONG_NONE | SSL_FIPS,
1756 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1757 0,
1758 0,
1759 },
1760 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1761 {
1762 1,
1763 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1764 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1766 SSL_kECDHEPSK,
1767 SSL_aPSK,
1768 SSL_3DES,
1769 SSL_SHA1,
1770 TLS1_VERSION, TLS1_2_VERSION,
1771 DTLS1_BAD_VER, DTLS1_2_VERSION,
1772 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1773 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1774 112,
1775 168,
1776 },
1777 # endif
1778 {
1779 1,
1780 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1781 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1783 SSL_kECDHEPSK,
1784 SSL_aPSK,
1785 SSL_AES128,
1786 SSL_SHA1,
1787 TLS1_VERSION, TLS1_2_VERSION,
1788 DTLS1_BAD_VER, DTLS1_2_VERSION,
1789 SSL_HIGH | SSL_FIPS,
1790 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1791 128,
1792 128,
1793 },
1794 {
1795 1,
1796 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1797 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1799 SSL_kECDHEPSK,
1800 SSL_aPSK,
1801 SSL_AES256,
1802 SSL_SHA1,
1803 TLS1_VERSION, TLS1_2_VERSION,
1804 DTLS1_BAD_VER, DTLS1_2_VERSION,
1805 SSL_HIGH | SSL_FIPS,
1806 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1807 256,
1808 256,
1809 },
1810 {
1811 1,
1812 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1813 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1815 SSL_kECDHEPSK,
1816 SSL_aPSK,
1817 SSL_AES128,
1818 SSL_SHA256,
1819 TLS1_VERSION, TLS1_2_VERSION,
1820 DTLS1_BAD_VER, DTLS1_2_VERSION,
1821 SSL_HIGH | SSL_FIPS,
1822 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1823 128,
1824 128,
1825 },
1826 {
1827 1,
1828 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1829 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1831 SSL_kECDHEPSK,
1832 SSL_aPSK,
1833 SSL_AES256,
1834 SSL_SHA384,
1835 TLS1_VERSION, TLS1_2_VERSION,
1836 DTLS1_BAD_VER, DTLS1_2_VERSION,
1837 SSL_HIGH | SSL_FIPS,
1838 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1839 256,
1840 256,
1841 },
1842 {
1843 1,
1844 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1845 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1846 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1847 SSL_kECDHEPSK,
1848 SSL_aPSK,
1849 SSL_eNULL,
1850 SSL_SHA1,
1851 TLS1_VERSION, TLS1_2_VERSION,
1852 DTLS1_BAD_VER, DTLS1_2_VERSION,
1853 SSL_STRONG_NONE | SSL_FIPS,
1854 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1855 0,
1856 0,
1857 },
1858 {
1859 1,
1860 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1861 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1862 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1863 SSL_kECDHEPSK,
1864 SSL_aPSK,
1865 SSL_eNULL,
1866 SSL_SHA256,
1867 TLS1_VERSION, TLS1_2_VERSION,
1868 DTLS1_BAD_VER, DTLS1_2_VERSION,
1869 SSL_STRONG_NONE | SSL_FIPS,
1870 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1871 0,
1872 0,
1873 },
1874 {
1875 1,
1876 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1877 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1878 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1879 SSL_kECDHEPSK,
1880 SSL_aPSK,
1881 SSL_eNULL,
1882 SSL_SHA384,
1883 TLS1_VERSION, TLS1_2_VERSION,
1884 DTLS1_BAD_VER, DTLS1_2_VERSION,
1885 SSL_STRONG_NONE | SSL_FIPS,
1886 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1887 0,
1888 0,
1889 },
1890
1891 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1892 {
1893 1,
1894 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1895 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1896 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1897 SSL_kSRP,
1898 SSL_aSRP,
1899 SSL_3DES,
1900 SSL_SHA1,
1901 SSL3_VERSION, TLS1_2_VERSION,
1902 DTLS1_BAD_VER, DTLS1_2_VERSION,
1903 SSL_NOT_DEFAULT | SSL_MEDIUM,
1904 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1905 112,
1906 168,
1907 },
1908 {
1909 1,
1910 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1911 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1912 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1913 SSL_kSRP,
1914 SSL_aRSA,
1915 SSL_3DES,
1916 SSL_SHA1,
1917 SSL3_VERSION, TLS1_2_VERSION,
1918 DTLS1_BAD_VER, DTLS1_2_VERSION,
1919 SSL_NOT_DEFAULT | SSL_MEDIUM,
1920 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1921 112,
1922 168,
1923 },
1924 {
1925 1,
1926 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1927 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1928 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1929 SSL_kSRP,
1930 SSL_aDSS,
1931 SSL_3DES,
1932 SSL_SHA1,
1933 SSL3_VERSION, TLS1_2_VERSION,
1934 DTLS1_BAD_VER, DTLS1_2_VERSION,
1935 SSL_NOT_DEFAULT | SSL_MEDIUM,
1936 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1937 112,
1938 168,
1939 },
1940 # endif
1941 {
1942 1,
1943 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1944 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1945 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1946 SSL_kSRP,
1947 SSL_aSRP,
1948 SSL_AES128,
1949 SSL_SHA1,
1950 SSL3_VERSION, TLS1_2_VERSION,
1951 DTLS1_BAD_VER, DTLS1_2_VERSION,
1952 SSL_HIGH,
1953 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1954 128,
1955 128,
1956 },
1957 {
1958 1,
1959 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1960 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1961 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1962 SSL_kSRP,
1963 SSL_aRSA,
1964 SSL_AES128,
1965 SSL_SHA1,
1966 SSL3_VERSION, TLS1_2_VERSION,
1967 DTLS1_BAD_VER, DTLS1_2_VERSION,
1968 SSL_HIGH,
1969 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1970 128,
1971 128,
1972 },
1973 {
1974 1,
1975 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1976 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1977 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1978 SSL_kSRP,
1979 SSL_aDSS,
1980 SSL_AES128,
1981 SSL_SHA1,
1982 SSL3_VERSION, TLS1_2_VERSION,
1983 DTLS1_BAD_VER, DTLS1_2_VERSION,
1984 SSL_NOT_DEFAULT | SSL_HIGH,
1985 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1986 128,
1987 128,
1988 },
1989 {
1990 1,
1991 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1992 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1993 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1994 SSL_kSRP,
1995 SSL_aSRP,
1996 SSL_AES256,
1997 SSL_SHA1,
1998 SSL3_VERSION, TLS1_2_VERSION,
1999 DTLS1_BAD_VER, DTLS1_2_VERSION,
2000 SSL_HIGH,
2001 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2002 256,
2003 256,
2004 },
2005 {
2006 1,
2007 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2008 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2009 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2010 SSL_kSRP,
2011 SSL_aRSA,
2012 SSL_AES256,
2013 SSL_SHA1,
2014 SSL3_VERSION, TLS1_2_VERSION,
2015 DTLS1_BAD_VER, DTLS1_2_VERSION,
2016 SSL_HIGH,
2017 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2018 256,
2019 256,
2020 },
2021 {
2022 1,
2023 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2024 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2025 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2026 SSL_kSRP,
2027 SSL_aDSS,
2028 SSL_AES256,
2029 SSL_SHA1,
2030 SSL3_VERSION, TLS1_2_VERSION,
2031 DTLS1_BAD_VER, DTLS1_2_VERSION,
2032 SSL_NOT_DEFAULT | SSL_HIGH,
2033 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2034 256,
2035 256,
2036 },
2037
2038 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2039 {
2040 1,
2041 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2042 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2043 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2044 SSL_kDHE,
2045 SSL_aRSA,
2046 SSL_CHACHA20POLY1305,
2047 SSL_AEAD,
2048 TLS1_2_VERSION, TLS1_2_VERSION,
2049 DTLS1_2_VERSION, DTLS1_2_VERSION,
2050 SSL_HIGH,
2051 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2052 256,
2053 256,
2054 },
2055 {
2056 1,
2057 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2058 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2059 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2060 SSL_kECDHE,
2061 SSL_aRSA,
2062 SSL_CHACHA20POLY1305,
2063 SSL_AEAD,
2064 TLS1_2_VERSION, TLS1_2_VERSION,
2065 DTLS1_2_VERSION, DTLS1_2_VERSION,
2066 SSL_HIGH,
2067 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2068 256,
2069 256,
2070 },
2071 {
2072 1,
2073 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2074 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2075 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2076 SSL_kECDHE,
2077 SSL_aECDSA,
2078 SSL_CHACHA20POLY1305,
2079 SSL_AEAD,
2080 TLS1_2_VERSION, TLS1_2_VERSION,
2081 DTLS1_2_VERSION, DTLS1_2_VERSION,
2082 SSL_HIGH,
2083 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2084 256,
2085 256,
2086 },
2087 {
2088 1,
2089 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2090 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2091 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2092 SSL_kPSK,
2093 SSL_aPSK,
2094 SSL_CHACHA20POLY1305,
2095 SSL_AEAD,
2096 TLS1_2_VERSION, TLS1_2_VERSION,
2097 DTLS1_2_VERSION, DTLS1_2_VERSION,
2098 SSL_HIGH,
2099 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2100 256,
2101 256,
2102 },
2103 {
2104 1,
2105 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2106 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2107 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2108 SSL_kECDHEPSK,
2109 SSL_aPSK,
2110 SSL_CHACHA20POLY1305,
2111 SSL_AEAD,
2112 TLS1_2_VERSION, TLS1_2_VERSION,
2113 DTLS1_2_VERSION, DTLS1_2_VERSION,
2114 SSL_HIGH,
2115 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2116 256,
2117 256,
2118 },
2119 {
2120 1,
2121 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2122 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2123 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2124 SSL_kDHEPSK,
2125 SSL_aPSK,
2126 SSL_CHACHA20POLY1305,
2127 SSL_AEAD,
2128 TLS1_2_VERSION, TLS1_2_VERSION,
2129 DTLS1_2_VERSION, DTLS1_2_VERSION,
2130 SSL_HIGH,
2131 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2132 256,
2133 256,
2134 },
2135 {
2136 1,
2137 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2138 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2139 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2140 SSL_kRSAPSK,
2141 SSL_aRSA,
2142 SSL_CHACHA20POLY1305,
2143 SSL_AEAD,
2144 TLS1_2_VERSION, TLS1_2_VERSION,
2145 DTLS1_2_VERSION, DTLS1_2_VERSION,
2146 SSL_HIGH,
2147 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2148 256,
2149 256,
2150 },
2151 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2152 * !defined(OPENSSL_NO_POLY1305) */
2153
2154 #ifndef OPENSSL_NO_CAMELLIA
2155 {
2156 1,
2157 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2158 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2159 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2160 SSL_kRSA,
2161 SSL_aRSA,
2162 SSL_CAMELLIA128,
2163 SSL_SHA256,
2164 TLS1_2_VERSION, TLS1_2_VERSION,
2165 DTLS1_2_VERSION, DTLS1_2_VERSION,
2166 SSL_NOT_DEFAULT | SSL_HIGH,
2167 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2168 128,
2169 128,
2170 },
2171 {
2172 1,
2173 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2174 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2175 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2176 SSL_kEDH,
2177 SSL_aDSS,
2178 SSL_CAMELLIA128,
2179 SSL_SHA256,
2180 TLS1_2_VERSION, TLS1_2_VERSION,
2181 DTLS1_2_VERSION, DTLS1_2_VERSION,
2182 SSL_NOT_DEFAULT | SSL_HIGH,
2183 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2184 128,
2185 128,
2186 },
2187 {
2188 1,
2189 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2190 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2191 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2192 SSL_kEDH,
2193 SSL_aRSA,
2194 SSL_CAMELLIA128,
2195 SSL_SHA256,
2196 TLS1_2_VERSION, TLS1_2_VERSION,
2197 DTLS1_2_VERSION, DTLS1_2_VERSION,
2198 SSL_NOT_DEFAULT | SSL_HIGH,
2199 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2200 128,
2201 128,
2202 },
2203 {
2204 1,
2205 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2206 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2207 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2208 SSL_kEDH,
2209 SSL_aNULL,
2210 SSL_CAMELLIA128,
2211 SSL_SHA256,
2212 TLS1_2_VERSION, TLS1_2_VERSION,
2213 DTLS1_2_VERSION, DTLS1_2_VERSION,
2214 SSL_NOT_DEFAULT | SSL_HIGH,
2215 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2216 128,
2217 128,
2218 },
2219 {
2220 1,
2221 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2222 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2223 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2224 SSL_kRSA,
2225 SSL_aRSA,
2226 SSL_CAMELLIA256,
2227 SSL_SHA256,
2228 TLS1_2_VERSION, TLS1_2_VERSION,
2229 DTLS1_2_VERSION, DTLS1_2_VERSION,
2230 SSL_NOT_DEFAULT | SSL_HIGH,
2231 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2232 256,
2233 256,
2234 },
2235 {
2236 1,
2237 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2238 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2239 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2240 SSL_kEDH,
2241 SSL_aDSS,
2242 SSL_CAMELLIA256,
2243 SSL_SHA256,
2244 TLS1_2_VERSION, TLS1_2_VERSION,
2245 DTLS1_2_VERSION, DTLS1_2_VERSION,
2246 SSL_NOT_DEFAULT | SSL_HIGH,
2247 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2248 256,
2249 256,
2250 },
2251 {
2252 1,
2253 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2254 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2255 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2256 SSL_kEDH,
2257 SSL_aRSA,
2258 SSL_CAMELLIA256,
2259 SSL_SHA256,
2260 TLS1_2_VERSION, TLS1_2_VERSION,
2261 DTLS1_2_VERSION, DTLS1_2_VERSION,
2262 SSL_NOT_DEFAULT | SSL_HIGH,
2263 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2264 256,
2265 256,
2266 },
2267 {
2268 1,
2269 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2270 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2271 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2272 SSL_kEDH,
2273 SSL_aNULL,
2274 SSL_CAMELLIA256,
2275 SSL_SHA256,
2276 TLS1_2_VERSION, TLS1_2_VERSION,
2277 DTLS1_2_VERSION, DTLS1_2_VERSION,
2278 SSL_NOT_DEFAULT | SSL_HIGH,
2279 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2280 256,
2281 256,
2282 },
2283 {
2284 1,
2285 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2286 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2287 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2288 SSL_kRSA,
2289 SSL_aRSA,
2290 SSL_CAMELLIA256,
2291 SSL_SHA1,
2292 SSL3_VERSION, TLS1_2_VERSION,
2293 DTLS1_BAD_VER, DTLS1_2_VERSION,
2294 SSL_NOT_DEFAULT | SSL_HIGH,
2295 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2296 256,
2297 256,
2298 },
2299 {
2300 1,
2301 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2302 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2303 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2304 SSL_kDHE,
2305 SSL_aDSS,
2306 SSL_CAMELLIA256,
2307 SSL_SHA1,
2308 SSL3_VERSION, TLS1_2_VERSION,
2309 DTLS1_BAD_VER, DTLS1_2_VERSION,
2310 SSL_NOT_DEFAULT | SSL_HIGH,
2311 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2312 256,
2313 256,
2314 },
2315 {
2316 1,
2317 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2318 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2319 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2320 SSL_kDHE,
2321 SSL_aRSA,
2322 SSL_CAMELLIA256,
2323 SSL_SHA1,
2324 SSL3_VERSION, TLS1_2_VERSION,
2325 DTLS1_BAD_VER, DTLS1_2_VERSION,
2326 SSL_NOT_DEFAULT | SSL_HIGH,
2327 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2328 256,
2329 256,
2330 },
2331 {
2332 1,
2333 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2334 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2335 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2336 SSL_kDHE,
2337 SSL_aNULL,
2338 SSL_CAMELLIA256,
2339 SSL_SHA1,
2340 SSL3_VERSION, TLS1_2_VERSION,
2341 DTLS1_BAD_VER, DTLS1_2_VERSION,
2342 SSL_NOT_DEFAULT | SSL_HIGH,
2343 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2344 256,
2345 256,
2346 },
2347 {
2348 1,
2349 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2350 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2351 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2352 SSL_kRSA,
2353 SSL_aRSA,
2354 SSL_CAMELLIA128,
2355 SSL_SHA1,
2356 SSL3_VERSION, TLS1_2_VERSION,
2357 DTLS1_BAD_VER, DTLS1_2_VERSION,
2358 SSL_NOT_DEFAULT | SSL_HIGH,
2359 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2360 128,
2361 128,
2362 },
2363 {
2364 1,
2365 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2366 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2367 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2368 SSL_kDHE,
2369 SSL_aDSS,
2370 SSL_CAMELLIA128,
2371 SSL_SHA1,
2372 SSL3_VERSION, TLS1_2_VERSION,
2373 DTLS1_BAD_VER, DTLS1_2_VERSION,
2374 SSL_NOT_DEFAULT | SSL_HIGH,
2375 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2376 128,
2377 128,
2378 },
2379 {
2380 1,
2381 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2382 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2383 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2384 SSL_kDHE,
2385 SSL_aRSA,
2386 SSL_CAMELLIA128,
2387 SSL_SHA1,
2388 SSL3_VERSION, TLS1_2_VERSION,
2389 DTLS1_BAD_VER, DTLS1_2_VERSION,
2390 SSL_NOT_DEFAULT | SSL_HIGH,
2391 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2392 128,
2393 128,
2394 },
2395 {
2396 1,
2397 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2398 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2399 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2400 SSL_kDHE,
2401 SSL_aNULL,
2402 SSL_CAMELLIA128,
2403 SSL_SHA1,
2404 SSL3_VERSION, TLS1_2_VERSION,
2405 DTLS1_BAD_VER, DTLS1_2_VERSION,
2406 SSL_NOT_DEFAULT | SSL_HIGH,
2407 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2408 128,
2409 128,
2410 },
2411 {
2412 1,
2413 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2414 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2415 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2416 SSL_kECDHE,
2417 SSL_aECDSA,
2418 SSL_CAMELLIA128,
2419 SSL_SHA256,
2420 TLS1_2_VERSION, TLS1_2_VERSION,
2421 DTLS1_2_VERSION, DTLS1_2_VERSION,
2422 SSL_NOT_DEFAULT | SSL_HIGH,
2423 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2424 128,
2425 128,
2426 },
2427 {
2428 1,
2429 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2430 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2431 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2432 SSL_kECDHE,
2433 SSL_aECDSA,
2434 SSL_CAMELLIA256,
2435 SSL_SHA384,
2436 TLS1_2_VERSION, TLS1_2_VERSION,
2437 DTLS1_2_VERSION, DTLS1_2_VERSION,
2438 SSL_NOT_DEFAULT | SSL_HIGH,
2439 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2440 256,
2441 256,
2442 },
2443 {
2444 1,
2445 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2446 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2447 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2448 SSL_kECDHE,
2449 SSL_aRSA,
2450 SSL_CAMELLIA128,
2451 SSL_SHA256,
2452 TLS1_2_VERSION, TLS1_2_VERSION,
2453 DTLS1_2_VERSION, DTLS1_2_VERSION,
2454 SSL_NOT_DEFAULT | SSL_HIGH,
2455 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2456 128,
2457 128,
2458 },
2459 {
2460 1,
2461 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2462 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2463 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2464 SSL_kECDHE,
2465 SSL_aRSA,
2466 SSL_CAMELLIA256,
2467 SSL_SHA384,
2468 TLS1_2_VERSION, TLS1_2_VERSION,
2469 DTLS1_2_VERSION, DTLS1_2_VERSION,
2470 SSL_NOT_DEFAULT | SSL_HIGH,
2471 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2472 256,
2473 256,
2474 },
2475 {
2476 1,
2477 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2478 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2479 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2480 SSL_kPSK,
2481 SSL_aPSK,
2482 SSL_CAMELLIA128,
2483 SSL_SHA256,
2484 TLS1_VERSION, TLS1_2_VERSION,
2485 DTLS1_BAD_VER, DTLS1_2_VERSION,
2486 SSL_NOT_DEFAULT | SSL_HIGH,
2487 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2488 128,
2489 128,
2490 },
2491 {
2492 1,
2493 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2494 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2495 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2496 SSL_kPSK,
2497 SSL_aPSK,
2498 SSL_CAMELLIA256,
2499 SSL_SHA384,
2500 TLS1_VERSION, TLS1_2_VERSION,
2501 DTLS1_BAD_VER, DTLS1_2_VERSION,
2502 SSL_NOT_DEFAULT | SSL_HIGH,
2503 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2504 256,
2505 256,
2506 },
2507 {
2508 1,
2509 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2510 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2511 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2512 SSL_kDHEPSK,
2513 SSL_aPSK,
2514 SSL_CAMELLIA128,
2515 SSL_SHA256,
2516 TLS1_VERSION, TLS1_2_VERSION,
2517 DTLS1_BAD_VER, DTLS1_2_VERSION,
2518 SSL_NOT_DEFAULT | SSL_HIGH,
2519 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2520 128,
2521 128,
2522 },
2523 {
2524 1,
2525 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2526 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2527 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2528 SSL_kDHEPSK,
2529 SSL_aPSK,
2530 SSL_CAMELLIA256,
2531 SSL_SHA384,
2532 TLS1_VERSION, TLS1_2_VERSION,
2533 DTLS1_BAD_VER, DTLS1_2_VERSION,
2534 SSL_NOT_DEFAULT | SSL_HIGH,
2535 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2536 256,
2537 256,
2538 },
2539 {
2540 1,
2541 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2542 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2543 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2544 SSL_kRSAPSK,
2545 SSL_aRSA,
2546 SSL_CAMELLIA128,
2547 SSL_SHA256,
2548 TLS1_VERSION, TLS1_2_VERSION,
2549 DTLS1_BAD_VER, DTLS1_2_VERSION,
2550 SSL_NOT_DEFAULT | SSL_HIGH,
2551 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2552 128,
2553 128,
2554 },
2555 {
2556 1,
2557 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2558 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2559 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2560 SSL_kRSAPSK,
2561 SSL_aRSA,
2562 SSL_CAMELLIA256,
2563 SSL_SHA384,
2564 TLS1_VERSION, TLS1_2_VERSION,
2565 DTLS1_BAD_VER, DTLS1_2_VERSION,
2566 SSL_NOT_DEFAULT | SSL_HIGH,
2567 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2568 256,
2569 256,
2570 },
2571 {
2572 1,
2573 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2574 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2575 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2576 SSL_kECDHEPSK,
2577 SSL_aPSK,
2578 SSL_CAMELLIA128,
2579 SSL_SHA256,
2580 TLS1_VERSION, TLS1_2_VERSION,
2581 DTLS1_BAD_VER, DTLS1_2_VERSION,
2582 SSL_NOT_DEFAULT | SSL_HIGH,
2583 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2584 128,
2585 128,
2586 },
2587 {
2588 1,
2589 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2590 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2591 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2592 SSL_kECDHEPSK,
2593 SSL_aPSK,
2594 SSL_CAMELLIA256,
2595 SSL_SHA384,
2596 TLS1_VERSION, TLS1_2_VERSION,
2597 DTLS1_BAD_VER, DTLS1_2_VERSION,
2598 SSL_NOT_DEFAULT | SSL_HIGH,
2599 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2600 256,
2601 256,
2602 },
2603 #endif /* OPENSSL_NO_CAMELLIA */
2604
2605 #ifndef OPENSSL_NO_GOST
2606 {
2607 1,
2608 "GOST2001-GOST89-GOST89",
2609 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2610 0x3000081,
2611 SSL_kGOST,
2612 SSL_aGOST01,
2613 SSL_eGOST2814789CNT,
2614 SSL_GOST89MAC,
2615 TLS1_VERSION, TLS1_2_VERSION,
2616 0, 0,
2617 SSL_HIGH,
2618 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2619 256,
2620 256,
2621 },
2622 {
2623 1,
2624 "GOST2001-NULL-GOST94",
2625 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2626 0x3000083,
2627 SSL_kGOST,
2628 SSL_aGOST01,
2629 SSL_eNULL,
2630 SSL_GOST94,
2631 TLS1_VERSION, TLS1_2_VERSION,
2632 0, 0,
2633 SSL_STRONG_NONE,
2634 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2635 0,
2636 0,
2637 },
2638 {
2639 1,
2640 "IANA-GOST2012-GOST8912-GOST8912",
2641 NULL,
2642 0x0300c102,
2643 SSL_kGOST,
2644 SSL_aGOST12 | SSL_aGOST01,
2645 SSL_eGOST2814789CNT12,
2646 SSL_GOST89MAC12,
2647 TLS1_VERSION, TLS1_2_VERSION,
2648 0, 0,
2649 SSL_HIGH,
2650 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2651 256,
2652 256,
2653 },
2654 {
2655 1,
2656 "LEGACY-GOST2012-GOST8912-GOST8912",
2657 NULL,
2658 0x0300ff85,
2659 SSL_kGOST,
2660 SSL_aGOST12 | SSL_aGOST01,
2661 SSL_eGOST2814789CNT12,
2662 SSL_GOST89MAC12,
2663 TLS1_VERSION, TLS1_2_VERSION,
2664 0, 0,
2665 SSL_HIGH,
2666 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2667 256,
2668 256,
2669 },
2670 {
2671 1,
2672 "GOST2012-NULL-GOST12",
2673 NULL,
2674 0x0300ff87,
2675 SSL_kGOST,
2676 SSL_aGOST12 | SSL_aGOST01,
2677 SSL_eNULL,
2678 SSL_GOST12_256,
2679 TLS1_VERSION, TLS1_2_VERSION,
2680 0, 0,
2681 SSL_STRONG_NONE,
2682 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2683 0,
2684 0,
2685 },
2686 {
2687 1,
2688 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2689 NULL,
2690 0x0300C100,
2691 SSL_kGOST18,
2692 SSL_aGOST12,
2693 SSL_KUZNYECHIK,
2694 SSL_KUZNYECHIKOMAC,
2695 TLS1_2_VERSION, TLS1_2_VERSION,
2696 0, 0,
2697 SSL_HIGH,
2698 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2699 256,
2700 256,
2701 },
2702 {
2703 1,
2704 "GOST2012-MAGMA-MAGMAOMAC",
2705 NULL,
2706 0x0300C101,
2707 SSL_kGOST18,
2708 SSL_aGOST12,
2709 SSL_MAGMA,
2710 SSL_MAGMAOMAC,
2711 TLS1_2_VERSION, TLS1_2_VERSION,
2712 0, 0,
2713 SSL_HIGH,
2714 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2715 256,
2716 256,
2717 },
2718 #endif /* OPENSSL_NO_GOST */
2719
2720 #ifndef OPENSSL_NO_IDEA
2721 {
2722 1,
2723 SSL3_TXT_RSA_IDEA_128_SHA,
2724 SSL3_RFC_RSA_IDEA_128_SHA,
2725 SSL3_CK_RSA_IDEA_128_SHA,
2726 SSL_kRSA,
2727 SSL_aRSA,
2728 SSL_IDEA,
2729 SSL_SHA1,
2730 SSL3_VERSION, TLS1_1_VERSION,
2731 DTLS1_BAD_VER, DTLS1_VERSION,
2732 SSL_NOT_DEFAULT | SSL_MEDIUM,
2733 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2734 128,
2735 128,
2736 },
2737 #endif
2738
2739 #ifndef OPENSSL_NO_SEED
2740 {
2741 1,
2742 TLS1_TXT_RSA_WITH_SEED_SHA,
2743 TLS1_RFC_RSA_WITH_SEED_SHA,
2744 TLS1_CK_RSA_WITH_SEED_SHA,
2745 SSL_kRSA,
2746 SSL_aRSA,
2747 SSL_SEED,
2748 SSL_SHA1,
2749 SSL3_VERSION, TLS1_2_VERSION,
2750 DTLS1_BAD_VER, DTLS1_2_VERSION,
2751 SSL_NOT_DEFAULT | SSL_MEDIUM,
2752 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2753 128,
2754 128,
2755 },
2756 {
2757 1,
2758 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2759 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2760 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2761 SSL_kDHE,
2762 SSL_aDSS,
2763 SSL_SEED,
2764 SSL_SHA1,
2765 SSL3_VERSION, TLS1_2_VERSION,
2766 DTLS1_BAD_VER, DTLS1_2_VERSION,
2767 SSL_NOT_DEFAULT | SSL_MEDIUM,
2768 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2769 128,
2770 128,
2771 },
2772 {
2773 1,
2774 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2775 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2776 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2777 SSL_kDHE,
2778 SSL_aRSA,
2779 SSL_SEED,
2780 SSL_SHA1,
2781 SSL3_VERSION, TLS1_2_VERSION,
2782 DTLS1_BAD_VER, DTLS1_2_VERSION,
2783 SSL_NOT_DEFAULT | SSL_MEDIUM,
2784 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2785 128,
2786 128,
2787 },
2788 {
2789 1,
2790 TLS1_TXT_ADH_WITH_SEED_SHA,
2791 TLS1_RFC_ADH_WITH_SEED_SHA,
2792 TLS1_CK_ADH_WITH_SEED_SHA,
2793 SSL_kDHE,
2794 SSL_aNULL,
2795 SSL_SEED,
2796 SSL_SHA1,
2797 SSL3_VERSION, TLS1_2_VERSION,
2798 DTLS1_BAD_VER, DTLS1_2_VERSION,
2799 SSL_NOT_DEFAULT | SSL_MEDIUM,
2800 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2801 128,
2802 128,
2803 },
2804 #endif /* OPENSSL_NO_SEED */
2805
2806 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2807 {
2808 1,
2809 SSL3_TXT_RSA_RC4_128_MD5,
2810 SSL3_RFC_RSA_RC4_128_MD5,
2811 SSL3_CK_RSA_RC4_128_MD5,
2812 SSL_kRSA,
2813 SSL_aRSA,
2814 SSL_RC4,
2815 SSL_MD5,
2816 SSL3_VERSION, TLS1_2_VERSION,
2817 0, 0,
2818 SSL_NOT_DEFAULT | SSL_MEDIUM,
2819 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2820 128,
2821 128,
2822 },
2823 {
2824 1,
2825 SSL3_TXT_RSA_RC4_128_SHA,
2826 SSL3_RFC_RSA_RC4_128_SHA,
2827 SSL3_CK_RSA_RC4_128_SHA,
2828 SSL_kRSA,
2829 SSL_aRSA,
2830 SSL_RC4,
2831 SSL_SHA1,
2832 SSL3_VERSION, TLS1_2_VERSION,
2833 0, 0,
2834 SSL_NOT_DEFAULT | SSL_MEDIUM,
2835 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2836 128,
2837 128,
2838 },
2839 {
2840 1,
2841 SSL3_TXT_ADH_RC4_128_MD5,
2842 SSL3_RFC_ADH_RC4_128_MD5,
2843 SSL3_CK_ADH_RC4_128_MD5,
2844 SSL_kDHE,
2845 SSL_aNULL,
2846 SSL_RC4,
2847 SSL_MD5,
2848 SSL3_VERSION, TLS1_2_VERSION,
2849 0, 0,
2850 SSL_NOT_DEFAULT | SSL_MEDIUM,
2851 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2852 128,
2853 128,
2854 },
2855 {
2856 1,
2857 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2858 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2859 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2860 SSL_kECDHEPSK,
2861 SSL_aPSK,
2862 SSL_RC4,
2863 SSL_SHA1,
2864 TLS1_VERSION, TLS1_2_VERSION,
2865 0, 0,
2866 SSL_NOT_DEFAULT | SSL_MEDIUM,
2867 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2868 128,
2869 128,
2870 },
2871 {
2872 1,
2873 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2874 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2875 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2876 SSL_kECDHE,
2877 SSL_aNULL,
2878 SSL_RC4,
2879 SSL_SHA1,
2880 TLS1_VERSION, TLS1_2_VERSION,
2881 0, 0,
2882 SSL_NOT_DEFAULT | SSL_MEDIUM,
2883 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2884 128,
2885 128,
2886 },
2887 {
2888 1,
2889 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2890 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2891 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2892 SSL_kECDHE,
2893 SSL_aECDSA,
2894 SSL_RC4,
2895 SSL_SHA1,
2896 TLS1_VERSION, TLS1_2_VERSION,
2897 0, 0,
2898 SSL_NOT_DEFAULT | SSL_MEDIUM,
2899 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2900 128,
2901 128,
2902 },
2903 {
2904 1,
2905 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2906 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2907 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2908 SSL_kECDHE,
2909 SSL_aRSA,
2910 SSL_RC4,
2911 SSL_SHA1,
2912 TLS1_VERSION, TLS1_2_VERSION,
2913 0, 0,
2914 SSL_NOT_DEFAULT | SSL_MEDIUM,
2915 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2916 128,
2917 128,
2918 },
2919 {
2920 1,
2921 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2922 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2923 TLS1_CK_PSK_WITH_RC4_128_SHA,
2924 SSL_kPSK,
2925 SSL_aPSK,
2926 SSL_RC4,
2927 SSL_SHA1,
2928 SSL3_VERSION, TLS1_2_VERSION,
2929 0, 0,
2930 SSL_NOT_DEFAULT | SSL_MEDIUM,
2931 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2932 128,
2933 128,
2934 },
2935 {
2936 1,
2937 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2938 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2939 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2940 SSL_kRSAPSK,
2941 SSL_aRSA,
2942 SSL_RC4,
2943 SSL_SHA1,
2944 SSL3_VERSION, TLS1_2_VERSION,
2945 0, 0,
2946 SSL_NOT_DEFAULT | SSL_MEDIUM,
2947 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2948 128,
2949 128,
2950 },
2951 {
2952 1,
2953 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2954 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2955 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2956 SSL_kDHEPSK,
2957 SSL_aPSK,
2958 SSL_RC4,
2959 SSL_SHA1,
2960 SSL3_VERSION, TLS1_2_VERSION,
2961 0, 0,
2962 SSL_NOT_DEFAULT | SSL_MEDIUM,
2963 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2964 128,
2965 128,
2966 },
2967 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2968
2969 #ifndef OPENSSL_NO_ARIA
2970 {
2971 1,
2972 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2973 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2974 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2975 SSL_kRSA,
2976 SSL_aRSA,
2977 SSL_ARIA128GCM,
2978 SSL_AEAD,
2979 TLS1_2_VERSION, TLS1_2_VERSION,
2980 DTLS1_2_VERSION, DTLS1_2_VERSION,
2981 SSL_NOT_DEFAULT | SSL_HIGH,
2982 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2983 128,
2984 128,
2985 },
2986 {
2987 1,
2988 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2989 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2990 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2991 SSL_kRSA,
2992 SSL_aRSA,
2993 SSL_ARIA256GCM,
2994 SSL_AEAD,
2995 TLS1_2_VERSION, TLS1_2_VERSION,
2996 DTLS1_2_VERSION, DTLS1_2_VERSION,
2997 SSL_NOT_DEFAULT | SSL_HIGH,
2998 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2999 256,
3000 256,
3001 },
3002 {
3003 1,
3004 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3005 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3006 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3007 SSL_kDHE,
3008 SSL_aRSA,
3009 SSL_ARIA128GCM,
3010 SSL_AEAD,
3011 TLS1_2_VERSION, TLS1_2_VERSION,
3012 DTLS1_2_VERSION, DTLS1_2_VERSION,
3013 SSL_NOT_DEFAULT | SSL_HIGH,
3014 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3015 128,
3016 128,
3017 },
3018 {
3019 1,
3020 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3021 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3022 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3023 SSL_kDHE,
3024 SSL_aRSA,
3025 SSL_ARIA256GCM,
3026 SSL_AEAD,
3027 TLS1_2_VERSION, TLS1_2_VERSION,
3028 DTLS1_2_VERSION, DTLS1_2_VERSION,
3029 SSL_NOT_DEFAULT | SSL_HIGH,
3030 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3031 256,
3032 256,
3033 },
3034 {
3035 1,
3036 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3037 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3038 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3039 SSL_kDHE,
3040 SSL_aDSS,
3041 SSL_ARIA128GCM,
3042 SSL_AEAD,
3043 TLS1_2_VERSION, TLS1_2_VERSION,
3044 DTLS1_2_VERSION, DTLS1_2_VERSION,
3045 SSL_NOT_DEFAULT | SSL_HIGH,
3046 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3047 128,
3048 128,
3049 },
3050 {
3051 1,
3052 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3053 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3054 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3055 SSL_kDHE,
3056 SSL_aDSS,
3057 SSL_ARIA256GCM,
3058 SSL_AEAD,
3059 TLS1_2_VERSION, TLS1_2_VERSION,
3060 DTLS1_2_VERSION, DTLS1_2_VERSION,
3061 SSL_NOT_DEFAULT | SSL_HIGH,
3062 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3063 256,
3064 256,
3065 },
3066 {
3067 1,
3068 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3069 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3070 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3071 SSL_kECDHE,
3072 SSL_aECDSA,
3073 SSL_ARIA128GCM,
3074 SSL_AEAD,
3075 TLS1_2_VERSION, TLS1_2_VERSION,
3076 DTLS1_2_VERSION, DTLS1_2_VERSION,
3077 SSL_NOT_DEFAULT | SSL_HIGH,
3078 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3079 128,
3080 128,
3081 },
3082 {
3083 1,
3084 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3085 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3086 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3087 SSL_kECDHE,
3088 SSL_aECDSA,
3089 SSL_ARIA256GCM,
3090 SSL_AEAD,
3091 TLS1_2_VERSION, TLS1_2_VERSION,
3092 DTLS1_2_VERSION, DTLS1_2_VERSION,
3093 SSL_NOT_DEFAULT | SSL_HIGH,
3094 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3095 256,
3096 256,
3097 },
3098 {
3099 1,
3100 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3101 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3102 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3103 SSL_kECDHE,
3104 SSL_aRSA,
3105 SSL_ARIA128GCM,
3106 SSL_AEAD,
3107 TLS1_2_VERSION, TLS1_2_VERSION,
3108 DTLS1_2_VERSION, DTLS1_2_VERSION,
3109 SSL_NOT_DEFAULT | SSL_HIGH,
3110 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3111 128,
3112 128,
3113 },
3114 {
3115 1,
3116 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3117 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3118 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3119 SSL_kECDHE,
3120 SSL_aRSA,
3121 SSL_ARIA256GCM,
3122 SSL_AEAD,
3123 TLS1_2_VERSION, TLS1_2_VERSION,
3124 DTLS1_2_VERSION, DTLS1_2_VERSION,
3125 SSL_NOT_DEFAULT | SSL_HIGH,
3126 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3127 256,
3128 256,
3129 },
3130 {
3131 1,
3132 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3133 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3134 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3135 SSL_kPSK,
3136 SSL_aPSK,
3137 SSL_ARIA128GCM,
3138 SSL_AEAD,
3139 TLS1_2_VERSION, TLS1_2_VERSION,
3140 DTLS1_2_VERSION, DTLS1_2_VERSION,
3141 SSL_NOT_DEFAULT | SSL_HIGH,
3142 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3143 128,
3144 128,
3145 },
3146 {
3147 1,
3148 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3149 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3150 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3151 SSL_kPSK,
3152 SSL_aPSK,
3153 SSL_ARIA256GCM,
3154 SSL_AEAD,
3155 TLS1_2_VERSION, TLS1_2_VERSION,
3156 DTLS1_2_VERSION, DTLS1_2_VERSION,
3157 SSL_NOT_DEFAULT | SSL_HIGH,
3158 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3159 256,
3160 256,
3161 },
3162 {
3163 1,
3164 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3165 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3166 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3167 SSL_kDHEPSK,
3168 SSL_aPSK,
3169 SSL_ARIA128GCM,
3170 SSL_AEAD,
3171 TLS1_2_VERSION, TLS1_2_VERSION,
3172 DTLS1_2_VERSION, DTLS1_2_VERSION,
3173 SSL_NOT_DEFAULT | SSL_HIGH,
3174 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3175 128,
3176 128,
3177 },
3178 {
3179 1,
3180 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3181 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3182 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3183 SSL_kDHEPSK,
3184 SSL_aPSK,
3185 SSL_ARIA256GCM,
3186 SSL_AEAD,
3187 TLS1_2_VERSION, TLS1_2_VERSION,
3188 DTLS1_2_VERSION, DTLS1_2_VERSION,
3189 SSL_NOT_DEFAULT | SSL_HIGH,
3190 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3191 256,
3192 256,
3193 },
3194 {
3195 1,
3196 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3197 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3198 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3199 SSL_kRSAPSK,
3200 SSL_aRSA,
3201 SSL_ARIA128GCM,
3202 SSL_AEAD,
3203 TLS1_2_VERSION, TLS1_2_VERSION,
3204 DTLS1_2_VERSION, DTLS1_2_VERSION,
3205 SSL_NOT_DEFAULT | SSL_HIGH,
3206 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3207 128,
3208 128,
3209 },
3210 {
3211 1,
3212 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3213 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3214 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3215 SSL_kRSAPSK,
3216 SSL_aRSA,
3217 SSL_ARIA256GCM,
3218 SSL_AEAD,
3219 TLS1_2_VERSION, TLS1_2_VERSION,
3220 DTLS1_2_VERSION, DTLS1_2_VERSION,
3221 SSL_NOT_DEFAULT | SSL_HIGH,
3222 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3223 256,
3224 256,
3225 },
3226 #endif /* OPENSSL_NO_ARIA */
3227 };
3228
3229 /*
3230 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3231 * values stuffed into the ciphers field of the wire protocol for signalling
3232 * purposes.
3233 */
3234 static SSL_CIPHER ssl3_scsvs[] = {
3235 {
3236 0,
3237 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3238 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3239 SSL3_CK_SCSV,
3240 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3241 },
3242 {
3243 0,
3244 "TLS_FALLBACK_SCSV",
3245 "TLS_FALLBACK_SCSV",
3246 SSL3_CK_FALLBACK_SCSV,
3247 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3248 },
3249 };
3250
3251 static int cipher_compare(const void *a, const void *b)
3252 {
3253 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3254 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3255
3256 if (ap->id == bp->id)
3257 return 0;
3258 return ap->id < bp->id ? -1 : 1;
3259 }
3260
3261 void ssl_sort_cipher_list(void)
3262 {
3263 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3264 cipher_compare);
3265 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3266 cipher_compare);
3267 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3268 }
3269
3270 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3271 const char * t, size_t u,
3272 const unsigned char * v, size_t w, int x)
3273 {
3274 (void)r;
3275 (void)s;
3276 (void)t;
3277 (void)u;
3278 (void)v;
3279 (void)w;
3280 (void)x;
3281 return ssl_undefined_function(ssl);
3282 }
3283
3284 const SSL3_ENC_METHOD SSLv3_enc_data = {
3285 ssl3_enc,
3286 n_ssl3_mac,
3287 ssl3_setup_key_block,
3288 ssl3_generate_master_secret,
3289 ssl3_change_cipher_state,
3290 ssl3_final_finish_mac,
3291 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3292 SSL3_MD_SERVER_FINISHED_CONST, 4,
3293 ssl3_alert_code,
3294 ssl_undefined_function_1,
3295 0,
3296 ssl3_set_handshake_header,
3297 tls_close_construct_packet,
3298 ssl3_handshake_write
3299 };
3300
3301 long ssl3_default_timeout(void)
3302 {
3303 /*
3304 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3305 * http, the cache would over fill
3306 */
3307 return (60 * 60 * 2);
3308 }
3309
3310 int ssl3_num_ciphers(void)
3311 {
3312 return SSL3_NUM_CIPHERS;
3313 }
3314
3315 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3316 {
3317 if (u < SSL3_NUM_CIPHERS)
3318 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3319 else
3320 return NULL;
3321 }
3322
3323 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3324 {
3325 /* No header in the event of a CCS */
3326 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3327 return 1;
3328
3329 /* Set the content type and 3 bytes for the message len */
3330 if (!WPACKET_put_bytes_u8(pkt, htype)
3331 || !WPACKET_start_sub_packet_u24(pkt))
3332 return 0;
3333
3334 return 1;
3335 }
3336
3337 int ssl3_handshake_write(SSL *s)
3338 {
3339 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3340 }
3341
3342 int ssl3_new(SSL *s)
3343 {
3344 #ifndef OPENSSL_NO_SRP
3345 if (!SSL_SRP_CTX_init(s))
3346 return 0;
3347 #endif
3348
3349 if (!s->method->ssl_clear(s))
3350 return 0;
3351
3352 return 1;
3353 }
3354
3355 void ssl3_free(SSL *s)
3356 {
3357 if (s == NULL)
3358 return;
3359
3360 ssl3_cleanup_key_block(s);
3361
3362 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3363 EVP_PKEY_free(s->s3.peer_tmp);
3364 s->s3.peer_tmp = NULL;
3365 EVP_PKEY_free(s->s3.tmp.pkey);
3366 s->s3.tmp.pkey = NULL;
3367 #endif
3368
3369 ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
3370 ssl_evp_md_free(s->s3.tmp.new_hash);
3371
3372 OPENSSL_free(s->s3.tmp.ctype);
3373 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3374 OPENSSL_free(s->s3.tmp.ciphers_raw);
3375 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3376 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3377 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3378 ssl3_free_digest_list(s);
3379 OPENSSL_free(s->s3.alpn_selected);
3380 OPENSSL_free(s->s3.alpn_proposed);
3381
3382 #ifndef OPENSSL_NO_SRP
3383 SSL_SRP_CTX_free(s);
3384 #endif
3385 memset(&s->s3, 0, sizeof(s->s3));
3386 }
3387
3388 int ssl3_clear(SSL *s)
3389 {
3390 ssl3_cleanup_key_block(s);
3391 OPENSSL_free(s->s3.tmp.ctype);
3392 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3393 OPENSSL_free(s->s3.tmp.ciphers_raw);
3394 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3395 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3396 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3397
3398 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3399 EVP_PKEY_free(s->s3.tmp.pkey);
3400 EVP_PKEY_free(s->s3.peer_tmp);
3401 #endif /* !OPENSSL_NO_EC */
3402
3403 ssl3_free_digest_list(s);
3404
3405 OPENSSL_free(s->s3.alpn_selected);
3406 OPENSSL_free(s->s3.alpn_proposed);
3407
3408 /* NULL/zero-out everything in the s3 struct */
3409 memset(&s->s3, 0, sizeof(s->s3));
3410
3411 if (!ssl_free_wbio_buffer(s))
3412 return 0;
3413
3414 s->version = SSL3_VERSION;
3415
3416 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3417 OPENSSL_free(s->ext.npn);
3418 s->ext.npn = NULL;
3419 s->ext.npn_len = 0;
3420 #endif
3421
3422 return 1;
3423 }
3424
3425 #ifndef OPENSSL_NO_SRP
3426 static char *srp_password_from_info_cb(SSL *s, void *arg)
3427 {
3428 return OPENSSL_strdup(s->srp_ctx.info);
3429 }
3430 #endif
3431
3432 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3433
3434 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3435 {
3436 int ret = 0;
3437
3438 switch (cmd) {
3439 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3440 break;
3441 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3442 ret = s->s3.num_renegotiations;
3443 break;
3444 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3445 ret = s->s3.num_renegotiations;
3446 s->s3.num_renegotiations = 0;
3447 break;
3448 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3449 ret = s->s3.total_renegotiations;
3450 break;
3451 case SSL_CTRL_GET_FLAGS:
3452 ret = (int)(s->s3.flags);
3453 break;
3454 #ifndef OPENSSL_NO_DH
3455 case SSL_CTRL_SET_TMP_DH:
3456 {
3457 DH *dh = (DH *)parg;
3458 EVP_PKEY *pkdh = NULL;
3459 if (dh == NULL) {
3460 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3461 return 0;
3462 }
3463 pkdh = ssl_dh_to_pkey(dh);
3464 if (pkdh == NULL) {
3465 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3466 return 0;
3467 }
3468 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3469 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3470 ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
3471 EVP_PKEY_free(pkdh);
3472 return 0;
3473 }
3474 EVP_PKEY_free(s->cert->dh_tmp);
3475 s->cert->dh_tmp = pkdh;
3476 return 1;
3477 }
3478 break;
3479 case SSL_CTRL_SET_TMP_DH_CB:
3480 {
3481 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3482 return ret;
3483 }
3484 case SSL_CTRL_SET_DH_AUTO:
3485 s->cert->dh_tmp_auto = larg;
3486 return 1;
3487 #endif
3488 #ifndef OPENSSL_NO_EC
3489 case SSL_CTRL_SET_TMP_ECDH:
3490 {
3491 const EC_GROUP *group = NULL;
3492 int nid;
3493
3494 if (parg == NULL) {
3495 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3496 return 0;
3497 }
3498 group = EC_KEY_get0_group((const EC_KEY *)parg);
3499 if (group == NULL) {
3500 ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
3501 return 0;
3502 }
3503 nid = EC_GROUP_get_curve_name(group);
3504 if (nid == NID_undef)
3505 return 0;
3506 return tls1_set_groups(&s->ext.supportedgroups,
3507 &s->ext.supportedgroups_len,
3508 &nid, 1);
3509 }
3510 break;
3511 #endif /* !OPENSSL_NO_EC */
3512 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3513 /*
3514 * TODO(OpenSSL1.2)
3515 * This API is only used for a client to set what SNI it will request
3516 * from the server, but we currently allow it to be used on servers
3517 * as well, which is a programming error. Currently we just clear
3518 * the field in SSL_do_handshake() for server SSLs, but when we can
3519 * make ABI-breaking changes, we may want to make use of this API
3520 * an error on server SSLs.
3521 */
3522 if (larg == TLSEXT_NAMETYPE_host_name) {
3523 size_t len;
3524
3525 OPENSSL_free(s->ext.hostname);
3526 s->ext.hostname = NULL;
3527
3528 ret = 1;
3529 if (parg == NULL)
3530 break;
3531 len = strlen((char *)parg);
3532 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3533 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3534 return 0;
3535 }
3536 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3537 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3538 return 0;
3539 }
3540 } else {
3541 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3542 return 0;
3543 }
3544 break;
3545 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3546 s->ext.debug_arg = parg;
3547 ret = 1;
3548 break;
3549
3550 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3551 ret = s->ext.status_type;
3552 break;
3553
3554 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3555 s->ext.status_type = larg;
3556 ret = 1;
3557 break;
3558
3559 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3560 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3561 ret = 1;
3562 break;
3563
3564 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3565 s->ext.ocsp.exts = parg;
3566 ret = 1;
3567 break;
3568
3569 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3570 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3571 ret = 1;
3572 break;
3573
3574 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3575 s->ext.ocsp.ids = parg;
3576 ret = 1;
3577 break;
3578
3579 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3580 *(unsigned char **)parg = s->ext.ocsp.resp;
3581 if (s->ext.ocsp.resp_len == 0
3582 || s->ext.ocsp.resp_len > LONG_MAX)
3583 return -1;
3584 return (long)s->ext.ocsp.resp_len;
3585
3586 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3587 OPENSSL_free(s->ext.ocsp.resp);
3588 s->ext.ocsp.resp = parg;
3589 s->ext.ocsp.resp_len = larg;
3590 ret = 1;
3591 break;
3592
3593 case SSL_CTRL_CHAIN:
3594 if (larg)
3595 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3596 else
3597 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3598
3599 case SSL_CTRL_CHAIN_CERT:
3600 if (larg)
3601 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3602 else
3603 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3604
3605 case SSL_CTRL_GET_CHAIN_CERTS:
3606 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3607 ret = 1;
3608 break;
3609
3610 case SSL_CTRL_SELECT_CURRENT_CERT:
3611 return ssl_cert_select_current(s->cert, (X509 *)parg);
3612
3613 case SSL_CTRL_SET_CURRENT_CERT:
3614 if (larg == SSL_CERT_SET_SERVER) {
3615 const SSL_CIPHER *cipher;
3616 if (!s->server)
3617 return 0;
3618 cipher = s->s3.tmp.new_cipher;
3619 if (cipher == NULL)
3620 return 0;
3621 /*
3622 * No certificate for unauthenticated ciphersuites or using SRP
3623 * authentication
3624 */
3625 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3626 return 2;
3627 if (s->s3.tmp.cert == NULL)
3628 return 0;
3629 s->cert->key = s->s3.tmp.cert;
3630 return 1;
3631 }
3632 return ssl_cert_set_current(s->cert, larg);
3633
3634 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3635 case SSL_CTRL_GET_GROUPS:
3636 {
3637 uint16_t *clist;
3638 size_t clistlen;
3639
3640 if (!s->session)
3641 return 0;
3642 clist = s->ext.peer_supportedgroups;
3643 clistlen = s->ext.peer_supportedgroups_len;
3644 if (parg) {
3645 size_t i;
3646 int *cptr = parg;
3647
3648 for (i = 0; i < clistlen; i++) {
3649 const TLS_GROUP_INFO *cinf
3650 = tls1_group_id_lookup(s->ctx, clist[i]);
3651
3652 if (cinf != NULL)
3653 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3654 else
3655 cptr[i] = TLSEXT_nid_unknown | clist[i];
3656 }
3657 }
3658 return (int)clistlen;
3659 }
3660
3661 case SSL_CTRL_SET_GROUPS:
3662 return tls1_set_groups(&s->ext.supportedgroups,
3663 &s->ext.supportedgroups_len, parg, larg);
3664
3665 case SSL_CTRL_SET_GROUPS_LIST:
3666 return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups,
3667 &s->ext.supportedgroups_len, parg);
3668
3669 case SSL_CTRL_GET_SHARED_GROUP:
3670 {
3671 uint16_t id = tls1_shared_group(s, larg);
3672
3673 if (larg != -1)
3674 return tls1_group_id2nid(id, 1);
3675 return id;
3676 }
3677 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3678 ret = tls1_group_id2nid(s->s3.group_id, 1);
3679 break;
3680 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3681
3682 case SSL_CTRL_SET_SIGALGS:
3683 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3684
3685 case SSL_CTRL_SET_SIGALGS_LIST:
3686 return tls1_set_sigalgs_list(s->cert, parg, 0);
3687
3688 case SSL_CTRL_SET_CLIENT_SIGALGS:
3689 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3690
3691 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3692 return tls1_set_sigalgs_list(s->cert, parg, 1);
3693
3694 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3695 {
3696 const unsigned char **pctype = parg;
3697 if (s->server || !s->s3.tmp.cert_req)
3698 return 0;
3699 if (pctype)
3700 *pctype = s->s3.tmp.ctype;
3701 return s->s3.tmp.ctype_len;
3702 }
3703
3704 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3705 if (!s->server)
3706 return 0;
3707 return ssl3_set_req_cert_type(s->cert, parg, larg);
3708
3709 case SSL_CTRL_BUILD_CERT_CHAIN:
3710 return ssl_build_cert_chain(s, NULL, larg);
3711
3712 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3713 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3714
3715 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3716 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3717
3718 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3719 if (s->s3.tmp.peer_sigalg == NULL)
3720 return 0;
3721 *(int *)parg = s->s3.tmp.peer_sigalg->hash;
3722 return 1;
3723
3724 case SSL_CTRL_GET_SIGNATURE_NID:
3725 if (s->s3.tmp.sigalg == NULL)
3726 return 0;
3727 *(int *)parg = s->s3.tmp.sigalg->hash;
3728 return 1;
3729
3730 case SSL_CTRL_GET_PEER_TMP_KEY:
3731 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3732 if (s->session == NULL || s->s3.peer_tmp == NULL) {
3733 return 0;
3734 } else {
3735 EVP_PKEY_up_ref(s->s3.peer_tmp);
3736 *(EVP_PKEY **)parg = s->s3.peer_tmp;
3737 return 1;
3738 }
3739 #else
3740 return 0;
3741 #endif
3742
3743 case SSL_CTRL_GET_TMP_KEY:
3744 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3745 if (s->session == NULL || s->s3.tmp.pkey == NULL) {
3746 return 0;
3747 } else {
3748 EVP_PKEY_up_ref(s->s3.tmp.pkey);
3749 *(EVP_PKEY **)parg = s->s3.tmp.pkey;
3750 return 1;
3751 }
3752 #else
3753 return 0;
3754 #endif
3755
3756 #ifndef OPENSSL_NO_EC
3757 case SSL_CTRL_GET_EC_POINT_FORMATS:
3758 {
3759 const unsigned char **pformat = parg;
3760
3761 if (s->ext.peer_ecpointformats == NULL)
3762 return 0;
3763 *pformat = s->ext.peer_ecpointformats;
3764 return (int)s->ext.peer_ecpointformats_len;
3765 }
3766 #endif
3767
3768 default:
3769 break;
3770 }
3771 return ret;
3772 }
3773
3774 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3775 {
3776 int ret = 0;
3777
3778 switch (cmd) {
3779 #ifndef OPENSSL_NO_DH
3780 case SSL_CTRL_SET_TMP_DH_CB:
3781 {
3782 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3783 }
3784 break;
3785 #endif
3786 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3787 s->ext.debug_cb = (void (*)(SSL *, int, int,
3788 const unsigned char *, int, void *))fp;
3789 break;
3790
3791 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3792 {
3793 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3794 }
3795 break;
3796 default:
3797 break;
3798 }
3799 return ret;
3800 }
3801
3802 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3803 {
3804 switch (cmd) {
3805 #ifndef OPENSSL_NO_DH
3806 case SSL_CTRL_SET_TMP_DH:
3807 {
3808 DH *dh = (DH *)parg;
3809 EVP_PKEY *pkdh = NULL;
3810 if (dh == NULL) {
3811 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3812 return 0;
3813 }
3814 pkdh = ssl_dh_to_pkey(dh);
3815 if (pkdh == NULL) {
3816 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3817 return 0;
3818 }
3819 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3820 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3821 ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
3822 EVP_PKEY_free(pkdh);
3823 return 0;
3824 }
3825 EVP_PKEY_free(ctx->cert->dh_tmp);
3826 ctx->cert->dh_tmp = pkdh;
3827 return 1;
3828 }
3829 case SSL_CTRL_SET_TMP_DH_CB:
3830 {
3831 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3832 return 0;
3833 }
3834 case SSL_CTRL_SET_DH_AUTO:
3835 ctx->cert->dh_tmp_auto = larg;
3836 return 1;
3837 #endif
3838 #ifndef OPENSSL_NO_EC
3839 case SSL_CTRL_SET_TMP_ECDH:
3840 {
3841 const EC_GROUP *group = NULL;
3842 int nid;
3843
3844 if (parg == NULL) {
3845 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3846 return 0;
3847 }
3848 group = EC_KEY_get0_group((const EC_KEY *)parg);
3849 if (group == NULL) {
3850 ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
3851 return 0;
3852 }
3853 nid = EC_GROUP_get_curve_name(group);
3854 if (nid == NID_undef)
3855 return 0;
3856 return tls1_set_groups(&ctx->ext.supportedgroups,
3857 &ctx->ext.supportedgroups_len,
3858 &nid, 1);
3859 }
3860 #endif /* !OPENSSL_NO_EC */
3861 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3862 ctx->ext.servername_arg = parg;
3863 break;
3864 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3865 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3866 {
3867 unsigned char *keys = parg;
3868 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3869 sizeof(ctx->ext.secure->tick_hmac_key) +
3870 sizeof(ctx->ext.secure->tick_aes_key));
3871 if (keys == NULL)
3872 return tick_keylen;
3873 if (larg != tick_keylen) {
3874 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3875 return 0;
3876 }
3877 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3878 memcpy(ctx->ext.tick_key_name, keys,
3879 sizeof(ctx->ext.tick_key_name));
3880 memcpy(ctx->ext.secure->tick_hmac_key,
3881 keys + sizeof(ctx->ext.tick_key_name),
3882 sizeof(ctx->ext.secure->tick_hmac_key));
3883 memcpy(ctx->ext.secure->tick_aes_key,
3884 keys + sizeof(ctx->ext.tick_key_name) +
3885 sizeof(ctx->ext.secure->tick_hmac_key),
3886 sizeof(ctx->ext.secure->tick_aes_key));
3887 } else {
3888 memcpy(keys, ctx->ext.tick_key_name,
3889 sizeof(ctx->ext.tick_key_name));
3890 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3891 ctx->ext.secure->tick_hmac_key,
3892 sizeof(ctx->ext.secure->tick_hmac_key));
3893 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3894 sizeof(ctx->ext.secure->tick_hmac_key),
3895 ctx->ext.secure->tick_aes_key,
3896 sizeof(ctx->ext.secure->tick_aes_key));
3897 }
3898 return 1;
3899 }
3900
3901 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3902 return ctx->ext.status_type;
3903
3904 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3905 ctx->ext.status_type = larg;
3906 break;
3907
3908 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3909 ctx->ext.status_arg = parg;
3910 return 1;
3911
3912 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3913 *(void**)parg = ctx->ext.status_arg;
3914 break;
3915
3916 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3917 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3918 break;
3919
3920 #ifndef OPENSSL_NO_SRP
3921 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3922 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3923 OPENSSL_free(ctx->srp_ctx.login);
3924 ctx->srp_ctx.login = NULL;
3925 if (parg == NULL)
3926 break;
3927 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3928 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
3929 return 0;
3930 }
3931 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3932 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3933 return 0;
3934 }
3935 break;
3936 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3937 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3938 srp_password_from_info_cb;
3939 if (ctx->srp_ctx.info != NULL)
3940 OPENSSL_free(ctx->srp_ctx.info);
3941 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3942 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3943 return 0;
3944 }
3945 break;
3946 case SSL_CTRL_SET_SRP_ARG:
3947 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3948 ctx->srp_ctx.SRP_cb_arg = parg;
3949 break;
3950
3951 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3952 ctx->srp_ctx.strength = larg;
3953 break;
3954 #endif
3955
3956 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3957 case SSL_CTRL_SET_GROUPS:
3958 return tls1_set_groups(&ctx->ext.supportedgroups,
3959 &ctx->ext.supportedgroups_len,
3960 parg, larg);
3961
3962 case SSL_CTRL_SET_GROUPS_LIST:
3963 return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
3964 &ctx->ext.supportedgroups_len,
3965 parg);
3966 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3967
3968 case SSL_CTRL_SET_SIGALGS:
3969 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3970
3971 case SSL_CTRL_SET_SIGALGS_LIST:
3972 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3973
3974 case SSL_CTRL_SET_CLIENT_SIGALGS:
3975 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3976
3977 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3978 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3979
3980 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3981 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3982
3983 case SSL_CTRL_BUILD_CERT_CHAIN:
3984 return ssl_build_cert_chain(NULL, ctx, larg);
3985
3986 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3987 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3988
3989 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3990 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3991
3992 /* A Thawte special :-) */
3993 case SSL_CTRL_EXTRA_CHAIN_CERT:
3994 if (ctx->extra_certs == NULL) {
3995 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3996 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3997 return 0;
3998 }
3999 }
4000 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4001 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
4002 return 0;
4003 }
4004 break;
4005
4006 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4007 if (ctx->extra_certs == NULL && larg == 0)
4008 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4009 else
4010 *(STACK_OF(X509) **)parg = ctx->extra_certs;
4011 break;
4012
4013 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4014 sk_X509_pop_free(ctx->extra_certs, X509_free);
4015 ctx->extra_certs = NULL;
4016 break;
4017
4018 case SSL_CTRL_CHAIN:
4019 if (larg)
4020 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4021 else
4022 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4023
4024 case SSL_CTRL_CHAIN_CERT:
4025 if (larg)
4026 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4027 else
4028 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4029
4030 case SSL_CTRL_GET_CHAIN_CERTS:
4031 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4032 break;
4033
4034 case SSL_CTRL_SELECT_CURRENT_CERT:
4035 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4036
4037 case SSL_CTRL_SET_CURRENT_CERT:
4038 return ssl_cert_set_current(ctx->cert, larg);
4039
4040 default:
4041 return 0;
4042 }
4043 return 1;
4044 }
4045
4046 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4047 {
4048 switch (cmd) {
4049 #ifndef OPENSSL_NO_DH
4050 case SSL_CTRL_SET_TMP_DH_CB:
4051 {
4052 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4053 }
4054 break;
4055 #endif
4056 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4057 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4058 break;
4059
4060 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4061 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4062 break;
4063
4064 # ifndef OPENSSL_NO_DEPRECATED_3_0
4065 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4066 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4067 unsigned char *,
4068 EVP_CIPHER_CTX *,
4069 HMAC_CTX *, int))fp;
4070 break;
4071 #endif
4072
4073 #ifndef OPENSSL_NO_SRP
4074 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4075 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4076 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4077 break;
4078 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4079 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4080 ctx->srp_ctx.TLS_ext_srp_username_callback =
4081 (int (*)(SSL *, int *, void *))fp;
4082 break;
4083 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4084 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4085 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4086 (char *(*)(SSL *, void *))fp;
4087 break;
4088 #endif
4089 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4090 {
4091 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4092 }
4093 break;
4094 default:
4095 return 0;
4096 }
4097 return 1;
4098 }
4099
4100 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4101 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4102 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4103 {
4104 ctx->ext.ticket_key_evp_cb = fp;
4105 return 1;
4106 }
4107
4108 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4109 {
4110 SSL_CIPHER c;
4111 const SSL_CIPHER *cp;
4112
4113 c.id = id;
4114 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4115 if (cp != NULL)
4116 return cp;
4117 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4118 if (cp != NULL)
4119 return cp;
4120 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4121 }
4122
4123 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4124 {
4125 SSL_CIPHER *tbl;
4126 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4127 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4128 SSL3_NUM_SCSVS};
4129
4130 /* this is not efficient, necessary to optimize this? */
4131 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4132 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4133 if (tbl->stdname == NULL)
4134 continue;
4135 if (strcmp(stdname, tbl->stdname) == 0) {
4136 return tbl;
4137 }
4138 }
4139 }
4140 return NULL;
4141 }
4142
4143 /*
4144 * This function needs to check if the ciphers required are actually
4145 * available
4146 */
4147 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4148 {
4149 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4150 | ((uint32_t)p[0] << 8L)
4151 | (uint32_t)p[1]);
4152 }
4153
4154 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4155 {
4156 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4157 *len = 0;
4158 return 1;
4159 }
4160
4161 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4162 return 0;
4163
4164 *len = 2;
4165 return 1;
4166 }
4167
4168 /*
4169 * ssl3_choose_cipher - choose a cipher from those offered by the client
4170 * @s: SSL connection
4171 * @clnt: ciphers offered by the client
4172 * @srvr: ciphers enabled on the server?
4173 *
4174 * Returns the selected cipher or NULL when no common ciphers.
4175 */
4176 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4177 STACK_OF(SSL_CIPHER) *srvr)
4178 {
4179 const SSL_CIPHER *c, *ret = NULL;
4180 STACK_OF(SSL_CIPHER) *prio, *allow;
4181 int i, ii, ok, prefer_sha256 = 0;
4182 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4183 #ifndef OPENSSL_NO_CHACHA
4184 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4185 #endif
4186
4187 /* Let's see which ciphers we can support */
4188
4189 /*
4190 * Do not set the compare functions, because this may lead to a
4191 * reordering by "id". We want to keep the original ordering. We may pay
4192 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4193 * pay with the price of sk_SSL_CIPHER_dup().
4194 */
4195
4196 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4197 BIO_printf(trc_out, "Server has %d from %p:\n",
4198 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4199 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4200 c = sk_SSL_CIPHER_value(srvr, i);
4201 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4202 }
4203 BIO_printf(trc_out, "Client sent %d from %p:\n",
4204 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4205 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4206 c = sk_SSL_CIPHER_value(clnt, i);
4207 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4208 }
4209 } OSSL_TRACE_END(TLS_CIPHER);
4210
4211 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4212 if (tls1_suiteb(s)) {
4213 prio = srvr;
4214 allow = clnt;
4215 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4216 prio = srvr;
4217 allow = clnt;
4218 #ifndef OPENSSL_NO_CHACHA
4219 /* If ChaCha20 is at the top of the client preference list,
4220 and there are ChaCha20 ciphers in the server list, then
4221 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4222 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4223 c = sk_SSL_CIPHER_value(clnt, 0);
4224 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4225 /* ChaCha20 is client preferred, check server... */
4226 int num = sk_SSL_CIPHER_num(srvr);
4227 int found = 0;
4228 for (i = 0; i < num; i++) {
4229 c = sk_SSL_CIPHER_value(srvr, i);
4230 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4231 found = 1;
4232 break;
4233 }
4234 }
4235 if (found) {
4236 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4237 /* if reserve fails, then there's likely a memory issue */
4238 if (prio_chacha != NULL) {
4239 /* Put all ChaCha20 at the top, starting with the one we just found */
4240 sk_SSL_CIPHER_push(prio_chacha, c);
4241 for (i++; i < num; i++) {
4242 c = sk_SSL_CIPHER_value(srvr, i);
4243 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4244 sk_SSL_CIPHER_push(prio_chacha, c);
4245 }
4246 /* Pull in the rest */
4247 for (i = 0; i < num; i++) {
4248 c = sk_SSL_CIPHER_value(srvr, i);
4249 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4250 sk_SSL_CIPHER_push(prio_chacha, c);
4251 }
4252 prio = prio_chacha;
4253 }
4254 }
4255 }
4256 }
4257 # endif
4258 } else {
4259 prio = clnt;
4260 allow = srvr;
4261 }
4262
4263 if (SSL_IS_TLS13(s)) {
4264 #ifndef OPENSSL_NO_PSK
4265 int j;
4266
4267 /*
4268 * If we allow "old" style PSK callbacks, and we have no certificate (so
4269 * we're not going to succeed without a PSK anyway), and we're in
4270 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4271 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4272 * that.
4273 */
4274 if (s->psk_server_callback != NULL) {
4275 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4276 if (j == SSL_PKEY_NUM) {
4277 /* There are no certificates */
4278 prefer_sha256 = 1;
4279 }
4280 }
4281 #endif
4282 } else {
4283 tls1_set_cert_validity(s);
4284 ssl_set_masks(s);
4285 }
4286
4287 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4288 c = sk_SSL_CIPHER_value(prio, i);
4289
4290 /* Skip ciphers not supported by the protocol version */
4291 if (!SSL_IS_DTLS(s) &&
4292 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4293 continue;
4294 if (SSL_IS_DTLS(s) &&
4295 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4296 DTLS_VERSION_GT(s->version, c->max_dtls)))
4297 continue;
4298
4299 /*
4300 * Since TLS 1.3 ciphersuites can be used with any auth or
4301 * key exchange scheme skip tests.
4302 */
4303 if (!SSL_IS_TLS13(s)) {
4304 mask_k = s->s3.tmp.mask_k;
4305 mask_a = s->s3.tmp.mask_a;
4306 #ifndef OPENSSL_NO_SRP
4307 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4308 mask_k |= SSL_kSRP;
4309 mask_a |= SSL_aSRP;
4310 }
4311 #endif
4312
4313 alg_k = c->algorithm_mkey;
4314 alg_a = c->algorithm_auth;
4315
4316 #ifndef OPENSSL_NO_PSK
4317 /* with PSK there must be server callback set */
4318 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4319 continue;
4320 #endif /* OPENSSL_NO_PSK */
4321
4322 ok = (alg_k & mask_k) && (alg_a & mask_a);
4323 OSSL_TRACE7(TLS_CIPHER,
4324 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4325 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4326
4327 #ifndef OPENSSL_NO_EC
4328 /*
4329 * if we are considering an ECC cipher suite that uses an ephemeral
4330 * EC key check it
4331 */
4332 if (alg_k & SSL_kECDHE)
4333 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4334 #endif /* OPENSSL_NO_EC */
4335
4336 if (!ok)
4337 continue;
4338 }
4339 ii = sk_SSL_CIPHER_find(allow, c);
4340 if (ii >= 0) {
4341 /* Check security callback permits this cipher */
4342 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4343 c->strength_bits, 0, (void *)c))
4344 continue;
4345 #if !defined(OPENSSL_NO_EC)
4346 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4347 && s->s3.is_probably_safari) {
4348 if (!ret)
4349 ret = sk_SSL_CIPHER_value(allow, ii);
4350 continue;
4351 }
4352 #endif
4353 if (prefer_sha256) {
4354 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4355
4356 /*
4357 * TODO: When there are no more legacy digests we can just use
4358 * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
4359 */
4360 if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
4361 OBJ_nid2sn(NID_sha256))) {
4362 ret = tmp;
4363 break;
4364 }
4365 if (ret == NULL)
4366 ret = tmp;
4367 continue;
4368 }
4369 ret = sk_SSL_CIPHER_value(allow, ii);
4370 break;
4371 }
4372 }
4373 #ifndef OPENSSL_NO_CHACHA
4374 sk_SSL_CIPHER_free(prio_chacha);
4375 #endif
4376 return ret;
4377 }
4378
4379 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4380 {
4381 uint32_t alg_k, alg_a = 0;
4382
4383 /* If we have custom certificate types set, use them */
4384 if (s->cert->ctype)
4385 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4386 /* Get mask of algorithms disabled by signature list */
4387 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4388
4389 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4390
4391 #ifndef OPENSSL_NO_GOST
4392 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4393 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4394 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4395 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4396 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4397 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4398 return 0;
4399
4400 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4401 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4402 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4403 return 0;
4404 #endif
4405
4406 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4407 #ifndef OPENSSL_NO_DH
4408 # ifndef OPENSSL_NO_RSA
4409 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4410 return 0;
4411 # endif
4412 # ifndef OPENSSL_NO_DSA
4413 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4414 return 0;
4415 # endif
4416 #endif /* !OPENSSL_NO_DH */
4417 }
4418 #ifndef OPENSSL_NO_RSA
4419 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4420 return 0;
4421 #endif
4422 #ifndef OPENSSL_NO_DSA
4423 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4424 return 0;
4425 #endif
4426 #ifndef OPENSSL_NO_EC
4427 /*
4428 * ECDSA certs can be used with RSA cipher suites too so we don't
4429 * need to check for SSL_kECDH or SSL_kECDHE
4430 */
4431 if (s->version >= TLS1_VERSION
4432 && !(alg_a & SSL_aECDSA)
4433 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4434 return 0;
4435 #endif
4436 return 1;
4437 }
4438
4439 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4440 {
4441 OPENSSL_free(c->ctype);
4442 c->ctype = NULL;
4443 c->ctype_len = 0;
4444 if (p == NULL || len == 0)
4445 return 1;
4446 if (len > 0xff)
4447 return 0;
4448 c->ctype = OPENSSL_memdup(p, len);
4449 if (c->ctype == NULL)
4450 return 0;
4451 c->ctype_len = len;
4452 return 1;
4453 }
4454
4455 int ssl3_shutdown(SSL *s)
4456 {
4457 int ret;
4458
4459 /*
4460 * Don't do anything much if we have not done the handshake or we don't
4461 * want to send messages :-)
4462 */
4463 if (s->quiet_shutdown || SSL_in_before(s)) {
4464 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4465 return 1;
4466 }
4467
4468 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4469 s->shutdown |= SSL_SENT_SHUTDOWN;
4470 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4471 /*
4472 * our shutdown alert has been sent now, and if it still needs to be
4473 * written, s->s3.alert_dispatch will be true
4474 */
4475 if (s->s3.alert_dispatch)
4476 return -1; /* return WANT_WRITE */
4477 } else if (s->s3.alert_dispatch) {
4478 /* resend it if not sent */
4479 ret = s->method->ssl_dispatch_alert(s);
4480 if (ret == -1) {
4481 /*
4482 * we only get to return -1 here the 2nd/Nth invocation, we must
4483 * have already signalled return 0 upon a previous invocation,
4484 * return WANT_WRITE
4485 */
4486 return ret;
4487 }
4488 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4489 size_t readbytes;
4490 /*
4491 * If we are waiting for a close from our peer, we are closed
4492 */
4493 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4494 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4495 return -1; /* return WANT_READ */
4496 }
4497 }
4498
4499 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4500 !s->s3.alert_dispatch)
4501 return 1;
4502 else
4503 return 0;
4504 }
4505
4506 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4507 {
4508 clear_sys_error();
4509 if (s->s3.renegotiate)
4510 ssl3_renegotiate_check(s, 0);
4511
4512 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4513 written);
4514 }
4515
4516 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4517 size_t *readbytes)
4518 {
4519 int ret;
4520
4521 clear_sys_error();
4522 if (s->s3.renegotiate)
4523 ssl3_renegotiate_check(s, 0);
4524 s->s3.in_read_app_data = 1;
4525 ret =
4526 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4527 peek, readbytes);
4528 if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
4529 /*
4530 * ssl3_read_bytes decided to call s->handshake_func, which called
4531 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4532 * actually found application data and thinks that application data
4533 * makes sense here; so disable handshake processing and try to read
4534 * application data again.
4535 */
4536 ossl_statem_set_in_handshake(s, 1);
4537 ret =
4538 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4539 len, peek, readbytes);
4540 ossl_statem_set_in_handshake(s, 0);
4541 } else
4542 s->s3.in_read_app_data = 0;
4543
4544 return ret;
4545 }
4546
4547 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4548 {
4549 return ssl3_read_internal(s, buf, len, 0, readbytes);
4550 }
4551
4552 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4553 {
4554 return ssl3_read_internal(s, buf, len, 1, readbytes);
4555 }
4556
4557 int ssl3_renegotiate(SSL *s)
4558 {
4559 if (s->handshake_func == NULL)
4560 return 1;
4561
4562 s->s3.renegotiate = 1;
4563 return 1;
4564 }
4565
4566 /*
4567 * Check if we are waiting to do a renegotiation and if so whether now is a
4568 * good time to do it. If |initok| is true then we are being called from inside
4569 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4570 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4571 * should do a renegotiation now and sets up the state machine for it. Otherwise
4572 * returns 0.
4573 */
4574 int ssl3_renegotiate_check(SSL *s, int initok)
4575 {
4576 int ret = 0;
4577
4578 if (s->s3.renegotiate) {
4579 if (!RECORD_LAYER_read_pending(&s->rlayer)
4580 && !RECORD_LAYER_write_pending(&s->rlayer)
4581 && (initok || !SSL_in_init(s))) {
4582 /*
4583 * if we are the server, and we have sent a 'RENEGOTIATE'
4584 * message, we need to set the state machine into the renegotiate
4585 * state.
4586 */
4587 ossl_statem_set_renegotiate(s);
4588 s->s3.renegotiate = 0;
4589 s->s3.num_renegotiations++;
4590 s->s3.total_renegotiations++;
4591 ret = 1;
4592 }
4593 }
4594 return ret;
4595 }
4596
4597 /*
4598 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4599 * handshake macs if required.
4600 *
4601 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4602 */
4603 long ssl_get_algorithm2(SSL *s)
4604 {
4605 long alg2;
4606 if (s->s3.tmp.new_cipher == NULL)
4607 return -1;
4608 alg2 = s->s3.tmp.new_cipher->algorithm2;
4609 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4610 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4611 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4612 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4613 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4614 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4615 }
4616 return alg2;
4617 }
4618
4619 /*
4620 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4621 * failure, 1 on success.
4622 */
4623 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4624 DOWNGRADE dgrd)
4625 {
4626 int send_time = 0, ret;
4627
4628 if (len < 4)
4629 return 0;
4630 if (server)
4631 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4632 else
4633 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4634 if (send_time) {
4635 unsigned long Time = (unsigned long)time(NULL);
4636 unsigned char *p = result;
4637
4638 l2n(Time, p);
4639 ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
4640 } else {
4641 ret = RAND_bytes_ex(s->ctx->libctx, result, len);
4642 }
4643
4644 if (ret > 0) {
4645 if (!ossl_assert(sizeof(tls11downgrade) < len)
4646 || !ossl_assert(sizeof(tls12downgrade) < len))
4647 return 0;
4648 if (dgrd == DOWNGRADE_TO_1_2)
4649 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4650 sizeof(tls12downgrade));
4651 else if (dgrd == DOWNGRADE_TO_1_1)
4652 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4653 sizeof(tls11downgrade));
4654 }
4655
4656 return ret;
4657 }
4658
4659 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4660 int free_pms)
4661 {
4662 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4663 int ret = 0;
4664
4665 if (alg_k & SSL_PSK) {
4666 #ifndef OPENSSL_NO_PSK
4667 unsigned char *pskpms, *t;
4668 size_t psklen = s->s3.tmp.psklen;
4669 size_t pskpmslen;
4670
4671 /* create PSK premaster_secret */
4672
4673 /* For plain PSK "other_secret" is psklen zeroes */
4674 if (alg_k & SSL_kPSK)
4675 pmslen = psklen;
4676
4677 pskpmslen = 4 + pmslen + psklen;
4678 pskpms = OPENSSL_malloc(pskpmslen);
4679 if (pskpms == NULL)
4680 goto err;
4681 t = pskpms;
4682 s2n(pmslen, t);
4683 if (alg_k & SSL_kPSK)
4684 memset(t, 0, pmslen);
4685 else
4686 memcpy(t, pms, pmslen);
4687 t += pmslen;
4688 s2n(psklen, t);
4689 memcpy(t, s->s3.tmp.psk, psklen);
4690
4691 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4692 s->s3.tmp.psk = NULL;
4693 if (!s->method->ssl3_enc->generate_master_secret(s,
4694 s->session->master_key, pskpms, pskpmslen,
4695 &s->session->master_key_length)) {
4696 OPENSSL_clear_free(pskpms, pskpmslen);
4697 /* SSLfatal() already called */
4698 goto err;
4699 }
4700 OPENSSL_clear_free(pskpms, pskpmslen);
4701 #else
4702 /* Should never happen */
4703 goto err;
4704 #endif
4705 } else {
4706 if (!s->method->ssl3_enc->generate_master_secret(s,
4707 s->session->master_key, pms, pmslen,
4708 &s->session->master_key_length)) {
4709 /* SSLfatal() already called */
4710 goto err;
4711 }
4712 }
4713
4714 ret = 1;
4715 err:
4716 if (pms) {
4717 if (free_pms)
4718 OPENSSL_clear_free(pms, pmslen);
4719 else
4720 OPENSSL_cleanse(pms, pmslen);
4721 }
4722 if (s->server == 0)
4723 s->s3.tmp.pms = NULL;
4724 return ret;
4725 }
4726
4727 /* Generate a private key from parameters */
4728 EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
4729 {
4730 EVP_PKEY_CTX *pctx = NULL;
4731 EVP_PKEY *pkey = NULL;
4732
4733 if (pm == NULL)
4734 return NULL;
4735 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq);
4736 if (pctx == NULL)
4737 goto err;
4738 if (EVP_PKEY_keygen_init(pctx) <= 0)
4739 goto err;
4740 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4741 EVP_PKEY_free(pkey);
4742 pkey = NULL;
4743 }
4744
4745 err:
4746 EVP_PKEY_CTX_free(pctx);
4747 return pkey;
4748 }
4749
4750 /* Generate a private key from a group ID */
4751 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4752 {
4753 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4754 EVP_PKEY_CTX *pctx = NULL;
4755 EVP_PKEY *pkey = NULL;
4756
4757 if (ginf == NULL) {
4758 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4759 ERR_R_INTERNAL_ERROR);
4760 goto err;
4761 }
4762
4763 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4764 s->ctx->propq);
4765
4766 if (pctx == NULL) {
4767 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4768 ERR_R_MALLOC_FAILURE);
4769 goto err;
4770 }
4771 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4772 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4773 ERR_R_EVP_LIB);
4774 goto err;
4775 }
4776 if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
4777 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4778 ERR_R_EVP_LIB);
4779 goto err;
4780 }
4781 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4782 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4783 ERR_R_EVP_LIB);
4784 EVP_PKEY_free(pkey);
4785 pkey = NULL;
4786 }
4787
4788 err:
4789 EVP_PKEY_CTX_free(pctx);
4790 return pkey;
4791 }
4792
4793 /*
4794 * Generate parameters from a group ID
4795 */
4796 EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
4797 {
4798 EVP_PKEY_CTX *pctx = NULL;
4799 EVP_PKEY *pkey = NULL;
4800 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4801
4802 if (ginf == NULL)
4803 goto err;
4804
4805 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4806 s->ctx->propq);
4807
4808 if (pctx == NULL)
4809 goto err;
4810 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4811 goto err;
4812 if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
4813 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4814 ERR_R_EVP_LIB);
4815 goto err;
4816 }
4817 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4818 EVP_PKEY_free(pkey);
4819 pkey = NULL;
4820 }
4821
4822 err:
4823 EVP_PKEY_CTX_free(pctx);
4824 return pkey;
4825 }
4826
4827 /* Generate secrets from pms */
4828 int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen)
4829 {
4830 int rv = 0;
4831
4832 /* SSLfatal() called as appropriate in the below functions */
4833 if (SSL_IS_TLS13(s)) {
4834 /*
4835 * If we are resuming then we already generated the early secret
4836 * when we created the ClientHello, so don't recreate it.
4837 */
4838 if (!s->hit)
4839 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4840 0,
4841 (unsigned char *)&s->early_secret);
4842 else
4843 rv = 1;
4844
4845 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4846 } else {
4847 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4848 }
4849
4850 return rv;
4851 }
4852
4853 /* Derive secrets for ECDH/DH */
4854 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4855 {
4856 int rv = 0;
4857 unsigned char *pms = NULL;
4858 size_t pmslen = 0;
4859 EVP_PKEY_CTX *pctx;
4860
4861 if (privkey == NULL || pubkey == NULL) {
4862 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4863 ERR_R_INTERNAL_ERROR);
4864 return 0;
4865 }
4866
4867 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4868
4869 if (EVP_PKEY_derive_init(pctx) <= 0
4870 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4871 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4872 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4873 ERR_R_INTERNAL_ERROR);
4874 goto err;
4875 }
4876
4877 #ifndef OPENSSL_NO_DH
4878 if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
4879 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4880 #endif
4881
4882 pms = OPENSSL_malloc(pmslen);
4883 if (pms == NULL) {
4884 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4885 ERR_R_MALLOC_FAILURE);
4886 goto err;
4887 }
4888
4889 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4890 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4891 ERR_R_INTERNAL_ERROR);
4892 goto err;
4893 }
4894
4895 if (gensecret) {
4896 /* SSLfatal() called as appropriate in the below functions */
4897 rv = ssl_gensecret(s, pms, pmslen);
4898 } else {
4899 /* Save premaster secret */
4900 s->s3.tmp.pms = pms;
4901 s->s3.tmp.pmslen = pmslen;
4902 pms = NULL;
4903 rv = 1;
4904 }
4905
4906 err:
4907 OPENSSL_clear_free(pms, pmslen);
4908 EVP_PKEY_CTX_free(pctx);
4909 return rv;
4910 }
4911
4912 /* Decapsulate secrets for KEM */
4913 int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
4914 const unsigned char *ct, size_t ctlen,
4915 int gensecret)
4916 {
4917 int rv = 0;
4918 unsigned char *pms = NULL;
4919 size_t pmslen = 0;
4920 EVP_PKEY_CTX *pctx;
4921
4922 if (privkey == NULL) {
4923 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DECAPSULATE,
4924 ERR_R_INTERNAL_ERROR);
4925 return 0;
4926 }
4927
4928 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4929
4930 if (EVP_PKEY_decapsulate_init(pctx) <= 0
4931 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
4932 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DECAPSULATE,
4933 ERR_R_INTERNAL_ERROR);
4934 goto err;
4935 }
4936
4937 pms = OPENSSL_malloc(pmslen);
4938 if (pms == NULL) {
4939 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DECAPSULATE,
4940 ERR_R_MALLOC_FAILURE);
4941 goto err;
4942 }
4943
4944 if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
4945 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DECAPSULATE,
4946 ERR_R_INTERNAL_ERROR);
4947 goto err;
4948 }
4949
4950 if (gensecret) {
4951 /* SSLfatal() called as appropriate in the below functions */
4952 rv = ssl_gensecret(s, pms, pmslen);
4953 } else {
4954 /* Save premaster secret */
4955 s->s3.tmp.pms = pms;
4956 s->s3.tmp.pmslen = pmslen;
4957 pms = NULL;
4958 rv = 1;
4959 }
4960
4961 err:
4962 OPENSSL_clear_free(pms, pmslen);
4963 EVP_PKEY_CTX_free(pctx);
4964 return rv;
4965 }
4966
4967 int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
4968 unsigned char **ctp, size_t *ctlenp,
4969 int gensecret)
4970 {
4971 int rv = 0;
4972 unsigned char *pms = NULL, *ct = NULL;
4973 size_t pmslen = 0, ctlen = 0;
4974 EVP_PKEY_CTX *pctx;
4975
4976 if (pubkey == NULL) {
4977 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ENCAPSULATE,
4978 ERR_R_INTERNAL_ERROR);
4979 return 0;
4980 }
4981
4982 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq);
4983
4984 if (EVP_PKEY_encapsulate_init(pctx) <= 0
4985 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
4986 || pmslen == 0 || ctlen == 0) {
4987 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ENCAPSULATE,
4988 ERR_R_INTERNAL_ERROR);
4989 goto err;
4990 }
4991
4992 pms = OPENSSL_malloc(pmslen);
4993 ct = OPENSSL_malloc(ctlen);
4994 if (pms == NULL || ct == NULL) {
4995 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ENCAPSULATE,
4996 ERR_R_MALLOC_FAILURE);
4997 goto err;
4998 }
4999
5000 if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5001 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ENCAPSULATE,
5002 ERR_R_INTERNAL_ERROR);
5003 goto err;
5004 }
5005
5006 if (gensecret) {
5007 /* SSLfatal() called as appropriate in the below functions */
5008 rv = ssl_gensecret(s, pms, pmslen);
5009 } else {
5010 /* Save premaster secret */
5011 s->s3.tmp.pms = pms;
5012 s->s3.tmp.pmslen = pmslen;
5013 pms = NULL;
5014 rv = 1;
5015 }
5016
5017 if (rv > 0) {
5018 /* Pass ownership of ct to caller */
5019 *ctp = ct;
5020 *ctlenp = ctlen;
5021 ct = NULL;
5022 }
5023
5024 err:
5025 OPENSSL_clear_free(pms, pmslen);
5026 OPENSSL_free(ct);
5027 EVP_PKEY_CTX_free(pctx);
5028 return rv;
5029 }
5030
5031 #ifndef OPENSSL_NO_DH
5032 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
5033 {
5034 EVP_PKEY *ret;
5035 if (dh == NULL)
5036 return NULL;
5037 ret = EVP_PKEY_new();
5038 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
5039 EVP_PKEY_free(ret);
5040 return NULL;
5041 }
5042 return ret;
5043 }
5044 #endif
A mirror of the official openssl repository