]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/s3_lib.c
projects / thirdparty / openssl.git / blob
? search:


12c30f665eaea478c9e154270ddd94224c2a53ec
[thirdparty/openssl.git] / ssl / s3_lib.c
1 /*
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include "internal/e_os.h"
13
14 #include <openssl/objects.h>
15 #include "internal/nelem.h"
16 #include "ssl_local.h"
17 #include <openssl/md5.h>
18 #include <openssl/dh.h>
19 #include <openssl/rand.h>
20 #include <openssl/trace.h>
21 #include <openssl/x509v3.h>
22 #include <openssl/core_names.h>
23 #include "internal/cryptlib.h"
24 #include "internal/ssl_unwrap.h"
25
26 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
27 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
28 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
29
30 /* TLSv1.3 downgrade protection sentinel values */
31 const unsigned char tls11downgrade[] = {
32 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
33 };
34 const unsigned char tls12downgrade[] = {
35 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
36 };
37
38 /* The list of available TLSv1.3 ciphers */
39 static SSL_CIPHER tls13_ciphers[] = {
40 {
41 1,
42 TLS1_3_RFC_AES_128_GCM_SHA256,
43 TLS1_3_RFC_AES_128_GCM_SHA256,
44 TLS1_3_CK_AES_128_GCM_SHA256,
45 SSL_kANY,
46 SSL_aANY,
47 SSL_AES128GCM,
48 SSL_AEAD,
49 TLS1_3_VERSION, TLS1_3_VERSION,
50 0, 0,
51 SSL_HIGH,
52 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
53 128,
54 128,
55 }, {
56 1,
57 TLS1_3_RFC_AES_256_GCM_SHA384,
58 TLS1_3_RFC_AES_256_GCM_SHA384,
59 TLS1_3_CK_AES_256_GCM_SHA384,
60 SSL_kANY,
61 SSL_aANY,
62 SSL_AES256GCM,
63 SSL_AEAD,
64 TLS1_3_VERSION, TLS1_3_VERSION,
65 0, 0,
66 SSL_HIGH,
67 SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
68 256,
69 256,
70 },
71 {
72 1,
73 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
74 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
75 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
76 SSL_kANY,
77 SSL_aANY,
78 SSL_CHACHA20POLY1305,
79 SSL_AEAD,
80 TLS1_3_VERSION, TLS1_3_VERSION,
81 0, 0,
82 SSL_HIGH,
83 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
84 256,
85 256,
86 },
87 {
88 1,
89 TLS1_3_RFC_AES_128_CCM_SHA256,
90 TLS1_3_RFC_AES_128_CCM_SHA256,
91 TLS1_3_CK_AES_128_CCM_SHA256,
92 SSL_kANY,
93 SSL_aANY,
94 SSL_AES128CCM,
95 SSL_AEAD,
96 TLS1_3_VERSION, TLS1_3_VERSION,
97 0, 0,
98 SSL_NOT_DEFAULT | SSL_HIGH,
99 SSL_HANDSHAKE_MAC_SHA256,
100 128,
101 128,
102 }, {
103 1,
104 TLS1_3_RFC_AES_128_CCM_8_SHA256,
105 TLS1_3_RFC_AES_128_CCM_8_SHA256,
106 TLS1_3_CK_AES_128_CCM_8_SHA256,
107 SSL_kANY,
108 SSL_aANY,
109 SSL_AES128CCM8,
110 SSL_AEAD,
111 TLS1_3_VERSION, TLS1_3_VERSION,
112 0, 0,
113 SSL_NOT_DEFAULT | SSL_MEDIUM,
114 SSL_HANDSHAKE_MAC_SHA256,
115 64, /* CCM8 uses a short tag, so we have a low security strength */
116 128,
117 },
118 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
119 {
120 1,
121 TLS1_3_RFC_SHA256_SHA256,
122 TLS1_3_RFC_SHA256_SHA256,
123 TLS1_3_CK_SHA256_SHA256,
124 SSL_kANY,
125 SSL_aANY,
126 SSL_eNULL,
127 SSL_SHA256,
128 TLS1_3_VERSION, TLS1_3_VERSION,
129 0, 0,
130 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
131 SSL_HANDSHAKE_MAC_SHA256,
132 0,
133 256,
134 }, {
135 1,
136 TLS1_3_RFC_SHA384_SHA384,
137 TLS1_3_RFC_SHA384_SHA384,
138 TLS1_3_CK_SHA384_SHA384,
139 SSL_kANY,
140 SSL_aANY,
141 SSL_eNULL,
142 SSL_SHA384,
143 TLS1_3_VERSION, TLS1_3_VERSION,
144 0, 0,
145 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
146 SSL_HANDSHAKE_MAC_SHA384,
147 0,
148 384,
149 },
150 #endif
151 };
152
153 /*
154 * The list of available ciphers, mostly organized into the following
155 * groups:
156 * Always there
157 * EC
158 * PSK
159 * SRP (within that: RSA EC PSK)
160 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
161 * Weak ciphers
162 */
163 static SSL_CIPHER ssl3_ciphers[] = {
164 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
165 {
166 1,
167 SSL3_TXT_RSA_NULL_MD5,
168 SSL3_RFC_RSA_NULL_MD5,
169 SSL3_CK_RSA_NULL_MD5,
170 SSL_kRSA,
171 SSL_aRSA,
172 SSL_eNULL,
173 SSL_MD5,
174 SSL3_VERSION, TLS1_2_VERSION,
175 DTLS1_BAD_VER, DTLS1_2_VERSION,
176 SSL_STRONG_NONE,
177 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
178 0,
179 0,
180 },
181 {
182 1,
183 SSL3_TXT_RSA_NULL_SHA,
184 SSL3_RFC_RSA_NULL_SHA,
185 SSL3_CK_RSA_NULL_SHA,
186 SSL_kRSA,
187 SSL_aRSA,
188 SSL_eNULL,
189 SSL_SHA1,
190 SSL3_VERSION, TLS1_2_VERSION,
191 DTLS1_BAD_VER, DTLS1_2_VERSION,
192 SSL_STRONG_NONE | SSL_FIPS,
193 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
194 0,
195 0,
196 },
197 #endif
198 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
199 {
200 1,
201 SSL3_TXT_RSA_DES_192_CBC3_SHA,
202 SSL3_RFC_RSA_DES_192_CBC3_SHA,
203 SSL3_CK_RSA_DES_192_CBC3_SHA,
204 SSL_kRSA,
205 SSL_aRSA,
206 SSL_3DES,
207 SSL_SHA1,
208 SSL3_VERSION, TLS1_2_VERSION,
209 DTLS1_BAD_VER, DTLS1_2_VERSION,
210 SSL_NOT_DEFAULT | SSL_MEDIUM,
211 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
212 112,
213 168,
214 },
215 {
216 1,
217 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
218 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
219 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
220 SSL_kDHE,
221 SSL_aDSS,
222 SSL_3DES,
223 SSL_SHA1,
224 SSL3_VERSION, TLS1_2_VERSION,
225 DTLS1_BAD_VER, DTLS1_2_VERSION,
226 SSL_NOT_DEFAULT | SSL_MEDIUM,
227 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228 112,
229 168,
230 },
231 {
232 1,
233 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
234 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
235 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
236 SSL_kDHE,
237 SSL_aRSA,
238 SSL_3DES,
239 SSL_SHA1,
240 SSL3_VERSION, TLS1_2_VERSION,
241 DTLS1_BAD_VER, DTLS1_2_VERSION,
242 SSL_NOT_DEFAULT | SSL_MEDIUM,
243 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
244 112,
245 168,
246 },
247 {
248 1,
249 SSL3_TXT_ADH_DES_192_CBC_SHA,
250 SSL3_RFC_ADH_DES_192_CBC_SHA,
251 SSL3_CK_ADH_DES_192_CBC_SHA,
252 SSL_kDHE,
253 SSL_aNULL,
254 SSL_3DES,
255 SSL_SHA1,
256 SSL3_VERSION, TLS1_2_VERSION,
257 DTLS1_BAD_VER, DTLS1_2_VERSION,
258 SSL_NOT_DEFAULT | SSL_MEDIUM,
259 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
260 112,
261 168,
262 },
263 #endif
264 {
265 1,
266 TLS1_TXT_RSA_WITH_AES_128_SHA,
267 TLS1_RFC_RSA_WITH_AES_128_SHA,
268 TLS1_CK_RSA_WITH_AES_128_SHA,
269 SSL_kRSA,
270 SSL_aRSA,
271 SSL_AES128,
272 SSL_SHA1,
273 SSL3_VERSION, TLS1_2_VERSION,
274 DTLS1_BAD_VER, DTLS1_2_VERSION,
275 SSL_HIGH | SSL_FIPS,
276 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
277 128,
278 128,
279 },
280 {
281 1,
282 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
283 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
284 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
285 SSL_kDHE,
286 SSL_aDSS,
287 SSL_AES128,
288 SSL_SHA1,
289 SSL3_VERSION, TLS1_2_VERSION,
290 DTLS1_BAD_VER, DTLS1_2_VERSION,
291 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
292 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293 128,
294 128,
295 },
296 {
297 1,
298 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
299 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
300 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
301 SSL_kDHE,
302 SSL_aRSA,
303 SSL_AES128,
304 SSL_SHA1,
305 SSL3_VERSION, TLS1_2_VERSION,
306 DTLS1_BAD_VER, DTLS1_2_VERSION,
307 SSL_HIGH | SSL_FIPS,
308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
309 128,
310 128,
311 },
312 {
313 1,
314 TLS1_TXT_ADH_WITH_AES_128_SHA,
315 TLS1_RFC_ADH_WITH_AES_128_SHA,
316 TLS1_CK_ADH_WITH_AES_128_SHA,
317 SSL_kDHE,
318 SSL_aNULL,
319 SSL_AES128,
320 SSL_SHA1,
321 SSL3_VERSION, TLS1_2_VERSION,
322 DTLS1_BAD_VER, DTLS1_2_VERSION,
323 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
324 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
325 128,
326 128,
327 },
328 {
329 1,
330 TLS1_TXT_RSA_WITH_AES_256_SHA,
331 TLS1_RFC_RSA_WITH_AES_256_SHA,
332 TLS1_CK_RSA_WITH_AES_256_SHA,
333 SSL_kRSA,
334 SSL_aRSA,
335 SSL_AES256,
336 SSL_SHA1,
337 SSL3_VERSION, TLS1_2_VERSION,
338 DTLS1_BAD_VER, DTLS1_2_VERSION,
339 SSL_HIGH | SSL_FIPS,
340 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
341 256,
342 256,
343 },
344 {
345 1,
346 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
347 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
348 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
349 SSL_kDHE,
350 SSL_aDSS,
351 SSL_AES256,
352 SSL_SHA1,
353 SSL3_VERSION, TLS1_2_VERSION,
354 DTLS1_BAD_VER, DTLS1_2_VERSION,
355 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
356 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
357 256,
358 256,
359 },
360 {
361 1,
362 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
363 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
364 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
365 SSL_kDHE,
366 SSL_aRSA,
367 SSL_AES256,
368 SSL_SHA1,
369 SSL3_VERSION, TLS1_2_VERSION,
370 DTLS1_BAD_VER, DTLS1_2_VERSION,
371 SSL_HIGH | SSL_FIPS,
372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
373 256,
374 256,
375 },
376 {
377 1,
378 TLS1_TXT_ADH_WITH_AES_256_SHA,
379 TLS1_RFC_ADH_WITH_AES_256_SHA,
380 TLS1_CK_ADH_WITH_AES_256_SHA,
381 SSL_kDHE,
382 SSL_aNULL,
383 SSL_AES256,
384 SSL_SHA1,
385 SSL3_VERSION, TLS1_2_VERSION,
386 DTLS1_BAD_VER, DTLS1_2_VERSION,
387 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
388 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
389 256,
390 256,
391 },
392 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
393 {
394 1,
395 TLS1_TXT_RSA_WITH_NULL_SHA256,
396 TLS1_RFC_RSA_WITH_NULL_SHA256,
397 TLS1_CK_RSA_WITH_NULL_SHA256,
398 SSL_kRSA,
399 SSL_aRSA,
400 SSL_eNULL,
401 SSL_SHA256,
402 TLS1_2_VERSION, TLS1_2_VERSION,
403 DTLS1_2_VERSION, DTLS1_2_VERSION,
404 SSL_STRONG_NONE | SSL_FIPS,
405 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
406 0,
407 0,
408 },
409 #endif
410 {
411 1,
412 TLS1_TXT_RSA_WITH_AES_128_SHA256,
413 TLS1_RFC_RSA_WITH_AES_128_SHA256,
414 TLS1_CK_RSA_WITH_AES_128_SHA256,
415 SSL_kRSA,
416 SSL_aRSA,
417 SSL_AES128,
418 SSL_SHA256,
419 TLS1_2_VERSION, TLS1_2_VERSION,
420 DTLS1_2_VERSION, DTLS1_2_VERSION,
421 SSL_HIGH | SSL_FIPS,
422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
423 128,
424 128,
425 },
426 {
427 1,
428 TLS1_TXT_RSA_WITH_AES_256_SHA256,
429 TLS1_RFC_RSA_WITH_AES_256_SHA256,
430 TLS1_CK_RSA_WITH_AES_256_SHA256,
431 SSL_kRSA,
432 SSL_aRSA,
433 SSL_AES256,
434 SSL_SHA256,
435 TLS1_2_VERSION, TLS1_2_VERSION,
436 DTLS1_2_VERSION, DTLS1_2_VERSION,
437 SSL_HIGH | SSL_FIPS,
438 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
439 256,
440 256,
441 },
442 {
443 1,
444 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
445 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
446 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
447 SSL_kDHE,
448 SSL_aDSS,
449 SSL_AES128,
450 SSL_SHA256,
451 TLS1_2_VERSION, TLS1_2_VERSION,
452 DTLS1_2_VERSION, DTLS1_2_VERSION,
453 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
454 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
455 128,
456 128,
457 },
458 {
459 1,
460 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
461 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
462 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
463 SSL_kDHE,
464 SSL_aRSA,
465 SSL_AES128,
466 SSL_SHA256,
467 TLS1_2_VERSION, TLS1_2_VERSION,
468 DTLS1_2_VERSION, DTLS1_2_VERSION,
469 SSL_HIGH | SSL_FIPS,
470 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
471 128,
472 128,
473 },
474 {
475 1,
476 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
477 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
478 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
479 SSL_kDHE,
480 SSL_aDSS,
481 SSL_AES256,
482 SSL_SHA256,
483 TLS1_2_VERSION, TLS1_2_VERSION,
484 DTLS1_2_VERSION, DTLS1_2_VERSION,
485 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
486 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
487 256,
488 256,
489 },
490 {
491 1,
492 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
493 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
494 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
495 SSL_kDHE,
496 SSL_aRSA,
497 SSL_AES256,
498 SSL_SHA256,
499 TLS1_2_VERSION, TLS1_2_VERSION,
500 DTLS1_2_VERSION, DTLS1_2_VERSION,
501 SSL_HIGH | SSL_FIPS,
502 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
503 256,
504 256,
505 },
506 {
507 1,
508 TLS1_TXT_ADH_WITH_AES_128_SHA256,
509 TLS1_RFC_ADH_WITH_AES_128_SHA256,
510 TLS1_CK_ADH_WITH_AES_128_SHA256,
511 SSL_kDHE,
512 SSL_aNULL,
513 SSL_AES128,
514 SSL_SHA256,
515 TLS1_2_VERSION, TLS1_2_VERSION,
516 DTLS1_2_VERSION, DTLS1_2_VERSION,
517 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
518 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
519 128,
520 128,
521 },
522 {
523 1,
524 TLS1_TXT_ADH_WITH_AES_256_SHA256,
525 TLS1_RFC_ADH_WITH_AES_256_SHA256,
526 TLS1_CK_ADH_WITH_AES_256_SHA256,
527 SSL_kDHE,
528 SSL_aNULL,
529 SSL_AES256,
530 SSL_SHA256,
531 TLS1_2_VERSION, TLS1_2_VERSION,
532 DTLS1_2_VERSION, DTLS1_2_VERSION,
533 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
534 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
535 256,
536 256,
537 },
538 {
539 1,
540 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
541 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
542 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
543 SSL_kRSA,
544 SSL_aRSA,
545 SSL_AES128GCM,
546 SSL_AEAD,
547 TLS1_2_VERSION, TLS1_2_VERSION,
548 DTLS1_2_VERSION, DTLS1_2_VERSION,
549 SSL_HIGH | SSL_FIPS,
550 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
551 128,
552 128,
553 },
554 {
555 1,
556 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
557 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
558 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
559 SSL_kRSA,
560 SSL_aRSA,
561 SSL_AES256GCM,
562 SSL_AEAD,
563 TLS1_2_VERSION, TLS1_2_VERSION,
564 DTLS1_2_VERSION, DTLS1_2_VERSION,
565 SSL_HIGH | SSL_FIPS,
566 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
567 256,
568 256,
569 },
570 {
571 1,
572 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
573 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
574 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
575 SSL_kDHE,
576 SSL_aRSA,
577 SSL_AES128GCM,
578 SSL_AEAD,
579 TLS1_2_VERSION, TLS1_2_VERSION,
580 DTLS1_2_VERSION, DTLS1_2_VERSION,
581 SSL_HIGH | SSL_FIPS,
582 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
583 128,
584 128,
585 },
586 {
587 1,
588 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
589 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
590 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
591 SSL_kDHE,
592 SSL_aRSA,
593 SSL_AES256GCM,
594 SSL_AEAD,
595 TLS1_2_VERSION, TLS1_2_VERSION,
596 DTLS1_2_VERSION, DTLS1_2_VERSION,
597 SSL_HIGH | SSL_FIPS,
598 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
599 256,
600 256,
601 },
602 {
603 1,
604 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
605 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
606 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
607 SSL_kDHE,
608 SSL_aDSS,
609 SSL_AES128GCM,
610 SSL_AEAD,
611 TLS1_2_VERSION, TLS1_2_VERSION,
612 DTLS1_2_VERSION, DTLS1_2_VERSION,
613 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
614 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
615 128,
616 128,
617 },
618 {
619 1,
620 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
621 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
622 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
623 SSL_kDHE,
624 SSL_aDSS,
625 SSL_AES256GCM,
626 SSL_AEAD,
627 TLS1_2_VERSION, TLS1_2_VERSION,
628 DTLS1_2_VERSION, DTLS1_2_VERSION,
629 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
630 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
631 256,
632 256,
633 },
634 {
635 1,
636 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
637 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
638 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
639 SSL_kDHE,
640 SSL_aNULL,
641 SSL_AES128GCM,
642 SSL_AEAD,
643 TLS1_2_VERSION, TLS1_2_VERSION,
644 DTLS1_2_VERSION, DTLS1_2_VERSION,
645 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
646 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
647 128,
648 128,
649 },
650 {
651 1,
652 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
653 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
654 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
655 SSL_kDHE,
656 SSL_aNULL,
657 SSL_AES256GCM,
658 SSL_AEAD,
659 TLS1_2_VERSION, TLS1_2_VERSION,
660 DTLS1_2_VERSION, DTLS1_2_VERSION,
661 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
662 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
663 256,
664 256,
665 },
666 {
667 1,
668 TLS1_TXT_RSA_WITH_AES_128_CCM,
669 TLS1_RFC_RSA_WITH_AES_128_CCM,
670 TLS1_CK_RSA_WITH_AES_128_CCM,
671 SSL_kRSA,
672 SSL_aRSA,
673 SSL_AES128CCM,
674 SSL_AEAD,
675 TLS1_2_VERSION, TLS1_2_VERSION,
676 DTLS1_2_VERSION, DTLS1_2_VERSION,
677 SSL_NOT_DEFAULT | SSL_HIGH,
678 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
679 128,
680 128,
681 },
682 {
683 1,
684 TLS1_TXT_RSA_WITH_AES_256_CCM,
685 TLS1_RFC_RSA_WITH_AES_256_CCM,
686 TLS1_CK_RSA_WITH_AES_256_CCM,
687 SSL_kRSA,
688 SSL_aRSA,
689 SSL_AES256CCM,
690 SSL_AEAD,
691 TLS1_2_VERSION, TLS1_2_VERSION,
692 DTLS1_2_VERSION, DTLS1_2_VERSION,
693 SSL_NOT_DEFAULT | SSL_HIGH,
694 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
695 256,
696 256,
697 },
698 {
699 1,
700 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
701 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
702 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
703 SSL_kDHE,
704 SSL_aRSA,
705 SSL_AES128CCM,
706 SSL_AEAD,
707 TLS1_2_VERSION, TLS1_2_VERSION,
708 DTLS1_2_VERSION, DTLS1_2_VERSION,
709 SSL_NOT_DEFAULT | SSL_HIGH,
710 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
711 128,
712 128,
713 },
714 {
715 1,
716 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
717 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
718 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
719 SSL_kDHE,
720 SSL_aRSA,
721 SSL_AES256CCM,
722 SSL_AEAD,
723 TLS1_2_VERSION, TLS1_2_VERSION,
724 DTLS1_2_VERSION, DTLS1_2_VERSION,
725 SSL_NOT_DEFAULT | SSL_HIGH,
726 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
727 256,
728 256,
729 },
730 {
731 1,
732 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
733 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
734 TLS1_CK_RSA_WITH_AES_128_CCM_8,
735 SSL_kRSA,
736 SSL_aRSA,
737 SSL_AES128CCM8,
738 SSL_AEAD,
739 TLS1_2_VERSION, TLS1_2_VERSION,
740 DTLS1_2_VERSION, DTLS1_2_VERSION,
741 SSL_NOT_DEFAULT | SSL_MEDIUM,
742 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
743 64, /* CCM8 uses a short tag, so we have a low security strength */
744 128,
745 },
746 {
747 1,
748 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
749 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
750 TLS1_CK_RSA_WITH_AES_256_CCM_8,
751 SSL_kRSA,
752 SSL_aRSA,
753 SSL_AES256CCM8,
754 SSL_AEAD,
755 TLS1_2_VERSION, TLS1_2_VERSION,
756 DTLS1_2_VERSION, DTLS1_2_VERSION,
757 SSL_NOT_DEFAULT | SSL_MEDIUM,
758 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
759 64, /* CCM8 uses a short tag, so we have a low security strength */
760 256,
761 },
762 {
763 1,
764 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
765 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
766 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
767 SSL_kDHE,
768 SSL_aRSA,
769 SSL_AES128CCM8,
770 SSL_AEAD,
771 TLS1_2_VERSION, TLS1_2_VERSION,
772 DTLS1_2_VERSION, DTLS1_2_VERSION,
773 SSL_NOT_DEFAULT | SSL_MEDIUM,
774 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
775 64, /* CCM8 uses a short tag, so we have a low security strength */
776 128,
777 },
778 {
779 1,
780 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
781 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
782 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
783 SSL_kDHE,
784 SSL_aRSA,
785 SSL_AES256CCM8,
786 SSL_AEAD,
787 TLS1_2_VERSION, TLS1_2_VERSION,
788 DTLS1_2_VERSION, DTLS1_2_VERSION,
789 SSL_NOT_DEFAULT | SSL_MEDIUM,
790 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
791 64, /* CCM8 uses a short tag, so we have a low security strength */
792 256,
793 },
794 {
795 1,
796 TLS1_TXT_PSK_WITH_AES_128_CCM,
797 TLS1_RFC_PSK_WITH_AES_128_CCM,
798 TLS1_CK_PSK_WITH_AES_128_CCM,
799 SSL_kPSK,
800 SSL_aPSK,
801 SSL_AES128CCM,
802 SSL_AEAD,
803 TLS1_2_VERSION, TLS1_2_VERSION,
804 DTLS1_2_VERSION, DTLS1_2_VERSION,
805 SSL_NOT_DEFAULT | SSL_HIGH,
806 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
807 128,
808 128,
809 },
810 {
811 1,
812 TLS1_TXT_PSK_WITH_AES_256_CCM,
813 TLS1_RFC_PSK_WITH_AES_256_CCM,
814 TLS1_CK_PSK_WITH_AES_256_CCM,
815 SSL_kPSK,
816 SSL_aPSK,
817 SSL_AES256CCM,
818 SSL_AEAD,
819 TLS1_2_VERSION, TLS1_2_VERSION,
820 DTLS1_2_VERSION, DTLS1_2_VERSION,
821 SSL_NOT_DEFAULT | SSL_HIGH,
822 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
823 256,
824 256,
825 },
826 {
827 1,
828 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
829 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
830 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
831 SSL_kDHEPSK,
832 SSL_aPSK,
833 SSL_AES128CCM,
834 SSL_AEAD,
835 TLS1_2_VERSION, TLS1_2_VERSION,
836 DTLS1_2_VERSION, DTLS1_2_VERSION,
837 SSL_NOT_DEFAULT | SSL_HIGH,
838 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
839 128,
840 128,
841 },
842 {
843 1,
844 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
845 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
846 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
847 SSL_kDHEPSK,
848 SSL_aPSK,
849 SSL_AES256CCM,
850 SSL_AEAD,
851 TLS1_2_VERSION, TLS1_2_VERSION,
852 DTLS1_2_VERSION, DTLS1_2_VERSION,
853 SSL_NOT_DEFAULT | SSL_HIGH,
854 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
855 256,
856 256,
857 },
858 {
859 1,
860 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
861 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
862 TLS1_CK_PSK_WITH_AES_128_CCM_8,
863 SSL_kPSK,
864 SSL_aPSK,
865 SSL_AES128CCM8,
866 SSL_AEAD,
867 TLS1_2_VERSION, TLS1_2_VERSION,
868 DTLS1_2_VERSION, DTLS1_2_VERSION,
869 SSL_NOT_DEFAULT | SSL_MEDIUM,
870 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
871 64, /* CCM8 uses a short tag, so we have a low security strength */
872 128,
873 },
874 {
875 1,
876 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
877 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
878 TLS1_CK_PSK_WITH_AES_256_CCM_8,
879 SSL_kPSK,
880 SSL_aPSK,
881 SSL_AES256CCM8,
882 SSL_AEAD,
883 TLS1_2_VERSION, TLS1_2_VERSION,
884 DTLS1_2_VERSION, DTLS1_2_VERSION,
885 SSL_NOT_DEFAULT | SSL_MEDIUM,
886 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
887 64, /* CCM8 uses a short tag, so we have a low security strength */
888 256,
889 },
890 {
891 1,
892 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
893 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
894 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
895 SSL_kDHEPSK,
896 SSL_aPSK,
897 SSL_AES128CCM8,
898 SSL_AEAD,
899 TLS1_2_VERSION, TLS1_2_VERSION,
900 DTLS1_2_VERSION, DTLS1_2_VERSION,
901 SSL_NOT_DEFAULT | SSL_MEDIUM,
902 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
903 64, /* CCM8 uses a short tag, so we have a low security strength */
904 128,
905 },
906 {
907 1,
908 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
909 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
910 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
911 SSL_kDHEPSK,
912 SSL_aPSK,
913 SSL_AES256CCM8,
914 SSL_AEAD,
915 TLS1_2_VERSION, TLS1_2_VERSION,
916 DTLS1_2_VERSION, DTLS1_2_VERSION,
917 SSL_NOT_DEFAULT | SSL_MEDIUM,
918 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
919 64, /* CCM8 uses a short tag, so we have a low security strength */
920 256,
921 },
922 {
923 1,
924 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
925 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
926 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
927 SSL_kECDHE,
928 SSL_aECDSA,
929 SSL_AES128CCM,
930 SSL_AEAD,
931 TLS1_2_VERSION, TLS1_2_VERSION,
932 DTLS1_2_VERSION, DTLS1_2_VERSION,
933 SSL_NOT_DEFAULT | SSL_HIGH,
934 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
935 128,
936 128,
937 },
938 {
939 1,
940 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
941 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
942 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
943 SSL_kECDHE,
944 SSL_aECDSA,
945 SSL_AES256CCM,
946 SSL_AEAD,
947 TLS1_2_VERSION, TLS1_2_VERSION,
948 DTLS1_2_VERSION, DTLS1_2_VERSION,
949 SSL_NOT_DEFAULT | SSL_HIGH,
950 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
951 256,
952 256,
953 },
954 {
955 1,
956 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
957 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
958 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
959 SSL_kECDHE,
960 SSL_aECDSA,
961 SSL_AES128CCM8,
962 SSL_AEAD,
963 TLS1_2_VERSION, TLS1_2_VERSION,
964 DTLS1_2_VERSION, DTLS1_2_VERSION,
965 SSL_NOT_DEFAULT | SSL_MEDIUM,
966 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
967 64, /* CCM8 uses a short tag, so we have a low security strength */
968 128,
969 },
970 {
971 1,
972 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
973 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
974 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
975 SSL_kECDHE,
976 SSL_aECDSA,
977 SSL_AES256CCM8,
978 SSL_AEAD,
979 TLS1_2_VERSION, TLS1_2_VERSION,
980 DTLS1_2_VERSION, DTLS1_2_VERSION,
981 SSL_NOT_DEFAULT | SSL_MEDIUM,
982 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
983 64, /* CCM8 uses a short tag, so we have a low security strength */
984 256,
985 },
986 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
987 {
988 1,
989 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
990 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
991 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
992 SSL_kECDHE,
993 SSL_aECDSA,
994 SSL_eNULL,
995 SSL_SHA1,
996 TLS1_VERSION, TLS1_2_VERSION,
997 DTLS1_BAD_VER, DTLS1_2_VERSION,
998 SSL_STRONG_NONE | SSL_FIPS,
999 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1000 0,
1001 0,
1002 },
1003 #endif
1004 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1005 {
1006 1,
1007 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1008 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1009 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1010 SSL_kECDHE,
1011 SSL_aECDSA,
1012 SSL_3DES,
1013 SSL_SHA1,
1014 TLS1_VERSION, TLS1_2_VERSION,
1015 DTLS1_BAD_VER, DTLS1_2_VERSION,
1016 SSL_NOT_DEFAULT | SSL_MEDIUM,
1017 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1018 112,
1019 168,
1020 },
1021 # endif
1022 {
1023 1,
1024 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1025 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1026 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1027 SSL_kECDHE,
1028 SSL_aECDSA,
1029 SSL_AES128,
1030 SSL_SHA1,
1031 TLS1_VERSION, TLS1_2_VERSION,
1032 DTLS1_BAD_VER, DTLS1_2_VERSION,
1033 SSL_HIGH | SSL_FIPS,
1034 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1035 128,
1036 128,
1037 },
1038 {
1039 1,
1040 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1041 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1042 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1043 SSL_kECDHE,
1044 SSL_aECDSA,
1045 SSL_AES256,
1046 SSL_SHA1,
1047 TLS1_VERSION, TLS1_2_VERSION,
1048 DTLS1_BAD_VER, DTLS1_2_VERSION,
1049 SSL_HIGH | SSL_FIPS,
1050 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1051 256,
1052 256,
1053 },
1054 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1055 {
1056 1,
1057 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1058 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1059 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1060 SSL_kECDHE,
1061 SSL_aRSA,
1062 SSL_eNULL,
1063 SSL_SHA1,
1064 TLS1_VERSION, TLS1_2_VERSION,
1065 DTLS1_BAD_VER, DTLS1_2_VERSION,
1066 SSL_STRONG_NONE | SSL_FIPS,
1067 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1068 0,
1069 0,
1070 },
1071 #endif
1072 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1073 {
1074 1,
1075 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1076 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1077 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1078 SSL_kECDHE,
1079 SSL_aRSA,
1080 SSL_3DES,
1081 SSL_SHA1,
1082 TLS1_VERSION, TLS1_2_VERSION,
1083 DTLS1_BAD_VER, DTLS1_2_VERSION,
1084 SSL_NOT_DEFAULT | SSL_MEDIUM,
1085 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1086 112,
1087 168,
1088 },
1089 # endif
1090 {
1091 1,
1092 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1093 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1094 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1095 SSL_kECDHE,
1096 SSL_aRSA,
1097 SSL_AES128,
1098 SSL_SHA1,
1099 TLS1_VERSION, TLS1_2_VERSION,
1100 DTLS1_BAD_VER, DTLS1_2_VERSION,
1101 SSL_HIGH | SSL_FIPS,
1102 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1103 128,
1104 128,
1105 },
1106 {
1107 1,
1108 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1109 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1110 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1111 SSL_kECDHE,
1112 SSL_aRSA,
1113 SSL_AES256,
1114 SSL_SHA1,
1115 TLS1_VERSION, TLS1_2_VERSION,
1116 DTLS1_BAD_VER, DTLS1_2_VERSION,
1117 SSL_HIGH | SSL_FIPS,
1118 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1119 256,
1120 256,
1121 },
1122 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1123 {
1124 1,
1125 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1126 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1127 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1128 SSL_kECDHE,
1129 SSL_aNULL,
1130 SSL_eNULL,
1131 SSL_SHA1,
1132 TLS1_VERSION, TLS1_2_VERSION,
1133 DTLS1_BAD_VER, DTLS1_2_VERSION,
1134 SSL_STRONG_NONE | SSL_FIPS,
1135 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1136 0,
1137 0,
1138 },
1139 #endif
1140 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1141 {
1142 1,
1143 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1144 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1145 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1146 SSL_kECDHE,
1147 SSL_aNULL,
1148 SSL_3DES,
1149 SSL_SHA1,
1150 TLS1_VERSION, TLS1_2_VERSION,
1151 DTLS1_BAD_VER, DTLS1_2_VERSION,
1152 SSL_NOT_DEFAULT | SSL_MEDIUM,
1153 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1154 112,
1155 168,
1156 },
1157 # endif
1158 {
1159 1,
1160 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1161 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1162 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1163 SSL_kECDHE,
1164 SSL_aNULL,
1165 SSL_AES128,
1166 SSL_SHA1,
1167 TLS1_VERSION, TLS1_2_VERSION,
1168 DTLS1_BAD_VER, DTLS1_2_VERSION,
1169 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1170 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1171 128,
1172 128,
1173 },
1174 {
1175 1,
1176 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1177 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1178 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1179 SSL_kECDHE,
1180 SSL_aNULL,
1181 SSL_AES256,
1182 SSL_SHA1,
1183 TLS1_VERSION, TLS1_2_VERSION,
1184 DTLS1_BAD_VER, DTLS1_2_VERSION,
1185 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1186 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1187 256,
1188 256,
1189 },
1190 {
1191 1,
1192 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1193 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1194 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1195 SSL_kECDHE,
1196 SSL_aECDSA,
1197 SSL_AES128,
1198 SSL_SHA256,
1199 TLS1_2_VERSION, TLS1_2_VERSION,
1200 DTLS1_2_VERSION, DTLS1_2_VERSION,
1201 SSL_HIGH | SSL_FIPS,
1202 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1203 128,
1204 128,
1205 },
1206 {
1207 1,
1208 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1209 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1210 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1211 SSL_kECDHE,
1212 SSL_aECDSA,
1213 SSL_AES256,
1214 SSL_SHA384,
1215 TLS1_2_VERSION, TLS1_2_VERSION,
1216 DTLS1_2_VERSION, DTLS1_2_VERSION,
1217 SSL_HIGH | SSL_FIPS,
1218 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1219 256,
1220 256,
1221 },
1222 {
1223 1,
1224 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1225 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1226 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1227 SSL_kECDHE,
1228 SSL_aRSA,
1229 SSL_AES128,
1230 SSL_SHA256,
1231 TLS1_2_VERSION, TLS1_2_VERSION,
1232 DTLS1_2_VERSION, DTLS1_2_VERSION,
1233 SSL_HIGH | SSL_FIPS,
1234 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1235 128,
1236 128,
1237 },
1238 {
1239 1,
1240 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1241 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1242 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1243 SSL_kECDHE,
1244 SSL_aRSA,
1245 SSL_AES256,
1246 SSL_SHA384,
1247 TLS1_2_VERSION, TLS1_2_VERSION,
1248 DTLS1_2_VERSION, DTLS1_2_VERSION,
1249 SSL_HIGH | SSL_FIPS,
1250 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1251 256,
1252 256,
1253 },
1254 {
1255 1,
1256 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1257 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1258 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1259 SSL_kECDHE,
1260 SSL_aECDSA,
1261 SSL_AES128GCM,
1262 SSL_AEAD,
1263 TLS1_2_VERSION, TLS1_2_VERSION,
1264 DTLS1_2_VERSION, DTLS1_2_VERSION,
1265 SSL_HIGH | SSL_FIPS,
1266 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1267 128,
1268 128,
1269 },
1270 {
1271 1,
1272 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1273 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1274 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1275 SSL_kECDHE,
1276 SSL_aECDSA,
1277 SSL_AES256GCM,
1278 SSL_AEAD,
1279 TLS1_2_VERSION, TLS1_2_VERSION,
1280 DTLS1_2_VERSION, DTLS1_2_VERSION,
1281 SSL_HIGH | SSL_FIPS,
1282 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1283 256,
1284 256,
1285 },
1286 {
1287 1,
1288 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1289 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1290 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1291 SSL_kECDHE,
1292 SSL_aRSA,
1293 SSL_AES128GCM,
1294 SSL_AEAD,
1295 TLS1_2_VERSION, TLS1_2_VERSION,
1296 DTLS1_2_VERSION, DTLS1_2_VERSION,
1297 SSL_HIGH | SSL_FIPS,
1298 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1299 128,
1300 128,
1301 },
1302 {
1303 1,
1304 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1305 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1306 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1307 SSL_kECDHE,
1308 SSL_aRSA,
1309 SSL_AES256GCM,
1310 SSL_AEAD,
1311 TLS1_2_VERSION, TLS1_2_VERSION,
1312 DTLS1_2_VERSION, DTLS1_2_VERSION,
1313 SSL_HIGH | SSL_FIPS,
1314 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1315 256,
1316 256,
1317 },
1318 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1319 {
1320 1,
1321 TLS1_TXT_PSK_WITH_NULL_SHA,
1322 TLS1_RFC_PSK_WITH_NULL_SHA,
1323 TLS1_CK_PSK_WITH_NULL_SHA,
1324 SSL_kPSK,
1325 SSL_aPSK,
1326 SSL_eNULL,
1327 SSL_SHA1,
1328 SSL3_VERSION, TLS1_2_VERSION,
1329 DTLS1_BAD_VER, DTLS1_2_VERSION,
1330 SSL_STRONG_NONE | SSL_FIPS,
1331 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1332 0,
1333 0,
1334 },
1335 {
1336 1,
1337 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1338 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1339 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1340 SSL_kDHEPSK,
1341 SSL_aPSK,
1342 SSL_eNULL,
1343 SSL_SHA1,
1344 SSL3_VERSION, TLS1_2_VERSION,
1345 DTLS1_BAD_VER, DTLS1_2_VERSION,
1346 SSL_STRONG_NONE | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1348 0,
1349 0,
1350 },
1351 {
1352 1,
1353 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1354 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1355 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1356 SSL_kRSAPSK,
1357 SSL_aRSA,
1358 SSL_eNULL,
1359 SSL_SHA1,
1360 SSL3_VERSION, TLS1_2_VERSION,
1361 DTLS1_BAD_VER, DTLS1_2_VERSION,
1362 SSL_STRONG_NONE | SSL_FIPS,
1363 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1364 0,
1365 0,
1366 },
1367 #endif
1368 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1369 {
1370 1,
1371 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1372 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1373 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1374 SSL_kPSK,
1375 SSL_aPSK,
1376 SSL_3DES,
1377 SSL_SHA1,
1378 SSL3_VERSION, TLS1_2_VERSION,
1379 DTLS1_BAD_VER, DTLS1_2_VERSION,
1380 SSL_NOT_DEFAULT | SSL_MEDIUM,
1381 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1382 112,
1383 168,
1384 },
1385 # endif
1386 {
1387 1,
1388 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1389 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1390 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1391 SSL_kPSK,
1392 SSL_aPSK,
1393 SSL_AES128,
1394 SSL_SHA1,
1395 SSL3_VERSION, TLS1_2_VERSION,
1396 DTLS1_BAD_VER, DTLS1_2_VERSION,
1397 SSL_HIGH | SSL_FIPS,
1398 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1399 128,
1400 128,
1401 },
1402 {
1403 1,
1404 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1405 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1406 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1407 SSL_kPSK,
1408 SSL_aPSK,
1409 SSL_AES256,
1410 SSL_SHA1,
1411 SSL3_VERSION, TLS1_2_VERSION,
1412 DTLS1_BAD_VER, DTLS1_2_VERSION,
1413 SSL_HIGH | SSL_FIPS,
1414 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1415 256,
1416 256,
1417 },
1418 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1419 {
1420 1,
1421 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1422 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1423 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1424 SSL_kDHEPSK,
1425 SSL_aPSK,
1426 SSL_3DES,
1427 SSL_SHA1,
1428 SSL3_VERSION, TLS1_2_VERSION,
1429 DTLS1_BAD_VER, DTLS1_2_VERSION,
1430 SSL_NOT_DEFAULT | SSL_MEDIUM,
1431 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1432 112,
1433 168,
1434 },
1435 # endif
1436 {
1437 1,
1438 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1439 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1440 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1441 SSL_kDHEPSK,
1442 SSL_aPSK,
1443 SSL_AES128,
1444 SSL_SHA1,
1445 SSL3_VERSION, TLS1_2_VERSION,
1446 DTLS1_BAD_VER, DTLS1_2_VERSION,
1447 SSL_HIGH | SSL_FIPS,
1448 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1449 128,
1450 128,
1451 },
1452 {
1453 1,
1454 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1455 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1456 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1457 SSL_kDHEPSK,
1458 SSL_aPSK,
1459 SSL_AES256,
1460 SSL_SHA1,
1461 SSL3_VERSION, TLS1_2_VERSION,
1462 DTLS1_BAD_VER, DTLS1_2_VERSION,
1463 SSL_HIGH | SSL_FIPS,
1464 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1465 256,
1466 256,
1467 },
1468 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1469 {
1470 1,
1471 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1472 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1473 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1474 SSL_kRSAPSK,
1475 SSL_aRSA,
1476 SSL_3DES,
1477 SSL_SHA1,
1478 SSL3_VERSION, TLS1_2_VERSION,
1479 DTLS1_BAD_VER, DTLS1_2_VERSION,
1480 SSL_NOT_DEFAULT | SSL_MEDIUM,
1481 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1482 112,
1483 168,
1484 },
1485 # endif
1486 {
1487 1,
1488 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1489 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1490 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1491 SSL_kRSAPSK,
1492 SSL_aRSA,
1493 SSL_AES128,
1494 SSL_SHA1,
1495 SSL3_VERSION, TLS1_2_VERSION,
1496 DTLS1_BAD_VER, DTLS1_2_VERSION,
1497 SSL_HIGH | SSL_FIPS,
1498 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1499 128,
1500 128,
1501 },
1502 {
1503 1,
1504 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1505 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1506 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1507 SSL_kRSAPSK,
1508 SSL_aRSA,
1509 SSL_AES256,
1510 SSL_SHA1,
1511 SSL3_VERSION, TLS1_2_VERSION,
1512 DTLS1_BAD_VER, DTLS1_2_VERSION,
1513 SSL_HIGH | SSL_FIPS,
1514 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1515 256,
1516 256,
1517 },
1518 {
1519 1,
1520 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1521 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1522 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1523 SSL_kPSK,
1524 SSL_aPSK,
1525 SSL_AES128GCM,
1526 SSL_AEAD,
1527 TLS1_2_VERSION, TLS1_2_VERSION,
1528 DTLS1_2_VERSION, DTLS1_2_VERSION,
1529 SSL_HIGH | SSL_FIPS,
1530 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1531 128,
1532 128,
1533 },
1534 {
1535 1,
1536 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1537 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1538 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1539 SSL_kPSK,
1540 SSL_aPSK,
1541 SSL_AES256GCM,
1542 SSL_AEAD,
1543 TLS1_2_VERSION, TLS1_2_VERSION,
1544 DTLS1_2_VERSION, DTLS1_2_VERSION,
1545 SSL_HIGH | SSL_FIPS,
1546 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1547 256,
1548 256,
1549 },
1550 {
1551 1,
1552 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1553 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1554 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1555 SSL_kDHEPSK,
1556 SSL_aPSK,
1557 SSL_AES128GCM,
1558 SSL_AEAD,
1559 TLS1_2_VERSION, TLS1_2_VERSION,
1560 DTLS1_2_VERSION, DTLS1_2_VERSION,
1561 SSL_HIGH | SSL_FIPS,
1562 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1563 128,
1564 128,
1565 },
1566 {
1567 1,
1568 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1569 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1570 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1571 SSL_kDHEPSK,
1572 SSL_aPSK,
1573 SSL_AES256GCM,
1574 SSL_AEAD,
1575 TLS1_2_VERSION, TLS1_2_VERSION,
1576 DTLS1_2_VERSION, DTLS1_2_VERSION,
1577 SSL_HIGH | SSL_FIPS,
1578 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1579 256,
1580 256,
1581 },
1582 {
1583 1,
1584 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1585 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1586 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1587 SSL_kRSAPSK,
1588 SSL_aRSA,
1589 SSL_AES128GCM,
1590 SSL_AEAD,
1591 TLS1_2_VERSION, TLS1_2_VERSION,
1592 DTLS1_2_VERSION, DTLS1_2_VERSION,
1593 SSL_HIGH | SSL_FIPS,
1594 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1595 128,
1596 128,
1597 },
1598 {
1599 1,
1600 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1601 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1602 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1603 SSL_kRSAPSK,
1604 SSL_aRSA,
1605 SSL_AES256GCM,
1606 SSL_AEAD,
1607 TLS1_2_VERSION, TLS1_2_VERSION,
1608 DTLS1_2_VERSION, DTLS1_2_VERSION,
1609 SSL_HIGH | SSL_FIPS,
1610 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1611 256,
1612 256,
1613 },
1614 {
1615 1,
1616 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1617 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1618 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1619 SSL_kPSK,
1620 SSL_aPSK,
1621 SSL_AES128,
1622 SSL_SHA256,
1623 TLS1_VERSION, TLS1_2_VERSION,
1624 DTLS1_BAD_VER, DTLS1_2_VERSION,
1625 SSL_HIGH | SSL_FIPS,
1626 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1627 128,
1628 128,
1629 },
1630 {
1631 1,
1632 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1633 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1634 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1635 SSL_kPSK,
1636 SSL_aPSK,
1637 SSL_AES256,
1638 SSL_SHA384,
1639 TLS1_VERSION, TLS1_2_VERSION,
1640 DTLS1_BAD_VER, DTLS1_2_VERSION,
1641 SSL_HIGH | SSL_FIPS,
1642 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1643 256,
1644 256,
1645 },
1646 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1647 {
1648 1,
1649 TLS1_TXT_PSK_WITH_NULL_SHA256,
1650 TLS1_RFC_PSK_WITH_NULL_SHA256,
1651 TLS1_CK_PSK_WITH_NULL_SHA256,
1652 SSL_kPSK,
1653 SSL_aPSK,
1654 SSL_eNULL,
1655 SSL_SHA256,
1656 TLS1_VERSION, TLS1_2_VERSION,
1657 DTLS1_BAD_VER, DTLS1_2_VERSION,
1658 SSL_STRONG_NONE | SSL_FIPS,
1659 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1660 0,
1661 0,
1662 },
1663 {
1664 1,
1665 TLS1_TXT_PSK_WITH_NULL_SHA384,
1666 TLS1_RFC_PSK_WITH_NULL_SHA384,
1667 TLS1_CK_PSK_WITH_NULL_SHA384,
1668 SSL_kPSK,
1669 SSL_aPSK,
1670 SSL_eNULL,
1671 SSL_SHA384,
1672 TLS1_VERSION, TLS1_2_VERSION,
1673 DTLS1_BAD_VER, DTLS1_2_VERSION,
1674 SSL_STRONG_NONE | SSL_FIPS,
1675 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1676 0,
1677 0,
1678 },
1679 #endif
1680 {
1681 1,
1682 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1683 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1684 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1685 SSL_kDHEPSK,
1686 SSL_aPSK,
1687 SSL_AES128,
1688 SSL_SHA256,
1689 TLS1_VERSION, TLS1_2_VERSION,
1690 DTLS1_BAD_VER, DTLS1_2_VERSION,
1691 SSL_HIGH | SSL_FIPS,
1692 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1693 128,
1694 128,
1695 },
1696 {
1697 1,
1698 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1699 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1700 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1701 SSL_kDHEPSK,
1702 SSL_aPSK,
1703 SSL_AES256,
1704 SSL_SHA384,
1705 TLS1_VERSION, TLS1_2_VERSION,
1706 DTLS1_BAD_VER, DTLS1_2_VERSION,
1707 SSL_HIGH | SSL_FIPS,
1708 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1709 256,
1710 256,
1711 },
1712 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1713 {
1714 1,
1715 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1716 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1717 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1718 SSL_kDHEPSK,
1719 SSL_aPSK,
1720 SSL_eNULL,
1721 SSL_SHA256,
1722 TLS1_VERSION, TLS1_2_VERSION,
1723 DTLS1_BAD_VER, DTLS1_2_VERSION,
1724 SSL_STRONG_NONE | SSL_FIPS,
1725 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1726 0,
1727 0,
1728 },
1729 {
1730 1,
1731 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1732 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1733 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1734 SSL_kDHEPSK,
1735 SSL_aPSK,
1736 SSL_eNULL,
1737 SSL_SHA384,
1738 TLS1_VERSION, TLS1_2_VERSION,
1739 DTLS1_BAD_VER, DTLS1_2_VERSION,
1740 SSL_STRONG_NONE | SSL_FIPS,
1741 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1742 0,
1743 0,
1744 },
1745 #endif
1746 {
1747 1,
1748 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1749 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1750 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1751 SSL_kRSAPSK,
1752 SSL_aRSA,
1753 SSL_AES128,
1754 SSL_SHA256,
1755 TLS1_VERSION, TLS1_2_VERSION,
1756 DTLS1_BAD_VER, DTLS1_2_VERSION,
1757 SSL_HIGH | SSL_FIPS,
1758 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1759 128,
1760 128,
1761 },
1762 {
1763 1,
1764 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1765 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1766 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1767 SSL_kRSAPSK,
1768 SSL_aRSA,
1769 SSL_AES256,
1770 SSL_SHA384,
1771 TLS1_VERSION, TLS1_2_VERSION,
1772 DTLS1_BAD_VER, DTLS1_2_VERSION,
1773 SSL_HIGH | SSL_FIPS,
1774 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1775 256,
1776 256,
1777 },
1778 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1779 {
1780 1,
1781 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1782 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1783 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1784 SSL_kRSAPSK,
1785 SSL_aRSA,
1786 SSL_eNULL,
1787 SSL_SHA256,
1788 TLS1_VERSION, TLS1_2_VERSION,
1789 DTLS1_BAD_VER, DTLS1_2_VERSION,
1790 SSL_STRONG_NONE | SSL_FIPS,
1791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1792 0,
1793 0,
1794 },
1795 {
1796 1,
1797 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1798 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1799 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1800 SSL_kRSAPSK,
1801 SSL_aRSA,
1802 SSL_eNULL,
1803 SSL_SHA384,
1804 TLS1_VERSION, TLS1_2_VERSION,
1805 DTLS1_BAD_VER, DTLS1_2_VERSION,
1806 SSL_STRONG_NONE | SSL_FIPS,
1807 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1808 0,
1809 0,
1810 },
1811 #endif
1812 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1813 {
1814 1,
1815 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1816 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1817 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1818 SSL_kECDHEPSK,
1819 SSL_aPSK,
1820 SSL_3DES,
1821 SSL_SHA1,
1822 TLS1_VERSION, TLS1_2_VERSION,
1823 DTLS1_BAD_VER, DTLS1_2_VERSION,
1824 SSL_NOT_DEFAULT | SSL_MEDIUM,
1825 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1826 112,
1827 168,
1828 },
1829 # endif
1830 {
1831 1,
1832 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1833 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1834 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1835 SSL_kECDHEPSK,
1836 SSL_aPSK,
1837 SSL_AES128,
1838 SSL_SHA1,
1839 TLS1_VERSION, TLS1_2_VERSION,
1840 DTLS1_BAD_VER, DTLS1_2_VERSION,
1841 SSL_HIGH | SSL_FIPS,
1842 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1843 128,
1844 128,
1845 },
1846 {
1847 1,
1848 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1849 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1850 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1851 SSL_kECDHEPSK,
1852 SSL_aPSK,
1853 SSL_AES256,
1854 SSL_SHA1,
1855 TLS1_VERSION, TLS1_2_VERSION,
1856 DTLS1_BAD_VER, DTLS1_2_VERSION,
1857 SSL_HIGH | SSL_FIPS,
1858 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859 256,
1860 256,
1861 },
1862 {
1863 1,
1864 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1865 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1866 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1867 SSL_kECDHEPSK,
1868 SSL_aPSK,
1869 SSL_AES128,
1870 SSL_SHA256,
1871 TLS1_VERSION, TLS1_2_VERSION,
1872 DTLS1_BAD_VER, DTLS1_2_VERSION,
1873 SSL_HIGH | SSL_FIPS,
1874 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875 128,
1876 128,
1877 },
1878 {
1879 1,
1880 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1881 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1882 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1883 SSL_kECDHEPSK,
1884 SSL_aPSK,
1885 SSL_AES256,
1886 SSL_SHA384,
1887 TLS1_VERSION, TLS1_2_VERSION,
1888 DTLS1_BAD_VER, DTLS1_2_VERSION,
1889 SSL_HIGH | SSL_FIPS,
1890 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1891 256,
1892 256,
1893 },
1894 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1895 {
1896 1,
1897 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1898 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1899 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1900 SSL_kECDHEPSK,
1901 SSL_aPSK,
1902 SSL_eNULL,
1903 SSL_SHA1,
1904 TLS1_VERSION, TLS1_2_VERSION,
1905 DTLS1_BAD_VER, DTLS1_2_VERSION,
1906 SSL_STRONG_NONE | SSL_FIPS,
1907 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1908 0,
1909 0,
1910 },
1911 {
1912 1,
1913 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1914 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1915 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1916 SSL_kECDHEPSK,
1917 SSL_aPSK,
1918 SSL_eNULL,
1919 SSL_SHA256,
1920 TLS1_VERSION, TLS1_2_VERSION,
1921 DTLS1_BAD_VER, DTLS1_2_VERSION,
1922 SSL_STRONG_NONE | SSL_FIPS,
1923 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1924 0,
1925 0,
1926 },
1927 {
1928 1,
1929 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1930 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1931 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1932 SSL_kECDHEPSK,
1933 SSL_aPSK,
1934 SSL_eNULL,
1935 SSL_SHA384,
1936 TLS1_VERSION, TLS1_2_VERSION,
1937 DTLS1_BAD_VER, DTLS1_2_VERSION,
1938 SSL_STRONG_NONE | SSL_FIPS,
1939 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1940 0,
1941 0,
1942 },
1943 #endif
1944 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1945 {
1946 1,
1947 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1948 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1949 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1950 SSL_kSRP,
1951 SSL_aSRP,
1952 SSL_3DES,
1953 SSL_SHA1,
1954 SSL3_VERSION, TLS1_2_VERSION,
1955 DTLS1_BAD_VER, DTLS1_2_VERSION,
1956 SSL_NOT_DEFAULT | SSL_MEDIUM,
1957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1958 112,
1959 168,
1960 },
1961 {
1962 1,
1963 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1964 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1965 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1966 SSL_kSRP,
1967 SSL_aRSA,
1968 SSL_3DES,
1969 SSL_SHA1,
1970 SSL3_VERSION, TLS1_2_VERSION,
1971 DTLS1_BAD_VER, DTLS1_2_VERSION,
1972 SSL_NOT_DEFAULT | SSL_MEDIUM,
1973 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1974 112,
1975 168,
1976 },
1977 {
1978 1,
1979 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1980 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1981 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1982 SSL_kSRP,
1983 SSL_aDSS,
1984 SSL_3DES,
1985 SSL_SHA1,
1986 SSL3_VERSION, TLS1_2_VERSION,
1987 DTLS1_BAD_VER, DTLS1_2_VERSION,
1988 SSL_NOT_DEFAULT | SSL_MEDIUM,
1989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1990 112,
1991 168,
1992 },
1993 # endif
1994 {
1995 1,
1996 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1997 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1998 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1999 SSL_kSRP,
2000 SSL_aSRP,
2001 SSL_AES128,
2002 SSL_SHA1,
2003 SSL3_VERSION, TLS1_2_VERSION,
2004 DTLS1_BAD_VER, DTLS1_2_VERSION,
2005 SSL_HIGH,
2006 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2007 128,
2008 128,
2009 },
2010 {
2011 1,
2012 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2013 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2014 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2015 SSL_kSRP,
2016 SSL_aRSA,
2017 SSL_AES128,
2018 SSL_SHA1,
2019 SSL3_VERSION, TLS1_2_VERSION,
2020 DTLS1_BAD_VER, DTLS1_2_VERSION,
2021 SSL_HIGH,
2022 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2023 128,
2024 128,
2025 },
2026 {
2027 1,
2028 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2029 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2030 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2031 SSL_kSRP,
2032 SSL_aDSS,
2033 SSL_AES128,
2034 SSL_SHA1,
2035 SSL3_VERSION, TLS1_2_VERSION,
2036 DTLS1_BAD_VER, DTLS1_2_VERSION,
2037 SSL_NOT_DEFAULT | SSL_HIGH,
2038 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2039 128,
2040 128,
2041 },
2042 {
2043 1,
2044 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2045 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2046 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2047 SSL_kSRP,
2048 SSL_aSRP,
2049 SSL_AES256,
2050 SSL_SHA1,
2051 SSL3_VERSION, TLS1_2_VERSION,
2052 DTLS1_BAD_VER, DTLS1_2_VERSION,
2053 SSL_HIGH,
2054 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2055 256,
2056 256,
2057 },
2058 {
2059 1,
2060 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2061 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2062 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2063 SSL_kSRP,
2064 SSL_aRSA,
2065 SSL_AES256,
2066 SSL_SHA1,
2067 SSL3_VERSION, TLS1_2_VERSION,
2068 DTLS1_BAD_VER, DTLS1_2_VERSION,
2069 SSL_HIGH,
2070 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2071 256,
2072 256,
2073 },
2074 {
2075 1,
2076 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2077 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2078 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2079 SSL_kSRP,
2080 SSL_aDSS,
2081 SSL_AES256,
2082 SSL_SHA1,
2083 SSL3_VERSION, TLS1_2_VERSION,
2084 DTLS1_BAD_VER, DTLS1_2_VERSION,
2085 SSL_NOT_DEFAULT | SSL_HIGH,
2086 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2087 256,
2088 256,
2089 },
2090
2091 {
2092 1,
2093 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2094 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2095 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2096 SSL_kDHE,
2097 SSL_aRSA,
2098 SSL_CHACHA20POLY1305,
2099 SSL_AEAD,
2100 TLS1_2_VERSION, TLS1_2_VERSION,
2101 DTLS1_2_VERSION, DTLS1_2_VERSION,
2102 SSL_HIGH,
2103 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2104 256,
2105 256,
2106 },
2107 {
2108 1,
2109 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2110 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2111 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2112 SSL_kECDHE,
2113 SSL_aRSA,
2114 SSL_CHACHA20POLY1305,
2115 SSL_AEAD,
2116 TLS1_2_VERSION, TLS1_2_VERSION,
2117 DTLS1_2_VERSION, DTLS1_2_VERSION,
2118 SSL_HIGH,
2119 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2120 256,
2121 256,
2122 },
2123 {
2124 1,
2125 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2126 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2127 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2128 SSL_kECDHE,
2129 SSL_aECDSA,
2130 SSL_CHACHA20POLY1305,
2131 SSL_AEAD,
2132 TLS1_2_VERSION, TLS1_2_VERSION,
2133 DTLS1_2_VERSION, DTLS1_2_VERSION,
2134 SSL_HIGH,
2135 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2136 256,
2137 256,
2138 },
2139 {
2140 1,
2141 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2142 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2143 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2144 SSL_kPSK,
2145 SSL_aPSK,
2146 SSL_CHACHA20POLY1305,
2147 SSL_AEAD,
2148 TLS1_2_VERSION, TLS1_2_VERSION,
2149 DTLS1_2_VERSION, DTLS1_2_VERSION,
2150 SSL_HIGH,
2151 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2152 256,
2153 256,
2154 },
2155 {
2156 1,
2157 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2158 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2159 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2160 SSL_kECDHEPSK,
2161 SSL_aPSK,
2162 SSL_CHACHA20POLY1305,
2163 SSL_AEAD,
2164 TLS1_2_VERSION, TLS1_2_VERSION,
2165 DTLS1_2_VERSION, DTLS1_2_VERSION,
2166 SSL_HIGH,
2167 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2168 256,
2169 256,
2170 },
2171 {
2172 1,
2173 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2174 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2175 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2176 SSL_kDHEPSK,
2177 SSL_aPSK,
2178 SSL_CHACHA20POLY1305,
2179 SSL_AEAD,
2180 TLS1_2_VERSION, TLS1_2_VERSION,
2181 DTLS1_2_VERSION, DTLS1_2_VERSION,
2182 SSL_HIGH,
2183 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2184 256,
2185 256,
2186 },
2187 {
2188 1,
2189 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2190 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2191 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2192 SSL_kRSAPSK,
2193 SSL_aRSA,
2194 SSL_CHACHA20POLY1305,
2195 SSL_AEAD,
2196 TLS1_2_VERSION, TLS1_2_VERSION,
2197 DTLS1_2_VERSION, DTLS1_2_VERSION,
2198 SSL_HIGH,
2199 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2200 256,
2201 256,
2202 },
2203
2204 {
2205 1,
2206 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2207 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2208 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2209 SSL_kRSA,
2210 SSL_aRSA,
2211 SSL_CAMELLIA128,
2212 SSL_SHA256,
2213 TLS1_2_VERSION, TLS1_2_VERSION,
2214 DTLS1_2_VERSION, DTLS1_2_VERSION,
2215 SSL_NOT_DEFAULT | SSL_HIGH,
2216 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2217 128,
2218 128,
2219 },
2220 {
2221 1,
2222 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2223 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2224 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2225 SSL_kDHE,
2226 SSL_aDSS,
2227 SSL_CAMELLIA128,
2228 SSL_SHA256,
2229 TLS1_2_VERSION, TLS1_2_VERSION,
2230 DTLS1_2_VERSION, DTLS1_2_VERSION,
2231 SSL_NOT_DEFAULT | SSL_HIGH,
2232 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2233 128,
2234 128,
2235 },
2236 {
2237 1,
2238 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2239 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2240 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2241 SSL_kDHE,
2242 SSL_aRSA,
2243 SSL_CAMELLIA128,
2244 SSL_SHA256,
2245 TLS1_2_VERSION, TLS1_2_VERSION,
2246 DTLS1_2_VERSION, DTLS1_2_VERSION,
2247 SSL_NOT_DEFAULT | SSL_HIGH,
2248 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2249 128,
2250 128,
2251 },
2252 {
2253 1,
2254 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2255 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2256 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2257 SSL_kDHE,
2258 SSL_aNULL,
2259 SSL_CAMELLIA128,
2260 SSL_SHA256,
2261 TLS1_2_VERSION, TLS1_2_VERSION,
2262 DTLS1_2_VERSION, DTLS1_2_VERSION,
2263 SSL_NOT_DEFAULT | SSL_HIGH,
2264 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2265 128,
2266 128,
2267 },
2268 {
2269 1,
2270 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2271 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2272 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2273 SSL_kRSA,
2274 SSL_aRSA,
2275 SSL_CAMELLIA256,
2276 SSL_SHA256,
2277 TLS1_2_VERSION, TLS1_2_VERSION,
2278 DTLS1_2_VERSION, DTLS1_2_VERSION,
2279 SSL_NOT_DEFAULT | SSL_HIGH,
2280 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2281 256,
2282 256,
2283 },
2284 {
2285 1,
2286 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2287 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2288 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2289 SSL_kDHE,
2290 SSL_aDSS,
2291 SSL_CAMELLIA256,
2292 SSL_SHA256,
2293 TLS1_2_VERSION, TLS1_2_VERSION,
2294 DTLS1_2_VERSION, DTLS1_2_VERSION,
2295 SSL_NOT_DEFAULT | SSL_HIGH,
2296 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2297 256,
2298 256,
2299 },
2300 {
2301 1,
2302 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2303 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2304 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2305 SSL_kDHE,
2306 SSL_aRSA,
2307 SSL_CAMELLIA256,
2308 SSL_SHA256,
2309 TLS1_2_VERSION, TLS1_2_VERSION,
2310 DTLS1_2_VERSION, DTLS1_2_VERSION,
2311 SSL_NOT_DEFAULT | SSL_HIGH,
2312 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2313 256,
2314 256,
2315 },
2316 {
2317 1,
2318 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2319 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2320 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2321 SSL_kDHE,
2322 SSL_aNULL,
2323 SSL_CAMELLIA256,
2324 SSL_SHA256,
2325 TLS1_2_VERSION, TLS1_2_VERSION,
2326 DTLS1_2_VERSION, DTLS1_2_VERSION,
2327 SSL_NOT_DEFAULT | SSL_HIGH,
2328 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2329 256,
2330 256,
2331 },
2332 {
2333 1,
2334 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2335 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2336 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2337 SSL_kRSA,
2338 SSL_aRSA,
2339 SSL_CAMELLIA256,
2340 SSL_SHA1,
2341 SSL3_VERSION, TLS1_2_VERSION,
2342 DTLS1_BAD_VER, DTLS1_2_VERSION,
2343 SSL_NOT_DEFAULT | SSL_HIGH,
2344 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2345 256,
2346 256,
2347 },
2348 {
2349 1,
2350 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2351 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2352 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2353 SSL_kDHE,
2354 SSL_aDSS,
2355 SSL_CAMELLIA256,
2356 SSL_SHA1,
2357 SSL3_VERSION, TLS1_2_VERSION,
2358 DTLS1_BAD_VER, DTLS1_2_VERSION,
2359 SSL_NOT_DEFAULT | SSL_HIGH,
2360 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2361 256,
2362 256,
2363 },
2364 {
2365 1,
2366 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2367 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2368 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2369 SSL_kDHE,
2370 SSL_aRSA,
2371 SSL_CAMELLIA256,
2372 SSL_SHA1,
2373 SSL3_VERSION, TLS1_2_VERSION,
2374 DTLS1_BAD_VER, DTLS1_2_VERSION,
2375 SSL_NOT_DEFAULT | SSL_HIGH,
2376 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2377 256,
2378 256,
2379 },
2380 {
2381 1,
2382 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2383 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2384 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2385 SSL_kDHE,
2386 SSL_aNULL,
2387 SSL_CAMELLIA256,
2388 SSL_SHA1,
2389 SSL3_VERSION, TLS1_2_VERSION,
2390 DTLS1_BAD_VER, DTLS1_2_VERSION,
2391 SSL_NOT_DEFAULT | SSL_HIGH,
2392 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2393 256,
2394 256,
2395 },
2396 {
2397 1,
2398 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2399 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2400 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2401 SSL_kRSA,
2402 SSL_aRSA,
2403 SSL_CAMELLIA128,
2404 SSL_SHA1,
2405 SSL3_VERSION, TLS1_2_VERSION,
2406 DTLS1_BAD_VER, DTLS1_2_VERSION,
2407 SSL_NOT_DEFAULT | SSL_HIGH,
2408 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2409 128,
2410 128,
2411 },
2412 {
2413 1,
2414 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2415 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2416 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2417 SSL_kDHE,
2418 SSL_aDSS,
2419 SSL_CAMELLIA128,
2420 SSL_SHA1,
2421 SSL3_VERSION, TLS1_2_VERSION,
2422 DTLS1_BAD_VER, DTLS1_2_VERSION,
2423 SSL_NOT_DEFAULT | SSL_HIGH,
2424 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2425 128,
2426 128,
2427 },
2428 {
2429 1,
2430 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2431 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2432 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2433 SSL_kDHE,
2434 SSL_aRSA,
2435 SSL_CAMELLIA128,
2436 SSL_SHA1,
2437 SSL3_VERSION, TLS1_2_VERSION,
2438 DTLS1_BAD_VER, DTLS1_2_VERSION,
2439 SSL_NOT_DEFAULT | SSL_HIGH,
2440 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2441 128,
2442 128,
2443 },
2444 {
2445 1,
2446 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2447 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2448 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2449 SSL_kDHE,
2450 SSL_aNULL,
2451 SSL_CAMELLIA128,
2452 SSL_SHA1,
2453 SSL3_VERSION, TLS1_2_VERSION,
2454 DTLS1_BAD_VER, DTLS1_2_VERSION,
2455 SSL_NOT_DEFAULT | SSL_HIGH,
2456 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2457 128,
2458 128,
2459 },
2460 {
2461 1,
2462 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2463 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2464 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2465 SSL_kECDHE,
2466 SSL_aECDSA,
2467 SSL_CAMELLIA128,
2468 SSL_SHA256,
2469 TLS1_2_VERSION, TLS1_2_VERSION,
2470 DTLS1_2_VERSION, DTLS1_2_VERSION,
2471 SSL_NOT_DEFAULT | SSL_HIGH,
2472 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2473 128,
2474 128,
2475 },
2476 {
2477 1,
2478 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2479 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2480 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2481 SSL_kECDHE,
2482 SSL_aECDSA,
2483 SSL_CAMELLIA256,
2484 SSL_SHA384,
2485 TLS1_2_VERSION, TLS1_2_VERSION,
2486 DTLS1_2_VERSION, DTLS1_2_VERSION,
2487 SSL_NOT_DEFAULT | SSL_HIGH,
2488 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2489 256,
2490 256,
2491 },
2492 {
2493 1,
2494 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2495 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2496 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2497 SSL_kECDHE,
2498 SSL_aRSA,
2499 SSL_CAMELLIA128,
2500 SSL_SHA256,
2501 TLS1_2_VERSION, TLS1_2_VERSION,
2502 DTLS1_2_VERSION, DTLS1_2_VERSION,
2503 SSL_NOT_DEFAULT | SSL_HIGH,
2504 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2505 128,
2506 128,
2507 },
2508 {
2509 1,
2510 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2511 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2512 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2513 SSL_kECDHE,
2514 SSL_aRSA,
2515 SSL_CAMELLIA256,
2516 SSL_SHA384,
2517 TLS1_2_VERSION, TLS1_2_VERSION,
2518 DTLS1_2_VERSION, DTLS1_2_VERSION,
2519 SSL_NOT_DEFAULT | SSL_HIGH,
2520 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2521 256,
2522 256,
2523 },
2524 {
2525 1,
2526 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2527 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529 SSL_kPSK,
2530 SSL_aPSK,
2531 SSL_CAMELLIA128,
2532 SSL_SHA256,
2533 TLS1_VERSION, TLS1_2_VERSION,
2534 DTLS1_BAD_VER, DTLS1_2_VERSION,
2535 SSL_NOT_DEFAULT | SSL_HIGH,
2536 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2537 128,
2538 128,
2539 },
2540 {
2541 1,
2542 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2543 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545 SSL_kPSK,
2546 SSL_aPSK,
2547 SSL_CAMELLIA256,
2548 SSL_SHA384,
2549 TLS1_VERSION, TLS1_2_VERSION,
2550 DTLS1_BAD_VER, DTLS1_2_VERSION,
2551 SSL_NOT_DEFAULT | SSL_HIGH,
2552 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2553 256,
2554 256,
2555 },
2556 {
2557 1,
2558 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2559 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561 SSL_kDHEPSK,
2562 SSL_aPSK,
2563 SSL_CAMELLIA128,
2564 SSL_SHA256,
2565 TLS1_VERSION, TLS1_2_VERSION,
2566 DTLS1_BAD_VER, DTLS1_2_VERSION,
2567 SSL_NOT_DEFAULT | SSL_HIGH,
2568 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2569 128,
2570 128,
2571 },
2572 {
2573 1,
2574 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2575 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577 SSL_kDHEPSK,
2578 SSL_aPSK,
2579 SSL_CAMELLIA256,
2580 SSL_SHA384,
2581 TLS1_VERSION, TLS1_2_VERSION,
2582 DTLS1_BAD_VER, DTLS1_2_VERSION,
2583 SSL_NOT_DEFAULT | SSL_HIGH,
2584 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2585 256,
2586 256,
2587 },
2588 {
2589 1,
2590 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2591 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593 SSL_kRSAPSK,
2594 SSL_aRSA,
2595 SSL_CAMELLIA128,
2596 SSL_SHA256,
2597 TLS1_VERSION, TLS1_2_VERSION,
2598 DTLS1_BAD_VER, DTLS1_2_VERSION,
2599 SSL_NOT_DEFAULT | SSL_HIGH,
2600 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2601 128,
2602 128,
2603 },
2604 {
2605 1,
2606 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2607 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609 SSL_kRSAPSK,
2610 SSL_aRSA,
2611 SSL_CAMELLIA256,
2612 SSL_SHA384,
2613 TLS1_VERSION, TLS1_2_VERSION,
2614 DTLS1_BAD_VER, DTLS1_2_VERSION,
2615 SSL_NOT_DEFAULT | SSL_HIGH,
2616 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2617 256,
2618 256,
2619 },
2620 {
2621 1,
2622 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2623 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2624 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2625 SSL_kECDHEPSK,
2626 SSL_aPSK,
2627 SSL_CAMELLIA128,
2628 SSL_SHA256,
2629 TLS1_VERSION, TLS1_2_VERSION,
2630 DTLS1_BAD_VER, DTLS1_2_VERSION,
2631 SSL_NOT_DEFAULT | SSL_HIGH,
2632 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2633 128,
2634 128,
2635 },
2636 {
2637 1,
2638 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2639 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2640 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2641 SSL_kECDHEPSK,
2642 SSL_aPSK,
2643 SSL_CAMELLIA256,
2644 SSL_SHA384,
2645 TLS1_VERSION, TLS1_2_VERSION,
2646 DTLS1_BAD_VER, DTLS1_2_VERSION,
2647 SSL_NOT_DEFAULT | SSL_HIGH,
2648 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2649 256,
2650 256,
2651 },
2652
2653 #ifndef OPENSSL_NO_GOST
2654 {
2655 1,
2656 "GOST2001-GOST89-GOST89",
2657 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2658 0x3000081,
2659 SSL_kGOST,
2660 SSL_aGOST01,
2661 SSL_eGOST2814789CNT,
2662 SSL_GOST89MAC,
2663 TLS1_VERSION, TLS1_2_VERSION,
2664 0, 0,
2665 SSL_HIGH,
2666 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2667 256,
2668 256,
2669 },
2670 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2671 {
2672 1,
2673 "GOST2001-NULL-GOST94",
2674 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2675 0x3000083,
2676 SSL_kGOST,
2677 SSL_aGOST01,
2678 SSL_eNULL,
2679 SSL_GOST94,
2680 TLS1_VERSION, TLS1_2_VERSION,
2681 0, 0,
2682 SSL_STRONG_NONE,
2683 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2684 0,
2685 0,
2686 },
2687 # endif
2688 {
2689 1,
2690 "IANA-GOST2012-GOST8912-GOST8912",
2691 NULL,
2692 0x0300c102,
2693 SSL_kGOST,
2694 SSL_aGOST12 | SSL_aGOST01,
2695 SSL_eGOST2814789CNT12,
2696 SSL_GOST89MAC12,
2697 TLS1_VERSION, TLS1_2_VERSION,
2698 0, 0,
2699 SSL_HIGH,
2700 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2701 256,
2702 256,
2703 },
2704 {
2705 1,
2706 "LEGACY-GOST2012-GOST8912-GOST8912",
2707 NULL,
2708 0x0300ff85,
2709 SSL_kGOST,
2710 SSL_aGOST12 | SSL_aGOST01,
2711 SSL_eGOST2814789CNT12,
2712 SSL_GOST89MAC12,
2713 TLS1_VERSION, TLS1_2_VERSION,
2714 0, 0,
2715 SSL_HIGH,
2716 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2717 256,
2718 256,
2719 },
2720 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2721 {
2722 1,
2723 "GOST2012-NULL-GOST12",
2724 NULL,
2725 0x0300ff87,
2726 SSL_kGOST,
2727 SSL_aGOST12 | SSL_aGOST01,
2728 SSL_eNULL,
2729 SSL_GOST12_256,
2730 TLS1_VERSION, TLS1_2_VERSION,
2731 0, 0,
2732 SSL_STRONG_NONE,
2733 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2734 0,
2735 0,
2736 },
2737 # endif
2738 {
2739 1,
2740 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2741 NULL,
2742 0x0300C100,
2743 SSL_kGOST18,
2744 SSL_aGOST12,
2745 SSL_KUZNYECHIK,
2746 SSL_KUZNYECHIKOMAC,
2747 TLS1_2_VERSION, TLS1_2_VERSION,
2748 0, 0,
2749 SSL_HIGH,
2750 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2751 256,
2752 256,
2753 },
2754 {
2755 1,
2756 "GOST2012-MAGMA-MAGMAOMAC",
2757 NULL,
2758 0x0300C101,
2759 SSL_kGOST18,
2760 SSL_aGOST12,
2761 SSL_MAGMA,
2762 SSL_MAGMAOMAC,
2763 TLS1_2_VERSION, TLS1_2_VERSION,
2764 0, 0,
2765 SSL_HIGH,
2766 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2767 256,
2768 256,
2769 },
2770 #endif /* OPENSSL_NO_GOST */
2771
2772 {
2773 1,
2774 SSL3_TXT_RSA_IDEA_128_SHA,
2775 SSL3_RFC_RSA_IDEA_128_SHA,
2776 SSL3_CK_RSA_IDEA_128_SHA,
2777 SSL_kRSA,
2778 SSL_aRSA,
2779 SSL_IDEA,
2780 SSL_SHA1,
2781 SSL3_VERSION, TLS1_1_VERSION,
2782 DTLS1_BAD_VER, DTLS1_VERSION,
2783 SSL_NOT_DEFAULT | SSL_MEDIUM,
2784 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2785 128,
2786 128,
2787 },
2788
2789 {
2790 1,
2791 TLS1_TXT_RSA_WITH_SEED_SHA,
2792 TLS1_RFC_RSA_WITH_SEED_SHA,
2793 TLS1_CK_RSA_WITH_SEED_SHA,
2794 SSL_kRSA,
2795 SSL_aRSA,
2796 SSL_SEED,
2797 SSL_SHA1,
2798 SSL3_VERSION, TLS1_2_VERSION,
2799 DTLS1_BAD_VER, DTLS1_2_VERSION,
2800 SSL_NOT_DEFAULT | SSL_MEDIUM,
2801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2802 128,
2803 128,
2804 },
2805 {
2806 1,
2807 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2808 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2809 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2810 SSL_kDHE,
2811 SSL_aDSS,
2812 SSL_SEED,
2813 SSL_SHA1,
2814 SSL3_VERSION, TLS1_2_VERSION,
2815 DTLS1_BAD_VER, DTLS1_2_VERSION,
2816 SSL_NOT_DEFAULT | SSL_MEDIUM,
2817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2818 128,
2819 128,
2820 },
2821 {
2822 1,
2823 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2824 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2825 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2826 SSL_kDHE,
2827 SSL_aRSA,
2828 SSL_SEED,
2829 SSL_SHA1,
2830 SSL3_VERSION, TLS1_2_VERSION,
2831 DTLS1_BAD_VER, DTLS1_2_VERSION,
2832 SSL_NOT_DEFAULT | SSL_MEDIUM,
2833 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2834 128,
2835 128,
2836 },
2837 {
2838 1,
2839 TLS1_TXT_ADH_WITH_SEED_SHA,
2840 TLS1_RFC_ADH_WITH_SEED_SHA,
2841 TLS1_CK_ADH_WITH_SEED_SHA,
2842 SSL_kDHE,
2843 SSL_aNULL,
2844 SSL_SEED,
2845 SSL_SHA1,
2846 SSL3_VERSION, TLS1_2_VERSION,
2847 DTLS1_BAD_VER, DTLS1_2_VERSION,
2848 SSL_NOT_DEFAULT | SSL_MEDIUM,
2849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2850 128,
2851 128,
2852 },
2853
2854 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2855 {
2856 1,
2857 SSL3_TXT_RSA_RC4_128_MD5,
2858 SSL3_RFC_RSA_RC4_128_MD5,
2859 SSL3_CK_RSA_RC4_128_MD5,
2860 SSL_kRSA,
2861 SSL_aRSA,
2862 SSL_RC4,
2863 SSL_MD5,
2864 SSL3_VERSION, TLS1_2_VERSION,
2865 0, 0,
2866 SSL_NOT_DEFAULT | SSL_MEDIUM,
2867 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2868 80,
2869 128,
2870 },
2871 {
2872 1,
2873 SSL3_TXT_RSA_RC4_128_SHA,
2874 SSL3_RFC_RSA_RC4_128_SHA,
2875 SSL3_CK_RSA_RC4_128_SHA,
2876 SSL_kRSA,
2877 SSL_aRSA,
2878 SSL_RC4,
2879 SSL_SHA1,
2880 SSL3_VERSION, TLS1_2_VERSION,
2881 0, 0,
2882 SSL_NOT_DEFAULT | SSL_MEDIUM,
2883 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2884 80,
2885 128,
2886 },
2887 {
2888 1,
2889 SSL3_TXT_ADH_RC4_128_MD5,
2890 SSL3_RFC_ADH_RC4_128_MD5,
2891 SSL3_CK_ADH_RC4_128_MD5,
2892 SSL_kDHE,
2893 SSL_aNULL,
2894 SSL_RC4,
2895 SSL_MD5,
2896 SSL3_VERSION, TLS1_2_VERSION,
2897 0, 0,
2898 SSL_NOT_DEFAULT | SSL_MEDIUM,
2899 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2900 80,
2901 128,
2902 },
2903 {
2904 1,
2905 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2906 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2907 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2908 SSL_kECDHEPSK,
2909 SSL_aPSK,
2910 SSL_RC4,
2911 SSL_SHA1,
2912 TLS1_VERSION, TLS1_2_VERSION,
2913 0, 0,
2914 SSL_NOT_DEFAULT | SSL_MEDIUM,
2915 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2916 80,
2917 128,
2918 },
2919 {
2920 1,
2921 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2922 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2923 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2924 SSL_kECDHE,
2925 SSL_aNULL,
2926 SSL_RC4,
2927 SSL_SHA1,
2928 TLS1_VERSION, TLS1_2_VERSION,
2929 0, 0,
2930 SSL_NOT_DEFAULT | SSL_MEDIUM,
2931 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2932 80,
2933 128,
2934 },
2935 {
2936 1,
2937 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2938 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2939 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2940 SSL_kECDHE,
2941 SSL_aECDSA,
2942 SSL_RC4,
2943 SSL_SHA1,
2944 TLS1_VERSION, TLS1_2_VERSION,
2945 0, 0,
2946 SSL_NOT_DEFAULT | SSL_MEDIUM,
2947 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2948 80,
2949 128,
2950 },
2951 {
2952 1,
2953 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2954 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2955 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2956 SSL_kECDHE,
2957 SSL_aRSA,
2958 SSL_RC4,
2959 SSL_SHA1,
2960 TLS1_VERSION, TLS1_2_VERSION,
2961 0, 0,
2962 SSL_NOT_DEFAULT | SSL_MEDIUM,
2963 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2964 80,
2965 128,
2966 },
2967 {
2968 1,
2969 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2970 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2971 TLS1_CK_PSK_WITH_RC4_128_SHA,
2972 SSL_kPSK,
2973 SSL_aPSK,
2974 SSL_RC4,
2975 SSL_SHA1,
2976 SSL3_VERSION, TLS1_2_VERSION,
2977 0, 0,
2978 SSL_NOT_DEFAULT | SSL_MEDIUM,
2979 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2980 80,
2981 128,
2982 },
2983 {
2984 1,
2985 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2986 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2987 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2988 SSL_kRSAPSK,
2989 SSL_aRSA,
2990 SSL_RC4,
2991 SSL_SHA1,
2992 SSL3_VERSION, TLS1_2_VERSION,
2993 0, 0,
2994 SSL_NOT_DEFAULT | SSL_MEDIUM,
2995 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2996 80,
2997 128,
2998 },
2999 {
3000 1,
3001 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3002 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3003 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3004 SSL_kDHEPSK,
3005 SSL_aPSK,
3006 SSL_RC4,
3007 SSL_SHA1,
3008 SSL3_VERSION, TLS1_2_VERSION,
3009 0, 0,
3010 SSL_NOT_DEFAULT | SSL_MEDIUM,
3011 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3012 80,
3013 128,
3014 },
3015 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3016
3017 {
3018 1,
3019 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3020 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3021 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3022 SSL_kRSA,
3023 SSL_aRSA,
3024 SSL_ARIA128GCM,
3025 SSL_AEAD,
3026 TLS1_2_VERSION, TLS1_2_VERSION,
3027 DTLS1_2_VERSION, DTLS1_2_VERSION,
3028 SSL_NOT_DEFAULT | SSL_HIGH,
3029 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3030 128,
3031 128,
3032 },
3033 {
3034 1,
3035 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3036 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3037 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3038 SSL_kRSA,
3039 SSL_aRSA,
3040 SSL_ARIA256GCM,
3041 SSL_AEAD,
3042 TLS1_2_VERSION, TLS1_2_VERSION,
3043 DTLS1_2_VERSION, DTLS1_2_VERSION,
3044 SSL_NOT_DEFAULT | SSL_HIGH,
3045 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3046 256,
3047 256,
3048 },
3049 {
3050 1,
3051 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3054 SSL_kDHE,
3055 SSL_aRSA,
3056 SSL_ARIA128GCM,
3057 SSL_AEAD,
3058 TLS1_2_VERSION, TLS1_2_VERSION,
3059 DTLS1_2_VERSION, DTLS1_2_VERSION,
3060 SSL_NOT_DEFAULT | SSL_HIGH,
3061 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3062 128,
3063 128,
3064 },
3065 {
3066 1,
3067 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3070 SSL_kDHE,
3071 SSL_aRSA,
3072 SSL_ARIA256GCM,
3073 SSL_AEAD,
3074 TLS1_2_VERSION, TLS1_2_VERSION,
3075 DTLS1_2_VERSION, DTLS1_2_VERSION,
3076 SSL_NOT_DEFAULT | SSL_HIGH,
3077 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3078 256,
3079 256,
3080 },
3081 {
3082 1,
3083 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3084 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3085 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3086 SSL_kDHE,
3087 SSL_aDSS,
3088 SSL_ARIA128GCM,
3089 SSL_AEAD,
3090 TLS1_2_VERSION, TLS1_2_VERSION,
3091 DTLS1_2_VERSION, DTLS1_2_VERSION,
3092 SSL_NOT_DEFAULT | SSL_HIGH,
3093 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3094 128,
3095 128,
3096 },
3097 {
3098 1,
3099 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3100 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3101 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3102 SSL_kDHE,
3103 SSL_aDSS,
3104 SSL_ARIA256GCM,
3105 SSL_AEAD,
3106 TLS1_2_VERSION, TLS1_2_VERSION,
3107 DTLS1_2_VERSION, DTLS1_2_VERSION,
3108 SSL_NOT_DEFAULT | SSL_HIGH,
3109 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3110 256,
3111 256,
3112 },
3113 {
3114 1,
3115 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3116 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3117 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3118 SSL_kECDHE,
3119 SSL_aECDSA,
3120 SSL_ARIA128GCM,
3121 SSL_AEAD,
3122 TLS1_2_VERSION, TLS1_2_VERSION,
3123 DTLS1_2_VERSION, DTLS1_2_VERSION,
3124 SSL_NOT_DEFAULT | SSL_HIGH,
3125 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3126 128,
3127 128,
3128 },
3129 {
3130 1,
3131 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3132 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3133 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3134 SSL_kECDHE,
3135 SSL_aECDSA,
3136 SSL_ARIA256GCM,
3137 SSL_AEAD,
3138 TLS1_2_VERSION, TLS1_2_VERSION,
3139 DTLS1_2_VERSION, DTLS1_2_VERSION,
3140 SSL_NOT_DEFAULT | SSL_HIGH,
3141 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3142 256,
3143 256,
3144 },
3145 {
3146 1,
3147 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3148 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3149 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3150 SSL_kECDHE,
3151 SSL_aRSA,
3152 SSL_ARIA128GCM,
3153 SSL_AEAD,
3154 TLS1_2_VERSION, TLS1_2_VERSION,
3155 DTLS1_2_VERSION, DTLS1_2_VERSION,
3156 SSL_NOT_DEFAULT | SSL_HIGH,
3157 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3158 128,
3159 128,
3160 },
3161 {
3162 1,
3163 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3164 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3165 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3166 SSL_kECDHE,
3167 SSL_aRSA,
3168 SSL_ARIA256GCM,
3169 SSL_AEAD,
3170 TLS1_2_VERSION, TLS1_2_VERSION,
3171 DTLS1_2_VERSION, DTLS1_2_VERSION,
3172 SSL_NOT_DEFAULT | SSL_HIGH,
3173 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3174 256,
3175 256,
3176 },
3177 {
3178 1,
3179 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3180 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3181 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3182 SSL_kPSK,
3183 SSL_aPSK,
3184 SSL_ARIA128GCM,
3185 SSL_AEAD,
3186 TLS1_2_VERSION, TLS1_2_VERSION,
3187 DTLS1_2_VERSION, DTLS1_2_VERSION,
3188 SSL_NOT_DEFAULT | SSL_HIGH,
3189 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3190 128,
3191 128,
3192 },
3193 {
3194 1,
3195 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3196 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3197 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3198 SSL_kPSK,
3199 SSL_aPSK,
3200 SSL_ARIA256GCM,
3201 SSL_AEAD,
3202 TLS1_2_VERSION, TLS1_2_VERSION,
3203 DTLS1_2_VERSION, DTLS1_2_VERSION,
3204 SSL_NOT_DEFAULT | SSL_HIGH,
3205 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3206 256,
3207 256,
3208 },
3209 {
3210 1,
3211 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3212 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3213 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3214 SSL_kDHEPSK,
3215 SSL_aPSK,
3216 SSL_ARIA128GCM,
3217 SSL_AEAD,
3218 TLS1_2_VERSION, TLS1_2_VERSION,
3219 DTLS1_2_VERSION, DTLS1_2_VERSION,
3220 SSL_NOT_DEFAULT | SSL_HIGH,
3221 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3222 128,
3223 128,
3224 },
3225 {
3226 1,
3227 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3228 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3229 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3230 SSL_kDHEPSK,
3231 SSL_aPSK,
3232 SSL_ARIA256GCM,
3233 SSL_AEAD,
3234 TLS1_2_VERSION, TLS1_2_VERSION,
3235 DTLS1_2_VERSION, DTLS1_2_VERSION,
3236 SSL_NOT_DEFAULT | SSL_HIGH,
3237 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3238 256,
3239 256,
3240 },
3241 {
3242 1,
3243 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3244 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3245 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3246 SSL_kRSAPSK,
3247 SSL_aRSA,
3248 SSL_ARIA128GCM,
3249 SSL_AEAD,
3250 TLS1_2_VERSION, TLS1_2_VERSION,
3251 DTLS1_2_VERSION, DTLS1_2_VERSION,
3252 SSL_NOT_DEFAULT | SSL_HIGH,
3253 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3254 128,
3255 128,
3256 },
3257 {
3258 1,
3259 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3260 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3261 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3262 SSL_kRSAPSK,
3263 SSL_aRSA,
3264 SSL_ARIA256GCM,
3265 SSL_AEAD,
3266 TLS1_2_VERSION, TLS1_2_VERSION,
3267 DTLS1_2_VERSION, DTLS1_2_VERSION,
3268 SSL_NOT_DEFAULT | SSL_HIGH,
3269 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3270 256,
3271 256,
3272 },
3273 };
3274
3275 /*
3276 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3277 * values stuffed into the ciphers field of the wire protocol for signalling
3278 * purposes.
3279 */
3280 static SSL_CIPHER ssl3_scsvs[] = {
3281 {
3282 0,
3283 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3284 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3285 SSL3_CK_SCSV,
3286 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3287 },
3288 {
3289 0,
3290 "TLS_FALLBACK_SCSV",
3291 "TLS_FALLBACK_SCSV",
3292 SSL3_CK_FALLBACK_SCSV,
3293 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3294 },
3295 };
3296
3297 static int cipher_compare(const void *a, const void *b)
3298 {
3299 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3300 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3301
3302 if (ap->id == bp->id)
3303 return 0;
3304 return ap->id < bp->id ? -1 : 1;
3305 }
3306
3307 void ssl_sort_cipher_list(void)
3308 {
3309 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3310 cipher_compare);
3311 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3312 cipher_compare);
3313 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3314 }
3315
3316 static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3317 size_t s, const char *t, size_t u,
3318 const unsigned char *v, size_t w, int x)
3319 {
3320 (void)r;
3321 (void)s;
3322 (void)t;
3323 (void)u;
3324 (void)v;
3325 (void)w;
3326 (void)x;
3327 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3328 }
3329
3330 const SSL3_ENC_METHOD SSLv3_enc_data = {
3331 ssl3_setup_key_block,
3332 ssl3_generate_master_secret,
3333 ssl3_change_cipher_state,
3334 ssl3_final_finish_mac,
3335 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3336 SSL3_MD_SERVER_FINISHED_CONST, 4,
3337 ssl3_alert_code,
3338 sslcon_undefined_function_1,
3339 0,
3340 ssl3_set_handshake_header,
3341 tls_close_construct_packet,
3342 ssl3_handshake_write
3343 };
3344
3345 OSSL_TIME ssl3_default_timeout(void)
3346 {
3347 /*
3348 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3349 * http, the cache would over fill
3350 */
3351 return ossl_seconds2time(60 * 60 * 2);
3352 }
3353
3354 int ssl3_num_ciphers(void)
3355 {
3356 return SSL3_NUM_CIPHERS;
3357 }
3358
3359 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3360 {
3361 if (u < SSL3_NUM_CIPHERS)
3362 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3363 else
3364 return NULL;
3365 }
3366
3367 int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3368 {
3369 /* No header in the event of a CCS */
3370 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3371 return 1;
3372
3373 /* Set the content type and 3 bytes for the message len */
3374 if (!WPACKET_put_bytes_u8(pkt, htype)
3375 || !WPACKET_start_sub_packet_u24(pkt))
3376 return 0;
3377
3378 return 1;
3379 }
3380
3381 int ssl3_handshake_write(SSL_CONNECTION *s)
3382 {
3383 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3384 }
3385
3386 int ssl3_new(SSL *s)
3387 {
3388 #ifndef OPENSSL_NO_SRP
3389 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3390
3391 if (sc == NULL)
3392 return 0;
3393
3394 if (!ssl_srp_ctx_init_intern(sc))
3395 return 0;
3396 #endif
3397
3398 if (!s->method->ssl_clear(s))
3399 return 0;
3400
3401 return 1;
3402 }
3403
3404 void ssl3_free(SSL *s)
3405 {
3406 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3407 size_t i;
3408
3409 if (sc == NULL)
3410 return;
3411
3412 ssl3_cleanup_key_block(sc);
3413
3414 EVP_PKEY_free(sc->s3.peer_tmp);
3415 sc->s3.peer_tmp = NULL;
3416
3417 for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3418 if (sc->s3.tmp.ks_pkey[i] != NULL) {
3419 if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3420 sc->s3.tmp.pkey = NULL;
3421
3422 EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3423 sc->s3.tmp.ks_pkey[i] = NULL;
3424 }
3425 sc->s3.tmp.num_ks_pkey = 0;
3426
3427 if (sc->s3.tmp.pkey != NULL) {
3428 EVP_PKEY_free(sc->s3.tmp.pkey);
3429 sc->s3.tmp.pkey = NULL;
3430 }
3431
3432 ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3433 ssl_evp_md_free(sc->s3.tmp.new_hash);
3434
3435 OPENSSL_free(sc->s3.tmp.ctype);
3436 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3437 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3438 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3439 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3440 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3441 OPENSSL_free(sc->s3.tmp.valid_flags);
3442 ssl3_free_digest_list(sc);
3443 OPENSSL_free(sc->s3.alpn_selected);
3444 OPENSSL_free(sc->s3.alpn_proposed);
3445 ossl_quic_tls_free(sc->qtls);
3446
3447 #ifndef OPENSSL_NO_PSK
3448 OPENSSL_free(sc->s3.tmp.psk);
3449 #endif
3450
3451 #ifndef OPENSSL_NO_SRP
3452 ssl_srp_ctx_free_intern(sc);
3453 #endif
3454 memset(&sc->s3, 0, sizeof(sc->s3));
3455 }
3456
3457 int ssl3_clear(SSL *s)
3458 {
3459 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3460 int flags;
3461 size_t i;
3462
3463 if (sc == NULL)
3464 return 0;
3465
3466 ssl3_cleanup_key_block(sc);
3467 OPENSSL_free(sc->s3.tmp.ctype);
3468 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3469 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3470 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3471 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3472 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3473 OPENSSL_free(sc->s3.tmp.valid_flags);
3474
3475 EVP_PKEY_free(sc->s3.peer_tmp);
3476
3477 for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3478 if (sc->s3.tmp.ks_pkey[i] != NULL) {
3479 if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3480 sc->s3.tmp.pkey = NULL;
3481
3482 EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3483 sc->s3.tmp.ks_pkey[i] = NULL;
3484 }
3485 sc->s3.tmp.num_ks_pkey = 0;
3486
3487 if (sc->s3.tmp.pkey != NULL) {
3488 EVP_PKEY_free(sc->s3.tmp.pkey);
3489 sc->s3.tmp.pkey = NULL;
3490 }
3491
3492 ssl3_free_digest_list(sc);
3493
3494 OPENSSL_free(sc->s3.alpn_selected);
3495 OPENSSL_free(sc->s3.alpn_proposed);
3496
3497 /*
3498 * NULL/zero-out everything in the s3 struct, but remember if we are doing
3499 * QUIC.
3500 */
3501 flags = sc->s3.flags & (TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL);
3502 memset(&sc->s3, 0, sizeof(sc->s3));
3503 sc->s3.flags |= flags;
3504
3505 if (!ssl_free_wbio_buffer(sc))
3506 return 0;
3507
3508 sc->version = SSL3_VERSION;
3509
3510 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3511 OPENSSL_free(sc->ext.npn);
3512 sc->ext.npn = NULL;
3513 sc->ext.npn_len = 0;
3514 #endif
3515
3516 return 1;
3517 }
3518
3519 #ifndef OPENSSL_NO_SRP
3520 static char *srp_password_from_info_cb(SSL *s, void *arg)
3521 {
3522 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3523
3524 if (sc == NULL)
3525 return NULL;
3526
3527 return OPENSSL_strdup(sc->srp_ctx.info);
3528 }
3529 #endif
3530
3531 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3532
3533 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3534 {
3535 int ret = 0;
3536 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3537
3538 if (sc == NULL)
3539 return ret;
3540
3541 switch (cmd) {
3542 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3543 break;
3544 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3545 ret = sc->s3.num_renegotiations;
3546 break;
3547 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3548 ret = sc->s3.num_renegotiations;
3549 sc->s3.num_renegotiations = 0;
3550 break;
3551 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3552 ret = sc->s3.total_renegotiations;
3553 break;
3554 case SSL_CTRL_GET_FLAGS:
3555 ret = (int)(sc->s3.flags);
3556 break;
3557 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3558 case SSL_CTRL_SET_TMP_DH:
3559 {
3560 EVP_PKEY *pkdh = NULL;
3561 if (parg == NULL) {
3562 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3563 return 0;
3564 }
3565 pkdh = ssl_dh_to_pkey(parg);
3566 if (pkdh == NULL) {
3567 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3568 return 0;
3569 }
3570 if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3571 EVP_PKEY_free(pkdh);
3572 return 0;
3573 }
3574 return 1;
3575 }
3576 break;
3577 case SSL_CTRL_SET_TMP_DH_CB:
3578 {
3579 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3580 return ret;
3581 }
3582 #endif
3583 case SSL_CTRL_SET_DH_AUTO:
3584 sc->cert->dh_tmp_auto = larg;
3585 return 1;
3586 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3587 case SSL_CTRL_SET_TMP_ECDH:
3588 {
3589 if (parg == NULL) {
3590 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3591 return 0;
3592 }
3593 return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
3594 &sc->ext.supportedgroups_len,
3595 &sc->ext.keyshares,
3596 &sc->ext.keyshares_len,
3597 &sc->ext.tuples,
3598 &sc->ext.tuples_len,
3599 parg);
3600 }
3601 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3602 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3603 /*
3604 * This API is only used for a client to set what SNI it will request
3605 * from the server, but we currently allow it to be used on servers
3606 * as well, which is a programming error. Currently we just clear
3607 * the field in SSL_do_handshake() for server SSLs, but when we can
3608 * make ABI-breaking changes, we may want to make use of this API
3609 * an error on server SSLs.
3610 */
3611 if (larg == TLSEXT_NAMETYPE_host_name) {
3612 size_t len;
3613
3614 OPENSSL_free(sc->ext.hostname);
3615 sc->ext.hostname = NULL;
3616
3617 ret = 1;
3618 if (parg == NULL)
3619 break;
3620 len = strlen((char *)parg);
3621 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3622 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3623 return 0;
3624 }
3625 if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3626 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3627 return 0;
3628 }
3629 } else {
3630 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3631 return 0;
3632 }
3633 break;
3634 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3635 sc->ext.debug_arg = parg;
3636 ret = 1;
3637 break;
3638
3639 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3640 ret = sc->ext.status_type;
3641 break;
3642
3643 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3644 sc->ext.status_type = larg;
3645 ret = 1;
3646 break;
3647
3648 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3649 *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
3650 ret = 1;
3651 break;
3652
3653 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3654 sc->ext.ocsp.exts = parg;
3655 ret = 1;
3656 break;
3657
3658 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3659 *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
3660 ret = 1;
3661 break;
3662
3663 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3664 sc->ext.ocsp.ids = parg;
3665 ret = 1;
3666 break;
3667
3668 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3669 *(unsigned char **)parg = sc->ext.ocsp.resp;
3670 if (sc->ext.ocsp.resp_len == 0
3671 || sc->ext.ocsp.resp_len > LONG_MAX)
3672 return -1;
3673 return (long)sc->ext.ocsp.resp_len;
3674
3675 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3676 OPENSSL_free(sc->ext.ocsp.resp);
3677 sc->ext.ocsp.resp = parg;
3678 sc->ext.ocsp.resp_len = larg;
3679 ret = 1;
3680 break;
3681
3682 case SSL_CTRL_CHAIN:
3683 if (larg)
3684 return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
3685 else
3686 return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
3687
3688 case SSL_CTRL_CHAIN_CERT:
3689 if (larg)
3690 return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
3691 else
3692 return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
3693
3694 case SSL_CTRL_GET_CHAIN_CERTS:
3695 *(STACK_OF(X509) **)parg = sc->cert->key->chain;
3696 ret = 1;
3697 break;
3698
3699 case SSL_CTRL_SELECT_CURRENT_CERT:
3700 return ssl_cert_select_current(sc->cert, (X509 *)parg);
3701
3702 case SSL_CTRL_SET_CURRENT_CERT:
3703 if (larg == SSL_CERT_SET_SERVER) {
3704 const SSL_CIPHER *cipher;
3705 if (!sc->server)
3706 return 0;
3707 cipher = sc->s3.tmp.new_cipher;
3708 if (cipher == NULL)
3709 return 0;
3710 /*
3711 * No certificate for unauthenticated ciphersuites or using SRP
3712 * authentication
3713 */
3714 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3715 return 2;
3716 if (sc->s3.tmp.cert == NULL)
3717 return 0;
3718 sc->cert->key = sc->s3.tmp.cert;
3719 return 1;
3720 }
3721 return ssl_cert_set_current(sc->cert, larg);
3722
3723 case SSL_CTRL_GET_GROUPS:
3724 {
3725 uint16_t *clist;
3726 size_t clistlen;
3727
3728 if (!sc->session)
3729 return 0;
3730 clist = sc->ext.peer_supportedgroups;
3731 clistlen = sc->ext.peer_supportedgroups_len;
3732 if (parg) {
3733 size_t i;
3734 int *cptr = parg;
3735
3736 for (i = 0; i < clistlen; i++) {
3737 const TLS_GROUP_INFO *cinf
3738 = tls1_group_id_lookup(s->ctx, clist[i]);
3739
3740 if (cinf != NULL)
3741 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3742 else
3743 cptr[i] = TLSEXT_nid_unknown | clist[i];
3744 }
3745 }
3746 return (int)clistlen;
3747 }
3748
3749 case SSL_CTRL_SET_GROUPS:
3750 return tls1_set_groups(&sc->ext.supportedgroups,
3751 &sc->ext.supportedgroups_len,
3752 &sc->ext.keyshares,
3753 &sc->ext.keyshares_len,
3754 &sc->ext.tuples,
3755 &sc->ext.tuples_len,
3756 parg, larg);
3757
3758 case SSL_CTRL_SET_GROUPS_LIST:
3759 return tls1_set_groups_list(s->ctx,
3760 &sc->ext.supportedgroups,
3761 &sc->ext.supportedgroups_len,
3762 &sc->ext.keyshares,
3763 &sc->ext.keyshares_len,
3764 &sc->ext.tuples,
3765 &sc->ext.tuples_len,
3766 parg);
3767
3768 case SSL_CTRL_GET_SHARED_GROUP:
3769 {
3770 uint16_t id = tls1_shared_group(sc, larg);
3771
3772 if (larg != -1)
3773 return tls1_group_id2nid(id, 1);
3774 return id;
3775 }
3776 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3777 {
3778 unsigned int id;
3779
3780 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
3781 id = sc->s3.group_id;
3782 else
3783 id = (sc->session != NULL) ? sc->session->kex_group : NID_undef;
3784 ret = tls1_group_id2nid(id, 1);
3785 break;
3786 }
3787 case SSL_CTRL_SET_SIGALGS:
3788 return tls1_set_sigalgs(sc->cert, parg, larg, 0);
3789
3790 case SSL_CTRL_SET_SIGALGS_LIST:
3791 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
3792
3793 case SSL_CTRL_SET_CLIENT_SIGALGS:
3794 return tls1_set_sigalgs(sc->cert, parg, larg, 1);
3795
3796 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3797 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
3798
3799 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3800 {
3801 const unsigned char **pctype = parg;
3802 if (sc->server || !sc->s3.tmp.cert_req)
3803 return 0;
3804 if (pctype)
3805 *pctype = sc->s3.tmp.ctype;
3806 return (long)sc->s3.tmp.ctype_len;
3807 }
3808
3809 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3810 if (!sc->server)
3811 return 0;
3812 return ssl3_set_req_cert_type(sc->cert, parg, larg);
3813
3814 case SSL_CTRL_BUILD_CERT_CHAIN:
3815 return ssl_build_cert_chain(sc, NULL, larg);
3816
3817 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3818 return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
3819
3820 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3821 return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
3822
3823 case SSL_CTRL_GET_VERIFY_CERT_STORE:
3824 return ssl_cert_get_cert_store(sc->cert, parg, 0);
3825
3826 case SSL_CTRL_GET_CHAIN_CERT_STORE:
3827 return ssl_cert_get_cert_store(sc->cert, parg, 1);
3828
3829 case SSL_CTRL_GET_PEER_SIGNATURE_NAME:
3830 if (parg == NULL || sc->s3.tmp.peer_sigalg == NULL)
3831 return 0;
3832 *(const char **)parg = sc->s3.tmp.peer_sigalg->name;
3833 return 1;
3834
3835 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3836 if (sc->s3.tmp.peer_sigalg == NULL)
3837 return 0;
3838 *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
3839 return 1;
3840
3841 case SSL_CTRL_GET_SIGNATURE_NAME:
3842 if (parg == NULL || sc->s3.tmp.sigalg == NULL)
3843 return 0;
3844 *(const char **)parg = sc->s3.tmp.sigalg->name;
3845 return 1;
3846
3847 case SSL_CTRL_GET_SIGNATURE_NID:
3848 if (sc->s3.tmp.sigalg == NULL)
3849 return 0;
3850 *(int *)parg = sc->s3.tmp.sigalg->hash;
3851 return 1;
3852
3853 case SSL_CTRL_GET_PEER_TMP_KEY:
3854 if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
3855 return 0;
3856 } else {
3857 if (!EVP_PKEY_up_ref(sc->s3.peer_tmp))
3858 return 0;
3859
3860 *(EVP_PKEY **)parg = sc->s3.peer_tmp;
3861 return 1;
3862 }
3863
3864 case SSL_CTRL_GET_TMP_KEY:
3865 if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
3866 return 0;
3867 } else {
3868 if (!EVP_PKEY_up_ref(sc->s3.tmp.pkey))
3869 return 0;
3870
3871 *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
3872 return 1;
3873 }
3874
3875 case SSL_CTRL_GET_EC_POINT_FORMATS:
3876 {
3877 const unsigned char **pformat = parg;
3878
3879 if (sc->ext.peer_ecpointformats == NULL)
3880 return 0;
3881 *pformat = sc->ext.peer_ecpointformats;
3882 return (int)sc->ext.peer_ecpointformats_len;
3883 }
3884
3885 case SSL_CTRL_GET_IANA_GROUPS:
3886 {
3887 if (parg != NULL) {
3888 *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
3889 }
3890 return (int)sc->ext.peer_supportedgroups_len;
3891 }
3892
3893 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
3894 sc->msg_callback_arg = parg;
3895 return 1;
3896
3897 default:
3898 break;
3899 }
3900 return ret;
3901 }
3902
3903 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3904 {
3905 int ret = 0;
3906 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3907
3908 if (sc == NULL)
3909 return ret;
3910
3911 switch (cmd) {
3912 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3913 case SSL_CTRL_SET_TMP_DH_CB:
3914 sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3915 ret = 1;
3916 break;
3917 #endif
3918 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3919 sc->ext.debug_cb = (void (*)(SSL *, int, int,
3920 const unsigned char *, int, void *))fp;
3921 ret = 1;
3922 break;
3923
3924 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3925 sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3926 ret = 1;
3927 break;
3928
3929 case SSL_CTRL_SET_MSG_CALLBACK:
3930 sc->msg_callback = (ossl_msg_cb)fp;
3931 return 1;
3932 default:
3933 break;
3934 }
3935 return ret;
3936 }
3937
3938 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3939 {
3940 switch (cmd) {
3941 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3942 case SSL_CTRL_SET_TMP_DH:
3943 {
3944 EVP_PKEY *pkdh = NULL;
3945 if (parg == NULL) {
3946 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3947 return 0;
3948 }
3949 pkdh = ssl_dh_to_pkey(parg);
3950 if (pkdh == NULL) {
3951 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3952 return 0;
3953 }
3954 if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
3955 EVP_PKEY_free(pkdh);
3956 return 0;
3957 }
3958 return 1;
3959 }
3960 case SSL_CTRL_SET_TMP_DH_CB:
3961 {
3962 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3963 return 0;
3964 }
3965 #endif
3966 case SSL_CTRL_SET_DH_AUTO:
3967 ctx->cert->dh_tmp_auto = larg;
3968 return 1;
3969 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3970 case SSL_CTRL_SET_TMP_ECDH:
3971 {
3972 if (parg == NULL) {
3973 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3974 return 0;
3975 }
3976 return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3977 &ctx->ext.supportedgroups_len,
3978 &ctx->ext.keyshares,
3979 &ctx->ext.keyshares_len,
3980 &ctx->ext.tuples,
3981 &ctx->ext.tuples_len,
3982 parg);
3983 }
3984 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3985 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3986 ctx->ext.servername_arg = parg;
3987 break;
3988 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3989 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3990 {
3991 unsigned char *keys = parg;
3992 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3993 sizeof(ctx->ext.secure->tick_hmac_key) +
3994 sizeof(ctx->ext.secure->tick_aes_key));
3995 if (keys == NULL)
3996 return tick_keylen;
3997 if (larg != tick_keylen) {
3998 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3999 return 0;
4000 }
4001 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
4002 memcpy(ctx->ext.tick_key_name, keys,
4003 sizeof(ctx->ext.tick_key_name));
4004 memcpy(ctx->ext.secure->tick_hmac_key,
4005 keys + sizeof(ctx->ext.tick_key_name),
4006 sizeof(ctx->ext.secure->tick_hmac_key));
4007 memcpy(ctx->ext.secure->tick_aes_key,
4008 keys + sizeof(ctx->ext.tick_key_name) +
4009 sizeof(ctx->ext.secure->tick_hmac_key),
4010 sizeof(ctx->ext.secure->tick_aes_key));
4011 } else {
4012 memcpy(keys, ctx->ext.tick_key_name,
4013 sizeof(ctx->ext.tick_key_name));
4014 memcpy(keys + sizeof(ctx->ext.tick_key_name),
4015 ctx->ext.secure->tick_hmac_key,
4016 sizeof(ctx->ext.secure->tick_hmac_key));
4017 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
4018 sizeof(ctx->ext.secure->tick_hmac_key),
4019 ctx->ext.secure->tick_aes_key,
4020 sizeof(ctx->ext.secure->tick_aes_key));
4021 }
4022 return 1;
4023 }
4024
4025 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
4026 return ctx->ext.status_type;
4027
4028 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
4029 ctx->ext.status_type = larg;
4030 break;
4031
4032 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
4033 ctx->ext.status_arg = parg;
4034 return 1;
4035
4036 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
4037 *(void**)parg = ctx->ext.status_arg;
4038 break;
4039
4040 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
4041 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
4042 break;
4043
4044 #ifndef OPENSSL_NO_SRP
4045 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
4046 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4047 OPENSSL_free(ctx->srp_ctx.login);
4048 ctx->srp_ctx.login = NULL;
4049 if (parg == NULL)
4050 break;
4051 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
4052 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
4053 return 0;
4054 }
4055 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
4056 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4057 return 0;
4058 }
4059 break;
4060 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
4061 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4062 srp_password_from_info_cb;
4063 if (ctx->srp_ctx.info != NULL)
4064 OPENSSL_free(ctx->srp_ctx.info);
4065 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
4066 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4067 return 0;
4068 }
4069 break;
4070 case SSL_CTRL_SET_SRP_ARG:
4071 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4072 ctx->srp_ctx.SRP_cb_arg = parg;
4073 break;
4074
4075 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4076 ctx->srp_ctx.strength = larg;
4077 break;
4078 #endif
4079
4080 case SSL_CTRL_SET_GROUPS:
4081 return tls1_set_groups(&ctx->ext.supportedgroups,
4082 &ctx->ext.supportedgroups_len,
4083 &ctx->ext.keyshares,
4084 &ctx->ext.keyshares_len,
4085 &ctx->ext.tuples,
4086 &ctx->ext.tuples_len,
4087 parg, larg);
4088
4089 case SSL_CTRL_SET_GROUPS_LIST:
4090 return tls1_set_groups_list(ctx,
4091 &ctx->ext.supportedgroups,
4092 &ctx->ext.supportedgroups_len,
4093 &ctx->ext.keyshares,
4094 &ctx->ext.keyshares_len,
4095 &ctx->ext.tuples,
4096 &ctx->ext.tuples_len,
4097 parg);
4098
4099 case SSL_CTRL_GET0_IMPLEMENTED_GROUPS:
4100 return tls1_get0_implemented_groups(ctx->min_proto_version,
4101 ctx->max_proto_version,
4102 ctx->group_list,
4103 ctx->group_list_len, larg, parg);
4104
4105 case SSL_CTRL_SET_SIGALGS:
4106 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4107
4108 case SSL_CTRL_SET_SIGALGS_LIST:
4109 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4110
4111 case SSL_CTRL_SET_CLIENT_SIGALGS:
4112 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4113
4114 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4115 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4116
4117 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4118 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4119
4120 case SSL_CTRL_BUILD_CERT_CHAIN:
4121 return ssl_build_cert_chain(NULL, ctx, larg);
4122
4123 case SSL_CTRL_SET_VERIFY_CERT_STORE:
4124 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4125
4126 case SSL_CTRL_SET_CHAIN_CERT_STORE:
4127 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4128
4129 case SSL_CTRL_GET_VERIFY_CERT_STORE:
4130 return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4131
4132 case SSL_CTRL_GET_CHAIN_CERT_STORE:
4133 return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4134
4135 /* A Thawte special :-) */
4136 case SSL_CTRL_EXTRA_CHAIN_CERT:
4137 if (ctx->extra_certs == NULL) {
4138 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4139 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4140 return 0;
4141 }
4142 }
4143 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4144 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4145 return 0;
4146 }
4147 break;
4148
4149 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4150 if (ctx->extra_certs == NULL && larg == 0)
4151 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4152 else
4153 *(STACK_OF(X509) **)parg = ctx->extra_certs;
4154 break;
4155
4156 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4157 OSSL_STACK_OF_X509_free(ctx->extra_certs);
4158 ctx->extra_certs = NULL;
4159 break;
4160
4161 case SSL_CTRL_CHAIN:
4162 if (larg)
4163 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4164 else
4165 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4166
4167 case SSL_CTRL_CHAIN_CERT:
4168 if (larg)
4169 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4170 else
4171 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4172
4173 case SSL_CTRL_GET_CHAIN_CERTS:
4174 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4175 break;
4176
4177 case SSL_CTRL_SELECT_CURRENT_CERT:
4178 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4179
4180 case SSL_CTRL_SET_CURRENT_CERT:
4181 return ssl_cert_set_current(ctx->cert, larg);
4182
4183 default:
4184 return 0;
4185 }
4186 return 1;
4187 }
4188
4189 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4190 {
4191 switch (cmd) {
4192 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4193 case SSL_CTRL_SET_TMP_DH_CB:
4194 {
4195 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4196 }
4197 break;
4198 #endif
4199 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4200 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4201 break;
4202
4203 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4204 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4205 break;
4206
4207 # ifndef OPENSSL_NO_DEPRECATED_3_0
4208 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4209 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4210 unsigned char *,
4211 EVP_CIPHER_CTX *,
4212 HMAC_CTX *, int))fp;
4213 break;
4214 #endif
4215
4216 #ifndef OPENSSL_NO_SRP
4217 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4218 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4219 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4220 break;
4221 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4222 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4223 ctx->srp_ctx.TLS_ext_srp_username_callback =
4224 (int (*)(SSL *, int *, void *))fp;
4225 break;
4226 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4227 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4228 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4229 (char *(*)(SSL *, void *))fp;
4230 break;
4231 #endif
4232 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4233 {
4234 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4235 }
4236 break;
4237 default:
4238 return 0;
4239 }
4240 return 1;
4241 }
4242
4243 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4244 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4245 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4246 {
4247 ctx->ext.ticket_key_evp_cb = fp;
4248 return 1;
4249 }
4250
4251 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4252 {
4253 SSL_CIPHER c;
4254 const SSL_CIPHER *cp;
4255
4256 c.id = id;
4257 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4258 if (cp != NULL)
4259 return cp;
4260 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4261 if (cp != NULL)
4262 return cp;
4263 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4264 }
4265
4266 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4267 {
4268 SSL_CIPHER *tbl;
4269 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4270 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4271 SSL3_NUM_SCSVS};
4272
4273 /* this is not efficient, necessary to optimize this? */
4274 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4275 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4276 if (tbl->stdname == NULL)
4277 continue;
4278 if (strcmp(stdname, tbl->stdname) == 0) {
4279 return tbl;
4280 }
4281 }
4282 }
4283 return NULL;
4284 }
4285
4286 /*
4287 * This function needs to check if the ciphers required are actually
4288 * available
4289 */
4290 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4291 {
4292 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4293 | ((uint32_t)p[0] << 8L)
4294 | (uint32_t)p[1]);
4295 }
4296
4297 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4298 {
4299 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4300 *len = 0;
4301 return 1;
4302 }
4303
4304 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4305 return 0;
4306
4307 *len = 2;
4308 return 1;
4309 }
4310
4311 /*
4312 * ssl3_choose_cipher - choose a cipher from those offered by the client
4313 * @s: SSL connection
4314 * @clnt: ciphers offered by the client
4315 * @srvr: ciphers enabled on the server?
4316 *
4317 * Returns the selected cipher or NULL when no common ciphers.
4318 */
4319 const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4320 STACK_OF(SSL_CIPHER) *srvr)
4321 {
4322 const SSL_CIPHER *c, *ret = NULL;
4323 STACK_OF(SSL_CIPHER) *prio, *allow;
4324 int i, ii, ok, prefer_sha256 = 0;
4325 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4326 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4327
4328 /* Let's see which ciphers we can support */
4329
4330 /*
4331 * Do not set the compare functions, because this may lead to a
4332 * reordering by "id". We want to keep the original ordering. We may pay
4333 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4334 * pay with the price of sk_SSL_CIPHER_dup().
4335 */
4336
4337 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4338 BIO_printf(trc_out, "Server has %d from %p:\n",
4339 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4340 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4341 c = sk_SSL_CIPHER_value(srvr, i);
4342 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4343 }
4344 BIO_printf(trc_out, "Client sent %d from %p:\n",
4345 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4346 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4347 c = sk_SSL_CIPHER_value(clnt, i);
4348 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4349 }
4350 } OSSL_TRACE_END(TLS_CIPHER);
4351
4352 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4353 if (tls1_suiteb(s)) {
4354 prio = srvr;
4355 allow = clnt;
4356 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4357 prio = srvr;
4358 allow = clnt;
4359
4360 /* If ChaCha20 is at the top of the client preference list,
4361 and there are ChaCha20 ciphers in the server list, then
4362 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4363 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4364 c = sk_SSL_CIPHER_value(clnt, 0);
4365 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4366 /* ChaCha20 is client preferred, check server... */
4367 int num = sk_SSL_CIPHER_num(srvr);
4368 int found = 0;
4369 for (i = 0; i < num; i++) {
4370 c = sk_SSL_CIPHER_value(srvr, i);
4371 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4372 found = 1;
4373 break;
4374 }
4375 }
4376 if (found) {
4377 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4378 /* if reserve fails, then there's likely a memory issue */
4379 if (prio_chacha != NULL) {
4380 /* Put all ChaCha20 at the top, starting with the one we just found */
4381 sk_SSL_CIPHER_push(prio_chacha, c);
4382 for (i++; i < num; i++) {
4383 c = sk_SSL_CIPHER_value(srvr, i);
4384 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4385 sk_SSL_CIPHER_push(prio_chacha, c);
4386 }
4387 /* Pull in the rest */
4388 for (i = 0; i < num; i++) {
4389 c = sk_SSL_CIPHER_value(srvr, i);
4390 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4391 sk_SSL_CIPHER_push(prio_chacha, c);
4392 }
4393 prio = prio_chacha;
4394 }
4395 }
4396 }
4397 }
4398 } else {
4399 prio = clnt;
4400 allow = srvr;
4401 }
4402
4403 if (SSL_CONNECTION_IS_TLS13(s)) {
4404 #ifndef OPENSSL_NO_PSK
4405 size_t j;
4406
4407 /*
4408 * If we allow "old" style PSK callbacks, and we have no certificate (so
4409 * we're not going to succeed without a PSK anyway), and we're in
4410 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4411 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4412 * that.
4413 */
4414 if (s->psk_server_callback != NULL) {
4415 for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, (int)j); j++);
4416 if (j == s->ssl_pkey_num) {
4417 /* There are no certificates */
4418 prefer_sha256 = 1;
4419 }
4420 }
4421 #endif
4422 } else {
4423 tls1_set_cert_validity(s);
4424 ssl_set_masks(s);
4425 }
4426
4427 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4428 int minversion, maxversion;
4429
4430 c = sk_SSL_CIPHER_value(prio, i);
4431 minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4432 maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4433
4434 /* Skip ciphers not supported by the protocol version */
4435 if (ssl_version_cmp(s, s->version, minversion) < 0
4436 || ssl_version_cmp(s, s->version, maxversion) > 0)
4437 continue;
4438
4439 /*
4440 * Since TLS 1.3 ciphersuites can be used with any auth or
4441 * key exchange scheme skip tests.
4442 */
4443 if (!SSL_CONNECTION_IS_TLS13(s)) {
4444 mask_k = s->s3.tmp.mask_k;
4445 mask_a = s->s3.tmp.mask_a;
4446 #ifndef OPENSSL_NO_SRP
4447 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4448 mask_k |= SSL_kSRP;
4449 mask_a |= SSL_aSRP;
4450 }
4451 #endif
4452
4453 alg_k = c->algorithm_mkey;
4454 alg_a = c->algorithm_auth;
4455
4456 #ifndef OPENSSL_NO_PSK
4457 /* with PSK there must be server callback set */
4458 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4459 continue;
4460 #endif /* OPENSSL_NO_PSK */
4461
4462 ok = (alg_k & mask_k) && (alg_a & mask_a);
4463 OSSL_TRACE7(TLS_CIPHER,
4464 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4465 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4466
4467 /*
4468 * if we are considering an ECC cipher suite that uses an ephemeral
4469 * EC key check it
4470 */
4471 if (alg_k & SSL_kECDHE)
4472 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4473
4474 if (!ok)
4475 continue;
4476 }
4477 ii = sk_SSL_CIPHER_find(allow, c);
4478 if (ii >= 0) {
4479 /* Check security callback permits this cipher */
4480 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4481 c->strength_bits, 0, (void *)c))
4482 continue;
4483
4484 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4485 && s->s3.is_probably_safari) {
4486 if (!ret)
4487 ret = sk_SSL_CIPHER_value(allow, ii);
4488 continue;
4489 }
4490
4491 if (prefer_sha256) {
4492 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4493 const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4494 tmp->algorithm2);
4495
4496 if (md != NULL
4497 && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4498 ret = tmp;
4499 break;
4500 }
4501 if (ret == NULL)
4502 ret = tmp;
4503 continue;
4504 }
4505 ret = sk_SSL_CIPHER_value(allow, ii);
4506 break;
4507 }
4508 }
4509
4510 sk_SSL_CIPHER_free(prio_chacha);
4511
4512 return ret;
4513 }
4514
4515 int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4516 {
4517 uint32_t alg_k, alg_a = 0;
4518
4519 /* If we have custom certificate types set, use them */
4520 if (s->cert->ctype)
4521 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4522 /* Get mask of algorithms disabled by signature list */
4523 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4524
4525 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4526
4527 #ifndef OPENSSL_NO_GOST
4528 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4529 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4530 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4531 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4532 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4533 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4534 return 0;
4535
4536 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4537 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4538 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4539 return 0;
4540 #endif
4541
4542 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4543 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4544 return 0;
4545 if (!(alg_a & SSL_aDSS)
4546 && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4547 return 0;
4548 }
4549 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4550 return 0;
4551 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4552 return 0;
4553
4554 /*
4555 * ECDSA certs can be used with RSA cipher suites too so we don't
4556 * need to check for SSL_kECDH or SSL_kECDHE
4557 */
4558 if (s->version >= TLS1_VERSION
4559 && !(alg_a & SSL_aECDSA)
4560 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4561 return 0;
4562
4563 return 1;
4564 }
4565
4566 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4567 {
4568 OPENSSL_free(c->ctype);
4569 c->ctype = NULL;
4570 c->ctype_len = 0;
4571 if (p == NULL || len == 0)
4572 return 1;
4573 if (len > 0xff)
4574 return 0;
4575 c->ctype = OPENSSL_memdup(p, len);
4576 if (c->ctype == NULL)
4577 return 0;
4578 c->ctype_len = len;
4579 return 1;
4580 }
4581
4582 int ssl3_shutdown(SSL *s)
4583 {
4584 int ret;
4585 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4586
4587 if (sc == NULL)
4588 return 0;
4589
4590 /*
4591 * Don't do anything much if we have not done the handshake or we don't
4592 * want to send messages :-)
4593 */
4594 if (sc->quiet_shutdown || SSL_in_before(s)) {
4595 sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4596 return 1;
4597 }
4598
4599 if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4600 sc->shutdown |= SSL_SENT_SHUTDOWN;
4601 ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4602 /*
4603 * our shutdown alert has been sent now, and if it still needs to be
4604 * written, s->s3.alert_dispatch will be > 0
4605 */
4606 if (sc->s3.alert_dispatch > 0)
4607 return -1; /* return WANT_WRITE */
4608 } else if (sc->s3.alert_dispatch > 0) {
4609 /* resend it if not sent */
4610 ret = s->method->ssl_dispatch_alert(s);
4611 if (ret == -1) {
4612 /*
4613 * we only get to return -1 here the 2nd/Nth invocation, we must
4614 * have already signalled return 0 upon a previous invocation,
4615 * return WANT_WRITE
4616 */
4617 return ret;
4618 }
4619 } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4620 size_t readbytes;
4621 /*
4622 * If we are waiting for a close from our peer, we are closed
4623 */
4624 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4625 if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4626 return -1; /* return WANT_READ */
4627 }
4628 }
4629
4630 if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
4631 && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
4632 return 1;
4633 else
4634 return 0;
4635 }
4636
4637 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4638 {
4639 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4640
4641 if (sc == NULL)
4642 return 0;
4643
4644 clear_sys_error();
4645 if (sc->s3.renegotiate)
4646 ssl3_renegotiate_check(s, 0);
4647
4648 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4649 written);
4650 }
4651
4652 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4653 size_t *readbytes)
4654 {
4655 int ret;
4656 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4657
4658 if (sc == NULL)
4659 return 0;
4660
4661 clear_sys_error();
4662 if (sc->s3.renegotiate)
4663 ssl3_renegotiate_check(s, 0);
4664 sc->s3.in_read_app_data = 1;
4665 ret =
4666 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4667 peek, readbytes);
4668 if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
4669 /*
4670 * ssl3_read_bytes decided to call s->handshake_func, which called
4671 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4672 * actually found application data and thinks that application data
4673 * makes sense here; so disable handshake processing and try to read
4674 * application data again.
4675 */
4676 ossl_statem_set_in_handshake(sc, 1);
4677 ret =
4678 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4679 len, peek, readbytes);
4680 ossl_statem_set_in_handshake(sc, 0);
4681 } else
4682 sc->s3.in_read_app_data = 0;
4683
4684 return ret;
4685 }
4686
4687 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4688 {
4689 return ssl3_read_internal(s, buf, len, 0, readbytes);
4690 }
4691
4692 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4693 {
4694 return ssl3_read_internal(s, buf, len, 1, readbytes);
4695 }
4696
4697 int ssl3_renegotiate(SSL *s)
4698 {
4699 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4700
4701 if (sc == NULL)
4702 return 0;
4703
4704 if (sc->handshake_func == NULL)
4705 return 1;
4706
4707 sc->s3.renegotiate = 1;
4708 return 1;
4709 }
4710
4711 /*
4712 * Check if we are waiting to do a renegotiation and if so whether now is a
4713 * good time to do it. If |initok| is true then we are being called from inside
4714 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4715 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4716 * should do a renegotiation now and sets up the state machine for it. Otherwise
4717 * returns 0.
4718 */
4719 int ssl3_renegotiate_check(SSL *s, int initok)
4720 {
4721 int ret = 0;
4722 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4723
4724 if (sc == NULL)
4725 return 0;
4726
4727 if (sc->s3.renegotiate) {
4728 if (!RECORD_LAYER_read_pending(&sc->rlayer)
4729 && !RECORD_LAYER_write_pending(&sc->rlayer)
4730 && (initok || !SSL_in_init(s))) {
4731 /*
4732 * if we are the server, and we have sent a 'RENEGOTIATE'
4733 * message, we need to set the state machine into the renegotiate
4734 * state.
4735 */
4736 ossl_statem_set_renegotiate(sc);
4737 sc->s3.renegotiate = 0;
4738 sc->s3.num_renegotiations++;
4739 sc->s3.total_renegotiations++;
4740 ret = 1;
4741 }
4742 }
4743 return ret;
4744 }
4745
4746 /*
4747 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4748 * handshake macs if required.
4749 *
4750 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4751 */
4752 long ssl_get_algorithm2(SSL_CONNECTION *s)
4753 {
4754 long alg2;
4755 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4756
4757 if (s->s3.tmp.new_cipher == NULL)
4758 return -1;
4759 alg2 = s->s3.tmp.new_cipher->algorithm2;
4760 if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4761 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4762 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4763 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4764 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4765 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4766 }
4767 return alg2;
4768 }
4769
4770 /*
4771 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4772 * failure, 1 on success.
4773 */
4774 int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
4775 unsigned char *result, size_t len,
4776 DOWNGRADE dgrd)
4777 {
4778 int send_time = 0, ret;
4779
4780 if (len < 4)
4781 return 0;
4782 if (server)
4783 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4784 else
4785 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4786 if (send_time) {
4787 unsigned long Time = (unsigned long)time(NULL);
4788 unsigned char *p = result;
4789
4790 l2n(Time, p);
4791 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
4792 } else {
4793 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
4794 }
4795
4796 if (ret > 0) {
4797 if (!ossl_assert(sizeof(tls11downgrade) < len)
4798 || !ossl_assert(sizeof(tls12downgrade) < len))
4799 return 0;
4800 if (dgrd == DOWNGRADE_TO_1_2)
4801 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4802 sizeof(tls12downgrade));
4803 else if (dgrd == DOWNGRADE_TO_1_1)
4804 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4805 sizeof(tls11downgrade));
4806 }
4807
4808 return ret;
4809 }
4810
4811 int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
4812 size_t pmslen, int free_pms)
4813 {
4814 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4815 int ret = 0;
4816 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4817
4818 if (alg_k & SSL_PSK) {
4819 #ifndef OPENSSL_NO_PSK
4820 unsigned char *pskpms, *t;
4821 size_t psklen = s->s3.tmp.psklen;
4822 size_t pskpmslen;
4823
4824 /* create PSK premaster_secret */
4825
4826 /* For plain PSK "other_secret" is psklen zeroes */
4827 if (alg_k & SSL_kPSK)
4828 pmslen = psklen;
4829
4830 pskpmslen = 4 + pmslen + psklen;
4831 pskpms = OPENSSL_malloc(pskpmslen);
4832 if (pskpms == NULL)
4833 goto err;
4834 t = pskpms;
4835 s2n(pmslen, t);
4836 if (alg_k & SSL_kPSK)
4837 memset(t, 0, pmslen);
4838 else
4839 memcpy(t, pms, pmslen);
4840 t += pmslen;
4841 s2n(psklen, t);
4842 memcpy(t, s->s3.tmp.psk, psklen);
4843
4844 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4845 s->s3.tmp.psk = NULL;
4846 s->s3.tmp.psklen = 0;
4847 if (!ssl->method->ssl3_enc->generate_master_secret(s,
4848 s->session->master_key, pskpms, pskpmslen,
4849 &s->session->master_key_length)) {
4850 OPENSSL_clear_free(pskpms, pskpmslen);
4851 /* SSLfatal() already called */
4852 goto err;
4853 }
4854 OPENSSL_clear_free(pskpms, pskpmslen);
4855 #else
4856 /* Should never happen */
4857 goto err;
4858 #endif
4859 } else {
4860 if (!ssl->method->ssl3_enc->generate_master_secret(s,
4861 s->session->master_key, pms, pmslen,
4862 &s->session->master_key_length)) {
4863 /* SSLfatal() already called */
4864 goto err;
4865 }
4866 }
4867
4868 ret = 1;
4869 err:
4870 if (pms) {
4871 if (free_pms)
4872 OPENSSL_clear_free(pms, pmslen);
4873 else
4874 OPENSSL_cleanse(pms, pmslen);
4875 }
4876 if (s->server == 0) {
4877 s->s3.tmp.pms = NULL;
4878 s->s3.tmp.pmslen = 0;
4879 }
4880 return ret;
4881 }
4882
4883 /* Generate a private key from parameters */
4884 EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
4885 {
4886 EVP_PKEY_CTX *pctx = NULL;
4887 EVP_PKEY *pkey = NULL;
4888 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4889
4890 if (pm == NULL)
4891 return NULL;
4892 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
4893 if (pctx == NULL)
4894 goto err;
4895 if (EVP_PKEY_keygen_init(pctx) <= 0)
4896 goto err;
4897 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4898 EVP_PKEY_free(pkey);
4899 pkey = NULL;
4900 }
4901
4902 err:
4903 EVP_PKEY_CTX_free(pctx);
4904 return pkey;
4905 }
4906
4907 /* Generate a private key from a group ID */
4908 EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
4909 {
4910 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4911 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4912 EVP_PKEY_CTX *pctx = NULL;
4913 EVP_PKEY *pkey = NULL;
4914
4915 if (ginf == NULL) {
4916 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4917 goto err;
4918 }
4919
4920 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4921 sctx->propq);
4922
4923 if (pctx == NULL) {
4924 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4925 goto err;
4926 }
4927 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4928 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4929 goto err;
4930 }
4931 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4932 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4933 goto err;
4934 }
4935 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4936 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4937 EVP_PKEY_free(pkey);
4938 pkey = NULL;
4939 }
4940
4941 err:
4942 EVP_PKEY_CTX_free(pctx);
4943 return pkey;
4944 }
4945
4946 /*
4947 * Generate parameters from a group ID
4948 */
4949 EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
4950 {
4951 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4952 EVP_PKEY_CTX *pctx = NULL;
4953 EVP_PKEY *pkey = NULL;
4954 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4955
4956 if (ginf == NULL)
4957 goto err;
4958
4959 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4960 sctx->propq);
4961
4962 if (pctx == NULL)
4963 goto err;
4964 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4965 goto err;
4966 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4967 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4968 goto err;
4969 }
4970 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4971 EVP_PKEY_free(pkey);
4972 pkey = NULL;
4973 }
4974
4975 err:
4976 EVP_PKEY_CTX_free(pctx);
4977 return pkey;
4978 }
4979
4980 /* Generate secrets from pms */
4981 int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
4982 {
4983 int rv = 0;
4984
4985 /* SSLfatal() called as appropriate in the below functions */
4986 if (SSL_CONNECTION_IS_TLS13(s)) {
4987 /*
4988 * If we are resuming then we already generated the early secret
4989 * when we created the ClientHello, so don't recreate it.
4990 */
4991 if (!s->hit)
4992 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4993 0,
4994 (unsigned char *)&s->early_secret);
4995 else
4996 rv = 1;
4997
4998 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4999 } else {
5000 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
5001 }
5002
5003 return rv;
5004 }
5005
5006 /* Derive secrets for ECDH/DH */
5007 int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
5008 {
5009 int rv = 0;
5010 unsigned char *pms = NULL;
5011 size_t pmslen = 0;
5012 EVP_PKEY_CTX *pctx;
5013 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5014
5015 if (privkey == NULL || pubkey == NULL) {
5016 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5017 return 0;
5018 }
5019
5020 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5021
5022 if (EVP_PKEY_derive_init(pctx) <= 0
5023 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
5024 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
5025 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5026 goto err;
5027 }
5028
5029 if (SSL_CONNECTION_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
5030 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
5031
5032 pms = OPENSSL_malloc(pmslen);
5033 if (pms == NULL) {
5034 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5035 goto err;
5036 }
5037
5038 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
5039 /*
5040 * the public key was probably a weak key
5041 */
5042 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5043 goto err;
5044 }
5045
5046 if (gensecret) {
5047 /* SSLfatal() called as appropriate in the below functions */
5048 rv = ssl_gensecret(s, pms, pmslen);
5049 } else {
5050 /* Save premaster secret */
5051 s->s3.tmp.pms = pms;
5052 s->s3.tmp.pmslen = pmslen;
5053 pms = NULL;
5054 rv = 1;
5055 }
5056
5057 err:
5058 OPENSSL_clear_free(pms, pmslen);
5059 EVP_PKEY_CTX_free(pctx);
5060 return rv;
5061 }
5062
5063 /* Decapsulate secrets for KEM */
5064 int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
5065 const unsigned char *ct, size_t ctlen,
5066 int gensecret)
5067 {
5068 int rv = 0;
5069 unsigned char *pms = NULL;
5070 size_t pmslen = 0;
5071 EVP_PKEY_CTX *pctx;
5072 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5073
5074 if (privkey == NULL) {
5075 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5076 return 0;
5077 }
5078
5079 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5080
5081 if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
5082 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
5083 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5084 goto err;
5085 }
5086
5087 pms = OPENSSL_malloc(pmslen);
5088 if (pms == NULL) {
5089 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5090 goto err;
5091 }
5092
5093 if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5094 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5095 goto err;
5096 }
5097
5098 if (gensecret) {
5099 /* SSLfatal() called as appropriate in the below functions */
5100 rv = ssl_gensecret(s, pms, pmslen);
5101 } else {
5102 /* Save premaster secret */
5103 s->s3.tmp.pms = pms;
5104 s->s3.tmp.pmslen = pmslen;
5105 pms = NULL;
5106 rv = 1;
5107 }
5108
5109 err:
5110 OPENSSL_clear_free(pms, pmslen);
5111 EVP_PKEY_CTX_free(pctx);
5112 return rv;
5113 }
5114
5115 int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5116 unsigned char **ctp, size_t *ctlenp,
5117 int gensecret)
5118 {
5119 int rv = 0;
5120 unsigned char *pms = NULL, *ct = NULL;
5121 size_t pmslen = 0, ctlen = 0;
5122 EVP_PKEY_CTX *pctx;
5123 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5124
5125 if (pubkey == NULL) {
5126 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5127 return 0;
5128 }
5129
5130 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5131
5132 if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5133 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5134 || pmslen == 0 || ctlen == 0) {
5135 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5136 goto err;
5137 }
5138
5139 pms = OPENSSL_malloc(pmslen);
5140 ct = OPENSSL_malloc(ctlen);
5141 if (pms == NULL || ct == NULL) {
5142 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5143 goto err;
5144 }
5145
5146 if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5147 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5148 goto err;
5149 }
5150
5151 if (gensecret) {
5152 /* SSLfatal() called as appropriate in the below functions */
5153 rv = ssl_gensecret(s, pms, pmslen);
5154 } else {
5155 /* Save premaster secret */
5156 s->s3.tmp.pms = pms;
5157 s->s3.tmp.pmslen = pmslen;
5158 pms = NULL;
5159 rv = 1;
5160 }
5161
5162 if (rv > 0) {
5163 /* Pass ownership of ct to caller */
5164 *ctp = ct;
5165 *ctlenp = ctlen;
5166 ct = NULL;
5167 }
5168
5169 err:
5170 OPENSSL_clear_free(pms, pmslen);
5171 OPENSSL_free(ct);
5172 EVP_PKEY_CTX_free(pctx);
5173 return rv;
5174 }
5175
5176 const char *SSL_get0_group_name(SSL *s)
5177 {
5178 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5179 unsigned int id;
5180
5181 if (sc == NULL)
5182 return NULL;
5183
5184 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5185 id = sc->s3.group_id;
5186 else
5187 id = sc->session->kex_group;
5188
5189 return tls1_group_id2name(s->ctx, id);
5190 }
5191
5192 const char *SSL_group_to_name(SSL *s, int nid) {
5193 int group_id = 0;
5194 const TLS_GROUP_INFO *cinf = NULL;
5195
5196 /* first convert to real group id for internal and external IDs */
5197 if (nid & TLSEXT_nid_unknown)
5198 group_id = nid & 0xFFFF;
5199 else
5200 group_id = tls1_nid2group_id(nid);
5201
5202 /* then look up */
5203 cinf = tls1_group_id_lookup(s->ctx, group_id);
5204
5205 if (cinf != NULL)
5206 return cinf->tlsname;
5207 return NULL;
5208 }
Mirror of https://github.com/openssl/openssl.git