]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/s3_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Raise an error on syscall failure in tls_retry_write_records
[thirdparty/openssl.git] / ssl / s3_lib.c
1 /*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include "internal/cryptlib.h"
22
23 DEFINE_STACK_OF(X509_NAME)
24 DEFINE_STACK_OF(X509)
25 DEFINE_STACK_OF_CONST(SSL_CIPHER)
26
27 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
28 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
29 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
30
31 /* TLSv1.3 downgrade protection sentinel values */
32 const unsigned char tls11downgrade[] = {
33 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
34 };
35 const unsigned char tls12downgrade[] = {
36 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
37 };
38
39 /* The list of available TLSv1.3 ciphers */
40 static SSL_CIPHER tls13_ciphers[] = {
41 {
42 1,
43 TLS1_3_RFC_AES_128_GCM_SHA256,
44 TLS1_3_RFC_AES_128_GCM_SHA256,
45 TLS1_3_CK_AES_128_GCM_SHA256,
46 SSL_kANY,
47 SSL_aANY,
48 SSL_AES128GCM,
49 SSL_AEAD,
50 TLS1_3_VERSION, TLS1_3_VERSION,
51 0, 0,
52 SSL_HIGH,
53 SSL_HANDSHAKE_MAC_SHA256,
54 128,
55 128,
56 }, {
57 1,
58 TLS1_3_RFC_AES_256_GCM_SHA384,
59 TLS1_3_RFC_AES_256_GCM_SHA384,
60 TLS1_3_CK_AES_256_GCM_SHA384,
61 SSL_kANY,
62 SSL_aANY,
63 SSL_AES256GCM,
64 SSL_AEAD,
65 TLS1_3_VERSION, TLS1_3_VERSION,
66 0, 0,
67 SSL_HIGH,
68 SSL_HANDSHAKE_MAC_SHA384,
69 256,
70 256,
71 },
72 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
73 {
74 1,
75 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
76 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
77 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
78 SSL_kANY,
79 SSL_aANY,
80 SSL_CHACHA20POLY1305,
81 SSL_AEAD,
82 TLS1_3_VERSION, TLS1_3_VERSION,
83 0, 0,
84 SSL_HIGH,
85 SSL_HANDSHAKE_MAC_SHA256,
86 256,
87 256,
88 },
89 #endif
90 {
91 1,
92 TLS1_3_RFC_AES_128_CCM_SHA256,
93 TLS1_3_RFC_AES_128_CCM_SHA256,
94 TLS1_3_CK_AES_128_CCM_SHA256,
95 SSL_kANY,
96 SSL_aANY,
97 SSL_AES128CCM,
98 SSL_AEAD,
99 TLS1_3_VERSION, TLS1_3_VERSION,
100 0, 0,
101 SSL_NOT_DEFAULT | SSL_HIGH,
102 SSL_HANDSHAKE_MAC_SHA256,
103 128,
104 128,
105 }, {
106 1,
107 TLS1_3_RFC_AES_128_CCM_8_SHA256,
108 TLS1_3_RFC_AES_128_CCM_8_SHA256,
109 TLS1_3_CK_AES_128_CCM_8_SHA256,
110 SSL_kANY,
111 SSL_aANY,
112 SSL_AES128CCM8,
113 SSL_AEAD,
114 TLS1_3_VERSION, TLS1_3_VERSION,
115 0, 0,
116 SSL_NOT_DEFAULT | SSL_HIGH,
117 SSL_HANDSHAKE_MAC_SHA256,
118 128,
119 128,
120 }
121 };
122
123 /*
124 * The list of available ciphers, mostly organized into the following
125 * groups:
126 * Always there
127 * EC
128 * PSK
129 * SRP (within that: RSA EC PSK)
130 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
131 * Weak ciphers
132 */
133 static SSL_CIPHER ssl3_ciphers[] = {
134 {
135 1,
136 SSL3_TXT_RSA_NULL_MD5,
137 SSL3_RFC_RSA_NULL_MD5,
138 SSL3_CK_RSA_NULL_MD5,
139 SSL_kRSA,
140 SSL_aRSA,
141 SSL_eNULL,
142 SSL_MD5,
143 SSL3_VERSION, TLS1_2_VERSION,
144 DTLS1_BAD_VER, DTLS1_2_VERSION,
145 SSL_STRONG_NONE,
146 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
147 0,
148 0,
149 },
150 {
151 1,
152 SSL3_TXT_RSA_NULL_SHA,
153 SSL3_RFC_RSA_NULL_SHA,
154 SSL3_CK_RSA_NULL_SHA,
155 SSL_kRSA,
156 SSL_aRSA,
157 SSL_eNULL,
158 SSL_SHA1,
159 SSL3_VERSION, TLS1_2_VERSION,
160 DTLS1_BAD_VER, DTLS1_2_VERSION,
161 SSL_STRONG_NONE | SSL_FIPS,
162 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
163 0,
164 0,
165 },
166 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
167 {
168 1,
169 SSL3_TXT_RSA_DES_192_CBC3_SHA,
170 SSL3_RFC_RSA_DES_192_CBC3_SHA,
171 SSL3_CK_RSA_DES_192_CBC3_SHA,
172 SSL_kRSA,
173 SSL_aRSA,
174 SSL_3DES,
175 SSL_SHA1,
176 SSL3_VERSION, TLS1_2_VERSION,
177 DTLS1_BAD_VER, DTLS1_2_VERSION,
178 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
179 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
180 112,
181 168,
182 },
183 {
184 1,
185 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
186 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
187 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
188 SSL_kDHE,
189 SSL_aDSS,
190 SSL_3DES,
191 SSL_SHA1,
192 SSL3_VERSION, TLS1_2_VERSION,
193 DTLS1_BAD_VER, DTLS1_2_VERSION,
194 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
195 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
196 112,
197 168,
198 },
199 {
200 1,
201 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
202 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
203 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
204 SSL_kDHE,
205 SSL_aRSA,
206 SSL_3DES,
207 SSL_SHA1,
208 SSL3_VERSION, TLS1_2_VERSION,
209 DTLS1_BAD_VER, DTLS1_2_VERSION,
210 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
211 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
212 112,
213 168,
214 },
215 {
216 1,
217 SSL3_TXT_ADH_DES_192_CBC_SHA,
218 SSL3_RFC_ADH_DES_192_CBC_SHA,
219 SSL3_CK_ADH_DES_192_CBC_SHA,
220 SSL_kDHE,
221 SSL_aNULL,
222 SSL_3DES,
223 SSL_SHA1,
224 SSL3_VERSION, TLS1_2_VERSION,
225 DTLS1_BAD_VER, DTLS1_2_VERSION,
226 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
227 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228 112,
229 168,
230 },
231 #endif
232 {
233 1,
234 TLS1_TXT_RSA_WITH_AES_128_SHA,
235 TLS1_RFC_RSA_WITH_AES_128_SHA,
236 TLS1_CK_RSA_WITH_AES_128_SHA,
237 SSL_kRSA,
238 SSL_aRSA,
239 SSL_AES128,
240 SSL_SHA1,
241 SSL3_VERSION, TLS1_2_VERSION,
242 DTLS1_BAD_VER, DTLS1_2_VERSION,
243 SSL_HIGH | SSL_FIPS,
244 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
245 128,
246 128,
247 },
248 {
249 1,
250 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
251 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
252 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
253 SSL_kDHE,
254 SSL_aDSS,
255 SSL_AES128,
256 SSL_SHA1,
257 SSL3_VERSION, TLS1_2_VERSION,
258 DTLS1_BAD_VER, DTLS1_2_VERSION,
259 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
260 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
261 128,
262 128,
263 },
264 {
265 1,
266 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
267 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
268 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
269 SSL_kDHE,
270 SSL_aRSA,
271 SSL_AES128,
272 SSL_SHA1,
273 SSL3_VERSION, TLS1_2_VERSION,
274 DTLS1_BAD_VER, DTLS1_2_VERSION,
275 SSL_HIGH | SSL_FIPS,
276 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
277 128,
278 128,
279 },
280 {
281 1,
282 TLS1_TXT_ADH_WITH_AES_128_SHA,
283 TLS1_RFC_ADH_WITH_AES_128_SHA,
284 TLS1_CK_ADH_WITH_AES_128_SHA,
285 SSL_kDHE,
286 SSL_aNULL,
287 SSL_AES128,
288 SSL_SHA1,
289 SSL3_VERSION, TLS1_2_VERSION,
290 DTLS1_BAD_VER, DTLS1_2_VERSION,
291 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
292 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293 128,
294 128,
295 },
296 {
297 1,
298 TLS1_TXT_RSA_WITH_AES_256_SHA,
299 TLS1_RFC_RSA_WITH_AES_256_SHA,
300 TLS1_CK_RSA_WITH_AES_256_SHA,
301 SSL_kRSA,
302 SSL_aRSA,
303 SSL_AES256,
304 SSL_SHA1,
305 SSL3_VERSION, TLS1_2_VERSION,
306 DTLS1_BAD_VER, DTLS1_2_VERSION,
307 SSL_HIGH | SSL_FIPS,
308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
309 256,
310 256,
311 },
312 {
313 1,
314 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
315 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
316 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
317 SSL_kDHE,
318 SSL_aDSS,
319 SSL_AES256,
320 SSL_SHA1,
321 SSL3_VERSION, TLS1_2_VERSION,
322 DTLS1_BAD_VER, DTLS1_2_VERSION,
323 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
324 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
325 256,
326 256,
327 },
328 {
329 1,
330 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
331 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
332 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
333 SSL_kDHE,
334 SSL_aRSA,
335 SSL_AES256,
336 SSL_SHA1,
337 SSL3_VERSION, TLS1_2_VERSION,
338 DTLS1_BAD_VER, DTLS1_2_VERSION,
339 SSL_HIGH | SSL_FIPS,
340 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
341 256,
342 256,
343 },
344 {
345 1,
346 TLS1_TXT_ADH_WITH_AES_256_SHA,
347 TLS1_RFC_ADH_WITH_AES_256_SHA,
348 TLS1_CK_ADH_WITH_AES_256_SHA,
349 SSL_kDHE,
350 SSL_aNULL,
351 SSL_AES256,
352 SSL_SHA1,
353 SSL3_VERSION, TLS1_2_VERSION,
354 DTLS1_BAD_VER, DTLS1_2_VERSION,
355 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
356 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
357 256,
358 256,
359 },
360 {
361 1,
362 TLS1_TXT_RSA_WITH_NULL_SHA256,
363 TLS1_RFC_RSA_WITH_NULL_SHA256,
364 TLS1_CK_RSA_WITH_NULL_SHA256,
365 SSL_kRSA,
366 SSL_aRSA,
367 SSL_eNULL,
368 SSL_SHA256,
369 TLS1_2_VERSION, TLS1_2_VERSION,
370 DTLS1_2_VERSION, DTLS1_2_VERSION,
371 SSL_STRONG_NONE | SSL_FIPS,
372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
373 0,
374 0,
375 },
376 {
377 1,
378 TLS1_TXT_RSA_WITH_AES_128_SHA256,
379 TLS1_RFC_RSA_WITH_AES_128_SHA256,
380 TLS1_CK_RSA_WITH_AES_128_SHA256,
381 SSL_kRSA,
382 SSL_aRSA,
383 SSL_AES128,
384 SSL_SHA256,
385 TLS1_2_VERSION, TLS1_2_VERSION,
386 DTLS1_2_VERSION, DTLS1_2_VERSION,
387 SSL_HIGH | SSL_FIPS,
388 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
389 128,
390 128,
391 },
392 {
393 1,
394 TLS1_TXT_RSA_WITH_AES_256_SHA256,
395 TLS1_RFC_RSA_WITH_AES_256_SHA256,
396 TLS1_CK_RSA_WITH_AES_256_SHA256,
397 SSL_kRSA,
398 SSL_aRSA,
399 SSL_AES256,
400 SSL_SHA256,
401 TLS1_2_VERSION, TLS1_2_VERSION,
402 DTLS1_2_VERSION, DTLS1_2_VERSION,
403 SSL_HIGH | SSL_FIPS,
404 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
405 256,
406 256,
407 },
408 {
409 1,
410 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
411 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
412 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
413 SSL_kDHE,
414 SSL_aDSS,
415 SSL_AES128,
416 SSL_SHA256,
417 TLS1_2_VERSION, TLS1_2_VERSION,
418 DTLS1_2_VERSION, DTLS1_2_VERSION,
419 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
421 128,
422 128,
423 },
424 {
425 1,
426 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
427 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
428 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
429 SSL_kDHE,
430 SSL_aRSA,
431 SSL_AES128,
432 SSL_SHA256,
433 TLS1_2_VERSION, TLS1_2_VERSION,
434 DTLS1_2_VERSION, DTLS1_2_VERSION,
435 SSL_HIGH | SSL_FIPS,
436 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
437 128,
438 128,
439 },
440 {
441 1,
442 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
443 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
444 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
445 SSL_kDHE,
446 SSL_aDSS,
447 SSL_AES256,
448 SSL_SHA256,
449 TLS1_2_VERSION, TLS1_2_VERSION,
450 DTLS1_2_VERSION, DTLS1_2_VERSION,
451 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
453 256,
454 256,
455 },
456 {
457 1,
458 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
459 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
460 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
461 SSL_kDHE,
462 SSL_aRSA,
463 SSL_AES256,
464 SSL_SHA256,
465 TLS1_2_VERSION, TLS1_2_VERSION,
466 DTLS1_2_VERSION, DTLS1_2_VERSION,
467 SSL_HIGH | SSL_FIPS,
468 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
469 256,
470 256,
471 },
472 {
473 1,
474 TLS1_TXT_ADH_WITH_AES_128_SHA256,
475 TLS1_RFC_ADH_WITH_AES_128_SHA256,
476 TLS1_CK_ADH_WITH_AES_128_SHA256,
477 SSL_kDHE,
478 SSL_aNULL,
479 SSL_AES128,
480 SSL_SHA256,
481 TLS1_2_VERSION, TLS1_2_VERSION,
482 DTLS1_2_VERSION, DTLS1_2_VERSION,
483 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
484 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
485 128,
486 128,
487 },
488 {
489 1,
490 TLS1_TXT_ADH_WITH_AES_256_SHA256,
491 TLS1_RFC_ADH_WITH_AES_256_SHA256,
492 TLS1_CK_ADH_WITH_AES_256_SHA256,
493 SSL_kDHE,
494 SSL_aNULL,
495 SSL_AES256,
496 SSL_SHA256,
497 TLS1_2_VERSION, TLS1_2_VERSION,
498 DTLS1_2_VERSION, DTLS1_2_VERSION,
499 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
500 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
501 256,
502 256,
503 },
504 {
505 1,
506 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
507 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
508 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
509 SSL_kRSA,
510 SSL_aRSA,
511 SSL_AES128GCM,
512 SSL_AEAD,
513 TLS1_2_VERSION, TLS1_2_VERSION,
514 DTLS1_2_VERSION, DTLS1_2_VERSION,
515 SSL_HIGH | SSL_FIPS,
516 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
517 128,
518 128,
519 },
520 {
521 1,
522 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
523 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
524 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
525 SSL_kRSA,
526 SSL_aRSA,
527 SSL_AES256GCM,
528 SSL_AEAD,
529 TLS1_2_VERSION, TLS1_2_VERSION,
530 DTLS1_2_VERSION, DTLS1_2_VERSION,
531 SSL_HIGH | SSL_FIPS,
532 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
533 256,
534 256,
535 },
536 {
537 1,
538 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
539 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
540 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
541 SSL_kDHE,
542 SSL_aRSA,
543 SSL_AES128GCM,
544 SSL_AEAD,
545 TLS1_2_VERSION, TLS1_2_VERSION,
546 DTLS1_2_VERSION, DTLS1_2_VERSION,
547 SSL_HIGH | SSL_FIPS,
548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
549 128,
550 128,
551 },
552 {
553 1,
554 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
555 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
556 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
557 SSL_kDHE,
558 SSL_aRSA,
559 SSL_AES256GCM,
560 SSL_AEAD,
561 TLS1_2_VERSION, TLS1_2_VERSION,
562 DTLS1_2_VERSION, DTLS1_2_VERSION,
563 SSL_HIGH | SSL_FIPS,
564 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
565 256,
566 256,
567 },
568 {
569 1,
570 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
571 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
572 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
573 SSL_kDHE,
574 SSL_aDSS,
575 SSL_AES128GCM,
576 SSL_AEAD,
577 TLS1_2_VERSION, TLS1_2_VERSION,
578 DTLS1_2_VERSION, DTLS1_2_VERSION,
579 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
580 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
581 128,
582 128,
583 },
584 {
585 1,
586 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
587 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
588 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
589 SSL_kDHE,
590 SSL_aDSS,
591 SSL_AES256GCM,
592 SSL_AEAD,
593 TLS1_2_VERSION, TLS1_2_VERSION,
594 DTLS1_2_VERSION, DTLS1_2_VERSION,
595 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
596 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
597 256,
598 256,
599 },
600 {
601 1,
602 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
603 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
604 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
605 SSL_kDHE,
606 SSL_aNULL,
607 SSL_AES128GCM,
608 SSL_AEAD,
609 TLS1_2_VERSION, TLS1_2_VERSION,
610 DTLS1_2_VERSION, DTLS1_2_VERSION,
611 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
612 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
613 128,
614 128,
615 },
616 {
617 1,
618 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
619 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
620 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
621 SSL_kDHE,
622 SSL_aNULL,
623 SSL_AES256GCM,
624 SSL_AEAD,
625 TLS1_2_VERSION, TLS1_2_VERSION,
626 DTLS1_2_VERSION, DTLS1_2_VERSION,
627 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
628 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
629 256,
630 256,
631 },
632 {
633 1,
634 TLS1_TXT_RSA_WITH_AES_128_CCM,
635 TLS1_RFC_RSA_WITH_AES_128_CCM,
636 TLS1_CK_RSA_WITH_AES_128_CCM,
637 SSL_kRSA,
638 SSL_aRSA,
639 SSL_AES128CCM,
640 SSL_AEAD,
641 TLS1_2_VERSION, TLS1_2_VERSION,
642 DTLS1_2_VERSION, DTLS1_2_VERSION,
643 SSL_NOT_DEFAULT | SSL_HIGH,
644 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
645 128,
646 128,
647 },
648 {
649 1,
650 TLS1_TXT_RSA_WITH_AES_256_CCM,
651 TLS1_RFC_RSA_WITH_AES_256_CCM,
652 TLS1_CK_RSA_WITH_AES_256_CCM,
653 SSL_kRSA,
654 SSL_aRSA,
655 SSL_AES256CCM,
656 SSL_AEAD,
657 TLS1_2_VERSION, TLS1_2_VERSION,
658 DTLS1_2_VERSION, DTLS1_2_VERSION,
659 SSL_NOT_DEFAULT | SSL_HIGH,
660 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
661 256,
662 256,
663 },
664 {
665 1,
666 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
667 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
668 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
669 SSL_kDHE,
670 SSL_aRSA,
671 SSL_AES128CCM,
672 SSL_AEAD,
673 TLS1_2_VERSION, TLS1_2_VERSION,
674 DTLS1_2_VERSION, DTLS1_2_VERSION,
675 SSL_NOT_DEFAULT | SSL_HIGH,
676 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
677 128,
678 128,
679 },
680 {
681 1,
682 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
683 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
684 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
685 SSL_kDHE,
686 SSL_aRSA,
687 SSL_AES256CCM,
688 SSL_AEAD,
689 TLS1_2_VERSION, TLS1_2_VERSION,
690 DTLS1_2_VERSION, DTLS1_2_VERSION,
691 SSL_NOT_DEFAULT | SSL_HIGH,
692 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
693 256,
694 256,
695 },
696 {
697 1,
698 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
699 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
700 TLS1_CK_RSA_WITH_AES_128_CCM_8,
701 SSL_kRSA,
702 SSL_aRSA,
703 SSL_AES128CCM8,
704 SSL_AEAD,
705 TLS1_2_VERSION, TLS1_2_VERSION,
706 DTLS1_2_VERSION, DTLS1_2_VERSION,
707 SSL_NOT_DEFAULT | SSL_HIGH,
708 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
709 128,
710 128,
711 },
712 {
713 1,
714 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
715 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
716 TLS1_CK_RSA_WITH_AES_256_CCM_8,
717 SSL_kRSA,
718 SSL_aRSA,
719 SSL_AES256CCM8,
720 SSL_AEAD,
721 TLS1_2_VERSION, TLS1_2_VERSION,
722 DTLS1_2_VERSION, DTLS1_2_VERSION,
723 SSL_NOT_DEFAULT | SSL_HIGH,
724 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
725 256,
726 256,
727 },
728 {
729 1,
730 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
731 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
732 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
733 SSL_kDHE,
734 SSL_aRSA,
735 SSL_AES128CCM8,
736 SSL_AEAD,
737 TLS1_2_VERSION, TLS1_2_VERSION,
738 DTLS1_2_VERSION, DTLS1_2_VERSION,
739 SSL_NOT_DEFAULT | SSL_HIGH,
740 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
741 128,
742 128,
743 },
744 {
745 1,
746 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
747 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
748 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
749 SSL_kDHE,
750 SSL_aRSA,
751 SSL_AES256CCM8,
752 SSL_AEAD,
753 TLS1_2_VERSION, TLS1_2_VERSION,
754 DTLS1_2_VERSION, DTLS1_2_VERSION,
755 SSL_NOT_DEFAULT | SSL_HIGH,
756 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
757 256,
758 256,
759 },
760 {
761 1,
762 TLS1_TXT_PSK_WITH_AES_128_CCM,
763 TLS1_RFC_PSK_WITH_AES_128_CCM,
764 TLS1_CK_PSK_WITH_AES_128_CCM,
765 SSL_kPSK,
766 SSL_aPSK,
767 SSL_AES128CCM,
768 SSL_AEAD,
769 TLS1_2_VERSION, TLS1_2_VERSION,
770 DTLS1_2_VERSION, DTLS1_2_VERSION,
771 SSL_NOT_DEFAULT | SSL_HIGH,
772 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
773 128,
774 128,
775 },
776 {
777 1,
778 TLS1_TXT_PSK_WITH_AES_256_CCM,
779 TLS1_RFC_PSK_WITH_AES_256_CCM,
780 TLS1_CK_PSK_WITH_AES_256_CCM,
781 SSL_kPSK,
782 SSL_aPSK,
783 SSL_AES256CCM,
784 SSL_AEAD,
785 TLS1_2_VERSION, TLS1_2_VERSION,
786 DTLS1_2_VERSION, DTLS1_2_VERSION,
787 SSL_NOT_DEFAULT | SSL_HIGH,
788 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
789 256,
790 256,
791 },
792 {
793 1,
794 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
795 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
796 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
797 SSL_kDHEPSK,
798 SSL_aPSK,
799 SSL_AES128CCM,
800 SSL_AEAD,
801 TLS1_2_VERSION, TLS1_2_VERSION,
802 DTLS1_2_VERSION, DTLS1_2_VERSION,
803 SSL_NOT_DEFAULT | SSL_HIGH,
804 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
805 128,
806 128,
807 },
808 {
809 1,
810 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
811 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
812 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
813 SSL_kDHEPSK,
814 SSL_aPSK,
815 SSL_AES256CCM,
816 SSL_AEAD,
817 TLS1_2_VERSION, TLS1_2_VERSION,
818 DTLS1_2_VERSION, DTLS1_2_VERSION,
819 SSL_NOT_DEFAULT | SSL_HIGH,
820 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
821 256,
822 256,
823 },
824 {
825 1,
826 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
827 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
828 TLS1_CK_PSK_WITH_AES_128_CCM_8,
829 SSL_kPSK,
830 SSL_aPSK,
831 SSL_AES128CCM8,
832 SSL_AEAD,
833 TLS1_2_VERSION, TLS1_2_VERSION,
834 DTLS1_2_VERSION, DTLS1_2_VERSION,
835 SSL_NOT_DEFAULT | SSL_HIGH,
836 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
837 128,
838 128,
839 },
840 {
841 1,
842 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
843 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
844 TLS1_CK_PSK_WITH_AES_256_CCM_8,
845 SSL_kPSK,
846 SSL_aPSK,
847 SSL_AES256CCM8,
848 SSL_AEAD,
849 TLS1_2_VERSION, TLS1_2_VERSION,
850 DTLS1_2_VERSION, DTLS1_2_VERSION,
851 SSL_NOT_DEFAULT | SSL_HIGH,
852 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
853 256,
854 256,
855 },
856 {
857 1,
858 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
859 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
860 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
861 SSL_kDHEPSK,
862 SSL_aPSK,
863 SSL_AES128CCM8,
864 SSL_AEAD,
865 TLS1_2_VERSION, TLS1_2_VERSION,
866 DTLS1_2_VERSION, DTLS1_2_VERSION,
867 SSL_NOT_DEFAULT | SSL_HIGH,
868 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
869 128,
870 128,
871 },
872 {
873 1,
874 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
875 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
876 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
877 SSL_kDHEPSK,
878 SSL_aPSK,
879 SSL_AES256CCM8,
880 SSL_AEAD,
881 TLS1_2_VERSION, TLS1_2_VERSION,
882 DTLS1_2_VERSION, DTLS1_2_VERSION,
883 SSL_NOT_DEFAULT | SSL_HIGH,
884 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
885 256,
886 256,
887 },
888 {
889 1,
890 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
891 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
892 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
893 SSL_kECDHE,
894 SSL_aECDSA,
895 SSL_AES128CCM,
896 SSL_AEAD,
897 TLS1_2_VERSION, TLS1_2_VERSION,
898 DTLS1_2_VERSION, DTLS1_2_VERSION,
899 SSL_NOT_DEFAULT | SSL_HIGH,
900 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
901 128,
902 128,
903 },
904 {
905 1,
906 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
907 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
908 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
909 SSL_kECDHE,
910 SSL_aECDSA,
911 SSL_AES256CCM,
912 SSL_AEAD,
913 TLS1_2_VERSION, TLS1_2_VERSION,
914 DTLS1_2_VERSION, DTLS1_2_VERSION,
915 SSL_NOT_DEFAULT | SSL_HIGH,
916 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
917 256,
918 256,
919 },
920 {
921 1,
922 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
923 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
924 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
925 SSL_kECDHE,
926 SSL_aECDSA,
927 SSL_AES128CCM8,
928 SSL_AEAD,
929 TLS1_2_VERSION, TLS1_2_VERSION,
930 DTLS1_2_VERSION, DTLS1_2_VERSION,
931 SSL_NOT_DEFAULT | SSL_HIGH,
932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
933 128,
934 128,
935 },
936 {
937 1,
938 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
939 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
940 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
941 SSL_kECDHE,
942 SSL_aECDSA,
943 SSL_AES256CCM8,
944 SSL_AEAD,
945 TLS1_2_VERSION, TLS1_2_VERSION,
946 DTLS1_2_VERSION, DTLS1_2_VERSION,
947 SSL_NOT_DEFAULT | SSL_HIGH,
948 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
949 256,
950 256,
951 },
952 {
953 1,
954 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
955 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
956 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
957 SSL_kECDHE,
958 SSL_aECDSA,
959 SSL_eNULL,
960 SSL_SHA1,
961 TLS1_VERSION, TLS1_2_VERSION,
962 DTLS1_BAD_VER, DTLS1_2_VERSION,
963 SSL_STRONG_NONE | SSL_FIPS,
964 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
965 0,
966 0,
967 },
968 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
969 {
970 1,
971 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
972 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
973 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
974 SSL_kECDHE,
975 SSL_aECDSA,
976 SSL_3DES,
977 SSL_SHA1,
978 TLS1_VERSION, TLS1_2_VERSION,
979 DTLS1_BAD_VER, DTLS1_2_VERSION,
980 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
981 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
982 112,
983 168,
984 },
985 # endif
986 {
987 1,
988 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
989 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
990 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
991 SSL_kECDHE,
992 SSL_aECDSA,
993 SSL_AES128,
994 SSL_SHA1,
995 TLS1_VERSION, TLS1_2_VERSION,
996 DTLS1_BAD_VER, DTLS1_2_VERSION,
997 SSL_HIGH | SSL_FIPS,
998 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
999 128,
1000 128,
1001 },
1002 {
1003 1,
1004 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1005 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1006 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1007 SSL_kECDHE,
1008 SSL_aECDSA,
1009 SSL_AES256,
1010 SSL_SHA1,
1011 TLS1_VERSION, TLS1_2_VERSION,
1012 DTLS1_BAD_VER, DTLS1_2_VERSION,
1013 SSL_HIGH | SSL_FIPS,
1014 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1015 256,
1016 256,
1017 },
1018 {
1019 1,
1020 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1021 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1022 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1023 SSL_kECDHE,
1024 SSL_aRSA,
1025 SSL_eNULL,
1026 SSL_SHA1,
1027 TLS1_VERSION, TLS1_2_VERSION,
1028 DTLS1_BAD_VER, DTLS1_2_VERSION,
1029 SSL_STRONG_NONE | SSL_FIPS,
1030 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1031 0,
1032 0,
1033 },
1034 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1035 {
1036 1,
1037 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1038 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1039 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1040 SSL_kECDHE,
1041 SSL_aRSA,
1042 SSL_3DES,
1043 SSL_SHA1,
1044 TLS1_VERSION, TLS1_2_VERSION,
1045 DTLS1_BAD_VER, DTLS1_2_VERSION,
1046 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1047 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1048 112,
1049 168,
1050 },
1051 # endif
1052 {
1053 1,
1054 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1055 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1056 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1057 SSL_kECDHE,
1058 SSL_aRSA,
1059 SSL_AES128,
1060 SSL_SHA1,
1061 TLS1_VERSION, TLS1_2_VERSION,
1062 DTLS1_BAD_VER, DTLS1_2_VERSION,
1063 SSL_HIGH | SSL_FIPS,
1064 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1065 128,
1066 128,
1067 },
1068 {
1069 1,
1070 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1071 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1072 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1073 SSL_kECDHE,
1074 SSL_aRSA,
1075 SSL_AES256,
1076 SSL_SHA1,
1077 TLS1_VERSION, TLS1_2_VERSION,
1078 DTLS1_BAD_VER, DTLS1_2_VERSION,
1079 SSL_HIGH | SSL_FIPS,
1080 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1081 256,
1082 256,
1083 },
1084 {
1085 1,
1086 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1087 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1088 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1089 SSL_kECDHE,
1090 SSL_aNULL,
1091 SSL_eNULL,
1092 SSL_SHA1,
1093 TLS1_VERSION, TLS1_2_VERSION,
1094 DTLS1_BAD_VER, DTLS1_2_VERSION,
1095 SSL_STRONG_NONE | SSL_FIPS,
1096 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1097 0,
1098 0,
1099 },
1100 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1101 {
1102 1,
1103 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1104 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1105 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1106 SSL_kECDHE,
1107 SSL_aNULL,
1108 SSL_3DES,
1109 SSL_SHA1,
1110 TLS1_VERSION, TLS1_2_VERSION,
1111 DTLS1_BAD_VER, DTLS1_2_VERSION,
1112 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1113 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1114 112,
1115 168,
1116 },
1117 # endif
1118 {
1119 1,
1120 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1121 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1122 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1123 SSL_kECDHE,
1124 SSL_aNULL,
1125 SSL_AES128,
1126 SSL_SHA1,
1127 TLS1_VERSION, TLS1_2_VERSION,
1128 DTLS1_BAD_VER, DTLS1_2_VERSION,
1129 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1130 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1131 128,
1132 128,
1133 },
1134 {
1135 1,
1136 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1137 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1138 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1139 SSL_kECDHE,
1140 SSL_aNULL,
1141 SSL_AES256,
1142 SSL_SHA1,
1143 TLS1_VERSION, TLS1_2_VERSION,
1144 DTLS1_BAD_VER, DTLS1_2_VERSION,
1145 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1146 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1147 256,
1148 256,
1149 },
1150 {
1151 1,
1152 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1153 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1154 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1155 SSL_kECDHE,
1156 SSL_aECDSA,
1157 SSL_AES128,
1158 SSL_SHA256,
1159 TLS1_2_VERSION, TLS1_2_VERSION,
1160 DTLS1_2_VERSION, DTLS1_2_VERSION,
1161 SSL_HIGH | SSL_FIPS,
1162 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1163 128,
1164 128,
1165 },
1166 {
1167 1,
1168 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1169 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1170 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1171 SSL_kECDHE,
1172 SSL_aECDSA,
1173 SSL_AES256,
1174 SSL_SHA384,
1175 TLS1_2_VERSION, TLS1_2_VERSION,
1176 DTLS1_2_VERSION, DTLS1_2_VERSION,
1177 SSL_HIGH | SSL_FIPS,
1178 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1179 256,
1180 256,
1181 },
1182 {
1183 1,
1184 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1185 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1186 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1187 SSL_kECDHE,
1188 SSL_aRSA,
1189 SSL_AES128,
1190 SSL_SHA256,
1191 TLS1_2_VERSION, TLS1_2_VERSION,
1192 DTLS1_2_VERSION, DTLS1_2_VERSION,
1193 SSL_HIGH | SSL_FIPS,
1194 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1195 128,
1196 128,
1197 },
1198 {
1199 1,
1200 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1201 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1202 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1203 SSL_kECDHE,
1204 SSL_aRSA,
1205 SSL_AES256,
1206 SSL_SHA384,
1207 TLS1_2_VERSION, TLS1_2_VERSION,
1208 DTLS1_2_VERSION, DTLS1_2_VERSION,
1209 SSL_HIGH | SSL_FIPS,
1210 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1211 256,
1212 256,
1213 },
1214 {
1215 1,
1216 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1217 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1218 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1219 SSL_kECDHE,
1220 SSL_aECDSA,
1221 SSL_AES128GCM,
1222 SSL_AEAD,
1223 TLS1_2_VERSION, TLS1_2_VERSION,
1224 DTLS1_2_VERSION, DTLS1_2_VERSION,
1225 SSL_HIGH | SSL_FIPS,
1226 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1227 128,
1228 128,
1229 },
1230 {
1231 1,
1232 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1233 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1234 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1235 SSL_kECDHE,
1236 SSL_aECDSA,
1237 SSL_AES256GCM,
1238 SSL_AEAD,
1239 TLS1_2_VERSION, TLS1_2_VERSION,
1240 DTLS1_2_VERSION, DTLS1_2_VERSION,
1241 SSL_HIGH | SSL_FIPS,
1242 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1243 256,
1244 256,
1245 },
1246 {
1247 1,
1248 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1249 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1250 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1251 SSL_kECDHE,
1252 SSL_aRSA,
1253 SSL_AES128GCM,
1254 SSL_AEAD,
1255 TLS1_2_VERSION, TLS1_2_VERSION,
1256 DTLS1_2_VERSION, DTLS1_2_VERSION,
1257 SSL_HIGH | SSL_FIPS,
1258 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1259 128,
1260 128,
1261 },
1262 {
1263 1,
1264 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1265 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1266 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1267 SSL_kECDHE,
1268 SSL_aRSA,
1269 SSL_AES256GCM,
1270 SSL_AEAD,
1271 TLS1_2_VERSION, TLS1_2_VERSION,
1272 DTLS1_2_VERSION, DTLS1_2_VERSION,
1273 SSL_HIGH | SSL_FIPS,
1274 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1275 256,
1276 256,
1277 },
1278 {
1279 1,
1280 TLS1_TXT_PSK_WITH_NULL_SHA,
1281 TLS1_RFC_PSK_WITH_NULL_SHA,
1282 TLS1_CK_PSK_WITH_NULL_SHA,
1283 SSL_kPSK,
1284 SSL_aPSK,
1285 SSL_eNULL,
1286 SSL_SHA1,
1287 SSL3_VERSION, TLS1_2_VERSION,
1288 DTLS1_BAD_VER, DTLS1_2_VERSION,
1289 SSL_STRONG_NONE | SSL_FIPS,
1290 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1291 0,
1292 0,
1293 },
1294 {
1295 1,
1296 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1297 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1298 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1299 SSL_kDHEPSK,
1300 SSL_aPSK,
1301 SSL_eNULL,
1302 SSL_SHA1,
1303 SSL3_VERSION, TLS1_2_VERSION,
1304 DTLS1_BAD_VER, DTLS1_2_VERSION,
1305 SSL_STRONG_NONE | SSL_FIPS,
1306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1307 0,
1308 0,
1309 },
1310 {
1311 1,
1312 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1313 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1314 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1315 SSL_kRSAPSK,
1316 SSL_aRSA,
1317 SSL_eNULL,
1318 SSL_SHA1,
1319 SSL3_VERSION, TLS1_2_VERSION,
1320 DTLS1_BAD_VER, DTLS1_2_VERSION,
1321 SSL_STRONG_NONE | SSL_FIPS,
1322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1323 0,
1324 0,
1325 },
1326 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1327 {
1328 1,
1329 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1330 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1331 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1332 SSL_kPSK,
1333 SSL_aPSK,
1334 SSL_3DES,
1335 SSL_SHA1,
1336 SSL3_VERSION, TLS1_2_VERSION,
1337 DTLS1_BAD_VER, DTLS1_2_VERSION,
1338 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1339 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1340 112,
1341 168,
1342 },
1343 # endif
1344 {
1345 1,
1346 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1347 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1348 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1349 SSL_kPSK,
1350 SSL_aPSK,
1351 SSL_AES128,
1352 SSL_SHA1,
1353 SSL3_VERSION, TLS1_2_VERSION,
1354 DTLS1_BAD_VER, DTLS1_2_VERSION,
1355 SSL_HIGH | SSL_FIPS,
1356 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1357 128,
1358 128,
1359 },
1360 {
1361 1,
1362 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1363 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1364 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1365 SSL_kPSK,
1366 SSL_aPSK,
1367 SSL_AES256,
1368 SSL_SHA1,
1369 SSL3_VERSION, TLS1_2_VERSION,
1370 DTLS1_BAD_VER, DTLS1_2_VERSION,
1371 SSL_HIGH | SSL_FIPS,
1372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1373 256,
1374 256,
1375 },
1376 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1377 {
1378 1,
1379 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1380 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1381 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1382 SSL_kDHEPSK,
1383 SSL_aPSK,
1384 SSL_3DES,
1385 SSL_SHA1,
1386 SSL3_VERSION, TLS1_2_VERSION,
1387 DTLS1_BAD_VER, DTLS1_2_VERSION,
1388 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1389 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1390 112,
1391 168,
1392 },
1393 # endif
1394 {
1395 1,
1396 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1397 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1398 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1399 SSL_kDHEPSK,
1400 SSL_aPSK,
1401 SSL_AES128,
1402 SSL_SHA1,
1403 SSL3_VERSION, TLS1_2_VERSION,
1404 DTLS1_BAD_VER, DTLS1_2_VERSION,
1405 SSL_HIGH | SSL_FIPS,
1406 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1407 128,
1408 128,
1409 },
1410 {
1411 1,
1412 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1413 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1414 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1415 SSL_kDHEPSK,
1416 SSL_aPSK,
1417 SSL_AES256,
1418 SSL_SHA1,
1419 SSL3_VERSION, TLS1_2_VERSION,
1420 DTLS1_BAD_VER, DTLS1_2_VERSION,
1421 SSL_HIGH | SSL_FIPS,
1422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1423 256,
1424 256,
1425 },
1426 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1427 {
1428 1,
1429 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1430 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1431 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1432 SSL_kRSAPSK,
1433 SSL_aRSA,
1434 SSL_3DES,
1435 SSL_SHA1,
1436 SSL3_VERSION, TLS1_2_VERSION,
1437 DTLS1_BAD_VER, DTLS1_2_VERSION,
1438 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1439 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1440 112,
1441 168,
1442 },
1443 # endif
1444 {
1445 1,
1446 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1447 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1448 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1449 SSL_kRSAPSK,
1450 SSL_aRSA,
1451 SSL_AES128,
1452 SSL_SHA1,
1453 SSL3_VERSION, TLS1_2_VERSION,
1454 DTLS1_BAD_VER, DTLS1_2_VERSION,
1455 SSL_HIGH | SSL_FIPS,
1456 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1457 128,
1458 128,
1459 },
1460 {
1461 1,
1462 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1463 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1464 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1465 SSL_kRSAPSK,
1466 SSL_aRSA,
1467 SSL_AES256,
1468 SSL_SHA1,
1469 SSL3_VERSION, TLS1_2_VERSION,
1470 DTLS1_BAD_VER, DTLS1_2_VERSION,
1471 SSL_HIGH | SSL_FIPS,
1472 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1473 256,
1474 256,
1475 },
1476 {
1477 1,
1478 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1479 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1480 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1481 SSL_kPSK,
1482 SSL_aPSK,
1483 SSL_AES128GCM,
1484 SSL_AEAD,
1485 TLS1_2_VERSION, TLS1_2_VERSION,
1486 DTLS1_2_VERSION, DTLS1_2_VERSION,
1487 SSL_HIGH | SSL_FIPS,
1488 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1489 128,
1490 128,
1491 },
1492 {
1493 1,
1494 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1495 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1496 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1497 SSL_kPSK,
1498 SSL_aPSK,
1499 SSL_AES256GCM,
1500 SSL_AEAD,
1501 TLS1_2_VERSION, TLS1_2_VERSION,
1502 DTLS1_2_VERSION, DTLS1_2_VERSION,
1503 SSL_HIGH | SSL_FIPS,
1504 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1505 256,
1506 256,
1507 },
1508 {
1509 1,
1510 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1511 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1512 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1513 SSL_kDHEPSK,
1514 SSL_aPSK,
1515 SSL_AES128GCM,
1516 SSL_AEAD,
1517 TLS1_2_VERSION, TLS1_2_VERSION,
1518 DTLS1_2_VERSION, DTLS1_2_VERSION,
1519 SSL_HIGH | SSL_FIPS,
1520 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1521 128,
1522 128,
1523 },
1524 {
1525 1,
1526 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1527 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1528 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1529 SSL_kDHEPSK,
1530 SSL_aPSK,
1531 SSL_AES256GCM,
1532 SSL_AEAD,
1533 TLS1_2_VERSION, TLS1_2_VERSION,
1534 DTLS1_2_VERSION, DTLS1_2_VERSION,
1535 SSL_HIGH | SSL_FIPS,
1536 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1537 256,
1538 256,
1539 },
1540 {
1541 1,
1542 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1543 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1544 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1545 SSL_kRSAPSK,
1546 SSL_aRSA,
1547 SSL_AES128GCM,
1548 SSL_AEAD,
1549 TLS1_2_VERSION, TLS1_2_VERSION,
1550 DTLS1_2_VERSION, DTLS1_2_VERSION,
1551 SSL_HIGH | SSL_FIPS,
1552 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1553 128,
1554 128,
1555 },
1556 {
1557 1,
1558 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1559 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1560 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1561 SSL_kRSAPSK,
1562 SSL_aRSA,
1563 SSL_AES256GCM,
1564 SSL_AEAD,
1565 TLS1_2_VERSION, TLS1_2_VERSION,
1566 DTLS1_2_VERSION, DTLS1_2_VERSION,
1567 SSL_HIGH | SSL_FIPS,
1568 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1569 256,
1570 256,
1571 },
1572 {
1573 1,
1574 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1575 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1576 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1577 SSL_kPSK,
1578 SSL_aPSK,
1579 SSL_AES128,
1580 SSL_SHA256,
1581 TLS1_VERSION, TLS1_2_VERSION,
1582 DTLS1_BAD_VER, DTLS1_2_VERSION,
1583 SSL_HIGH | SSL_FIPS,
1584 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1585 128,
1586 128,
1587 },
1588 {
1589 1,
1590 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1591 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1592 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1593 SSL_kPSK,
1594 SSL_aPSK,
1595 SSL_AES256,
1596 SSL_SHA384,
1597 TLS1_VERSION, TLS1_2_VERSION,
1598 DTLS1_BAD_VER, DTLS1_2_VERSION,
1599 SSL_HIGH | SSL_FIPS,
1600 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1601 256,
1602 256,
1603 },
1604 {
1605 1,
1606 TLS1_TXT_PSK_WITH_NULL_SHA256,
1607 TLS1_RFC_PSK_WITH_NULL_SHA256,
1608 TLS1_CK_PSK_WITH_NULL_SHA256,
1609 SSL_kPSK,
1610 SSL_aPSK,
1611 SSL_eNULL,
1612 SSL_SHA256,
1613 TLS1_VERSION, TLS1_2_VERSION,
1614 DTLS1_BAD_VER, DTLS1_2_VERSION,
1615 SSL_STRONG_NONE | SSL_FIPS,
1616 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1617 0,
1618 0,
1619 },
1620 {
1621 1,
1622 TLS1_TXT_PSK_WITH_NULL_SHA384,
1623 TLS1_RFC_PSK_WITH_NULL_SHA384,
1624 TLS1_CK_PSK_WITH_NULL_SHA384,
1625 SSL_kPSK,
1626 SSL_aPSK,
1627 SSL_eNULL,
1628 SSL_SHA384,
1629 TLS1_VERSION, TLS1_2_VERSION,
1630 DTLS1_BAD_VER, DTLS1_2_VERSION,
1631 SSL_STRONG_NONE | SSL_FIPS,
1632 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1633 0,
1634 0,
1635 },
1636 {
1637 1,
1638 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1639 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1640 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1641 SSL_kDHEPSK,
1642 SSL_aPSK,
1643 SSL_AES128,
1644 SSL_SHA256,
1645 TLS1_VERSION, TLS1_2_VERSION,
1646 DTLS1_BAD_VER, DTLS1_2_VERSION,
1647 SSL_HIGH | SSL_FIPS,
1648 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1649 128,
1650 128,
1651 },
1652 {
1653 1,
1654 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1655 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1656 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1657 SSL_kDHEPSK,
1658 SSL_aPSK,
1659 SSL_AES256,
1660 SSL_SHA384,
1661 TLS1_VERSION, TLS1_2_VERSION,
1662 DTLS1_BAD_VER, DTLS1_2_VERSION,
1663 SSL_HIGH | SSL_FIPS,
1664 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1665 256,
1666 256,
1667 },
1668 {
1669 1,
1670 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1671 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1672 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1673 SSL_kDHEPSK,
1674 SSL_aPSK,
1675 SSL_eNULL,
1676 SSL_SHA256,
1677 TLS1_VERSION, TLS1_2_VERSION,
1678 DTLS1_BAD_VER, DTLS1_2_VERSION,
1679 SSL_STRONG_NONE | SSL_FIPS,
1680 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1681 0,
1682 0,
1683 },
1684 {
1685 1,
1686 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1687 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1688 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1689 SSL_kDHEPSK,
1690 SSL_aPSK,
1691 SSL_eNULL,
1692 SSL_SHA384,
1693 TLS1_VERSION, TLS1_2_VERSION,
1694 DTLS1_BAD_VER, DTLS1_2_VERSION,
1695 SSL_STRONG_NONE | SSL_FIPS,
1696 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1697 0,
1698 0,
1699 },
1700 {
1701 1,
1702 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1703 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1704 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1705 SSL_kRSAPSK,
1706 SSL_aRSA,
1707 SSL_AES128,
1708 SSL_SHA256,
1709 TLS1_VERSION, TLS1_2_VERSION,
1710 DTLS1_BAD_VER, DTLS1_2_VERSION,
1711 SSL_HIGH | SSL_FIPS,
1712 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1713 128,
1714 128,
1715 },
1716 {
1717 1,
1718 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1719 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1720 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1721 SSL_kRSAPSK,
1722 SSL_aRSA,
1723 SSL_AES256,
1724 SSL_SHA384,
1725 TLS1_VERSION, TLS1_2_VERSION,
1726 DTLS1_BAD_VER, DTLS1_2_VERSION,
1727 SSL_HIGH | SSL_FIPS,
1728 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1729 256,
1730 256,
1731 },
1732 {
1733 1,
1734 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1735 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1736 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1737 SSL_kRSAPSK,
1738 SSL_aRSA,
1739 SSL_eNULL,
1740 SSL_SHA256,
1741 TLS1_VERSION, TLS1_2_VERSION,
1742 DTLS1_BAD_VER, DTLS1_2_VERSION,
1743 SSL_STRONG_NONE | SSL_FIPS,
1744 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1745 0,
1746 0,
1747 },
1748 {
1749 1,
1750 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1751 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1752 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1753 SSL_kRSAPSK,
1754 SSL_aRSA,
1755 SSL_eNULL,
1756 SSL_SHA384,
1757 TLS1_VERSION, TLS1_2_VERSION,
1758 DTLS1_BAD_VER, DTLS1_2_VERSION,
1759 SSL_STRONG_NONE | SSL_FIPS,
1760 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1761 0,
1762 0,
1763 },
1764 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1765 {
1766 1,
1767 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1768 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1769 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1770 SSL_kECDHEPSK,
1771 SSL_aPSK,
1772 SSL_3DES,
1773 SSL_SHA1,
1774 TLS1_VERSION, TLS1_2_VERSION,
1775 DTLS1_BAD_VER, DTLS1_2_VERSION,
1776 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1777 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1778 112,
1779 168,
1780 },
1781 # endif
1782 {
1783 1,
1784 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1785 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1786 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1787 SSL_kECDHEPSK,
1788 SSL_aPSK,
1789 SSL_AES128,
1790 SSL_SHA1,
1791 TLS1_VERSION, TLS1_2_VERSION,
1792 DTLS1_BAD_VER, DTLS1_2_VERSION,
1793 SSL_HIGH | SSL_FIPS,
1794 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1795 128,
1796 128,
1797 },
1798 {
1799 1,
1800 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1801 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1802 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1803 SSL_kECDHEPSK,
1804 SSL_aPSK,
1805 SSL_AES256,
1806 SSL_SHA1,
1807 TLS1_VERSION, TLS1_2_VERSION,
1808 DTLS1_BAD_VER, DTLS1_2_VERSION,
1809 SSL_HIGH | SSL_FIPS,
1810 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1811 256,
1812 256,
1813 },
1814 {
1815 1,
1816 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1817 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1818 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1819 SSL_kECDHEPSK,
1820 SSL_aPSK,
1821 SSL_AES128,
1822 SSL_SHA256,
1823 TLS1_VERSION, TLS1_2_VERSION,
1824 DTLS1_BAD_VER, DTLS1_2_VERSION,
1825 SSL_HIGH | SSL_FIPS,
1826 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1827 128,
1828 128,
1829 },
1830 {
1831 1,
1832 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1833 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1834 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1835 SSL_kECDHEPSK,
1836 SSL_aPSK,
1837 SSL_AES256,
1838 SSL_SHA384,
1839 TLS1_VERSION, TLS1_2_VERSION,
1840 DTLS1_BAD_VER, DTLS1_2_VERSION,
1841 SSL_HIGH | SSL_FIPS,
1842 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1843 256,
1844 256,
1845 },
1846 {
1847 1,
1848 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1849 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1850 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1851 SSL_kECDHEPSK,
1852 SSL_aPSK,
1853 SSL_eNULL,
1854 SSL_SHA1,
1855 TLS1_VERSION, TLS1_2_VERSION,
1856 DTLS1_BAD_VER, DTLS1_2_VERSION,
1857 SSL_STRONG_NONE | SSL_FIPS,
1858 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859 0,
1860 0,
1861 },
1862 {
1863 1,
1864 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1865 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1866 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1867 SSL_kECDHEPSK,
1868 SSL_aPSK,
1869 SSL_eNULL,
1870 SSL_SHA256,
1871 TLS1_VERSION, TLS1_2_VERSION,
1872 DTLS1_BAD_VER, DTLS1_2_VERSION,
1873 SSL_STRONG_NONE | SSL_FIPS,
1874 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875 0,
1876 0,
1877 },
1878 {
1879 1,
1880 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1881 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1882 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1883 SSL_kECDHEPSK,
1884 SSL_aPSK,
1885 SSL_eNULL,
1886 SSL_SHA384,
1887 TLS1_VERSION, TLS1_2_VERSION,
1888 DTLS1_BAD_VER, DTLS1_2_VERSION,
1889 SSL_STRONG_NONE | SSL_FIPS,
1890 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1891 0,
1892 0,
1893 },
1894
1895 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1896 {
1897 1,
1898 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1900 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1901 SSL_kSRP,
1902 SSL_aSRP,
1903 SSL_3DES,
1904 SSL_SHA1,
1905 SSL3_VERSION, TLS1_2_VERSION,
1906 DTLS1_BAD_VER, DTLS1_2_VERSION,
1907 SSL_NOT_DEFAULT | SSL_MEDIUM,
1908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1909 112,
1910 168,
1911 },
1912 {
1913 1,
1914 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1916 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1917 SSL_kSRP,
1918 SSL_aRSA,
1919 SSL_3DES,
1920 SSL_SHA1,
1921 SSL3_VERSION, TLS1_2_VERSION,
1922 DTLS1_BAD_VER, DTLS1_2_VERSION,
1923 SSL_NOT_DEFAULT | SSL_MEDIUM,
1924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1925 112,
1926 168,
1927 },
1928 {
1929 1,
1930 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1932 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1933 SSL_kSRP,
1934 SSL_aDSS,
1935 SSL_3DES,
1936 SSL_SHA1,
1937 SSL3_VERSION, TLS1_2_VERSION,
1938 DTLS1_BAD_VER, DTLS1_2_VERSION,
1939 SSL_NOT_DEFAULT | SSL_MEDIUM,
1940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1941 112,
1942 168,
1943 },
1944 # endif
1945 {
1946 1,
1947 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1948 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1949 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1950 SSL_kSRP,
1951 SSL_aSRP,
1952 SSL_AES128,
1953 SSL_SHA1,
1954 SSL3_VERSION, TLS1_2_VERSION,
1955 DTLS1_BAD_VER, DTLS1_2_VERSION,
1956 SSL_HIGH,
1957 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1958 128,
1959 128,
1960 },
1961 {
1962 1,
1963 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1965 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1966 SSL_kSRP,
1967 SSL_aRSA,
1968 SSL_AES128,
1969 SSL_SHA1,
1970 SSL3_VERSION, TLS1_2_VERSION,
1971 DTLS1_BAD_VER, DTLS1_2_VERSION,
1972 SSL_HIGH,
1973 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1974 128,
1975 128,
1976 },
1977 {
1978 1,
1979 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1981 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1982 SSL_kSRP,
1983 SSL_aDSS,
1984 SSL_AES128,
1985 SSL_SHA1,
1986 SSL3_VERSION, TLS1_2_VERSION,
1987 DTLS1_BAD_VER, DTLS1_2_VERSION,
1988 SSL_NOT_DEFAULT | SSL_HIGH,
1989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1990 128,
1991 128,
1992 },
1993 {
1994 1,
1995 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1996 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1997 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1998 SSL_kSRP,
1999 SSL_aSRP,
2000 SSL_AES256,
2001 SSL_SHA1,
2002 SSL3_VERSION, TLS1_2_VERSION,
2003 DTLS1_BAD_VER, DTLS1_2_VERSION,
2004 SSL_HIGH,
2005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2006 256,
2007 256,
2008 },
2009 {
2010 1,
2011 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2013 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2014 SSL_kSRP,
2015 SSL_aRSA,
2016 SSL_AES256,
2017 SSL_SHA1,
2018 SSL3_VERSION, TLS1_2_VERSION,
2019 DTLS1_BAD_VER, DTLS1_2_VERSION,
2020 SSL_HIGH,
2021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2022 256,
2023 256,
2024 },
2025 {
2026 1,
2027 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2029 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2030 SSL_kSRP,
2031 SSL_aDSS,
2032 SSL_AES256,
2033 SSL_SHA1,
2034 SSL3_VERSION, TLS1_2_VERSION,
2035 DTLS1_BAD_VER, DTLS1_2_VERSION,
2036 SSL_NOT_DEFAULT | SSL_HIGH,
2037 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2038 256,
2039 256,
2040 },
2041
2042 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2043 {
2044 1,
2045 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2046 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2047 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2048 SSL_kDHE,
2049 SSL_aRSA,
2050 SSL_CHACHA20POLY1305,
2051 SSL_AEAD,
2052 TLS1_2_VERSION, TLS1_2_VERSION,
2053 DTLS1_2_VERSION, DTLS1_2_VERSION,
2054 SSL_HIGH,
2055 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2056 256,
2057 256,
2058 },
2059 {
2060 1,
2061 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2062 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2063 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2064 SSL_kECDHE,
2065 SSL_aRSA,
2066 SSL_CHACHA20POLY1305,
2067 SSL_AEAD,
2068 TLS1_2_VERSION, TLS1_2_VERSION,
2069 DTLS1_2_VERSION, DTLS1_2_VERSION,
2070 SSL_HIGH,
2071 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2072 256,
2073 256,
2074 },
2075 {
2076 1,
2077 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2078 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2079 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2080 SSL_kECDHE,
2081 SSL_aECDSA,
2082 SSL_CHACHA20POLY1305,
2083 SSL_AEAD,
2084 TLS1_2_VERSION, TLS1_2_VERSION,
2085 DTLS1_2_VERSION, DTLS1_2_VERSION,
2086 SSL_HIGH,
2087 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2088 256,
2089 256,
2090 },
2091 {
2092 1,
2093 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2094 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2095 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2096 SSL_kPSK,
2097 SSL_aPSK,
2098 SSL_CHACHA20POLY1305,
2099 SSL_AEAD,
2100 TLS1_2_VERSION, TLS1_2_VERSION,
2101 DTLS1_2_VERSION, DTLS1_2_VERSION,
2102 SSL_HIGH,
2103 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2104 256,
2105 256,
2106 },
2107 {
2108 1,
2109 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2110 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2111 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2112 SSL_kECDHEPSK,
2113 SSL_aPSK,
2114 SSL_CHACHA20POLY1305,
2115 SSL_AEAD,
2116 TLS1_2_VERSION, TLS1_2_VERSION,
2117 DTLS1_2_VERSION, DTLS1_2_VERSION,
2118 SSL_HIGH,
2119 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2120 256,
2121 256,
2122 },
2123 {
2124 1,
2125 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2126 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2127 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2128 SSL_kDHEPSK,
2129 SSL_aPSK,
2130 SSL_CHACHA20POLY1305,
2131 SSL_AEAD,
2132 TLS1_2_VERSION, TLS1_2_VERSION,
2133 DTLS1_2_VERSION, DTLS1_2_VERSION,
2134 SSL_HIGH,
2135 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2136 256,
2137 256,
2138 },
2139 {
2140 1,
2141 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2142 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2143 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2144 SSL_kRSAPSK,
2145 SSL_aRSA,
2146 SSL_CHACHA20POLY1305,
2147 SSL_AEAD,
2148 TLS1_2_VERSION, TLS1_2_VERSION,
2149 DTLS1_2_VERSION, DTLS1_2_VERSION,
2150 SSL_HIGH,
2151 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2152 256,
2153 256,
2154 },
2155 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2156 * !defined(OPENSSL_NO_POLY1305) */
2157
2158 #ifndef OPENSSL_NO_CAMELLIA
2159 {
2160 1,
2161 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2162 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2163 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2164 SSL_kRSA,
2165 SSL_aRSA,
2166 SSL_CAMELLIA128,
2167 SSL_SHA256,
2168 TLS1_2_VERSION, TLS1_2_VERSION,
2169 DTLS1_2_VERSION, DTLS1_2_VERSION,
2170 SSL_NOT_DEFAULT | SSL_HIGH,
2171 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2172 128,
2173 128,
2174 },
2175 {
2176 1,
2177 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2178 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2179 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2180 SSL_kEDH,
2181 SSL_aDSS,
2182 SSL_CAMELLIA128,
2183 SSL_SHA256,
2184 TLS1_2_VERSION, TLS1_2_VERSION,
2185 DTLS1_2_VERSION, DTLS1_2_VERSION,
2186 SSL_NOT_DEFAULT | SSL_HIGH,
2187 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2188 128,
2189 128,
2190 },
2191 {
2192 1,
2193 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2194 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2195 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2196 SSL_kEDH,
2197 SSL_aRSA,
2198 SSL_CAMELLIA128,
2199 SSL_SHA256,
2200 TLS1_2_VERSION, TLS1_2_VERSION,
2201 DTLS1_2_VERSION, DTLS1_2_VERSION,
2202 SSL_NOT_DEFAULT | SSL_HIGH,
2203 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2204 128,
2205 128,
2206 },
2207 {
2208 1,
2209 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2210 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2211 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2212 SSL_kEDH,
2213 SSL_aNULL,
2214 SSL_CAMELLIA128,
2215 SSL_SHA256,
2216 TLS1_2_VERSION, TLS1_2_VERSION,
2217 DTLS1_2_VERSION, DTLS1_2_VERSION,
2218 SSL_NOT_DEFAULT | SSL_HIGH,
2219 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2220 128,
2221 128,
2222 },
2223 {
2224 1,
2225 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2226 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2227 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2228 SSL_kRSA,
2229 SSL_aRSA,
2230 SSL_CAMELLIA256,
2231 SSL_SHA256,
2232 TLS1_2_VERSION, TLS1_2_VERSION,
2233 DTLS1_2_VERSION, DTLS1_2_VERSION,
2234 SSL_NOT_DEFAULT | SSL_HIGH,
2235 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2236 256,
2237 256,
2238 },
2239 {
2240 1,
2241 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2242 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2243 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2244 SSL_kEDH,
2245 SSL_aDSS,
2246 SSL_CAMELLIA256,
2247 SSL_SHA256,
2248 TLS1_2_VERSION, TLS1_2_VERSION,
2249 DTLS1_2_VERSION, DTLS1_2_VERSION,
2250 SSL_NOT_DEFAULT | SSL_HIGH,
2251 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2252 256,
2253 256,
2254 },
2255 {
2256 1,
2257 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2258 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2259 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2260 SSL_kEDH,
2261 SSL_aRSA,
2262 SSL_CAMELLIA256,
2263 SSL_SHA256,
2264 TLS1_2_VERSION, TLS1_2_VERSION,
2265 DTLS1_2_VERSION, DTLS1_2_VERSION,
2266 SSL_NOT_DEFAULT | SSL_HIGH,
2267 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2268 256,
2269 256,
2270 },
2271 {
2272 1,
2273 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2274 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2275 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2276 SSL_kEDH,
2277 SSL_aNULL,
2278 SSL_CAMELLIA256,
2279 SSL_SHA256,
2280 TLS1_2_VERSION, TLS1_2_VERSION,
2281 DTLS1_2_VERSION, DTLS1_2_VERSION,
2282 SSL_NOT_DEFAULT | SSL_HIGH,
2283 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2284 256,
2285 256,
2286 },
2287 {
2288 1,
2289 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2290 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2291 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2292 SSL_kRSA,
2293 SSL_aRSA,
2294 SSL_CAMELLIA256,
2295 SSL_SHA1,
2296 SSL3_VERSION, TLS1_2_VERSION,
2297 DTLS1_BAD_VER, DTLS1_2_VERSION,
2298 SSL_NOT_DEFAULT | SSL_HIGH,
2299 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2300 256,
2301 256,
2302 },
2303 {
2304 1,
2305 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2306 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2307 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2308 SSL_kDHE,
2309 SSL_aDSS,
2310 SSL_CAMELLIA256,
2311 SSL_SHA1,
2312 SSL3_VERSION, TLS1_2_VERSION,
2313 DTLS1_BAD_VER, DTLS1_2_VERSION,
2314 SSL_NOT_DEFAULT | SSL_HIGH,
2315 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2316 256,
2317 256,
2318 },
2319 {
2320 1,
2321 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2322 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2323 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2324 SSL_kDHE,
2325 SSL_aRSA,
2326 SSL_CAMELLIA256,
2327 SSL_SHA1,
2328 SSL3_VERSION, TLS1_2_VERSION,
2329 DTLS1_BAD_VER, DTLS1_2_VERSION,
2330 SSL_NOT_DEFAULT | SSL_HIGH,
2331 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2332 256,
2333 256,
2334 },
2335 {
2336 1,
2337 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2338 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2339 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2340 SSL_kDHE,
2341 SSL_aNULL,
2342 SSL_CAMELLIA256,
2343 SSL_SHA1,
2344 SSL3_VERSION, TLS1_2_VERSION,
2345 DTLS1_BAD_VER, DTLS1_2_VERSION,
2346 SSL_NOT_DEFAULT | SSL_HIGH,
2347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2348 256,
2349 256,
2350 },
2351 {
2352 1,
2353 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2354 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2355 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2356 SSL_kRSA,
2357 SSL_aRSA,
2358 SSL_CAMELLIA128,
2359 SSL_SHA1,
2360 SSL3_VERSION, TLS1_2_VERSION,
2361 DTLS1_BAD_VER, DTLS1_2_VERSION,
2362 SSL_NOT_DEFAULT | SSL_HIGH,
2363 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2364 128,
2365 128,
2366 },
2367 {
2368 1,
2369 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2370 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2371 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2372 SSL_kDHE,
2373 SSL_aDSS,
2374 SSL_CAMELLIA128,
2375 SSL_SHA1,
2376 SSL3_VERSION, TLS1_2_VERSION,
2377 DTLS1_BAD_VER, DTLS1_2_VERSION,
2378 SSL_NOT_DEFAULT | SSL_HIGH,
2379 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2380 128,
2381 128,
2382 },
2383 {
2384 1,
2385 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2386 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2387 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2388 SSL_kDHE,
2389 SSL_aRSA,
2390 SSL_CAMELLIA128,
2391 SSL_SHA1,
2392 SSL3_VERSION, TLS1_2_VERSION,
2393 DTLS1_BAD_VER, DTLS1_2_VERSION,
2394 SSL_NOT_DEFAULT | SSL_HIGH,
2395 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2396 128,
2397 128,
2398 },
2399 {
2400 1,
2401 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2402 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2403 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2404 SSL_kDHE,
2405 SSL_aNULL,
2406 SSL_CAMELLIA128,
2407 SSL_SHA1,
2408 SSL3_VERSION, TLS1_2_VERSION,
2409 DTLS1_BAD_VER, DTLS1_2_VERSION,
2410 SSL_NOT_DEFAULT | SSL_HIGH,
2411 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2412 128,
2413 128,
2414 },
2415 {
2416 1,
2417 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2418 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2419 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2420 SSL_kECDHE,
2421 SSL_aECDSA,
2422 SSL_CAMELLIA128,
2423 SSL_SHA256,
2424 TLS1_2_VERSION, TLS1_2_VERSION,
2425 DTLS1_2_VERSION, DTLS1_2_VERSION,
2426 SSL_NOT_DEFAULT | SSL_HIGH,
2427 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2428 128,
2429 128,
2430 },
2431 {
2432 1,
2433 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2434 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2435 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2436 SSL_kECDHE,
2437 SSL_aECDSA,
2438 SSL_CAMELLIA256,
2439 SSL_SHA384,
2440 TLS1_2_VERSION, TLS1_2_VERSION,
2441 DTLS1_2_VERSION, DTLS1_2_VERSION,
2442 SSL_NOT_DEFAULT | SSL_HIGH,
2443 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2444 256,
2445 256,
2446 },
2447 {
2448 1,
2449 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2450 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2451 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2452 SSL_kECDHE,
2453 SSL_aRSA,
2454 SSL_CAMELLIA128,
2455 SSL_SHA256,
2456 TLS1_2_VERSION, TLS1_2_VERSION,
2457 DTLS1_2_VERSION, DTLS1_2_VERSION,
2458 SSL_NOT_DEFAULT | SSL_HIGH,
2459 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2460 128,
2461 128,
2462 },
2463 {
2464 1,
2465 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2466 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2467 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2468 SSL_kECDHE,
2469 SSL_aRSA,
2470 SSL_CAMELLIA256,
2471 SSL_SHA384,
2472 TLS1_2_VERSION, TLS1_2_VERSION,
2473 DTLS1_2_VERSION, DTLS1_2_VERSION,
2474 SSL_NOT_DEFAULT | SSL_HIGH,
2475 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2476 256,
2477 256,
2478 },
2479 {
2480 1,
2481 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2482 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2483 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2484 SSL_kPSK,
2485 SSL_aPSK,
2486 SSL_CAMELLIA128,
2487 SSL_SHA256,
2488 TLS1_VERSION, TLS1_2_VERSION,
2489 DTLS1_BAD_VER, DTLS1_2_VERSION,
2490 SSL_NOT_DEFAULT | SSL_HIGH,
2491 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2492 128,
2493 128,
2494 },
2495 {
2496 1,
2497 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2498 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2499 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2500 SSL_kPSK,
2501 SSL_aPSK,
2502 SSL_CAMELLIA256,
2503 SSL_SHA384,
2504 TLS1_VERSION, TLS1_2_VERSION,
2505 DTLS1_BAD_VER, DTLS1_2_VERSION,
2506 SSL_NOT_DEFAULT | SSL_HIGH,
2507 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2508 256,
2509 256,
2510 },
2511 {
2512 1,
2513 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2514 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2515 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2516 SSL_kDHEPSK,
2517 SSL_aPSK,
2518 SSL_CAMELLIA128,
2519 SSL_SHA256,
2520 TLS1_VERSION, TLS1_2_VERSION,
2521 DTLS1_BAD_VER, DTLS1_2_VERSION,
2522 SSL_NOT_DEFAULT | SSL_HIGH,
2523 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2524 128,
2525 128,
2526 },
2527 {
2528 1,
2529 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2530 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2531 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2532 SSL_kDHEPSK,
2533 SSL_aPSK,
2534 SSL_CAMELLIA256,
2535 SSL_SHA384,
2536 TLS1_VERSION, TLS1_2_VERSION,
2537 DTLS1_BAD_VER, DTLS1_2_VERSION,
2538 SSL_NOT_DEFAULT | SSL_HIGH,
2539 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2540 256,
2541 256,
2542 },
2543 {
2544 1,
2545 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2546 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2547 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2548 SSL_kRSAPSK,
2549 SSL_aRSA,
2550 SSL_CAMELLIA128,
2551 SSL_SHA256,
2552 TLS1_VERSION, TLS1_2_VERSION,
2553 DTLS1_BAD_VER, DTLS1_2_VERSION,
2554 SSL_NOT_DEFAULT | SSL_HIGH,
2555 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2556 128,
2557 128,
2558 },
2559 {
2560 1,
2561 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2562 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2563 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2564 SSL_kRSAPSK,
2565 SSL_aRSA,
2566 SSL_CAMELLIA256,
2567 SSL_SHA384,
2568 TLS1_VERSION, TLS1_2_VERSION,
2569 DTLS1_BAD_VER, DTLS1_2_VERSION,
2570 SSL_NOT_DEFAULT | SSL_HIGH,
2571 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2572 256,
2573 256,
2574 },
2575 {
2576 1,
2577 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2578 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2579 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2580 SSL_kECDHEPSK,
2581 SSL_aPSK,
2582 SSL_CAMELLIA128,
2583 SSL_SHA256,
2584 TLS1_VERSION, TLS1_2_VERSION,
2585 DTLS1_BAD_VER, DTLS1_2_VERSION,
2586 SSL_NOT_DEFAULT | SSL_HIGH,
2587 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2588 128,
2589 128,
2590 },
2591 {
2592 1,
2593 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2594 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2595 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2596 SSL_kECDHEPSK,
2597 SSL_aPSK,
2598 SSL_CAMELLIA256,
2599 SSL_SHA384,
2600 TLS1_VERSION, TLS1_2_VERSION,
2601 DTLS1_BAD_VER, DTLS1_2_VERSION,
2602 SSL_NOT_DEFAULT | SSL_HIGH,
2603 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2604 256,
2605 256,
2606 },
2607 #endif /* OPENSSL_NO_CAMELLIA */
2608
2609 #ifndef OPENSSL_NO_GOST
2610 {
2611 1,
2612 "GOST2001-GOST89-GOST89",
2613 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2614 0x3000081,
2615 SSL_kGOST,
2616 SSL_aGOST01,
2617 SSL_eGOST2814789CNT,
2618 SSL_GOST89MAC,
2619 TLS1_VERSION, TLS1_2_VERSION,
2620 0, 0,
2621 SSL_HIGH,
2622 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2623 256,
2624 256,
2625 },
2626 {
2627 1,
2628 "GOST2001-NULL-GOST94",
2629 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2630 0x3000083,
2631 SSL_kGOST,
2632 SSL_aGOST01,
2633 SSL_eNULL,
2634 SSL_GOST94,
2635 TLS1_VERSION, TLS1_2_VERSION,
2636 0, 0,
2637 SSL_STRONG_NONE,
2638 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2639 0,
2640 0,
2641 },
2642 {
2643 1,
2644 "IANA-GOST2012-GOST8912-GOST8912",
2645 NULL,
2646 0x0300c102,
2647 SSL_kGOST,
2648 SSL_aGOST12 | SSL_aGOST01,
2649 SSL_eGOST2814789CNT12,
2650 SSL_GOST89MAC12,
2651 TLS1_VERSION, TLS1_2_VERSION,
2652 0, 0,
2653 SSL_HIGH,
2654 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2655 256,
2656 256,
2657 },
2658 {
2659 1,
2660 "LEGACY-GOST2012-GOST8912-GOST8912",
2661 NULL,
2662 0x0300ff85,
2663 SSL_kGOST,
2664 SSL_aGOST12 | SSL_aGOST01,
2665 SSL_eGOST2814789CNT12,
2666 SSL_GOST89MAC12,
2667 TLS1_VERSION, TLS1_2_VERSION,
2668 0, 0,
2669 SSL_HIGH,
2670 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2671 256,
2672 256,
2673 },
2674 {
2675 1,
2676 "GOST2012-NULL-GOST12",
2677 NULL,
2678 0x0300ff87,
2679 SSL_kGOST,
2680 SSL_aGOST12 | SSL_aGOST01,
2681 SSL_eNULL,
2682 SSL_GOST12_256,
2683 TLS1_VERSION, TLS1_2_VERSION,
2684 0, 0,
2685 SSL_STRONG_NONE,
2686 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2687 0,
2688 0,
2689 },
2690 {
2691 1,
2692 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2693 NULL,
2694 0x0300C100,
2695 SSL_kGOST18,
2696 SSL_aGOST12,
2697 SSL_KUZNYECHIK,
2698 SSL_KUZNYECHIKOMAC,
2699 TLS1_2_VERSION, TLS1_2_VERSION,
2700 0, 0,
2701 SSL_HIGH,
2702 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2703 256,
2704 256,
2705 },
2706 {
2707 1,
2708 "GOST2012-MAGMA-MAGMAOMAC",
2709 NULL,
2710 0x0300C101,
2711 SSL_kGOST18,
2712 SSL_aGOST12,
2713 SSL_MAGMA,
2714 SSL_MAGMAOMAC,
2715 TLS1_2_VERSION, TLS1_2_VERSION,
2716 0, 0,
2717 SSL_HIGH,
2718 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2719 256,
2720 256,
2721 },
2722 #endif /* OPENSSL_NO_GOST */
2723
2724 #ifndef OPENSSL_NO_IDEA
2725 {
2726 1,
2727 SSL3_TXT_RSA_IDEA_128_SHA,
2728 SSL3_RFC_RSA_IDEA_128_SHA,
2729 SSL3_CK_RSA_IDEA_128_SHA,
2730 SSL_kRSA,
2731 SSL_aRSA,
2732 SSL_IDEA,
2733 SSL_SHA1,
2734 SSL3_VERSION, TLS1_1_VERSION,
2735 DTLS1_BAD_VER, DTLS1_VERSION,
2736 SSL_NOT_DEFAULT | SSL_MEDIUM,
2737 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2738 128,
2739 128,
2740 },
2741 #endif
2742
2743 #ifndef OPENSSL_NO_SEED
2744 {
2745 1,
2746 TLS1_TXT_RSA_WITH_SEED_SHA,
2747 TLS1_RFC_RSA_WITH_SEED_SHA,
2748 TLS1_CK_RSA_WITH_SEED_SHA,
2749 SSL_kRSA,
2750 SSL_aRSA,
2751 SSL_SEED,
2752 SSL_SHA1,
2753 SSL3_VERSION, TLS1_2_VERSION,
2754 DTLS1_BAD_VER, DTLS1_2_VERSION,
2755 SSL_NOT_DEFAULT | SSL_MEDIUM,
2756 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2757 128,
2758 128,
2759 },
2760 {
2761 1,
2762 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2763 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2764 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2765 SSL_kDHE,
2766 SSL_aDSS,
2767 SSL_SEED,
2768 SSL_SHA1,
2769 SSL3_VERSION, TLS1_2_VERSION,
2770 DTLS1_BAD_VER, DTLS1_2_VERSION,
2771 SSL_NOT_DEFAULT | SSL_MEDIUM,
2772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2773 128,
2774 128,
2775 },
2776 {
2777 1,
2778 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2779 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2780 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2781 SSL_kDHE,
2782 SSL_aRSA,
2783 SSL_SEED,
2784 SSL_SHA1,
2785 SSL3_VERSION, TLS1_2_VERSION,
2786 DTLS1_BAD_VER, DTLS1_2_VERSION,
2787 SSL_NOT_DEFAULT | SSL_MEDIUM,
2788 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2789 128,
2790 128,
2791 },
2792 {
2793 1,
2794 TLS1_TXT_ADH_WITH_SEED_SHA,
2795 TLS1_RFC_ADH_WITH_SEED_SHA,
2796 TLS1_CK_ADH_WITH_SEED_SHA,
2797 SSL_kDHE,
2798 SSL_aNULL,
2799 SSL_SEED,
2800 SSL_SHA1,
2801 SSL3_VERSION, TLS1_2_VERSION,
2802 DTLS1_BAD_VER, DTLS1_2_VERSION,
2803 SSL_NOT_DEFAULT | SSL_MEDIUM,
2804 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2805 128,
2806 128,
2807 },
2808 #endif /* OPENSSL_NO_SEED */
2809
2810 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2811 {
2812 1,
2813 SSL3_TXT_RSA_RC4_128_MD5,
2814 SSL3_RFC_RSA_RC4_128_MD5,
2815 SSL3_CK_RSA_RC4_128_MD5,
2816 SSL_kRSA,
2817 SSL_aRSA,
2818 SSL_RC4,
2819 SSL_MD5,
2820 SSL3_VERSION, TLS1_2_VERSION,
2821 0, 0,
2822 SSL_NOT_DEFAULT | SSL_MEDIUM,
2823 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2824 128,
2825 128,
2826 },
2827 {
2828 1,
2829 SSL3_TXT_RSA_RC4_128_SHA,
2830 SSL3_RFC_RSA_RC4_128_SHA,
2831 SSL3_CK_RSA_RC4_128_SHA,
2832 SSL_kRSA,
2833 SSL_aRSA,
2834 SSL_RC4,
2835 SSL_SHA1,
2836 SSL3_VERSION, TLS1_2_VERSION,
2837 0, 0,
2838 SSL_NOT_DEFAULT | SSL_MEDIUM,
2839 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2840 128,
2841 128,
2842 },
2843 {
2844 1,
2845 SSL3_TXT_ADH_RC4_128_MD5,
2846 SSL3_RFC_ADH_RC4_128_MD5,
2847 SSL3_CK_ADH_RC4_128_MD5,
2848 SSL_kDHE,
2849 SSL_aNULL,
2850 SSL_RC4,
2851 SSL_MD5,
2852 SSL3_VERSION, TLS1_2_VERSION,
2853 0, 0,
2854 SSL_NOT_DEFAULT | SSL_MEDIUM,
2855 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2856 128,
2857 128,
2858 },
2859 {
2860 1,
2861 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2862 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2863 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2864 SSL_kECDHEPSK,
2865 SSL_aPSK,
2866 SSL_RC4,
2867 SSL_SHA1,
2868 TLS1_VERSION, TLS1_2_VERSION,
2869 0, 0,
2870 SSL_NOT_DEFAULT | SSL_MEDIUM,
2871 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2872 128,
2873 128,
2874 },
2875 {
2876 1,
2877 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2878 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2879 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2880 SSL_kECDHE,
2881 SSL_aNULL,
2882 SSL_RC4,
2883 SSL_SHA1,
2884 TLS1_VERSION, TLS1_2_VERSION,
2885 0, 0,
2886 SSL_NOT_DEFAULT | SSL_MEDIUM,
2887 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2888 128,
2889 128,
2890 },
2891 {
2892 1,
2893 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2894 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2895 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2896 SSL_kECDHE,
2897 SSL_aECDSA,
2898 SSL_RC4,
2899 SSL_SHA1,
2900 TLS1_VERSION, TLS1_2_VERSION,
2901 0, 0,
2902 SSL_NOT_DEFAULT | SSL_MEDIUM,
2903 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2904 128,
2905 128,
2906 },
2907 {
2908 1,
2909 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2910 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2911 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2912 SSL_kECDHE,
2913 SSL_aRSA,
2914 SSL_RC4,
2915 SSL_SHA1,
2916 TLS1_VERSION, TLS1_2_VERSION,
2917 0, 0,
2918 SSL_NOT_DEFAULT | SSL_MEDIUM,
2919 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2920 128,
2921 128,
2922 },
2923 {
2924 1,
2925 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2926 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2927 TLS1_CK_PSK_WITH_RC4_128_SHA,
2928 SSL_kPSK,
2929 SSL_aPSK,
2930 SSL_RC4,
2931 SSL_SHA1,
2932 SSL3_VERSION, TLS1_2_VERSION,
2933 0, 0,
2934 SSL_NOT_DEFAULT | SSL_MEDIUM,
2935 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2936 128,
2937 128,
2938 },
2939 {
2940 1,
2941 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2942 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2943 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2944 SSL_kRSAPSK,
2945 SSL_aRSA,
2946 SSL_RC4,
2947 SSL_SHA1,
2948 SSL3_VERSION, TLS1_2_VERSION,
2949 0, 0,
2950 SSL_NOT_DEFAULT | SSL_MEDIUM,
2951 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2952 128,
2953 128,
2954 },
2955 {
2956 1,
2957 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2958 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2959 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2960 SSL_kDHEPSK,
2961 SSL_aPSK,
2962 SSL_RC4,
2963 SSL_SHA1,
2964 SSL3_VERSION, TLS1_2_VERSION,
2965 0, 0,
2966 SSL_NOT_DEFAULT | SSL_MEDIUM,
2967 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2968 128,
2969 128,
2970 },
2971 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2972
2973 #ifndef OPENSSL_NO_ARIA
2974 {
2975 1,
2976 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2977 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2978 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2979 SSL_kRSA,
2980 SSL_aRSA,
2981 SSL_ARIA128GCM,
2982 SSL_AEAD,
2983 TLS1_2_VERSION, TLS1_2_VERSION,
2984 DTLS1_2_VERSION, DTLS1_2_VERSION,
2985 SSL_NOT_DEFAULT | SSL_HIGH,
2986 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2987 128,
2988 128,
2989 },
2990 {
2991 1,
2992 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2993 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2994 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2995 SSL_kRSA,
2996 SSL_aRSA,
2997 SSL_ARIA256GCM,
2998 SSL_AEAD,
2999 TLS1_2_VERSION, TLS1_2_VERSION,
3000 DTLS1_2_VERSION, DTLS1_2_VERSION,
3001 SSL_NOT_DEFAULT | SSL_HIGH,
3002 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3003 256,
3004 256,
3005 },
3006 {
3007 1,
3008 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3009 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3010 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3011 SSL_kDHE,
3012 SSL_aRSA,
3013 SSL_ARIA128GCM,
3014 SSL_AEAD,
3015 TLS1_2_VERSION, TLS1_2_VERSION,
3016 DTLS1_2_VERSION, DTLS1_2_VERSION,
3017 SSL_NOT_DEFAULT | SSL_HIGH,
3018 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3019 128,
3020 128,
3021 },
3022 {
3023 1,
3024 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3025 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3026 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3027 SSL_kDHE,
3028 SSL_aRSA,
3029 SSL_ARIA256GCM,
3030 SSL_AEAD,
3031 TLS1_2_VERSION, TLS1_2_VERSION,
3032 DTLS1_2_VERSION, DTLS1_2_VERSION,
3033 SSL_NOT_DEFAULT | SSL_HIGH,
3034 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3035 256,
3036 256,
3037 },
3038 {
3039 1,
3040 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3041 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3042 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3043 SSL_kDHE,
3044 SSL_aDSS,
3045 SSL_ARIA128GCM,
3046 SSL_AEAD,
3047 TLS1_2_VERSION, TLS1_2_VERSION,
3048 DTLS1_2_VERSION, DTLS1_2_VERSION,
3049 SSL_NOT_DEFAULT | SSL_HIGH,
3050 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3051 128,
3052 128,
3053 },
3054 {
3055 1,
3056 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3057 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3058 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3059 SSL_kDHE,
3060 SSL_aDSS,
3061 SSL_ARIA256GCM,
3062 SSL_AEAD,
3063 TLS1_2_VERSION, TLS1_2_VERSION,
3064 DTLS1_2_VERSION, DTLS1_2_VERSION,
3065 SSL_NOT_DEFAULT | SSL_HIGH,
3066 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3067 256,
3068 256,
3069 },
3070 {
3071 1,
3072 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3073 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3074 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3075 SSL_kECDHE,
3076 SSL_aECDSA,
3077 SSL_ARIA128GCM,
3078 SSL_AEAD,
3079 TLS1_2_VERSION, TLS1_2_VERSION,
3080 DTLS1_2_VERSION, DTLS1_2_VERSION,
3081 SSL_NOT_DEFAULT | SSL_HIGH,
3082 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3083 128,
3084 128,
3085 },
3086 {
3087 1,
3088 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3089 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3090 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3091 SSL_kECDHE,
3092 SSL_aECDSA,
3093 SSL_ARIA256GCM,
3094 SSL_AEAD,
3095 TLS1_2_VERSION, TLS1_2_VERSION,
3096 DTLS1_2_VERSION, DTLS1_2_VERSION,
3097 SSL_NOT_DEFAULT | SSL_HIGH,
3098 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3099 256,
3100 256,
3101 },
3102 {
3103 1,
3104 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3105 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3106 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3107 SSL_kECDHE,
3108 SSL_aRSA,
3109 SSL_ARIA128GCM,
3110 SSL_AEAD,
3111 TLS1_2_VERSION, TLS1_2_VERSION,
3112 DTLS1_2_VERSION, DTLS1_2_VERSION,
3113 SSL_NOT_DEFAULT | SSL_HIGH,
3114 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3115 128,
3116 128,
3117 },
3118 {
3119 1,
3120 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3121 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3122 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3123 SSL_kECDHE,
3124 SSL_aRSA,
3125 SSL_ARIA256GCM,
3126 SSL_AEAD,
3127 TLS1_2_VERSION, TLS1_2_VERSION,
3128 DTLS1_2_VERSION, DTLS1_2_VERSION,
3129 SSL_NOT_DEFAULT | SSL_HIGH,
3130 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3131 256,
3132 256,
3133 },
3134 {
3135 1,
3136 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3137 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3138 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3139 SSL_kPSK,
3140 SSL_aPSK,
3141 SSL_ARIA128GCM,
3142 SSL_AEAD,
3143 TLS1_2_VERSION, TLS1_2_VERSION,
3144 DTLS1_2_VERSION, DTLS1_2_VERSION,
3145 SSL_NOT_DEFAULT | SSL_HIGH,
3146 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3147 128,
3148 128,
3149 },
3150 {
3151 1,
3152 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3153 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3154 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3155 SSL_kPSK,
3156 SSL_aPSK,
3157 SSL_ARIA256GCM,
3158 SSL_AEAD,
3159 TLS1_2_VERSION, TLS1_2_VERSION,
3160 DTLS1_2_VERSION, DTLS1_2_VERSION,
3161 SSL_NOT_DEFAULT | SSL_HIGH,
3162 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3163 256,
3164 256,
3165 },
3166 {
3167 1,
3168 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3169 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3170 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3171 SSL_kDHEPSK,
3172 SSL_aPSK,
3173 SSL_ARIA128GCM,
3174 SSL_AEAD,
3175 TLS1_2_VERSION, TLS1_2_VERSION,
3176 DTLS1_2_VERSION, DTLS1_2_VERSION,
3177 SSL_NOT_DEFAULT | SSL_HIGH,
3178 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3179 128,
3180 128,
3181 },
3182 {
3183 1,
3184 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3185 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3186 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3187 SSL_kDHEPSK,
3188 SSL_aPSK,
3189 SSL_ARIA256GCM,
3190 SSL_AEAD,
3191 TLS1_2_VERSION, TLS1_2_VERSION,
3192 DTLS1_2_VERSION, DTLS1_2_VERSION,
3193 SSL_NOT_DEFAULT | SSL_HIGH,
3194 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3195 256,
3196 256,
3197 },
3198 {
3199 1,
3200 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3201 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3202 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3203 SSL_kRSAPSK,
3204 SSL_aRSA,
3205 SSL_ARIA128GCM,
3206 SSL_AEAD,
3207 TLS1_2_VERSION, TLS1_2_VERSION,
3208 DTLS1_2_VERSION, DTLS1_2_VERSION,
3209 SSL_NOT_DEFAULT | SSL_HIGH,
3210 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3211 128,
3212 128,
3213 },
3214 {
3215 1,
3216 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3217 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3218 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3219 SSL_kRSAPSK,
3220 SSL_aRSA,
3221 SSL_ARIA256GCM,
3222 SSL_AEAD,
3223 TLS1_2_VERSION, TLS1_2_VERSION,
3224 DTLS1_2_VERSION, DTLS1_2_VERSION,
3225 SSL_NOT_DEFAULT | SSL_HIGH,
3226 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3227 256,
3228 256,
3229 },
3230 #endif /* OPENSSL_NO_ARIA */
3231 };
3232
3233 /*
3234 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3235 * values stuffed into the ciphers field of the wire protocol for signalling
3236 * purposes.
3237 */
3238 static SSL_CIPHER ssl3_scsvs[] = {
3239 {
3240 0,
3241 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3242 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3243 SSL3_CK_SCSV,
3244 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3245 },
3246 {
3247 0,
3248 "TLS_FALLBACK_SCSV",
3249 "TLS_FALLBACK_SCSV",
3250 SSL3_CK_FALLBACK_SCSV,
3251 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3252 },
3253 };
3254
3255 static int cipher_compare(const void *a, const void *b)
3256 {
3257 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3258 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3259
3260 if (ap->id == bp->id)
3261 return 0;
3262 return ap->id < bp->id ? -1 : 1;
3263 }
3264
3265 void ssl_sort_cipher_list(void)
3266 {
3267 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3268 cipher_compare);
3269 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3270 cipher_compare);
3271 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3272 }
3273
3274 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3275 const char * t, size_t u,
3276 const unsigned char * v, size_t w, int x)
3277 {
3278 (void)r;
3279 (void)s;
3280 (void)t;
3281 (void)u;
3282 (void)v;
3283 (void)w;
3284 (void)x;
3285 return ssl_undefined_function(ssl);
3286 }
3287
3288 const SSL3_ENC_METHOD SSLv3_enc_data = {
3289 ssl3_enc,
3290 n_ssl3_mac,
3291 ssl3_setup_key_block,
3292 ssl3_generate_master_secret,
3293 ssl3_change_cipher_state,
3294 ssl3_final_finish_mac,
3295 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3296 SSL3_MD_SERVER_FINISHED_CONST, 4,
3297 ssl3_alert_code,
3298 ssl_undefined_function_1,
3299 0,
3300 ssl3_set_handshake_header,
3301 tls_close_construct_packet,
3302 ssl3_handshake_write
3303 };
3304
3305 long ssl3_default_timeout(void)
3306 {
3307 /*
3308 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3309 * http, the cache would over fill
3310 */
3311 return (60 * 60 * 2);
3312 }
3313
3314 int ssl3_num_ciphers(void)
3315 {
3316 return SSL3_NUM_CIPHERS;
3317 }
3318
3319 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3320 {
3321 if (u < SSL3_NUM_CIPHERS)
3322 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3323 else
3324 return NULL;
3325 }
3326
3327 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3328 {
3329 /* No header in the event of a CCS */
3330 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3331 return 1;
3332
3333 /* Set the content type and 3 bytes for the message len */
3334 if (!WPACKET_put_bytes_u8(pkt, htype)
3335 || !WPACKET_start_sub_packet_u24(pkt))
3336 return 0;
3337
3338 return 1;
3339 }
3340
3341 int ssl3_handshake_write(SSL *s)
3342 {
3343 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3344 }
3345
3346 int ssl3_new(SSL *s)
3347 {
3348 #ifndef OPENSSL_NO_SRP
3349 if (!SSL_SRP_CTX_init(s))
3350 return 0;
3351 #endif
3352
3353 if (!s->method->ssl_clear(s))
3354 return 0;
3355
3356 return 1;
3357 }
3358
3359 void ssl3_free(SSL *s)
3360 {
3361 if (s == NULL)
3362 return;
3363
3364 ssl3_cleanup_key_block(s);
3365
3366 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3367 EVP_PKEY_free(s->s3.peer_tmp);
3368 s->s3.peer_tmp = NULL;
3369 EVP_PKEY_free(s->s3.tmp.pkey);
3370 s->s3.tmp.pkey = NULL;
3371 #endif
3372
3373 ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
3374 ssl_evp_md_free(s->s3.tmp.new_hash);
3375
3376 OPENSSL_free(s->s3.tmp.ctype);
3377 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3378 OPENSSL_free(s->s3.tmp.ciphers_raw);
3379 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3380 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3381 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3382 ssl3_free_digest_list(s);
3383 OPENSSL_free(s->s3.alpn_selected);
3384 OPENSSL_free(s->s3.alpn_proposed);
3385
3386 #ifndef OPENSSL_NO_SRP
3387 SSL_SRP_CTX_free(s);
3388 #endif
3389 memset(&s->s3, 0, sizeof(s->s3));
3390 }
3391
3392 int ssl3_clear(SSL *s)
3393 {
3394 ssl3_cleanup_key_block(s);
3395 OPENSSL_free(s->s3.tmp.ctype);
3396 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3397 OPENSSL_free(s->s3.tmp.ciphers_raw);
3398 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3399 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3400 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3401
3402 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3403 EVP_PKEY_free(s->s3.tmp.pkey);
3404 EVP_PKEY_free(s->s3.peer_tmp);
3405 #endif /* !OPENSSL_NO_EC */
3406
3407 ssl3_free_digest_list(s);
3408
3409 OPENSSL_free(s->s3.alpn_selected);
3410 OPENSSL_free(s->s3.alpn_proposed);
3411
3412 /* NULL/zero-out everything in the s3 struct */
3413 memset(&s->s3, 0, sizeof(s->s3));
3414
3415 if (!ssl_free_wbio_buffer(s))
3416 return 0;
3417
3418 s->version = SSL3_VERSION;
3419
3420 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3421 OPENSSL_free(s->ext.npn);
3422 s->ext.npn = NULL;
3423 s->ext.npn_len = 0;
3424 #endif
3425
3426 return 1;
3427 }
3428
3429 #ifndef OPENSSL_NO_SRP
3430 static char *srp_password_from_info_cb(SSL *s, void *arg)
3431 {
3432 return OPENSSL_strdup(s->srp_ctx.info);
3433 }
3434 #endif
3435
3436 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3437
3438 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3439 {
3440 int ret = 0;
3441
3442 switch (cmd) {
3443 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3444 break;
3445 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3446 ret = s->s3.num_renegotiations;
3447 break;
3448 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3449 ret = s->s3.num_renegotiations;
3450 s->s3.num_renegotiations = 0;
3451 break;
3452 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3453 ret = s->s3.total_renegotiations;
3454 break;
3455 case SSL_CTRL_GET_FLAGS:
3456 ret = (int)(s->s3.flags);
3457 break;
3458 #ifndef OPENSSL_NO_DH
3459 case SSL_CTRL_SET_TMP_DH:
3460 {
3461 DH *dh = (DH *)parg;
3462 EVP_PKEY *pkdh = NULL;
3463 if (dh == NULL) {
3464 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3465 return 0;
3466 }
3467 pkdh = ssl_dh_to_pkey(dh);
3468 if (pkdh == NULL) {
3469 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3470 return 0;
3471 }
3472 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3473 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3474 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3475 EVP_PKEY_free(pkdh);
3476 return 0;
3477 }
3478 EVP_PKEY_free(s->cert->dh_tmp);
3479 s->cert->dh_tmp = pkdh;
3480 return 1;
3481 }
3482 break;
3483 case SSL_CTRL_SET_TMP_DH_CB:
3484 {
3485 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3486 return ret;
3487 }
3488 case SSL_CTRL_SET_DH_AUTO:
3489 s->cert->dh_tmp_auto = larg;
3490 return 1;
3491 #endif
3492 #ifndef OPENSSL_NO_EC
3493 case SSL_CTRL_SET_TMP_ECDH:
3494 {
3495 const EC_GROUP *group = NULL;
3496 int nid;
3497
3498 if (parg == NULL) {
3499 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3500 return 0;
3501 }
3502 group = EC_KEY_get0_group((const EC_KEY *)parg);
3503 if (group == NULL) {
3504 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3505 return 0;
3506 }
3507 nid = EC_GROUP_get_curve_name(group);
3508 if (nid == NID_undef)
3509 return 0;
3510 return tls1_set_groups(&s->ext.supportedgroups,
3511 &s->ext.supportedgroups_len,
3512 &nid, 1);
3513 }
3514 break;
3515 #endif /* !OPENSSL_NO_EC */
3516 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3517 /*
3518 * TODO(OpenSSL1.2)
3519 * This API is only used for a client to set what SNI it will request
3520 * from the server, but we currently allow it to be used on servers
3521 * as well, which is a programming error. Currently we just clear
3522 * the field in SSL_do_handshake() for server SSLs, but when we can
3523 * make ABI-breaking changes, we may want to make use of this API
3524 * an error on server SSLs.
3525 */
3526 if (larg == TLSEXT_NAMETYPE_host_name) {
3527 size_t len;
3528
3529 OPENSSL_free(s->ext.hostname);
3530 s->ext.hostname = NULL;
3531
3532 ret = 1;
3533 if (parg == NULL)
3534 break;
3535 len = strlen((char *)parg);
3536 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3537 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3538 return 0;
3539 }
3540 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3541 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3542 return 0;
3543 }
3544 } else {
3545 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3546 return 0;
3547 }
3548 break;
3549 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3550 s->ext.debug_arg = parg;
3551 ret = 1;
3552 break;
3553
3554 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3555 ret = s->ext.status_type;
3556 break;
3557
3558 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3559 s->ext.status_type = larg;
3560 ret = 1;
3561 break;
3562
3563 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3564 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3565 ret = 1;
3566 break;
3567
3568 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3569 s->ext.ocsp.exts = parg;
3570 ret = 1;
3571 break;
3572
3573 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3574 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3575 ret = 1;
3576 break;
3577
3578 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3579 s->ext.ocsp.ids = parg;
3580 ret = 1;
3581 break;
3582
3583 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3584 *(unsigned char **)parg = s->ext.ocsp.resp;
3585 if (s->ext.ocsp.resp_len == 0
3586 || s->ext.ocsp.resp_len > LONG_MAX)
3587 return -1;
3588 return (long)s->ext.ocsp.resp_len;
3589
3590 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3591 OPENSSL_free(s->ext.ocsp.resp);
3592 s->ext.ocsp.resp = parg;
3593 s->ext.ocsp.resp_len = larg;
3594 ret = 1;
3595 break;
3596
3597 case SSL_CTRL_CHAIN:
3598 if (larg)
3599 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3600 else
3601 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3602
3603 case SSL_CTRL_CHAIN_CERT:
3604 if (larg)
3605 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3606 else
3607 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3608
3609 case SSL_CTRL_GET_CHAIN_CERTS:
3610 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3611 ret = 1;
3612 break;
3613
3614 case SSL_CTRL_SELECT_CURRENT_CERT:
3615 return ssl_cert_select_current(s->cert, (X509 *)parg);
3616
3617 case SSL_CTRL_SET_CURRENT_CERT:
3618 if (larg == SSL_CERT_SET_SERVER) {
3619 const SSL_CIPHER *cipher;
3620 if (!s->server)
3621 return 0;
3622 cipher = s->s3.tmp.new_cipher;
3623 if (cipher == NULL)
3624 return 0;
3625 /*
3626 * No certificate for unauthenticated ciphersuites or using SRP
3627 * authentication
3628 */
3629 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3630 return 2;
3631 if (s->s3.tmp.cert == NULL)
3632 return 0;
3633 s->cert->key = s->s3.tmp.cert;
3634 return 1;
3635 }
3636 return ssl_cert_set_current(s->cert, larg);
3637
3638 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3639 case SSL_CTRL_GET_GROUPS:
3640 {
3641 uint16_t *clist;
3642 size_t clistlen;
3643
3644 if (!s->session)
3645 return 0;
3646 clist = s->ext.peer_supportedgroups;
3647 clistlen = s->ext.peer_supportedgroups_len;
3648 if (parg) {
3649 size_t i;
3650 int *cptr = parg;
3651
3652 for (i = 0; i < clistlen; i++) {
3653 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3654
3655 if (cinf != NULL)
3656 cptr[i] = cinf->nid;
3657 else
3658 cptr[i] = TLSEXT_nid_unknown | clist[i];
3659 }
3660 }
3661 return (int)clistlen;
3662 }
3663
3664 case SSL_CTRL_SET_GROUPS:
3665 return tls1_set_groups(&s->ext.supportedgroups,
3666 &s->ext.supportedgroups_len, parg, larg);
3667
3668 case SSL_CTRL_SET_GROUPS_LIST:
3669 return tls1_set_groups_list(&s->ext.supportedgroups,
3670 &s->ext.supportedgroups_len, parg);
3671
3672 case SSL_CTRL_GET_SHARED_GROUP:
3673 {
3674 uint16_t id = tls1_shared_group(s, larg);
3675
3676 if (larg != -1)
3677 return tls1_group_id2nid(id);
3678 return id;
3679 }
3680 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3681 ret = tls1_group_id2nid(s->s3.group_id);
3682 break;
3683 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3684
3685 case SSL_CTRL_SET_SIGALGS:
3686 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3687
3688 case SSL_CTRL_SET_SIGALGS_LIST:
3689 return tls1_set_sigalgs_list(s->cert, parg, 0);
3690
3691 case SSL_CTRL_SET_CLIENT_SIGALGS:
3692 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3693
3694 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3695 return tls1_set_sigalgs_list(s->cert, parg, 1);
3696
3697 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3698 {
3699 const unsigned char **pctype = parg;
3700 if (s->server || !s->s3.tmp.cert_req)
3701 return 0;
3702 if (pctype)
3703 *pctype = s->s3.tmp.ctype;
3704 return s->s3.tmp.ctype_len;
3705 }
3706
3707 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3708 if (!s->server)
3709 return 0;
3710 return ssl3_set_req_cert_type(s->cert, parg, larg);
3711
3712 case SSL_CTRL_BUILD_CERT_CHAIN:
3713 return ssl_build_cert_chain(s, NULL, larg);
3714
3715 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3716 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3717
3718 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3719 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3720
3721 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3722 if (s->s3.tmp.peer_sigalg == NULL)
3723 return 0;
3724 *(int *)parg = s->s3.tmp.peer_sigalg->hash;
3725 return 1;
3726
3727 case SSL_CTRL_GET_SIGNATURE_NID:
3728 if (s->s3.tmp.sigalg == NULL)
3729 return 0;
3730 *(int *)parg = s->s3.tmp.sigalg->hash;
3731 return 1;
3732
3733 case SSL_CTRL_GET_PEER_TMP_KEY:
3734 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3735 if (s->session == NULL || s->s3.peer_tmp == NULL) {
3736 return 0;
3737 } else {
3738 EVP_PKEY_up_ref(s->s3.peer_tmp);
3739 *(EVP_PKEY **)parg = s->s3.peer_tmp;
3740 return 1;
3741 }
3742 #else
3743 return 0;
3744 #endif
3745
3746 case SSL_CTRL_GET_TMP_KEY:
3747 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3748 if (s->session == NULL || s->s3.tmp.pkey == NULL) {
3749 return 0;
3750 } else {
3751 EVP_PKEY_up_ref(s->s3.tmp.pkey);
3752 *(EVP_PKEY **)parg = s->s3.tmp.pkey;
3753 return 1;
3754 }
3755 #else
3756 return 0;
3757 #endif
3758
3759 #ifndef OPENSSL_NO_EC
3760 case SSL_CTRL_GET_EC_POINT_FORMATS:
3761 {
3762 const unsigned char **pformat = parg;
3763
3764 if (s->ext.peer_ecpointformats == NULL)
3765 return 0;
3766 *pformat = s->ext.peer_ecpointformats;
3767 return (int)s->ext.peer_ecpointformats_len;
3768 }
3769 #endif
3770
3771 default:
3772 break;
3773 }
3774 return ret;
3775 }
3776
3777 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3778 {
3779 int ret = 0;
3780
3781 switch (cmd) {
3782 #ifndef OPENSSL_NO_DH
3783 case SSL_CTRL_SET_TMP_DH_CB:
3784 {
3785 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3786 }
3787 break;
3788 #endif
3789 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3790 s->ext.debug_cb = (void (*)(SSL *, int, int,
3791 const unsigned char *, int, void *))fp;
3792 break;
3793
3794 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3795 {
3796 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3797 }
3798 break;
3799 default:
3800 break;
3801 }
3802 return ret;
3803 }
3804
3805 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3806 {
3807 switch (cmd) {
3808 #ifndef OPENSSL_NO_DH
3809 case SSL_CTRL_SET_TMP_DH:
3810 {
3811 DH *dh = (DH *)parg;
3812 EVP_PKEY *pkdh = NULL;
3813 if (dh == NULL) {
3814 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3815 return 0;
3816 }
3817 pkdh = ssl_dh_to_pkey(dh);
3818 if (pkdh == NULL) {
3819 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3820 return 0;
3821 }
3822 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3823 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3824 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3825 EVP_PKEY_free(pkdh);
3826 return 0;
3827 }
3828 EVP_PKEY_free(ctx->cert->dh_tmp);
3829 ctx->cert->dh_tmp = pkdh;
3830 return 1;
3831 }
3832 case SSL_CTRL_SET_TMP_DH_CB:
3833 {
3834 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3835 return 0;
3836 }
3837 case SSL_CTRL_SET_DH_AUTO:
3838 ctx->cert->dh_tmp_auto = larg;
3839 return 1;
3840 #endif
3841 #ifndef OPENSSL_NO_EC
3842 case SSL_CTRL_SET_TMP_ECDH:
3843 {
3844 const EC_GROUP *group = NULL;
3845 int nid;
3846
3847 if (parg == NULL) {
3848 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3849 return 0;
3850 }
3851 group = EC_KEY_get0_group((const EC_KEY *)parg);
3852 if (group == NULL) {
3853 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3854 return 0;
3855 }
3856 nid = EC_GROUP_get_curve_name(group);
3857 if (nid == NID_undef)
3858 return 0;
3859 return tls1_set_groups(&ctx->ext.supportedgroups,
3860 &ctx->ext.supportedgroups_len,
3861 &nid, 1);
3862 }
3863 #endif /* !OPENSSL_NO_EC */
3864 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3865 ctx->ext.servername_arg = parg;
3866 break;
3867 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3868 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3869 {
3870 unsigned char *keys = parg;
3871 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3872 sizeof(ctx->ext.secure->tick_hmac_key) +
3873 sizeof(ctx->ext.secure->tick_aes_key));
3874 if (keys == NULL)
3875 return tick_keylen;
3876 if (larg != tick_keylen) {
3877 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3878 return 0;
3879 }
3880 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3881 memcpy(ctx->ext.tick_key_name, keys,
3882 sizeof(ctx->ext.tick_key_name));
3883 memcpy(ctx->ext.secure->tick_hmac_key,
3884 keys + sizeof(ctx->ext.tick_key_name),
3885 sizeof(ctx->ext.secure->tick_hmac_key));
3886 memcpy(ctx->ext.secure->tick_aes_key,
3887 keys + sizeof(ctx->ext.tick_key_name) +
3888 sizeof(ctx->ext.secure->tick_hmac_key),
3889 sizeof(ctx->ext.secure->tick_aes_key));
3890 } else {
3891 memcpy(keys, ctx->ext.tick_key_name,
3892 sizeof(ctx->ext.tick_key_name));
3893 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3894 ctx->ext.secure->tick_hmac_key,
3895 sizeof(ctx->ext.secure->tick_hmac_key));
3896 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3897 sizeof(ctx->ext.secure->tick_hmac_key),
3898 ctx->ext.secure->tick_aes_key,
3899 sizeof(ctx->ext.secure->tick_aes_key));
3900 }
3901 return 1;
3902 }
3903
3904 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3905 return ctx->ext.status_type;
3906
3907 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3908 ctx->ext.status_type = larg;
3909 break;
3910
3911 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3912 ctx->ext.status_arg = parg;
3913 return 1;
3914
3915 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3916 *(void**)parg = ctx->ext.status_arg;
3917 break;
3918
3919 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3920 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3921 break;
3922
3923 #ifndef OPENSSL_NO_SRP
3924 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3925 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3926 OPENSSL_free(ctx->srp_ctx.login);
3927 ctx->srp_ctx.login = NULL;
3928 if (parg == NULL)
3929 break;
3930 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3931 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3932 return 0;
3933 }
3934 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3935 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3936 return 0;
3937 }
3938 break;
3939 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3940 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3941 srp_password_from_info_cb;
3942 if (ctx->srp_ctx.info != NULL)
3943 OPENSSL_free(ctx->srp_ctx.info);
3944 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3945 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3946 return 0;
3947 }
3948 break;
3949 case SSL_CTRL_SET_SRP_ARG:
3950 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3951 ctx->srp_ctx.SRP_cb_arg = parg;
3952 break;
3953
3954 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3955 ctx->srp_ctx.strength = larg;
3956 break;
3957 #endif
3958
3959 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3960 case SSL_CTRL_SET_GROUPS:
3961 return tls1_set_groups(&ctx->ext.supportedgroups,
3962 &ctx->ext.supportedgroups_len,
3963 parg, larg);
3964
3965 case SSL_CTRL_SET_GROUPS_LIST:
3966 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3967 &ctx->ext.supportedgroups_len,
3968 parg);
3969 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
3970
3971 case SSL_CTRL_SET_SIGALGS:
3972 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3973
3974 case SSL_CTRL_SET_SIGALGS_LIST:
3975 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3976
3977 case SSL_CTRL_SET_CLIENT_SIGALGS:
3978 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3979
3980 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3981 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3982
3983 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3984 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3985
3986 case SSL_CTRL_BUILD_CERT_CHAIN:
3987 return ssl_build_cert_chain(NULL, ctx, larg);
3988
3989 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3990 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3991
3992 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3993 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3994
3995 /* A Thawte special :-) */
3996 case SSL_CTRL_EXTRA_CHAIN_CERT:
3997 if (ctx->extra_certs == NULL) {
3998 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3999 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
4000 return 0;
4001 }
4002 }
4003 if (!X509v3_cache_extensions((X509 *)parg, ctx->libctx, ctx->propq)) {
4004 SSLerr(0, ERR_LIB_X509);
4005 return 0;
4006 }
4007 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4008 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
4009 return 0;
4010 }
4011 break;
4012
4013 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4014 if (ctx->extra_certs == NULL && larg == 0)
4015 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4016 else
4017 *(STACK_OF(X509) **)parg = ctx->extra_certs;
4018 break;
4019
4020 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4021 sk_X509_pop_free(ctx->extra_certs, X509_free);
4022 ctx->extra_certs = NULL;
4023 break;
4024
4025 case SSL_CTRL_CHAIN:
4026 if (larg)
4027 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4028 else
4029 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4030
4031 case SSL_CTRL_CHAIN_CERT:
4032 if (larg)
4033 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4034 else
4035 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4036
4037 case SSL_CTRL_GET_CHAIN_CERTS:
4038 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4039 break;
4040
4041 case SSL_CTRL_SELECT_CURRENT_CERT:
4042 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4043
4044 case SSL_CTRL_SET_CURRENT_CERT:
4045 return ssl_cert_set_current(ctx->cert, larg);
4046
4047 default:
4048 return 0;
4049 }
4050 return 1;
4051 }
4052
4053 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4054 {
4055 switch (cmd) {
4056 #ifndef OPENSSL_NO_DH
4057 case SSL_CTRL_SET_TMP_DH_CB:
4058 {
4059 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4060 }
4061 break;
4062 #endif
4063 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4064 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4065 break;
4066
4067 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4068 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4069 break;
4070
4071 # ifndef OPENSSL_NO_DEPRECATED_3_0
4072 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4073 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4074 unsigned char *,
4075 EVP_CIPHER_CTX *,
4076 HMAC_CTX *, int))fp;
4077 break;
4078 #endif
4079
4080 #ifndef OPENSSL_NO_SRP
4081 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4082 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4083 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4084 break;
4085 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4086 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4087 ctx->srp_ctx.TLS_ext_srp_username_callback =
4088 (int (*)(SSL *, int *, void *))fp;
4089 break;
4090 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4091 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4092 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4093 (char *(*)(SSL *, void *))fp;
4094 break;
4095 #endif
4096 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4097 {
4098 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4099 }
4100 break;
4101 default:
4102 return 0;
4103 }
4104 return 1;
4105 }
4106
4107 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4108 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4109 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4110 {
4111 ctx->ext.ticket_key_evp_cb = fp;
4112 return 1;
4113 }
4114
4115 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4116 {
4117 SSL_CIPHER c;
4118 const SSL_CIPHER *cp;
4119
4120 c.id = id;
4121 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4122 if (cp != NULL)
4123 return cp;
4124 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4125 if (cp != NULL)
4126 return cp;
4127 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4128 }
4129
4130 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4131 {
4132 SSL_CIPHER *c = NULL, *tbl;
4133 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
4134 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
4135
4136 /* this is not efficient, necessary to optimize this? */
4137 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4138 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4139 if (tbl->stdname == NULL)
4140 continue;
4141 if (strcmp(stdname, tbl->stdname) == 0) {
4142 c = tbl;
4143 break;
4144 }
4145 }
4146 }
4147 if (c == NULL) {
4148 tbl = ssl3_scsvs;
4149 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
4150 if (strcmp(stdname, tbl->stdname) == 0) {
4151 c = tbl;
4152 break;
4153 }
4154 }
4155 }
4156 return c;
4157 }
4158
4159 /*
4160 * This function needs to check if the ciphers required are actually
4161 * available
4162 */
4163 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4164 {
4165 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4166 | ((uint32_t)p[0] << 8L)
4167 | (uint32_t)p[1]);
4168 }
4169
4170 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4171 {
4172 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4173 *len = 0;
4174 return 1;
4175 }
4176
4177 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4178 return 0;
4179
4180 *len = 2;
4181 return 1;
4182 }
4183
4184 /*
4185 * ssl3_choose_cipher - choose a cipher from those offered by the client
4186 * @s: SSL connection
4187 * @clnt: ciphers offered by the client
4188 * @srvr: ciphers enabled on the server?
4189 *
4190 * Returns the selected cipher or NULL when no common ciphers.
4191 */
4192 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4193 STACK_OF(SSL_CIPHER) *srvr)
4194 {
4195 const SSL_CIPHER *c, *ret = NULL;
4196 STACK_OF(SSL_CIPHER) *prio, *allow;
4197 int i, ii, ok, prefer_sha256 = 0;
4198 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4199 #ifndef OPENSSL_NO_CHACHA
4200 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4201 #endif
4202
4203 /* Let's see which ciphers we can support */
4204
4205 /*
4206 * Do not set the compare functions, because this may lead to a
4207 * reordering by "id". We want to keep the original ordering. We may pay
4208 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4209 * pay with the price of sk_SSL_CIPHER_dup().
4210 */
4211
4212 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4213 BIO_printf(trc_out, "Server has %d from %p:\n",
4214 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4215 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4216 c = sk_SSL_CIPHER_value(srvr, i);
4217 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4218 }
4219 BIO_printf(trc_out, "Client sent %d from %p:\n",
4220 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4221 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4222 c = sk_SSL_CIPHER_value(clnt, i);
4223 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4224 }
4225 } OSSL_TRACE_END(TLS_CIPHER);
4226
4227 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4228 if (tls1_suiteb(s)) {
4229 prio = srvr;
4230 allow = clnt;
4231 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4232 prio = srvr;
4233 allow = clnt;
4234 #ifndef OPENSSL_NO_CHACHA
4235 /* If ChaCha20 is at the top of the client preference list,
4236 and there are ChaCha20 ciphers in the server list, then
4237 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4238 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4239 c = sk_SSL_CIPHER_value(clnt, 0);
4240 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4241 /* ChaCha20 is client preferred, check server... */
4242 int num = sk_SSL_CIPHER_num(srvr);
4243 int found = 0;
4244 for (i = 0; i < num; i++) {
4245 c = sk_SSL_CIPHER_value(srvr, i);
4246 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4247 found = 1;
4248 break;
4249 }
4250 }
4251 if (found) {
4252 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4253 /* if reserve fails, then there's likely a memory issue */
4254 if (prio_chacha != NULL) {
4255 /* Put all ChaCha20 at the top, starting with the one we just found */
4256 sk_SSL_CIPHER_push(prio_chacha, c);
4257 for (i++; i < num; i++) {
4258 c = sk_SSL_CIPHER_value(srvr, i);
4259 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4260 sk_SSL_CIPHER_push(prio_chacha, c);
4261 }
4262 /* Pull in the rest */
4263 for (i = 0; i < num; i++) {
4264 c = sk_SSL_CIPHER_value(srvr, i);
4265 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4266 sk_SSL_CIPHER_push(prio_chacha, c);
4267 }
4268 prio = prio_chacha;
4269 }
4270 }
4271 }
4272 }
4273 # endif
4274 } else {
4275 prio = clnt;
4276 allow = srvr;
4277 }
4278
4279 if (SSL_IS_TLS13(s)) {
4280 #ifndef OPENSSL_NO_PSK
4281 int j;
4282
4283 /*
4284 * If we allow "old" style PSK callbacks, and we have no certificate (so
4285 * we're not going to succeed without a PSK anyway), and we're in
4286 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4287 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4288 * that.
4289 */
4290 if (s->psk_server_callback != NULL) {
4291 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4292 if (j == SSL_PKEY_NUM) {
4293 /* There are no certificates */
4294 prefer_sha256 = 1;
4295 }
4296 }
4297 #endif
4298 } else {
4299 tls1_set_cert_validity(s);
4300 ssl_set_masks(s);
4301 }
4302
4303 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4304 c = sk_SSL_CIPHER_value(prio, i);
4305
4306 /* Skip ciphers not supported by the protocol version */
4307 if (!SSL_IS_DTLS(s) &&
4308 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4309 continue;
4310 if (SSL_IS_DTLS(s) &&
4311 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4312 DTLS_VERSION_GT(s->version, c->max_dtls)))
4313 continue;
4314
4315 /*
4316 * Since TLS 1.3 ciphersuites can be used with any auth or
4317 * key exchange scheme skip tests.
4318 */
4319 if (!SSL_IS_TLS13(s)) {
4320 mask_k = s->s3.tmp.mask_k;
4321 mask_a = s->s3.tmp.mask_a;
4322 #ifndef OPENSSL_NO_SRP
4323 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4324 mask_k |= SSL_kSRP;
4325 mask_a |= SSL_aSRP;
4326 }
4327 #endif
4328
4329 alg_k = c->algorithm_mkey;
4330 alg_a = c->algorithm_auth;
4331
4332 #ifndef OPENSSL_NO_PSK
4333 /* with PSK there must be server callback set */
4334 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4335 continue;
4336 #endif /* OPENSSL_NO_PSK */
4337
4338 ok = (alg_k & mask_k) && (alg_a & mask_a);
4339 OSSL_TRACE7(TLS_CIPHER,
4340 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4341 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4342
4343 #ifndef OPENSSL_NO_EC
4344 /*
4345 * if we are considering an ECC cipher suite that uses an ephemeral
4346 * EC key check it
4347 */
4348 if (alg_k & SSL_kECDHE)
4349 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4350 #endif /* OPENSSL_NO_EC */
4351
4352 if (!ok)
4353 continue;
4354 }
4355 ii = sk_SSL_CIPHER_find(allow, c);
4356 if (ii >= 0) {
4357 /* Check security callback permits this cipher */
4358 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4359 c->strength_bits, 0, (void *)c))
4360 continue;
4361 #if !defined(OPENSSL_NO_EC)
4362 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4363 && s->s3.is_probably_safari) {
4364 if (!ret)
4365 ret = sk_SSL_CIPHER_value(allow, ii);
4366 continue;
4367 }
4368 #endif
4369 if (prefer_sha256) {
4370 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4371
4372 /*
4373 * TODO: When there are no more legacy digests we can just use
4374 * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
4375 */
4376 if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
4377 OBJ_nid2sn(NID_sha256))) {
4378 ret = tmp;
4379 break;
4380 }
4381 if (ret == NULL)
4382 ret = tmp;
4383 continue;
4384 }
4385 ret = sk_SSL_CIPHER_value(allow, ii);
4386 break;
4387 }
4388 }
4389 #ifndef OPENSSL_NO_CHACHA
4390 sk_SSL_CIPHER_free(prio_chacha);
4391 #endif
4392 return ret;
4393 }
4394
4395 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4396 {
4397 uint32_t alg_k, alg_a = 0;
4398
4399 /* If we have custom certificate types set, use them */
4400 if (s->cert->ctype)
4401 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4402 /* Get mask of algorithms disabled by signature list */
4403 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4404
4405 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4406
4407 #ifndef OPENSSL_NO_GOST
4408 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4409 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4410 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4411 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4412 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4413 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4414 return 0;
4415
4416 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4417 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4418 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4419 return 0;
4420 #endif
4421
4422 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4423 #ifndef OPENSSL_NO_DH
4424 # ifndef OPENSSL_NO_RSA
4425 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4426 return 0;
4427 # endif
4428 # ifndef OPENSSL_NO_DSA
4429 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4430 return 0;
4431 # endif
4432 #endif /* !OPENSSL_NO_DH */
4433 }
4434 #ifndef OPENSSL_NO_RSA
4435 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4436 return 0;
4437 #endif
4438 #ifndef OPENSSL_NO_DSA
4439 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4440 return 0;
4441 #endif
4442 #ifndef OPENSSL_NO_EC
4443 /*
4444 * ECDSA certs can be used with RSA cipher suites too so we don't
4445 * need to check for SSL_kECDH or SSL_kECDHE
4446 */
4447 if (s->version >= TLS1_VERSION
4448 && !(alg_a & SSL_aECDSA)
4449 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4450 return 0;
4451 #endif
4452 return 1;
4453 }
4454
4455 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4456 {
4457 OPENSSL_free(c->ctype);
4458 c->ctype = NULL;
4459 c->ctype_len = 0;
4460 if (p == NULL || len == 0)
4461 return 1;
4462 if (len > 0xff)
4463 return 0;
4464 c->ctype = OPENSSL_memdup(p, len);
4465 if (c->ctype == NULL)
4466 return 0;
4467 c->ctype_len = len;
4468 return 1;
4469 }
4470
4471 int ssl3_shutdown(SSL *s)
4472 {
4473 int ret;
4474
4475 /*
4476 * Don't do anything much if we have not done the handshake or we don't
4477 * want to send messages :-)
4478 */
4479 if (s->quiet_shutdown || SSL_in_before(s)) {
4480 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4481 return 1;
4482 }
4483
4484 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4485 s->shutdown |= SSL_SENT_SHUTDOWN;
4486 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4487 /*
4488 * our shutdown alert has been sent now, and if it still needs to be
4489 * written, s->s3.alert_dispatch will be true
4490 */
4491 if (s->s3.alert_dispatch)
4492 return -1; /* return WANT_WRITE */
4493 } else if (s->s3.alert_dispatch) {
4494 /* resend it if not sent */
4495 ret = s->method->ssl_dispatch_alert(s);
4496 if (ret == -1) {
4497 /*
4498 * we only get to return -1 here the 2nd/Nth invocation, we must
4499 * have already signalled return 0 upon a previous invocation,
4500 * return WANT_WRITE
4501 */
4502 return ret;
4503 }
4504 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4505 size_t readbytes;
4506 /*
4507 * If we are waiting for a close from our peer, we are closed
4508 */
4509 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4510 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4511 return -1; /* return WANT_READ */
4512 }
4513 }
4514
4515 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4516 !s->s3.alert_dispatch)
4517 return 1;
4518 else
4519 return 0;
4520 }
4521
4522 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4523 {
4524 clear_sys_error();
4525 if (s->s3.renegotiate)
4526 ssl3_renegotiate_check(s, 0);
4527
4528 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4529 written);
4530 }
4531
4532 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4533 size_t *readbytes)
4534 {
4535 int ret;
4536
4537 clear_sys_error();
4538 if (s->s3.renegotiate)
4539 ssl3_renegotiate_check(s, 0);
4540 s->s3.in_read_app_data = 1;
4541 ret =
4542 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4543 peek, readbytes);
4544 if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
4545 /*
4546 * ssl3_read_bytes decided to call s->handshake_func, which called
4547 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4548 * actually found application data and thinks that application data
4549 * makes sense here; so disable handshake processing and try to read
4550 * application data again.
4551 */
4552 ossl_statem_set_in_handshake(s, 1);
4553 ret =
4554 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4555 len, peek, readbytes);
4556 ossl_statem_set_in_handshake(s, 0);
4557 } else
4558 s->s3.in_read_app_data = 0;
4559
4560 return ret;
4561 }
4562
4563 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4564 {
4565 return ssl3_read_internal(s, buf, len, 0, readbytes);
4566 }
4567
4568 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4569 {
4570 return ssl3_read_internal(s, buf, len, 1, readbytes);
4571 }
4572
4573 int ssl3_renegotiate(SSL *s)
4574 {
4575 if (s->handshake_func == NULL)
4576 return 1;
4577
4578 s->s3.renegotiate = 1;
4579 return 1;
4580 }
4581
4582 /*
4583 * Check if we are waiting to do a renegotiation and if so whether now is a
4584 * good time to do it. If |initok| is true then we are being called from inside
4585 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4586 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4587 * should do a renegotiation now and sets up the state machine for it. Otherwise
4588 * returns 0.
4589 */
4590 int ssl3_renegotiate_check(SSL *s, int initok)
4591 {
4592 int ret = 0;
4593
4594 if (s->s3.renegotiate) {
4595 if (!RECORD_LAYER_read_pending(&s->rlayer)
4596 && !RECORD_LAYER_write_pending(&s->rlayer)
4597 && (initok || !SSL_in_init(s))) {
4598 /*
4599 * if we are the server, and we have sent a 'RENEGOTIATE'
4600 * message, we need to set the state machine into the renegotiate
4601 * state.
4602 */
4603 ossl_statem_set_renegotiate(s);
4604 s->s3.renegotiate = 0;
4605 s->s3.num_renegotiations++;
4606 s->s3.total_renegotiations++;
4607 ret = 1;
4608 }
4609 }
4610 return ret;
4611 }
4612
4613 /*
4614 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4615 * handshake macs if required.
4616 *
4617 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4618 */
4619 long ssl_get_algorithm2(SSL *s)
4620 {
4621 long alg2;
4622 if (s->s3.tmp.new_cipher == NULL)
4623 return -1;
4624 alg2 = s->s3.tmp.new_cipher->algorithm2;
4625 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4626 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4627 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4628 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4629 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4630 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4631 }
4632 return alg2;
4633 }
4634
4635 /*
4636 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4637 * failure, 1 on success.
4638 */
4639 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4640 DOWNGRADE dgrd)
4641 {
4642 int send_time = 0, ret;
4643
4644 if (len < 4)
4645 return 0;
4646 if (server)
4647 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4648 else
4649 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4650 if (send_time) {
4651 unsigned long Time = (unsigned long)time(NULL);
4652 unsigned char *p = result;
4653
4654 l2n(Time, p);
4655 ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
4656 } else {
4657 ret = RAND_bytes_ex(s->ctx->libctx, result, len);
4658 }
4659
4660 if (ret > 0) {
4661 if (!ossl_assert(sizeof(tls11downgrade) < len)
4662 || !ossl_assert(sizeof(tls12downgrade) < len))
4663 return 0;
4664 if (dgrd == DOWNGRADE_TO_1_2)
4665 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4666 sizeof(tls12downgrade));
4667 else if (dgrd == DOWNGRADE_TO_1_1)
4668 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4669 sizeof(tls11downgrade));
4670 }
4671
4672 return ret;
4673 }
4674
4675 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4676 int free_pms)
4677 {
4678 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4679 int ret = 0;
4680
4681 if (alg_k & SSL_PSK) {
4682 #ifndef OPENSSL_NO_PSK
4683 unsigned char *pskpms, *t;
4684 size_t psklen = s->s3.tmp.psklen;
4685 size_t pskpmslen;
4686
4687 /* create PSK premaster_secret */
4688
4689 /* For plain PSK "other_secret" is psklen zeroes */
4690 if (alg_k & SSL_kPSK)
4691 pmslen = psklen;
4692
4693 pskpmslen = 4 + pmslen + psklen;
4694 pskpms = OPENSSL_malloc(pskpmslen);
4695 if (pskpms == NULL)
4696 goto err;
4697 t = pskpms;
4698 s2n(pmslen, t);
4699 if (alg_k & SSL_kPSK)
4700 memset(t, 0, pmslen);
4701 else
4702 memcpy(t, pms, pmslen);
4703 t += pmslen;
4704 s2n(psklen, t);
4705 memcpy(t, s->s3.tmp.psk, psklen);
4706
4707 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4708 s->s3.tmp.psk = NULL;
4709 if (!s->method->ssl3_enc->generate_master_secret(s,
4710 s->session->master_key, pskpms, pskpmslen,
4711 &s->session->master_key_length)) {
4712 OPENSSL_clear_free(pskpms, pskpmslen);
4713 /* SSLfatal() already called */
4714 goto err;
4715 }
4716 OPENSSL_clear_free(pskpms, pskpmslen);
4717 #else
4718 /* Should never happen */
4719 goto err;
4720 #endif
4721 } else {
4722 if (!s->method->ssl3_enc->generate_master_secret(s,
4723 s->session->master_key, pms, pmslen,
4724 &s->session->master_key_length)) {
4725 /* SSLfatal() already called */
4726 goto err;
4727 }
4728 }
4729
4730 ret = 1;
4731 err:
4732 if (pms) {
4733 if (free_pms)
4734 OPENSSL_clear_free(pms, pmslen);
4735 else
4736 OPENSSL_cleanse(pms, pmslen);
4737 }
4738 if (s->server == 0)
4739 s->s3.tmp.pms = NULL;
4740 return ret;
4741 }
4742
4743 /* Generate a private key from parameters */
4744 EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
4745 {
4746 EVP_PKEY_CTX *pctx = NULL;
4747 EVP_PKEY *pkey = NULL;
4748
4749 if (pm == NULL)
4750 return NULL;
4751 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq);
4752 if (pctx == NULL)
4753 goto err;
4754 if (EVP_PKEY_keygen_init(pctx) <= 0)
4755 goto err;
4756 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4757 EVP_PKEY_free(pkey);
4758 pkey = NULL;
4759 }
4760
4761 err:
4762 EVP_PKEY_CTX_free(pctx);
4763 return pkey;
4764 }
4765
4766 /* Generate a private key from a group ID */
4767 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
4768 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4769 {
4770 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4771 EVP_PKEY_CTX *pctx = NULL;
4772 EVP_PKEY *pkey = NULL;
4773 uint16_t gtype;
4774 # ifndef OPENSSL_NO_DH
4775 DH *dh = NULL;
4776 # endif
4777
4778 if (ginf == NULL) {
4779 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4780 ERR_R_INTERNAL_ERROR);
4781 goto err;
4782 }
4783 gtype = ginf->flags & TLS_GROUP_TYPE;
4784
4785 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->keytype,
4786 s->ctx->propq);
4787
4788 if (pctx == NULL) {
4789 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4790 ERR_R_MALLOC_FAILURE);
4791 goto err;
4792 }
4793 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4794 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4795 ERR_R_EVP_LIB);
4796 goto err;
4797 }
4798 # ifndef OPENSSL_NO_DH
4799 if (gtype == TLS_GROUP_FFDHE) {
4800 if ((pkey = EVP_PKEY_new()) == NULL
4801 || (dh = DH_new_by_nid(ginf->nid)) == NULL
4802 || !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
4803 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4804 ERR_R_EVP_LIB);
4805 DH_free(dh);
4806 EVP_PKEY_free(pkey);
4807 pkey = NULL;
4808 goto err;
4809 }
4810 if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
4811 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4812 ERR_R_EVP_LIB);
4813 EVP_PKEY_free(pkey);
4814 pkey = NULL;
4815 goto err;
4816 }
4817 }
4818 # ifndef OPENSSL_NO_EC
4819 else
4820 # endif
4821 # endif
4822 # ifndef OPENSSL_NO_EC
4823 {
4824 if (gtype != TLS_GROUP_CURVE_CUSTOM
4825 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4826 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4827 ERR_R_EVP_LIB);
4828 goto err;
4829 }
4830 }
4831 # endif
4832 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4833 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4834 ERR_R_EVP_LIB);
4835 EVP_PKEY_free(pkey);
4836 pkey = NULL;
4837 }
4838
4839 err:
4840 EVP_PKEY_CTX_free(pctx);
4841 return pkey;
4842 }
4843 #endif
4844
4845 /*
4846 * Generate parameters from a group ID
4847 */
4848 EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
4849 {
4850 EVP_PKEY_CTX *pctx = NULL;
4851 EVP_PKEY *pkey = NULL;
4852 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4853 const char *pkey_ctx_name;
4854
4855 if (ginf == NULL)
4856 goto err;
4857
4858 if ((ginf->flags & TLS_GROUP_TYPE) == TLS_GROUP_CURVE_CUSTOM) {
4859 pkey = EVP_PKEY_new();
4860 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4861 return pkey;
4862 EVP_PKEY_free(pkey);
4863 return NULL;
4864 }
4865
4866 pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC";
4867 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name,
4868 s->ctx->propq);
4869
4870 if (pctx == NULL)
4871 goto err;
4872 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4873 goto err;
4874 # ifndef OPENSSL_NO_DH
4875 if (ginf->flags & TLS_GROUP_FFDHE) {
4876 if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0)
4877 goto err;
4878 }
4879 # ifndef OPENSSL_NO_EC
4880 else
4881 # endif
4882 # endif
4883 # ifndef OPENSSL_NO_EC
4884 {
4885 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4886 goto err;
4887 }
4888 # endif
4889 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4890 EVP_PKEY_free(pkey);
4891 pkey = NULL;
4892 }
4893
4894 err:
4895 EVP_PKEY_CTX_free(pctx);
4896 return pkey;
4897 }
4898
4899 /* Derive secrets for ECDH/DH */
4900 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4901 {
4902 int rv = 0;
4903 unsigned char *pms = NULL;
4904 size_t pmslen = 0;
4905 EVP_PKEY_CTX *pctx;
4906
4907 if (privkey == NULL || pubkey == NULL) {
4908 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4909 ERR_R_INTERNAL_ERROR);
4910 return 0;
4911 }
4912
4913 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4914
4915 if (EVP_PKEY_derive_init(pctx) <= 0
4916 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4917 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4918 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4919 ERR_R_INTERNAL_ERROR);
4920 goto err;
4921 }
4922
4923 #ifndef OPENSSL_NO_DH
4924 if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
4925 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4926 #endif
4927
4928 pms = OPENSSL_malloc(pmslen);
4929 if (pms == NULL) {
4930 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4931 ERR_R_MALLOC_FAILURE);
4932 goto err;
4933 }
4934
4935 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4936 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4937 ERR_R_INTERNAL_ERROR);
4938 goto err;
4939 }
4940
4941 if (gensecret) {
4942 /* SSLfatal() called as appropriate in the below functions */
4943 if (SSL_IS_TLS13(s)) {
4944 /*
4945 * If we are resuming then we already generated the early secret
4946 * when we created the ClientHello, so don't recreate it.
4947 */
4948 if (!s->hit)
4949 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4950 0,
4951 (unsigned char *)&s->early_secret);
4952 else
4953 rv = 1;
4954
4955 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4956 } else {
4957 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4958 }
4959 } else {
4960 /* Save premaster secret */
4961 s->s3.tmp.pms = pms;
4962 s->s3.tmp.pmslen = pmslen;
4963 pms = NULL;
4964 rv = 1;
4965 }
4966
4967 err:
4968 OPENSSL_clear_free(pms, pmslen);
4969 EVP_PKEY_CTX_free(pctx);
4970 return rv;
4971 }
4972
4973 #ifndef OPENSSL_NO_DH
4974 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4975 {
4976 EVP_PKEY *ret;
4977 if (dh == NULL)
4978 return NULL;
4979 ret = EVP_PKEY_new();
4980 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
4981 EVP_PKEY_free(ret);
4982 return NULL;
4983 }
4984 return ret;
4985 }
4986 #endif
A mirror of the official openssl repository