Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 8cc82cdbbcd655d55050b7b6541e135b6e1303f3 / . / ap / lib / libssl / openssl-1.1.1o / ssl / s3_lib.c
blob: 32f9b257106b2c7e4c792ca81b856ae024230a98 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame]1/*
2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12#include <stdio.h>
13#include <openssl/objects.h>
14#include "internal/nelem.h"
15#include "ssl_local.h"
16#include <openssl/md5.h>
17#include <openssl/dh.h>
18#include <openssl/rand.h>
19#include "internal/cryptlib.h"
20
21#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
22#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
23#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
24
25/* TLSv1.3 downgrade protection sentinel values */
26const unsigned char tls11downgrade[] = {
27 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
28};
29const unsigned char tls12downgrade[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
31};
32
33/* The list of available TLSv1.3 ciphers */
34static SSL_CIPHER tls13_ciphers[] = {
35 {
36 1,
37 TLS1_3_RFC_AES_128_GCM_SHA256,
38 TLS1_3_RFC_AES_128_GCM_SHA256,
39 TLS1_3_CK_AES_128_GCM_SHA256,
40 SSL_kANY,
41 SSL_aANY,
42 SSL_AES128GCM,
43 SSL_AEAD,
44 TLS1_3_VERSION, TLS1_3_VERSION,
45 0, 0,
46 SSL_HIGH,
47 SSL_HANDSHAKE_MAC_SHA256,
48 128,
49 128,
50 }, {
51 1,
52 TLS1_3_RFC_AES_256_GCM_SHA384,
53 TLS1_3_RFC_AES_256_GCM_SHA384,
54 TLS1_3_CK_AES_256_GCM_SHA384,
55 SSL_kANY,
56 SSL_aANY,
57 SSL_AES256GCM,
58 SSL_AEAD,
59 TLS1_3_VERSION, TLS1_3_VERSION,
60 0, 0,
61 SSL_HIGH,
62 SSL_HANDSHAKE_MAC_SHA384,
63 256,
64 256,
65 },
66#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
67 {
68 1,
69 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
70 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
71 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
72 SSL_kANY,
73 SSL_aANY,
74 SSL_CHACHA20POLY1305,
75 SSL_AEAD,
76 TLS1_3_VERSION, TLS1_3_VERSION,
77 0, 0,
78 SSL_HIGH,
79 SSL_HANDSHAKE_MAC_SHA256,
80 256,
81 256,
82 },
83#endif
84 {
85 1,
86 TLS1_3_RFC_AES_128_CCM_SHA256,
87 TLS1_3_RFC_AES_128_CCM_SHA256,
88 TLS1_3_CK_AES_128_CCM_SHA256,
89 SSL_kANY,
90 SSL_aANY,
91 SSL_AES128CCM,
92 SSL_AEAD,
93 TLS1_3_VERSION, TLS1_3_VERSION,
94 0, 0,
95 SSL_NOT_DEFAULT | SSL_HIGH,
96 SSL_HANDSHAKE_MAC_SHA256,
97 128,
98 128,
99 }, {
100 1,
101 TLS1_3_RFC_AES_128_CCM_8_SHA256,
102 TLS1_3_RFC_AES_128_CCM_8_SHA256,
103 TLS1_3_CK_AES_128_CCM_8_SHA256,
104 SSL_kANY,
105 SSL_aANY,
106 SSL_AES128CCM8,
107 SSL_AEAD,
108 TLS1_3_VERSION, TLS1_3_VERSION,
109 0, 0,
110 SSL_NOT_DEFAULT | SSL_HIGH,
111 SSL_HANDSHAKE_MAC_SHA256,
112 128,
113 128,
114 }
115};
116
117/*
118 * The list of available ciphers, mostly organized into the following
119 * groups:
120 * Always there
121 * EC
122 * PSK
123 * SRP (within that: RSA EC PSK)
124 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
125 * Weak ciphers
126 */
127static SSL_CIPHER ssl3_ciphers[] = {
128 {
129 1,
130 SSL3_TXT_RSA_NULL_MD5,
131 SSL3_RFC_RSA_NULL_MD5,
132 SSL3_CK_RSA_NULL_MD5,
133 SSL_kRSA,
134 SSL_aRSA,
135 SSL_eNULL,
136 SSL_MD5,
137 SSL3_VERSION, TLS1_2_VERSION,
138 DTLS1_BAD_VER, DTLS1_2_VERSION,
139 SSL_STRONG_NONE,
140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
141 0,
142 0,
143 },
144 {
145 1,
146 SSL3_TXT_RSA_NULL_SHA,
147 SSL3_RFC_RSA_NULL_SHA,
148 SSL3_CK_RSA_NULL_SHA,
149 SSL_kRSA,
150 SSL_aRSA,
151 SSL_eNULL,
152 SSL_SHA1,
153 SSL3_VERSION, TLS1_2_VERSION,
154 DTLS1_BAD_VER, DTLS1_2_VERSION,
155 SSL_STRONG_NONE | SSL_FIPS,
156 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
157 0,
158 0,
159 },
160#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
161 {
162 1,
163 SSL3_TXT_RSA_DES_192_CBC3_SHA,
164 SSL3_RFC_RSA_DES_192_CBC3_SHA,
165 SSL3_CK_RSA_DES_192_CBC3_SHA,
166 SSL_kRSA,
167 SSL_aRSA,
168 SSL_3DES,
169 SSL_SHA1,
170 SSL3_VERSION, TLS1_2_VERSION,
171 DTLS1_BAD_VER, DTLS1_2_VERSION,
172 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
173 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
174 112,
175 168,
176 },
177 {
178 1,
179 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
180 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
181 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
182 SSL_kDHE,
183 SSL_aDSS,
184 SSL_3DES,
185 SSL_SHA1,
186 SSL3_VERSION, TLS1_2_VERSION,
187 DTLS1_BAD_VER, DTLS1_2_VERSION,
188 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
189 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
190 112,
191 168,
192 },
193 {
194 1,
195 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
196 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
197 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
198 SSL_kDHE,
199 SSL_aRSA,
200 SSL_3DES,
201 SSL_SHA1,
202 SSL3_VERSION, TLS1_2_VERSION,
203 DTLS1_BAD_VER, DTLS1_2_VERSION,
204 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
205 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
206 112,
207 168,
208 },
209 {
210 1,
211 SSL3_TXT_ADH_DES_192_CBC_SHA,
212 SSL3_RFC_ADH_DES_192_CBC_SHA,
213 SSL3_CK_ADH_DES_192_CBC_SHA,
214 SSL_kDHE,
215 SSL_aNULL,
216 SSL_3DES,
217 SSL_SHA1,
218 SSL3_VERSION, TLS1_2_VERSION,
219 DTLS1_BAD_VER, DTLS1_2_VERSION,
220 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
221 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
222 112,
223 168,
224 },
225#endif
226 {
227 1,
228 TLS1_TXT_RSA_WITH_AES_128_SHA,
229 TLS1_RFC_RSA_WITH_AES_128_SHA,
230 TLS1_CK_RSA_WITH_AES_128_SHA,
231 SSL_kRSA,
232 SSL_aRSA,
233 SSL_AES128,
234 SSL_SHA1,
235 SSL3_VERSION, TLS1_2_VERSION,
236 DTLS1_BAD_VER, DTLS1_2_VERSION,
237 SSL_HIGH | SSL_FIPS,
238 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
239 128,
240 128,
241 },
242 {
243 1,
244 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
245 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
246 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
247 SSL_kDHE,
248 SSL_aDSS,
249 SSL_AES128,
250 SSL_SHA1,
251 SSL3_VERSION, TLS1_2_VERSION,
252 DTLS1_BAD_VER, DTLS1_2_VERSION,
253 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
254 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
255 128,
256 128,
257 },
258 {
259 1,
260 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
261 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
262 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
263 SSL_kDHE,
264 SSL_aRSA,
265 SSL_AES128,
266 SSL_SHA1,
267 SSL3_VERSION, TLS1_2_VERSION,
268 DTLS1_BAD_VER, DTLS1_2_VERSION,
269 SSL_HIGH | SSL_FIPS,
270 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271 128,
272 128,
273 },
274 {
275 1,
276 TLS1_TXT_ADH_WITH_AES_128_SHA,
277 TLS1_RFC_ADH_WITH_AES_128_SHA,
278 TLS1_CK_ADH_WITH_AES_128_SHA,
279 SSL_kDHE,
280 SSL_aNULL,
281 SSL_AES128,
282 SSL_SHA1,
283 SSL3_VERSION, TLS1_2_VERSION,
284 DTLS1_BAD_VER, DTLS1_2_VERSION,
285 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
287 128,
288 128,
289 },
290 {
291 1,
292 TLS1_TXT_RSA_WITH_AES_256_SHA,
293 TLS1_RFC_RSA_WITH_AES_256_SHA,
294 TLS1_CK_RSA_WITH_AES_256_SHA,
295 SSL_kRSA,
296 SSL_aRSA,
297 SSL_AES256,
298 SSL_SHA1,
299 SSL3_VERSION, TLS1_2_VERSION,
300 DTLS1_BAD_VER, DTLS1_2_VERSION,
301 SSL_HIGH | SSL_FIPS,
302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
303 256,
304 256,
305 },
306 {
307 1,
308 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
309 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
310 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
311 SSL_kDHE,
312 SSL_aDSS,
313 SSL_AES256,
314 SSL_SHA1,
315 SSL3_VERSION, TLS1_2_VERSION,
316 DTLS1_BAD_VER, DTLS1_2_VERSION,
317 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
319 256,
320 256,
321 },
322 {
323 1,
324 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
325 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
326 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
327 SSL_kDHE,
328 SSL_aRSA,
329 SSL_AES256,
330 SSL_SHA1,
331 SSL3_VERSION, TLS1_2_VERSION,
332 DTLS1_BAD_VER, DTLS1_2_VERSION,
333 SSL_HIGH | SSL_FIPS,
334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
335 256,
336 256,
337 },
338 {
339 1,
340 TLS1_TXT_ADH_WITH_AES_256_SHA,
341 TLS1_RFC_ADH_WITH_AES_256_SHA,
342 TLS1_CK_ADH_WITH_AES_256_SHA,
343 SSL_kDHE,
344 SSL_aNULL,
345 SSL_AES256,
346 SSL_SHA1,
347 SSL3_VERSION, TLS1_2_VERSION,
348 DTLS1_BAD_VER, DTLS1_2_VERSION,
349 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
351 256,
352 256,
353 },
354 {
355 1,
356 TLS1_TXT_RSA_WITH_NULL_SHA256,
357 TLS1_RFC_RSA_WITH_NULL_SHA256,
358 TLS1_CK_RSA_WITH_NULL_SHA256,
359 SSL_kRSA,
360 SSL_aRSA,
361 SSL_eNULL,
362 SSL_SHA256,
363 TLS1_2_VERSION, TLS1_2_VERSION,
364 DTLS1_2_VERSION, DTLS1_2_VERSION,
365 SSL_STRONG_NONE | SSL_FIPS,
366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
367 0,
368 0,
369 },
370 {
371 1,
372 TLS1_TXT_RSA_WITH_AES_128_SHA256,
373 TLS1_RFC_RSA_WITH_AES_128_SHA256,
374 TLS1_CK_RSA_WITH_AES_128_SHA256,
375 SSL_kRSA,
376 SSL_aRSA,
377 SSL_AES128,
378 SSL_SHA256,
379 TLS1_2_VERSION, TLS1_2_VERSION,
380 DTLS1_2_VERSION, DTLS1_2_VERSION,
381 SSL_HIGH | SSL_FIPS,
382 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 128,
384 128,
385 },
386 {
387 1,
388 TLS1_TXT_RSA_WITH_AES_256_SHA256,
389 TLS1_RFC_RSA_WITH_AES_256_SHA256,
390 TLS1_CK_RSA_WITH_AES_256_SHA256,
391 SSL_kRSA,
392 SSL_aRSA,
393 SSL_AES256,
394 SSL_SHA256,
395 TLS1_2_VERSION, TLS1_2_VERSION,
396 DTLS1_2_VERSION, DTLS1_2_VERSION,
397 SSL_HIGH | SSL_FIPS,
398 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
399 256,
400 256,
401 },
402 {
403 1,
404 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
405 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
406 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
407 SSL_kDHE,
408 SSL_aDSS,
409 SSL_AES128,
410 SSL_SHA256,
411 TLS1_2_VERSION, TLS1_2_VERSION,
412 DTLS1_2_VERSION, DTLS1_2_VERSION,
413 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
414 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
415 128,
416 128,
417 },
418 {
419 1,
420 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
421 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
422 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
423 SSL_kDHE,
424 SSL_aRSA,
425 SSL_AES128,
426 SSL_SHA256,
427 TLS1_2_VERSION, TLS1_2_VERSION,
428 DTLS1_2_VERSION, DTLS1_2_VERSION,
429 SSL_HIGH | SSL_FIPS,
430 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
431 128,
432 128,
433 },
434 {
435 1,
436 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
437 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
438 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
439 SSL_kDHE,
440 SSL_aDSS,
441 SSL_AES256,
442 SSL_SHA256,
443 TLS1_2_VERSION, TLS1_2_VERSION,
444 DTLS1_2_VERSION, DTLS1_2_VERSION,
445 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
446 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
447 256,
448 256,
449 },
450 {
451 1,
452 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
453 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
454 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
455 SSL_kDHE,
456 SSL_aRSA,
457 SSL_AES256,
458 SSL_SHA256,
459 TLS1_2_VERSION, TLS1_2_VERSION,
460 DTLS1_2_VERSION, DTLS1_2_VERSION,
461 SSL_HIGH | SSL_FIPS,
462 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
463 256,
464 256,
465 },
466 {
467 1,
468 TLS1_TXT_ADH_WITH_AES_128_SHA256,
469 TLS1_RFC_ADH_WITH_AES_128_SHA256,
470 TLS1_CK_ADH_WITH_AES_128_SHA256,
471 SSL_kDHE,
472 SSL_aNULL,
473 SSL_AES128,
474 SSL_SHA256,
475 TLS1_2_VERSION, TLS1_2_VERSION,
476 DTLS1_2_VERSION, DTLS1_2_VERSION,
477 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
478 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
479 128,
480 128,
481 },
482 {
483 1,
484 TLS1_TXT_ADH_WITH_AES_256_SHA256,
485 TLS1_RFC_ADH_WITH_AES_256_SHA256,
486 TLS1_CK_ADH_WITH_AES_256_SHA256,
487 SSL_kDHE,
488 SSL_aNULL,
489 SSL_AES256,
490 SSL_SHA256,
491 TLS1_2_VERSION, TLS1_2_VERSION,
492 DTLS1_2_VERSION, DTLS1_2_VERSION,
493 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
494 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
495 256,
496 256,
497 },
498 {
499 1,
500 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
501 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
502 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
503 SSL_kRSA,
504 SSL_aRSA,
505 SSL_AES128GCM,
506 SSL_AEAD,
507 TLS1_2_VERSION, TLS1_2_VERSION,
508 DTLS1_2_VERSION, DTLS1_2_VERSION,
509 SSL_HIGH | SSL_FIPS,
510 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
511 128,
512 128,
513 },
514 {
515 1,
516 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
517 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
518 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
519 SSL_kRSA,
520 SSL_aRSA,
521 SSL_AES256GCM,
522 SSL_AEAD,
523 TLS1_2_VERSION, TLS1_2_VERSION,
524 DTLS1_2_VERSION, DTLS1_2_VERSION,
525 SSL_HIGH | SSL_FIPS,
526 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
527 256,
528 256,
529 },
530 {
531 1,
532 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
533 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
534 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
535 SSL_kDHE,
536 SSL_aRSA,
537 SSL_AES128GCM,
538 SSL_AEAD,
539 TLS1_2_VERSION, TLS1_2_VERSION,
540 DTLS1_2_VERSION, DTLS1_2_VERSION,
541 SSL_HIGH | SSL_FIPS,
542 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
543 128,
544 128,
545 },
546 {
547 1,
548 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
549 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
550 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
551 SSL_kDHE,
552 SSL_aRSA,
553 SSL_AES256GCM,
554 SSL_AEAD,
555 TLS1_2_VERSION, TLS1_2_VERSION,
556 DTLS1_2_VERSION, DTLS1_2_VERSION,
557 SSL_HIGH | SSL_FIPS,
558 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
559 256,
560 256,
561 },
562 {
563 1,
564 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
565 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
566 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
567 SSL_kDHE,
568 SSL_aDSS,
569 SSL_AES128GCM,
570 SSL_AEAD,
571 TLS1_2_VERSION, TLS1_2_VERSION,
572 DTLS1_2_VERSION, DTLS1_2_VERSION,
573 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
574 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
575 128,
576 128,
577 },
578 {
579 1,
580 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
581 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
582 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
583 SSL_kDHE,
584 SSL_aDSS,
585 SSL_AES256GCM,
586 SSL_AEAD,
587 TLS1_2_VERSION, TLS1_2_VERSION,
588 DTLS1_2_VERSION, DTLS1_2_VERSION,
589 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
590 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
591 256,
592 256,
593 },
594 {
595 1,
596 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
597 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
598 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
599 SSL_kDHE,
600 SSL_aNULL,
601 SSL_AES128GCM,
602 SSL_AEAD,
603 TLS1_2_VERSION, TLS1_2_VERSION,
604 DTLS1_2_VERSION, DTLS1_2_VERSION,
605 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
606 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
607 128,
608 128,
609 },
610 {
611 1,
612 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
613 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
614 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
615 SSL_kDHE,
616 SSL_aNULL,
617 SSL_AES256GCM,
618 SSL_AEAD,
619 TLS1_2_VERSION, TLS1_2_VERSION,
620 DTLS1_2_VERSION, DTLS1_2_VERSION,
621 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
622 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
623 256,
624 256,
625 },
626 {
627 1,
628 TLS1_TXT_RSA_WITH_AES_128_CCM,
629 TLS1_RFC_RSA_WITH_AES_128_CCM,
630 TLS1_CK_RSA_WITH_AES_128_CCM,
631 SSL_kRSA,
632 SSL_aRSA,
633 SSL_AES128CCM,
634 SSL_AEAD,
635 TLS1_2_VERSION, TLS1_2_VERSION,
636 DTLS1_2_VERSION, DTLS1_2_VERSION,
637 SSL_NOT_DEFAULT | SSL_HIGH,
638 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
639 128,
640 128,
641 },
642 {
643 1,
644 TLS1_TXT_RSA_WITH_AES_256_CCM,
645 TLS1_RFC_RSA_WITH_AES_256_CCM,
646 TLS1_CK_RSA_WITH_AES_256_CCM,
647 SSL_kRSA,
648 SSL_aRSA,
649 SSL_AES256CCM,
650 SSL_AEAD,
651 TLS1_2_VERSION, TLS1_2_VERSION,
652 DTLS1_2_VERSION, DTLS1_2_VERSION,
653 SSL_NOT_DEFAULT | SSL_HIGH,
654 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
655 256,
656 256,
657 },
658 {
659 1,
660 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
661 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
662 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
663 SSL_kDHE,
664 SSL_aRSA,
665 SSL_AES128CCM,
666 SSL_AEAD,
667 TLS1_2_VERSION, TLS1_2_VERSION,
668 DTLS1_2_VERSION, DTLS1_2_VERSION,
669 SSL_NOT_DEFAULT | SSL_HIGH,
670 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
671 128,
672 128,
673 },
674 {
675 1,
676 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
677 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
678 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
679 SSL_kDHE,
680 SSL_aRSA,
681 SSL_AES256CCM,
682 SSL_AEAD,
683 TLS1_2_VERSION, TLS1_2_VERSION,
684 DTLS1_2_VERSION, DTLS1_2_VERSION,
685 SSL_NOT_DEFAULT | SSL_HIGH,
686 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
687 256,
688 256,
689 },
690 {
691 1,
692 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
693 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
694 TLS1_CK_RSA_WITH_AES_128_CCM_8,
695 SSL_kRSA,
696 SSL_aRSA,
697 SSL_AES128CCM8,
698 SSL_AEAD,
699 TLS1_2_VERSION, TLS1_2_VERSION,
700 DTLS1_2_VERSION, DTLS1_2_VERSION,
701 SSL_NOT_DEFAULT | SSL_HIGH,
702 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
703 128,
704 128,
705 },
706 {
707 1,
708 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
709 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
710 TLS1_CK_RSA_WITH_AES_256_CCM_8,
711 SSL_kRSA,
712 SSL_aRSA,
713 SSL_AES256CCM8,
714 SSL_AEAD,
715 TLS1_2_VERSION, TLS1_2_VERSION,
716 DTLS1_2_VERSION, DTLS1_2_VERSION,
717 SSL_NOT_DEFAULT | SSL_HIGH,
718 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
719 256,
720 256,
721 },
722 {
723 1,
724 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
725 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
726 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
727 SSL_kDHE,
728 SSL_aRSA,
729 SSL_AES128CCM8,
730 SSL_AEAD,
731 TLS1_2_VERSION, TLS1_2_VERSION,
732 DTLS1_2_VERSION, DTLS1_2_VERSION,
733 SSL_NOT_DEFAULT | SSL_HIGH,
734 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
735 128,
736 128,
737 },
738 {
739 1,
740 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
741 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
742 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
743 SSL_kDHE,
744 SSL_aRSA,
745 SSL_AES256CCM8,
746 SSL_AEAD,
747 TLS1_2_VERSION, TLS1_2_VERSION,
748 DTLS1_2_VERSION, DTLS1_2_VERSION,
749 SSL_NOT_DEFAULT | SSL_HIGH,
750 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
751 256,
752 256,
753 },
754 {
755 1,
756 TLS1_TXT_PSK_WITH_AES_128_CCM,
757 TLS1_RFC_PSK_WITH_AES_128_CCM,
758 TLS1_CK_PSK_WITH_AES_128_CCM,
759 SSL_kPSK,
760 SSL_aPSK,
761 SSL_AES128CCM,
762 SSL_AEAD,
763 TLS1_2_VERSION, TLS1_2_VERSION,
764 DTLS1_2_VERSION, DTLS1_2_VERSION,
765 SSL_NOT_DEFAULT | SSL_HIGH,
766 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
767 128,
768 128,
769 },
770 {
771 1,
772 TLS1_TXT_PSK_WITH_AES_256_CCM,
773 TLS1_RFC_PSK_WITH_AES_256_CCM,
774 TLS1_CK_PSK_WITH_AES_256_CCM,
775 SSL_kPSK,
776 SSL_aPSK,
777 SSL_AES256CCM,
778 SSL_AEAD,
779 TLS1_2_VERSION, TLS1_2_VERSION,
780 DTLS1_2_VERSION, DTLS1_2_VERSION,
781 SSL_NOT_DEFAULT | SSL_HIGH,
782 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
783 256,
784 256,
785 },
786 {
787 1,
788 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
789 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
790 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
791 SSL_kDHEPSK,
792 SSL_aPSK,
793 SSL_AES128CCM,
794 SSL_AEAD,
795 TLS1_2_VERSION, TLS1_2_VERSION,
796 DTLS1_2_VERSION, DTLS1_2_VERSION,
797 SSL_NOT_DEFAULT | SSL_HIGH,
798 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
799 128,
800 128,
801 },
802 {
803 1,
804 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
805 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
806 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
807 SSL_kDHEPSK,
808 SSL_aPSK,
809 SSL_AES256CCM,
810 SSL_AEAD,
811 TLS1_2_VERSION, TLS1_2_VERSION,
812 DTLS1_2_VERSION, DTLS1_2_VERSION,
813 SSL_NOT_DEFAULT | SSL_HIGH,
814 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
815 256,
816 256,
817 },
818 {
819 1,
820 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
821 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
822 TLS1_CK_PSK_WITH_AES_128_CCM_8,
823 SSL_kPSK,
824 SSL_aPSK,
825 SSL_AES128CCM8,
826 SSL_AEAD,
827 TLS1_2_VERSION, TLS1_2_VERSION,
828 DTLS1_2_VERSION, DTLS1_2_VERSION,
829 SSL_NOT_DEFAULT | SSL_HIGH,
830 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
831 128,
832 128,
833 },
834 {
835 1,
836 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
837 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
838 TLS1_CK_PSK_WITH_AES_256_CCM_8,
839 SSL_kPSK,
840 SSL_aPSK,
841 SSL_AES256CCM8,
842 SSL_AEAD,
843 TLS1_2_VERSION, TLS1_2_VERSION,
844 DTLS1_2_VERSION, DTLS1_2_VERSION,
845 SSL_NOT_DEFAULT | SSL_HIGH,
846 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
847 256,
848 256,
849 },
850 {
851 1,
852 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
853 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
854 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
855 SSL_kDHEPSK,
856 SSL_aPSK,
857 SSL_AES128CCM8,
858 SSL_AEAD,
859 TLS1_2_VERSION, TLS1_2_VERSION,
860 DTLS1_2_VERSION, DTLS1_2_VERSION,
861 SSL_NOT_DEFAULT | SSL_HIGH,
862 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
863 128,
864 128,
865 },
866 {
867 1,
868 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
869 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
870 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
871 SSL_kDHEPSK,
872 SSL_aPSK,
873 SSL_AES256CCM8,
874 SSL_AEAD,
875 TLS1_2_VERSION, TLS1_2_VERSION,
876 DTLS1_2_VERSION, DTLS1_2_VERSION,
877 SSL_NOT_DEFAULT | SSL_HIGH,
878 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
879 256,
880 256,
881 },
882 {
883 1,
884 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
885 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
886 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
887 SSL_kECDHE,
888 SSL_aECDSA,
889 SSL_AES128CCM,
890 SSL_AEAD,
891 TLS1_2_VERSION, TLS1_2_VERSION,
892 DTLS1_2_VERSION, DTLS1_2_VERSION,
893 SSL_NOT_DEFAULT | SSL_HIGH,
894 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
895 128,
896 128,
897 },
898 {
899 1,
900 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
901 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
902 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
903 SSL_kECDHE,
904 SSL_aECDSA,
905 SSL_AES256CCM,
906 SSL_AEAD,
907 TLS1_2_VERSION, TLS1_2_VERSION,
908 DTLS1_2_VERSION, DTLS1_2_VERSION,
909 SSL_NOT_DEFAULT | SSL_HIGH,
910 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
911 256,
912 256,
913 },
914 {
915 1,
916 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
917 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
918 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
919 SSL_kECDHE,
920 SSL_aECDSA,
921 SSL_AES128CCM8,
922 SSL_AEAD,
923 TLS1_2_VERSION, TLS1_2_VERSION,
924 DTLS1_2_VERSION, DTLS1_2_VERSION,
925 SSL_NOT_DEFAULT | SSL_HIGH,
926 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
927 128,
928 128,
929 },
930 {
931 1,
932 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
933 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
934 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
935 SSL_kECDHE,
936 SSL_aECDSA,
937 SSL_AES256CCM8,
938 SSL_AEAD,
939 TLS1_2_VERSION, TLS1_2_VERSION,
940 DTLS1_2_VERSION, DTLS1_2_VERSION,
941 SSL_NOT_DEFAULT | SSL_HIGH,
942 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
943 256,
944 256,
945 },
946 {
947 1,
948 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
949 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
950 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
951 SSL_kECDHE,
952 SSL_aECDSA,
953 SSL_eNULL,
954 SSL_SHA1,
955 TLS1_VERSION, TLS1_2_VERSION,
956 DTLS1_BAD_VER, DTLS1_2_VERSION,
957 SSL_STRONG_NONE | SSL_FIPS,
958 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
959 0,
960 0,
961 },
962# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
963 {
964 1,
965 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
966 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
968 SSL_kECDHE,
969 SSL_aECDSA,
970 SSL_3DES,
971 SSL_SHA1,
972 TLS1_VERSION, TLS1_2_VERSION,
973 DTLS1_BAD_VER, DTLS1_2_VERSION,
974 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
975 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
976 112,
977 168,
978 },
979# endif
980 {
981 1,
982 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
983 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
985 SSL_kECDHE,
986 SSL_aECDSA,
987 SSL_AES128,
988 SSL_SHA1,
989 TLS1_VERSION, TLS1_2_VERSION,
990 DTLS1_BAD_VER, DTLS1_2_VERSION,
991 SSL_HIGH | SSL_FIPS,
992 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
993 128,
994 128,
995 },
996 {
997 1,
998 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
999 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1001 SSL_kECDHE,
1002 SSL_aECDSA,
1003 SSL_AES256,
1004 SSL_SHA1,
1005 TLS1_VERSION, TLS1_2_VERSION,
1006 DTLS1_BAD_VER, DTLS1_2_VERSION,
1007 SSL_HIGH | SSL_FIPS,
1008 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1009 256,
1010 256,
1011 },
1012 {
1013 1,
1014 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1015 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1016 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1017 SSL_kECDHE,
1018 SSL_aRSA,
1019 SSL_eNULL,
1020 SSL_SHA1,
1021 TLS1_VERSION, TLS1_2_VERSION,
1022 DTLS1_BAD_VER, DTLS1_2_VERSION,
1023 SSL_STRONG_NONE | SSL_FIPS,
1024 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1025 0,
1026 0,
1027 },
1028# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1029 {
1030 1,
1031 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1032 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1034 SSL_kECDHE,
1035 SSL_aRSA,
1036 SSL_3DES,
1037 SSL_SHA1,
1038 TLS1_VERSION, TLS1_2_VERSION,
1039 DTLS1_BAD_VER, DTLS1_2_VERSION,
1040 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1041 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1042 112,
1043 168,
1044 },
1045# endif
1046 {
1047 1,
1048 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1049 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1051 SSL_kECDHE,
1052 SSL_aRSA,
1053 SSL_AES128,
1054 SSL_SHA1,
1055 TLS1_VERSION, TLS1_2_VERSION,
1056 DTLS1_BAD_VER, DTLS1_2_VERSION,
1057 SSL_HIGH | SSL_FIPS,
1058 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1059 128,
1060 128,
1061 },
1062 {
1063 1,
1064 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1065 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1067 SSL_kECDHE,
1068 SSL_aRSA,
1069 SSL_AES256,
1070 SSL_SHA1,
1071 TLS1_VERSION, TLS1_2_VERSION,
1072 DTLS1_BAD_VER, DTLS1_2_VERSION,
1073 SSL_HIGH | SSL_FIPS,
1074 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1075 256,
1076 256,
1077 },
1078 {
1079 1,
1080 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1081 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1082 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1083 SSL_kECDHE,
1084 SSL_aNULL,
1085 SSL_eNULL,
1086 SSL_SHA1,
1087 TLS1_VERSION, TLS1_2_VERSION,
1088 DTLS1_BAD_VER, DTLS1_2_VERSION,
1089 SSL_STRONG_NONE | SSL_FIPS,
1090 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1091 0,
1092 0,
1093 },
1094# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1095 {
1096 1,
1097 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1098 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1100 SSL_kECDHE,
1101 SSL_aNULL,
1102 SSL_3DES,
1103 SSL_SHA1,
1104 TLS1_VERSION, TLS1_2_VERSION,
1105 DTLS1_BAD_VER, DTLS1_2_VERSION,
1106 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1107 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1108 112,
1109 168,
1110 },
1111# endif
1112 {
1113 1,
1114 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1115 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1116 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1117 SSL_kECDHE,
1118 SSL_aNULL,
1119 SSL_AES128,
1120 SSL_SHA1,
1121 TLS1_VERSION, TLS1_2_VERSION,
1122 DTLS1_BAD_VER, DTLS1_2_VERSION,
1123 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1124 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1125 128,
1126 128,
1127 },
1128 {
1129 1,
1130 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1131 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1132 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1133 SSL_kECDHE,
1134 SSL_aNULL,
1135 SSL_AES256,
1136 SSL_SHA1,
1137 TLS1_VERSION, TLS1_2_VERSION,
1138 DTLS1_BAD_VER, DTLS1_2_VERSION,
1139 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1141 256,
1142 256,
1143 },
1144 {
1145 1,
1146 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1147 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1149 SSL_kECDHE,
1150 SSL_aECDSA,
1151 SSL_AES128,
1152 SSL_SHA256,
1153 TLS1_2_VERSION, TLS1_2_VERSION,
1154 DTLS1_2_VERSION, DTLS1_2_VERSION,
1155 SSL_HIGH | SSL_FIPS,
1156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1157 128,
1158 128,
1159 },
1160 {
1161 1,
1162 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1163 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1165 SSL_kECDHE,
1166 SSL_aECDSA,
1167 SSL_AES256,
1168 SSL_SHA384,
1169 TLS1_2_VERSION, TLS1_2_VERSION,
1170 DTLS1_2_VERSION, DTLS1_2_VERSION,
1171 SSL_HIGH | SSL_FIPS,
1172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1173 256,
1174 256,
1175 },
1176 {
1177 1,
1178 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1179 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1180 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1181 SSL_kECDHE,
1182 SSL_aRSA,
1183 SSL_AES128,
1184 SSL_SHA256,
1185 TLS1_2_VERSION, TLS1_2_VERSION,
1186 DTLS1_2_VERSION, DTLS1_2_VERSION,
1187 SSL_HIGH | SSL_FIPS,
1188 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1189 128,
1190 128,
1191 },
1192 {
1193 1,
1194 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1195 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1196 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1197 SSL_kECDHE,
1198 SSL_aRSA,
1199 SSL_AES256,
1200 SSL_SHA384,
1201 TLS1_2_VERSION, TLS1_2_VERSION,
1202 DTLS1_2_VERSION, DTLS1_2_VERSION,
1203 SSL_HIGH | SSL_FIPS,
1204 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1205 256,
1206 256,
1207 },
1208 {
1209 1,
1210 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1211 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1213 SSL_kECDHE,
1214 SSL_aECDSA,
1215 SSL_AES128GCM,
1216 SSL_AEAD,
1217 TLS1_2_VERSION, TLS1_2_VERSION,
1218 DTLS1_2_VERSION, DTLS1_2_VERSION,
1219 SSL_HIGH | SSL_FIPS,
1220 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1221 128,
1222 128,
1223 },
1224 {
1225 1,
1226 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1227 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1229 SSL_kECDHE,
1230 SSL_aECDSA,
1231 SSL_AES256GCM,
1232 SSL_AEAD,
1233 TLS1_2_VERSION, TLS1_2_VERSION,
1234 DTLS1_2_VERSION, DTLS1_2_VERSION,
1235 SSL_HIGH | SSL_FIPS,
1236 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1237 256,
1238 256,
1239 },
1240 {
1241 1,
1242 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1243 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1245 SSL_kECDHE,
1246 SSL_aRSA,
1247 SSL_AES128GCM,
1248 SSL_AEAD,
1249 TLS1_2_VERSION, TLS1_2_VERSION,
1250 DTLS1_2_VERSION, DTLS1_2_VERSION,
1251 SSL_HIGH | SSL_FIPS,
1252 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1253 128,
1254 128,
1255 },
1256 {
1257 1,
1258 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1259 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1261 SSL_kECDHE,
1262 SSL_aRSA,
1263 SSL_AES256GCM,
1264 SSL_AEAD,
1265 TLS1_2_VERSION, TLS1_2_VERSION,
1266 DTLS1_2_VERSION, DTLS1_2_VERSION,
1267 SSL_HIGH | SSL_FIPS,
1268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1269 256,
1270 256,
1271 },
1272 {
1273 1,
1274 TLS1_TXT_PSK_WITH_NULL_SHA,
1275 TLS1_RFC_PSK_WITH_NULL_SHA,
1276 TLS1_CK_PSK_WITH_NULL_SHA,
1277 SSL_kPSK,
1278 SSL_aPSK,
1279 SSL_eNULL,
1280 SSL_SHA1,
1281 SSL3_VERSION, TLS1_2_VERSION,
1282 DTLS1_BAD_VER, DTLS1_2_VERSION,
1283 SSL_STRONG_NONE | SSL_FIPS,
1284 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1285 0,
1286 0,
1287 },
1288 {
1289 1,
1290 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1291 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1292 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1293 SSL_kDHEPSK,
1294 SSL_aPSK,
1295 SSL_eNULL,
1296 SSL_SHA1,
1297 SSL3_VERSION, TLS1_2_VERSION,
1298 DTLS1_BAD_VER, DTLS1_2_VERSION,
1299 SSL_STRONG_NONE | SSL_FIPS,
1300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1301 0,
1302 0,
1303 },
1304 {
1305 1,
1306 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1307 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1308 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1309 SSL_kRSAPSK,
1310 SSL_aRSA,
1311 SSL_eNULL,
1312 SSL_SHA1,
1313 SSL3_VERSION, TLS1_2_VERSION,
1314 DTLS1_BAD_VER, DTLS1_2_VERSION,
1315 SSL_STRONG_NONE | SSL_FIPS,
1316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1317 0,
1318 0,
1319 },
1320# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1321 {
1322 1,
1323 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1324 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1325 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1326 SSL_kPSK,
1327 SSL_aPSK,
1328 SSL_3DES,
1329 SSL_SHA1,
1330 SSL3_VERSION, TLS1_2_VERSION,
1331 DTLS1_BAD_VER, DTLS1_2_VERSION,
1332 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1333 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1334 112,
1335 168,
1336 },
1337# endif
1338 {
1339 1,
1340 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1341 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1342 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1343 SSL_kPSK,
1344 SSL_aPSK,
1345 SSL_AES128,
1346 SSL_SHA1,
1347 SSL3_VERSION, TLS1_2_VERSION,
1348 DTLS1_BAD_VER, DTLS1_2_VERSION,
1349 SSL_HIGH | SSL_FIPS,
1350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1351 128,
1352 128,
1353 },
1354 {
1355 1,
1356 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1357 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1358 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1359 SSL_kPSK,
1360 SSL_aPSK,
1361 SSL_AES256,
1362 SSL_SHA1,
1363 SSL3_VERSION, TLS1_2_VERSION,
1364 DTLS1_BAD_VER, DTLS1_2_VERSION,
1365 SSL_HIGH | SSL_FIPS,
1366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1367 256,
1368 256,
1369 },
1370# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1371 {
1372 1,
1373 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1374 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1375 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376 SSL_kDHEPSK,
1377 SSL_aPSK,
1378 SSL_3DES,
1379 SSL_SHA1,
1380 SSL3_VERSION, TLS1_2_VERSION,
1381 DTLS1_BAD_VER, DTLS1_2_VERSION,
1382 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1384 112,
1385 168,
1386 },
1387# endif
1388 {
1389 1,
1390 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1391 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1392 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1393 SSL_kDHEPSK,
1394 SSL_aPSK,
1395 SSL_AES128,
1396 SSL_SHA1,
1397 SSL3_VERSION, TLS1_2_VERSION,
1398 DTLS1_BAD_VER, DTLS1_2_VERSION,
1399 SSL_HIGH | SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1401 128,
1402 128,
1403 },
1404 {
1405 1,
1406 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1407 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1408 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1409 SSL_kDHEPSK,
1410 SSL_aPSK,
1411 SSL_AES256,
1412 SSL_SHA1,
1413 SSL3_VERSION, TLS1_2_VERSION,
1414 DTLS1_BAD_VER, DTLS1_2_VERSION,
1415 SSL_HIGH | SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1417 256,
1418 256,
1419 },
1420# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1421 {
1422 1,
1423 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1424 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1425 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426 SSL_kRSAPSK,
1427 SSL_aRSA,
1428 SSL_3DES,
1429 SSL_SHA1,
1430 SSL3_VERSION, TLS1_2_VERSION,
1431 DTLS1_BAD_VER, DTLS1_2_VERSION,
1432 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1433 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1434 112,
1435 168,
1436 },
1437# endif
1438 {
1439 1,
1440 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1441 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1442 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1443 SSL_kRSAPSK,
1444 SSL_aRSA,
1445 SSL_AES128,
1446 SSL_SHA1,
1447 SSL3_VERSION, TLS1_2_VERSION,
1448 DTLS1_BAD_VER, DTLS1_2_VERSION,
1449 SSL_HIGH | SSL_FIPS,
1450 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1451 128,
1452 128,
1453 },
1454 {
1455 1,
1456 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1457 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1458 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1459 SSL_kRSAPSK,
1460 SSL_aRSA,
1461 SSL_AES256,
1462 SSL_SHA1,
1463 SSL3_VERSION, TLS1_2_VERSION,
1464 DTLS1_BAD_VER, DTLS1_2_VERSION,
1465 SSL_HIGH | SSL_FIPS,
1466 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1467 256,
1468 256,
1469 },
1470 {
1471 1,
1472 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1473 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1474 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1475 SSL_kPSK,
1476 SSL_aPSK,
1477 SSL_AES128GCM,
1478 SSL_AEAD,
1479 TLS1_2_VERSION, TLS1_2_VERSION,
1480 DTLS1_2_VERSION, DTLS1_2_VERSION,
1481 SSL_HIGH | SSL_FIPS,
1482 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1483 128,
1484 128,
1485 },
1486 {
1487 1,
1488 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1489 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1490 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1491 SSL_kPSK,
1492 SSL_aPSK,
1493 SSL_AES256GCM,
1494 SSL_AEAD,
1495 TLS1_2_VERSION, TLS1_2_VERSION,
1496 DTLS1_2_VERSION, DTLS1_2_VERSION,
1497 SSL_HIGH | SSL_FIPS,
1498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1499 256,
1500 256,
1501 },
1502 {
1503 1,
1504 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1505 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1506 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507 SSL_kDHEPSK,
1508 SSL_aPSK,
1509 SSL_AES128GCM,
1510 SSL_AEAD,
1511 TLS1_2_VERSION, TLS1_2_VERSION,
1512 DTLS1_2_VERSION, DTLS1_2_VERSION,
1513 SSL_HIGH | SSL_FIPS,
1514 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1515 128,
1516 128,
1517 },
1518 {
1519 1,
1520 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1521 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1522 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523 SSL_kDHEPSK,
1524 SSL_aPSK,
1525 SSL_AES256GCM,
1526 SSL_AEAD,
1527 TLS1_2_VERSION, TLS1_2_VERSION,
1528 DTLS1_2_VERSION, DTLS1_2_VERSION,
1529 SSL_HIGH | SSL_FIPS,
1530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1531 256,
1532 256,
1533 },
1534 {
1535 1,
1536 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1537 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1538 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539 SSL_kRSAPSK,
1540 SSL_aRSA,
1541 SSL_AES128GCM,
1542 SSL_AEAD,
1543 TLS1_2_VERSION, TLS1_2_VERSION,
1544 DTLS1_2_VERSION, DTLS1_2_VERSION,
1545 SSL_HIGH | SSL_FIPS,
1546 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1547 128,
1548 128,
1549 },
1550 {
1551 1,
1552 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1553 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1554 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555 SSL_kRSAPSK,
1556 SSL_aRSA,
1557 SSL_AES256GCM,
1558 SSL_AEAD,
1559 TLS1_2_VERSION, TLS1_2_VERSION,
1560 DTLS1_2_VERSION, DTLS1_2_VERSION,
1561 SSL_HIGH | SSL_FIPS,
1562 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1563 256,
1564 256,
1565 },
1566 {
1567 1,
1568 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1569 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1570 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1571 SSL_kPSK,
1572 SSL_aPSK,
1573 SSL_AES128,
1574 SSL_SHA256,
1575 TLS1_VERSION, TLS1_2_VERSION,
1576 DTLS1_BAD_VER, DTLS1_2_VERSION,
1577 SSL_HIGH | SSL_FIPS,
1578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1579 128,
1580 128,
1581 },
1582 {
1583 1,
1584 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1585 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1586 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1587 SSL_kPSK,
1588 SSL_aPSK,
1589 SSL_AES256,
1590 SSL_SHA384,
1591 TLS1_VERSION, TLS1_2_VERSION,
1592 DTLS1_BAD_VER, DTLS1_2_VERSION,
1593 SSL_HIGH | SSL_FIPS,
1594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1595 256,
1596 256,
1597 },
1598 {
1599 1,
1600 TLS1_TXT_PSK_WITH_NULL_SHA256,
1601 TLS1_RFC_PSK_WITH_NULL_SHA256,
1602 TLS1_CK_PSK_WITH_NULL_SHA256,
1603 SSL_kPSK,
1604 SSL_aPSK,
1605 SSL_eNULL,
1606 SSL_SHA256,
1607 TLS1_VERSION, TLS1_2_VERSION,
1608 DTLS1_BAD_VER, DTLS1_2_VERSION,
1609 SSL_STRONG_NONE | SSL_FIPS,
1610 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1611 0,
1612 0,
1613 },
1614 {
1615 1,
1616 TLS1_TXT_PSK_WITH_NULL_SHA384,
1617 TLS1_RFC_PSK_WITH_NULL_SHA384,
1618 TLS1_CK_PSK_WITH_NULL_SHA384,
1619 SSL_kPSK,
1620 SSL_aPSK,
1621 SSL_eNULL,
1622 SSL_SHA384,
1623 TLS1_VERSION, TLS1_2_VERSION,
1624 DTLS1_BAD_VER, DTLS1_2_VERSION,
1625 SSL_STRONG_NONE | SSL_FIPS,
1626 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1627 0,
1628 0,
1629 },
1630 {
1631 1,
1632 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1633 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635 SSL_kDHEPSK,
1636 SSL_aPSK,
1637 SSL_AES128,
1638 SSL_SHA256,
1639 TLS1_VERSION, TLS1_2_VERSION,
1640 DTLS1_BAD_VER, DTLS1_2_VERSION,
1641 SSL_HIGH | SSL_FIPS,
1642 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1643 128,
1644 128,
1645 },
1646 {
1647 1,
1648 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1649 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1650 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651 SSL_kDHEPSK,
1652 SSL_aPSK,
1653 SSL_AES256,
1654 SSL_SHA384,
1655 TLS1_VERSION, TLS1_2_VERSION,
1656 DTLS1_BAD_VER, DTLS1_2_VERSION,
1657 SSL_HIGH | SSL_FIPS,
1658 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1659 256,
1660 256,
1661 },
1662 {
1663 1,
1664 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1665 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1666 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1667 SSL_kDHEPSK,
1668 SSL_aPSK,
1669 SSL_eNULL,
1670 SSL_SHA256,
1671 TLS1_VERSION, TLS1_2_VERSION,
1672 DTLS1_BAD_VER, DTLS1_2_VERSION,
1673 SSL_STRONG_NONE | SSL_FIPS,
1674 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1675 0,
1676 0,
1677 },
1678 {
1679 1,
1680 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1681 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1682 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1683 SSL_kDHEPSK,
1684 SSL_aPSK,
1685 SSL_eNULL,
1686 SSL_SHA384,
1687 TLS1_VERSION, TLS1_2_VERSION,
1688 DTLS1_BAD_VER, DTLS1_2_VERSION,
1689 SSL_STRONG_NONE | SSL_FIPS,
1690 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1691 0,
1692 0,
1693 },
1694 {
1695 1,
1696 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1697 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1698 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699 SSL_kRSAPSK,
1700 SSL_aRSA,
1701 SSL_AES128,
1702 SSL_SHA256,
1703 TLS1_VERSION, TLS1_2_VERSION,
1704 DTLS1_BAD_VER, DTLS1_2_VERSION,
1705 SSL_HIGH | SSL_FIPS,
1706 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1707 128,
1708 128,
1709 },
1710 {
1711 1,
1712 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1713 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1714 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715 SSL_kRSAPSK,
1716 SSL_aRSA,
1717 SSL_AES256,
1718 SSL_SHA384,
1719 TLS1_VERSION, TLS1_2_VERSION,
1720 DTLS1_BAD_VER, DTLS1_2_VERSION,
1721 SSL_HIGH | SSL_FIPS,
1722 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1723 256,
1724 256,
1725 },
1726 {
1727 1,
1728 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1729 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1730 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1731 SSL_kRSAPSK,
1732 SSL_aRSA,
1733 SSL_eNULL,
1734 SSL_SHA256,
1735 TLS1_VERSION, TLS1_2_VERSION,
1736 DTLS1_BAD_VER, DTLS1_2_VERSION,
1737 SSL_STRONG_NONE | SSL_FIPS,
1738 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1739 0,
1740 0,
1741 },
1742 {
1743 1,
1744 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1745 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1746 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1747 SSL_kRSAPSK,
1748 SSL_aRSA,
1749 SSL_eNULL,
1750 SSL_SHA384,
1751 TLS1_VERSION, TLS1_2_VERSION,
1752 DTLS1_BAD_VER, DTLS1_2_VERSION,
1753 SSL_STRONG_NONE | SSL_FIPS,
1754 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1755 0,
1756 0,
1757 },
1758# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1759 {
1760 1,
1761 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1762 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1763 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1764 SSL_kECDHEPSK,
1765 SSL_aPSK,
1766 SSL_3DES,
1767 SSL_SHA1,
1768 TLS1_VERSION, TLS1_2_VERSION,
1769 DTLS1_BAD_VER, DTLS1_2_VERSION,
1770 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1771 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1772 112,
1773 168,
1774 },
1775# endif
1776 {
1777 1,
1778 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1779 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1780 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1781 SSL_kECDHEPSK,
1782 SSL_aPSK,
1783 SSL_AES128,
1784 SSL_SHA1,
1785 TLS1_VERSION, TLS1_2_VERSION,
1786 DTLS1_BAD_VER, DTLS1_2_VERSION,
1787 SSL_HIGH | SSL_FIPS,
1788 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1789 128,
1790 128,
1791 },
1792 {
1793 1,
1794 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1795 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1796 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1797 SSL_kECDHEPSK,
1798 SSL_aPSK,
1799 SSL_AES256,
1800 SSL_SHA1,
1801 TLS1_VERSION, TLS1_2_VERSION,
1802 DTLS1_BAD_VER, DTLS1_2_VERSION,
1803 SSL_HIGH | SSL_FIPS,
1804 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1805 256,
1806 256,
1807 },
1808 {
1809 1,
1810 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1811 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1812 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1813 SSL_kECDHEPSK,
1814 SSL_aPSK,
1815 SSL_AES128,
1816 SSL_SHA256,
1817 TLS1_VERSION, TLS1_2_VERSION,
1818 DTLS1_BAD_VER, DTLS1_2_VERSION,
1819 SSL_HIGH | SSL_FIPS,
1820 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1821 128,
1822 128,
1823 },
1824 {
1825 1,
1826 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1827 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1828 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1829 SSL_kECDHEPSK,
1830 SSL_aPSK,
1831 SSL_AES256,
1832 SSL_SHA384,
1833 TLS1_VERSION, TLS1_2_VERSION,
1834 DTLS1_BAD_VER, DTLS1_2_VERSION,
1835 SSL_HIGH | SSL_FIPS,
1836 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1837 256,
1838 256,
1839 },
1840 {
1841 1,
1842 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1843 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1844 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1845 SSL_kECDHEPSK,
1846 SSL_aPSK,
1847 SSL_eNULL,
1848 SSL_SHA1,
1849 TLS1_VERSION, TLS1_2_VERSION,
1850 DTLS1_BAD_VER, DTLS1_2_VERSION,
1851 SSL_STRONG_NONE | SSL_FIPS,
1852 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1853 0,
1854 0,
1855 },
1856 {
1857 1,
1858 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1859 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1860 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1861 SSL_kECDHEPSK,
1862 SSL_aPSK,
1863 SSL_eNULL,
1864 SSL_SHA256,
1865 TLS1_VERSION, TLS1_2_VERSION,
1866 DTLS1_BAD_VER, DTLS1_2_VERSION,
1867 SSL_STRONG_NONE | SSL_FIPS,
1868 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1869 0,
1870 0,
1871 },
1872 {
1873 1,
1874 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1875 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1876 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1877 SSL_kECDHEPSK,
1878 SSL_aPSK,
1879 SSL_eNULL,
1880 SSL_SHA384,
1881 TLS1_VERSION, TLS1_2_VERSION,
1882 DTLS1_BAD_VER, DTLS1_2_VERSION,
1883 SSL_STRONG_NONE | SSL_FIPS,
1884 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1885 0,
1886 0,
1887 },
1888
1889# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1890 {
1891 1,
1892 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1893 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1894 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1895 SSL_kSRP,
1896 SSL_aSRP,
1897 SSL_3DES,
1898 SSL_SHA1,
1899 SSL3_VERSION, TLS1_2_VERSION,
1900 DTLS1_BAD_VER, DTLS1_2_VERSION,
1901 SSL_NOT_DEFAULT | SSL_MEDIUM,
1902 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1903 112,
1904 168,
1905 },
1906 {
1907 1,
1908 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1909 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1910 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1911 SSL_kSRP,
1912 SSL_aRSA,
1913 SSL_3DES,
1914 SSL_SHA1,
1915 SSL3_VERSION, TLS1_2_VERSION,
1916 DTLS1_BAD_VER, DTLS1_2_VERSION,
1917 SSL_NOT_DEFAULT | SSL_MEDIUM,
1918 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1919 112,
1920 168,
1921 },
1922 {
1923 1,
1924 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1925 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1926 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1927 SSL_kSRP,
1928 SSL_aDSS,
1929 SSL_3DES,
1930 SSL_SHA1,
1931 SSL3_VERSION, TLS1_2_VERSION,
1932 DTLS1_BAD_VER, DTLS1_2_VERSION,
1933 SSL_NOT_DEFAULT | SSL_MEDIUM,
1934 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1935 112,
1936 168,
1937 },
1938# endif
1939 {
1940 1,
1941 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1942 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1943 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1944 SSL_kSRP,
1945 SSL_aSRP,
1946 SSL_AES128,
1947 SSL_SHA1,
1948 SSL3_VERSION, TLS1_2_VERSION,
1949 DTLS1_BAD_VER, DTLS1_2_VERSION,
1950 SSL_HIGH,
1951 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1952 128,
1953 128,
1954 },
1955 {
1956 1,
1957 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1958 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1959 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1960 SSL_kSRP,
1961 SSL_aRSA,
1962 SSL_AES128,
1963 SSL_SHA1,
1964 SSL3_VERSION, TLS1_2_VERSION,
1965 DTLS1_BAD_VER, DTLS1_2_VERSION,
1966 SSL_HIGH,
1967 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1968 128,
1969 128,
1970 },
1971 {
1972 1,
1973 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1974 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1975 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1976 SSL_kSRP,
1977 SSL_aDSS,
1978 SSL_AES128,
1979 SSL_SHA1,
1980 SSL3_VERSION, TLS1_2_VERSION,
1981 DTLS1_BAD_VER, DTLS1_2_VERSION,
1982 SSL_NOT_DEFAULT | SSL_HIGH,
1983 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1984 128,
1985 128,
1986 },
1987 {
1988 1,
1989 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1990 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1991 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1992 SSL_kSRP,
1993 SSL_aSRP,
1994 SSL_AES256,
1995 SSL_SHA1,
1996 SSL3_VERSION, TLS1_2_VERSION,
1997 DTLS1_BAD_VER, DTLS1_2_VERSION,
1998 SSL_HIGH,
1999 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2000 256,
2001 256,
2002 },
2003 {
2004 1,
2005 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2006 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2007 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2008 SSL_kSRP,
2009 SSL_aRSA,
2010 SSL_AES256,
2011 SSL_SHA1,
2012 SSL3_VERSION, TLS1_2_VERSION,
2013 DTLS1_BAD_VER, DTLS1_2_VERSION,
2014 SSL_HIGH,
2015 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2016 256,
2017 256,
2018 },
2019 {
2020 1,
2021 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2022 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2023 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2024 SSL_kSRP,
2025 SSL_aDSS,
2026 SSL_AES256,
2027 SSL_SHA1,
2028 SSL3_VERSION, TLS1_2_VERSION,
2029 DTLS1_BAD_VER, DTLS1_2_VERSION,
2030 SSL_NOT_DEFAULT | SSL_HIGH,
2031 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2032 256,
2033 256,
2034 },
2035
2036#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2037 {
2038 1,
2039 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2040 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2041 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2042 SSL_kDHE,
2043 SSL_aRSA,
2044 SSL_CHACHA20POLY1305,
2045 SSL_AEAD,
2046 TLS1_2_VERSION, TLS1_2_VERSION,
2047 DTLS1_2_VERSION, DTLS1_2_VERSION,
2048 SSL_HIGH,
2049 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2050 256,
2051 256,
2052 },
2053 {
2054 1,
2055 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2056 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2058 SSL_kECDHE,
2059 SSL_aRSA,
2060 SSL_CHACHA20POLY1305,
2061 SSL_AEAD,
2062 TLS1_2_VERSION, TLS1_2_VERSION,
2063 DTLS1_2_VERSION, DTLS1_2_VERSION,
2064 SSL_HIGH,
2065 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2066 256,
2067 256,
2068 },
2069 {
2070 1,
2071 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2072 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2074 SSL_kECDHE,
2075 SSL_aECDSA,
2076 SSL_CHACHA20POLY1305,
2077 SSL_AEAD,
2078 TLS1_2_VERSION, TLS1_2_VERSION,
2079 DTLS1_2_VERSION, DTLS1_2_VERSION,
2080 SSL_HIGH,
2081 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2082 256,
2083 256,
2084 },
2085 {
2086 1,
2087 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2088 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2089 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2090 SSL_kPSK,
2091 SSL_aPSK,
2092 SSL_CHACHA20POLY1305,
2093 SSL_AEAD,
2094 TLS1_2_VERSION, TLS1_2_VERSION,
2095 DTLS1_2_VERSION, DTLS1_2_VERSION,
2096 SSL_HIGH,
2097 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2098 256,
2099 256,
2100 },
2101 {
2102 1,
2103 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2104 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2106 SSL_kECDHEPSK,
2107 SSL_aPSK,
2108 SSL_CHACHA20POLY1305,
2109 SSL_AEAD,
2110 TLS1_2_VERSION, TLS1_2_VERSION,
2111 DTLS1_2_VERSION, DTLS1_2_VERSION,
2112 SSL_HIGH,
2113 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2114 256,
2115 256,
2116 },
2117 {
2118 1,
2119 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2120 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2121 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2122 SSL_kDHEPSK,
2123 SSL_aPSK,
2124 SSL_CHACHA20POLY1305,
2125 SSL_AEAD,
2126 TLS1_2_VERSION, TLS1_2_VERSION,
2127 DTLS1_2_VERSION, DTLS1_2_VERSION,
2128 SSL_HIGH,
2129 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2130 256,
2131 256,
2132 },
2133 {
2134 1,
2135 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2136 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2137 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2138 SSL_kRSAPSK,
2139 SSL_aRSA,
2140 SSL_CHACHA20POLY1305,
2141 SSL_AEAD,
2142 TLS1_2_VERSION, TLS1_2_VERSION,
2143 DTLS1_2_VERSION, DTLS1_2_VERSION,
2144 SSL_HIGH,
2145 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2146 256,
2147 256,
2148 },
2149#endif /* !defined(OPENSSL_NO_CHACHA) &&
2150 * !defined(OPENSSL_NO_POLY1305) */
2151
2152#ifndef OPENSSL_NO_CAMELLIA
2153 {
2154 1,
2155 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2156 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2157 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2158 SSL_kRSA,
2159 SSL_aRSA,
2160 SSL_CAMELLIA128,
2161 SSL_SHA256,
2162 TLS1_2_VERSION, TLS1_2_VERSION,
2163 DTLS1_2_VERSION, DTLS1_2_VERSION,
2164 SSL_NOT_DEFAULT | SSL_HIGH,
2165 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2166 128,
2167 128,
2168 },
2169 {
2170 1,
2171 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2172 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2173 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2174 SSL_kDHE,
2175 SSL_aDSS,
2176 SSL_CAMELLIA128,
2177 SSL_SHA256,
2178 TLS1_2_VERSION, TLS1_2_VERSION,
2179 DTLS1_2_VERSION, DTLS1_2_VERSION,
2180 SSL_NOT_DEFAULT | SSL_HIGH,
2181 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2182 128,
2183 128,
2184 },
2185 {
2186 1,
2187 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2188 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2189 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2190 SSL_kDHE,
2191 SSL_aRSA,
2192 SSL_CAMELLIA128,
2193 SSL_SHA256,
2194 TLS1_2_VERSION, TLS1_2_VERSION,
2195 DTLS1_2_VERSION, DTLS1_2_VERSION,
2196 SSL_NOT_DEFAULT | SSL_HIGH,
2197 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2198 128,
2199 128,
2200 },
2201 {
2202 1,
2203 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2204 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2205 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2206 SSL_kDHE,
2207 SSL_aNULL,
2208 SSL_CAMELLIA128,
2209 SSL_SHA256,
2210 TLS1_2_VERSION, TLS1_2_VERSION,
2211 DTLS1_2_VERSION, DTLS1_2_VERSION,
2212 SSL_NOT_DEFAULT | SSL_HIGH,
2213 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2214 128,
2215 128,
2216 },
2217 {
2218 1,
2219 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2220 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2221 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2222 SSL_kRSA,
2223 SSL_aRSA,
2224 SSL_CAMELLIA256,
2225 SSL_SHA256,
2226 TLS1_2_VERSION, TLS1_2_VERSION,
2227 DTLS1_2_VERSION, DTLS1_2_VERSION,
2228 SSL_NOT_DEFAULT | SSL_HIGH,
2229 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2230 256,
2231 256,
2232 },
2233 {
2234 1,
2235 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2236 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2237 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2238 SSL_kDHE,
2239 SSL_aDSS,
2240 SSL_CAMELLIA256,
2241 SSL_SHA256,
2242 TLS1_2_VERSION, TLS1_2_VERSION,
2243 DTLS1_2_VERSION, DTLS1_2_VERSION,
2244 SSL_NOT_DEFAULT | SSL_HIGH,
2245 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2246 256,
2247 256,
2248 },
2249 {
2250 1,
2251 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2252 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2253 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2254 SSL_kDHE,
2255 SSL_aRSA,
2256 SSL_CAMELLIA256,
2257 SSL_SHA256,
2258 TLS1_2_VERSION, TLS1_2_VERSION,
2259 DTLS1_2_VERSION, DTLS1_2_VERSION,
2260 SSL_NOT_DEFAULT | SSL_HIGH,
2261 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2262 256,
2263 256,
2264 },
2265 {
2266 1,
2267 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2268 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2269 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2270 SSL_kDHE,
2271 SSL_aNULL,
2272 SSL_CAMELLIA256,
2273 SSL_SHA256,
2274 TLS1_2_VERSION, TLS1_2_VERSION,
2275 DTLS1_2_VERSION, DTLS1_2_VERSION,
2276 SSL_NOT_DEFAULT | SSL_HIGH,
2277 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2278 256,
2279 256,
2280 },
2281 {
2282 1,
2283 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2284 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2285 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2286 SSL_kRSA,
2287 SSL_aRSA,
2288 SSL_CAMELLIA256,
2289 SSL_SHA1,
2290 SSL3_VERSION, TLS1_2_VERSION,
2291 DTLS1_BAD_VER, DTLS1_2_VERSION,
2292 SSL_NOT_DEFAULT | SSL_HIGH,
2293 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2294 256,
2295 256,
2296 },
2297 {
2298 1,
2299 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2300 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2301 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2302 SSL_kDHE,
2303 SSL_aDSS,
2304 SSL_CAMELLIA256,
2305 SSL_SHA1,
2306 SSL3_VERSION, TLS1_2_VERSION,
2307 DTLS1_BAD_VER, DTLS1_2_VERSION,
2308 SSL_NOT_DEFAULT | SSL_HIGH,
2309 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2310 256,
2311 256,
2312 },
2313 {
2314 1,
2315 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2316 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2317 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2318 SSL_kDHE,
2319 SSL_aRSA,
2320 SSL_CAMELLIA256,
2321 SSL_SHA1,
2322 SSL3_VERSION, TLS1_2_VERSION,
2323 DTLS1_BAD_VER, DTLS1_2_VERSION,
2324 SSL_NOT_DEFAULT | SSL_HIGH,
2325 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2326 256,
2327 256,
2328 },
2329 {
2330 1,
2331 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2332 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2333 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2334 SSL_kDHE,
2335 SSL_aNULL,
2336 SSL_CAMELLIA256,
2337 SSL_SHA1,
2338 SSL3_VERSION, TLS1_2_VERSION,
2339 DTLS1_BAD_VER, DTLS1_2_VERSION,
2340 SSL_NOT_DEFAULT | SSL_HIGH,
2341 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2342 256,
2343 256,
2344 },
2345 {
2346 1,
2347 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2348 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2349 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2350 SSL_kRSA,
2351 SSL_aRSA,
2352 SSL_CAMELLIA128,
2353 SSL_SHA1,
2354 SSL3_VERSION, TLS1_2_VERSION,
2355 DTLS1_BAD_VER, DTLS1_2_VERSION,
2356 SSL_NOT_DEFAULT | SSL_HIGH,
2357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2358 128,
2359 128,
2360 },
2361 {
2362 1,
2363 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2364 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2365 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2366 SSL_kDHE,
2367 SSL_aDSS,
2368 SSL_CAMELLIA128,
2369 SSL_SHA1,
2370 SSL3_VERSION, TLS1_2_VERSION,
2371 DTLS1_BAD_VER, DTLS1_2_VERSION,
2372 SSL_NOT_DEFAULT | SSL_HIGH,
2373 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2374 128,
2375 128,
2376 },
2377 {
2378 1,
2379 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2380 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2381 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2382 SSL_kDHE,
2383 SSL_aRSA,
2384 SSL_CAMELLIA128,
2385 SSL_SHA1,
2386 SSL3_VERSION, TLS1_2_VERSION,
2387 DTLS1_BAD_VER, DTLS1_2_VERSION,
2388 SSL_NOT_DEFAULT | SSL_HIGH,
2389 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2390 128,
2391 128,
2392 },
2393 {
2394 1,
2395 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2396 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2397 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2398 SSL_kDHE,
2399 SSL_aNULL,
2400 SSL_CAMELLIA128,
2401 SSL_SHA1,
2402 SSL3_VERSION, TLS1_2_VERSION,
2403 DTLS1_BAD_VER, DTLS1_2_VERSION,
2404 SSL_NOT_DEFAULT | SSL_HIGH,
2405 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2406 128,
2407 128,
2408 },
2409 {
2410 1,
2411 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2412 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2413 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2414 SSL_kECDHE,
2415 SSL_aECDSA,
2416 SSL_CAMELLIA128,
2417 SSL_SHA256,
2418 TLS1_2_VERSION, TLS1_2_VERSION,
2419 DTLS1_2_VERSION, DTLS1_2_VERSION,
2420 SSL_NOT_DEFAULT | SSL_HIGH,
2421 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2422 128,
2423 128,
2424 },
2425 {
2426 1,
2427 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2428 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2429 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2430 SSL_kECDHE,
2431 SSL_aECDSA,
2432 SSL_CAMELLIA256,
2433 SSL_SHA384,
2434 TLS1_2_VERSION, TLS1_2_VERSION,
2435 DTLS1_2_VERSION, DTLS1_2_VERSION,
2436 SSL_NOT_DEFAULT | SSL_HIGH,
2437 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2438 256,
2439 256,
2440 },
2441 {
2442 1,
2443 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2444 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2445 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2446 SSL_kECDHE,
2447 SSL_aRSA,
2448 SSL_CAMELLIA128,
2449 SSL_SHA256,
2450 TLS1_2_VERSION, TLS1_2_VERSION,
2451 DTLS1_2_VERSION, DTLS1_2_VERSION,
2452 SSL_NOT_DEFAULT | SSL_HIGH,
2453 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2454 128,
2455 128,
2456 },
2457 {
2458 1,
2459 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2460 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2461 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2462 SSL_kECDHE,
2463 SSL_aRSA,
2464 SSL_CAMELLIA256,
2465 SSL_SHA384,
2466 TLS1_2_VERSION, TLS1_2_VERSION,
2467 DTLS1_2_VERSION, DTLS1_2_VERSION,
2468 SSL_NOT_DEFAULT | SSL_HIGH,
2469 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2470 256,
2471 256,
2472 },
2473 {
2474 1,
2475 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2476 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2477 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2478 SSL_kPSK,
2479 SSL_aPSK,
2480 SSL_CAMELLIA128,
2481 SSL_SHA256,
2482 TLS1_VERSION, TLS1_2_VERSION,
2483 DTLS1_BAD_VER, DTLS1_2_VERSION,
2484 SSL_NOT_DEFAULT | SSL_HIGH,
2485 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2486 128,
2487 128,
2488 },
2489 {
2490 1,
2491 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2492 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2493 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2494 SSL_kPSK,
2495 SSL_aPSK,
2496 SSL_CAMELLIA256,
2497 SSL_SHA384,
2498 TLS1_VERSION, TLS1_2_VERSION,
2499 DTLS1_BAD_VER, DTLS1_2_VERSION,
2500 SSL_NOT_DEFAULT | SSL_HIGH,
2501 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2502 256,
2503 256,
2504 },
2505 {
2506 1,
2507 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2508 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2509 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2510 SSL_kDHEPSK,
2511 SSL_aPSK,
2512 SSL_CAMELLIA128,
2513 SSL_SHA256,
2514 TLS1_VERSION, TLS1_2_VERSION,
2515 DTLS1_BAD_VER, DTLS1_2_VERSION,
2516 SSL_NOT_DEFAULT | SSL_HIGH,
2517 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2518 128,
2519 128,
2520 },
2521 {
2522 1,
2523 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2524 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2525 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2526 SSL_kDHEPSK,
2527 SSL_aPSK,
2528 SSL_CAMELLIA256,
2529 SSL_SHA384,
2530 TLS1_VERSION, TLS1_2_VERSION,
2531 DTLS1_BAD_VER, DTLS1_2_VERSION,
2532 SSL_NOT_DEFAULT | SSL_HIGH,
2533 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2534 256,
2535 256,
2536 },
2537 {
2538 1,
2539 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2540 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2541 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2542 SSL_kRSAPSK,
2543 SSL_aRSA,
2544 SSL_CAMELLIA128,
2545 SSL_SHA256,
2546 TLS1_VERSION, TLS1_2_VERSION,
2547 DTLS1_BAD_VER, DTLS1_2_VERSION,
2548 SSL_NOT_DEFAULT | SSL_HIGH,
2549 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2550 128,
2551 128,
2552 },
2553 {
2554 1,
2555 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2556 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2557 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2558 SSL_kRSAPSK,
2559 SSL_aRSA,
2560 SSL_CAMELLIA256,
2561 SSL_SHA384,
2562 TLS1_VERSION, TLS1_2_VERSION,
2563 DTLS1_BAD_VER, DTLS1_2_VERSION,
2564 SSL_NOT_DEFAULT | SSL_HIGH,
2565 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2566 256,
2567 256,
2568 },
2569 {
2570 1,
2571 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2572 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2573 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2574 SSL_kECDHEPSK,
2575 SSL_aPSK,
2576 SSL_CAMELLIA128,
2577 SSL_SHA256,
2578 TLS1_VERSION, TLS1_2_VERSION,
2579 DTLS1_BAD_VER, DTLS1_2_VERSION,
2580 SSL_NOT_DEFAULT | SSL_HIGH,
2581 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2582 128,
2583 128,
2584 },
2585 {
2586 1,
2587 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2588 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2589 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2590 SSL_kECDHEPSK,
2591 SSL_aPSK,
2592 SSL_CAMELLIA256,
2593 SSL_SHA384,
2594 TLS1_VERSION, TLS1_2_VERSION,
2595 DTLS1_BAD_VER, DTLS1_2_VERSION,
2596 SSL_NOT_DEFAULT | SSL_HIGH,
2597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2598 256,
2599 256,
2600 },
2601#endif /* OPENSSL_NO_CAMELLIA */
2602
2603#ifndef OPENSSL_NO_GOST
2604 {
2605 1,
2606 "GOST2001-GOST89-GOST89",
2607 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2608 0x3000081,
2609 SSL_kGOST,
2610 SSL_aGOST01,
2611 SSL_eGOST2814789CNT,
2612 SSL_GOST89MAC,
2613 TLS1_VERSION, TLS1_2_VERSION,
2614 0, 0,
2615 SSL_HIGH,
2616 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2617 256,
2618 256,
2619 },
2620 {
2621 1,
2622 "GOST2001-NULL-GOST94",
2623 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2624 0x3000083,
2625 SSL_kGOST,
2626 SSL_aGOST01,
2627 SSL_eNULL,
2628 SSL_GOST94,
2629 TLS1_VERSION, TLS1_2_VERSION,
2630 0, 0,
2631 SSL_STRONG_NONE,
2632 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2633 0,
2634 0,
2635 },
2636 {
2637 1,
2638 "GOST2012-GOST8912-GOST8912",
2639 NULL,
2640 0x0300ff85,
2641 SSL_kGOST,
2642 SSL_aGOST12 | SSL_aGOST01,
2643 SSL_eGOST2814789CNT12,
2644 SSL_GOST89MAC12,
2645 TLS1_VERSION, TLS1_2_VERSION,
2646 0, 0,
2647 SSL_HIGH,
2648 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2649 256,
2650 256,
2651 },
2652 {
2653 1,
2654 "GOST2012-NULL-GOST12",
2655 NULL,
2656 0x0300ff87,
2657 SSL_kGOST,
2658 SSL_aGOST12 | SSL_aGOST01,
2659 SSL_eNULL,
2660 SSL_GOST12_256,
2661 TLS1_VERSION, TLS1_2_VERSION,
2662 0, 0,
2663 SSL_STRONG_NONE,
2664 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2665 0,
2666 0,
2667 },
2668#endif /* OPENSSL_NO_GOST */
2669
2670#ifndef OPENSSL_NO_IDEA
2671 {
2672 1,
2673 SSL3_TXT_RSA_IDEA_128_SHA,
2674 SSL3_RFC_RSA_IDEA_128_SHA,
2675 SSL3_CK_RSA_IDEA_128_SHA,
2676 SSL_kRSA,
2677 SSL_aRSA,
2678 SSL_IDEA,
2679 SSL_SHA1,
2680 SSL3_VERSION, TLS1_1_VERSION,
2681 DTLS1_BAD_VER, DTLS1_VERSION,
2682 SSL_NOT_DEFAULT | SSL_MEDIUM,
2683 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2684 128,
2685 128,
2686 },
2687#endif
2688
2689#ifndef OPENSSL_NO_SEED
2690 {
2691 1,
2692 TLS1_TXT_RSA_WITH_SEED_SHA,
2693 TLS1_RFC_RSA_WITH_SEED_SHA,
2694 TLS1_CK_RSA_WITH_SEED_SHA,
2695 SSL_kRSA,
2696 SSL_aRSA,
2697 SSL_SEED,
2698 SSL_SHA1,
2699 SSL3_VERSION, TLS1_2_VERSION,
2700 DTLS1_BAD_VER, DTLS1_2_VERSION,
2701 SSL_NOT_DEFAULT | SSL_MEDIUM,
2702 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2703 128,
2704 128,
2705 },
2706 {
2707 1,
2708 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2709 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2710 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2711 SSL_kDHE,
2712 SSL_aDSS,
2713 SSL_SEED,
2714 SSL_SHA1,
2715 SSL3_VERSION, TLS1_2_VERSION,
2716 DTLS1_BAD_VER, DTLS1_2_VERSION,
2717 SSL_NOT_DEFAULT | SSL_MEDIUM,
2718 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2719 128,
2720 128,
2721 },
2722 {
2723 1,
2724 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2725 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2726 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2727 SSL_kDHE,
2728 SSL_aRSA,
2729 SSL_SEED,
2730 SSL_SHA1,
2731 SSL3_VERSION, TLS1_2_VERSION,
2732 DTLS1_BAD_VER, DTLS1_2_VERSION,
2733 SSL_NOT_DEFAULT | SSL_MEDIUM,
2734 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2735 128,
2736 128,
2737 },
2738 {
2739 1,
2740 TLS1_TXT_ADH_WITH_SEED_SHA,
2741 TLS1_RFC_ADH_WITH_SEED_SHA,
2742 TLS1_CK_ADH_WITH_SEED_SHA,
2743 SSL_kDHE,
2744 SSL_aNULL,
2745 SSL_SEED,
2746 SSL_SHA1,
2747 SSL3_VERSION, TLS1_2_VERSION,
2748 DTLS1_BAD_VER, DTLS1_2_VERSION,
2749 SSL_NOT_DEFAULT | SSL_MEDIUM,
2750 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2751 128,
2752 128,
2753 },
2754#endif /* OPENSSL_NO_SEED */
2755
2756#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2757 {
2758 1,
2759 SSL3_TXT_RSA_RC4_128_MD5,
2760 SSL3_RFC_RSA_RC4_128_MD5,
2761 SSL3_CK_RSA_RC4_128_MD5,
2762 SSL_kRSA,
2763 SSL_aRSA,
2764 SSL_RC4,
2765 SSL_MD5,
2766 SSL3_VERSION, TLS1_2_VERSION,
2767 0, 0,
2768 SSL_NOT_DEFAULT | SSL_MEDIUM,
2769 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2770 128,
2771 128,
2772 },
2773 {
2774 1,
2775 SSL3_TXT_RSA_RC4_128_SHA,
2776 SSL3_RFC_RSA_RC4_128_SHA,
2777 SSL3_CK_RSA_RC4_128_SHA,
2778 SSL_kRSA,
2779 SSL_aRSA,
2780 SSL_RC4,
2781 SSL_SHA1,
2782 SSL3_VERSION, TLS1_2_VERSION,
2783 0, 0,
2784 SSL_NOT_DEFAULT | SSL_MEDIUM,
2785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2786 128,
2787 128,
2788 },
2789 {
2790 1,
2791 SSL3_TXT_ADH_RC4_128_MD5,
2792 SSL3_RFC_ADH_RC4_128_MD5,
2793 SSL3_CK_ADH_RC4_128_MD5,
2794 SSL_kDHE,
2795 SSL_aNULL,
2796 SSL_RC4,
2797 SSL_MD5,
2798 SSL3_VERSION, TLS1_2_VERSION,
2799 0, 0,
2800 SSL_NOT_DEFAULT | SSL_MEDIUM,
2801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2802 128,
2803 128,
2804 },
2805 {
2806 1,
2807 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2808 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2809 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2810 SSL_kECDHEPSK,
2811 SSL_aPSK,
2812 SSL_RC4,
2813 SSL_SHA1,
2814 TLS1_VERSION, TLS1_2_VERSION,
2815 0, 0,
2816 SSL_NOT_DEFAULT | SSL_MEDIUM,
2817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2818 128,
2819 128,
2820 },
2821 {
2822 1,
2823 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2824 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2825 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2826 SSL_kECDHE,
2827 SSL_aNULL,
2828 SSL_RC4,
2829 SSL_SHA1,
2830 TLS1_VERSION, TLS1_2_VERSION,
2831 0, 0,
2832 SSL_NOT_DEFAULT | SSL_MEDIUM,
2833 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2834 128,
2835 128,
2836 },
2837 {
2838 1,
2839 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2840 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2841 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2842 SSL_kECDHE,
2843 SSL_aECDSA,
2844 SSL_RC4,
2845 SSL_SHA1,
2846 TLS1_VERSION, TLS1_2_VERSION,
2847 0, 0,
2848 SSL_NOT_DEFAULT | SSL_MEDIUM,
2849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2850 128,
2851 128,
2852 },
2853 {
2854 1,
2855 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2856 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2857 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2858 SSL_kECDHE,
2859 SSL_aRSA,
2860 SSL_RC4,
2861 SSL_SHA1,
2862 TLS1_VERSION, TLS1_2_VERSION,
2863 0, 0,
2864 SSL_NOT_DEFAULT | SSL_MEDIUM,
2865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2866 128,
2867 128,
2868 },
2869 {
2870 1,
2871 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2872 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2873 TLS1_CK_PSK_WITH_RC4_128_SHA,
2874 SSL_kPSK,
2875 SSL_aPSK,
2876 SSL_RC4,
2877 SSL_SHA1,
2878 SSL3_VERSION, TLS1_2_VERSION,
2879 0, 0,
2880 SSL_NOT_DEFAULT | SSL_MEDIUM,
2881 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2882 128,
2883 128,
2884 },
2885 {
2886 1,
2887 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2888 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2889 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2890 SSL_kRSAPSK,
2891 SSL_aRSA,
2892 SSL_RC4,
2893 SSL_SHA1,
2894 SSL3_VERSION, TLS1_2_VERSION,
2895 0, 0,
2896 SSL_NOT_DEFAULT | SSL_MEDIUM,
2897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2898 128,
2899 128,
2900 },
2901 {
2902 1,
2903 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2904 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2905 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2906 SSL_kDHEPSK,
2907 SSL_aPSK,
2908 SSL_RC4,
2909 SSL_SHA1,
2910 SSL3_VERSION, TLS1_2_VERSION,
2911 0, 0,
2912 SSL_NOT_DEFAULT | SSL_MEDIUM,
2913 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2914 128,
2915 128,
2916 },
2917#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2918
2919#ifndef OPENSSL_NO_ARIA
2920 {
2921 1,
2922 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2923 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2924 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2925 SSL_kRSA,
2926 SSL_aRSA,
2927 SSL_ARIA128GCM,
2928 SSL_AEAD,
2929 TLS1_2_VERSION, TLS1_2_VERSION,
2930 DTLS1_2_VERSION, DTLS1_2_VERSION,
2931 SSL_NOT_DEFAULT | SSL_HIGH,
2932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2933 128,
2934 128,
2935 },
2936 {
2937 1,
2938 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2939 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2940 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2941 SSL_kRSA,
2942 SSL_aRSA,
2943 SSL_ARIA256GCM,
2944 SSL_AEAD,
2945 TLS1_2_VERSION, TLS1_2_VERSION,
2946 DTLS1_2_VERSION, DTLS1_2_VERSION,
2947 SSL_NOT_DEFAULT | SSL_HIGH,
2948 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2949 256,
2950 256,
2951 },
2952 {
2953 1,
2954 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2955 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2956 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2957 SSL_kDHE,
2958 SSL_aRSA,
2959 SSL_ARIA128GCM,
2960 SSL_AEAD,
2961 TLS1_2_VERSION, TLS1_2_VERSION,
2962 DTLS1_2_VERSION, DTLS1_2_VERSION,
2963 SSL_NOT_DEFAULT | SSL_HIGH,
2964 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2965 128,
2966 128,
2967 },
2968 {
2969 1,
2970 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2971 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2972 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
2973 SSL_kDHE,
2974 SSL_aRSA,
2975 SSL_ARIA256GCM,
2976 SSL_AEAD,
2977 TLS1_2_VERSION, TLS1_2_VERSION,
2978 DTLS1_2_VERSION, DTLS1_2_VERSION,
2979 SSL_NOT_DEFAULT | SSL_HIGH,
2980 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2981 256,
2982 256,
2983 },
2984 {
2985 1,
2986 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2987 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2988 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
2989 SSL_kDHE,
2990 SSL_aDSS,
2991 SSL_ARIA128GCM,
2992 SSL_AEAD,
2993 TLS1_2_VERSION, TLS1_2_VERSION,
2994 DTLS1_2_VERSION, DTLS1_2_VERSION,
2995 SSL_NOT_DEFAULT | SSL_HIGH,
2996 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2997 128,
2998 128,
2999 },
3000 {
3001 1,
3002 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3003 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3004 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3005 SSL_kDHE,
3006 SSL_aDSS,
3007 SSL_ARIA256GCM,
3008 SSL_AEAD,
3009 TLS1_2_VERSION, TLS1_2_VERSION,
3010 DTLS1_2_VERSION, DTLS1_2_VERSION,
3011 SSL_NOT_DEFAULT | SSL_HIGH,
3012 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3013 256,
3014 256,
3015 },
3016 {
3017 1,
3018 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3019 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3020 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3021 SSL_kECDHE,
3022 SSL_aECDSA,
3023 SSL_ARIA128GCM,
3024 SSL_AEAD,
3025 TLS1_2_VERSION, TLS1_2_VERSION,
3026 DTLS1_2_VERSION, DTLS1_2_VERSION,
3027 SSL_NOT_DEFAULT | SSL_HIGH,
3028 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3029 128,
3030 128,
3031 },
3032 {
3033 1,
3034 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3035 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3036 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3037 SSL_kECDHE,
3038 SSL_aECDSA,
3039 SSL_ARIA256GCM,
3040 SSL_AEAD,
3041 TLS1_2_VERSION, TLS1_2_VERSION,
3042 DTLS1_2_VERSION, DTLS1_2_VERSION,
3043 SSL_NOT_DEFAULT | SSL_HIGH,
3044 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3045 256,
3046 256,
3047 },
3048 {
3049 1,
3050 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3051 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053 SSL_kECDHE,
3054 SSL_aRSA,
3055 SSL_ARIA128GCM,
3056 SSL_AEAD,
3057 TLS1_2_VERSION, TLS1_2_VERSION,
3058 DTLS1_2_VERSION, DTLS1_2_VERSION,
3059 SSL_NOT_DEFAULT | SSL_HIGH,
3060 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3061 128,
3062 128,
3063 },
3064 {
3065 1,
3066 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3067 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069 SSL_kECDHE,
3070 SSL_aRSA,
3071 SSL_ARIA256GCM,
3072 SSL_AEAD,
3073 TLS1_2_VERSION, TLS1_2_VERSION,
3074 DTLS1_2_VERSION, DTLS1_2_VERSION,
3075 SSL_NOT_DEFAULT | SSL_HIGH,
3076 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3077 256,
3078 256,
3079 },
3080 {
3081 1,
3082 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3083 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3084 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3085 SSL_kPSK,
3086 SSL_aPSK,
3087 SSL_ARIA128GCM,
3088 SSL_AEAD,
3089 TLS1_2_VERSION, TLS1_2_VERSION,
3090 DTLS1_2_VERSION, DTLS1_2_VERSION,
3091 SSL_NOT_DEFAULT | SSL_HIGH,
3092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3093 128,
3094 128,
3095 },
3096 {
3097 1,
3098 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3099 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3100 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3101 SSL_kPSK,
3102 SSL_aPSK,
3103 SSL_ARIA256GCM,
3104 SSL_AEAD,
3105 TLS1_2_VERSION, TLS1_2_VERSION,
3106 DTLS1_2_VERSION, DTLS1_2_VERSION,
3107 SSL_NOT_DEFAULT | SSL_HIGH,
3108 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3109 256,
3110 256,
3111 },
3112 {
3113 1,
3114 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3115 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3116 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3117 SSL_kDHEPSK,
3118 SSL_aPSK,
3119 SSL_ARIA128GCM,
3120 SSL_AEAD,
3121 TLS1_2_VERSION, TLS1_2_VERSION,
3122 DTLS1_2_VERSION, DTLS1_2_VERSION,
3123 SSL_NOT_DEFAULT | SSL_HIGH,
3124 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3125 128,
3126 128,
3127 },
3128 {
3129 1,
3130 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3131 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3132 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3133 SSL_kDHEPSK,
3134 SSL_aPSK,
3135 SSL_ARIA256GCM,
3136 SSL_AEAD,
3137 TLS1_2_VERSION, TLS1_2_VERSION,
3138 DTLS1_2_VERSION, DTLS1_2_VERSION,
3139 SSL_NOT_DEFAULT | SSL_HIGH,
3140 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3141 256,
3142 256,
3143 },
3144 {
3145 1,
3146 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3147 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3148 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3149 SSL_kRSAPSK,
3150 SSL_aRSA,
3151 SSL_ARIA128GCM,
3152 SSL_AEAD,
3153 TLS1_2_VERSION, TLS1_2_VERSION,
3154 DTLS1_2_VERSION, DTLS1_2_VERSION,
3155 SSL_NOT_DEFAULT | SSL_HIGH,
3156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3157 128,
3158 128,
3159 },
3160 {
3161 1,
3162 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3163 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3164 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3165 SSL_kRSAPSK,
3166 SSL_aRSA,
3167 SSL_ARIA256GCM,
3168 SSL_AEAD,
3169 TLS1_2_VERSION, TLS1_2_VERSION,
3170 DTLS1_2_VERSION, DTLS1_2_VERSION,
3171 SSL_NOT_DEFAULT | SSL_HIGH,
3172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3173 256,
3174 256,
3175 },
3176#endif /* OPENSSL_NO_ARIA */
3177};
3178
3179/*
3180 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3181 * values stuffed into the ciphers field of the wire protocol for signalling
3182 * purposes.
3183 */
3184static SSL_CIPHER ssl3_scsvs[] = {
3185 {
3186 0,
3187 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3188 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3189 SSL3_CK_SCSV,
3190 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3191 },
3192 {
3193 0,
3194 "TLS_FALLBACK_SCSV",
3195 "TLS_FALLBACK_SCSV",
3196 SSL3_CK_FALLBACK_SCSV,
3197 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3198 },
3199};
3200
3201static int cipher_compare(const void *a, const void *b)
3202{
3203 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3204 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3205
3206 if (ap->id == bp->id)
3207 return 0;
3208 return ap->id < bp->id ? -1 : 1;
3209}
3210
3211void ssl_sort_cipher_list(void)
3212{
3213 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3214 cipher_compare);
3215 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3216 cipher_compare);
3217 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3218}
3219
3220static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3221 const char * t, size_t u,
3222 const unsigned char * v, size_t w, int x)
3223{
3224 (void)r;
3225 (void)s;
3226 (void)t;
3227 (void)u;
3228 (void)v;
3229 (void)w;
3230 (void)x;
3231 return ssl_undefined_function(ssl);
3232}
3233
3234const SSL3_ENC_METHOD SSLv3_enc_data = {
3235 ssl3_enc,
3236 n_ssl3_mac,
3237 ssl3_setup_key_block,
3238 ssl3_generate_master_secret,
3239 ssl3_change_cipher_state,
3240 ssl3_final_finish_mac,
3241 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3242 SSL3_MD_SERVER_FINISHED_CONST, 4,
3243 ssl3_alert_code,
3244 ssl_undefined_function_1,
3245 0,
3246 ssl3_set_handshake_header,
3247 tls_close_construct_packet,
3248 ssl3_handshake_write
3249};
3250
3251long ssl3_default_timeout(void)
3252{
3253 /*
3254 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3255 * http, the cache would over fill
3256 */
3257 return (60 * 60 * 2);
3258}
3259
3260int ssl3_num_ciphers(void)
3261{
3262 return SSL3_NUM_CIPHERS;
3263}
3264
3265const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3266{
3267 if (u < SSL3_NUM_CIPHERS)
3268 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3269 else
3270 return NULL;
3271}
3272
3273int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3274{
3275 /* No header in the event of a CCS */
3276 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3277 return 1;
3278
3279 /* Set the content type and 3 bytes for the message len */
3280 if (!WPACKET_put_bytes_u8(pkt, htype)
3281 || !WPACKET_start_sub_packet_u24(pkt))
3282 return 0;
3283
3284 return 1;
3285}
3286
3287int ssl3_handshake_write(SSL *s)
3288{
3289 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3290}
3291
3292int ssl3_new(SSL *s)
3293{
3294 SSL3_STATE *s3;
3295
3296 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3297 goto err;
3298 s->s3 = s3;
3299
3300#ifndef OPENSSL_NO_SRP
3301 if (!SSL_SRP_CTX_init(s))
3302 goto err;
3303#endif
3304
3305 if (!s->method->ssl_clear(s))
3306 return 0;
3307
3308 return 1;
3309 err:
3310 return 0;
3311}
3312
3313void ssl3_free(SSL *s)
3314{
3315 if (s == NULL || s->s3 == NULL)
3316 return;
3317
3318 ssl3_cleanup_key_block(s);
3319
3320#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3321 EVP_PKEY_free(s->s3->peer_tmp);
3322 s->s3->peer_tmp = NULL;
3323 EVP_PKEY_free(s->s3->tmp.pkey);
3324 s->s3->tmp.pkey = NULL;
3325#endif
3326
3327 OPENSSL_free(s->s3->tmp.ctype);
3328 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3329 OPENSSL_free(s->s3->tmp.ciphers_raw);
3330 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3331 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3332 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3333 ssl3_free_digest_list(s);
3334 OPENSSL_free(s->s3->alpn_selected);
3335 OPENSSL_free(s->s3->alpn_proposed);
3336
3337#ifndef OPENSSL_NO_SRP
3338 SSL_SRP_CTX_free(s);
3339#endif
3340 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3341 s->s3 = NULL;
3342}
3343
3344int ssl3_clear(SSL *s)
3345{
3346 ssl3_cleanup_key_block(s);
3347 OPENSSL_free(s->s3->tmp.ctype);
3348 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
3349 OPENSSL_free(s->s3->tmp.ciphers_raw);
3350 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3351 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3352 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
3353
3354#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3355 EVP_PKEY_free(s->s3->tmp.pkey);
3356 EVP_PKEY_free(s->s3->peer_tmp);
3357#endif /* !OPENSSL_NO_EC */
3358
3359 ssl3_free_digest_list(s);
3360
3361 OPENSSL_free(s->s3->alpn_selected);
3362 OPENSSL_free(s->s3->alpn_proposed);
3363
3364 /* NULL/zero-out everything in the s3 struct */
3365 memset(s->s3, 0, sizeof(*s->s3));
3366
3367 if (!ssl_free_wbio_buffer(s))
3368 return 0;
3369
3370 s->version = SSL3_VERSION;
3371
3372#if !defined(OPENSSL_NO_NEXTPROTONEG)
3373 OPENSSL_free(s->ext.npn);
3374 s->ext.npn = NULL;
3375 s->ext.npn_len = 0;
3376#endif
3377
3378 return 1;
3379}
3380
3381#ifndef OPENSSL_NO_SRP
3382static char *srp_password_from_info_cb(SSL *s, void *arg)
3383{
3384 return OPENSSL_strdup(s->srp_ctx.info);
3385}
3386#endif
3387
3388static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3389
3390long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3391{
3392 int ret = 0;
3393
3394 switch (cmd) {
3395 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3396 break;
3397 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3398 ret = s->s3->num_renegotiations;
3399 break;
3400 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3401 ret = s->s3->num_renegotiations;
3402 s->s3->num_renegotiations = 0;
3403 break;
3404 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3405 ret = s->s3->total_renegotiations;
3406 break;
3407 case SSL_CTRL_GET_FLAGS:
3408 ret = (int)(s->s3->flags);
3409 break;
3410#ifndef OPENSSL_NO_DH
3411 case SSL_CTRL_SET_TMP_DH:
3412 {
3413 DH *dh = (DH *)parg;
3414 EVP_PKEY *pkdh = NULL;
3415 if (dh == NULL) {
3416 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3417 return ret;
3418 }
3419 pkdh = ssl_dh_to_pkey(dh);
3420 if (pkdh == NULL) {
3421 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3422 return 0;
3423 }
3424 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3425 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3426 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3427 EVP_PKEY_free(pkdh);
3428 return ret;
3429 }
3430 EVP_PKEY_free(s->cert->dh_tmp);
3431 s->cert->dh_tmp = pkdh;
3432 ret = 1;
3433 }
3434 break;
3435 case SSL_CTRL_SET_TMP_DH_CB:
3436 {
3437 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3438 return ret;
3439 }
3440 case SSL_CTRL_SET_DH_AUTO:
3441 s->cert->dh_tmp_auto = larg;
3442 return 1;
3443#endif
3444#ifndef OPENSSL_NO_EC
3445 case SSL_CTRL_SET_TMP_ECDH:
3446 {
3447 const EC_GROUP *group = NULL;
3448 int nid;
3449
3450 if (parg == NULL) {
3451 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3452 return 0;
3453 }
3454 group = EC_KEY_get0_group((const EC_KEY *)parg);
3455 if (group == NULL) {
3456 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3457 return 0;
3458 }
3459 nid = EC_GROUP_get_curve_name(group);
3460 if (nid == NID_undef)
3461 return 0;
3462 return tls1_set_groups(&s->ext.supportedgroups,
3463 &s->ext.supportedgroups_len,
3464 &nid, 1);
3465 }
3466 break;
3467#endif /* !OPENSSL_NO_EC */
3468 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3469 /*
3470 * TODO(OpenSSL1.2)
3471 * This API is only used for a client to set what SNI it will request
3472 * from the server, but we currently allow it to be used on servers
3473 * as well, which is a programming error. Currently we just clear
3474 * the field in SSL_do_handshake() for server SSLs, but when we can
3475 * make ABI-breaking changes, we may want to make use of this API
3476 * an error on server SSLs.
3477 */
3478 if (larg == TLSEXT_NAMETYPE_host_name) {
3479 size_t len;
3480
3481 OPENSSL_free(s->ext.hostname);
3482 s->ext.hostname = NULL;
3483
3484 ret = 1;
3485 if (parg == NULL)
3486 break;
3487 len = strlen((char *)parg);
3488 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3489 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3490 return 0;
3491 }
3492 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3493 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3494 return 0;
3495 }
3496 } else {
3497 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3498 return 0;
3499 }
3500 break;
3501 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3502 s->ext.debug_arg = parg;
3503 ret = 1;
3504 break;
3505
3506 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3507 ret = s->ext.status_type;
3508 break;
3509
3510 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3511 s->ext.status_type = larg;
3512 ret = 1;
3513 break;
3514
3515 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3516 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3517 ret = 1;
3518 break;
3519
3520 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3521 s->ext.ocsp.exts = parg;
3522 ret = 1;
3523 break;
3524
3525 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3526 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3527 ret = 1;
3528 break;
3529
3530 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3531 s->ext.ocsp.ids = parg;
3532 ret = 1;
3533 break;
3534
3535 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3536 *(unsigned char **)parg = s->ext.ocsp.resp;
3537 if (s->ext.ocsp.resp_len == 0
3538 || s->ext.ocsp.resp_len > LONG_MAX)
3539 return -1;
3540 return (long)s->ext.ocsp.resp_len;
3541
3542 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3543 OPENSSL_free(s->ext.ocsp.resp);
3544 s->ext.ocsp.resp = parg;
3545 s->ext.ocsp.resp_len = larg;
3546 ret = 1;
3547 break;
3548
3549#ifndef OPENSSL_NO_HEARTBEATS
3550 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3551 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3552 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3553 break;
3554#endif
3555
3556 case SSL_CTRL_CHAIN:
3557 if (larg)
3558 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3559 else
3560 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3561
3562 case SSL_CTRL_CHAIN_CERT:
3563 if (larg)
3564 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3565 else
3566 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3567
3568 case SSL_CTRL_GET_CHAIN_CERTS:
3569 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3570 ret = 1;
3571 break;
3572
3573 case SSL_CTRL_SELECT_CURRENT_CERT:
3574 return ssl_cert_select_current(s->cert, (X509 *)parg);
3575
3576 case SSL_CTRL_SET_CURRENT_CERT:
3577 if (larg == SSL_CERT_SET_SERVER) {
3578 const SSL_CIPHER *cipher;
3579 if (!s->server)
3580 return 0;
3581 cipher = s->s3->tmp.new_cipher;
3582 if (cipher == NULL)
3583 return 0;
3584 /*
3585 * No certificate for unauthenticated ciphersuites or using SRP
3586 * authentication
3587 */
3588 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3589 return 2;
3590 if (s->s3->tmp.cert == NULL)
3591 return 0;
3592 s->cert->key = s->s3->tmp.cert;
3593 return 1;
3594 }
3595 return ssl_cert_set_current(s->cert, larg);
3596
3597#ifndef OPENSSL_NO_EC
3598 case SSL_CTRL_GET_GROUPS:
3599 {
3600 uint16_t *clist;
3601 size_t clistlen;
3602
3603 if (!s->session)
3604 return 0;
3605 clist = s->ext.peer_supportedgroups;
3606 clistlen = s->ext.peer_supportedgroups_len;
3607 if (parg) {
3608 size_t i;
3609 int *cptr = parg;
3610
3611 for (i = 0; i < clistlen; i++) {
3612 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
3613
3614 if (cinf != NULL)
3615 cptr[i] = cinf->nid;
3616 else
3617 cptr[i] = TLSEXT_nid_unknown | clist[i];
3618 }
3619 }
3620 return (int)clistlen;
3621 }
3622
3623 case SSL_CTRL_SET_GROUPS:
3624 return tls1_set_groups(&s->ext.supportedgroups,
3625 &s->ext.supportedgroups_len, parg, larg);
3626
3627 case SSL_CTRL_SET_GROUPS_LIST:
3628 return tls1_set_groups_list(&s->ext.supportedgroups,
3629 &s->ext.supportedgroups_len, parg);
3630
3631 case SSL_CTRL_GET_SHARED_GROUP:
3632 {
3633 uint16_t id = tls1_shared_group(s, larg);
3634
3635 if (larg != -1) {
3636 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
3637
3638 return ginf == NULL ? 0 : ginf->nid;
3639 }
3640 return id;
3641 }
3642#endif
3643 case SSL_CTRL_SET_SIGALGS:
3644 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3645
3646 case SSL_CTRL_SET_SIGALGS_LIST:
3647 return tls1_set_sigalgs_list(s->cert, parg, 0);
3648
3649 case SSL_CTRL_SET_CLIENT_SIGALGS:
3650 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3651
3652 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3653 return tls1_set_sigalgs_list(s->cert, parg, 1);
3654
3655 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3656 {
3657 const unsigned char **pctype = parg;
3658 if (s->server || !s->s3->tmp.cert_req)
3659 return 0;
3660 if (pctype)
3661 *pctype = s->s3->tmp.ctype;
3662 return s->s3->tmp.ctype_len;
3663 }
3664
3665 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3666 if (!s->server)
3667 return 0;
3668 return ssl3_set_req_cert_type(s->cert, parg, larg);
3669
3670 case SSL_CTRL_BUILD_CERT_CHAIN:
3671 return ssl_build_cert_chain(s, NULL, larg);
3672
3673 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3674 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3675
3676 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3677 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3678
3679 case SSL_CTRL_GET_VERIFY_CERT_STORE:
3680 return ssl_cert_get_cert_store(s->cert, parg, 0);
3681
3682 case SSL_CTRL_GET_CHAIN_CERT_STORE:
3683 return ssl_cert_get_cert_store(s->cert, parg, 1);
3684
3685 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3686 if (s->s3->tmp.peer_sigalg == NULL)
3687 return 0;
3688 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3689 return 1;
3690
3691 case SSL_CTRL_GET_SIGNATURE_NID:
3692 if (s->s3->tmp.sigalg == NULL)
3693 return 0;
3694 *(int *)parg = s->s3->tmp.sigalg->hash;
3695 return 1;
3696
3697 case SSL_CTRL_GET_PEER_TMP_KEY:
3698#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3699 if (s->session == NULL || s->s3->peer_tmp == NULL) {
3700 return 0;
3701 } else {
3702 EVP_PKEY_up_ref(s->s3->peer_tmp);
3703 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3704 return 1;
3705 }
3706#else
3707 return 0;
3708#endif
3709
3710 case SSL_CTRL_GET_TMP_KEY:
3711#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3712 if (s->session == NULL || s->s3->tmp.pkey == NULL) {
3713 return 0;
3714 } else {
3715 EVP_PKEY_up_ref(s->s3->tmp.pkey);
3716 *(EVP_PKEY **)parg = s->s3->tmp.pkey;
3717 return 1;
3718 }
3719#else
3720 return 0;
3721#endif
3722
3723#ifndef OPENSSL_NO_EC
3724 case SSL_CTRL_GET_EC_POINT_FORMATS:
3725 {
3726 const unsigned char **pformat = parg;
3727
3728 if (s->ext.peer_ecpointformats == NULL)
3729 return 0;
3730 *pformat = s->ext.peer_ecpointformats;
3731 return (int)s->ext.peer_ecpointformats_len;
3732 }
3733#endif
3734
3735 default:
3736 break;
3737 }
3738 return ret;
3739}
3740
3741long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3742{
3743 int ret = 0;
3744
3745 switch (cmd) {
3746#ifndef OPENSSL_NO_DH
3747 case SSL_CTRL_SET_TMP_DH_CB:
3748 {
3749 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3750 }
3751 break;
3752#endif
3753 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3754 s->ext.debug_cb = (void (*)(SSL *, int, int,
3755 const unsigned char *, int, void *))fp;
3756 break;
3757
3758 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3759 {
3760 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3761 }
3762 break;
3763 default:
3764 break;
3765 }
3766 return ret;
3767}
3768
3769long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3770{
3771 switch (cmd) {
3772#ifndef OPENSSL_NO_DH
3773 case SSL_CTRL_SET_TMP_DH:
3774 {
3775 DH *dh = (DH *)parg;
3776 EVP_PKEY *pkdh = NULL;
3777 if (dh == NULL) {
3778 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3779 return 0;
3780 }
3781 pkdh = ssl_dh_to_pkey(dh);
3782 if (pkdh == NULL) {
3783 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3784 return 0;
3785 }
3786 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3787 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3788 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3789 EVP_PKEY_free(pkdh);
3790 return 0;
3791 }
3792 EVP_PKEY_free(ctx->cert->dh_tmp);
3793 ctx->cert->dh_tmp = pkdh;
3794 return 1;
3795 }
3796 case SSL_CTRL_SET_TMP_DH_CB:
3797 {
3798 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3799 return 0;
3800 }
3801 case SSL_CTRL_SET_DH_AUTO:
3802 ctx->cert->dh_tmp_auto = larg;
3803 return 1;
3804#endif
3805#ifndef OPENSSL_NO_EC
3806 case SSL_CTRL_SET_TMP_ECDH:
3807 {
3808 const EC_GROUP *group = NULL;
3809 int nid;
3810
3811 if (parg == NULL) {
3812 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3813 return 0;
3814 }
3815 group = EC_KEY_get0_group((const EC_KEY *)parg);
3816 if (group == NULL) {
3817 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3818 return 0;
3819 }
3820 nid = EC_GROUP_get_curve_name(group);
3821 if (nid == NID_undef)
3822 return 0;
3823 return tls1_set_groups(&ctx->ext.supportedgroups,
3824 &ctx->ext.supportedgroups_len,
3825 &nid, 1);
3826 }
3827#endif /* !OPENSSL_NO_EC */
3828 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3829 ctx->ext.servername_arg = parg;
3830 break;
3831 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3832 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3833 {
3834 unsigned char *keys = parg;
3835 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3836 sizeof(ctx->ext.secure->tick_hmac_key) +
3837 sizeof(ctx->ext.secure->tick_aes_key));
3838 if (keys == NULL)
3839 return tick_keylen;
3840 if (larg != tick_keylen) {
3841 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3842 return 0;
3843 }
3844 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3845 memcpy(ctx->ext.tick_key_name, keys,
3846 sizeof(ctx->ext.tick_key_name));
3847 memcpy(ctx->ext.secure->tick_hmac_key,
3848 keys + sizeof(ctx->ext.tick_key_name),
3849 sizeof(ctx->ext.secure->tick_hmac_key));
3850 memcpy(ctx->ext.secure->tick_aes_key,
3851 keys + sizeof(ctx->ext.tick_key_name) +
3852 sizeof(ctx->ext.secure->tick_hmac_key),
3853 sizeof(ctx->ext.secure->tick_aes_key));
3854 } else {
3855 memcpy(keys, ctx->ext.tick_key_name,
3856 sizeof(ctx->ext.tick_key_name));
3857 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3858 ctx->ext.secure->tick_hmac_key,
3859 sizeof(ctx->ext.secure->tick_hmac_key));
3860 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3861 sizeof(ctx->ext.secure->tick_hmac_key),
3862 ctx->ext.secure->tick_aes_key,
3863 sizeof(ctx->ext.secure->tick_aes_key));
3864 }
3865 return 1;
3866 }
3867
3868 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3869 return ctx->ext.status_type;
3870
3871 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3872 ctx->ext.status_type = larg;
3873 break;
3874
3875 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3876 ctx->ext.status_arg = parg;
3877 return 1;
3878
3879 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3880 *(void**)parg = ctx->ext.status_arg;
3881 break;
3882
3883 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3884 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3885 break;
3886
3887#ifndef OPENSSL_NO_SRP
3888 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3889 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3890 OPENSSL_free(ctx->srp_ctx.login);
3891 ctx->srp_ctx.login = NULL;
3892 if (parg == NULL)
3893 break;
3894 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3895 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3896 return 0;
3897 }
3898 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3899 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3900 return 0;
3901 }
3902 break;
3903 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3904 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3905 srp_password_from_info_cb;
3906 if (ctx->srp_ctx.info != NULL)
3907 OPENSSL_free(ctx->srp_ctx.info);
3908 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3909 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3910 return 0;
3911 }
3912 break;
3913 case SSL_CTRL_SET_SRP_ARG:
3914 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3915 ctx->srp_ctx.SRP_cb_arg = parg;
3916 break;
3917
3918 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3919 ctx->srp_ctx.strength = larg;
3920 break;
3921#endif
3922
3923#ifndef OPENSSL_NO_EC
3924 case SSL_CTRL_SET_GROUPS:
3925 return tls1_set_groups(&ctx->ext.supportedgroups,
3926 &ctx->ext.supportedgroups_len,
3927 parg, larg);
3928
3929 case SSL_CTRL_SET_GROUPS_LIST:
3930 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3931 &ctx->ext.supportedgroups_len,
3932 parg);
3933#endif
3934 case SSL_CTRL_SET_SIGALGS:
3935 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3936
3937 case SSL_CTRL_SET_SIGALGS_LIST:
3938 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3939
3940 case SSL_CTRL_SET_CLIENT_SIGALGS:
3941 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3942
3943 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3944 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3945
3946 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3947 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3948
3949 case SSL_CTRL_BUILD_CERT_CHAIN:
3950 return ssl_build_cert_chain(NULL, ctx, larg);
3951
3952 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3953 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3954
3955 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3956 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3957
3958 case SSL_CTRL_GET_VERIFY_CERT_STORE:
3959 return ssl_cert_get_cert_store(ctx->cert, parg, 0);
3960
3961 case SSL_CTRL_GET_CHAIN_CERT_STORE:
3962 return ssl_cert_get_cert_store(ctx->cert, parg, 1);
3963
3964 /* A Thawte special :-) */
3965 case SSL_CTRL_EXTRA_CHAIN_CERT:
3966 if (ctx->extra_certs == NULL) {
3967 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3968 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3969 return 0;
3970 }
3971 }
3972 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3973 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3974 return 0;
3975 }
3976 break;
3977
3978 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3979 if (ctx->extra_certs == NULL && larg == 0)
3980 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3981 else
3982 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3983 break;
3984
3985 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3986 sk_X509_pop_free(ctx->extra_certs, X509_free);
3987 ctx->extra_certs = NULL;
3988 break;
3989
3990 case SSL_CTRL_CHAIN:
3991 if (larg)
3992 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3993 else
3994 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3995
3996 case SSL_CTRL_CHAIN_CERT:
3997 if (larg)
3998 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3999 else
4000 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4001
4002 case SSL_CTRL_GET_CHAIN_CERTS:
4003 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4004 break;
4005
4006 case SSL_CTRL_SELECT_CURRENT_CERT:
4007 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4008
4009 case SSL_CTRL_SET_CURRENT_CERT:
4010 return ssl_cert_set_current(ctx->cert, larg);
4011
4012 default:
4013 return 0;
4014 }
4015 return 1;
4016}
4017
4018long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4019{
4020 switch (cmd) {
4021#ifndef OPENSSL_NO_DH
4022 case SSL_CTRL_SET_TMP_DH_CB:
4023 {
4024 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4025 }
4026 break;
4027#endif
4028 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4029 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4030 break;
4031
4032 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4033 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4034 break;
4035
4036 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4037 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4038 unsigned char *,
4039 EVP_CIPHER_CTX *,
4040 HMAC_CTX *, int))fp;
4041 break;
4042
4043#ifndef OPENSSL_NO_SRP
4044 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4045 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4046 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4047 break;
4048 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4049 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4050 ctx->srp_ctx.TLS_ext_srp_username_callback =
4051 (int (*)(SSL *, int *, void *))fp;
4052 break;
4053 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4054 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4055 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4056 (char *(*)(SSL *, void *))fp;
4057 break;
4058#endif
4059 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4060 {
4061 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4062 }
4063 break;
4064 default:
4065 return 0;
4066 }
4067 return 1;
4068}
4069
4070const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4071{
4072 SSL_CIPHER c;
4073 const SSL_CIPHER *cp;
4074
4075 c.id = id;
4076 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4077 if (cp != NULL)
4078 return cp;
4079 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4080 if (cp != NULL)
4081 return cp;
4082 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4083}
4084
4085const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4086{
4087 SSL_CIPHER *tbl;
4088 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4089 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4090 SSL3_NUM_SCSVS};
4091
4092 /* this is not efficient, necessary to optimize this? */
4093 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4094 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4095 if (tbl->stdname == NULL)
4096 continue;
4097 if (strcmp(stdname, tbl->stdname) == 0) {
4098 return tbl;
4099 }
4100 }
4101 }
4102 return NULL;
4103}
4104
4105/*
4106 * This function needs to check if the ciphers required are actually
4107 * available
4108 */
4109const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4110{
4111 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4112 | ((uint32_t)p[0] << 8L)
4113 | (uint32_t)p[1]);
4114}
4115
4116int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4117{
4118 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4119 *len = 0;
4120 return 1;
4121 }
4122
4123 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4124 return 0;
4125
4126 *len = 2;
4127 return 1;
4128}
4129
4130/*
4131 * ssl3_choose_cipher - choose a cipher from those offered by the client
4132 * @s: SSL connection
4133 * @clnt: ciphers offered by the client
4134 * @srvr: ciphers enabled on the server?
4135 *
4136 * Returns the selected cipher or NULL when no common ciphers.
4137 */
4138const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4139 STACK_OF(SSL_CIPHER) *srvr)
4140{
4141 const SSL_CIPHER *c, *ret = NULL;
4142 STACK_OF(SSL_CIPHER) *prio, *allow;
4143 int i, ii, ok, prefer_sha256 = 0;
4144 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4145 const EVP_MD *mdsha256 = EVP_sha256();
4146#ifndef OPENSSL_NO_CHACHA
4147 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4148#endif
4149
4150 /* Let's see which ciphers we can support */
4151
4152 /*
4153 * Do not set the compare functions, because this may lead to a
4154 * reordering by "id". We want to keep the original ordering. We may pay
4155 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4156 * pay with the price of sk_SSL_CIPHER_dup().
4157 */
4158
4159#ifdef CIPHER_DEBUG
4160 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4161 (void *)srvr);
4162 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4163 c = sk_SSL_CIPHER_value(srvr, i);
4164 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4165 }
4166 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4167 (void *)clnt);
4168 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4169 c = sk_SSL_CIPHER_value(clnt, i);
4170 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4171 }
4172#endif
4173
4174 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4175 if (tls1_suiteb(s)) {
4176 prio = srvr;
4177 allow = clnt;
4178 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4179 prio = srvr;
4180 allow = clnt;
4181#ifndef OPENSSL_NO_CHACHA
4182 /* If ChaCha20 is at the top of the client preference list,
4183 and there are ChaCha20 ciphers in the server list, then
4184 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4185 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4186 c = sk_SSL_CIPHER_value(clnt, 0);
4187 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4188 /* ChaCha20 is client preferred, check server... */
4189 int num = sk_SSL_CIPHER_num(srvr);
4190 int found = 0;
4191 for (i = 0; i < num; i++) {
4192 c = sk_SSL_CIPHER_value(srvr, i);
4193 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4194 found = 1;
4195 break;
4196 }
4197 }
4198 if (found) {
4199 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4200 /* if reserve fails, then there's likely a memory issue */
4201 if (prio_chacha != NULL) {
4202 /* Put all ChaCha20 at the top, starting with the one we just found */
4203 sk_SSL_CIPHER_push(prio_chacha, c);
4204 for (i++; i < num; i++) {
4205 c = sk_SSL_CIPHER_value(srvr, i);
4206 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4207 sk_SSL_CIPHER_push(prio_chacha, c);
4208 }
4209 /* Pull in the rest */
4210 for (i = 0; i < num; i++) {
4211 c = sk_SSL_CIPHER_value(srvr, i);
4212 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4213 sk_SSL_CIPHER_push(prio_chacha, c);
4214 }
4215 prio = prio_chacha;
4216 }
4217 }
4218 }
4219 }
4220# endif
4221 } else {
4222 prio = clnt;
4223 allow = srvr;
4224 }
4225
4226 if (SSL_IS_TLS13(s)) {
4227#ifndef OPENSSL_NO_PSK
4228 int j;
4229
4230 /*
4231 * If we allow "old" style PSK callbacks, and we have no certificate (so
4232 * we're not going to succeed without a PSK anyway), and we're in
4233 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4234 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4235 * that.
4236 */
4237 if (s->psk_server_callback != NULL) {
4238 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4239 if (j == SSL_PKEY_NUM) {
4240 /* There are no certificates */
4241 prefer_sha256 = 1;
4242 }
4243 }
4244#endif
4245 } else {
4246 tls1_set_cert_validity(s);
4247 ssl_set_masks(s);
4248 }
4249
4250 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4251 c = sk_SSL_CIPHER_value(prio, i);
4252
4253 /* Skip ciphers not supported by the protocol version */
4254 if (!SSL_IS_DTLS(s) &&
4255 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4256 continue;
4257 if (SSL_IS_DTLS(s) &&
4258 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4259 DTLS_VERSION_GT(s->version, c->max_dtls)))
4260 continue;
4261
4262 /*
4263 * Since TLS 1.3 ciphersuites can be used with any auth or
4264 * key exchange scheme skip tests.
4265 */
4266 if (!SSL_IS_TLS13(s)) {
4267 mask_k = s->s3->tmp.mask_k;
4268 mask_a = s->s3->tmp.mask_a;
4269#ifndef OPENSSL_NO_SRP
4270 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4271 mask_k |= SSL_kSRP;
4272 mask_a |= SSL_aSRP;
4273 }
4274#endif
4275
4276 alg_k = c->algorithm_mkey;
4277 alg_a = c->algorithm_auth;
4278
4279#ifndef OPENSSL_NO_PSK
4280 /* with PSK there must be server callback set */
4281 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4282 continue;
4283#endif /* OPENSSL_NO_PSK */
4284
4285 ok = (alg_k & mask_k) && (alg_a & mask_a);
4286#ifdef CIPHER_DEBUG
4287 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4288 alg_a, mask_k, mask_a, (void *)c, c->name);
4289#endif
4290
4291#ifndef OPENSSL_NO_EC
4292 /*
4293 * if we are considering an ECC cipher suite that uses an ephemeral
4294 * EC key check it
4295 */
4296 if (alg_k & SSL_kECDHE)
4297 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4298#endif /* OPENSSL_NO_EC */
4299
4300 if (!ok)
4301 continue;
4302 }
4303 ii = sk_SSL_CIPHER_find(allow, c);
4304 if (ii >= 0) {
4305 /* Check security callback permits this cipher */
4306 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4307 c->strength_bits, 0, (void *)c))
4308 continue;
4309#if !defined(OPENSSL_NO_EC)
4310 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4311 && s->s3->is_probably_safari) {
4312 if (!ret)
4313 ret = sk_SSL_CIPHER_value(allow, ii);
4314 continue;
4315 }
4316#endif
4317 if (prefer_sha256) {
4318 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4319
4320 if (ssl_md(tmp->algorithm2) == mdsha256) {
4321 ret = tmp;
4322 break;
4323 }
4324 if (ret == NULL)
4325 ret = tmp;
4326 continue;
4327 }
4328 ret = sk_SSL_CIPHER_value(allow, ii);
4329 break;
4330 }
4331 }
4332#ifndef OPENSSL_NO_CHACHA
4333 sk_SSL_CIPHER_free(prio_chacha);
4334#endif
4335 return ret;
4336}
4337
4338int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4339{
4340 uint32_t alg_k, alg_a = 0;
4341
4342 /* If we have custom certificate types set, use them */
4343 if (s->cert->ctype)
4344 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4345 /* Get mask of algorithms disabled by signature list */
4346 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4347
4348 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4349
4350#ifndef OPENSSL_NO_GOST
4351 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4352 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4353 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
4354 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
4355#endif
4356
4357 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4358#ifndef OPENSSL_NO_DH
4359# ifndef OPENSSL_NO_RSA
4360 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4361 return 0;
4362# endif
4363# ifndef OPENSSL_NO_DSA
4364 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4365 return 0;
4366# endif
4367#endif /* !OPENSSL_NO_DH */
4368 }
4369#ifndef OPENSSL_NO_RSA
4370 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4371 return 0;
4372#endif
4373#ifndef OPENSSL_NO_DSA
4374 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4375 return 0;
4376#endif
4377#ifndef OPENSSL_NO_EC
4378 /*
4379 * ECDSA certs can be used with RSA cipher suites too so we don't
4380 * need to check for SSL_kECDH or SSL_kECDHE
4381 */
4382 if (s->version >= TLS1_VERSION
4383 && !(alg_a & SSL_aECDSA)
4384 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4385 return 0;
4386#endif
4387 return 1;
4388}
4389
4390static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4391{
4392 OPENSSL_free(c->ctype);
4393 c->ctype = NULL;
4394 c->ctype_len = 0;
4395 if (p == NULL || len == 0)
4396 return 1;
4397 if (len > 0xff)
4398 return 0;
4399 c->ctype = OPENSSL_memdup(p, len);
4400 if (c->ctype == NULL)
4401 return 0;
4402 c->ctype_len = len;
4403 return 1;
4404}
4405
4406int ssl3_shutdown(SSL *s)
4407{
4408 int ret;
4409
4410 /*
4411 * Don't do anything much if we have not done the handshake or we don't
4412 * want to send messages :-)
4413 */
4414 if (s->quiet_shutdown || SSL_in_before(s)) {
4415 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4416 return 1;
4417 }
4418
4419 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4420 s->shutdown |= SSL_SENT_SHUTDOWN;
4421 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4422 /*
4423 * our shutdown alert has been sent now, and if it still needs to be
4424 * written, s->s3->alert_dispatch will be true
4425 */
4426 if (s->s3->alert_dispatch)
4427 return -1; /* return WANT_WRITE */
4428 } else if (s->s3->alert_dispatch) {
4429 /* resend it if not sent */
4430 ret = s->method->ssl_dispatch_alert(s);
4431 if (ret == -1) {
4432 /*
4433 * we only get to return -1 here the 2nd/Nth invocation, we must
4434 * have already signalled return 0 upon a previous invocation,
4435 * return WANT_WRITE
4436 */
4437 return ret;
4438 }
4439 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4440 size_t readbytes;
4441 /*
4442 * If we are waiting for a close from our peer, we are closed
4443 */
4444 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4445 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4446 return -1; /* return WANT_READ */
4447 }
4448 }
4449
4450 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4451 !s->s3->alert_dispatch)
4452 return 1;
4453 else
4454 return 0;
4455}
4456
4457int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4458{
4459 clear_sys_error();
4460 if (s->s3->renegotiate)
4461 ssl3_renegotiate_check(s, 0);
4462
4463 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4464 written);
4465}
4466
4467static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4468 size_t *readbytes)
4469{
4470 int ret;
4471
4472 clear_sys_error();
4473 if (s->s3->renegotiate)
4474 ssl3_renegotiate_check(s, 0);
4475 s->s3->in_read_app_data = 1;
4476 ret =
4477 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4478 peek, readbytes);
4479 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4480 /*
4481 * ssl3_read_bytes decided to call s->handshake_func, which called
4482 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4483 * actually found application data and thinks that application data
4484 * makes sense here; so disable handshake processing and try to read
4485 * application data again.
4486 */
4487 ossl_statem_set_in_handshake(s, 1);
4488 ret =
4489 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4490 len, peek, readbytes);
4491 ossl_statem_set_in_handshake(s, 0);
4492 } else
4493 s->s3->in_read_app_data = 0;
4494
4495 return ret;
4496}
4497
4498int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4499{
4500 return ssl3_read_internal(s, buf, len, 0, readbytes);
4501}
4502
4503int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4504{
4505 return ssl3_read_internal(s, buf, len, 1, readbytes);
4506}
4507
4508int ssl3_renegotiate(SSL *s)
4509{
4510 if (s->handshake_func == NULL)
4511 return 1;
4512
4513 s->s3->renegotiate = 1;
4514 return 1;
4515}
4516
4517/*
4518 * Check if we are waiting to do a renegotiation and if so whether now is a
4519 * good time to do it. If |initok| is true then we are being called from inside
4520 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4521 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4522 * should do a renegotiation now and sets up the state machine for it. Otherwise
4523 * returns 0.
4524 */
4525int ssl3_renegotiate_check(SSL *s, int initok)
4526{
4527 int ret = 0;
4528
4529 if (s->s3->renegotiate) {
4530 if (!RECORD_LAYER_read_pending(&s->rlayer)
4531 && !RECORD_LAYER_write_pending(&s->rlayer)
4532 && (initok || !SSL_in_init(s))) {
4533 /*
4534 * if we are the server, and we have sent a 'RENEGOTIATE'
4535 * message, we need to set the state machine into the renegotiate
4536 * state.
4537 */
4538 ossl_statem_set_renegotiate(s);
4539 s->s3->renegotiate = 0;
4540 s->s3->num_renegotiations++;
4541 s->s3->total_renegotiations++;
4542 ret = 1;
4543 }
4544 }
4545 return ret;
4546}
4547
4548/*
4549 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4550 * handshake macs if required.
4551 *
4552 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4553 */
4554long ssl_get_algorithm2(SSL *s)
4555{
4556 long alg2;
4557 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4558 return -1;
4559 alg2 = s->s3->tmp.new_cipher->algorithm2;
4560 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4561 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4562 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4563 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4564 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4565 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4566 }
4567 return alg2;
4568}
4569
4570/*
4571 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4572 * failure, 1 on success.
4573 */
4574int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4575 DOWNGRADE dgrd)
4576{
4577 int send_time = 0, ret;
4578
4579 if (len < 4)
4580 return 0;
4581 if (server)
4582 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4583 else
4584 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4585 if (send_time) {
4586 unsigned long Time = (unsigned long)time(NULL);
4587 unsigned char *p = result;
4588
4589 l2n(Time, p);
4590 ret = RAND_bytes(p, len - 4);
4591 } else {
4592 ret = RAND_bytes(result, len);
4593 }
4594
4595 if (ret > 0) {
4596 if (!ossl_assert(sizeof(tls11downgrade) < len)
4597 || !ossl_assert(sizeof(tls12downgrade) < len))
4598 return 0;
4599 if (dgrd == DOWNGRADE_TO_1_2)
4600 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4601 sizeof(tls12downgrade));
4602 else if (dgrd == DOWNGRADE_TO_1_1)
4603 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4604 sizeof(tls11downgrade));
4605 }
4606
4607 return ret;
4608}
4609
4610int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4611 int free_pms)
4612{
4613 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4614 int ret = 0;
4615
4616 if (alg_k & SSL_PSK) {
4617#ifndef OPENSSL_NO_PSK
4618 unsigned char *pskpms, *t;
4619 size_t psklen = s->s3->tmp.psklen;
4620 size_t pskpmslen;
4621
4622 /* create PSK premaster_secret */
4623
4624 /* For plain PSK "other_secret" is psklen zeroes */
4625 if (alg_k & SSL_kPSK)
4626 pmslen = psklen;
4627
4628 pskpmslen = 4 + pmslen + psklen;
4629 pskpms = OPENSSL_malloc(pskpmslen);
4630 if (pskpms == NULL)
4631 goto err;
4632 t = pskpms;
4633 s2n(pmslen, t);
4634 if (alg_k & SSL_kPSK)
4635 memset(t, 0, pmslen);
4636 else
4637 memcpy(t, pms, pmslen);
4638 t += pmslen;
4639 s2n(psklen, t);
4640 memcpy(t, s->s3->tmp.psk, psklen);
4641
4642 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4643 s->s3->tmp.psk = NULL;
4644 s->s3->tmp.psklen = 0;
4645 if (!s->method->ssl3_enc->generate_master_secret(s,
4646 s->session->master_key, pskpms, pskpmslen,
4647 &s->session->master_key_length)) {
4648 OPENSSL_clear_free(pskpms, pskpmslen);
4649 /* SSLfatal() already called */
4650 goto err;
4651 }
4652 OPENSSL_clear_free(pskpms, pskpmslen);
4653#else
4654 /* Should never happen */
4655 goto err;
4656#endif
4657 } else {
4658 if (!s->method->ssl3_enc->generate_master_secret(s,
4659 s->session->master_key, pms, pmslen,
4660 &s->session->master_key_length)) {
4661 /* SSLfatal() already called */
4662 goto err;
4663 }
4664 }
4665
4666 ret = 1;
4667 err:
4668 if (pms) {
4669 if (free_pms)
4670 OPENSSL_clear_free(pms, pmslen);
4671 else
4672 OPENSSL_cleanse(pms, pmslen);
4673 }
4674 if (s->server == 0) {
4675 s->s3->tmp.pms = NULL;
4676 s->s3->tmp.pmslen = 0;
4677 }
4678 return ret;
4679}
4680
4681/* Generate a private key from parameters */
4682EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4683{
4684 EVP_PKEY_CTX *pctx = NULL;
4685 EVP_PKEY *pkey = NULL;
4686
4687 if (pm == NULL)
4688 return NULL;
4689 pctx = EVP_PKEY_CTX_new(pm, NULL);
4690 if (pctx == NULL)
4691 goto err;
4692 if (EVP_PKEY_keygen_init(pctx) <= 0)
4693 goto err;
4694 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4695 EVP_PKEY_free(pkey);
4696 pkey = NULL;
4697 }
4698
4699 err:
4700 EVP_PKEY_CTX_free(pctx);
4701 return pkey;
4702}
4703#ifndef OPENSSL_NO_EC
4704/* Generate a private key from a group ID */
4705EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4706{
4707 EVP_PKEY_CTX *pctx = NULL;
4708 EVP_PKEY *pkey = NULL;
4709 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4710 uint16_t gtype;
4711
4712 if (ginf == NULL) {
4713 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4714 ERR_R_INTERNAL_ERROR);
4715 goto err;
4716 }
4717 gtype = ginf->flags & TLS_CURVE_TYPE;
4718 if (gtype == TLS_CURVE_CUSTOM)
4719 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
4720 else
4721 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4722 if (pctx == NULL) {
4723 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4724 ERR_R_MALLOC_FAILURE);
4725 goto err;
4726 }
4727 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4728 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4729 ERR_R_EVP_LIB);
4730 goto err;
4731 }
4732 if (gtype != TLS_CURVE_CUSTOM
4733 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
4734 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4735 ERR_R_EVP_LIB);
4736 goto err;
4737 }
4738 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4739 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
4740 ERR_R_EVP_LIB);
4741 EVP_PKEY_free(pkey);
4742 pkey = NULL;
4743 }
4744
4745 err:
4746 EVP_PKEY_CTX_free(pctx);
4747 return pkey;
4748}
4749
4750/*
4751 * Generate parameters from a group ID
4752 */
4753EVP_PKEY *ssl_generate_param_group(uint16_t id)
4754{
4755 EVP_PKEY_CTX *pctx = NULL;
4756 EVP_PKEY *pkey = NULL;
4757 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
4758
4759 if (ginf == NULL)
4760 goto err;
4761
4762 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4763 pkey = EVP_PKEY_new();
4764 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
4765 return pkey;
4766 EVP_PKEY_free(pkey);
4767 return NULL;
4768 }
4769
4770 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4771 if (pctx == NULL)
4772 goto err;
4773 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4774 goto err;
4775 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
4776 goto err;
4777 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4778 EVP_PKEY_free(pkey);
4779 pkey = NULL;
4780 }
4781
4782 err:
4783 EVP_PKEY_CTX_free(pctx);
4784 return pkey;
4785}
4786#endif
4787
4788/* Derive secrets for ECDH/DH */
4789int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4790{
4791 int rv = 0;
4792 unsigned char *pms = NULL;
4793 size_t pmslen = 0;
4794 EVP_PKEY_CTX *pctx;
4795
4796 if (privkey == NULL || pubkey == NULL) {
4797 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4798 ERR_R_INTERNAL_ERROR);
4799 return 0;
4800 }
4801
4802 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4803
4804 if (EVP_PKEY_derive_init(pctx) <= 0
4805 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4806 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4807 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4808 ERR_R_INTERNAL_ERROR);
4809 goto err;
4810 }
4811
4812 pms = OPENSSL_malloc(pmslen);
4813 if (pms == NULL) {
4814 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4815 ERR_R_MALLOC_FAILURE);
4816 goto err;
4817 }
4818
4819 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4820 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
4821 ERR_R_INTERNAL_ERROR);
4822 goto err;
4823 }
4824
4825 if (gensecret) {
4826 /* SSLfatal() called as appropriate in the below functions */
4827 if (SSL_IS_TLS13(s)) {
4828 /*
4829 * If we are resuming then we already generated the early secret
4830 * when we created the ClientHello, so don't recreate it.
4831 */
4832 if (!s->hit)
4833 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4834 0,
4835 (unsigned char *)&s->early_secret);
4836 else
4837 rv = 1;
4838
4839 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4840 } else {
4841 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4842 }
4843 } else {
4844 /* Save premaster secret */
4845 s->s3->tmp.pms = pms;
4846 s->s3->tmp.pmslen = pmslen;
4847 pms = NULL;
4848 rv = 1;
4849 }
4850
4851 err:
4852 OPENSSL_clear_free(pms, pmslen);
4853 EVP_PKEY_CTX_free(pctx);
4854 return rv;
4855}
4856
4857#ifndef OPENSSL_NO_DH
4858EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4859{
4860 EVP_PKEY *ret;
4861 if (dh == NULL)
4862 return NULL;
4863 ret = EVP_PKEY_new();
4864 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
4865 EVP_PKEY_free(ret);
4866 return NULL;
4867 }
4868 return ret;
4869}
4870#endif