xref: /freebsd/crypto/openssl/ssl/s3_lib.c (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6)
1 /*
2  * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4  * Copyright 2005 Nokia. All rights reserved.
5  *
6  * Licensed under the Apache License 2.0 (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  */
11 
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include "internal/cryptlib.h"
23 
24 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
25 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
26 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
27 
28 /* TLSv1.3 downgrade protection sentinel values */
29 const unsigned char tls11downgrade[] = {
30     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
31 };
32 const unsigned char tls12downgrade[] = {
33     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
34 };
35 
36 /* The list of available TLSv1.3 ciphers */
37 static SSL_CIPHER tls13_ciphers[] = {
38     {
39         1,
40         TLS1_3_RFC_AES_128_GCM_SHA256,
41         TLS1_3_RFC_AES_128_GCM_SHA256,
42         TLS1_3_CK_AES_128_GCM_SHA256,
43         SSL_kANY,
44         SSL_aANY,
45         SSL_AES128GCM,
46         SSL_AEAD,
47         TLS1_3_VERSION, TLS1_3_VERSION,
48         0, 0,
49         SSL_HIGH,
50         SSL_HANDSHAKE_MAC_SHA256,
51         128,
52         128,
53     }, {
54         1,
55         TLS1_3_RFC_AES_256_GCM_SHA384,
56         TLS1_3_RFC_AES_256_GCM_SHA384,
57         TLS1_3_CK_AES_256_GCM_SHA384,
58         SSL_kANY,
59         SSL_aANY,
60         SSL_AES256GCM,
61         SSL_AEAD,
62         TLS1_3_VERSION, TLS1_3_VERSION,
63         0, 0,
64         SSL_HIGH,
65         SSL_HANDSHAKE_MAC_SHA384,
66         256,
67         256,
68     },
69     {
70         1,
71         TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
72         TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
73         TLS1_3_CK_CHACHA20_POLY1305_SHA256,
74         SSL_kANY,
75         SSL_aANY,
76         SSL_CHACHA20POLY1305,
77         SSL_AEAD,
78         TLS1_3_VERSION, TLS1_3_VERSION,
79         0, 0,
80         SSL_HIGH,
81         SSL_HANDSHAKE_MAC_SHA256,
82         256,
83         256,
84     },
85     {
86         1,
87         TLS1_3_RFC_AES_128_CCM_SHA256,
88         TLS1_3_RFC_AES_128_CCM_SHA256,
89         TLS1_3_CK_AES_128_CCM_SHA256,
90         SSL_kANY,
91         SSL_aANY,
92         SSL_AES128CCM,
93         SSL_AEAD,
94         TLS1_3_VERSION, TLS1_3_VERSION,
95         0, 0,
96         SSL_NOT_DEFAULT | SSL_HIGH,
97         SSL_HANDSHAKE_MAC_SHA256,
98         128,
99         128,
100     }, {
101         1,
102         TLS1_3_RFC_AES_128_CCM_8_SHA256,
103         TLS1_3_RFC_AES_128_CCM_8_SHA256,
104         TLS1_3_CK_AES_128_CCM_8_SHA256,
105         SSL_kANY,
106         SSL_aANY,
107         SSL_AES128CCM8,
108         SSL_AEAD,
109         TLS1_3_VERSION, TLS1_3_VERSION,
110         0, 0,
111         SSL_NOT_DEFAULT | SSL_HIGH,
112         SSL_HANDSHAKE_MAC_SHA256,
113         128,
114         128,
115     }
116 };
117 
118 /*
119  * The list of available ciphers, mostly organized into the following
120  * groups:
121  *      Always there
122  *      EC
123  *      PSK
124  *      SRP (within that: RSA EC PSK)
125  *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
126  *      Weak ciphers
127  */
128 static SSL_CIPHER ssl3_ciphers[] = {
129     {
130      1,
131      SSL3_TXT_RSA_NULL_MD5,
132      SSL3_RFC_RSA_NULL_MD5,
133      SSL3_CK_RSA_NULL_MD5,
134      SSL_kRSA,
135      SSL_aRSA,
136      SSL_eNULL,
137      SSL_MD5,
138      SSL3_VERSION, TLS1_2_VERSION,
139      DTLS1_BAD_VER, DTLS1_2_VERSION,
140      SSL_STRONG_NONE,
141      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
142      0,
143      0,
144      },
145     {
146      1,
147      SSL3_TXT_RSA_NULL_SHA,
148      SSL3_RFC_RSA_NULL_SHA,
149      SSL3_CK_RSA_NULL_SHA,
150      SSL_kRSA,
151      SSL_aRSA,
152      SSL_eNULL,
153      SSL_SHA1,
154      SSL3_VERSION, TLS1_2_VERSION,
155      DTLS1_BAD_VER, DTLS1_2_VERSION,
156      SSL_STRONG_NONE | SSL_FIPS,
157      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
158      0,
159      0,
160      },
161 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
162     {
163      1,
164      SSL3_TXT_RSA_DES_192_CBC3_SHA,
165      SSL3_RFC_RSA_DES_192_CBC3_SHA,
166      SSL3_CK_RSA_DES_192_CBC3_SHA,
167      SSL_kRSA,
168      SSL_aRSA,
169      SSL_3DES,
170      SSL_SHA1,
171      SSL3_VERSION, TLS1_2_VERSION,
172      DTLS1_BAD_VER, DTLS1_2_VERSION,
173      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
174      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
175      112,
176      168,
177      },
178     {
179      1,
180      SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
181      SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
182      SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
183      SSL_kDHE,
184      SSL_aDSS,
185      SSL_3DES,
186      SSL_SHA1,
187      SSL3_VERSION, TLS1_2_VERSION,
188      DTLS1_BAD_VER, DTLS1_2_VERSION,
189      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
190      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
191      112,
192      168,
193      },
194     {
195      1,
196      SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
197      SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
198      SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
199      SSL_kDHE,
200      SSL_aRSA,
201      SSL_3DES,
202      SSL_SHA1,
203      SSL3_VERSION, TLS1_2_VERSION,
204      DTLS1_BAD_VER, DTLS1_2_VERSION,
205      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
206      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
207      112,
208      168,
209      },
210     {
211      1,
212      SSL3_TXT_ADH_DES_192_CBC_SHA,
213      SSL3_RFC_ADH_DES_192_CBC_SHA,
214      SSL3_CK_ADH_DES_192_CBC_SHA,
215      SSL_kDHE,
216      SSL_aNULL,
217      SSL_3DES,
218      SSL_SHA1,
219      SSL3_VERSION, TLS1_2_VERSION,
220      DTLS1_BAD_VER, DTLS1_2_VERSION,
221      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
222      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
223      112,
224      168,
225      },
226 #endif
227     {
228      1,
229      TLS1_TXT_RSA_WITH_AES_128_SHA,
230      TLS1_RFC_RSA_WITH_AES_128_SHA,
231      TLS1_CK_RSA_WITH_AES_128_SHA,
232      SSL_kRSA,
233      SSL_aRSA,
234      SSL_AES128,
235      SSL_SHA1,
236      SSL3_VERSION, TLS1_2_VERSION,
237      DTLS1_BAD_VER, DTLS1_2_VERSION,
238      SSL_HIGH | SSL_FIPS,
239      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
240      128,
241      128,
242      },
243     {
244      1,
245      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
246      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
247      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
248      SSL_kDHE,
249      SSL_aDSS,
250      SSL_AES128,
251      SSL_SHA1,
252      SSL3_VERSION, TLS1_2_VERSION,
253      DTLS1_BAD_VER, DTLS1_2_VERSION,
254      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
255      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256      128,
257      128,
258      },
259     {
260      1,
261      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
262      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
263      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
264      SSL_kDHE,
265      SSL_aRSA,
266      SSL_AES128,
267      SSL_SHA1,
268      SSL3_VERSION, TLS1_2_VERSION,
269      DTLS1_BAD_VER, DTLS1_2_VERSION,
270      SSL_HIGH | SSL_FIPS,
271      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
272      128,
273      128,
274      },
275     {
276      1,
277      TLS1_TXT_ADH_WITH_AES_128_SHA,
278      TLS1_RFC_ADH_WITH_AES_128_SHA,
279      TLS1_CK_ADH_WITH_AES_128_SHA,
280      SSL_kDHE,
281      SSL_aNULL,
282      SSL_AES128,
283      SSL_SHA1,
284      SSL3_VERSION, TLS1_2_VERSION,
285      DTLS1_BAD_VER, DTLS1_2_VERSION,
286      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
287      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
288      128,
289      128,
290      },
291     {
292      1,
293      TLS1_TXT_RSA_WITH_AES_256_SHA,
294      TLS1_RFC_RSA_WITH_AES_256_SHA,
295      TLS1_CK_RSA_WITH_AES_256_SHA,
296      SSL_kRSA,
297      SSL_aRSA,
298      SSL_AES256,
299      SSL_SHA1,
300      SSL3_VERSION, TLS1_2_VERSION,
301      DTLS1_BAD_VER, DTLS1_2_VERSION,
302      SSL_HIGH | SSL_FIPS,
303      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
304      256,
305      256,
306      },
307     {
308      1,
309      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
310      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
311      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
312      SSL_kDHE,
313      SSL_aDSS,
314      SSL_AES256,
315      SSL_SHA1,
316      SSL3_VERSION, TLS1_2_VERSION,
317      DTLS1_BAD_VER, DTLS1_2_VERSION,
318      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
319      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
320      256,
321      256,
322      },
323     {
324      1,
325      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
326      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
327      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
328      SSL_kDHE,
329      SSL_aRSA,
330      SSL_AES256,
331      SSL_SHA1,
332      SSL3_VERSION, TLS1_2_VERSION,
333      DTLS1_BAD_VER, DTLS1_2_VERSION,
334      SSL_HIGH | SSL_FIPS,
335      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
336      256,
337      256,
338      },
339     {
340      1,
341      TLS1_TXT_ADH_WITH_AES_256_SHA,
342      TLS1_RFC_ADH_WITH_AES_256_SHA,
343      TLS1_CK_ADH_WITH_AES_256_SHA,
344      SSL_kDHE,
345      SSL_aNULL,
346      SSL_AES256,
347      SSL_SHA1,
348      SSL3_VERSION, TLS1_2_VERSION,
349      DTLS1_BAD_VER, DTLS1_2_VERSION,
350      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
351      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
352      256,
353      256,
354      },
355     {
356      1,
357      TLS1_TXT_RSA_WITH_NULL_SHA256,
358      TLS1_RFC_RSA_WITH_NULL_SHA256,
359      TLS1_CK_RSA_WITH_NULL_SHA256,
360      SSL_kRSA,
361      SSL_aRSA,
362      SSL_eNULL,
363      SSL_SHA256,
364      TLS1_2_VERSION, TLS1_2_VERSION,
365      DTLS1_2_VERSION, DTLS1_2_VERSION,
366      SSL_STRONG_NONE | SSL_FIPS,
367      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
368      0,
369      0,
370      },
371     {
372      1,
373      TLS1_TXT_RSA_WITH_AES_128_SHA256,
374      TLS1_RFC_RSA_WITH_AES_128_SHA256,
375      TLS1_CK_RSA_WITH_AES_128_SHA256,
376      SSL_kRSA,
377      SSL_aRSA,
378      SSL_AES128,
379      SSL_SHA256,
380      TLS1_2_VERSION, TLS1_2_VERSION,
381      DTLS1_2_VERSION, DTLS1_2_VERSION,
382      SSL_HIGH | SSL_FIPS,
383      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
384      128,
385      128,
386      },
387     {
388      1,
389      TLS1_TXT_RSA_WITH_AES_256_SHA256,
390      TLS1_RFC_RSA_WITH_AES_256_SHA256,
391      TLS1_CK_RSA_WITH_AES_256_SHA256,
392      SSL_kRSA,
393      SSL_aRSA,
394      SSL_AES256,
395      SSL_SHA256,
396      TLS1_2_VERSION, TLS1_2_VERSION,
397      DTLS1_2_VERSION, DTLS1_2_VERSION,
398      SSL_HIGH | SSL_FIPS,
399      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
400      256,
401      256,
402      },
403     {
404      1,
405      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
406      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
407      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
408      SSL_kDHE,
409      SSL_aDSS,
410      SSL_AES128,
411      SSL_SHA256,
412      TLS1_2_VERSION, TLS1_2_VERSION,
413      DTLS1_2_VERSION, DTLS1_2_VERSION,
414      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
415      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
416      128,
417      128,
418      },
419     {
420      1,
421      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
422      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
423      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
424      SSL_kDHE,
425      SSL_aRSA,
426      SSL_AES128,
427      SSL_SHA256,
428      TLS1_2_VERSION, TLS1_2_VERSION,
429      DTLS1_2_VERSION, DTLS1_2_VERSION,
430      SSL_HIGH | SSL_FIPS,
431      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
432      128,
433      128,
434      },
435     {
436      1,
437      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
438      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
439      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
440      SSL_kDHE,
441      SSL_aDSS,
442      SSL_AES256,
443      SSL_SHA256,
444      TLS1_2_VERSION, TLS1_2_VERSION,
445      DTLS1_2_VERSION, DTLS1_2_VERSION,
446      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
447      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
448      256,
449      256,
450      },
451     {
452      1,
453      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
454      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
455      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
456      SSL_kDHE,
457      SSL_aRSA,
458      SSL_AES256,
459      SSL_SHA256,
460      TLS1_2_VERSION, TLS1_2_VERSION,
461      DTLS1_2_VERSION, DTLS1_2_VERSION,
462      SSL_HIGH | SSL_FIPS,
463      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
464      256,
465      256,
466      },
467     {
468      1,
469      TLS1_TXT_ADH_WITH_AES_128_SHA256,
470      TLS1_RFC_ADH_WITH_AES_128_SHA256,
471      TLS1_CK_ADH_WITH_AES_128_SHA256,
472      SSL_kDHE,
473      SSL_aNULL,
474      SSL_AES128,
475      SSL_SHA256,
476      TLS1_2_VERSION, TLS1_2_VERSION,
477      DTLS1_2_VERSION, DTLS1_2_VERSION,
478      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
479      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
480      128,
481      128,
482      },
483     {
484      1,
485      TLS1_TXT_ADH_WITH_AES_256_SHA256,
486      TLS1_RFC_ADH_WITH_AES_256_SHA256,
487      TLS1_CK_ADH_WITH_AES_256_SHA256,
488      SSL_kDHE,
489      SSL_aNULL,
490      SSL_AES256,
491      SSL_SHA256,
492      TLS1_2_VERSION, TLS1_2_VERSION,
493      DTLS1_2_VERSION, DTLS1_2_VERSION,
494      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
495      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
496      256,
497      256,
498      },
499     {
500      1,
501      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
502      TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
503      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
504      SSL_kRSA,
505      SSL_aRSA,
506      SSL_AES128GCM,
507      SSL_AEAD,
508      TLS1_2_VERSION, TLS1_2_VERSION,
509      DTLS1_2_VERSION, DTLS1_2_VERSION,
510      SSL_HIGH | SSL_FIPS,
511      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
512      128,
513      128,
514      },
515     {
516      1,
517      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
518      TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
519      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
520      SSL_kRSA,
521      SSL_aRSA,
522      SSL_AES256GCM,
523      SSL_AEAD,
524      TLS1_2_VERSION, TLS1_2_VERSION,
525      DTLS1_2_VERSION, DTLS1_2_VERSION,
526      SSL_HIGH | SSL_FIPS,
527      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
528      256,
529      256,
530      },
531     {
532      1,
533      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
534      TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
535      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
536      SSL_kDHE,
537      SSL_aRSA,
538      SSL_AES128GCM,
539      SSL_AEAD,
540      TLS1_2_VERSION, TLS1_2_VERSION,
541      DTLS1_2_VERSION, DTLS1_2_VERSION,
542      SSL_HIGH | SSL_FIPS,
543      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
544      128,
545      128,
546      },
547     {
548      1,
549      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
550      TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
551      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
552      SSL_kDHE,
553      SSL_aRSA,
554      SSL_AES256GCM,
555      SSL_AEAD,
556      TLS1_2_VERSION, TLS1_2_VERSION,
557      DTLS1_2_VERSION, DTLS1_2_VERSION,
558      SSL_HIGH | SSL_FIPS,
559      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
560      256,
561      256,
562      },
563     {
564      1,
565      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
566      TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
567      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
568      SSL_kDHE,
569      SSL_aDSS,
570      SSL_AES128GCM,
571      SSL_AEAD,
572      TLS1_2_VERSION, TLS1_2_VERSION,
573      DTLS1_2_VERSION, DTLS1_2_VERSION,
574      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
575      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
576      128,
577      128,
578      },
579     {
580      1,
581      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
582      TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
583      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
584      SSL_kDHE,
585      SSL_aDSS,
586      SSL_AES256GCM,
587      SSL_AEAD,
588      TLS1_2_VERSION, TLS1_2_VERSION,
589      DTLS1_2_VERSION, DTLS1_2_VERSION,
590      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
591      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
592      256,
593      256,
594      },
595     {
596      1,
597      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
598      TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
599      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
600      SSL_kDHE,
601      SSL_aNULL,
602      SSL_AES128GCM,
603      SSL_AEAD,
604      TLS1_2_VERSION, TLS1_2_VERSION,
605      DTLS1_2_VERSION, DTLS1_2_VERSION,
606      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
607      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
608      128,
609      128,
610      },
611     {
612      1,
613      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
614      TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
615      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
616      SSL_kDHE,
617      SSL_aNULL,
618      SSL_AES256GCM,
619      SSL_AEAD,
620      TLS1_2_VERSION, TLS1_2_VERSION,
621      DTLS1_2_VERSION, DTLS1_2_VERSION,
622      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
623      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
624      256,
625      256,
626      },
627     {
628      1,
629      TLS1_TXT_RSA_WITH_AES_128_CCM,
630      TLS1_RFC_RSA_WITH_AES_128_CCM,
631      TLS1_CK_RSA_WITH_AES_128_CCM,
632      SSL_kRSA,
633      SSL_aRSA,
634      SSL_AES128CCM,
635      SSL_AEAD,
636      TLS1_2_VERSION, TLS1_2_VERSION,
637      DTLS1_2_VERSION, DTLS1_2_VERSION,
638      SSL_NOT_DEFAULT | SSL_HIGH,
639      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
640      128,
641      128,
642      },
643     {
644      1,
645      TLS1_TXT_RSA_WITH_AES_256_CCM,
646      TLS1_RFC_RSA_WITH_AES_256_CCM,
647      TLS1_CK_RSA_WITH_AES_256_CCM,
648      SSL_kRSA,
649      SSL_aRSA,
650      SSL_AES256CCM,
651      SSL_AEAD,
652      TLS1_2_VERSION, TLS1_2_VERSION,
653      DTLS1_2_VERSION, DTLS1_2_VERSION,
654      SSL_NOT_DEFAULT | SSL_HIGH,
655      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
656      256,
657      256,
658      },
659     {
660      1,
661      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
662      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
663      TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
664      SSL_kDHE,
665      SSL_aRSA,
666      SSL_AES128CCM,
667      SSL_AEAD,
668      TLS1_2_VERSION, TLS1_2_VERSION,
669      DTLS1_2_VERSION, DTLS1_2_VERSION,
670      SSL_NOT_DEFAULT | SSL_HIGH,
671      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
672      128,
673      128,
674      },
675     {
676      1,
677      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
678      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
679      TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
680      SSL_kDHE,
681      SSL_aRSA,
682      SSL_AES256CCM,
683      SSL_AEAD,
684      TLS1_2_VERSION, TLS1_2_VERSION,
685      DTLS1_2_VERSION, DTLS1_2_VERSION,
686      SSL_NOT_DEFAULT | SSL_HIGH,
687      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
688      256,
689      256,
690      },
691     {
692      1,
693      TLS1_TXT_RSA_WITH_AES_128_CCM_8,
694      TLS1_RFC_RSA_WITH_AES_128_CCM_8,
695      TLS1_CK_RSA_WITH_AES_128_CCM_8,
696      SSL_kRSA,
697      SSL_aRSA,
698      SSL_AES128CCM8,
699      SSL_AEAD,
700      TLS1_2_VERSION, TLS1_2_VERSION,
701      DTLS1_2_VERSION, DTLS1_2_VERSION,
702      SSL_NOT_DEFAULT | SSL_HIGH,
703      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
704      128,
705      128,
706      },
707     {
708      1,
709      TLS1_TXT_RSA_WITH_AES_256_CCM_8,
710      TLS1_RFC_RSA_WITH_AES_256_CCM_8,
711      TLS1_CK_RSA_WITH_AES_256_CCM_8,
712      SSL_kRSA,
713      SSL_aRSA,
714      SSL_AES256CCM8,
715      SSL_AEAD,
716      TLS1_2_VERSION, TLS1_2_VERSION,
717      DTLS1_2_VERSION, DTLS1_2_VERSION,
718      SSL_NOT_DEFAULT | SSL_HIGH,
719      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
720      256,
721      256,
722      },
723     {
724      1,
725      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
726      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
727      TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
728      SSL_kDHE,
729      SSL_aRSA,
730      SSL_AES128CCM8,
731      SSL_AEAD,
732      TLS1_2_VERSION, TLS1_2_VERSION,
733      DTLS1_2_VERSION, DTLS1_2_VERSION,
734      SSL_NOT_DEFAULT | SSL_HIGH,
735      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
736      128,
737      128,
738      },
739     {
740      1,
741      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
742      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
743      TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
744      SSL_kDHE,
745      SSL_aRSA,
746      SSL_AES256CCM8,
747      SSL_AEAD,
748      TLS1_2_VERSION, TLS1_2_VERSION,
749      DTLS1_2_VERSION, DTLS1_2_VERSION,
750      SSL_NOT_DEFAULT | SSL_HIGH,
751      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
752      256,
753      256,
754      },
755     {
756      1,
757      TLS1_TXT_PSK_WITH_AES_128_CCM,
758      TLS1_RFC_PSK_WITH_AES_128_CCM,
759      TLS1_CK_PSK_WITH_AES_128_CCM,
760      SSL_kPSK,
761      SSL_aPSK,
762      SSL_AES128CCM,
763      SSL_AEAD,
764      TLS1_2_VERSION, TLS1_2_VERSION,
765      DTLS1_2_VERSION, DTLS1_2_VERSION,
766      SSL_NOT_DEFAULT | SSL_HIGH,
767      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
768      128,
769      128,
770      },
771     {
772      1,
773      TLS1_TXT_PSK_WITH_AES_256_CCM,
774      TLS1_RFC_PSK_WITH_AES_256_CCM,
775      TLS1_CK_PSK_WITH_AES_256_CCM,
776      SSL_kPSK,
777      SSL_aPSK,
778      SSL_AES256CCM,
779      SSL_AEAD,
780      TLS1_2_VERSION, TLS1_2_VERSION,
781      DTLS1_2_VERSION, DTLS1_2_VERSION,
782      SSL_NOT_DEFAULT | SSL_HIGH,
783      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
784      256,
785      256,
786      },
787     {
788      1,
789      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
790      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
791      TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
792      SSL_kDHEPSK,
793      SSL_aPSK,
794      SSL_AES128CCM,
795      SSL_AEAD,
796      TLS1_2_VERSION, TLS1_2_VERSION,
797      DTLS1_2_VERSION, DTLS1_2_VERSION,
798      SSL_NOT_DEFAULT | SSL_HIGH,
799      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
800      128,
801      128,
802      },
803     {
804      1,
805      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
806      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
807      TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
808      SSL_kDHEPSK,
809      SSL_aPSK,
810      SSL_AES256CCM,
811      SSL_AEAD,
812      TLS1_2_VERSION, TLS1_2_VERSION,
813      DTLS1_2_VERSION, DTLS1_2_VERSION,
814      SSL_NOT_DEFAULT | SSL_HIGH,
815      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
816      256,
817      256,
818      },
819     {
820      1,
821      TLS1_TXT_PSK_WITH_AES_128_CCM_8,
822      TLS1_RFC_PSK_WITH_AES_128_CCM_8,
823      TLS1_CK_PSK_WITH_AES_128_CCM_8,
824      SSL_kPSK,
825      SSL_aPSK,
826      SSL_AES128CCM8,
827      SSL_AEAD,
828      TLS1_2_VERSION, TLS1_2_VERSION,
829      DTLS1_2_VERSION, DTLS1_2_VERSION,
830      SSL_NOT_DEFAULT | SSL_HIGH,
831      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
832      128,
833      128,
834      },
835     {
836      1,
837      TLS1_TXT_PSK_WITH_AES_256_CCM_8,
838      TLS1_RFC_PSK_WITH_AES_256_CCM_8,
839      TLS1_CK_PSK_WITH_AES_256_CCM_8,
840      SSL_kPSK,
841      SSL_aPSK,
842      SSL_AES256CCM8,
843      SSL_AEAD,
844      TLS1_2_VERSION, TLS1_2_VERSION,
845      DTLS1_2_VERSION, DTLS1_2_VERSION,
846      SSL_NOT_DEFAULT | SSL_HIGH,
847      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
848      256,
849      256,
850      },
851     {
852      1,
853      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
854      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
855      TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
856      SSL_kDHEPSK,
857      SSL_aPSK,
858      SSL_AES128CCM8,
859      SSL_AEAD,
860      TLS1_2_VERSION, TLS1_2_VERSION,
861      DTLS1_2_VERSION, DTLS1_2_VERSION,
862      SSL_NOT_DEFAULT | SSL_HIGH,
863      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
864      128,
865      128,
866      },
867     {
868      1,
869      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
870      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
871      TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
872      SSL_kDHEPSK,
873      SSL_aPSK,
874      SSL_AES256CCM8,
875      SSL_AEAD,
876      TLS1_2_VERSION, TLS1_2_VERSION,
877      DTLS1_2_VERSION, DTLS1_2_VERSION,
878      SSL_NOT_DEFAULT | SSL_HIGH,
879      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
880      256,
881      256,
882      },
883     {
884      1,
885      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
886      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
887      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
888      SSL_kECDHE,
889      SSL_aECDSA,
890      SSL_AES128CCM,
891      SSL_AEAD,
892      TLS1_2_VERSION, TLS1_2_VERSION,
893      DTLS1_2_VERSION, DTLS1_2_VERSION,
894      SSL_NOT_DEFAULT | SSL_HIGH,
895      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
896      128,
897      128,
898      },
899     {
900      1,
901      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
902      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
903      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
904      SSL_kECDHE,
905      SSL_aECDSA,
906      SSL_AES256CCM,
907      SSL_AEAD,
908      TLS1_2_VERSION, TLS1_2_VERSION,
909      DTLS1_2_VERSION, DTLS1_2_VERSION,
910      SSL_NOT_DEFAULT | SSL_HIGH,
911      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
912      256,
913      256,
914      },
915     {
916      1,
917      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
918      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
919      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
920      SSL_kECDHE,
921      SSL_aECDSA,
922      SSL_AES128CCM8,
923      SSL_AEAD,
924      TLS1_2_VERSION, TLS1_2_VERSION,
925      DTLS1_2_VERSION, DTLS1_2_VERSION,
926      SSL_NOT_DEFAULT | SSL_HIGH,
927      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
928      128,
929      128,
930      },
931     {
932      1,
933      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
934      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
935      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
936      SSL_kECDHE,
937      SSL_aECDSA,
938      SSL_AES256CCM8,
939      SSL_AEAD,
940      TLS1_2_VERSION, TLS1_2_VERSION,
941      DTLS1_2_VERSION, DTLS1_2_VERSION,
942      SSL_NOT_DEFAULT | SSL_HIGH,
943      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
944      256,
945      256,
946      },
947     {
948      1,
949      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
950      TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
951      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
952      SSL_kECDHE,
953      SSL_aECDSA,
954      SSL_eNULL,
955      SSL_SHA1,
956      TLS1_VERSION, TLS1_2_VERSION,
957      DTLS1_BAD_VER, DTLS1_2_VERSION,
958      SSL_STRONG_NONE | SSL_FIPS,
959      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
960      0,
961      0,
962      },
963 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
964     {
965      1,
966      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967      TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
968      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
969      SSL_kECDHE,
970      SSL_aECDSA,
971      SSL_3DES,
972      SSL_SHA1,
973      TLS1_VERSION, TLS1_2_VERSION,
974      DTLS1_BAD_VER, DTLS1_2_VERSION,
975      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
976      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
977      112,
978      168,
979      },
980 # endif
981     {
982      1,
983      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
985      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
986      SSL_kECDHE,
987      SSL_aECDSA,
988      SSL_AES128,
989      SSL_SHA1,
990      TLS1_VERSION, TLS1_2_VERSION,
991      DTLS1_BAD_VER, DTLS1_2_VERSION,
992      SSL_HIGH | SSL_FIPS,
993      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
994      128,
995      128,
996      },
997     {
998      1,
999      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1001      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1002      SSL_kECDHE,
1003      SSL_aECDSA,
1004      SSL_AES256,
1005      SSL_SHA1,
1006      TLS1_VERSION, TLS1_2_VERSION,
1007      DTLS1_BAD_VER, DTLS1_2_VERSION,
1008      SSL_HIGH | SSL_FIPS,
1009      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1010      256,
1011      256,
1012      },
1013     {
1014      1,
1015      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1016      TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1017      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1018      SSL_kECDHE,
1019      SSL_aRSA,
1020      SSL_eNULL,
1021      SSL_SHA1,
1022      TLS1_VERSION, TLS1_2_VERSION,
1023      DTLS1_BAD_VER, DTLS1_2_VERSION,
1024      SSL_STRONG_NONE | SSL_FIPS,
1025      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1026      0,
1027      0,
1028      },
1029 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1030     {
1031      1,
1032      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033      TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1034      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1035      SSL_kECDHE,
1036      SSL_aRSA,
1037      SSL_3DES,
1038      SSL_SHA1,
1039      TLS1_VERSION, TLS1_2_VERSION,
1040      DTLS1_BAD_VER, DTLS1_2_VERSION,
1041      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1042      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1043      112,
1044      168,
1045      },
1046 # endif
1047     {
1048      1,
1049      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050      TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1051      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1052      SSL_kECDHE,
1053      SSL_aRSA,
1054      SSL_AES128,
1055      SSL_SHA1,
1056      TLS1_VERSION, TLS1_2_VERSION,
1057      DTLS1_BAD_VER, DTLS1_2_VERSION,
1058      SSL_HIGH | SSL_FIPS,
1059      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1060      128,
1061      128,
1062      },
1063     {
1064      1,
1065      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066      TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1067      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1068      SSL_kECDHE,
1069      SSL_aRSA,
1070      SSL_AES256,
1071      SSL_SHA1,
1072      TLS1_VERSION, TLS1_2_VERSION,
1073      DTLS1_BAD_VER, DTLS1_2_VERSION,
1074      SSL_HIGH | SSL_FIPS,
1075      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1076      256,
1077      256,
1078      },
1079     {
1080      1,
1081      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1082      TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1083      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1084      SSL_kECDHE,
1085      SSL_aNULL,
1086      SSL_eNULL,
1087      SSL_SHA1,
1088      TLS1_VERSION, TLS1_2_VERSION,
1089      DTLS1_BAD_VER, DTLS1_2_VERSION,
1090      SSL_STRONG_NONE | SSL_FIPS,
1091      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1092      0,
1093      0,
1094      },
1095 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1096     {
1097      1,
1098      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099      TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1100      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1101      SSL_kECDHE,
1102      SSL_aNULL,
1103      SSL_3DES,
1104      SSL_SHA1,
1105      TLS1_VERSION, TLS1_2_VERSION,
1106      DTLS1_BAD_VER, DTLS1_2_VERSION,
1107      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1108      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1109      112,
1110      168,
1111      },
1112 # endif
1113     {
1114      1,
1115      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1116      TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1117      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1118      SSL_kECDHE,
1119      SSL_aNULL,
1120      SSL_AES128,
1121      SSL_SHA1,
1122      TLS1_VERSION, TLS1_2_VERSION,
1123      DTLS1_BAD_VER, DTLS1_2_VERSION,
1124      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1125      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1126      128,
1127      128,
1128      },
1129     {
1130      1,
1131      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1132      TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1133      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1134      SSL_kECDHE,
1135      SSL_aNULL,
1136      SSL_AES256,
1137      SSL_SHA1,
1138      TLS1_VERSION, TLS1_2_VERSION,
1139      DTLS1_BAD_VER, DTLS1_2_VERSION,
1140      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1141      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1142      256,
1143      256,
1144      },
1145     {
1146      1,
1147      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1149      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1150      SSL_kECDHE,
1151      SSL_aECDSA,
1152      SSL_AES128,
1153      SSL_SHA256,
1154      TLS1_2_VERSION, TLS1_2_VERSION,
1155      DTLS1_2_VERSION, DTLS1_2_VERSION,
1156      SSL_HIGH | SSL_FIPS,
1157      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1158      128,
1159      128,
1160      },
1161     {
1162      1,
1163      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1165      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1166      SSL_kECDHE,
1167      SSL_aECDSA,
1168      SSL_AES256,
1169      SSL_SHA384,
1170      TLS1_2_VERSION, TLS1_2_VERSION,
1171      DTLS1_2_VERSION, DTLS1_2_VERSION,
1172      SSL_HIGH | SSL_FIPS,
1173      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1174      256,
1175      256,
1176      },
1177     {
1178      1,
1179      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1180      TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1181      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1182      SSL_kECDHE,
1183      SSL_aRSA,
1184      SSL_AES128,
1185      SSL_SHA256,
1186      TLS1_2_VERSION, TLS1_2_VERSION,
1187      DTLS1_2_VERSION, DTLS1_2_VERSION,
1188      SSL_HIGH | SSL_FIPS,
1189      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1190      128,
1191      128,
1192      },
1193     {
1194      1,
1195      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1196      TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1197      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1198      SSL_kECDHE,
1199      SSL_aRSA,
1200      SSL_AES256,
1201      SSL_SHA384,
1202      TLS1_2_VERSION, TLS1_2_VERSION,
1203      DTLS1_2_VERSION, DTLS1_2_VERSION,
1204      SSL_HIGH | SSL_FIPS,
1205      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1206      256,
1207      256,
1208      },
1209     {
1210      1,
1211      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1213      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1214      SSL_kECDHE,
1215      SSL_aECDSA,
1216      SSL_AES128GCM,
1217      SSL_AEAD,
1218      TLS1_2_VERSION, TLS1_2_VERSION,
1219      DTLS1_2_VERSION, DTLS1_2_VERSION,
1220      SSL_HIGH | SSL_FIPS,
1221      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1222      128,
1223      128,
1224      },
1225     {
1226      1,
1227      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1229      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1230      SSL_kECDHE,
1231      SSL_aECDSA,
1232      SSL_AES256GCM,
1233      SSL_AEAD,
1234      TLS1_2_VERSION, TLS1_2_VERSION,
1235      DTLS1_2_VERSION, DTLS1_2_VERSION,
1236      SSL_HIGH | SSL_FIPS,
1237      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1238      256,
1239      256,
1240      },
1241     {
1242      1,
1243      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244      TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1245      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1246      SSL_kECDHE,
1247      SSL_aRSA,
1248      SSL_AES128GCM,
1249      SSL_AEAD,
1250      TLS1_2_VERSION, TLS1_2_VERSION,
1251      DTLS1_2_VERSION, DTLS1_2_VERSION,
1252      SSL_HIGH | SSL_FIPS,
1253      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1254      128,
1255      128,
1256      },
1257     {
1258      1,
1259      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260      TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1261      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1262      SSL_kECDHE,
1263      SSL_aRSA,
1264      SSL_AES256GCM,
1265      SSL_AEAD,
1266      TLS1_2_VERSION, TLS1_2_VERSION,
1267      DTLS1_2_VERSION, DTLS1_2_VERSION,
1268      SSL_HIGH | SSL_FIPS,
1269      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1270      256,
1271      256,
1272      },
1273     {
1274      1,
1275      TLS1_TXT_PSK_WITH_NULL_SHA,
1276      TLS1_RFC_PSK_WITH_NULL_SHA,
1277      TLS1_CK_PSK_WITH_NULL_SHA,
1278      SSL_kPSK,
1279      SSL_aPSK,
1280      SSL_eNULL,
1281      SSL_SHA1,
1282      SSL3_VERSION, TLS1_2_VERSION,
1283      DTLS1_BAD_VER, DTLS1_2_VERSION,
1284      SSL_STRONG_NONE | SSL_FIPS,
1285      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1286      0,
1287      0,
1288      },
1289     {
1290      1,
1291      TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1292      TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1293      TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1294      SSL_kDHEPSK,
1295      SSL_aPSK,
1296      SSL_eNULL,
1297      SSL_SHA1,
1298      SSL3_VERSION, TLS1_2_VERSION,
1299      DTLS1_BAD_VER, DTLS1_2_VERSION,
1300      SSL_STRONG_NONE | SSL_FIPS,
1301      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1302      0,
1303      0,
1304      },
1305     {
1306      1,
1307      TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1308      TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1309      TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1310      SSL_kRSAPSK,
1311      SSL_aRSA,
1312      SSL_eNULL,
1313      SSL_SHA1,
1314      SSL3_VERSION, TLS1_2_VERSION,
1315      DTLS1_BAD_VER, DTLS1_2_VERSION,
1316      SSL_STRONG_NONE | SSL_FIPS,
1317      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1318      0,
1319      0,
1320      },
1321 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1322     {
1323      1,
1324      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1325      TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1326      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1327      SSL_kPSK,
1328      SSL_aPSK,
1329      SSL_3DES,
1330      SSL_SHA1,
1331      SSL3_VERSION, TLS1_2_VERSION,
1332      DTLS1_BAD_VER, DTLS1_2_VERSION,
1333      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1334      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1335      112,
1336      168,
1337      },
1338 # endif
1339     {
1340      1,
1341      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1342      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1343      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1344      SSL_kPSK,
1345      SSL_aPSK,
1346      SSL_AES128,
1347      SSL_SHA1,
1348      SSL3_VERSION, TLS1_2_VERSION,
1349      DTLS1_BAD_VER, DTLS1_2_VERSION,
1350      SSL_HIGH | SSL_FIPS,
1351      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1352      128,
1353      128,
1354      },
1355     {
1356      1,
1357      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1358      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1359      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1360      SSL_kPSK,
1361      SSL_aPSK,
1362      SSL_AES256,
1363      SSL_SHA1,
1364      SSL3_VERSION, TLS1_2_VERSION,
1365      DTLS1_BAD_VER, DTLS1_2_VERSION,
1366      SSL_HIGH | SSL_FIPS,
1367      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1368      256,
1369      256,
1370      },
1371 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1372     {
1373      1,
1374      TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1375      TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376      TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377      SSL_kDHEPSK,
1378      SSL_aPSK,
1379      SSL_3DES,
1380      SSL_SHA1,
1381      SSL3_VERSION, TLS1_2_VERSION,
1382      DTLS1_BAD_VER, DTLS1_2_VERSION,
1383      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1384      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1385      112,
1386      168,
1387      },
1388 # endif
1389     {
1390      1,
1391      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1392      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1393      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1394      SSL_kDHEPSK,
1395      SSL_aPSK,
1396      SSL_AES128,
1397      SSL_SHA1,
1398      SSL3_VERSION, TLS1_2_VERSION,
1399      DTLS1_BAD_VER, DTLS1_2_VERSION,
1400      SSL_HIGH | SSL_FIPS,
1401      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1402      128,
1403      128,
1404      },
1405     {
1406      1,
1407      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1408      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1409      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1410      SSL_kDHEPSK,
1411      SSL_aPSK,
1412      SSL_AES256,
1413      SSL_SHA1,
1414      SSL3_VERSION, TLS1_2_VERSION,
1415      DTLS1_BAD_VER, DTLS1_2_VERSION,
1416      SSL_HIGH | SSL_FIPS,
1417      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1418      256,
1419      256,
1420      },
1421 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1422     {
1423      1,
1424      TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1425      TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426      TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427      SSL_kRSAPSK,
1428      SSL_aRSA,
1429      SSL_3DES,
1430      SSL_SHA1,
1431      SSL3_VERSION, TLS1_2_VERSION,
1432      DTLS1_BAD_VER, DTLS1_2_VERSION,
1433      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1434      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1435      112,
1436      168,
1437      },
1438 # endif
1439     {
1440      1,
1441      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1442      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1443      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1444      SSL_kRSAPSK,
1445      SSL_aRSA,
1446      SSL_AES128,
1447      SSL_SHA1,
1448      SSL3_VERSION, TLS1_2_VERSION,
1449      DTLS1_BAD_VER, DTLS1_2_VERSION,
1450      SSL_HIGH | SSL_FIPS,
1451      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1452      128,
1453      128,
1454      },
1455     {
1456      1,
1457      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1458      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1459      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1460      SSL_kRSAPSK,
1461      SSL_aRSA,
1462      SSL_AES256,
1463      SSL_SHA1,
1464      SSL3_VERSION, TLS1_2_VERSION,
1465      DTLS1_BAD_VER, DTLS1_2_VERSION,
1466      SSL_HIGH | SSL_FIPS,
1467      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1468      256,
1469      256,
1470      },
1471     {
1472      1,
1473      TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1474      TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1475      TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1476      SSL_kPSK,
1477      SSL_aPSK,
1478      SSL_AES128GCM,
1479      SSL_AEAD,
1480      TLS1_2_VERSION, TLS1_2_VERSION,
1481      DTLS1_2_VERSION, DTLS1_2_VERSION,
1482      SSL_HIGH | SSL_FIPS,
1483      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1484      128,
1485      128,
1486      },
1487     {
1488      1,
1489      TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1490      TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1491      TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1492      SSL_kPSK,
1493      SSL_aPSK,
1494      SSL_AES256GCM,
1495      SSL_AEAD,
1496      TLS1_2_VERSION, TLS1_2_VERSION,
1497      DTLS1_2_VERSION, DTLS1_2_VERSION,
1498      SSL_HIGH | SSL_FIPS,
1499      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1500      256,
1501      256,
1502      },
1503     {
1504      1,
1505      TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1506      TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507      TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508      SSL_kDHEPSK,
1509      SSL_aPSK,
1510      SSL_AES128GCM,
1511      SSL_AEAD,
1512      TLS1_2_VERSION, TLS1_2_VERSION,
1513      DTLS1_2_VERSION, DTLS1_2_VERSION,
1514      SSL_HIGH | SSL_FIPS,
1515      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1516      128,
1517      128,
1518      },
1519     {
1520      1,
1521      TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1522      TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523      TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524      SSL_kDHEPSK,
1525      SSL_aPSK,
1526      SSL_AES256GCM,
1527      SSL_AEAD,
1528      TLS1_2_VERSION, TLS1_2_VERSION,
1529      DTLS1_2_VERSION, DTLS1_2_VERSION,
1530      SSL_HIGH | SSL_FIPS,
1531      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1532      256,
1533      256,
1534      },
1535     {
1536      1,
1537      TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1538      TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539      TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540      SSL_kRSAPSK,
1541      SSL_aRSA,
1542      SSL_AES128GCM,
1543      SSL_AEAD,
1544      TLS1_2_VERSION, TLS1_2_VERSION,
1545      DTLS1_2_VERSION, DTLS1_2_VERSION,
1546      SSL_HIGH | SSL_FIPS,
1547      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1548      128,
1549      128,
1550      },
1551     {
1552      1,
1553      TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1554      TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555      TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556      SSL_kRSAPSK,
1557      SSL_aRSA,
1558      SSL_AES256GCM,
1559      SSL_AEAD,
1560      TLS1_2_VERSION, TLS1_2_VERSION,
1561      DTLS1_2_VERSION, DTLS1_2_VERSION,
1562      SSL_HIGH | SSL_FIPS,
1563      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1564      256,
1565      256,
1566      },
1567     {
1568      1,
1569      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1570      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1571      TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1572      SSL_kPSK,
1573      SSL_aPSK,
1574      SSL_AES128,
1575      SSL_SHA256,
1576      TLS1_VERSION, TLS1_2_VERSION,
1577      DTLS1_BAD_VER, DTLS1_2_VERSION,
1578      SSL_HIGH | SSL_FIPS,
1579      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1580      128,
1581      128,
1582      },
1583     {
1584      1,
1585      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1586      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1587      TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1588      SSL_kPSK,
1589      SSL_aPSK,
1590      SSL_AES256,
1591      SSL_SHA384,
1592      TLS1_VERSION, TLS1_2_VERSION,
1593      DTLS1_BAD_VER, DTLS1_2_VERSION,
1594      SSL_HIGH | SSL_FIPS,
1595      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1596      256,
1597      256,
1598      },
1599     {
1600      1,
1601      TLS1_TXT_PSK_WITH_NULL_SHA256,
1602      TLS1_RFC_PSK_WITH_NULL_SHA256,
1603      TLS1_CK_PSK_WITH_NULL_SHA256,
1604      SSL_kPSK,
1605      SSL_aPSK,
1606      SSL_eNULL,
1607      SSL_SHA256,
1608      TLS1_VERSION, TLS1_2_VERSION,
1609      DTLS1_BAD_VER, DTLS1_2_VERSION,
1610      SSL_STRONG_NONE | SSL_FIPS,
1611      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1612      0,
1613      0,
1614      },
1615     {
1616      1,
1617      TLS1_TXT_PSK_WITH_NULL_SHA384,
1618      TLS1_RFC_PSK_WITH_NULL_SHA384,
1619      TLS1_CK_PSK_WITH_NULL_SHA384,
1620      SSL_kPSK,
1621      SSL_aPSK,
1622      SSL_eNULL,
1623      SSL_SHA384,
1624      TLS1_VERSION, TLS1_2_VERSION,
1625      DTLS1_BAD_VER, DTLS1_2_VERSION,
1626      SSL_STRONG_NONE | SSL_FIPS,
1627      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1628      0,
1629      0,
1630      },
1631     {
1632      1,
1633      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1634      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636      SSL_kDHEPSK,
1637      SSL_aPSK,
1638      SSL_AES128,
1639      SSL_SHA256,
1640      TLS1_VERSION, TLS1_2_VERSION,
1641      DTLS1_BAD_VER, DTLS1_2_VERSION,
1642      SSL_HIGH | SSL_FIPS,
1643      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1644      128,
1645      128,
1646      },
1647     {
1648      1,
1649      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1650      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652      SSL_kDHEPSK,
1653      SSL_aPSK,
1654      SSL_AES256,
1655      SSL_SHA384,
1656      TLS1_VERSION, TLS1_2_VERSION,
1657      DTLS1_BAD_VER, DTLS1_2_VERSION,
1658      SSL_HIGH | SSL_FIPS,
1659      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1660      256,
1661      256,
1662      },
1663     {
1664      1,
1665      TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1666      TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1667      TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1668      SSL_kDHEPSK,
1669      SSL_aPSK,
1670      SSL_eNULL,
1671      SSL_SHA256,
1672      TLS1_VERSION, TLS1_2_VERSION,
1673      DTLS1_BAD_VER, DTLS1_2_VERSION,
1674      SSL_STRONG_NONE | SSL_FIPS,
1675      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1676      0,
1677      0,
1678      },
1679     {
1680      1,
1681      TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1682      TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1683      TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1684      SSL_kDHEPSK,
1685      SSL_aPSK,
1686      SSL_eNULL,
1687      SSL_SHA384,
1688      TLS1_VERSION, TLS1_2_VERSION,
1689      DTLS1_BAD_VER, DTLS1_2_VERSION,
1690      SSL_STRONG_NONE | SSL_FIPS,
1691      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1692      0,
1693      0,
1694      },
1695     {
1696      1,
1697      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1698      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700      SSL_kRSAPSK,
1701      SSL_aRSA,
1702      SSL_AES128,
1703      SSL_SHA256,
1704      TLS1_VERSION, TLS1_2_VERSION,
1705      DTLS1_BAD_VER, DTLS1_2_VERSION,
1706      SSL_HIGH | SSL_FIPS,
1707      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1708      128,
1709      128,
1710      },
1711     {
1712      1,
1713      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1714      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716      SSL_kRSAPSK,
1717      SSL_aRSA,
1718      SSL_AES256,
1719      SSL_SHA384,
1720      TLS1_VERSION, TLS1_2_VERSION,
1721      DTLS1_BAD_VER, DTLS1_2_VERSION,
1722      SSL_HIGH | SSL_FIPS,
1723      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1724      256,
1725      256,
1726      },
1727     {
1728      1,
1729      TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1730      TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1731      TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1732      SSL_kRSAPSK,
1733      SSL_aRSA,
1734      SSL_eNULL,
1735      SSL_SHA256,
1736      TLS1_VERSION, TLS1_2_VERSION,
1737      DTLS1_BAD_VER, DTLS1_2_VERSION,
1738      SSL_STRONG_NONE | SSL_FIPS,
1739      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1740      0,
1741      0,
1742      },
1743     {
1744      1,
1745      TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1746      TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1747      TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1748      SSL_kRSAPSK,
1749      SSL_aRSA,
1750      SSL_eNULL,
1751      SSL_SHA384,
1752      TLS1_VERSION, TLS1_2_VERSION,
1753      DTLS1_BAD_VER, DTLS1_2_VERSION,
1754      SSL_STRONG_NONE | SSL_FIPS,
1755      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1756      0,
1757      0,
1758      },
1759 #  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1760     {
1761      1,
1762      TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1763      TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1764      TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765      SSL_kECDHEPSK,
1766      SSL_aPSK,
1767      SSL_3DES,
1768      SSL_SHA1,
1769      TLS1_VERSION, TLS1_2_VERSION,
1770      DTLS1_BAD_VER, DTLS1_2_VERSION,
1771      SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1772      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1773      112,
1774      168,
1775      },
1776 #  endif
1777     {
1778      1,
1779      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1780      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1781      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782      SSL_kECDHEPSK,
1783      SSL_aPSK,
1784      SSL_AES128,
1785      SSL_SHA1,
1786      TLS1_VERSION, TLS1_2_VERSION,
1787      DTLS1_BAD_VER, DTLS1_2_VERSION,
1788      SSL_HIGH | SSL_FIPS,
1789      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1790      128,
1791      128,
1792      },
1793     {
1794      1,
1795      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1796      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1797      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798      SSL_kECDHEPSK,
1799      SSL_aPSK,
1800      SSL_AES256,
1801      SSL_SHA1,
1802      TLS1_VERSION, TLS1_2_VERSION,
1803      DTLS1_BAD_VER, DTLS1_2_VERSION,
1804      SSL_HIGH | SSL_FIPS,
1805      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1806      256,
1807      256,
1808      },
1809     {
1810      1,
1811      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1812      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1813      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814      SSL_kECDHEPSK,
1815      SSL_aPSK,
1816      SSL_AES128,
1817      SSL_SHA256,
1818      TLS1_VERSION, TLS1_2_VERSION,
1819      DTLS1_BAD_VER, DTLS1_2_VERSION,
1820      SSL_HIGH | SSL_FIPS,
1821      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1822      128,
1823      128,
1824      },
1825     {
1826      1,
1827      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1828      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1829      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830      SSL_kECDHEPSK,
1831      SSL_aPSK,
1832      SSL_AES256,
1833      SSL_SHA384,
1834      TLS1_VERSION, TLS1_2_VERSION,
1835      DTLS1_BAD_VER, DTLS1_2_VERSION,
1836      SSL_HIGH | SSL_FIPS,
1837      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1838      256,
1839      256,
1840      },
1841     {
1842      1,
1843      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1844      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1845      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1846      SSL_kECDHEPSK,
1847      SSL_aPSK,
1848      SSL_eNULL,
1849      SSL_SHA1,
1850      TLS1_VERSION, TLS1_2_VERSION,
1851      DTLS1_BAD_VER, DTLS1_2_VERSION,
1852      SSL_STRONG_NONE | SSL_FIPS,
1853      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1854      0,
1855      0,
1856      },
1857     {
1858      1,
1859      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1860      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1861      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1862      SSL_kECDHEPSK,
1863      SSL_aPSK,
1864      SSL_eNULL,
1865      SSL_SHA256,
1866      TLS1_VERSION, TLS1_2_VERSION,
1867      DTLS1_BAD_VER, DTLS1_2_VERSION,
1868      SSL_STRONG_NONE | SSL_FIPS,
1869      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1870      0,
1871      0,
1872      },
1873     {
1874      1,
1875      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1876      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1877      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1878      SSL_kECDHEPSK,
1879      SSL_aPSK,
1880      SSL_eNULL,
1881      SSL_SHA384,
1882      TLS1_VERSION, TLS1_2_VERSION,
1883      DTLS1_BAD_VER, DTLS1_2_VERSION,
1884      SSL_STRONG_NONE | SSL_FIPS,
1885      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1886      0,
1887      0,
1888      },
1889 
1890 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1891     {
1892      1,
1893      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1894      TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1895      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1896      SSL_kSRP,
1897      SSL_aSRP,
1898      SSL_3DES,
1899      SSL_SHA1,
1900      SSL3_VERSION, TLS1_2_VERSION,
1901      DTLS1_BAD_VER, DTLS1_2_VERSION,
1902      SSL_NOT_DEFAULT | SSL_MEDIUM,
1903      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1904      112,
1905      168,
1906      },
1907     {
1908      1,
1909      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1910      TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1911      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1912      SSL_kSRP,
1913      SSL_aRSA,
1914      SSL_3DES,
1915      SSL_SHA1,
1916      SSL3_VERSION, TLS1_2_VERSION,
1917      DTLS1_BAD_VER, DTLS1_2_VERSION,
1918      SSL_NOT_DEFAULT | SSL_MEDIUM,
1919      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1920      112,
1921      168,
1922      },
1923     {
1924      1,
1925      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1926      TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1927      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1928      SSL_kSRP,
1929      SSL_aDSS,
1930      SSL_3DES,
1931      SSL_SHA1,
1932      SSL3_VERSION, TLS1_2_VERSION,
1933      DTLS1_BAD_VER, DTLS1_2_VERSION,
1934      SSL_NOT_DEFAULT | SSL_MEDIUM,
1935      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1936      112,
1937      168,
1938      },
1939 # endif
1940     {
1941      1,
1942      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1943      TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1944      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1945      SSL_kSRP,
1946      SSL_aSRP,
1947      SSL_AES128,
1948      SSL_SHA1,
1949      SSL3_VERSION, TLS1_2_VERSION,
1950      DTLS1_BAD_VER, DTLS1_2_VERSION,
1951      SSL_HIGH,
1952      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1953      128,
1954      128,
1955      },
1956     {
1957      1,
1958      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1959      TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1960      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1961      SSL_kSRP,
1962      SSL_aRSA,
1963      SSL_AES128,
1964      SSL_SHA1,
1965      SSL3_VERSION, TLS1_2_VERSION,
1966      DTLS1_BAD_VER, DTLS1_2_VERSION,
1967      SSL_HIGH,
1968      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1969      128,
1970      128,
1971      },
1972     {
1973      1,
1974      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1975      TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1976      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1977      SSL_kSRP,
1978      SSL_aDSS,
1979      SSL_AES128,
1980      SSL_SHA1,
1981      SSL3_VERSION, TLS1_2_VERSION,
1982      DTLS1_BAD_VER, DTLS1_2_VERSION,
1983      SSL_NOT_DEFAULT | SSL_HIGH,
1984      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1985      128,
1986      128,
1987      },
1988     {
1989      1,
1990      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1991      TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1992      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1993      SSL_kSRP,
1994      SSL_aSRP,
1995      SSL_AES256,
1996      SSL_SHA1,
1997      SSL3_VERSION, TLS1_2_VERSION,
1998      DTLS1_BAD_VER, DTLS1_2_VERSION,
1999      SSL_HIGH,
2000      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2001      256,
2002      256,
2003      },
2004     {
2005      1,
2006      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2007      TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2008      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2009      SSL_kSRP,
2010      SSL_aRSA,
2011      SSL_AES256,
2012      SSL_SHA1,
2013      SSL3_VERSION, TLS1_2_VERSION,
2014      DTLS1_BAD_VER, DTLS1_2_VERSION,
2015      SSL_HIGH,
2016      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2017      256,
2018      256,
2019      },
2020     {
2021      1,
2022      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2023      TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2024      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2025      SSL_kSRP,
2026      SSL_aDSS,
2027      SSL_AES256,
2028      SSL_SHA1,
2029      SSL3_VERSION, TLS1_2_VERSION,
2030      DTLS1_BAD_VER, DTLS1_2_VERSION,
2031      SSL_NOT_DEFAULT | SSL_HIGH,
2032      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2033      256,
2034      256,
2035      },
2036 
2037     {
2038      1,
2039      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2040      TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2041      TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2042      SSL_kDHE,
2043      SSL_aRSA,
2044      SSL_CHACHA20POLY1305,
2045      SSL_AEAD,
2046      TLS1_2_VERSION, TLS1_2_VERSION,
2047      DTLS1_2_VERSION, DTLS1_2_VERSION,
2048      SSL_HIGH,
2049      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2050      256,
2051      256,
2052      },
2053     {
2054      1,
2055      TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2056      TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057      TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2058      SSL_kECDHE,
2059      SSL_aRSA,
2060      SSL_CHACHA20POLY1305,
2061      SSL_AEAD,
2062      TLS1_2_VERSION, TLS1_2_VERSION,
2063      DTLS1_2_VERSION, DTLS1_2_VERSION,
2064      SSL_HIGH,
2065      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2066      256,
2067      256,
2068      },
2069     {
2070      1,
2071      TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2072      TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073      TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2074      SSL_kECDHE,
2075      SSL_aECDSA,
2076      SSL_CHACHA20POLY1305,
2077      SSL_AEAD,
2078      TLS1_2_VERSION, TLS1_2_VERSION,
2079      DTLS1_2_VERSION, DTLS1_2_VERSION,
2080      SSL_HIGH,
2081      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2082      256,
2083      256,
2084      },
2085     {
2086      1,
2087      TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2088      TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2089      TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2090      SSL_kPSK,
2091      SSL_aPSK,
2092      SSL_CHACHA20POLY1305,
2093      SSL_AEAD,
2094      TLS1_2_VERSION, TLS1_2_VERSION,
2095      DTLS1_2_VERSION, DTLS1_2_VERSION,
2096      SSL_HIGH,
2097      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2098      256,
2099      256,
2100      },
2101     {
2102      1,
2103      TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2104      TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105      TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2106      SSL_kECDHEPSK,
2107      SSL_aPSK,
2108      SSL_CHACHA20POLY1305,
2109      SSL_AEAD,
2110      TLS1_2_VERSION, TLS1_2_VERSION,
2111      DTLS1_2_VERSION, DTLS1_2_VERSION,
2112      SSL_HIGH,
2113      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2114      256,
2115      256,
2116      },
2117     {
2118      1,
2119      TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2120      TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2121      TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2122      SSL_kDHEPSK,
2123      SSL_aPSK,
2124      SSL_CHACHA20POLY1305,
2125      SSL_AEAD,
2126      TLS1_2_VERSION, TLS1_2_VERSION,
2127      DTLS1_2_VERSION, DTLS1_2_VERSION,
2128      SSL_HIGH,
2129      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2130      256,
2131      256,
2132      },
2133     {
2134      1,
2135      TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2136      TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2137      TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2138      SSL_kRSAPSK,
2139      SSL_aRSA,
2140      SSL_CHACHA20POLY1305,
2141      SSL_AEAD,
2142      TLS1_2_VERSION, TLS1_2_VERSION,
2143      DTLS1_2_VERSION, DTLS1_2_VERSION,
2144      SSL_HIGH,
2145      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2146      256,
2147      256,
2148      },
2149 
2150     {
2151      1,
2152      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2153      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2154      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2155      SSL_kRSA,
2156      SSL_aRSA,
2157      SSL_CAMELLIA128,
2158      SSL_SHA256,
2159      TLS1_2_VERSION, TLS1_2_VERSION,
2160      DTLS1_2_VERSION, DTLS1_2_VERSION,
2161      SSL_NOT_DEFAULT | SSL_HIGH,
2162      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2163      128,
2164      128,
2165      },
2166     {
2167      1,
2168      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2169      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2170      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2171      SSL_kDHE,
2172      SSL_aDSS,
2173      SSL_CAMELLIA128,
2174      SSL_SHA256,
2175      TLS1_2_VERSION, TLS1_2_VERSION,
2176      DTLS1_2_VERSION, DTLS1_2_VERSION,
2177      SSL_NOT_DEFAULT | SSL_HIGH,
2178      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2179      128,
2180      128,
2181      },
2182     {
2183      1,
2184      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2185      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2186      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2187      SSL_kDHE,
2188      SSL_aRSA,
2189      SSL_CAMELLIA128,
2190      SSL_SHA256,
2191      TLS1_2_VERSION, TLS1_2_VERSION,
2192      DTLS1_2_VERSION, DTLS1_2_VERSION,
2193      SSL_NOT_DEFAULT | SSL_HIGH,
2194      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2195      128,
2196      128,
2197      },
2198     {
2199      1,
2200      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2201      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2202      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2203      SSL_kDHE,
2204      SSL_aNULL,
2205      SSL_CAMELLIA128,
2206      SSL_SHA256,
2207      TLS1_2_VERSION, TLS1_2_VERSION,
2208      DTLS1_2_VERSION, DTLS1_2_VERSION,
2209      SSL_NOT_DEFAULT | SSL_HIGH,
2210      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2211      128,
2212      128,
2213      },
2214     {
2215      1,
2216      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2217      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2218      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2219      SSL_kRSA,
2220      SSL_aRSA,
2221      SSL_CAMELLIA256,
2222      SSL_SHA256,
2223      TLS1_2_VERSION, TLS1_2_VERSION,
2224      DTLS1_2_VERSION, DTLS1_2_VERSION,
2225      SSL_NOT_DEFAULT | SSL_HIGH,
2226      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2227      256,
2228      256,
2229      },
2230     {
2231      1,
2232      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2233      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2234      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2235      SSL_kDHE,
2236      SSL_aDSS,
2237      SSL_CAMELLIA256,
2238      SSL_SHA256,
2239      TLS1_2_VERSION, TLS1_2_VERSION,
2240      DTLS1_2_VERSION, DTLS1_2_VERSION,
2241      SSL_NOT_DEFAULT | SSL_HIGH,
2242      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2243      256,
2244      256,
2245      },
2246     {
2247      1,
2248      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2249      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2250      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2251      SSL_kDHE,
2252      SSL_aRSA,
2253      SSL_CAMELLIA256,
2254      SSL_SHA256,
2255      TLS1_2_VERSION, TLS1_2_VERSION,
2256      DTLS1_2_VERSION, DTLS1_2_VERSION,
2257      SSL_NOT_DEFAULT | SSL_HIGH,
2258      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2259      256,
2260      256,
2261      },
2262     {
2263      1,
2264      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2265      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2266      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2267      SSL_kDHE,
2268      SSL_aNULL,
2269      SSL_CAMELLIA256,
2270      SSL_SHA256,
2271      TLS1_2_VERSION, TLS1_2_VERSION,
2272      DTLS1_2_VERSION, DTLS1_2_VERSION,
2273      SSL_NOT_DEFAULT | SSL_HIGH,
2274      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2275      256,
2276      256,
2277      },
2278     {
2279      1,
2280      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2281      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2282      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2283      SSL_kRSA,
2284      SSL_aRSA,
2285      SSL_CAMELLIA256,
2286      SSL_SHA1,
2287      SSL3_VERSION, TLS1_2_VERSION,
2288      DTLS1_BAD_VER, DTLS1_2_VERSION,
2289      SSL_NOT_DEFAULT | SSL_HIGH,
2290      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2291      256,
2292      256,
2293      },
2294     {
2295      1,
2296      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2297      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2298      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2299      SSL_kDHE,
2300      SSL_aDSS,
2301      SSL_CAMELLIA256,
2302      SSL_SHA1,
2303      SSL3_VERSION, TLS1_2_VERSION,
2304      DTLS1_BAD_VER, DTLS1_2_VERSION,
2305      SSL_NOT_DEFAULT | SSL_HIGH,
2306      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2307      256,
2308      256,
2309      },
2310     {
2311      1,
2312      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2313      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2314      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2315      SSL_kDHE,
2316      SSL_aRSA,
2317      SSL_CAMELLIA256,
2318      SSL_SHA1,
2319      SSL3_VERSION, TLS1_2_VERSION,
2320      DTLS1_BAD_VER, DTLS1_2_VERSION,
2321      SSL_NOT_DEFAULT | SSL_HIGH,
2322      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2323      256,
2324      256,
2325      },
2326     {
2327      1,
2328      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2329      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2330      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2331      SSL_kDHE,
2332      SSL_aNULL,
2333      SSL_CAMELLIA256,
2334      SSL_SHA1,
2335      SSL3_VERSION, TLS1_2_VERSION,
2336      DTLS1_BAD_VER, DTLS1_2_VERSION,
2337      SSL_NOT_DEFAULT | SSL_HIGH,
2338      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2339      256,
2340      256,
2341      },
2342     {
2343      1,
2344      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2345      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2346      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2347      SSL_kRSA,
2348      SSL_aRSA,
2349      SSL_CAMELLIA128,
2350      SSL_SHA1,
2351      SSL3_VERSION, TLS1_2_VERSION,
2352      DTLS1_BAD_VER, DTLS1_2_VERSION,
2353      SSL_NOT_DEFAULT | SSL_HIGH,
2354      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2355      128,
2356      128,
2357      },
2358     {
2359      1,
2360      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2361      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2362      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2363      SSL_kDHE,
2364      SSL_aDSS,
2365      SSL_CAMELLIA128,
2366      SSL_SHA1,
2367      SSL3_VERSION, TLS1_2_VERSION,
2368      DTLS1_BAD_VER, DTLS1_2_VERSION,
2369      SSL_NOT_DEFAULT | SSL_HIGH,
2370      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2371      128,
2372      128,
2373      },
2374     {
2375      1,
2376      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2377      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2378      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2379      SSL_kDHE,
2380      SSL_aRSA,
2381      SSL_CAMELLIA128,
2382      SSL_SHA1,
2383      SSL3_VERSION, TLS1_2_VERSION,
2384      DTLS1_BAD_VER, DTLS1_2_VERSION,
2385      SSL_NOT_DEFAULT | SSL_HIGH,
2386      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2387      128,
2388      128,
2389      },
2390     {
2391      1,
2392      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2393      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2394      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2395      SSL_kDHE,
2396      SSL_aNULL,
2397      SSL_CAMELLIA128,
2398      SSL_SHA1,
2399      SSL3_VERSION, TLS1_2_VERSION,
2400      DTLS1_BAD_VER, DTLS1_2_VERSION,
2401      SSL_NOT_DEFAULT | SSL_HIGH,
2402      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2403      128,
2404      128,
2405      },
2406     {
2407      1,
2408      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2409      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2410      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2411      SSL_kECDHE,
2412      SSL_aECDSA,
2413      SSL_CAMELLIA128,
2414      SSL_SHA256,
2415      TLS1_2_VERSION, TLS1_2_VERSION,
2416      DTLS1_2_VERSION, DTLS1_2_VERSION,
2417      SSL_NOT_DEFAULT | SSL_HIGH,
2418      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2419      128,
2420      128,
2421      },
2422     {
2423      1,
2424      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2425      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2426      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2427      SSL_kECDHE,
2428      SSL_aECDSA,
2429      SSL_CAMELLIA256,
2430      SSL_SHA384,
2431      TLS1_2_VERSION, TLS1_2_VERSION,
2432      DTLS1_2_VERSION, DTLS1_2_VERSION,
2433      SSL_NOT_DEFAULT | SSL_HIGH,
2434      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2435      256,
2436      256,
2437      },
2438     {
2439      1,
2440      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2441      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2442      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2443      SSL_kECDHE,
2444      SSL_aRSA,
2445      SSL_CAMELLIA128,
2446      SSL_SHA256,
2447      TLS1_2_VERSION, TLS1_2_VERSION,
2448      DTLS1_2_VERSION, DTLS1_2_VERSION,
2449      SSL_NOT_DEFAULT | SSL_HIGH,
2450      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2451      128,
2452      128,
2453      },
2454     {
2455      1,
2456      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2457      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2458      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2459      SSL_kECDHE,
2460      SSL_aRSA,
2461      SSL_CAMELLIA256,
2462      SSL_SHA384,
2463      TLS1_2_VERSION, TLS1_2_VERSION,
2464      DTLS1_2_VERSION, DTLS1_2_VERSION,
2465      SSL_NOT_DEFAULT | SSL_HIGH,
2466      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2467      256,
2468      256,
2469      },
2470     {
2471      1,
2472      TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2473      TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2474      TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2475      SSL_kPSK,
2476      SSL_aPSK,
2477      SSL_CAMELLIA128,
2478      SSL_SHA256,
2479      TLS1_VERSION, TLS1_2_VERSION,
2480      DTLS1_BAD_VER, DTLS1_2_VERSION,
2481      SSL_NOT_DEFAULT | SSL_HIGH,
2482      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2483      128,
2484      128,
2485      },
2486     {
2487      1,
2488      TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2489      TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2490      TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2491      SSL_kPSK,
2492      SSL_aPSK,
2493      SSL_CAMELLIA256,
2494      SSL_SHA384,
2495      TLS1_VERSION, TLS1_2_VERSION,
2496      DTLS1_BAD_VER, DTLS1_2_VERSION,
2497      SSL_NOT_DEFAULT | SSL_HIGH,
2498      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2499      256,
2500      256,
2501      },
2502     {
2503      1,
2504      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2505      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2506      TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2507      SSL_kDHEPSK,
2508      SSL_aPSK,
2509      SSL_CAMELLIA128,
2510      SSL_SHA256,
2511      TLS1_VERSION, TLS1_2_VERSION,
2512      DTLS1_BAD_VER, DTLS1_2_VERSION,
2513      SSL_NOT_DEFAULT | SSL_HIGH,
2514      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2515      128,
2516      128,
2517      },
2518     {
2519      1,
2520      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2521      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2522      TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2523      SSL_kDHEPSK,
2524      SSL_aPSK,
2525      SSL_CAMELLIA256,
2526      SSL_SHA384,
2527      TLS1_VERSION, TLS1_2_VERSION,
2528      DTLS1_BAD_VER, DTLS1_2_VERSION,
2529      SSL_NOT_DEFAULT | SSL_HIGH,
2530      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2531      256,
2532      256,
2533      },
2534     {
2535      1,
2536      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2537      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2538      TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2539      SSL_kRSAPSK,
2540      SSL_aRSA,
2541      SSL_CAMELLIA128,
2542      SSL_SHA256,
2543      TLS1_VERSION, TLS1_2_VERSION,
2544      DTLS1_BAD_VER, DTLS1_2_VERSION,
2545      SSL_NOT_DEFAULT | SSL_HIGH,
2546      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2547      128,
2548      128,
2549      },
2550     {
2551      1,
2552      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2553      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2554      TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2555      SSL_kRSAPSK,
2556      SSL_aRSA,
2557      SSL_CAMELLIA256,
2558      SSL_SHA384,
2559      TLS1_VERSION, TLS1_2_VERSION,
2560      DTLS1_BAD_VER, DTLS1_2_VERSION,
2561      SSL_NOT_DEFAULT | SSL_HIGH,
2562      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2563      256,
2564      256,
2565      },
2566     {
2567      1,
2568      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2569      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2570      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2571      SSL_kECDHEPSK,
2572      SSL_aPSK,
2573      SSL_CAMELLIA128,
2574      SSL_SHA256,
2575      TLS1_VERSION, TLS1_2_VERSION,
2576      DTLS1_BAD_VER, DTLS1_2_VERSION,
2577      SSL_NOT_DEFAULT | SSL_HIGH,
2578      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2579      128,
2580      128,
2581      },
2582     {
2583      1,
2584      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2585      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2586      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2587      SSL_kECDHEPSK,
2588      SSL_aPSK,
2589      SSL_CAMELLIA256,
2590      SSL_SHA384,
2591      TLS1_VERSION, TLS1_2_VERSION,
2592      DTLS1_BAD_VER, DTLS1_2_VERSION,
2593      SSL_NOT_DEFAULT | SSL_HIGH,
2594      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2595      256,
2596      256,
2597      },
2598 
2599 #ifndef OPENSSL_NO_GOST
2600     {
2601      1,
2602      "GOST2001-GOST89-GOST89",
2603      "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2604      0x3000081,
2605      SSL_kGOST,
2606      SSL_aGOST01,
2607      SSL_eGOST2814789CNT,
2608      SSL_GOST89MAC,
2609      TLS1_VERSION, TLS1_2_VERSION,
2610      0, 0,
2611      SSL_HIGH,
2612      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2613      256,
2614      256,
2615      },
2616     {
2617      1,
2618      "GOST2001-NULL-GOST94",
2619      "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2620      0x3000083,
2621      SSL_kGOST,
2622      SSL_aGOST01,
2623      SSL_eNULL,
2624      SSL_GOST94,
2625      TLS1_VERSION, TLS1_2_VERSION,
2626      0, 0,
2627      SSL_STRONG_NONE,
2628      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2629      0,
2630      0,
2631      },
2632     {
2633      1,
2634      "IANA-GOST2012-GOST8912-GOST8912",
2635      NULL,
2636      0x0300c102,
2637      SSL_kGOST,
2638      SSL_aGOST12 | SSL_aGOST01,
2639      SSL_eGOST2814789CNT12,
2640      SSL_GOST89MAC12,
2641      TLS1_VERSION, TLS1_2_VERSION,
2642      0, 0,
2643      SSL_HIGH,
2644      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2645      256,
2646      256,
2647      },
2648     {
2649      1,
2650      "LEGACY-GOST2012-GOST8912-GOST8912",
2651      NULL,
2652      0x0300ff85,
2653      SSL_kGOST,
2654      SSL_aGOST12 | SSL_aGOST01,
2655      SSL_eGOST2814789CNT12,
2656      SSL_GOST89MAC12,
2657      TLS1_VERSION, TLS1_2_VERSION,
2658      0, 0,
2659      SSL_HIGH,
2660      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2661      256,
2662      256,
2663      },
2664     {
2665      1,
2666      "GOST2012-NULL-GOST12",
2667      NULL,
2668      0x0300ff87,
2669      SSL_kGOST,
2670      SSL_aGOST12 | SSL_aGOST01,
2671      SSL_eNULL,
2672      SSL_GOST12_256,
2673      TLS1_VERSION, TLS1_2_VERSION,
2674      0, 0,
2675      SSL_STRONG_NONE,
2676      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2677      0,
2678      0,
2679      },
2680     {
2681      1,
2682      "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2683      NULL,
2684      0x0300C100,
2685      SSL_kGOST18,
2686      SSL_aGOST12,
2687      SSL_KUZNYECHIK,
2688      SSL_KUZNYECHIKOMAC,
2689      TLS1_2_VERSION, TLS1_2_VERSION,
2690      0, 0,
2691      SSL_HIGH,
2692      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2693      256,
2694      256,
2695      },
2696     {
2697      1,
2698      "GOST2012-MAGMA-MAGMAOMAC",
2699      NULL,
2700      0x0300C101,
2701      SSL_kGOST18,
2702      SSL_aGOST12,
2703      SSL_MAGMA,
2704      SSL_MAGMAOMAC,
2705      TLS1_2_VERSION, TLS1_2_VERSION,
2706      0, 0,
2707      SSL_HIGH,
2708      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2709      256,
2710      256,
2711      },
2712 #endif                          /* OPENSSL_NO_GOST */
2713 
2714     {
2715      1,
2716      SSL3_TXT_RSA_IDEA_128_SHA,
2717      SSL3_RFC_RSA_IDEA_128_SHA,
2718      SSL3_CK_RSA_IDEA_128_SHA,
2719      SSL_kRSA,
2720      SSL_aRSA,
2721      SSL_IDEA,
2722      SSL_SHA1,
2723      SSL3_VERSION, TLS1_1_VERSION,
2724      DTLS1_BAD_VER, DTLS1_VERSION,
2725      SSL_NOT_DEFAULT | SSL_MEDIUM,
2726      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2727      128,
2728      128,
2729      },
2730 
2731     {
2732      1,
2733      TLS1_TXT_RSA_WITH_SEED_SHA,
2734      TLS1_RFC_RSA_WITH_SEED_SHA,
2735      TLS1_CK_RSA_WITH_SEED_SHA,
2736      SSL_kRSA,
2737      SSL_aRSA,
2738      SSL_SEED,
2739      SSL_SHA1,
2740      SSL3_VERSION, TLS1_2_VERSION,
2741      DTLS1_BAD_VER, DTLS1_2_VERSION,
2742      SSL_NOT_DEFAULT | SSL_MEDIUM,
2743      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2744      128,
2745      128,
2746      },
2747     {
2748      1,
2749      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2750      TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2751      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2752      SSL_kDHE,
2753      SSL_aDSS,
2754      SSL_SEED,
2755      SSL_SHA1,
2756      SSL3_VERSION, TLS1_2_VERSION,
2757      DTLS1_BAD_VER, DTLS1_2_VERSION,
2758      SSL_NOT_DEFAULT | SSL_MEDIUM,
2759      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2760      128,
2761      128,
2762      },
2763     {
2764      1,
2765      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2766      TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2767      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2768      SSL_kDHE,
2769      SSL_aRSA,
2770      SSL_SEED,
2771      SSL_SHA1,
2772      SSL3_VERSION, TLS1_2_VERSION,
2773      DTLS1_BAD_VER, DTLS1_2_VERSION,
2774      SSL_NOT_DEFAULT | SSL_MEDIUM,
2775      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2776      128,
2777      128,
2778      },
2779     {
2780      1,
2781      TLS1_TXT_ADH_WITH_SEED_SHA,
2782      TLS1_RFC_ADH_WITH_SEED_SHA,
2783      TLS1_CK_ADH_WITH_SEED_SHA,
2784      SSL_kDHE,
2785      SSL_aNULL,
2786      SSL_SEED,
2787      SSL_SHA1,
2788      SSL3_VERSION, TLS1_2_VERSION,
2789      DTLS1_BAD_VER, DTLS1_2_VERSION,
2790      SSL_NOT_DEFAULT | SSL_MEDIUM,
2791      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2792      128,
2793      128,
2794      },
2795 
2796 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2797     {
2798      1,
2799      SSL3_TXT_RSA_RC4_128_MD5,
2800      SSL3_RFC_RSA_RC4_128_MD5,
2801      SSL3_CK_RSA_RC4_128_MD5,
2802      SSL_kRSA,
2803      SSL_aRSA,
2804      SSL_RC4,
2805      SSL_MD5,
2806      SSL3_VERSION, TLS1_2_VERSION,
2807      0, 0,
2808      SSL_NOT_DEFAULT | SSL_MEDIUM,
2809      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2810      128,
2811      128,
2812      },
2813     {
2814      1,
2815      SSL3_TXT_RSA_RC4_128_SHA,
2816      SSL3_RFC_RSA_RC4_128_SHA,
2817      SSL3_CK_RSA_RC4_128_SHA,
2818      SSL_kRSA,
2819      SSL_aRSA,
2820      SSL_RC4,
2821      SSL_SHA1,
2822      SSL3_VERSION, TLS1_2_VERSION,
2823      0, 0,
2824      SSL_NOT_DEFAULT | SSL_MEDIUM,
2825      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2826      128,
2827      128,
2828      },
2829     {
2830      1,
2831      SSL3_TXT_ADH_RC4_128_MD5,
2832      SSL3_RFC_ADH_RC4_128_MD5,
2833      SSL3_CK_ADH_RC4_128_MD5,
2834      SSL_kDHE,
2835      SSL_aNULL,
2836      SSL_RC4,
2837      SSL_MD5,
2838      SSL3_VERSION, TLS1_2_VERSION,
2839      0, 0,
2840      SSL_NOT_DEFAULT | SSL_MEDIUM,
2841      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2842      128,
2843      128,
2844      },
2845     {
2846      1,
2847      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2848      TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2849      TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2850      SSL_kECDHEPSK,
2851      SSL_aPSK,
2852      SSL_RC4,
2853      SSL_SHA1,
2854      TLS1_VERSION, TLS1_2_VERSION,
2855      0, 0,
2856      SSL_NOT_DEFAULT | SSL_MEDIUM,
2857      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2858      128,
2859      128,
2860      },
2861     {
2862      1,
2863      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2864      TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2865      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2866      SSL_kECDHE,
2867      SSL_aNULL,
2868      SSL_RC4,
2869      SSL_SHA1,
2870      TLS1_VERSION, TLS1_2_VERSION,
2871      0, 0,
2872      SSL_NOT_DEFAULT | SSL_MEDIUM,
2873      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2874      128,
2875      128,
2876      },
2877     {
2878      1,
2879      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2880      TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2881      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2882      SSL_kECDHE,
2883      SSL_aECDSA,
2884      SSL_RC4,
2885      SSL_SHA1,
2886      TLS1_VERSION, TLS1_2_VERSION,
2887      0, 0,
2888      SSL_NOT_DEFAULT | SSL_MEDIUM,
2889      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2890      128,
2891      128,
2892      },
2893     {
2894      1,
2895      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2896      TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2897      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2898      SSL_kECDHE,
2899      SSL_aRSA,
2900      SSL_RC4,
2901      SSL_SHA1,
2902      TLS1_VERSION, TLS1_2_VERSION,
2903      0, 0,
2904      SSL_NOT_DEFAULT | SSL_MEDIUM,
2905      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2906      128,
2907      128,
2908      },
2909     {
2910      1,
2911      TLS1_TXT_PSK_WITH_RC4_128_SHA,
2912      TLS1_RFC_PSK_WITH_RC4_128_SHA,
2913      TLS1_CK_PSK_WITH_RC4_128_SHA,
2914      SSL_kPSK,
2915      SSL_aPSK,
2916      SSL_RC4,
2917      SSL_SHA1,
2918      SSL3_VERSION, TLS1_2_VERSION,
2919      0, 0,
2920      SSL_NOT_DEFAULT | SSL_MEDIUM,
2921      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2922      128,
2923      128,
2924      },
2925     {
2926      1,
2927      TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2928      TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2929      TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2930      SSL_kRSAPSK,
2931      SSL_aRSA,
2932      SSL_RC4,
2933      SSL_SHA1,
2934      SSL3_VERSION, TLS1_2_VERSION,
2935      0, 0,
2936      SSL_NOT_DEFAULT | SSL_MEDIUM,
2937      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2938      128,
2939      128,
2940      },
2941     {
2942      1,
2943      TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2944      TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2945      TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2946      SSL_kDHEPSK,
2947      SSL_aPSK,
2948      SSL_RC4,
2949      SSL_SHA1,
2950      SSL3_VERSION, TLS1_2_VERSION,
2951      0, 0,
2952      SSL_NOT_DEFAULT | SSL_MEDIUM,
2953      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2954      128,
2955      128,
2956      },
2957 #endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2958 
2959     {
2960      1,
2961      TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2962      TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2963      TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2964      SSL_kRSA,
2965      SSL_aRSA,
2966      SSL_ARIA128GCM,
2967      SSL_AEAD,
2968      TLS1_2_VERSION, TLS1_2_VERSION,
2969      DTLS1_2_VERSION, DTLS1_2_VERSION,
2970      SSL_NOT_DEFAULT | SSL_HIGH,
2971      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2972      128,
2973      128,
2974      },
2975     {
2976      1,
2977      TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2978      TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2979      TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2980      SSL_kRSA,
2981      SSL_aRSA,
2982      SSL_ARIA256GCM,
2983      SSL_AEAD,
2984      TLS1_2_VERSION, TLS1_2_VERSION,
2985      DTLS1_2_VERSION, DTLS1_2_VERSION,
2986      SSL_NOT_DEFAULT | SSL_HIGH,
2987      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2988      256,
2989      256,
2990      },
2991     {
2992      1,
2993      TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2994      TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2995      TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2996      SSL_kDHE,
2997      SSL_aRSA,
2998      SSL_ARIA128GCM,
2999      SSL_AEAD,
3000      TLS1_2_VERSION, TLS1_2_VERSION,
3001      DTLS1_2_VERSION, DTLS1_2_VERSION,
3002      SSL_NOT_DEFAULT | SSL_HIGH,
3003      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3004      128,
3005      128,
3006      },
3007     {
3008      1,
3009      TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3010      TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3011      TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3012      SSL_kDHE,
3013      SSL_aRSA,
3014      SSL_ARIA256GCM,
3015      SSL_AEAD,
3016      TLS1_2_VERSION, TLS1_2_VERSION,
3017      DTLS1_2_VERSION, DTLS1_2_VERSION,
3018      SSL_NOT_DEFAULT | SSL_HIGH,
3019      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3020      256,
3021      256,
3022      },
3023     {
3024      1,
3025      TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3026      TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3027      TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3028      SSL_kDHE,
3029      SSL_aDSS,
3030      SSL_ARIA128GCM,
3031      SSL_AEAD,
3032      TLS1_2_VERSION, TLS1_2_VERSION,
3033      DTLS1_2_VERSION, DTLS1_2_VERSION,
3034      SSL_NOT_DEFAULT | SSL_HIGH,
3035      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3036      128,
3037      128,
3038      },
3039     {
3040      1,
3041      TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3042      TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3043      TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3044      SSL_kDHE,
3045      SSL_aDSS,
3046      SSL_ARIA256GCM,
3047      SSL_AEAD,
3048      TLS1_2_VERSION, TLS1_2_VERSION,
3049      DTLS1_2_VERSION, DTLS1_2_VERSION,
3050      SSL_NOT_DEFAULT | SSL_HIGH,
3051      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3052      256,
3053      256,
3054      },
3055     {
3056      1,
3057      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3058      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3059      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3060      SSL_kECDHE,
3061      SSL_aECDSA,
3062      SSL_ARIA128GCM,
3063      SSL_AEAD,
3064      TLS1_2_VERSION, TLS1_2_VERSION,
3065      DTLS1_2_VERSION, DTLS1_2_VERSION,
3066      SSL_NOT_DEFAULT | SSL_HIGH,
3067      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3068      128,
3069      128,
3070      },
3071     {
3072      1,
3073      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3074      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3075      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3076      SSL_kECDHE,
3077      SSL_aECDSA,
3078      SSL_ARIA256GCM,
3079      SSL_AEAD,
3080      TLS1_2_VERSION, TLS1_2_VERSION,
3081      DTLS1_2_VERSION, DTLS1_2_VERSION,
3082      SSL_NOT_DEFAULT | SSL_HIGH,
3083      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3084      256,
3085      256,
3086      },
3087     {
3088      1,
3089      TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3090      TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3091      TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3092      SSL_kECDHE,
3093      SSL_aRSA,
3094      SSL_ARIA128GCM,
3095      SSL_AEAD,
3096      TLS1_2_VERSION, TLS1_2_VERSION,
3097      DTLS1_2_VERSION, DTLS1_2_VERSION,
3098      SSL_NOT_DEFAULT | SSL_HIGH,
3099      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3100      128,
3101      128,
3102      },
3103     {
3104      1,
3105      TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3106      TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3107      TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3108      SSL_kECDHE,
3109      SSL_aRSA,
3110      SSL_ARIA256GCM,
3111      SSL_AEAD,
3112      TLS1_2_VERSION, TLS1_2_VERSION,
3113      DTLS1_2_VERSION, DTLS1_2_VERSION,
3114      SSL_NOT_DEFAULT | SSL_HIGH,
3115      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3116      256,
3117      256,
3118      },
3119     {
3120      1,
3121      TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3122      TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3123      TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3124      SSL_kPSK,
3125      SSL_aPSK,
3126      SSL_ARIA128GCM,
3127      SSL_AEAD,
3128      TLS1_2_VERSION, TLS1_2_VERSION,
3129      DTLS1_2_VERSION, DTLS1_2_VERSION,
3130      SSL_NOT_DEFAULT | SSL_HIGH,
3131      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3132      128,
3133      128,
3134      },
3135     {
3136      1,
3137      TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3138      TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3139      TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3140      SSL_kPSK,
3141      SSL_aPSK,
3142      SSL_ARIA256GCM,
3143      SSL_AEAD,
3144      TLS1_2_VERSION, TLS1_2_VERSION,
3145      DTLS1_2_VERSION, DTLS1_2_VERSION,
3146      SSL_NOT_DEFAULT | SSL_HIGH,
3147      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3148      256,
3149      256,
3150      },
3151     {
3152      1,
3153      TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3154      TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3155      TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3156      SSL_kDHEPSK,
3157      SSL_aPSK,
3158      SSL_ARIA128GCM,
3159      SSL_AEAD,
3160      TLS1_2_VERSION, TLS1_2_VERSION,
3161      DTLS1_2_VERSION, DTLS1_2_VERSION,
3162      SSL_NOT_DEFAULT | SSL_HIGH,
3163      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3164      128,
3165      128,
3166      },
3167     {
3168      1,
3169      TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3170      TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3171      TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3172      SSL_kDHEPSK,
3173      SSL_aPSK,
3174      SSL_ARIA256GCM,
3175      SSL_AEAD,
3176      TLS1_2_VERSION, TLS1_2_VERSION,
3177      DTLS1_2_VERSION, DTLS1_2_VERSION,
3178      SSL_NOT_DEFAULT | SSL_HIGH,
3179      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3180      256,
3181      256,
3182      },
3183     {
3184      1,
3185      TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3186      TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3187      TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3188      SSL_kRSAPSK,
3189      SSL_aRSA,
3190      SSL_ARIA128GCM,
3191      SSL_AEAD,
3192      TLS1_2_VERSION, TLS1_2_VERSION,
3193      DTLS1_2_VERSION, DTLS1_2_VERSION,
3194      SSL_NOT_DEFAULT | SSL_HIGH,
3195      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3196      128,
3197      128,
3198      },
3199     {
3200      1,
3201      TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3202      TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3203      TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3204      SSL_kRSAPSK,
3205      SSL_aRSA,
3206      SSL_ARIA256GCM,
3207      SSL_AEAD,
3208      TLS1_2_VERSION, TLS1_2_VERSION,
3209      DTLS1_2_VERSION, DTLS1_2_VERSION,
3210      SSL_NOT_DEFAULT | SSL_HIGH,
3211      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3212      256,
3213      256,
3214      },
3215 };
3216 
3217 /*
3218  * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3219  * values stuffed into the ciphers field of the wire protocol for signalling
3220  * purposes.
3221  */
3222 static SSL_CIPHER ssl3_scsvs[] = {
3223     {
3224      0,
3225      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3226      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3227      SSL3_CK_SCSV,
3228      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3229     },
3230     {
3231      0,
3232      "TLS_FALLBACK_SCSV",
3233      "TLS_FALLBACK_SCSV",
3234      SSL3_CK_FALLBACK_SCSV,
3235      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3236     },
3237 };
3238 
cipher_compare(const void * a,const void * b)3239 static int cipher_compare(const void *a, const void *b)
3240 {
3241     const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3242     const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3243 
3244     if (ap->id == bp->id)
3245         return 0;
3246     return ap->id < bp->id ? -1 : 1;
3247 }
3248 
ssl_sort_cipher_list(void)3249 void ssl_sort_cipher_list(void)
3250 {
3251     qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3252           cipher_compare);
3253     qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3254           cipher_compare);
3255     qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3256 }
3257 
ssl_undefined_function_1(SSL * ssl,unsigned char * r,size_t s,const char * t,size_t u,const unsigned char * v,size_t w,int x)3258 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3259                                     const char * t, size_t u,
3260                                     const unsigned char * v, size_t w, int x)
3261 {
3262     (void)r;
3263     (void)s;
3264     (void)t;
3265     (void)u;
3266     (void)v;
3267     (void)w;
3268     (void)x;
3269     return ssl_undefined_function(ssl);
3270 }
3271 
3272 const SSL3_ENC_METHOD SSLv3_enc_data = {
3273     ssl3_enc,
3274     n_ssl3_mac,
3275     ssl3_setup_key_block,
3276     ssl3_generate_master_secret,
3277     ssl3_change_cipher_state,
3278     ssl3_final_finish_mac,
3279     SSL3_MD_CLIENT_FINISHED_CONST, 4,
3280     SSL3_MD_SERVER_FINISHED_CONST, 4,
3281     ssl3_alert_code,
3282     ssl_undefined_function_1,
3283     0,
3284     ssl3_set_handshake_header,
3285     tls_close_construct_packet,
3286     ssl3_handshake_write
3287 };
3288 
ssl3_default_timeout(void)3289 long ssl3_default_timeout(void)
3290 {
3291     /*
3292      * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3293      * http, the cache would over fill
3294      */
3295     return (60 * 60 * 2);
3296 }
3297 
ssl3_num_ciphers(void)3298 int ssl3_num_ciphers(void)
3299 {
3300     return SSL3_NUM_CIPHERS;
3301 }
3302 
ssl3_get_cipher(unsigned int u)3303 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3304 {
3305     if (u < SSL3_NUM_CIPHERS)
3306         return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3307     else
3308         return NULL;
3309 }
3310 
ssl3_set_handshake_header(SSL * s,WPACKET * pkt,int htype)3311 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3312 {
3313     /* No header in the event of a CCS */
3314     if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3315         return 1;
3316 
3317     /* Set the content type and 3 bytes for the message len */
3318     if (!WPACKET_put_bytes_u8(pkt, htype)
3319             || !WPACKET_start_sub_packet_u24(pkt))
3320         return 0;
3321 
3322     return 1;
3323 }
3324 
ssl3_handshake_write(SSL * s)3325 int ssl3_handshake_write(SSL *s)
3326 {
3327     return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3328 }
3329 
ssl3_new(SSL * s)3330 int ssl3_new(SSL *s)
3331 {
3332 #ifndef OPENSSL_NO_SRP
3333     if (!ssl_srp_ctx_init_intern(s))
3334         return 0;
3335 #endif
3336 
3337     if (!s->method->ssl_clear(s))
3338         return 0;
3339 
3340     return 1;
3341 }
3342 
ssl3_free(SSL * s)3343 void ssl3_free(SSL *s)
3344 {
3345     if (s == NULL)
3346         return;
3347 
3348     ssl3_cleanup_key_block(s);
3349 
3350     EVP_PKEY_free(s->s3.peer_tmp);
3351     s->s3.peer_tmp = NULL;
3352     EVP_PKEY_free(s->s3.tmp.pkey);
3353     s->s3.tmp.pkey = NULL;
3354 
3355     ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
3356     ssl_evp_md_free(s->s3.tmp.new_hash);
3357 
3358     OPENSSL_free(s->s3.tmp.ctype);
3359     sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3360     OPENSSL_free(s->s3.tmp.ciphers_raw);
3361     OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3362     OPENSSL_free(s->s3.tmp.peer_sigalgs);
3363     OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3364     ssl3_free_digest_list(s);
3365     OPENSSL_free(s->s3.alpn_selected);
3366     OPENSSL_free(s->s3.alpn_proposed);
3367 
3368 #ifndef OPENSSL_NO_PSK
3369     OPENSSL_free(s->s3.tmp.psk);
3370 #endif
3371 
3372 #ifndef OPENSSL_NO_SRP
3373     ssl_srp_ctx_free_intern(s);
3374 #endif
3375     memset(&s->s3, 0, sizeof(s->s3));
3376 }
3377 
ssl3_clear(SSL * s)3378 int ssl3_clear(SSL *s)
3379 {
3380     ssl3_cleanup_key_block(s);
3381     OPENSSL_free(s->s3.tmp.ctype);
3382     sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3383     OPENSSL_free(s->s3.tmp.ciphers_raw);
3384     OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3385     OPENSSL_free(s->s3.tmp.peer_sigalgs);
3386     OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3387 
3388     EVP_PKEY_free(s->s3.tmp.pkey);
3389     EVP_PKEY_free(s->s3.peer_tmp);
3390 
3391     ssl3_free_digest_list(s);
3392 
3393     OPENSSL_free(s->s3.alpn_selected);
3394     OPENSSL_free(s->s3.alpn_proposed);
3395 
3396     /* NULL/zero-out everything in the s3 struct */
3397     memset(&s->s3, 0, sizeof(s->s3));
3398 
3399     if (!ssl_free_wbio_buffer(s))
3400         return 0;
3401 
3402     s->version = SSL3_VERSION;
3403 
3404 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3405     OPENSSL_free(s->ext.npn);
3406     s->ext.npn = NULL;
3407     s->ext.npn_len = 0;
3408 #endif
3409 
3410     return 1;
3411 }
3412 
3413 #ifndef OPENSSL_NO_SRP
srp_password_from_info_cb(SSL * s,void * arg)3414 static char *srp_password_from_info_cb(SSL *s, void *arg)
3415 {
3416     return OPENSSL_strdup(s->srp_ctx.info);
3417 }
3418 #endif
3419 
3420 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3421 
ssl3_ctrl(SSL * s,int cmd,long larg,void * parg)3422 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3423 {
3424     int ret = 0;
3425 
3426     switch (cmd) {
3427     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3428         break;
3429     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3430         ret = s->s3.num_renegotiations;
3431         break;
3432     case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3433         ret = s->s3.num_renegotiations;
3434         s->s3.num_renegotiations = 0;
3435         break;
3436     case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3437         ret = s->s3.total_renegotiations;
3438         break;
3439     case SSL_CTRL_GET_FLAGS:
3440         ret = (int)(s->s3.flags);
3441         break;
3442 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3443     case SSL_CTRL_SET_TMP_DH:
3444         {
3445             EVP_PKEY *pkdh = NULL;
3446             if (parg == NULL) {
3447                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3448                 return 0;
3449             }
3450             pkdh = ssl_dh_to_pkey(parg);
3451             if (pkdh == NULL) {
3452                 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3453                 return 0;
3454             }
3455             if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3456                 EVP_PKEY_free(pkdh);
3457                 return 0;
3458             }
3459             return 1;
3460         }
3461         break;
3462     case SSL_CTRL_SET_TMP_DH_CB:
3463         {
3464             ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3465             return ret;
3466         }
3467 #endif
3468     case SSL_CTRL_SET_DH_AUTO:
3469         s->cert->dh_tmp_auto = larg;
3470         return 1;
3471 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3472     case SSL_CTRL_SET_TMP_ECDH:
3473         {
3474             if (parg == NULL) {
3475                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3476                 return 0;
3477             }
3478             return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
3479                                            &s->ext.supportedgroups_len,
3480                                            parg);
3481         }
3482 #endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
3483     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3484         /*
3485          * This API is only used for a client to set what SNI it will request
3486          * from the server, but we currently allow it to be used on servers
3487          * as well, which is a programming error.  Currently we just clear
3488          * the field in SSL_do_handshake() for server SSLs, but when we can
3489          * make ABI-breaking changes, we may want to make use of this API
3490          * an error on server SSLs.
3491          */
3492         if (larg == TLSEXT_NAMETYPE_host_name) {
3493             size_t len;
3494 
3495             OPENSSL_free(s->ext.hostname);
3496             s->ext.hostname = NULL;
3497 
3498             ret = 1;
3499             if (parg == NULL)
3500                 break;
3501             len = strlen((char *)parg);
3502             if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3503                 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3504                 return 0;
3505             }
3506             if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3507                 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3508                 return 0;
3509             }
3510         } else {
3511             ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3512             return 0;
3513         }
3514         break;
3515     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3516         s->ext.debug_arg = parg;
3517         ret = 1;
3518         break;
3519 
3520     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3521         ret = s->ext.status_type;
3522         break;
3523 
3524     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3525         s->ext.status_type = larg;
3526         ret = 1;
3527         break;
3528 
3529     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3530         *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3531         ret = 1;
3532         break;
3533 
3534     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3535         s->ext.ocsp.exts = parg;
3536         ret = 1;
3537         break;
3538 
3539     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3540         *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3541         ret = 1;
3542         break;
3543 
3544     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3545         s->ext.ocsp.ids = parg;
3546         ret = 1;
3547         break;
3548 
3549     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3550         *(unsigned char **)parg = s->ext.ocsp.resp;
3551         if (s->ext.ocsp.resp_len == 0
3552                 || s->ext.ocsp.resp_len > LONG_MAX)
3553             return -1;
3554         return (long)s->ext.ocsp.resp_len;
3555 
3556     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3557         OPENSSL_free(s->ext.ocsp.resp);
3558         s->ext.ocsp.resp = parg;
3559         s->ext.ocsp.resp_len = larg;
3560         ret = 1;
3561         break;
3562 
3563     case SSL_CTRL_CHAIN:
3564         if (larg)
3565             return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3566         else
3567             return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3568 
3569     case SSL_CTRL_CHAIN_CERT:
3570         if (larg)
3571             return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3572         else
3573             return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3574 
3575     case SSL_CTRL_GET_CHAIN_CERTS:
3576         *(STACK_OF(X509) **)parg = s->cert->key->chain;
3577         ret = 1;
3578         break;
3579 
3580     case SSL_CTRL_SELECT_CURRENT_CERT:
3581         return ssl_cert_select_current(s->cert, (X509 *)parg);
3582 
3583     case SSL_CTRL_SET_CURRENT_CERT:
3584         if (larg == SSL_CERT_SET_SERVER) {
3585             const SSL_CIPHER *cipher;
3586             if (!s->server)
3587                 return 0;
3588             cipher = s->s3.tmp.new_cipher;
3589             if (cipher == NULL)
3590                 return 0;
3591             /*
3592              * No certificate for unauthenticated ciphersuites or using SRP
3593              * authentication
3594              */
3595             if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3596                 return 2;
3597             if (s->s3.tmp.cert == NULL)
3598                 return 0;
3599             s->cert->key = s->s3.tmp.cert;
3600             return 1;
3601         }
3602         return ssl_cert_set_current(s->cert, larg);
3603 
3604     case SSL_CTRL_GET_GROUPS:
3605         {
3606             uint16_t *clist;
3607             size_t clistlen;
3608 
3609             if (!s->session)
3610                 return 0;
3611             clist = s->ext.peer_supportedgroups;
3612             clistlen = s->ext.peer_supportedgroups_len;
3613             if (parg) {
3614                 size_t i;
3615                 int *cptr = parg;
3616 
3617                 for (i = 0; i < clistlen; i++) {
3618                     const TLS_GROUP_INFO *cinf
3619                         = tls1_group_id_lookup(s->ctx, clist[i]);
3620 
3621                     if (cinf != NULL)
3622                         cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3623                     else
3624                         cptr[i] = TLSEXT_nid_unknown | clist[i];
3625                 }
3626             }
3627             return (int)clistlen;
3628         }
3629 
3630     case SSL_CTRL_SET_GROUPS:
3631         return tls1_set_groups(&s->ext.supportedgroups,
3632                                &s->ext.supportedgroups_len, parg, larg);
3633 
3634     case SSL_CTRL_SET_GROUPS_LIST:
3635         return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups,
3636                                     &s->ext.supportedgroups_len, parg);
3637 
3638     case SSL_CTRL_GET_SHARED_GROUP:
3639         {
3640             uint16_t id = tls1_shared_group(s, larg);
3641 
3642             if (larg != -1)
3643                 return tls1_group_id2nid(id, 1);
3644             return id;
3645         }
3646     case SSL_CTRL_GET_NEGOTIATED_GROUP:
3647         {
3648             unsigned int id;
3649 
3650             if (SSL_IS_TLS13(s) && s->s3.did_kex)
3651                 id = s->s3.group_id;
3652             else
3653                 id = s->session->kex_group;
3654             ret = tls1_group_id2nid(id, 1);
3655             break;
3656         }
3657     case SSL_CTRL_SET_SIGALGS:
3658         return tls1_set_sigalgs(s->cert, parg, larg, 0);
3659 
3660     case SSL_CTRL_SET_SIGALGS_LIST:
3661         return tls1_set_sigalgs_list(s->cert, parg, 0);
3662 
3663     case SSL_CTRL_SET_CLIENT_SIGALGS:
3664         return tls1_set_sigalgs(s->cert, parg, larg, 1);
3665 
3666     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3667         return tls1_set_sigalgs_list(s->cert, parg, 1);
3668 
3669     case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3670         {
3671             const unsigned char **pctype = parg;
3672             if (s->server || !s->s3.tmp.cert_req)
3673                 return 0;
3674             if (pctype)
3675                 *pctype = s->s3.tmp.ctype;
3676             return s->s3.tmp.ctype_len;
3677         }
3678 
3679     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3680         if (!s->server)
3681             return 0;
3682         return ssl3_set_req_cert_type(s->cert, parg, larg);
3683 
3684     case SSL_CTRL_BUILD_CERT_CHAIN:
3685         return ssl_build_cert_chain(s, NULL, larg);
3686 
3687     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3688         return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3689 
3690     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3691         return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3692 
3693     case SSL_CTRL_GET_VERIFY_CERT_STORE:
3694         return ssl_cert_get_cert_store(s->cert, parg, 0);
3695 
3696     case SSL_CTRL_GET_CHAIN_CERT_STORE:
3697         return ssl_cert_get_cert_store(s->cert, parg, 1);
3698 
3699     case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3700         if (s->s3.tmp.peer_sigalg == NULL)
3701             return 0;
3702         *(int *)parg = s->s3.tmp.peer_sigalg->hash;
3703         return 1;
3704 
3705     case SSL_CTRL_GET_SIGNATURE_NID:
3706         if (s->s3.tmp.sigalg == NULL)
3707             return 0;
3708         *(int *)parg = s->s3.tmp.sigalg->hash;
3709         return 1;
3710 
3711     case SSL_CTRL_GET_PEER_TMP_KEY:
3712         if (s->session == NULL || s->s3.peer_tmp == NULL) {
3713             return 0;
3714         } else {
3715             EVP_PKEY_up_ref(s->s3.peer_tmp);
3716             *(EVP_PKEY **)parg = s->s3.peer_tmp;
3717             return 1;
3718         }
3719 
3720     case SSL_CTRL_GET_TMP_KEY:
3721         if (s->session == NULL || s->s3.tmp.pkey == NULL) {
3722             return 0;
3723         } else {
3724             EVP_PKEY_up_ref(s->s3.tmp.pkey);
3725             *(EVP_PKEY **)parg = s->s3.tmp.pkey;
3726             return 1;
3727         }
3728 
3729     case SSL_CTRL_GET_EC_POINT_FORMATS:
3730         {
3731             const unsigned char **pformat = parg;
3732 
3733             if (s->ext.peer_ecpointformats == NULL)
3734                 return 0;
3735             *pformat = s->ext.peer_ecpointformats;
3736             return (int)s->ext.peer_ecpointformats_len;
3737         }
3738 
3739     default:
3740         break;
3741     }
3742     return ret;
3743 }
3744 
ssl3_callback_ctrl(SSL * s,int cmd,void (* fp)(void))3745 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3746 {
3747     int ret = 0;
3748 
3749     switch (cmd) {
3750 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3751     case SSL_CTRL_SET_TMP_DH_CB:
3752         s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3753         ret = 1;
3754         break;
3755 #endif
3756     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3757         s->ext.debug_cb = (void (*)(SSL *, int, int,
3758                                     const unsigned char *, int, void *))fp;
3759         ret = 1;
3760         break;
3761 
3762     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3763         s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3764         ret = 1;
3765         break;
3766     default:
3767         break;
3768     }
3769     return ret;
3770 }
3771 
ssl3_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3772 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3773 {
3774     switch (cmd) {
3775 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3776     case SSL_CTRL_SET_TMP_DH:
3777         {
3778             EVP_PKEY *pkdh = NULL;
3779             if (parg == NULL) {
3780                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3781                 return 0;
3782             }
3783             pkdh = ssl_dh_to_pkey(parg);
3784             if (pkdh == NULL) {
3785                 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3786                 return 0;
3787             }
3788             if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
3789                 EVP_PKEY_free(pkdh);
3790                 return 0;
3791             }
3792             return 1;
3793         }
3794     case SSL_CTRL_SET_TMP_DH_CB:
3795         {
3796             ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3797             return 0;
3798         }
3799 #endif
3800     case SSL_CTRL_SET_DH_AUTO:
3801         ctx->cert->dh_tmp_auto = larg;
3802         return 1;
3803 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3804     case SSL_CTRL_SET_TMP_ECDH:
3805         {
3806             if (parg == NULL) {
3807                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3808                 return 0;
3809             }
3810             return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3811                                            &ctx->ext.supportedgroups_len,
3812                                            parg);
3813         }
3814 #endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
3815     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3816         ctx->ext.servername_arg = parg;
3817         break;
3818     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3819     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3820         {
3821             unsigned char *keys = parg;
3822             long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3823                                 sizeof(ctx->ext.secure->tick_hmac_key) +
3824                                 sizeof(ctx->ext.secure->tick_aes_key));
3825             if (keys == NULL)
3826                 return tick_keylen;
3827             if (larg != tick_keylen) {
3828                 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3829                 return 0;
3830             }
3831             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3832                 memcpy(ctx->ext.tick_key_name, keys,
3833                        sizeof(ctx->ext.tick_key_name));
3834                 memcpy(ctx->ext.secure->tick_hmac_key,
3835                        keys + sizeof(ctx->ext.tick_key_name),
3836                        sizeof(ctx->ext.secure->tick_hmac_key));
3837                 memcpy(ctx->ext.secure->tick_aes_key,
3838                        keys + sizeof(ctx->ext.tick_key_name) +
3839                        sizeof(ctx->ext.secure->tick_hmac_key),
3840                        sizeof(ctx->ext.secure->tick_aes_key));
3841             } else {
3842                 memcpy(keys, ctx->ext.tick_key_name,
3843                        sizeof(ctx->ext.tick_key_name));
3844                 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3845                        ctx->ext.secure->tick_hmac_key,
3846                        sizeof(ctx->ext.secure->tick_hmac_key));
3847                 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3848                        sizeof(ctx->ext.secure->tick_hmac_key),
3849                        ctx->ext.secure->tick_aes_key,
3850                        sizeof(ctx->ext.secure->tick_aes_key));
3851             }
3852             return 1;
3853         }
3854 
3855     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3856         return ctx->ext.status_type;
3857 
3858     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3859         ctx->ext.status_type = larg;
3860         break;
3861 
3862     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3863         ctx->ext.status_arg = parg;
3864         return 1;
3865 
3866     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3867         *(void**)parg = ctx->ext.status_arg;
3868         break;
3869 
3870     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3871         *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3872         break;
3873 
3874 #ifndef OPENSSL_NO_SRP
3875     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3876         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3877         OPENSSL_free(ctx->srp_ctx.login);
3878         ctx->srp_ctx.login = NULL;
3879         if (parg == NULL)
3880             break;
3881         if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3882             ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
3883             return 0;
3884         }
3885         if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3886             ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3887             return 0;
3888         }
3889         break;
3890     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3891         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3892             srp_password_from_info_cb;
3893         if (ctx->srp_ctx.info != NULL)
3894             OPENSSL_free(ctx->srp_ctx.info);
3895         if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3896             ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3897             return 0;
3898         }
3899         break;
3900     case SSL_CTRL_SET_SRP_ARG:
3901         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3902         ctx->srp_ctx.SRP_cb_arg = parg;
3903         break;
3904 
3905     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3906         ctx->srp_ctx.strength = larg;
3907         break;
3908 #endif
3909 
3910     case SSL_CTRL_SET_GROUPS:
3911         return tls1_set_groups(&ctx->ext.supportedgroups,
3912                                &ctx->ext.supportedgroups_len,
3913                                parg, larg);
3914 
3915     case SSL_CTRL_SET_GROUPS_LIST:
3916         return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
3917                                     &ctx->ext.supportedgroups_len,
3918                                     parg);
3919 
3920     case SSL_CTRL_SET_SIGALGS:
3921         return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3922 
3923     case SSL_CTRL_SET_SIGALGS_LIST:
3924         return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3925 
3926     case SSL_CTRL_SET_CLIENT_SIGALGS:
3927         return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3928 
3929     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3930         return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3931 
3932     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3933         return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3934 
3935     case SSL_CTRL_BUILD_CERT_CHAIN:
3936         return ssl_build_cert_chain(NULL, ctx, larg);
3937 
3938     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3939         return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3940 
3941     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3942         return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3943 
3944     case SSL_CTRL_GET_VERIFY_CERT_STORE:
3945         return ssl_cert_get_cert_store(ctx->cert, parg, 0);
3946 
3947     case SSL_CTRL_GET_CHAIN_CERT_STORE:
3948         return ssl_cert_get_cert_store(ctx->cert, parg, 1);
3949 
3950         /* A Thawte special :-) */
3951     case SSL_CTRL_EXTRA_CHAIN_CERT:
3952         if (ctx->extra_certs == NULL) {
3953             if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3954                 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3955                 return 0;
3956             }
3957         }
3958         if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3959             ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3960             return 0;
3961         }
3962         break;
3963 
3964     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3965         if (ctx->extra_certs == NULL && larg == 0)
3966             *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3967         else
3968             *(STACK_OF(X509) **)parg = ctx->extra_certs;
3969         break;
3970 
3971     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3972         sk_X509_pop_free(ctx->extra_certs, X509_free);
3973         ctx->extra_certs = NULL;
3974         break;
3975 
3976     case SSL_CTRL_CHAIN:
3977         if (larg)
3978             return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3979         else
3980             return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3981 
3982     case SSL_CTRL_CHAIN_CERT:
3983         if (larg)
3984             return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3985         else
3986             return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3987 
3988     case SSL_CTRL_GET_CHAIN_CERTS:
3989         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3990         break;
3991 
3992     case SSL_CTRL_SELECT_CURRENT_CERT:
3993         return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3994 
3995     case SSL_CTRL_SET_CURRENT_CERT:
3996         return ssl_cert_set_current(ctx->cert, larg);
3997 
3998     default:
3999         return 0;
4000     }
4001     return 1;
4002 }
4003 
ssl3_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))4004 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4005 {
4006     switch (cmd) {
4007 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4008     case SSL_CTRL_SET_TMP_DH_CB:
4009         {
4010             ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4011         }
4012         break;
4013 #endif
4014     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4015         ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4016         break;
4017 
4018     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4019         ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4020         break;
4021 
4022 # ifndef OPENSSL_NO_DEPRECATED_3_0
4023     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4024         ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4025                                              unsigned char *,
4026                                              EVP_CIPHER_CTX *,
4027                                              HMAC_CTX *, int))fp;
4028         break;
4029 #endif
4030 
4031 #ifndef OPENSSL_NO_SRP
4032     case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4033         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4034         ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4035         break;
4036     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4037         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4038         ctx->srp_ctx.TLS_ext_srp_username_callback =
4039             (int (*)(SSL *, int *, void *))fp;
4040         break;
4041     case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4042         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4043         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4044             (char *(*)(SSL *, void *))fp;
4045         break;
4046 #endif
4047     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4048         {
4049             ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4050         }
4051         break;
4052     default:
4053         return 0;
4054     }
4055     return 1;
4056 }
4057 
SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX * ctx,int (* fp)(SSL *,unsigned char *,unsigned char *,EVP_CIPHER_CTX *,EVP_MAC_CTX *,int))4058 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4059     (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4060                              EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4061 {
4062     ctx->ext.ticket_key_evp_cb = fp;
4063     return 1;
4064 }
4065 
ssl3_get_cipher_by_id(uint32_t id)4066 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4067 {
4068     SSL_CIPHER c;
4069     const SSL_CIPHER *cp;
4070 
4071     c.id = id;
4072     cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4073     if (cp != NULL)
4074         return cp;
4075     cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4076     if (cp != NULL)
4077         return cp;
4078     return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4079 }
4080 
ssl3_get_cipher_by_std_name(const char * stdname)4081 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4082 {
4083     SSL_CIPHER *tbl;
4084     SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4085     size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4086                               SSL3_NUM_SCSVS};
4087 
4088     /* this is not efficient, necessary to optimize this? */
4089     for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4090         for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4091             if (tbl->stdname == NULL)
4092                 continue;
4093             if (strcmp(stdname, tbl->stdname) == 0) {
4094                 return tbl;
4095             }
4096         }
4097     }
4098     return NULL;
4099 }
4100 
4101 /*
4102  * This function needs to check if the ciphers required are actually
4103  * available
4104  */
ssl3_get_cipher_by_char(const unsigned char * p)4105 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4106 {
4107     return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4108                                  | ((uint32_t)p[0] << 8L)
4109                                  | (uint32_t)p[1]);
4110 }
4111 
ssl3_put_cipher_by_char(const SSL_CIPHER * c,WPACKET * pkt,size_t * len)4112 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4113 {
4114     if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4115         *len = 0;
4116         return 1;
4117     }
4118 
4119     if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4120         return 0;
4121 
4122     *len = 2;
4123     return 1;
4124 }
4125 
4126 /*
4127  * ssl3_choose_cipher - choose a cipher from those offered by the client
4128  * @s: SSL connection
4129  * @clnt: ciphers offered by the client
4130  * @srvr: ciphers enabled on the server?
4131  *
4132  * Returns the selected cipher or NULL when no common ciphers.
4133  */
ssl3_choose_cipher(SSL * s,STACK_OF (SSL_CIPHER)* clnt,STACK_OF (SSL_CIPHER)* srvr)4134 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4135                                      STACK_OF(SSL_CIPHER) *srvr)
4136 {
4137     const SSL_CIPHER *c, *ret = NULL;
4138     STACK_OF(SSL_CIPHER) *prio, *allow;
4139     int i, ii, ok, prefer_sha256 = 0;
4140     unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4141     STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4142 
4143     /* Let's see which ciphers we can support */
4144 
4145     /*
4146      * Do not set the compare functions, because this may lead to a
4147      * reordering by "id". We want to keep the original ordering. We may pay
4148      * a price in performance during sk_SSL_CIPHER_find(), but would have to
4149      * pay with the price of sk_SSL_CIPHER_dup().
4150      */
4151 
4152     OSSL_TRACE_BEGIN(TLS_CIPHER) {
4153         BIO_printf(trc_out, "Server has %d from %p:\n",
4154                    sk_SSL_CIPHER_num(srvr), (void *)srvr);
4155         for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4156             c = sk_SSL_CIPHER_value(srvr, i);
4157             BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4158         }
4159         BIO_printf(trc_out, "Client sent %d from %p:\n",
4160                    sk_SSL_CIPHER_num(clnt), (void *)clnt);
4161         for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4162             c = sk_SSL_CIPHER_value(clnt, i);
4163             BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4164         }
4165     } OSSL_TRACE_END(TLS_CIPHER);
4166 
4167     /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4168     if (tls1_suiteb(s)) {
4169         prio = srvr;
4170         allow = clnt;
4171     } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4172         prio = srvr;
4173         allow = clnt;
4174 
4175         /* If ChaCha20 is at the top of the client preference list,
4176            and there are ChaCha20 ciphers in the server list, then
4177            temporarily prioritize all ChaCha20 ciphers in the servers list. */
4178         if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4179             c = sk_SSL_CIPHER_value(clnt, 0);
4180             if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4181                 /* ChaCha20 is client preferred, check server... */
4182                 int num = sk_SSL_CIPHER_num(srvr);
4183                 int found = 0;
4184                 for (i = 0; i < num; i++) {
4185                     c = sk_SSL_CIPHER_value(srvr, i);
4186                     if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4187                         found = 1;
4188                         break;
4189                     }
4190                 }
4191                 if (found) {
4192                     prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4193                     /* if reserve fails, then there's likely a memory issue */
4194                     if (prio_chacha != NULL) {
4195                         /* Put all ChaCha20 at the top, starting with the one we just found */
4196                         sk_SSL_CIPHER_push(prio_chacha, c);
4197                         for (i++; i < num; i++) {
4198                             c = sk_SSL_CIPHER_value(srvr, i);
4199                             if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4200                                 sk_SSL_CIPHER_push(prio_chacha, c);
4201                         }
4202                         /* Pull in the rest */
4203                         for (i = 0; i < num; i++) {
4204                             c = sk_SSL_CIPHER_value(srvr, i);
4205                             if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4206                                 sk_SSL_CIPHER_push(prio_chacha, c);
4207                         }
4208                         prio = prio_chacha;
4209                     }
4210                 }
4211             }
4212         }
4213     } else {
4214         prio = clnt;
4215         allow = srvr;
4216     }
4217 
4218     if (SSL_IS_TLS13(s)) {
4219 #ifndef OPENSSL_NO_PSK
4220         int j;
4221 
4222         /*
4223          * If we allow "old" style PSK callbacks, and we have no certificate (so
4224          * we're not going to succeed without a PSK anyway), and we're in
4225          * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4226          * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4227          * that.
4228          */
4229         if (s->psk_server_callback != NULL) {
4230             for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4231             if (j == SSL_PKEY_NUM) {
4232                 /* There are no certificates */
4233                 prefer_sha256 = 1;
4234             }
4235         }
4236 #endif
4237     } else {
4238         tls1_set_cert_validity(s);
4239         ssl_set_masks(s);
4240     }
4241 
4242     for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4243         c = sk_SSL_CIPHER_value(prio, i);
4244 
4245         /* Skip ciphers not supported by the protocol version */
4246         if (!SSL_IS_DTLS(s) &&
4247             ((s->version < c->min_tls) || (s->version > c->max_tls)))
4248             continue;
4249         if (SSL_IS_DTLS(s) &&
4250             (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4251              DTLS_VERSION_GT(s->version, c->max_dtls)))
4252             continue;
4253 
4254         /*
4255          * Since TLS 1.3 ciphersuites can be used with any auth or
4256          * key exchange scheme skip tests.
4257          */
4258         if (!SSL_IS_TLS13(s)) {
4259             mask_k = s->s3.tmp.mask_k;
4260             mask_a = s->s3.tmp.mask_a;
4261 #ifndef OPENSSL_NO_SRP
4262             if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4263                 mask_k |= SSL_kSRP;
4264                 mask_a |= SSL_aSRP;
4265             }
4266 #endif
4267 
4268             alg_k = c->algorithm_mkey;
4269             alg_a = c->algorithm_auth;
4270 
4271 #ifndef OPENSSL_NO_PSK
4272             /* with PSK there must be server callback set */
4273             if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4274                 continue;
4275 #endif                          /* OPENSSL_NO_PSK */
4276 
4277             ok = (alg_k & mask_k) && (alg_a & mask_a);
4278             OSSL_TRACE7(TLS_CIPHER,
4279                         "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4280                         ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4281 
4282             /*
4283              * if we are considering an ECC cipher suite that uses an ephemeral
4284              * EC key check it
4285              */
4286             if (alg_k & SSL_kECDHE)
4287                 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4288 
4289             if (!ok)
4290                 continue;
4291         }
4292         ii = sk_SSL_CIPHER_find(allow, c);
4293         if (ii >= 0) {
4294             /* Check security callback permits this cipher */
4295             if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4296                               c->strength_bits, 0, (void *)c))
4297                 continue;
4298 
4299             if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4300                 && s->s3.is_probably_safari) {
4301                 if (!ret)
4302                     ret = sk_SSL_CIPHER_value(allow, ii);
4303                 continue;
4304             }
4305 
4306             if (prefer_sha256) {
4307                 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4308                 const EVP_MD *md = ssl_md(s->ctx, tmp->algorithm2);
4309 
4310                 if (md != NULL
4311                         && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4312                     ret = tmp;
4313                     break;
4314                 }
4315                 if (ret == NULL)
4316                     ret = tmp;
4317                 continue;
4318             }
4319             ret = sk_SSL_CIPHER_value(allow, ii);
4320             break;
4321         }
4322     }
4323 
4324     sk_SSL_CIPHER_free(prio_chacha);
4325 
4326     return ret;
4327 }
4328 
ssl3_get_req_cert_type(SSL * s,WPACKET * pkt)4329 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4330 {
4331     uint32_t alg_k, alg_a = 0;
4332 
4333     /* If we have custom certificate types set, use them */
4334     if (s->cert->ctype)
4335         return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4336     /* Get mask of algorithms disabled by signature list */
4337     ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4338 
4339     alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4340 
4341 #ifndef OPENSSL_NO_GOST
4342     if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4343         if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4344             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4345             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4346             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4347             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4348             return 0;
4349 
4350     if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4351         if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4352             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4353             return 0;
4354 #endif
4355 
4356     if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4357         if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4358             return 0;
4359         if (!(alg_a & SSL_aDSS)
4360                 && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4361             return 0;
4362     }
4363     if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4364         return 0;
4365     if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4366         return 0;
4367 
4368     /*
4369      * ECDSA certs can be used with RSA cipher suites too so we don't
4370      * need to check for SSL_kECDH or SSL_kECDHE
4371      */
4372     if (s->version >= TLS1_VERSION
4373             && !(alg_a & SSL_aECDSA)
4374             && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4375         return 0;
4376 
4377     return 1;
4378 }
4379 
ssl3_set_req_cert_type(CERT * c,const unsigned char * p,size_t len)4380 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4381 {
4382     OPENSSL_free(c->ctype);
4383     c->ctype = NULL;
4384     c->ctype_len = 0;
4385     if (p == NULL || len == 0)
4386         return 1;
4387     if (len > 0xff)
4388         return 0;
4389     c->ctype = OPENSSL_memdup(p, len);
4390     if (c->ctype == NULL)
4391         return 0;
4392     c->ctype_len = len;
4393     return 1;
4394 }
4395 
ssl3_shutdown(SSL * s)4396 int ssl3_shutdown(SSL *s)
4397 {
4398     int ret;
4399 
4400     /*
4401      * Don't do anything much if we have not done the handshake or we don't
4402      * want to send messages :-)
4403      */
4404     if (s->quiet_shutdown || SSL_in_before(s)) {
4405         s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4406         return 1;
4407     }
4408 
4409     if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4410         s->shutdown |= SSL_SENT_SHUTDOWN;
4411         ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4412         /*
4413          * our shutdown alert has been sent now, and if it still needs to be
4414          * written, s->s3.alert_dispatch will be true
4415          */
4416         if (s->s3.alert_dispatch)
4417             return -1;        /* return WANT_WRITE */
4418     } else if (s->s3.alert_dispatch) {
4419         /* resend it if not sent */
4420         ret = s->method->ssl_dispatch_alert(s);
4421         if (ret == -1) {
4422             /*
4423              * we only get to return -1 here the 2nd/Nth invocation, we must
4424              * have already signalled return 0 upon a previous invocation,
4425              * return WANT_WRITE
4426              */
4427             return ret;
4428         }
4429     } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4430         size_t readbytes;
4431         /*
4432          * If we are waiting for a close from our peer, we are closed
4433          */
4434         s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4435         if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4436             return -1;        /* return WANT_READ */
4437         }
4438     }
4439 
4440     if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4441         !s->s3.alert_dispatch)
4442         return 1;
4443     else
4444         return 0;
4445 }
4446 
ssl3_write(SSL * s,const void * buf,size_t len,size_t * written)4447 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4448 {
4449     clear_sys_error();
4450     if (s->s3.renegotiate)
4451         ssl3_renegotiate_check(s, 0);
4452 
4453     return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4454                                       written);
4455 }
4456 
ssl3_read_internal(SSL * s,void * buf,size_t len,int peek,size_t * readbytes)4457 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4458                               size_t *readbytes)
4459 {
4460     int ret;
4461 
4462     clear_sys_error();
4463     if (s->s3.renegotiate)
4464         ssl3_renegotiate_check(s, 0);
4465     s->s3.in_read_app_data = 1;
4466     ret =
4467         s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4468                                   peek, readbytes);
4469     if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
4470         /*
4471          * ssl3_read_bytes decided to call s->handshake_func, which called
4472          * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4473          * actually found application data and thinks that application data
4474          * makes sense here; so disable handshake processing and try to read
4475          * application data again.
4476          */
4477         ossl_statem_set_in_handshake(s, 1);
4478         ret =
4479             s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4480                                       len, peek, readbytes);
4481         ossl_statem_set_in_handshake(s, 0);
4482     } else
4483         s->s3.in_read_app_data = 0;
4484 
4485     return ret;
4486 }
4487 
ssl3_read(SSL * s,void * buf,size_t len,size_t * readbytes)4488 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4489 {
4490     return ssl3_read_internal(s, buf, len, 0, readbytes);
4491 }
4492 
ssl3_peek(SSL * s,void * buf,size_t len,size_t * readbytes)4493 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4494 {
4495     return ssl3_read_internal(s, buf, len, 1, readbytes);
4496 }
4497 
ssl3_renegotiate(SSL * s)4498 int ssl3_renegotiate(SSL *s)
4499 {
4500     if (s->handshake_func == NULL)
4501         return 1;
4502 
4503     s->s3.renegotiate = 1;
4504     return 1;
4505 }
4506 
4507 /*
4508  * Check if we are waiting to do a renegotiation and if so whether now is a
4509  * good time to do it. If |initok| is true then we are being called from inside
4510  * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4511  * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4512  * should do a renegotiation now and sets up the state machine for it. Otherwise
4513  * returns 0.
4514  */
ssl3_renegotiate_check(SSL * s,int initok)4515 int ssl3_renegotiate_check(SSL *s, int initok)
4516 {
4517     int ret = 0;
4518 
4519     if (s->s3.renegotiate) {
4520         if (!RECORD_LAYER_read_pending(&s->rlayer)
4521             && !RECORD_LAYER_write_pending(&s->rlayer)
4522             && (initok || !SSL_in_init(s))) {
4523             /*
4524              * if we are the server, and we have sent a 'RENEGOTIATE'
4525              * message, we need to set the state machine into the renegotiate
4526              * state.
4527              */
4528             ossl_statem_set_renegotiate(s);
4529             s->s3.renegotiate = 0;
4530             s->s3.num_renegotiations++;
4531             s->s3.total_renegotiations++;
4532             ret = 1;
4533         }
4534     }
4535     return ret;
4536 }
4537 
4538 /*
4539  * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4540  * handshake macs if required.
4541  *
4542  * If PSK and using SHA384 for TLS < 1.2 switch to default.
4543  */
ssl_get_algorithm2(SSL * s)4544 long ssl_get_algorithm2(SSL *s)
4545 {
4546     long alg2;
4547     if (s->s3.tmp.new_cipher == NULL)
4548         return -1;
4549     alg2 = s->s3.tmp.new_cipher->algorithm2;
4550     if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4551         if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4552             return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4553     } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4554         if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4555             return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4556     }
4557     return alg2;
4558 }
4559 
4560 /*
4561  * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4562  * failure, 1 on success.
4563  */
ssl_fill_hello_random(SSL * s,int server,unsigned char * result,size_t len,DOWNGRADE dgrd)4564 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4565                           DOWNGRADE dgrd)
4566 {
4567     int send_time = 0, ret;
4568 
4569     if (len < 4)
4570         return 0;
4571     if (server)
4572         send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4573     else
4574         send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4575     if (send_time) {
4576         unsigned long Time = (unsigned long)time(NULL);
4577         unsigned char *p = result;
4578 
4579         l2n(Time, p);
4580         ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4, 0);
4581     } else {
4582         ret = RAND_bytes_ex(s->ctx->libctx, result, len, 0);
4583     }
4584 
4585     if (ret > 0) {
4586         if (!ossl_assert(sizeof(tls11downgrade) < len)
4587                 || !ossl_assert(sizeof(tls12downgrade) < len))
4588              return 0;
4589         if (dgrd == DOWNGRADE_TO_1_2)
4590             memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4591                    sizeof(tls12downgrade));
4592         else if (dgrd == DOWNGRADE_TO_1_1)
4593             memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4594                    sizeof(tls11downgrade));
4595     }
4596 
4597     return ret;
4598 }
4599 
ssl_generate_master_secret(SSL * s,unsigned char * pms,size_t pmslen,int free_pms)4600 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4601                                int free_pms)
4602 {
4603     unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4604     int ret = 0;
4605 
4606     if (alg_k & SSL_PSK) {
4607 #ifndef OPENSSL_NO_PSK
4608         unsigned char *pskpms, *t;
4609         size_t psklen = s->s3.tmp.psklen;
4610         size_t pskpmslen;
4611 
4612         /* create PSK premaster_secret */
4613 
4614         /* For plain PSK "other_secret" is psklen zeroes */
4615         if (alg_k & SSL_kPSK)
4616             pmslen = psklen;
4617 
4618         pskpmslen = 4 + pmslen + psklen;
4619         pskpms = OPENSSL_malloc(pskpmslen);
4620         if (pskpms == NULL)
4621             goto err;
4622         t = pskpms;
4623         s2n(pmslen, t);
4624         if (alg_k & SSL_kPSK)
4625             memset(t, 0, pmslen);
4626         else
4627             memcpy(t, pms, pmslen);
4628         t += pmslen;
4629         s2n(psklen, t);
4630         memcpy(t, s->s3.tmp.psk, psklen);
4631 
4632         OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4633         s->s3.tmp.psk = NULL;
4634         s->s3.tmp.psklen = 0;
4635         if (!s->method->ssl3_enc->generate_master_secret(s,
4636                     s->session->master_key, pskpms, pskpmslen,
4637                     &s->session->master_key_length)) {
4638             OPENSSL_clear_free(pskpms, pskpmslen);
4639             /* SSLfatal() already called */
4640             goto err;
4641         }
4642         OPENSSL_clear_free(pskpms, pskpmslen);
4643 #else
4644         /* Should never happen */
4645         goto err;
4646 #endif
4647     } else {
4648         if (!s->method->ssl3_enc->generate_master_secret(s,
4649                 s->session->master_key, pms, pmslen,
4650                 &s->session->master_key_length)) {
4651             /* SSLfatal() already called */
4652             goto err;
4653         }
4654     }
4655 
4656     ret = 1;
4657  err:
4658     if (pms) {
4659         if (free_pms)
4660             OPENSSL_clear_free(pms, pmslen);
4661         else
4662             OPENSSL_cleanse(pms, pmslen);
4663     }
4664     if (s->server == 0) {
4665         s->s3.tmp.pms = NULL;
4666         s->s3.tmp.pmslen = 0;
4667     }
4668     return ret;
4669 }
4670 
4671 /* Generate a private key from parameters */
ssl_generate_pkey(SSL * s,EVP_PKEY * pm)4672 EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
4673 {
4674     EVP_PKEY_CTX *pctx = NULL;
4675     EVP_PKEY *pkey = NULL;
4676 
4677     if (pm == NULL)
4678         return NULL;
4679     pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq);
4680     if (pctx == NULL)
4681         goto err;
4682     if (EVP_PKEY_keygen_init(pctx) <= 0)
4683         goto err;
4684     if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4685         EVP_PKEY_free(pkey);
4686         pkey = NULL;
4687     }
4688 
4689     err:
4690     EVP_PKEY_CTX_free(pctx);
4691     return pkey;
4692 }
4693 
4694 /* Generate a private key from a group ID */
ssl_generate_pkey_group(SSL * s,uint16_t id)4695 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4696 {
4697     const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4698     EVP_PKEY_CTX *pctx = NULL;
4699     EVP_PKEY *pkey = NULL;
4700 
4701     if (ginf == NULL) {
4702         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4703         goto err;
4704     }
4705 
4706     pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4707                                       s->ctx->propq);
4708 
4709     if (pctx == NULL) {
4710         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4711         goto err;
4712     }
4713     if (EVP_PKEY_keygen_init(pctx) <= 0) {
4714         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4715         goto err;
4716     }
4717     if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4718         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4719         goto err;
4720     }
4721     if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4722         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4723         EVP_PKEY_free(pkey);
4724         pkey = NULL;
4725     }
4726 
4727  err:
4728     EVP_PKEY_CTX_free(pctx);
4729     return pkey;
4730 }
4731 
4732 /*
4733  * Generate parameters from a group ID
4734  */
ssl_generate_param_group(SSL * s,uint16_t id)4735 EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
4736 {
4737     EVP_PKEY_CTX *pctx = NULL;
4738     EVP_PKEY *pkey = NULL;
4739     const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4740 
4741     if (ginf == NULL)
4742         goto err;
4743 
4744     pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4745                                       s->ctx->propq);
4746 
4747     if (pctx == NULL)
4748         goto err;
4749     if (EVP_PKEY_paramgen_init(pctx) <= 0)
4750         goto err;
4751     if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4752         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4753         goto err;
4754     }
4755     if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4756         EVP_PKEY_free(pkey);
4757         pkey = NULL;
4758     }
4759 
4760  err:
4761     EVP_PKEY_CTX_free(pctx);
4762     return pkey;
4763 }
4764 
4765 /* Generate secrets from pms */
ssl_gensecret(SSL * s,unsigned char * pms,size_t pmslen)4766 int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen)
4767 {
4768     int rv = 0;
4769 
4770     /* SSLfatal() called as appropriate in the below functions */
4771     if (SSL_IS_TLS13(s)) {
4772         /*
4773          * If we are resuming then we already generated the early secret
4774          * when we created the ClientHello, so don't recreate it.
4775          */
4776         if (!s->hit)
4777             rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4778                     0,
4779                     (unsigned char *)&s->early_secret);
4780         else
4781             rv = 1;
4782 
4783         rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4784     } else {
4785         rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4786     }
4787 
4788     return rv;
4789 }
4790 
4791 /* Derive secrets for ECDH/DH */
ssl_derive(SSL * s,EVP_PKEY * privkey,EVP_PKEY * pubkey,int gensecret)4792 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4793 {
4794     int rv = 0;
4795     unsigned char *pms = NULL;
4796     size_t pmslen = 0;
4797     EVP_PKEY_CTX *pctx;
4798 
4799     if (privkey == NULL || pubkey == NULL) {
4800         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4801         return 0;
4802     }
4803 
4804     pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4805 
4806     if (EVP_PKEY_derive_init(pctx) <= 0
4807         || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4808         || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4809         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4810         goto err;
4811     }
4812 
4813     if (SSL_IS_TLS13(s) &&  EVP_PKEY_is_a(privkey, "DH"))
4814         EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4815 
4816     pms = OPENSSL_malloc(pmslen);
4817     if (pms == NULL) {
4818         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4819         goto err;
4820     }
4821 
4822     if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4823         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4824         goto err;
4825     }
4826 
4827     if (gensecret) {
4828         /* SSLfatal() called as appropriate in the below functions */
4829         rv = ssl_gensecret(s, pms, pmslen);
4830     } else {
4831         /* Save premaster secret */
4832         s->s3.tmp.pms = pms;
4833         s->s3.tmp.pmslen = pmslen;
4834         pms = NULL;
4835         rv = 1;
4836     }
4837 
4838  err:
4839     OPENSSL_clear_free(pms, pmslen);
4840     EVP_PKEY_CTX_free(pctx);
4841     return rv;
4842 }
4843 
4844 /* Decapsulate secrets for KEM */
ssl_decapsulate(SSL * s,EVP_PKEY * privkey,const unsigned char * ct,size_t ctlen,int gensecret)4845 int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
4846                     const unsigned char *ct, size_t ctlen,
4847                     int gensecret)
4848 {
4849     int rv = 0;
4850     unsigned char *pms = NULL;
4851     size_t pmslen = 0;
4852     EVP_PKEY_CTX *pctx;
4853 
4854     if (privkey == NULL) {
4855         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4856         return 0;
4857     }
4858 
4859     pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4860 
4861     if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
4862             || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
4863         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4864         goto err;
4865     }
4866 
4867     pms = OPENSSL_malloc(pmslen);
4868     if (pms == NULL) {
4869         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4870         goto err;
4871     }
4872 
4873     if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
4874         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4875         goto err;
4876     }
4877 
4878     if (gensecret) {
4879         /* SSLfatal() called as appropriate in the below functions */
4880         rv = ssl_gensecret(s, pms, pmslen);
4881     } else {
4882         /* Save premaster secret */
4883         s->s3.tmp.pms = pms;
4884         s->s3.tmp.pmslen = pmslen;
4885         pms = NULL;
4886         rv = 1;
4887     }
4888 
4889  err:
4890     OPENSSL_clear_free(pms, pmslen);
4891     EVP_PKEY_CTX_free(pctx);
4892     return rv;
4893 }
4894 
ssl_encapsulate(SSL * s,EVP_PKEY * pubkey,unsigned char ** ctp,size_t * ctlenp,int gensecret)4895 int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
4896                     unsigned char **ctp, size_t *ctlenp,
4897                     int gensecret)
4898 {
4899     int rv = 0;
4900     unsigned char *pms = NULL, *ct = NULL;
4901     size_t pmslen = 0, ctlen = 0;
4902     EVP_PKEY_CTX *pctx;
4903 
4904     if (pubkey == NULL) {
4905         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4906         return 0;
4907     }
4908 
4909     pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq);
4910 
4911     if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
4912             || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
4913             || pmslen == 0 || ctlen == 0) {
4914         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4915         goto err;
4916     }
4917 
4918     pms = OPENSSL_malloc(pmslen);
4919     ct = OPENSSL_malloc(ctlen);
4920     if (pms == NULL || ct == NULL) {
4921         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4922         goto err;
4923     }
4924 
4925     if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
4926         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4927         goto err;
4928     }
4929 
4930     if (gensecret) {
4931         /* SSLfatal() called as appropriate in the below functions */
4932         rv = ssl_gensecret(s, pms, pmslen);
4933     } else {
4934         /* Save premaster secret */
4935         s->s3.tmp.pms = pms;
4936         s->s3.tmp.pmslen = pmslen;
4937         pms = NULL;
4938         rv = 1;
4939     }
4940 
4941     if (rv > 0) {
4942         /* Pass ownership of ct to caller */
4943         *ctp = ct;
4944         *ctlenp = ctlen;
4945         ct = NULL;
4946     }
4947 
4948  err:
4949     OPENSSL_clear_free(pms, pmslen);
4950     OPENSSL_free(ct);
4951     EVP_PKEY_CTX_free(pctx);
4952     return rv;
4953 }
4954 
SSL_group_to_name(SSL * s,int nid)4955 const char *SSL_group_to_name(SSL *s, int nid) {
4956     int group_id = 0;
4957     const TLS_GROUP_INFO *cinf = NULL;
4958 
4959     /* first convert to real group id for internal and external IDs */
4960     if (nid & TLSEXT_nid_unknown)
4961         group_id = nid & 0xFFFF;
4962     else
4963         group_id = tls1_nid2group_id(nid);
4964 
4965     /* then look up */
4966     cinf = tls1_group_id_lookup(s->ctx, group_id);
4967 
4968     if (cinf != NULL)
4969         return cinf->tlsname;
4970     return NULL;
4971 }
4972