1 /*
2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include <stdio.h>
13 #include <openssl/objects.h>
14 #include "internal/nelem.h"
15 #include "ssl_local.h"
16 #include <openssl/md5.h>
17 #include <openssl/dh.h>
18 #include <openssl/rand.h>
19 #include <openssl/trace.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include "internal/cryptlib.h"
23
24 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
25 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
26 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
27
28 /* TLSv1.3 downgrade protection sentinel values */
29 const unsigned char tls11downgrade[] = {
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
31 };
32 const unsigned char tls12downgrade[] = {
33 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
34 };
35
36 /* The list of available TLSv1.3 ciphers */
37 static SSL_CIPHER tls13_ciphers[] = {
38 {
39 1,
40 TLS1_3_RFC_AES_128_GCM_SHA256,
41 TLS1_3_RFC_AES_128_GCM_SHA256,
42 TLS1_3_CK_AES_128_GCM_SHA256,
43 SSL_kANY,
44 SSL_aANY,
45 SSL_AES128GCM,
46 SSL_AEAD,
47 TLS1_3_VERSION, TLS1_3_VERSION,
48 0, 0,
49 SSL_HIGH,
50 SSL_HANDSHAKE_MAC_SHA256,
51 128,
52 128,
53 }, {
54 1,
55 TLS1_3_RFC_AES_256_GCM_SHA384,
56 TLS1_3_RFC_AES_256_GCM_SHA384,
57 TLS1_3_CK_AES_256_GCM_SHA384,
58 SSL_kANY,
59 SSL_aANY,
60 SSL_AES256GCM,
61 SSL_AEAD,
62 TLS1_3_VERSION, TLS1_3_VERSION,
63 0, 0,
64 SSL_HIGH,
65 SSL_HANDSHAKE_MAC_SHA384,
66 256,
67 256,
68 },
69 {
70 1,
71 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
72 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
73 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
74 SSL_kANY,
75 SSL_aANY,
76 SSL_CHACHA20POLY1305,
77 SSL_AEAD,
78 TLS1_3_VERSION, TLS1_3_VERSION,
79 0, 0,
80 SSL_HIGH,
81 SSL_HANDSHAKE_MAC_SHA256,
82 256,
83 256,
84 },
85 {
86 1,
87 TLS1_3_RFC_AES_128_CCM_SHA256,
88 TLS1_3_RFC_AES_128_CCM_SHA256,
89 TLS1_3_CK_AES_128_CCM_SHA256,
90 SSL_kANY,
91 SSL_aANY,
92 SSL_AES128CCM,
93 SSL_AEAD,
94 TLS1_3_VERSION, TLS1_3_VERSION,
95 0, 0,
96 SSL_NOT_DEFAULT | SSL_HIGH,
97 SSL_HANDSHAKE_MAC_SHA256,
98 128,
99 128,
100 }, {
101 1,
102 TLS1_3_RFC_AES_128_CCM_8_SHA256,
103 TLS1_3_RFC_AES_128_CCM_8_SHA256,
104 TLS1_3_CK_AES_128_CCM_8_SHA256,
105 SSL_kANY,
106 SSL_aANY,
107 SSL_AES128CCM8,
108 SSL_AEAD,
109 TLS1_3_VERSION, TLS1_3_VERSION,
110 0, 0,
111 SSL_NOT_DEFAULT | SSL_HIGH,
112 SSL_HANDSHAKE_MAC_SHA256,
113 128,
114 128,
115 }
116 };
117
118 /*
119 * The list of available ciphers, mostly organized into the following
120 * groups:
121 * Always there
122 * EC
123 * PSK
124 * SRP (within that: RSA EC PSK)
125 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
126 * Weak ciphers
127 */
128 static SSL_CIPHER ssl3_ciphers[] = {
129 {
130 1,
131 SSL3_TXT_RSA_NULL_MD5,
132 SSL3_RFC_RSA_NULL_MD5,
133 SSL3_CK_RSA_NULL_MD5,
134 SSL_kRSA,
135 SSL_aRSA,
136 SSL_eNULL,
137 SSL_MD5,
138 SSL3_VERSION, TLS1_2_VERSION,
139 DTLS1_BAD_VER, DTLS1_2_VERSION,
140 SSL_STRONG_NONE,
141 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
142 0,
143 0,
144 },
145 {
146 1,
147 SSL3_TXT_RSA_NULL_SHA,
148 SSL3_RFC_RSA_NULL_SHA,
149 SSL3_CK_RSA_NULL_SHA,
150 SSL_kRSA,
151 SSL_aRSA,
152 SSL_eNULL,
153 SSL_SHA1,
154 SSL3_VERSION, TLS1_2_VERSION,
155 DTLS1_BAD_VER, DTLS1_2_VERSION,
156 SSL_STRONG_NONE | SSL_FIPS,
157 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
158 0,
159 0,
160 },
161 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
162 {
163 1,
164 SSL3_TXT_RSA_DES_192_CBC3_SHA,
165 SSL3_RFC_RSA_DES_192_CBC3_SHA,
166 SSL3_CK_RSA_DES_192_CBC3_SHA,
167 SSL_kRSA,
168 SSL_aRSA,
169 SSL_3DES,
170 SSL_SHA1,
171 SSL3_VERSION, TLS1_2_VERSION,
172 DTLS1_BAD_VER, DTLS1_2_VERSION,
173 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
174 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
175 112,
176 168,
177 },
178 {
179 1,
180 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
181 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
182 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
183 SSL_kDHE,
184 SSL_aDSS,
185 SSL_3DES,
186 SSL_SHA1,
187 SSL3_VERSION, TLS1_2_VERSION,
188 DTLS1_BAD_VER, DTLS1_2_VERSION,
189 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
190 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
191 112,
192 168,
193 },
194 {
195 1,
196 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
197 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
198 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
199 SSL_kDHE,
200 SSL_aRSA,
201 SSL_3DES,
202 SSL_SHA1,
203 SSL3_VERSION, TLS1_2_VERSION,
204 DTLS1_BAD_VER, DTLS1_2_VERSION,
205 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
206 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
207 112,
208 168,
209 },
210 {
211 1,
212 SSL3_TXT_ADH_DES_192_CBC_SHA,
213 SSL3_RFC_ADH_DES_192_CBC_SHA,
214 SSL3_CK_ADH_DES_192_CBC_SHA,
215 SSL_kDHE,
216 SSL_aNULL,
217 SSL_3DES,
218 SSL_SHA1,
219 SSL3_VERSION, TLS1_2_VERSION,
220 DTLS1_BAD_VER, DTLS1_2_VERSION,
221 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
222 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
223 112,
224 168,
225 },
226 #endif
227 {
228 1,
229 TLS1_TXT_RSA_WITH_AES_128_SHA,
230 TLS1_RFC_RSA_WITH_AES_128_SHA,
231 TLS1_CK_RSA_WITH_AES_128_SHA,
232 SSL_kRSA,
233 SSL_aRSA,
234 SSL_AES128,
235 SSL_SHA1,
236 SSL3_VERSION, TLS1_2_VERSION,
237 DTLS1_BAD_VER, DTLS1_2_VERSION,
238 SSL_HIGH | SSL_FIPS,
239 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
240 128,
241 128,
242 },
243 {
244 1,
245 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
246 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
247 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
248 SSL_kDHE,
249 SSL_aDSS,
250 SSL_AES128,
251 SSL_SHA1,
252 SSL3_VERSION, TLS1_2_VERSION,
253 DTLS1_BAD_VER, DTLS1_2_VERSION,
254 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
255 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256 128,
257 128,
258 },
259 {
260 1,
261 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
262 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
263 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
264 SSL_kDHE,
265 SSL_aRSA,
266 SSL_AES128,
267 SSL_SHA1,
268 SSL3_VERSION, TLS1_2_VERSION,
269 DTLS1_BAD_VER, DTLS1_2_VERSION,
270 SSL_HIGH | SSL_FIPS,
271 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
272 128,
273 128,
274 },
275 {
276 1,
277 TLS1_TXT_ADH_WITH_AES_128_SHA,
278 TLS1_RFC_ADH_WITH_AES_128_SHA,
279 TLS1_CK_ADH_WITH_AES_128_SHA,
280 SSL_kDHE,
281 SSL_aNULL,
282 SSL_AES128,
283 SSL_SHA1,
284 SSL3_VERSION, TLS1_2_VERSION,
285 DTLS1_BAD_VER, DTLS1_2_VERSION,
286 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
288 128,
289 128,
290 },
291 {
292 1,
293 TLS1_TXT_RSA_WITH_AES_256_SHA,
294 TLS1_RFC_RSA_WITH_AES_256_SHA,
295 TLS1_CK_RSA_WITH_AES_256_SHA,
296 SSL_kRSA,
297 SSL_aRSA,
298 SSL_AES256,
299 SSL_SHA1,
300 SSL3_VERSION, TLS1_2_VERSION,
301 DTLS1_BAD_VER, DTLS1_2_VERSION,
302 SSL_HIGH | SSL_FIPS,
303 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
304 256,
305 256,
306 },
307 {
308 1,
309 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
310 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
311 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
312 SSL_kDHE,
313 SSL_aDSS,
314 SSL_AES256,
315 SSL_SHA1,
316 SSL3_VERSION, TLS1_2_VERSION,
317 DTLS1_BAD_VER, DTLS1_2_VERSION,
318 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
319 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
320 256,
321 256,
322 },
323 {
324 1,
325 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
326 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
327 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
328 SSL_kDHE,
329 SSL_aRSA,
330 SSL_AES256,
331 SSL_SHA1,
332 SSL3_VERSION, TLS1_2_VERSION,
333 DTLS1_BAD_VER, DTLS1_2_VERSION,
334 SSL_HIGH | SSL_FIPS,
335 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
336 256,
337 256,
338 },
339 {
340 1,
341 TLS1_TXT_ADH_WITH_AES_256_SHA,
342 TLS1_RFC_ADH_WITH_AES_256_SHA,
343 TLS1_CK_ADH_WITH_AES_256_SHA,
344 SSL_kDHE,
345 SSL_aNULL,
346 SSL_AES256,
347 SSL_SHA1,
348 SSL3_VERSION, TLS1_2_VERSION,
349 DTLS1_BAD_VER, DTLS1_2_VERSION,
350 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
351 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
352 256,
353 256,
354 },
355 {
356 1,
357 TLS1_TXT_RSA_WITH_NULL_SHA256,
358 TLS1_RFC_RSA_WITH_NULL_SHA256,
359 TLS1_CK_RSA_WITH_NULL_SHA256,
360 SSL_kRSA,
361 SSL_aRSA,
362 SSL_eNULL,
363 SSL_SHA256,
364 TLS1_2_VERSION, TLS1_2_VERSION,
365 DTLS1_2_VERSION, DTLS1_2_VERSION,
366 SSL_STRONG_NONE | SSL_FIPS,
367 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
368 0,
369 0,
370 },
371 {
372 1,
373 TLS1_TXT_RSA_WITH_AES_128_SHA256,
374 TLS1_RFC_RSA_WITH_AES_128_SHA256,
375 TLS1_CK_RSA_WITH_AES_128_SHA256,
376 SSL_kRSA,
377 SSL_aRSA,
378 SSL_AES128,
379 SSL_SHA256,
380 TLS1_2_VERSION, TLS1_2_VERSION,
381 DTLS1_2_VERSION, DTLS1_2_VERSION,
382 SSL_HIGH | SSL_FIPS,
383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
384 128,
385 128,
386 },
387 {
388 1,
389 TLS1_TXT_RSA_WITH_AES_256_SHA256,
390 TLS1_RFC_RSA_WITH_AES_256_SHA256,
391 TLS1_CK_RSA_WITH_AES_256_SHA256,
392 SSL_kRSA,
393 SSL_aRSA,
394 SSL_AES256,
395 SSL_SHA256,
396 TLS1_2_VERSION, TLS1_2_VERSION,
397 DTLS1_2_VERSION, DTLS1_2_VERSION,
398 SSL_HIGH | SSL_FIPS,
399 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
400 256,
401 256,
402 },
403 {
404 1,
405 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
406 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
407 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
408 SSL_kDHE,
409 SSL_aDSS,
410 SSL_AES128,
411 SSL_SHA256,
412 TLS1_2_VERSION, TLS1_2_VERSION,
413 DTLS1_2_VERSION, DTLS1_2_VERSION,
414 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
415 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
416 128,
417 128,
418 },
419 {
420 1,
421 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
422 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
423 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
424 SSL_kDHE,
425 SSL_aRSA,
426 SSL_AES128,
427 SSL_SHA256,
428 TLS1_2_VERSION, TLS1_2_VERSION,
429 DTLS1_2_VERSION, DTLS1_2_VERSION,
430 SSL_HIGH | SSL_FIPS,
431 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
432 128,
433 128,
434 },
435 {
436 1,
437 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
438 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
439 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
440 SSL_kDHE,
441 SSL_aDSS,
442 SSL_AES256,
443 SSL_SHA256,
444 TLS1_2_VERSION, TLS1_2_VERSION,
445 DTLS1_2_VERSION, DTLS1_2_VERSION,
446 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
447 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
448 256,
449 256,
450 },
451 {
452 1,
453 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
454 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
455 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
456 SSL_kDHE,
457 SSL_aRSA,
458 SSL_AES256,
459 SSL_SHA256,
460 TLS1_2_VERSION, TLS1_2_VERSION,
461 DTLS1_2_VERSION, DTLS1_2_VERSION,
462 SSL_HIGH | SSL_FIPS,
463 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
464 256,
465 256,
466 },
467 {
468 1,
469 TLS1_TXT_ADH_WITH_AES_128_SHA256,
470 TLS1_RFC_ADH_WITH_AES_128_SHA256,
471 TLS1_CK_ADH_WITH_AES_128_SHA256,
472 SSL_kDHE,
473 SSL_aNULL,
474 SSL_AES128,
475 SSL_SHA256,
476 TLS1_2_VERSION, TLS1_2_VERSION,
477 DTLS1_2_VERSION, DTLS1_2_VERSION,
478 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
479 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
480 128,
481 128,
482 },
483 {
484 1,
485 TLS1_TXT_ADH_WITH_AES_256_SHA256,
486 TLS1_RFC_ADH_WITH_AES_256_SHA256,
487 TLS1_CK_ADH_WITH_AES_256_SHA256,
488 SSL_kDHE,
489 SSL_aNULL,
490 SSL_AES256,
491 SSL_SHA256,
492 TLS1_2_VERSION, TLS1_2_VERSION,
493 DTLS1_2_VERSION, DTLS1_2_VERSION,
494 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
495 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
496 256,
497 256,
498 },
499 {
500 1,
501 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
502 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
503 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
504 SSL_kRSA,
505 SSL_aRSA,
506 SSL_AES128GCM,
507 SSL_AEAD,
508 TLS1_2_VERSION, TLS1_2_VERSION,
509 DTLS1_2_VERSION, DTLS1_2_VERSION,
510 SSL_HIGH | SSL_FIPS,
511 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
512 128,
513 128,
514 },
515 {
516 1,
517 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
518 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
519 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
520 SSL_kRSA,
521 SSL_aRSA,
522 SSL_AES256GCM,
523 SSL_AEAD,
524 TLS1_2_VERSION, TLS1_2_VERSION,
525 DTLS1_2_VERSION, DTLS1_2_VERSION,
526 SSL_HIGH | SSL_FIPS,
527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
528 256,
529 256,
530 },
531 {
532 1,
533 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
534 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
535 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
536 SSL_kDHE,
537 SSL_aRSA,
538 SSL_AES128GCM,
539 SSL_AEAD,
540 TLS1_2_VERSION, TLS1_2_VERSION,
541 DTLS1_2_VERSION, DTLS1_2_VERSION,
542 SSL_HIGH | SSL_FIPS,
543 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
544 128,
545 128,
546 },
547 {
548 1,
549 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
550 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
551 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
552 SSL_kDHE,
553 SSL_aRSA,
554 SSL_AES256GCM,
555 SSL_AEAD,
556 TLS1_2_VERSION, TLS1_2_VERSION,
557 DTLS1_2_VERSION, DTLS1_2_VERSION,
558 SSL_HIGH | SSL_FIPS,
559 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
560 256,
561 256,
562 },
563 {
564 1,
565 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
566 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
567 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
568 SSL_kDHE,
569 SSL_aDSS,
570 SSL_AES128GCM,
571 SSL_AEAD,
572 TLS1_2_VERSION, TLS1_2_VERSION,
573 DTLS1_2_VERSION, DTLS1_2_VERSION,
574 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
575 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
576 128,
577 128,
578 },
579 {
580 1,
581 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
582 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
583 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
584 SSL_kDHE,
585 SSL_aDSS,
586 SSL_AES256GCM,
587 SSL_AEAD,
588 TLS1_2_VERSION, TLS1_2_VERSION,
589 DTLS1_2_VERSION, DTLS1_2_VERSION,
590 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
591 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
592 256,
593 256,
594 },
595 {
596 1,
597 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
598 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
599 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
600 SSL_kDHE,
601 SSL_aNULL,
602 SSL_AES128GCM,
603 SSL_AEAD,
604 TLS1_2_VERSION, TLS1_2_VERSION,
605 DTLS1_2_VERSION, DTLS1_2_VERSION,
606 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
607 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
608 128,
609 128,
610 },
611 {
612 1,
613 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
614 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
615 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
616 SSL_kDHE,
617 SSL_aNULL,
618 SSL_AES256GCM,
619 SSL_AEAD,
620 TLS1_2_VERSION, TLS1_2_VERSION,
621 DTLS1_2_VERSION, DTLS1_2_VERSION,
622 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
623 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
624 256,
625 256,
626 },
627 {
628 1,
629 TLS1_TXT_RSA_WITH_AES_128_CCM,
630 TLS1_RFC_RSA_WITH_AES_128_CCM,
631 TLS1_CK_RSA_WITH_AES_128_CCM,
632 SSL_kRSA,
633 SSL_aRSA,
634 SSL_AES128CCM,
635 SSL_AEAD,
636 TLS1_2_VERSION, TLS1_2_VERSION,
637 DTLS1_2_VERSION, DTLS1_2_VERSION,
638 SSL_NOT_DEFAULT | SSL_HIGH,
639 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
640 128,
641 128,
642 },
643 {
644 1,
645 TLS1_TXT_RSA_WITH_AES_256_CCM,
646 TLS1_RFC_RSA_WITH_AES_256_CCM,
647 TLS1_CK_RSA_WITH_AES_256_CCM,
648 SSL_kRSA,
649 SSL_aRSA,
650 SSL_AES256CCM,
651 SSL_AEAD,
652 TLS1_2_VERSION, TLS1_2_VERSION,
653 DTLS1_2_VERSION, DTLS1_2_VERSION,
654 SSL_NOT_DEFAULT | SSL_HIGH,
655 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
656 256,
657 256,
658 },
659 {
660 1,
661 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
662 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
663 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
664 SSL_kDHE,
665 SSL_aRSA,
666 SSL_AES128CCM,
667 SSL_AEAD,
668 TLS1_2_VERSION, TLS1_2_VERSION,
669 DTLS1_2_VERSION, DTLS1_2_VERSION,
670 SSL_NOT_DEFAULT | SSL_HIGH,
671 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
672 128,
673 128,
674 },
675 {
676 1,
677 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
678 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
679 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
680 SSL_kDHE,
681 SSL_aRSA,
682 SSL_AES256CCM,
683 SSL_AEAD,
684 TLS1_2_VERSION, TLS1_2_VERSION,
685 DTLS1_2_VERSION, DTLS1_2_VERSION,
686 SSL_NOT_DEFAULT | SSL_HIGH,
687 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
688 256,
689 256,
690 },
691 {
692 1,
693 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
694 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
695 TLS1_CK_RSA_WITH_AES_128_CCM_8,
696 SSL_kRSA,
697 SSL_aRSA,
698 SSL_AES128CCM8,
699 SSL_AEAD,
700 TLS1_2_VERSION, TLS1_2_VERSION,
701 DTLS1_2_VERSION, DTLS1_2_VERSION,
702 SSL_NOT_DEFAULT | SSL_HIGH,
703 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
704 128,
705 128,
706 },
707 {
708 1,
709 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
710 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
711 TLS1_CK_RSA_WITH_AES_256_CCM_8,
712 SSL_kRSA,
713 SSL_aRSA,
714 SSL_AES256CCM8,
715 SSL_AEAD,
716 TLS1_2_VERSION, TLS1_2_VERSION,
717 DTLS1_2_VERSION, DTLS1_2_VERSION,
718 SSL_NOT_DEFAULT | SSL_HIGH,
719 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
720 256,
721 256,
722 },
723 {
724 1,
725 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
726 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
727 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
728 SSL_kDHE,
729 SSL_aRSA,
730 SSL_AES128CCM8,
731 SSL_AEAD,
732 TLS1_2_VERSION, TLS1_2_VERSION,
733 DTLS1_2_VERSION, DTLS1_2_VERSION,
734 SSL_NOT_DEFAULT | SSL_HIGH,
735 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
736 128,
737 128,
738 },
739 {
740 1,
741 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
742 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
743 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
744 SSL_kDHE,
745 SSL_aRSA,
746 SSL_AES256CCM8,
747 SSL_AEAD,
748 TLS1_2_VERSION, TLS1_2_VERSION,
749 DTLS1_2_VERSION, DTLS1_2_VERSION,
750 SSL_NOT_DEFAULT | SSL_HIGH,
751 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
752 256,
753 256,
754 },
755 {
756 1,
757 TLS1_TXT_PSK_WITH_AES_128_CCM,
758 TLS1_RFC_PSK_WITH_AES_128_CCM,
759 TLS1_CK_PSK_WITH_AES_128_CCM,
760 SSL_kPSK,
761 SSL_aPSK,
762 SSL_AES128CCM,
763 SSL_AEAD,
764 TLS1_2_VERSION, TLS1_2_VERSION,
765 DTLS1_2_VERSION, DTLS1_2_VERSION,
766 SSL_NOT_DEFAULT | SSL_HIGH,
767 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
768 128,
769 128,
770 },
771 {
772 1,
773 TLS1_TXT_PSK_WITH_AES_256_CCM,
774 TLS1_RFC_PSK_WITH_AES_256_CCM,
775 TLS1_CK_PSK_WITH_AES_256_CCM,
776 SSL_kPSK,
777 SSL_aPSK,
778 SSL_AES256CCM,
779 SSL_AEAD,
780 TLS1_2_VERSION, TLS1_2_VERSION,
781 DTLS1_2_VERSION, DTLS1_2_VERSION,
782 SSL_NOT_DEFAULT | SSL_HIGH,
783 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
784 256,
785 256,
786 },
787 {
788 1,
789 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
790 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
791 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
792 SSL_kDHEPSK,
793 SSL_aPSK,
794 SSL_AES128CCM,
795 SSL_AEAD,
796 TLS1_2_VERSION, TLS1_2_VERSION,
797 DTLS1_2_VERSION, DTLS1_2_VERSION,
798 SSL_NOT_DEFAULT | SSL_HIGH,
799 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
800 128,
801 128,
802 },
803 {
804 1,
805 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
806 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
807 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
808 SSL_kDHEPSK,
809 SSL_aPSK,
810 SSL_AES256CCM,
811 SSL_AEAD,
812 TLS1_2_VERSION, TLS1_2_VERSION,
813 DTLS1_2_VERSION, DTLS1_2_VERSION,
814 SSL_NOT_DEFAULT | SSL_HIGH,
815 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
816 256,
817 256,
818 },
819 {
820 1,
821 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
822 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
823 TLS1_CK_PSK_WITH_AES_128_CCM_8,
824 SSL_kPSK,
825 SSL_aPSK,
826 SSL_AES128CCM8,
827 SSL_AEAD,
828 TLS1_2_VERSION, TLS1_2_VERSION,
829 DTLS1_2_VERSION, DTLS1_2_VERSION,
830 SSL_NOT_DEFAULT | SSL_HIGH,
831 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
832 128,
833 128,
834 },
835 {
836 1,
837 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
838 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
839 TLS1_CK_PSK_WITH_AES_256_CCM_8,
840 SSL_kPSK,
841 SSL_aPSK,
842 SSL_AES256CCM8,
843 SSL_AEAD,
844 TLS1_2_VERSION, TLS1_2_VERSION,
845 DTLS1_2_VERSION, DTLS1_2_VERSION,
846 SSL_NOT_DEFAULT | SSL_HIGH,
847 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
848 256,
849 256,
850 },
851 {
852 1,
853 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
854 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
855 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
856 SSL_kDHEPSK,
857 SSL_aPSK,
858 SSL_AES128CCM8,
859 SSL_AEAD,
860 TLS1_2_VERSION, TLS1_2_VERSION,
861 DTLS1_2_VERSION, DTLS1_2_VERSION,
862 SSL_NOT_DEFAULT | SSL_HIGH,
863 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
864 128,
865 128,
866 },
867 {
868 1,
869 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
870 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
871 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
872 SSL_kDHEPSK,
873 SSL_aPSK,
874 SSL_AES256CCM8,
875 SSL_AEAD,
876 TLS1_2_VERSION, TLS1_2_VERSION,
877 DTLS1_2_VERSION, DTLS1_2_VERSION,
878 SSL_NOT_DEFAULT | SSL_HIGH,
879 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
880 256,
881 256,
882 },
883 {
884 1,
885 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
886 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
887 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
888 SSL_kECDHE,
889 SSL_aECDSA,
890 SSL_AES128CCM,
891 SSL_AEAD,
892 TLS1_2_VERSION, TLS1_2_VERSION,
893 DTLS1_2_VERSION, DTLS1_2_VERSION,
894 SSL_NOT_DEFAULT | SSL_HIGH,
895 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
896 128,
897 128,
898 },
899 {
900 1,
901 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
902 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
903 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
904 SSL_kECDHE,
905 SSL_aECDSA,
906 SSL_AES256CCM,
907 SSL_AEAD,
908 TLS1_2_VERSION, TLS1_2_VERSION,
909 DTLS1_2_VERSION, DTLS1_2_VERSION,
910 SSL_NOT_DEFAULT | SSL_HIGH,
911 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
912 256,
913 256,
914 },
915 {
916 1,
917 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
918 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
919 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
920 SSL_kECDHE,
921 SSL_aECDSA,
922 SSL_AES128CCM8,
923 SSL_AEAD,
924 TLS1_2_VERSION, TLS1_2_VERSION,
925 DTLS1_2_VERSION, DTLS1_2_VERSION,
926 SSL_NOT_DEFAULT | SSL_HIGH,
927 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
928 128,
929 128,
930 },
931 {
932 1,
933 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
934 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
935 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
936 SSL_kECDHE,
937 SSL_aECDSA,
938 SSL_AES256CCM8,
939 SSL_AEAD,
940 TLS1_2_VERSION, TLS1_2_VERSION,
941 DTLS1_2_VERSION, DTLS1_2_VERSION,
942 SSL_NOT_DEFAULT | SSL_HIGH,
943 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
944 256,
945 256,
946 },
947 {
948 1,
949 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
950 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
951 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
952 SSL_kECDHE,
953 SSL_aECDSA,
954 SSL_eNULL,
955 SSL_SHA1,
956 TLS1_VERSION, TLS1_2_VERSION,
957 DTLS1_BAD_VER, DTLS1_2_VERSION,
958 SSL_STRONG_NONE | SSL_FIPS,
959 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
960 0,
961 0,
962 },
963 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
964 {
965 1,
966 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
967 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
968 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
969 SSL_kECDHE,
970 SSL_aECDSA,
971 SSL_3DES,
972 SSL_SHA1,
973 TLS1_VERSION, TLS1_2_VERSION,
974 DTLS1_BAD_VER, DTLS1_2_VERSION,
975 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
976 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
977 112,
978 168,
979 },
980 # endif
981 {
982 1,
983 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
984 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
985 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
986 SSL_kECDHE,
987 SSL_aECDSA,
988 SSL_AES128,
989 SSL_SHA1,
990 TLS1_VERSION, TLS1_2_VERSION,
991 DTLS1_BAD_VER, DTLS1_2_VERSION,
992 SSL_HIGH | SSL_FIPS,
993 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
994 128,
995 128,
996 },
997 {
998 1,
999 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1000 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1001 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1002 SSL_kECDHE,
1003 SSL_aECDSA,
1004 SSL_AES256,
1005 SSL_SHA1,
1006 TLS1_VERSION, TLS1_2_VERSION,
1007 DTLS1_BAD_VER, DTLS1_2_VERSION,
1008 SSL_HIGH | SSL_FIPS,
1009 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1010 256,
1011 256,
1012 },
1013 {
1014 1,
1015 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1016 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1017 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1018 SSL_kECDHE,
1019 SSL_aRSA,
1020 SSL_eNULL,
1021 SSL_SHA1,
1022 TLS1_VERSION, TLS1_2_VERSION,
1023 DTLS1_BAD_VER, DTLS1_2_VERSION,
1024 SSL_STRONG_NONE | SSL_FIPS,
1025 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1026 0,
1027 0,
1028 },
1029 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1030 {
1031 1,
1032 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1033 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1034 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1035 SSL_kECDHE,
1036 SSL_aRSA,
1037 SSL_3DES,
1038 SSL_SHA1,
1039 TLS1_VERSION, TLS1_2_VERSION,
1040 DTLS1_BAD_VER, DTLS1_2_VERSION,
1041 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1042 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1043 112,
1044 168,
1045 },
1046 # endif
1047 {
1048 1,
1049 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1050 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1051 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1052 SSL_kECDHE,
1053 SSL_aRSA,
1054 SSL_AES128,
1055 SSL_SHA1,
1056 TLS1_VERSION, TLS1_2_VERSION,
1057 DTLS1_BAD_VER, DTLS1_2_VERSION,
1058 SSL_HIGH | SSL_FIPS,
1059 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1060 128,
1061 128,
1062 },
1063 {
1064 1,
1065 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1066 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1067 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1068 SSL_kECDHE,
1069 SSL_aRSA,
1070 SSL_AES256,
1071 SSL_SHA1,
1072 TLS1_VERSION, TLS1_2_VERSION,
1073 DTLS1_BAD_VER, DTLS1_2_VERSION,
1074 SSL_HIGH | SSL_FIPS,
1075 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1076 256,
1077 256,
1078 },
1079 {
1080 1,
1081 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1082 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1083 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1084 SSL_kECDHE,
1085 SSL_aNULL,
1086 SSL_eNULL,
1087 SSL_SHA1,
1088 TLS1_VERSION, TLS1_2_VERSION,
1089 DTLS1_BAD_VER, DTLS1_2_VERSION,
1090 SSL_STRONG_NONE | SSL_FIPS,
1091 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1092 0,
1093 0,
1094 },
1095 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1096 {
1097 1,
1098 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1099 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1100 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1101 SSL_kECDHE,
1102 SSL_aNULL,
1103 SSL_3DES,
1104 SSL_SHA1,
1105 TLS1_VERSION, TLS1_2_VERSION,
1106 DTLS1_BAD_VER, DTLS1_2_VERSION,
1107 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1108 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1109 112,
1110 168,
1111 },
1112 # endif
1113 {
1114 1,
1115 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1116 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1117 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1118 SSL_kECDHE,
1119 SSL_aNULL,
1120 SSL_AES128,
1121 SSL_SHA1,
1122 TLS1_VERSION, TLS1_2_VERSION,
1123 DTLS1_BAD_VER, DTLS1_2_VERSION,
1124 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1125 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1126 128,
1127 128,
1128 },
1129 {
1130 1,
1131 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1132 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1133 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1134 SSL_kECDHE,
1135 SSL_aNULL,
1136 SSL_AES256,
1137 SSL_SHA1,
1138 TLS1_VERSION, TLS1_2_VERSION,
1139 DTLS1_BAD_VER, DTLS1_2_VERSION,
1140 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1141 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1142 256,
1143 256,
1144 },
1145 {
1146 1,
1147 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1148 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1149 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1150 SSL_kECDHE,
1151 SSL_aECDSA,
1152 SSL_AES128,
1153 SSL_SHA256,
1154 TLS1_2_VERSION, TLS1_2_VERSION,
1155 DTLS1_2_VERSION, DTLS1_2_VERSION,
1156 SSL_HIGH | SSL_FIPS,
1157 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1158 128,
1159 128,
1160 },
1161 {
1162 1,
1163 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1164 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1165 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1166 SSL_kECDHE,
1167 SSL_aECDSA,
1168 SSL_AES256,
1169 SSL_SHA384,
1170 TLS1_2_VERSION, TLS1_2_VERSION,
1171 DTLS1_2_VERSION, DTLS1_2_VERSION,
1172 SSL_HIGH | SSL_FIPS,
1173 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1174 256,
1175 256,
1176 },
1177 {
1178 1,
1179 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1180 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1181 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1182 SSL_kECDHE,
1183 SSL_aRSA,
1184 SSL_AES128,
1185 SSL_SHA256,
1186 TLS1_2_VERSION, TLS1_2_VERSION,
1187 DTLS1_2_VERSION, DTLS1_2_VERSION,
1188 SSL_HIGH | SSL_FIPS,
1189 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1190 128,
1191 128,
1192 },
1193 {
1194 1,
1195 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1196 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1197 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1198 SSL_kECDHE,
1199 SSL_aRSA,
1200 SSL_AES256,
1201 SSL_SHA384,
1202 TLS1_2_VERSION, TLS1_2_VERSION,
1203 DTLS1_2_VERSION, DTLS1_2_VERSION,
1204 SSL_HIGH | SSL_FIPS,
1205 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1206 256,
1207 256,
1208 },
1209 {
1210 1,
1211 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1212 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1213 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1214 SSL_kECDHE,
1215 SSL_aECDSA,
1216 SSL_AES128GCM,
1217 SSL_AEAD,
1218 TLS1_2_VERSION, TLS1_2_VERSION,
1219 DTLS1_2_VERSION, DTLS1_2_VERSION,
1220 SSL_HIGH | SSL_FIPS,
1221 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1222 128,
1223 128,
1224 },
1225 {
1226 1,
1227 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1228 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1229 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1230 SSL_kECDHE,
1231 SSL_aECDSA,
1232 SSL_AES256GCM,
1233 SSL_AEAD,
1234 TLS1_2_VERSION, TLS1_2_VERSION,
1235 DTLS1_2_VERSION, DTLS1_2_VERSION,
1236 SSL_HIGH | SSL_FIPS,
1237 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1238 256,
1239 256,
1240 },
1241 {
1242 1,
1243 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1244 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1245 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1246 SSL_kECDHE,
1247 SSL_aRSA,
1248 SSL_AES128GCM,
1249 SSL_AEAD,
1250 TLS1_2_VERSION, TLS1_2_VERSION,
1251 DTLS1_2_VERSION, DTLS1_2_VERSION,
1252 SSL_HIGH | SSL_FIPS,
1253 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1254 128,
1255 128,
1256 },
1257 {
1258 1,
1259 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1260 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1261 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1262 SSL_kECDHE,
1263 SSL_aRSA,
1264 SSL_AES256GCM,
1265 SSL_AEAD,
1266 TLS1_2_VERSION, TLS1_2_VERSION,
1267 DTLS1_2_VERSION, DTLS1_2_VERSION,
1268 SSL_HIGH | SSL_FIPS,
1269 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1270 256,
1271 256,
1272 },
1273 {
1274 1,
1275 TLS1_TXT_PSK_WITH_NULL_SHA,
1276 TLS1_RFC_PSK_WITH_NULL_SHA,
1277 TLS1_CK_PSK_WITH_NULL_SHA,
1278 SSL_kPSK,
1279 SSL_aPSK,
1280 SSL_eNULL,
1281 SSL_SHA1,
1282 SSL3_VERSION, TLS1_2_VERSION,
1283 DTLS1_BAD_VER, DTLS1_2_VERSION,
1284 SSL_STRONG_NONE | SSL_FIPS,
1285 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1286 0,
1287 0,
1288 },
1289 {
1290 1,
1291 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1292 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1293 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1294 SSL_kDHEPSK,
1295 SSL_aPSK,
1296 SSL_eNULL,
1297 SSL_SHA1,
1298 SSL3_VERSION, TLS1_2_VERSION,
1299 DTLS1_BAD_VER, DTLS1_2_VERSION,
1300 SSL_STRONG_NONE | SSL_FIPS,
1301 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1302 0,
1303 0,
1304 },
1305 {
1306 1,
1307 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1308 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1309 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1310 SSL_kRSAPSK,
1311 SSL_aRSA,
1312 SSL_eNULL,
1313 SSL_SHA1,
1314 SSL3_VERSION, TLS1_2_VERSION,
1315 DTLS1_BAD_VER, DTLS1_2_VERSION,
1316 SSL_STRONG_NONE | SSL_FIPS,
1317 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1318 0,
1319 0,
1320 },
1321 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1322 {
1323 1,
1324 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1325 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1326 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1327 SSL_kPSK,
1328 SSL_aPSK,
1329 SSL_3DES,
1330 SSL_SHA1,
1331 SSL3_VERSION, TLS1_2_VERSION,
1332 DTLS1_BAD_VER, DTLS1_2_VERSION,
1333 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1335 112,
1336 168,
1337 },
1338 # endif
1339 {
1340 1,
1341 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1342 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1343 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1344 SSL_kPSK,
1345 SSL_aPSK,
1346 SSL_AES128,
1347 SSL_SHA1,
1348 SSL3_VERSION, TLS1_2_VERSION,
1349 DTLS1_BAD_VER, DTLS1_2_VERSION,
1350 SSL_HIGH | SSL_FIPS,
1351 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1352 128,
1353 128,
1354 },
1355 {
1356 1,
1357 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1358 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1359 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1360 SSL_kPSK,
1361 SSL_aPSK,
1362 SSL_AES256,
1363 SSL_SHA1,
1364 SSL3_VERSION, TLS1_2_VERSION,
1365 DTLS1_BAD_VER, DTLS1_2_VERSION,
1366 SSL_HIGH | SSL_FIPS,
1367 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1368 256,
1369 256,
1370 },
1371 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1372 {
1373 1,
1374 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1375 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1377 SSL_kDHEPSK,
1378 SSL_aPSK,
1379 SSL_3DES,
1380 SSL_SHA1,
1381 SSL3_VERSION, TLS1_2_VERSION,
1382 DTLS1_BAD_VER, DTLS1_2_VERSION,
1383 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1384 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1385 112,
1386 168,
1387 },
1388 # endif
1389 {
1390 1,
1391 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1392 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1393 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1394 SSL_kDHEPSK,
1395 SSL_aPSK,
1396 SSL_AES128,
1397 SSL_SHA1,
1398 SSL3_VERSION, TLS1_2_VERSION,
1399 DTLS1_BAD_VER, DTLS1_2_VERSION,
1400 SSL_HIGH | SSL_FIPS,
1401 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1402 128,
1403 128,
1404 },
1405 {
1406 1,
1407 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1408 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1410 SSL_kDHEPSK,
1411 SSL_aPSK,
1412 SSL_AES256,
1413 SSL_SHA1,
1414 SSL3_VERSION, TLS1_2_VERSION,
1415 DTLS1_BAD_VER, DTLS1_2_VERSION,
1416 SSL_HIGH | SSL_FIPS,
1417 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1418 256,
1419 256,
1420 },
1421 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1422 {
1423 1,
1424 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1425 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1427 SSL_kRSAPSK,
1428 SSL_aRSA,
1429 SSL_3DES,
1430 SSL_SHA1,
1431 SSL3_VERSION, TLS1_2_VERSION,
1432 DTLS1_BAD_VER, DTLS1_2_VERSION,
1433 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1434 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1435 112,
1436 168,
1437 },
1438 # endif
1439 {
1440 1,
1441 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1442 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1443 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1444 SSL_kRSAPSK,
1445 SSL_aRSA,
1446 SSL_AES128,
1447 SSL_SHA1,
1448 SSL3_VERSION, TLS1_2_VERSION,
1449 DTLS1_BAD_VER, DTLS1_2_VERSION,
1450 SSL_HIGH | SSL_FIPS,
1451 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1452 128,
1453 128,
1454 },
1455 {
1456 1,
1457 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1458 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1459 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1460 SSL_kRSAPSK,
1461 SSL_aRSA,
1462 SSL_AES256,
1463 SSL_SHA1,
1464 SSL3_VERSION, TLS1_2_VERSION,
1465 DTLS1_BAD_VER, DTLS1_2_VERSION,
1466 SSL_HIGH | SSL_FIPS,
1467 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1468 256,
1469 256,
1470 },
1471 {
1472 1,
1473 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1474 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1475 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1476 SSL_kPSK,
1477 SSL_aPSK,
1478 SSL_AES128GCM,
1479 SSL_AEAD,
1480 TLS1_2_VERSION, TLS1_2_VERSION,
1481 DTLS1_2_VERSION, DTLS1_2_VERSION,
1482 SSL_HIGH | SSL_FIPS,
1483 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1484 128,
1485 128,
1486 },
1487 {
1488 1,
1489 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1490 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1491 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1492 SSL_kPSK,
1493 SSL_aPSK,
1494 SSL_AES256GCM,
1495 SSL_AEAD,
1496 TLS1_2_VERSION, TLS1_2_VERSION,
1497 DTLS1_2_VERSION, DTLS1_2_VERSION,
1498 SSL_HIGH | SSL_FIPS,
1499 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1500 256,
1501 256,
1502 },
1503 {
1504 1,
1505 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1506 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1508 SSL_kDHEPSK,
1509 SSL_aPSK,
1510 SSL_AES128GCM,
1511 SSL_AEAD,
1512 TLS1_2_VERSION, TLS1_2_VERSION,
1513 DTLS1_2_VERSION, DTLS1_2_VERSION,
1514 SSL_HIGH | SSL_FIPS,
1515 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1516 128,
1517 128,
1518 },
1519 {
1520 1,
1521 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1522 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1524 SSL_kDHEPSK,
1525 SSL_aPSK,
1526 SSL_AES256GCM,
1527 SSL_AEAD,
1528 TLS1_2_VERSION, TLS1_2_VERSION,
1529 DTLS1_2_VERSION, DTLS1_2_VERSION,
1530 SSL_HIGH | SSL_FIPS,
1531 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1532 256,
1533 256,
1534 },
1535 {
1536 1,
1537 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1538 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1540 SSL_kRSAPSK,
1541 SSL_aRSA,
1542 SSL_AES128GCM,
1543 SSL_AEAD,
1544 TLS1_2_VERSION, TLS1_2_VERSION,
1545 DTLS1_2_VERSION, DTLS1_2_VERSION,
1546 SSL_HIGH | SSL_FIPS,
1547 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1548 128,
1549 128,
1550 },
1551 {
1552 1,
1553 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1554 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1556 SSL_kRSAPSK,
1557 SSL_aRSA,
1558 SSL_AES256GCM,
1559 SSL_AEAD,
1560 TLS1_2_VERSION, TLS1_2_VERSION,
1561 DTLS1_2_VERSION, DTLS1_2_VERSION,
1562 SSL_HIGH | SSL_FIPS,
1563 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1564 256,
1565 256,
1566 },
1567 {
1568 1,
1569 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1570 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1571 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1572 SSL_kPSK,
1573 SSL_aPSK,
1574 SSL_AES128,
1575 SSL_SHA256,
1576 TLS1_VERSION, TLS1_2_VERSION,
1577 DTLS1_BAD_VER, DTLS1_2_VERSION,
1578 SSL_HIGH | SSL_FIPS,
1579 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1580 128,
1581 128,
1582 },
1583 {
1584 1,
1585 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1586 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1587 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1588 SSL_kPSK,
1589 SSL_aPSK,
1590 SSL_AES256,
1591 SSL_SHA384,
1592 TLS1_VERSION, TLS1_2_VERSION,
1593 DTLS1_BAD_VER, DTLS1_2_VERSION,
1594 SSL_HIGH | SSL_FIPS,
1595 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1596 256,
1597 256,
1598 },
1599 {
1600 1,
1601 TLS1_TXT_PSK_WITH_NULL_SHA256,
1602 TLS1_RFC_PSK_WITH_NULL_SHA256,
1603 TLS1_CK_PSK_WITH_NULL_SHA256,
1604 SSL_kPSK,
1605 SSL_aPSK,
1606 SSL_eNULL,
1607 SSL_SHA256,
1608 TLS1_VERSION, TLS1_2_VERSION,
1609 DTLS1_BAD_VER, DTLS1_2_VERSION,
1610 SSL_STRONG_NONE | SSL_FIPS,
1611 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1612 0,
1613 0,
1614 },
1615 {
1616 1,
1617 TLS1_TXT_PSK_WITH_NULL_SHA384,
1618 TLS1_RFC_PSK_WITH_NULL_SHA384,
1619 TLS1_CK_PSK_WITH_NULL_SHA384,
1620 SSL_kPSK,
1621 SSL_aPSK,
1622 SSL_eNULL,
1623 SSL_SHA384,
1624 TLS1_VERSION, TLS1_2_VERSION,
1625 DTLS1_BAD_VER, DTLS1_2_VERSION,
1626 SSL_STRONG_NONE | SSL_FIPS,
1627 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1628 0,
1629 0,
1630 },
1631 {
1632 1,
1633 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1636 SSL_kDHEPSK,
1637 SSL_aPSK,
1638 SSL_AES128,
1639 SSL_SHA256,
1640 TLS1_VERSION, TLS1_2_VERSION,
1641 DTLS1_BAD_VER, DTLS1_2_VERSION,
1642 SSL_HIGH | SSL_FIPS,
1643 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1644 128,
1645 128,
1646 },
1647 {
1648 1,
1649 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1650 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1652 SSL_kDHEPSK,
1653 SSL_aPSK,
1654 SSL_AES256,
1655 SSL_SHA384,
1656 TLS1_VERSION, TLS1_2_VERSION,
1657 DTLS1_BAD_VER, DTLS1_2_VERSION,
1658 SSL_HIGH | SSL_FIPS,
1659 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1660 256,
1661 256,
1662 },
1663 {
1664 1,
1665 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1666 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1667 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1668 SSL_kDHEPSK,
1669 SSL_aPSK,
1670 SSL_eNULL,
1671 SSL_SHA256,
1672 TLS1_VERSION, TLS1_2_VERSION,
1673 DTLS1_BAD_VER, DTLS1_2_VERSION,
1674 SSL_STRONG_NONE | SSL_FIPS,
1675 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1676 0,
1677 0,
1678 },
1679 {
1680 1,
1681 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1682 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1683 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1684 SSL_kDHEPSK,
1685 SSL_aPSK,
1686 SSL_eNULL,
1687 SSL_SHA384,
1688 TLS1_VERSION, TLS1_2_VERSION,
1689 DTLS1_BAD_VER, DTLS1_2_VERSION,
1690 SSL_STRONG_NONE | SSL_FIPS,
1691 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1692 0,
1693 0,
1694 },
1695 {
1696 1,
1697 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1698 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1700 SSL_kRSAPSK,
1701 SSL_aRSA,
1702 SSL_AES128,
1703 SSL_SHA256,
1704 TLS1_VERSION, TLS1_2_VERSION,
1705 DTLS1_BAD_VER, DTLS1_2_VERSION,
1706 SSL_HIGH | SSL_FIPS,
1707 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1708 128,
1709 128,
1710 },
1711 {
1712 1,
1713 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1714 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1716 SSL_kRSAPSK,
1717 SSL_aRSA,
1718 SSL_AES256,
1719 SSL_SHA384,
1720 TLS1_VERSION, TLS1_2_VERSION,
1721 DTLS1_BAD_VER, DTLS1_2_VERSION,
1722 SSL_HIGH | SSL_FIPS,
1723 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1724 256,
1725 256,
1726 },
1727 {
1728 1,
1729 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1730 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1731 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1732 SSL_kRSAPSK,
1733 SSL_aRSA,
1734 SSL_eNULL,
1735 SSL_SHA256,
1736 TLS1_VERSION, TLS1_2_VERSION,
1737 DTLS1_BAD_VER, DTLS1_2_VERSION,
1738 SSL_STRONG_NONE | SSL_FIPS,
1739 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1740 0,
1741 0,
1742 },
1743 {
1744 1,
1745 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1746 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1747 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1748 SSL_kRSAPSK,
1749 SSL_aRSA,
1750 SSL_eNULL,
1751 SSL_SHA384,
1752 TLS1_VERSION, TLS1_2_VERSION,
1753 DTLS1_BAD_VER, DTLS1_2_VERSION,
1754 SSL_STRONG_NONE | SSL_FIPS,
1755 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1756 0,
1757 0,
1758 },
1759 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1760 {
1761 1,
1762 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1763 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1764 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765 SSL_kECDHEPSK,
1766 SSL_aPSK,
1767 SSL_3DES,
1768 SSL_SHA1,
1769 TLS1_VERSION, TLS1_2_VERSION,
1770 DTLS1_BAD_VER, DTLS1_2_VERSION,
1771 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1773 112,
1774 168,
1775 },
1776 # endif
1777 {
1778 1,
1779 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1780 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1781 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782 SSL_kECDHEPSK,
1783 SSL_aPSK,
1784 SSL_AES128,
1785 SSL_SHA1,
1786 TLS1_VERSION, TLS1_2_VERSION,
1787 DTLS1_BAD_VER, DTLS1_2_VERSION,
1788 SSL_HIGH | SSL_FIPS,
1789 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1790 128,
1791 128,
1792 },
1793 {
1794 1,
1795 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1796 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1797 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798 SSL_kECDHEPSK,
1799 SSL_aPSK,
1800 SSL_AES256,
1801 SSL_SHA1,
1802 TLS1_VERSION, TLS1_2_VERSION,
1803 DTLS1_BAD_VER, DTLS1_2_VERSION,
1804 SSL_HIGH | SSL_FIPS,
1805 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1806 256,
1807 256,
1808 },
1809 {
1810 1,
1811 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1812 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1813 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814 SSL_kECDHEPSK,
1815 SSL_aPSK,
1816 SSL_AES128,
1817 SSL_SHA256,
1818 TLS1_VERSION, TLS1_2_VERSION,
1819 DTLS1_BAD_VER, DTLS1_2_VERSION,
1820 SSL_HIGH | SSL_FIPS,
1821 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1822 128,
1823 128,
1824 },
1825 {
1826 1,
1827 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1828 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1829 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830 SSL_kECDHEPSK,
1831 SSL_aPSK,
1832 SSL_AES256,
1833 SSL_SHA384,
1834 TLS1_VERSION, TLS1_2_VERSION,
1835 DTLS1_BAD_VER, DTLS1_2_VERSION,
1836 SSL_HIGH | SSL_FIPS,
1837 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1838 256,
1839 256,
1840 },
1841 {
1842 1,
1843 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1844 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1845 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1846 SSL_kECDHEPSK,
1847 SSL_aPSK,
1848 SSL_eNULL,
1849 SSL_SHA1,
1850 TLS1_VERSION, TLS1_2_VERSION,
1851 DTLS1_BAD_VER, DTLS1_2_VERSION,
1852 SSL_STRONG_NONE | SSL_FIPS,
1853 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1854 0,
1855 0,
1856 },
1857 {
1858 1,
1859 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1860 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1861 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1862 SSL_kECDHEPSK,
1863 SSL_aPSK,
1864 SSL_eNULL,
1865 SSL_SHA256,
1866 TLS1_VERSION, TLS1_2_VERSION,
1867 DTLS1_BAD_VER, DTLS1_2_VERSION,
1868 SSL_STRONG_NONE | SSL_FIPS,
1869 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1870 0,
1871 0,
1872 },
1873 {
1874 1,
1875 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1876 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1877 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1878 SSL_kECDHEPSK,
1879 SSL_aPSK,
1880 SSL_eNULL,
1881 SSL_SHA384,
1882 TLS1_VERSION, TLS1_2_VERSION,
1883 DTLS1_BAD_VER, DTLS1_2_VERSION,
1884 SSL_STRONG_NONE | SSL_FIPS,
1885 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1886 0,
1887 0,
1888 },
1889
1890 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1891 {
1892 1,
1893 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1894 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1895 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1896 SSL_kSRP,
1897 SSL_aSRP,
1898 SSL_3DES,
1899 SSL_SHA1,
1900 SSL3_VERSION, TLS1_2_VERSION,
1901 DTLS1_BAD_VER, DTLS1_2_VERSION,
1902 SSL_NOT_DEFAULT | SSL_MEDIUM,
1903 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1904 112,
1905 168,
1906 },
1907 {
1908 1,
1909 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1910 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1911 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1912 SSL_kSRP,
1913 SSL_aRSA,
1914 SSL_3DES,
1915 SSL_SHA1,
1916 SSL3_VERSION, TLS1_2_VERSION,
1917 DTLS1_BAD_VER, DTLS1_2_VERSION,
1918 SSL_NOT_DEFAULT | SSL_MEDIUM,
1919 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1920 112,
1921 168,
1922 },
1923 {
1924 1,
1925 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1926 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1927 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1928 SSL_kSRP,
1929 SSL_aDSS,
1930 SSL_3DES,
1931 SSL_SHA1,
1932 SSL3_VERSION, TLS1_2_VERSION,
1933 DTLS1_BAD_VER, DTLS1_2_VERSION,
1934 SSL_NOT_DEFAULT | SSL_MEDIUM,
1935 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1936 112,
1937 168,
1938 },
1939 # endif
1940 {
1941 1,
1942 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1943 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1944 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1945 SSL_kSRP,
1946 SSL_aSRP,
1947 SSL_AES128,
1948 SSL_SHA1,
1949 SSL3_VERSION, TLS1_2_VERSION,
1950 DTLS1_BAD_VER, DTLS1_2_VERSION,
1951 SSL_HIGH,
1952 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1953 128,
1954 128,
1955 },
1956 {
1957 1,
1958 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1959 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1960 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1961 SSL_kSRP,
1962 SSL_aRSA,
1963 SSL_AES128,
1964 SSL_SHA1,
1965 SSL3_VERSION, TLS1_2_VERSION,
1966 DTLS1_BAD_VER, DTLS1_2_VERSION,
1967 SSL_HIGH,
1968 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1969 128,
1970 128,
1971 },
1972 {
1973 1,
1974 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1975 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1976 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1977 SSL_kSRP,
1978 SSL_aDSS,
1979 SSL_AES128,
1980 SSL_SHA1,
1981 SSL3_VERSION, TLS1_2_VERSION,
1982 DTLS1_BAD_VER, DTLS1_2_VERSION,
1983 SSL_NOT_DEFAULT | SSL_HIGH,
1984 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1985 128,
1986 128,
1987 },
1988 {
1989 1,
1990 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1991 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
1992 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1993 SSL_kSRP,
1994 SSL_aSRP,
1995 SSL_AES256,
1996 SSL_SHA1,
1997 SSL3_VERSION, TLS1_2_VERSION,
1998 DTLS1_BAD_VER, DTLS1_2_VERSION,
1999 SSL_HIGH,
2000 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2001 256,
2002 256,
2003 },
2004 {
2005 1,
2006 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2007 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2008 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2009 SSL_kSRP,
2010 SSL_aRSA,
2011 SSL_AES256,
2012 SSL_SHA1,
2013 SSL3_VERSION, TLS1_2_VERSION,
2014 DTLS1_BAD_VER, DTLS1_2_VERSION,
2015 SSL_HIGH,
2016 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2017 256,
2018 256,
2019 },
2020 {
2021 1,
2022 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2023 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2024 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2025 SSL_kSRP,
2026 SSL_aDSS,
2027 SSL_AES256,
2028 SSL_SHA1,
2029 SSL3_VERSION, TLS1_2_VERSION,
2030 DTLS1_BAD_VER, DTLS1_2_VERSION,
2031 SSL_NOT_DEFAULT | SSL_HIGH,
2032 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2033 256,
2034 256,
2035 },
2036
2037 {
2038 1,
2039 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2040 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2041 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2042 SSL_kDHE,
2043 SSL_aRSA,
2044 SSL_CHACHA20POLY1305,
2045 SSL_AEAD,
2046 TLS1_2_VERSION, TLS1_2_VERSION,
2047 DTLS1_2_VERSION, DTLS1_2_VERSION,
2048 SSL_HIGH,
2049 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2050 256,
2051 256,
2052 },
2053 {
2054 1,
2055 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2056 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2057 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2058 SSL_kECDHE,
2059 SSL_aRSA,
2060 SSL_CHACHA20POLY1305,
2061 SSL_AEAD,
2062 TLS1_2_VERSION, TLS1_2_VERSION,
2063 DTLS1_2_VERSION, DTLS1_2_VERSION,
2064 SSL_HIGH,
2065 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2066 256,
2067 256,
2068 },
2069 {
2070 1,
2071 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2072 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2073 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2074 SSL_kECDHE,
2075 SSL_aECDSA,
2076 SSL_CHACHA20POLY1305,
2077 SSL_AEAD,
2078 TLS1_2_VERSION, TLS1_2_VERSION,
2079 DTLS1_2_VERSION, DTLS1_2_VERSION,
2080 SSL_HIGH,
2081 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2082 256,
2083 256,
2084 },
2085 {
2086 1,
2087 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2088 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2089 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2090 SSL_kPSK,
2091 SSL_aPSK,
2092 SSL_CHACHA20POLY1305,
2093 SSL_AEAD,
2094 TLS1_2_VERSION, TLS1_2_VERSION,
2095 DTLS1_2_VERSION, DTLS1_2_VERSION,
2096 SSL_HIGH,
2097 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2098 256,
2099 256,
2100 },
2101 {
2102 1,
2103 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2104 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2105 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2106 SSL_kECDHEPSK,
2107 SSL_aPSK,
2108 SSL_CHACHA20POLY1305,
2109 SSL_AEAD,
2110 TLS1_2_VERSION, TLS1_2_VERSION,
2111 DTLS1_2_VERSION, DTLS1_2_VERSION,
2112 SSL_HIGH,
2113 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2114 256,
2115 256,
2116 },
2117 {
2118 1,
2119 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2120 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2121 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2122 SSL_kDHEPSK,
2123 SSL_aPSK,
2124 SSL_CHACHA20POLY1305,
2125 SSL_AEAD,
2126 TLS1_2_VERSION, TLS1_2_VERSION,
2127 DTLS1_2_VERSION, DTLS1_2_VERSION,
2128 SSL_HIGH,
2129 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2130 256,
2131 256,
2132 },
2133 {
2134 1,
2135 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2136 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2137 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2138 SSL_kRSAPSK,
2139 SSL_aRSA,
2140 SSL_CHACHA20POLY1305,
2141 SSL_AEAD,
2142 TLS1_2_VERSION, TLS1_2_VERSION,
2143 DTLS1_2_VERSION, DTLS1_2_VERSION,
2144 SSL_HIGH,
2145 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2146 256,
2147 256,
2148 },
2149
2150 {
2151 1,
2152 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2153 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2154 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2155 SSL_kRSA,
2156 SSL_aRSA,
2157 SSL_CAMELLIA128,
2158 SSL_SHA256,
2159 TLS1_2_VERSION, TLS1_2_VERSION,
2160 DTLS1_2_VERSION, DTLS1_2_VERSION,
2161 SSL_NOT_DEFAULT | SSL_HIGH,
2162 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2163 128,
2164 128,
2165 },
2166 {
2167 1,
2168 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2169 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2170 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2171 SSL_kDHE,
2172 SSL_aDSS,
2173 SSL_CAMELLIA128,
2174 SSL_SHA256,
2175 TLS1_2_VERSION, TLS1_2_VERSION,
2176 DTLS1_2_VERSION, DTLS1_2_VERSION,
2177 SSL_NOT_DEFAULT | SSL_HIGH,
2178 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2179 128,
2180 128,
2181 },
2182 {
2183 1,
2184 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2185 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2186 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2187 SSL_kDHE,
2188 SSL_aRSA,
2189 SSL_CAMELLIA128,
2190 SSL_SHA256,
2191 TLS1_2_VERSION, TLS1_2_VERSION,
2192 DTLS1_2_VERSION, DTLS1_2_VERSION,
2193 SSL_NOT_DEFAULT | SSL_HIGH,
2194 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2195 128,
2196 128,
2197 },
2198 {
2199 1,
2200 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2201 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2202 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2203 SSL_kDHE,
2204 SSL_aNULL,
2205 SSL_CAMELLIA128,
2206 SSL_SHA256,
2207 TLS1_2_VERSION, TLS1_2_VERSION,
2208 DTLS1_2_VERSION, DTLS1_2_VERSION,
2209 SSL_NOT_DEFAULT | SSL_HIGH,
2210 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2211 128,
2212 128,
2213 },
2214 {
2215 1,
2216 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2217 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2218 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2219 SSL_kRSA,
2220 SSL_aRSA,
2221 SSL_CAMELLIA256,
2222 SSL_SHA256,
2223 TLS1_2_VERSION, TLS1_2_VERSION,
2224 DTLS1_2_VERSION, DTLS1_2_VERSION,
2225 SSL_NOT_DEFAULT | SSL_HIGH,
2226 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2227 256,
2228 256,
2229 },
2230 {
2231 1,
2232 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2233 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2234 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2235 SSL_kDHE,
2236 SSL_aDSS,
2237 SSL_CAMELLIA256,
2238 SSL_SHA256,
2239 TLS1_2_VERSION, TLS1_2_VERSION,
2240 DTLS1_2_VERSION, DTLS1_2_VERSION,
2241 SSL_NOT_DEFAULT | SSL_HIGH,
2242 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2243 256,
2244 256,
2245 },
2246 {
2247 1,
2248 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2249 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2250 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2251 SSL_kDHE,
2252 SSL_aRSA,
2253 SSL_CAMELLIA256,
2254 SSL_SHA256,
2255 TLS1_2_VERSION, TLS1_2_VERSION,
2256 DTLS1_2_VERSION, DTLS1_2_VERSION,
2257 SSL_NOT_DEFAULT | SSL_HIGH,
2258 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2259 256,
2260 256,
2261 },
2262 {
2263 1,
2264 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2265 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2266 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2267 SSL_kDHE,
2268 SSL_aNULL,
2269 SSL_CAMELLIA256,
2270 SSL_SHA256,
2271 TLS1_2_VERSION, TLS1_2_VERSION,
2272 DTLS1_2_VERSION, DTLS1_2_VERSION,
2273 SSL_NOT_DEFAULT | SSL_HIGH,
2274 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2275 256,
2276 256,
2277 },
2278 {
2279 1,
2280 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2281 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2282 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2283 SSL_kRSA,
2284 SSL_aRSA,
2285 SSL_CAMELLIA256,
2286 SSL_SHA1,
2287 SSL3_VERSION, TLS1_2_VERSION,
2288 DTLS1_BAD_VER, DTLS1_2_VERSION,
2289 SSL_NOT_DEFAULT | SSL_HIGH,
2290 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2291 256,
2292 256,
2293 },
2294 {
2295 1,
2296 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2297 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2298 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2299 SSL_kDHE,
2300 SSL_aDSS,
2301 SSL_CAMELLIA256,
2302 SSL_SHA1,
2303 SSL3_VERSION, TLS1_2_VERSION,
2304 DTLS1_BAD_VER, DTLS1_2_VERSION,
2305 SSL_NOT_DEFAULT | SSL_HIGH,
2306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2307 256,
2308 256,
2309 },
2310 {
2311 1,
2312 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2313 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2314 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2315 SSL_kDHE,
2316 SSL_aRSA,
2317 SSL_CAMELLIA256,
2318 SSL_SHA1,
2319 SSL3_VERSION, TLS1_2_VERSION,
2320 DTLS1_BAD_VER, DTLS1_2_VERSION,
2321 SSL_NOT_DEFAULT | SSL_HIGH,
2322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2323 256,
2324 256,
2325 },
2326 {
2327 1,
2328 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2329 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2330 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2331 SSL_kDHE,
2332 SSL_aNULL,
2333 SSL_CAMELLIA256,
2334 SSL_SHA1,
2335 SSL3_VERSION, TLS1_2_VERSION,
2336 DTLS1_BAD_VER, DTLS1_2_VERSION,
2337 SSL_NOT_DEFAULT | SSL_HIGH,
2338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2339 256,
2340 256,
2341 },
2342 {
2343 1,
2344 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2345 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2346 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2347 SSL_kRSA,
2348 SSL_aRSA,
2349 SSL_CAMELLIA128,
2350 SSL_SHA1,
2351 SSL3_VERSION, TLS1_2_VERSION,
2352 DTLS1_BAD_VER, DTLS1_2_VERSION,
2353 SSL_NOT_DEFAULT | SSL_HIGH,
2354 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2355 128,
2356 128,
2357 },
2358 {
2359 1,
2360 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2361 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2362 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2363 SSL_kDHE,
2364 SSL_aDSS,
2365 SSL_CAMELLIA128,
2366 SSL_SHA1,
2367 SSL3_VERSION, TLS1_2_VERSION,
2368 DTLS1_BAD_VER, DTLS1_2_VERSION,
2369 SSL_NOT_DEFAULT | SSL_HIGH,
2370 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2371 128,
2372 128,
2373 },
2374 {
2375 1,
2376 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2377 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2378 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2379 SSL_kDHE,
2380 SSL_aRSA,
2381 SSL_CAMELLIA128,
2382 SSL_SHA1,
2383 SSL3_VERSION, TLS1_2_VERSION,
2384 DTLS1_BAD_VER, DTLS1_2_VERSION,
2385 SSL_NOT_DEFAULT | SSL_HIGH,
2386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2387 128,
2388 128,
2389 },
2390 {
2391 1,
2392 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2393 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2394 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2395 SSL_kDHE,
2396 SSL_aNULL,
2397 SSL_CAMELLIA128,
2398 SSL_SHA1,
2399 SSL3_VERSION, TLS1_2_VERSION,
2400 DTLS1_BAD_VER, DTLS1_2_VERSION,
2401 SSL_NOT_DEFAULT | SSL_HIGH,
2402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2403 128,
2404 128,
2405 },
2406 {
2407 1,
2408 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2409 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2410 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2411 SSL_kECDHE,
2412 SSL_aECDSA,
2413 SSL_CAMELLIA128,
2414 SSL_SHA256,
2415 TLS1_2_VERSION, TLS1_2_VERSION,
2416 DTLS1_2_VERSION, DTLS1_2_VERSION,
2417 SSL_NOT_DEFAULT | SSL_HIGH,
2418 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2419 128,
2420 128,
2421 },
2422 {
2423 1,
2424 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2425 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2426 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2427 SSL_kECDHE,
2428 SSL_aECDSA,
2429 SSL_CAMELLIA256,
2430 SSL_SHA384,
2431 TLS1_2_VERSION, TLS1_2_VERSION,
2432 DTLS1_2_VERSION, DTLS1_2_VERSION,
2433 SSL_NOT_DEFAULT | SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2435 256,
2436 256,
2437 },
2438 {
2439 1,
2440 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2441 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2442 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2443 SSL_kECDHE,
2444 SSL_aRSA,
2445 SSL_CAMELLIA128,
2446 SSL_SHA256,
2447 TLS1_2_VERSION, TLS1_2_VERSION,
2448 DTLS1_2_VERSION, DTLS1_2_VERSION,
2449 SSL_NOT_DEFAULT | SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2451 128,
2452 128,
2453 },
2454 {
2455 1,
2456 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2457 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2458 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2459 SSL_kECDHE,
2460 SSL_aRSA,
2461 SSL_CAMELLIA256,
2462 SSL_SHA384,
2463 TLS1_2_VERSION, TLS1_2_VERSION,
2464 DTLS1_2_VERSION, DTLS1_2_VERSION,
2465 SSL_NOT_DEFAULT | SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2467 256,
2468 256,
2469 },
2470 {
2471 1,
2472 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2473 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2474 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2475 SSL_kPSK,
2476 SSL_aPSK,
2477 SSL_CAMELLIA128,
2478 SSL_SHA256,
2479 TLS1_VERSION, TLS1_2_VERSION,
2480 DTLS1_BAD_VER, DTLS1_2_VERSION,
2481 SSL_NOT_DEFAULT | SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2483 128,
2484 128,
2485 },
2486 {
2487 1,
2488 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2489 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2490 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2491 SSL_kPSK,
2492 SSL_aPSK,
2493 SSL_CAMELLIA256,
2494 SSL_SHA384,
2495 TLS1_VERSION, TLS1_2_VERSION,
2496 DTLS1_BAD_VER, DTLS1_2_VERSION,
2497 SSL_NOT_DEFAULT | SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2499 256,
2500 256,
2501 },
2502 {
2503 1,
2504 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2505 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2506 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2507 SSL_kDHEPSK,
2508 SSL_aPSK,
2509 SSL_CAMELLIA128,
2510 SSL_SHA256,
2511 TLS1_VERSION, TLS1_2_VERSION,
2512 DTLS1_BAD_VER, DTLS1_2_VERSION,
2513 SSL_NOT_DEFAULT | SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2515 128,
2516 128,
2517 },
2518 {
2519 1,
2520 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2521 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2522 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2523 SSL_kDHEPSK,
2524 SSL_aPSK,
2525 SSL_CAMELLIA256,
2526 SSL_SHA384,
2527 TLS1_VERSION, TLS1_2_VERSION,
2528 DTLS1_BAD_VER, DTLS1_2_VERSION,
2529 SSL_NOT_DEFAULT | SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2531 256,
2532 256,
2533 },
2534 {
2535 1,
2536 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2537 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2538 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2539 SSL_kRSAPSK,
2540 SSL_aRSA,
2541 SSL_CAMELLIA128,
2542 SSL_SHA256,
2543 TLS1_VERSION, TLS1_2_VERSION,
2544 DTLS1_BAD_VER, DTLS1_2_VERSION,
2545 SSL_NOT_DEFAULT | SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2547 128,
2548 128,
2549 },
2550 {
2551 1,
2552 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2553 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2554 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2555 SSL_kRSAPSK,
2556 SSL_aRSA,
2557 SSL_CAMELLIA256,
2558 SSL_SHA384,
2559 TLS1_VERSION, TLS1_2_VERSION,
2560 DTLS1_BAD_VER, DTLS1_2_VERSION,
2561 SSL_NOT_DEFAULT | SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2563 256,
2564 256,
2565 },
2566 {
2567 1,
2568 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2569 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2570 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2571 SSL_kECDHEPSK,
2572 SSL_aPSK,
2573 SSL_CAMELLIA128,
2574 SSL_SHA256,
2575 TLS1_VERSION, TLS1_2_VERSION,
2576 DTLS1_BAD_VER, DTLS1_2_VERSION,
2577 SSL_NOT_DEFAULT | SSL_HIGH,
2578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2579 128,
2580 128,
2581 },
2582 {
2583 1,
2584 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2585 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2586 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2587 SSL_kECDHEPSK,
2588 SSL_aPSK,
2589 SSL_CAMELLIA256,
2590 SSL_SHA384,
2591 TLS1_VERSION, TLS1_2_VERSION,
2592 DTLS1_BAD_VER, DTLS1_2_VERSION,
2593 SSL_NOT_DEFAULT | SSL_HIGH,
2594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2595 256,
2596 256,
2597 },
2598
2599 #ifndef OPENSSL_NO_GOST
2600 {
2601 1,
2602 "GOST2001-GOST89-GOST89",
2603 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2604 0x3000081,
2605 SSL_kGOST,
2606 SSL_aGOST01,
2607 SSL_eGOST2814789CNT,
2608 SSL_GOST89MAC,
2609 TLS1_VERSION, TLS1_2_VERSION,
2610 0, 0,
2611 SSL_HIGH,
2612 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2613 256,
2614 256,
2615 },
2616 {
2617 1,
2618 "GOST2001-NULL-GOST94",
2619 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2620 0x3000083,
2621 SSL_kGOST,
2622 SSL_aGOST01,
2623 SSL_eNULL,
2624 SSL_GOST94,
2625 TLS1_VERSION, TLS1_2_VERSION,
2626 0, 0,
2627 SSL_STRONG_NONE,
2628 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2629 0,
2630 0,
2631 },
2632 {
2633 1,
2634 "IANA-GOST2012-GOST8912-GOST8912",
2635 NULL,
2636 0x0300c102,
2637 SSL_kGOST,
2638 SSL_aGOST12 | SSL_aGOST01,
2639 SSL_eGOST2814789CNT12,
2640 SSL_GOST89MAC12,
2641 TLS1_VERSION, TLS1_2_VERSION,
2642 0, 0,
2643 SSL_HIGH,
2644 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2645 256,
2646 256,
2647 },
2648 {
2649 1,
2650 "LEGACY-GOST2012-GOST8912-GOST8912",
2651 NULL,
2652 0x0300ff85,
2653 SSL_kGOST,
2654 SSL_aGOST12 | SSL_aGOST01,
2655 SSL_eGOST2814789CNT12,
2656 SSL_GOST89MAC12,
2657 TLS1_VERSION, TLS1_2_VERSION,
2658 0, 0,
2659 SSL_HIGH,
2660 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2661 256,
2662 256,
2663 },
2664 {
2665 1,
2666 "GOST2012-NULL-GOST12",
2667 NULL,
2668 0x0300ff87,
2669 SSL_kGOST,
2670 SSL_aGOST12 | SSL_aGOST01,
2671 SSL_eNULL,
2672 SSL_GOST12_256,
2673 TLS1_VERSION, TLS1_2_VERSION,
2674 0, 0,
2675 SSL_STRONG_NONE,
2676 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2677 0,
2678 0,
2679 },
2680 {
2681 1,
2682 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2683 NULL,
2684 0x0300C100,
2685 SSL_kGOST18,
2686 SSL_aGOST12,
2687 SSL_KUZNYECHIK,
2688 SSL_KUZNYECHIKOMAC,
2689 TLS1_2_VERSION, TLS1_2_VERSION,
2690 0, 0,
2691 SSL_HIGH,
2692 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2693 256,
2694 256,
2695 },
2696 {
2697 1,
2698 "GOST2012-MAGMA-MAGMAOMAC",
2699 NULL,
2700 0x0300C101,
2701 SSL_kGOST18,
2702 SSL_aGOST12,
2703 SSL_MAGMA,
2704 SSL_MAGMAOMAC,
2705 TLS1_2_VERSION, TLS1_2_VERSION,
2706 0, 0,
2707 SSL_HIGH,
2708 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2709 256,
2710 256,
2711 },
2712 #endif /* OPENSSL_NO_GOST */
2713
2714 {
2715 1,
2716 SSL3_TXT_RSA_IDEA_128_SHA,
2717 SSL3_RFC_RSA_IDEA_128_SHA,
2718 SSL3_CK_RSA_IDEA_128_SHA,
2719 SSL_kRSA,
2720 SSL_aRSA,
2721 SSL_IDEA,
2722 SSL_SHA1,
2723 SSL3_VERSION, TLS1_1_VERSION,
2724 DTLS1_BAD_VER, DTLS1_VERSION,
2725 SSL_NOT_DEFAULT | SSL_MEDIUM,
2726 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2727 128,
2728 128,
2729 },
2730
2731 {
2732 1,
2733 TLS1_TXT_RSA_WITH_SEED_SHA,
2734 TLS1_RFC_RSA_WITH_SEED_SHA,
2735 TLS1_CK_RSA_WITH_SEED_SHA,
2736 SSL_kRSA,
2737 SSL_aRSA,
2738 SSL_SEED,
2739 SSL_SHA1,
2740 SSL3_VERSION, TLS1_2_VERSION,
2741 DTLS1_BAD_VER, DTLS1_2_VERSION,
2742 SSL_NOT_DEFAULT | SSL_MEDIUM,
2743 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2744 128,
2745 128,
2746 },
2747 {
2748 1,
2749 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2750 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2751 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2752 SSL_kDHE,
2753 SSL_aDSS,
2754 SSL_SEED,
2755 SSL_SHA1,
2756 SSL3_VERSION, TLS1_2_VERSION,
2757 DTLS1_BAD_VER, DTLS1_2_VERSION,
2758 SSL_NOT_DEFAULT | SSL_MEDIUM,
2759 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2760 128,
2761 128,
2762 },
2763 {
2764 1,
2765 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2766 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2767 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2768 SSL_kDHE,
2769 SSL_aRSA,
2770 SSL_SEED,
2771 SSL_SHA1,
2772 SSL3_VERSION, TLS1_2_VERSION,
2773 DTLS1_BAD_VER, DTLS1_2_VERSION,
2774 SSL_NOT_DEFAULT | SSL_MEDIUM,
2775 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2776 128,
2777 128,
2778 },
2779 {
2780 1,
2781 TLS1_TXT_ADH_WITH_SEED_SHA,
2782 TLS1_RFC_ADH_WITH_SEED_SHA,
2783 TLS1_CK_ADH_WITH_SEED_SHA,
2784 SSL_kDHE,
2785 SSL_aNULL,
2786 SSL_SEED,
2787 SSL_SHA1,
2788 SSL3_VERSION, TLS1_2_VERSION,
2789 DTLS1_BAD_VER, DTLS1_2_VERSION,
2790 SSL_NOT_DEFAULT | SSL_MEDIUM,
2791 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2792 128,
2793 128,
2794 },
2795
2796 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2797 {
2798 1,
2799 SSL3_TXT_RSA_RC4_128_MD5,
2800 SSL3_RFC_RSA_RC4_128_MD5,
2801 SSL3_CK_RSA_RC4_128_MD5,
2802 SSL_kRSA,
2803 SSL_aRSA,
2804 SSL_RC4,
2805 SSL_MD5,
2806 SSL3_VERSION, TLS1_2_VERSION,
2807 0, 0,
2808 SSL_NOT_DEFAULT | SSL_MEDIUM,
2809 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2810 128,
2811 128,
2812 },
2813 {
2814 1,
2815 SSL3_TXT_RSA_RC4_128_SHA,
2816 SSL3_RFC_RSA_RC4_128_SHA,
2817 SSL3_CK_RSA_RC4_128_SHA,
2818 SSL_kRSA,
2819 SSL_aRSA,
2820 SSL_RC4,
2821 SSL_SHA1,
2822 SSL3_VERSION, TLS1_2_VERSION,
2823 0, 0,
2824 SSL_NOT_DEFAULT | SSL_MEDIUM,
2825 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2826 128,
2827 128,
2828 },
2829 {
2830 1,
2831 SSL3_TXT_ADH_RC4_128_MD5,
2832 SSL3_RFC_ADH_RC4_128_MD5,
2833 SSL3_CK_ADH_RC4_128_MD5,
2834 SSL_kDHE,
2835 SSL_aNULL,
2836 SSL_RC4,
2837 SSL_MD5,
2838 SSL3_VERSION, TLS1_2_VERSION,
2839 0, 0,
2840 SSL_NOT_DEFAULT | SSL_MEDIUM,
2841 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2842 128,
2843 128,
2844 },
2845 {
2846 1,
2847 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2848 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2849 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2850 SSL_kECDHEPSK,
2851 SSL_aPSK,
2852 SSL_RC4,
2853 SSL_SHA1,
2854 TLS1_VERSION, TLS1_2_VERSION,
2855 0, 0,
2856 SSL_NOT_DEFAULT | SSL_MEDIUM,
2857 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2858 128,
2859 128,
2860 },
2861 {
2862 1,
2863 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2864 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2865 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2866 SSL_kECDHE,
2867 SSL_aNULL,
2868 SSL_RC4,
2869 SSL_SHA1,
2870 TLS1_VERSION, TLS1_2_VERSION,
2871 0, 0,
2872 SSL_NOT_DEFAULT | SSL_MEDIUM,
2873 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2874 128,
2875 128,
2876 },
2877 {
2878 1,
2879 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2880 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2881 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2882 SSL_kECDHE,
2883 SSL_aECDSA,
2884 SSL_RC4,
2885 SSL_SHA1,
2886 TLS1_VERSION, TLS1_2_VERSION,
2887 0, 0,
2888 SSL_NOT_DEFAULT | SSL_MEDIUM,
2889 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2890 128,
2891 128,
2892 },
2893 {
2894 1,
2895 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2896 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2897 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2898 SSL_kECDHE,
2899 SSL_aRSA,
2900 SSL_RC4,
2901 SSL_SHA1,
2902 TLS1_VERSION, TLS1_2_VERSION,
2903 0, 0,
2904 SSL_NOT_DEFAULT | SSL_MEDIUM,
2905 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2906 128,
2907 128,
2908 },
2909 {
2910 1,
2911 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2912 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2913 TLS1_CK_PSK_WITH_RC4_128_SHA,
2914 SSL_kPSK,
2915 SSL_aPSK,
2916 SSL_RC4,
2917 SSL_SHA1,
2918 SSL3_VERSION, TLS1_2_VERSION,
2919 0, 0,
2920 SSL_NOT_DEFAULT | SSL_MEDIUM,
2921 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2922 128,
2923 128,
2924 },
2925 {
2926 1,
2927 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2928 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2929 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2930 SSL_kRSAPSK,
2931 SSL_aRSA,
2932 SSL_RC4,
2933 SSL_SHA1,
2934 SSL3_VERSION, TLS1_2_VERSION,
2935 0, 0,
2936 SSL_NOT_DEFAULT | SSL_MEDIUM,
2937 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2938 128,
2939 128,
2940 },
2941 {
2942 1,
2943 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2944 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
2945 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2946 SSL_kDHEPSK,
2947 SSL_aPSK,
2948 SSL_RC4,
2949 SSL_SHA1,
2950 SSL3_VERSION, TLS1_2_VERSION,
2951 0, 0,
2952 SSL_NOT_DEFAULT | SSL_MEDIUM,
2953 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2954 128,
2955 128,
2956 },
2957 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2958
2959 {
2960 1,
2961 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
2962 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
2963 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
2964 SSL_kRSA,
2965 SSL_aRSA,
2966 SSL_ARIA128GCM,
2967 SSL_AEAD,
2968 TLS1_2_VERSION, TLS1_2_VERSION,
2969 DTLS1_2_VERSION, DTLS1_2_VERSION,
2970 SSL_NOT_DEFAULT | SSL_HIGH,
2971 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2972 128,
2973 128,
2974 },
2975 {
2976 1,
2977 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
2978 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
2979 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
2980 SSL_kRSA,
2981 SSL_aRSA,
2982 SSL_ARIA256GCM,
2983 SSL_AEAD,
2984 TLS1_2_VERSION, TLS1_2_VERSION,
2985 DTLS1_2_VERSION, DTLS1_2_VERSION,
2986 SSL_NOT_DEFAULT | SSL_HIGH,
2987 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2988 256,
2989 256,
2990 },
2991 {
2992 1,
2993 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2994 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2995 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
2996 SSL_kDHE,
2997 SSL_aRSA,
2998 SSL_ARIA128GCM,
2999 SSL_AEAD,
3000 TLS1_2_VERSION, TLS1_2_VERSION,
3001 DTLS1_2_VERSION, DTLS1_2_VERSION,
3002 SSL_NOT_DEFAULT | SSL_HIGH,
3003 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3004 128,
3005 128,
3006 },
3007 {
3008 1,
3009 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3010 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3011 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3012 SSL_kDHE,
3013 SSL_aRSA,
3014 SSL_ARIA256GCM,
3015 SSL_AEAD,
3016 TLS1_2_VERSION, TLS1_2_VERSION,
3017 DTLS1_2_VERSION, DTLS1_2_VERSION,
3018 SSL_NOT_DEFAULT | SSL_HIGH,
3019 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3020 256,
3021 256,
3022 },
3023 {
3024 1,
3025 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3026 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3027 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3028 SSL_kDHE,
3029 SSL_aDSS,
3030 SSL_ARIA128GCM,
3031 SSL_AEAD,
3032 TLS1_2_VERSION, TLS1_2_VERSION,
3033 DTLS1_2_VERSION, DTLS1_2_VERSION,
3034 SSL_NOT_DEFAULT | SSL_HIGH,
3035 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3036 128,
3037 128,
3038 },
3039 {
3040 1,
3041 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3042 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3043 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3044 SSL_kDHE,
3045 SSL_aDSS,
3046 SSL_ARIA256GCM,
3047 SSL_AEAD,
3048 TLS1_2_VERSION, TLS1_2_VERSION,
3049 DTLS1_2_VERSION, DTLS1_2_VERSION,
3050 SSL_NOT_DEFAULT | SSL_HIGH,
3051 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3052 256,
3053 256,
3054 },
3055 {
3056 1,
3057 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3058 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3059 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3060 SSL_kECDHE,
3061 SSL_aECDSA,
3062 SSL_ARIA128GCM,
3063 SSL_AEAD,
3064 TLS1_2_VERSION, TLS1_2_VERSION,
3065 DTLS1_2_VERSION, DTLS1_2_VERSION,
3066 SSL_NOT_DEFAULT | SSL_HIGH,
3067 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3068 128,
3069 128,
3070 },
3071 {
3072 1,
3073 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3074 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3075 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3076 SSL_kECDHE,
3077 SSL_aECDSA,
3078 SSL_ARIA256GCM,
3079 SSL_AEAD,
3080 TLS1_2_VERSION, TLS1_2_VERSION,
3081 DTLS1_2_VERSION, DTLS1_2_VERSION,
3082 SSL_NOT_DEFAULT | SSL_HIGH,
3083 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3084 256,
3085 256,
3086 },
3087 {
3088 1,
3089 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3090 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3091 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3092 SSL_kECDHE,
3093 SSL_aRSA,
3094 SSL_ARIA128GCM,
3095 SSL_AEAD,
3096 TLS1_2_VERSION, TLS1_2_VERSION,
3097 DTLS1_2_VERSION, DTLS1_2_VERSION,
3098 SSL_NOT_DEFAULT | SSL_HIGH,
3099 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3100 128,
3101 128,
3102 },
3103 {
3104 1,
3105 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3106 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3107 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3108 SSL_kECDHE,
3109 SSL_aRSA,
3110 SSL_ARIA256GCM,
3111 SSL_AEAD,
3112 TLS1_2_VERSION, TLS1_2_VERSION,
3113 DTLS1_2_VERSION, DTLS1_2_VERSION,
3114 SSL_NOT_DEFAULT | SSL_HIGH,
3115 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3116 256,
3117 256,
3118 },
3119 {
3120 1,
3121 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3122 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3123 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3124 SSL_kPSK,
3125 SSL_aPSK,
3126 SSL_ARIA128GCM,
3127 SSL_AEAD,
3128 TLS1_2_VERSION, TLS1_2_VERSION,
3129 DTLS1_2_VERSION, DTLS1_2_VERSION,
3130 SSL_NOT_DEFAULT | SSL_HIGH,
3131 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3132 128,
3133 128,
3134 },
3135 {
3136 1,
3137 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3138 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3139 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3140 SSL_kPSK,
3141 SSL_aPSK,
3142 SSL_ARIA256GCM,
3143 SSL_AEAD,
3144 TLS1_2_VERSION, TLS1_2_VERSION,
3145 DTLS1_2_VERSION, DTLS1_2_VERSION,
3146 SSL_NOT_DEFAULT | SSL_HIGH,
3147 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3148 256,
3149 256,
3150 },
3151 {
3152 1,
3153 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3154 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3155 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3156 SSL_kDHEPSK,
3157 SSL_aPSK,
3158 SSL_ARIA128GCM,
3159 SSL_AEAD,
3160 TLS1_2_VERSION, TLS1_2_VERSION,
3161 DTLS1_2_VERSION, DTLS1_2_VERSION,
3162 SSL_NOT_DEFAULT | SSL_HIGH,
3163 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3164 128,
3165 128,
3166 },
3167 {
3168 1,
3169 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3170 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3171 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3172 SSL_kDHEPSK,
3173 SSL_aPSK,
3174 SSL_ARIA256GCM,
3175 SSL_AEAD,
3176 TLS1_2_VERSION, TLS1_2_VERSION,
3177 DTLS1_2_VERSION, DTLS1_2_VERSION,
3178 SSL_NOT_DEFAULT | SSL_HIGH,
3179 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3180 256,
3181 256,
3182 },
3183 {
3184 1,
3185 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3186 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3187 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3188 SSL_kRSAPSK,
3189 SSL_aRSA,
3190 SSL_ARIA128GCM,
3191 SSL_AEAD,
3192 TLS1_2_VERSION, TLS1_2_VERSION,
3193 DTLS1_2_VERSION, DTLS1_2_VERSION,
3194 SSL_NOT_DEFAULT | SSL_HIGH,
3195 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3196 128,
3197 128,
3198 },
3199 {
3200 1,
3201 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3202 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3203 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3204 SSL_kRSAPSK,
3205 SSL_aRSA,
3206 SSL_ARIA256GCM,
3207 SSL_AEAD,
3208 TLS1_2_VERSION, TLS1_2_VERSION,
3209 DTLS1_2_VERSION, DTLS1_2_VERSION,
3210 SSL_NOT_DEFAULT | SSL_HIGH,
3211 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3212 256,
3213 256,
3214 },
3215 };
3216
3217 /*
3218 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3219 * values stuffed into the ciphers field of the wire protocol for signalling
3220 * purposes.
3221 */
3222 static SSL_CIPHER ssl3_scsvs[] = {
3223 {
3224 0,
3225 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3226 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3227 SSL3_CK_SCSV,
3228 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3229 },
3230 {
3231 0,
3232 "TLS_FALLBACK_SCSV",
3233 "TLS_FALLBACK_SCSV",
3234 SSL3_CK_FALLBACK_SCSV,
3235 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3236 },
3237 };
3238
cipher_compare(const void * a,const void * b)3239 static int cipher_compare(const void *a, const void *b)
3240 {
3241 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3242 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3243
3244 if (ap->id == bp->id)
3245 return 0;
3246 return ap->id < bp->id ? -1 : 1;
3247 }
3248
ssl_sort_cipher_list(void)3249 void ssl_sort_cipher_list(void)
3250 {
3251 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3252 cipher_compare);
3253 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3254 cipher_compare);
3255 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3256 }
3257
ssl_undefined_function_1(SSL * ssl,unsigned char * r,size_t s,const char * t,size_t u,const unsigned char * v,size_t w,int x)3258 static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
3259 const char * t, size_t u,
3260 const unsigned char * v, size_t w, int x)
3261 {
3262 (void)r;
3263 (void)s;
3264 (void)t;
3265 (void)u;
3266 (void)v;
3267 (void)w;
3268 (void)x;
3269 return ssl_undefined_function(ssl);
3270 }
3271
3272 const SSL3_ENC_METHOD SSLv3_enc_data = {
3273 ssl3_enc,
3274 n_ssl3_mac,
3275 ssl3_setup_key_block,
3276 ssl3_generate_master_secret,
3277 ssl3_change_cipher_state,
3278 ssl3_final_finish_mac,
3279 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3280 SSL3_MD_SERVER_FINISHED_CONST, 4,
3281 ssl3_alert_code,
3282 ssl_undefined_function_1,
3283 0,
3284 ssl3_set_handshake_header,
3285 tls_close_construct_packet,
3286 ssl3_handshake_write
3287 };
3288
ssl3_default_timeout(void)3289 long ssl3_default_timeout(void)
3290 {
3291 /*
3292 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3293 * http, the cache would over fill
3294 */
3295 return (60 * 60 * 2);
3296 }
3297
ssl3_num_ciphers(void)3298 int ssl3_num_ciphers(void)
3299 {
3300 return SSL3_NUM_CIPHERS;
3301 }
3302
ssl3_get_cipher(unsigned int u)3303 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3304 {
3305 if (u < SSL3_NUM_CIPHERS)
3306 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3307 else
3308 return NULL;
3309 }
3310
ssl3_set_handshake_header(SSL * s,WPACKET * pkt,int htype)3311 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3312 {
3313 /* No header in the event of a CCS */
3314 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3315 return 1;
3316
3317 /* Set the content type and 3 bytes for the message len */
3318 if (!WPACKET_put_bytes_u8(pkt, htype)
3319 || !WPACKET_start_sub_packet_u24(pkt))
3320 return 0;
3321
3322 return 1;
3323 }
3324
ssl3_handshake_write(SSL * s)3325 int ssl3_handshake_write(SSL *s)
3326 {
3327 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3328 }
3329
ssl3_new(SSL * s)3330 int ssl3_new(SSL *s)
3331 {
3332 #ifndef OPENSSL_NO_SRP
3333 if (!ssl_srp_ctx_init_intern(s))
3334 return 0;
3335 #endif
3336
3337 if (!s->method->ssl_clear(s))
3338 return 0;
3339
3340 return 1;
3341 }
3342
ssl3_free(SSL * s)3343 void ssl3_free(SSL *s)
3344 {
3345 if (s == NULL)
3346 return;
3347
3348 ssl3_cleanup_key_block(s);
3349
3350 EVP_PKEY_free(s->s3.peer_tmp);
3351 s->s3.peer_tmp = NULL;
3352 EVP_PKEY_free(s->s3.tmp.pkey);
3353 s->s3.tmp.pkey = NULL;
3354
3355 ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
3356 ssl_evp_md_free(s->s3.tmp.new_hash);
3357
3358 OPENSSL_free(s->s3.tmp.ctype);
3359 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3360 OPENSSL_free(s->s3.tmp.ciphers_raw);
3361 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3362 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3363 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3364 ssl3_free_digest_list(s);
3365 OPENSSL_free(s->s3.alpn_selected);
3366 OPENSSL_free(s->s3.alpn_proposed);
3367
3368 #ifndef OPENSSL_NO_PSK
3369 OPENSSL_free(s->s3.tmp.psk);
3370 #endif
3371
3372 #ifndef OPENSSL_NO_SRP
3373 ssl_srp_ctx_free_intern(s);
3374 #endif
3375 memset(&s->s3, 0, sizeof(s->s3));
3376 }
3377
ssl3_clear(SSL * s)3378 int ssl3_clear(SSL *s)
3379 {
3380 ssl3_cleanup_key_block(s);
3381 OPENSSL_free(s->s3.tmp.ctype);
3382 sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
3383 OPENSSL_free(s->s3.tmp.ciphers_raw);
3384 OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
3385 OPENSSL_free(s->s3.tmp.peer_sigalgs);
3386 OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
3387
3388 EVP_PKEY_free(s->s3.tmp.pkey);
3389 EVP_PKEY_free(s->s3.peer_tmp);
3390
3391 ssl3_free_digest_list(s);
3392
3393 OPENSSL_free(s->s3.alpn_selected);
3394 OPENSSL_free(s->s3.alpn_proposed);
3395
3396 /* NULL/zero-out everything in the s3 struct */
3397 memset(&s->s3, 0, sizeof(s->s3));
3398
3399 if (!ssl_free_wbio_buffer(s))
3400 return 0;
3401
3402 s->version = SSL3_VERSION;
3403
3404 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3405 OPENSSL_free(s->ext.npn);
3406 s->ext.npn = NULL;
3407 s->ext.npn_len = 0;
3408 #endif
3409
3410 return 1;
3411 }
3412
3413 #ifndef OPENSSL_NO_SRP
srp_password_from_info_cb(SSL * s,void * arg)3414 static char *srp_password_from_info_cb(SSL *s, void *arg)
3415 {
3416 return OPENSSL_strdup(s->srp_ctx.info);
3417 }
3418 #endif
3419
3420 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3421
ssl3_ctrl(SSL * s,int cmd,long larg,void * parg)3422 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3423 {
3424 int ret = 0;
3425
3426 switch (cmd) {
3427 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3428 break;
3429 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3430 ret = s->s3.num_renegotiations;
3431 break;
3432 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3433 ret = s->s3.num_renegotiations;
3434 s->s3.num_renegotiations = 0;
3435 break;
3436 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3437 ret = s->s3.total_renegotiations;
3438 break;
3439 case SSL_CTRL_GET_FLAGS:
3440 ret = (int)(s->s3.flags);
3441 break;
3442 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3443 case SSL_CTRL_SET_TMP_DH:
3444 {
3445 EVP_PKEY *pkdh = NULL;
3446 if (parg == NULL) {
3447 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3448 return 0;
3449 }
3450 pkdh = ssl_dh_to_pkey(parg);
3451 if (pkdh == NULL) {
3452 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3453 return 0;
3454 }
3455 if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3456 EVP_PKEY_free(pkdh);
3457 return 0;
3458 }
3459 return 1;
3460 }
3461 break;
3462 case SSL_CTRL_SET_TMP_DH_CB:
3463 {
3464 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3465 return ret;
3466 }
3467 #endif
3468 case SSL_CTRL_SET_DH_AUTO:
3469 s->cert->dh_tmp_auto = larg;
3470 return 1;
3471 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3472 case SSL_CTRL_SET_TMP_ECDH:
3473 {
3474 if (parg == NULL) {
3475 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3476 return 0;
3477 }
3478 return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
3479 &s->ext.supportedgroups_len,
3480 parg);
3481 }
3482 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3483 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3484 /*
3485 * This API is only used for a client to set what SNI it will request
3486 * from the server, but we currently allow it to be used on servers
3487 * as well, which is a programming error. Currently we just clear
3488 * the field in SSL_do_handshake() for server SSLs, but when we can
3489 * make ABI-breaking changes, we may want to make use of this API
3490 * an error on server SSLs.
3491 */
3492 if (larg == TLSEXT_NAMETYPE_host_name) {
3493 size_t len;
3494
3495 OPENSSL_free(s->ext.hostname);
3496 s->ext.hostname = NULL;
3497
3498 ret = 1;
3499 if (parg == NULL)
3500 break;
3501 len = strlen((char *)parg);
3502 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3503 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3504 return 0;
3505 }
3506 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3507 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3508 return 0;
3509 }
3510 } else {
3511 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3512 return 0;
3513 }
3514 break;
3515 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3516 s->ext.debug_arg = parg;
3517 ret = 1;
3518 break;
3519
3520 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3521 ret = s->ext.status_type;
3522 break;
3523
3524 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3525 s->ext.status_type = larg;
3526 ret = 1;
3527 break;
3528
3529 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3530 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3531 ret = 1;
3532 break;
3533
3534 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3535 s->ext.ocsp.exts = parg;
3536 ret = 1;
3537 break;
3538
3539 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3540 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3541 ret = 1;
3542 break;
3543
3544 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3545 s->ext.ocsp.ids = parg;
3546 ret = 1;
3547 break;
3548
3549 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3550 *(unsigned char **)parg = s->ext.ocsp.resp;
3551 if (s->ext.ocsp.resp_len == 0
3552 || s->ext.ocsp.resp_len > LONG_MAX)
3553 return -1;
3554 return (long)s->ext.ocsp.resp_len;
3555
3556 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3557 OPENSSL_free(s->ext.ocsp.resp);
3558 s->ext.ocsp.resp = parg;
3559 s->ext.ocsp.resp_len = larg;
3560 ret = 1;
3561 break;
3562
3563 case SSL_CTRL_CHAIN:
3564 if (larg)
3565 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3566 else
3567 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3568
3569 case SSL_CTRL_CHAIN_CERT:
3570 if (larg)
3571 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3572 else
3573 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3574
3575 case SSL_CTRL_GET_CHAIN_CERTS:
3576 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3577 ret = 1;
3578 break;
3579
3580 case SSL_CTRL_SELECT_CURRENT_CERT:
3581 return ssl_cert_select_current(s->cert, (X509 *)parg);
3582
3583 case SSL_CTRL_SET_CURRENT_CERT:
3584 if (larg == SSL_CERT_SET_SERVER) {
3585 const SSL_CIPHER *cipher;
3586 if (!s->server)
3587 return 0;
3588 cipher = s->s3.tmp.new_cipher;
3589 if (cipher == NULL)
3590 return 0;
3591 /*
3592 * No certificate for unauthenticated ciphersuites or using SRP
3593 * authentication
3594 */
3595 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3596 return 2;
3597 if (s->s3.tmp.cert == NULL)
3598 return 0;
3599 s->cert->key = s->s3.tmp.cert;
3600 return 1;
3601 }
3602 return ssl_cert_set_current(s->cert, larg);
3603
3604 case SSL_CTRL_GET_GROUPS:
3605 {
3606 uint16_t *clist;
3607 size_t clistlen;
3608
3609 if (!s->session)
3610 return 0;
3611 clist = s->ext.peer_supportedgroups;
3612 clistlen = s->ext.peer_supportedgroups_len;
3613 if (parg) {
3614 size_t i;
3615 int *cptr = parg;
3616
3617 for (i = 0; i < clistlen; i++) {
3618 const TLS_GROUP_INFO *cinf
3619 = tls1_group_id_lookup(s->ctx, clist[i]);
3620
3621 if (cinf != NULL)
3622 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3623 else
3624 cptr[i] = TLSEXT_nid_unknown | clist[i];
3625 }
3626 }
3627 return (int)clistlen;
3628 }
3629
3630 case SSL_CTRL_SET_GROUPS:
3631 return tls1_set_groups(&s->ext.supportedgroups,
3632 &s->ext.supportedgroups_len, parg, larg);
3633
3634 case SSL_CTRL_SET_GROUPS_LIST:
3635 return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups,
3636 &s->ext.supportedgroups_len, parg);
3637
3638 case SSL_CTRL_GET_SHARED_GROUP:
3639 {
3640 uint16_t id = tls1_shared_group(s, larg);
3641
3642 if (larg != -1)
3643 return tls1_group_id2nid(id, 1);
3644 return id;
3645 }
3646 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3647 {
3648 unsigned int id;
3649
3650 if (SSL_IS_TLS13(s) && s->s3.did_kex)
3651 id = s->s3.group_id;
3652 else
3653 id = s->session->kex_group;
3654 ret = tls1_group_id2nid(id, 1);
3655 break;
3656 }
3657 case SSL_CTRL_SET_SIGALGS:
3658 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3659
3660 case SSL_CTRL_SET_SIGALGS_LIST:
3661 return tls1_set_sigalgs_list(s->cert, parg, 0);
3662
3663 case SSL_CTRL_SET_CLIENT_SIGALGS:
3664 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3665
3666 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3667 return tls1_set_sigalgs_list(s->cert, parg, 1);
3668
3669 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3670 {
3671 const unsigned char **pctype = parg;
3672 if (s->server || !s->s3.tmp.cert_req)
3673 return 0;
3674 if (pctype)
3675 *pctype = s->s3.tmp.ctype;
3676 return s->s3.tmp.ctype_len;
3677 }
3678
3679 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3680 if (!s->server)
3681 return 0;
3682 return ssl3_set_req_cert_type(s->cert, parg, larg);
3683
3684 case SSL_CTRL_BUILD_CERT_CHAIN:
3685 return ssl_build_cert_chain(s, NULL, larg);
3686
3687 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3688 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3689
3690 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3691 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3692
3693 case SSL_CTRL_GET_VERIFY_CERT_STORE:
3694 return ssl_cert_get_cert_store(s->cert, parg, 0);
3695
3696 case SSL_CTRL_GET_CHAIN_CERT_STORE:
3697 return ssl_cert_get_cert_store(s->cert, parg, 1);
3698
3699 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3700 if (s->s3.tmp.peer_sigalg == NULL)
3701 return 0;
3702 *(int *)parg = s->s3.tmp.peer_sigalg->hash;
3703 return 1;
3704
3705 case SSL_CTRL_GET_SIGNATURE_NID:
3706 if (s->s3.tmp.sigalg == NULL)
3707 return 0;
3708 *(int *)parg = s->s3.tmp.sigalg->hash;
3709 return 1;
3710
3711 case SSL_CTRL_GET_PEER_TMP_KEY:
3712 if (s->session == NULL || s->s3.peer_tmp == NULL) {
3713 return 0;
3714 } else {
3715 EVP_PKEY_up_ref(s->s3.peer_tmp);
3716 *(EVP_PKEY **)parg = s->s3.peer_tmp;
3717 return 1;
3718 }
3719
3720 case SSL_CTRL_GET_TMP_KEY:
3721 if (s->session == NULL || s->s3.tmp.pkey == NULL) {
3722 return 0;
3723 } else {
3724 EVP_PKEY_up_ref(s->s3.tmp.pkey);
3725 *(EVP_PKEY **)parg = s->s3.tmp.pkey;
3726 return 1;
3727 }
3728
3729 case SSL_CTRL_GET_EC_POINT_FORMATS:
3730 {
3731 const unsigned char **pformat = parg;
3732
3733 if (s->ext.peer_ecpointformats == NULL)
3734 return 0;
3735 *pformat = s->ext.peer_ecpointformats;
3736 return (int)s->ext.peer_ecpointformats_len;
3737 }
3738
3739 default:
3740 break;
3741 }
3742 return ret;
3743 }
3744
ssl3_callback_ctrl(SSL * s,int cmd,void (* fp)(void))3745 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3746 {
3747 int ret = 0;
3748
3749 switch (cmd) {
3750 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3751 case SSL_CTRL_SET_TMP_DH_CB:
3752 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3753 ret = 1;
3754 break;
3755 #endif
3756 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3757 s->ext.debug_cb = (void (*)(SSL *, int, int,
3758 const unsigned char *, int, void *))fp;
3759 ret = 1;
3760 break;
3761
3762 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3763 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3764 ret = 1;
3765 break;
3766 default:
3767 break;
3768 }
3769 return ret;
3770 }
3771
ssl3_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3772 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3773 {
3774 switch (cmd) {
3775 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3776 case SSL_CTRL_SET_TMP_DH:
3777 {
3778 EVP_PKEY *pkdh = NULL;
3779 if (parg == NULL) {
3780 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3781 return 0;
3782 }
3783 pkdh = ssl_dh_to_pkey(parg);
3784 if (pkdh == NULL) {
3785 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3786 return 0;
3787 }
3788 if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
3789 EVP_PKEY_free(pkdh);
3790 return 0;
3791 }
3792 return 1;
3793 }
3794 case SSL_CTRL_SET_TMP_DH_CB:
3795 {
3796 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3797 return 0;
3798 }
3799 #endif
3800 case SSL_CTRL_SET_DH_AUTO:
3801 ctx->cert->dh_tmp_auto = larg;
3802 return 1;
3803 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3804 case SSL_CTRL_SET_TMP_ECDH:
3805 {
3806 if (parg == NULL) {
3807 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3808 return 0;
3809 }
3810 return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3811 &ctx->ext.supportedgroups_len,
3812 parg);
3813 }
3814 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3815 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3816 ctx->ext.servername_arg = parg;
3817 break;
3818 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3819 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3820 {
3821 unsigned char *keys = parg;
3822 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3823 sizeof(ctx->ext.secure->tick_hmac_key) +
3824 sizeof(ctx->ext.secure->tick_aes_key));
3825 if (keys == NULL)
3826 return tick_keylen;
3827 if (larg != tick_keylen) {
3828 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3829 return 0;
3830 }
3831 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3832 memcpy(ctx->ext.tick_key_name, keys,
3833 sizeof(ctx->ext.tick_key_name));
3834 memcpy(ctx->ext.secure->tick_hmac_key,
3835 keys + sizeof(ctx->ext.tick_key_name),
3836 sizeof(ctx->ext.secure->tick_hmac_key));
3837 memcpy(ctx->ext.secure->tick_aes_key,
3838 keys + sizeof(ctx->ext.tick_key_name) +
3839 sizeof(ctx->ext.secure->tick_hmac_key),
3840 sizeof(ctx->ext.secure->tick_aes_key));
3841 } else {
3842 memcpy(keys, ctx->ext.tick_key_name,
3843 sizeof(ctx->ext.tick_key_name));
3844 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3845 ctx->ext.secure->tick_hmac_key,
3846 sizeof(ctx->ext.secure->tick_hmac_key));
3847 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3848 sizeof(ctx->ext.secure->tick_hmac_key),
3849 ctx->ext.secure->tick_aes_key,
3850 sizeof(ctx->ext.secure->tick_aes_key));
3851 }
3852 return 1;
3853 }
3854
3855 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3856 return ctx->ext.status_type;
3857
3858 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3859 ctx->ext.status_type = larg;
3860 break;
3861
3862 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3863 ctx->ext.status_arg = parg;
3864 return 1;
3865
3866 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3867 *(void**)parg = ctx->ext.status_arg;
3868 break;
3869
3870 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3871 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3872 break;
3873
3874 #ifndef OPENSSL_NO_SRP
3875 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3876 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3877 OPENSSL_free(ctx->srp_ctx.login);
3878 ctx->srp_ctx.login = NULL;
3879 if (parg == NULL)
3880 break;
3881 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3882 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
3883 return 0;
3884 }
3885 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3886 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3887 return 0;
3888 }
3889 break;
3890 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3891 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3892 srp_password_from_info_cb;
3893 if (ctx->srp_ctx.info != NULL)
3894 OPENSSL_free(ctx->srp_ctx.info);
3895 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
3896 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3897 return 0;
3898 }
3899 break;
3900 case SSL_CTRL_SET_SRP_ARG:
3901 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3902 ctx->srp_ctx.SRP_cb_arg = parg;
3903 break;
3904
3905 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3906 ctx->srp_ctx.strength = larg;
3907 break;
3908 #endif
3909
3910 case SSL_CTRL_SET_GROUPS:
3911 return tls1_set_groups(&ctx->ext.supportedgroups,
3912 &ctx->ext.supportedgroups_len,
3913 parg, larg);
3914
3915 case SSL_CTRL_SET_GROUPS_LIST:
3916 return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
3917 &ctx->ext.supportedgroups_len,
3918 parg);
3919
3920 case SSL_CTRL_SET_SIGALGS:
3921 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3922
3923 case SSL_CTRL_SET_SIGALGS_LIST:
3924 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3925
3926 case SSL_CTRL_SET_CLIENT_SIGALGS:
3927 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3928
3929 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3930 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3931
3932 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3933 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3934
3935 case SSL_CTRL_BUILD_CERT_CHAIN:
3936 return ssl_build_cert_chain(NULL, ctx, larg);
3937
3938 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3939 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3940
3941 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3942 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3943
3944 case SSL_CTRL_GET_VERIFY_CERT_STORE:
3945 return ssl_cert_get_cert_store(ctx->cert, parg, 0);
3946
3947 case SSL_CTRL_GET_CHAIN_CERT_STORE:
3948 return ssl_cert_get_cert_store(ctx->cert, parg, 1);
3949
3950 /* A Thawte special :-) */
3951 case SSL_CTRL_EXTRA_CHAIN_CERT:
3952 if (ctx->extra_certs == NULL) {
3953 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3954 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3955 return 0;
3956 }
3957 }
3958 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3959 ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
3960 return 0;
3961 }
3962 break;
3963
3964 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3965 if (ctx->extra_certs == NULL && larg == 0)
3966 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3967 else
3968 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3969 break;
3970
3971 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3972 sk_X509_pop_free(ctx->extra_certs, X509_free);
3973 ctx->extra_certs = NULL;
3974 break;
3975
3976 case SSL_CTRL_CHAIN:
3977 if (larg)
3978 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3979 else
3980 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3981
3982 case SSL_CTRL_CHAIN_CERT:
3983 if (larg)
3984 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3985 else
3986 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3987
3988 case SSL_CTRL_GET_CHAIN_CERTS:
3989 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3990 break;
3991
3992 case SSL_CTRL_SELECT_CURRENT_CERT:
3993 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3994
3995 case SSL_CTRL_SET_CURRENT_CERT:
3996 return ssl_cert_set_current(ctx->cert, larg);
3997
3998 default:
3999 return 0;
4000 }
4001 return 1;
4002 }
4003
ssl3_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))4004 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4005 {
4006 switch (cmd) {
4007 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4008 case SSL_CTRL_SET_TMP_DH_CB:
4009 {
4010 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4011 }
4012 break;
4013 #endif
4014 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4015 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4016 break;
4017
4018 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4019 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4020 break;
4021
4022 # ifndef OPENSSL_NO_DEPRECATED_3_0
4023 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4024 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4025 unsigned char *,
4026 EVP_CIPHER_CTX *,
4027 HMAC_CTX *, int))fp;
4028 break;
4029 #endif
4030
4031 #ifndef OPENSSL_NO_SRP
4032 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4033 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4034 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4035 break;
4036 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4037 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4038 ctx->srp_ctx.TLS_ext_srp_username_callback =
4039 (int (*)(SSL *, int *, void *))fp;
4040 break;
4041 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4042 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4043 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4044 (char *(*)(SSL *, void *))fp;
4045 break;
4046 #endif
4047 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4048 {
4049 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4050 }
4051 break;
4052 default:
4053 return 0;
4054 }
4055 return 1;
4056 }
4057
SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX * ctx,int (* fp)(SSL *,unsigned char *,unsigned char *,EVP_CIPHER_CTX *,EVP_MAC_CTX *,int))4058 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4059 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4060 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4061 {
4062 ctx->ext.ticket_key_evp_cb = fp;
4063 return 1;
4064 }
4065
ssl3_get_cipher_by_id(uint32_t id)4066 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4067 {
4068 SSL_CIPHER c;
4069 const SSL_CIPHER *cp;
4070
4071 c.id = id;
4072 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4073 if (cp != NULL)
4074 return cp;
4075 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4076 if (cp != NULL)
4077 return cp;
4078 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4079 }
4080
ssl3_get_cipher_by_std_name(const char * stdname)4081 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4082 {
4083 SSL_CIPHER *tbl;
4084 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4085 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4086 SSL3_NUM_SCSVS};
4087
4088 /* this is not efficient, necessary to optimize this? */
4089 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4090 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4091 if (tbl->stdname == NULL)
4092 continue;
4093 if (strcmp(stdname, tbl->stdname) == 0) {
4094 return tbl;
4095 }
4096 }
4097 }
4098 return NULL;
4099 }
4100
4101 /*
4102 * This function needs to check if the ciphers required are actually
4103 * available
4104 */
ssl3_get_cipher_by_char(const unsigned char * p)4105 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4106 {
4107 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4108 | ((uint32_t)p[0] << 8L)
4109 | (uint32_t)p[1]);
4110 }
4111
ssl3_put_cipher_by_char(const SSL_CIPHER * c,WPACKET * pkt,size_t * len)4112 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4113 {
4114 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4115 *len = 0;
4116 return 1;
4117 }
4118
4119 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4120 return 0;
4121
4122 *len = 2;
4123 return 1;
4124 }
4125
4126 /*
4127 * ssl3_choose_cipher - choose a cipher from those offered by the client
4128 * @s: SSL connection
4129 * @clnt: ciphers offered by the client
4130 * @srvr: ciphers enabled on the server?
4131 *
4132 * Returns the selected cipher or NULL when no common ciphers.
4133 */
ssl3_choose_cipher(SSL * s,STACK_OF (SSL_CIPHER)* clnt,STACK_OF (SSL_CIPHER)* srvr)4134 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4135 STACK_OF(SSL_CIPHER) *srvr)
4136 {
4137 const SSL_CIPHER *c, *ret = NULL;
4138 STACK_OF(SSL_CIPHER) *prio, *allow;
4139 int i, ii, ok, prefer_sha256 = 0;
4140 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4141 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4142
4143 /* Let's see which ciphers we can support */
4144
4145 /*
4146 * Do not set the compare functions, because this may lead to a
4147 * reordering by "id". We want to keep the original ordering. We may pay
4148 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4149 * pay with the price of sk_SSL_CIPHER_dup().
4150 */
4151
4152 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4153 BIO_printf(trc_out, "Server has %d from %p:\n",
4154 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4155 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4156 c = sk_SSL_CIPHER_value(srvr, i);
4157 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4158 }
4159 BIO_printf(trc_out, "Client sent %d from %p:\n",
4160 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4161 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4162 c = sk_SSL_CIPHER_value(clnt, i);
4163 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4164 }
4165 } OSSL_TRACE_END(TLS_CIPHER);
4166
4167 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4168 if (tls1_suiteb(s)) {
4169 prio = srvr;
4170 allow = clnt;
4171 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4172 prio = srvr;
4173 allow = clnt;
4174
4175 /* If ChaCha20 is at the top of the client preference list,
4176 and there are ChaCha20 ciphers in the server list, then
4177 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4178 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4179 c = sk_SSL_CIPHER_value(clnt, 0);
4180 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4181 /* ChaCha20 is client preferred, check server... */
4182 int num = sk_SSL_CIPHER_num(srvr);
4183 int found = 0;
4184 for (i = 0; i < num; i++) {
4185 c = sk_SSL_CIPHER_value(srvr, i);
4186 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4187 found = 1;
4188 break;
4189 }
4190 }
4191 if (found) {
4192 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4193 /* if reserve fails, then there's likely a memory issue */
4194 if (prio_chacha != NULL) {
4195 /* Put all ChaCha20 at the top, starting with the one we just found */
4196 sk_SSL_CIPHER_push(prio_chacha, c);
4197 for (i++; i < num; i++) {
4198 c = sk_SSL_CIPHER_value(srvr, i);
4199 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4200 sk_SSL_CIPHER_push(prio_chacha, c);
4201 }
4202 /* Pull in the rest */
4203 for (i = 0; i < num; i++) {
4204 c = sk_SSL_CIPHER_value(srvr, i);
4205 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4206 sk_SSL_CIPHER_push(prio_chacha, c);
4207 }
4208 prio = prio_chacha;
4209 }
4210 }
4211 }
4212 }
4213 } else {
4214 prio = clnt;
4215 allow = srvr;
4216 }
4217
4218 if (SSL_IS_TLS13(s)) {
4219 #ifndef OPENSSL_NO_PSK
4220 int j;
4221
4222 /*
4223 * If we allow "old" style PSK callbacks, and we have no certificate (so
4224 * we're not going to succeed without a PSK anyway), and we're in
4225 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4226 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4227 * that.
4228 */
4229 if (s->psk_server_callback != NULL) {
4230 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
4231 if (j == SSL_PKEY_NUM) {
4232 /* There are no certificates */
4233 prefer_sha256 = 1;
4234 }
4235 }
4236 #endif
4237 } else {
4238 tls1_set_cert_validity(s);
4239 ssl_set_masks(s);
4240 }
4241
4242 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4243 c = sk_SSL_CIPHER_value(prio, i);
4244
4245 /* Skip ciphers not supported by the protocol version */
4246 if (!SSL_IS_DTLS(s) &&
4247 ((s->version < c->min_tls) || (s->version > c->max_tls)))
4248 continue;
4249 if (SSL_IS_DTLS(s) &&
4250 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
4251 DTLS_VERSION_GT(s->version, c->max_dtls)))
4252 continue;
4253
4254 /*
4255 * Since TLS 1.3 ciphersuites can be used with any auth or
4256 * key exchange scheme skip tests.
4257 */
4258 if (!SSL_IS_TLS13(s)) {
4259 mask_k = s->s3.tmp.mask_k;
4260 mask_a = s->s3.tmp.mask_a;
4261 #ifndef OPENSSL_NO_SRP
4262 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4263 mask_k |= SSL_kSRP;
4264 mask_a |= SSL_aSRP;
4265 }
4266 #endif
4267
4268 alg_k = c->algorithm_mkey;
4269 alg_a = c->algorithm_auth;
4270
4271 #ifndef OPENSSL_NO_PSK
4272 /* with PSK there must be server callback set */
4273 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4274 continue;
4275 #endif /* OPENSSL_NO_PSK */
4276
4277 ok = (alg_k & mask_k) && (alg_a & mask_a);
4278 OSSL_TRACE7(TLS_CIPHER,
4279 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4280 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4281
4282 /*
4283 * if we are considering an ECC cipher suite that uses an ephemeral
4284 * EC key check it
4285 */
4286 if (alg_k & SSL_kECDHE)
4287 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4288
4289 if (!ok)
4290 continue;
4291 }
4292 ii = sk_SSL_CIPHER_find(allow, c);
4293 if (ii >= 0) {
4294 /* Check security callback permits this cipher */
4295 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4296 c->strength_bits, 0, (void *)c))
4297 continue;
4298
4299 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4300 && s->s3.is_probably_safari) {
4301 if (!ret)
4302 ret = sk_SSL_CIPHER_value(allow, ii);
4303 continue;
4304 }
4305
4306 if (prefer_sha256) {
4307 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4308 const EVP_MD *md = ssl_md(s->ctx, tmp->algorithm2);
4309
4310 if (md != NULL
4311 && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4312 ret = tmp;
4313 break;
4314 }
4315 if (ret == NULL)
4316 ret = tmp;
4317 continue;
4318 }
4319 ret = sk_SSL_CIPHER_value(allow, ii);
4320 break;
4321 }
4322 }
4323
4324 sk_SSL_CIPHER_free(prio_chacha);
4325
4326 return ret;
4327 }
4328
ssl3_get_req_cert_type(SSL * s,WPACKET * pkt)4329 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
4330 {
4331 uint32_t alg_k, alg_a = 0;
4332
4333 /* If we have custom certificate types set, use them */
4334 if (s->cert->ctype)
4335 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4336 /* Get mask of algorithms disabled by signature list */
4337 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4338
4339 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4340
4341 #ifndef OPENSSL_NO_GOST
4342 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4343 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4344 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4345 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4346 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4347 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4348 return 0;
4349
4350 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4351 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4352 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4353 return 0;
4354 #endif
4355
4356 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4357 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4358 return 0;
4359 if (!(alg_a & SSL_aDSS)
4360 && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4361 return 0;
4362 }
4363 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4364 return 0;
4365 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4366 return 0;
4367
4368 /*
4369 * ECDSA certs can be used with RSA cipher suites too so we don't
4370 * need to check for SSL_kECDH or SSL_kECDHE
4371 */
4372 if (s->version >= TLS1_VERSION
4373 && !(alg_a & SSL_aECDSA)
4374 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4375 return 0;
4376
4377 return 1;
4378 }
4379
ssl3_set_req_cert_type(CERT * c,const unsigned char * p,size_t len)4380 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4381 {
4382 OPENSSL_free(c->ctype);
4383 c->ctype = NULL;
4384 c->ctype_len = 0;
4385 if (p == NULL || len == 0)
4386 return 1;
4387 if (len > 0xff)
4388 return 0;
4389 c->ctype = OPENSSL_memdup(p, len);
4390 if (c->ctype == NULL)
4391 return 0;
4392 c->ctype_len = len;
4393 return 1;
4394 }
4395
ssl3_shutdown(SSL * s)4396 int ssl3_shutdown(SSL *s)
4397 {
4398 int ret;
4399
4400 /*
4401 * Don't do anything much if we have not done the handshake or we don't
4402 * want to send messages :-)
4403 */
4404 if (s->quiet_shutdown || SSL_in_before(s)) {
4405 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4406 return 1;
4407 }
4408
4409 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4410 s->shutdown |= SSL_SENT_SHUTDOWN;
4411 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4412 /*
4413 * our shutdown alert has been sent now, and if it still needs to be
4414 * written, s->s3.alert_dispatch will be true
4415 */
4416 if (s->s3.alert_dispatch)
4417 return -1; /* return WANT_WRITE */
4418 } else if (s->s3.alert_dispatch) {
4419 /* resend it if not sent */
4420 ret = s->method->ssl_dispatch_alert(s);
4421 if (ret == -1) {
4422 /*
4423 * we only get to return -1 here the 2nd/Nth invocation, we must
4424 * have already signalled return 0 upon a previous invocation,
4425 * return WANT_WRITE
4426 */
4427 return ret;
4428 }
4429 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4430 size_t readbytes;
4431 /*
4432 * If we are waiting for a close from our peer, we are closed
4433 */
4434 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4435 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4436 return -1; /* return WANT_READ */
4437 }
4438 }
4439
4440 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4441 !s->s3.alert_dispatch)
4442 return 1;
4443 else
4444 return 0;
4445 }
4446
ssl3_write(SSL * s,const void * buf,size_t len,size_t * written)4447 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4448 {
4449 clear_sys_error();
4450 if (s->s3.renegotiate)
4451 ssl3_renegotiate_check(s, 0);
4452
4453 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4454 written);
4455 }
4456
ssl3_read_internal(SSL * s,void * buf,size_t len,int peek,size_t * readbytes)4457 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4458 size_t *readbytes)
4459 {
4460 int ret;
4461
4462 clear_sys_error();
4463 if (s->s3.renegotiate)
4464 ssl3_renegotiate_check(s, 0);
4465 s->s3.in_read_app_data = 1;
4466 ret =
4467 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4468 peek, readbytes);
4469 if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
4470 /*
4471 * ssl3_read_bytes decided to call s->handshake_func, which called
4472 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4473 * actually found application data and thinks that application data
4474 * makes sense here; so disable handshake processing and try to read
4475 * application data again.
4476 */
4477 ossl_statem_set_in_handshake(s, 1);
4478 ret =
4479 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4480 len, peek, readbytes);
4481 ossl_statem_set_in_handshake(s, 0);
4482 } else
4483 s->s3.in_read_app_data = 0;
4484
4485 return ret;
4486 }
4487
ssl3_read(SSL * s,void * buf,size_t len,size_t * readbytes)4488 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4489 {
4490 return ssl3_read_internal(s, buf, len, 0, readbytes);
4491 }
4492
ssl3_peek(SSL * s,void * buf,size_t len,size_t * readbytes)4493 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4494 {
4495 return ssl3_read_internal(s, buf, len, 1, readbytes);
4496 }
4497
ssl3_renegotiate(SSL * s)4498 int ssl3_renegotiate(SSL *s)
4499 {
4500 if (s->handshake_func == NULL)
4501 return 1;
4502
4503 s->s3.renegotiate = 1;
4504 return 1;
4505 }
4506
4507 /*
4508 * Check if we are waiting to do a renegotiation and if so whether now is a
4509 * good time to do it. If |initok| is true then we are being called from inside
4510 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4511 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4512 * should do a renegotiation now and sets up the state machine for it. Otherwise
4513 * returns 0.
4514 */
ssl3_renegotiate_check(SSL * s,int initok)4515 int ssl3_renegotiate_check(SSL *s, int initok)
4516 {
4517 int ret = 0;
4518
4519 if (s->s3.renegotiate) {
4520 if (!RECORD_LAYER_read_pending(&s->rlayer)
4521 && !RECORD_LAYER_write_pending(&s->rlayer)
4522 && (initok || !SSL_in_init(s))) {
4523 /*
4524 * if we are the server, and we have sent a 'RENEGOTIATE'
4525 * message, we need to set the state machine into the renegotiate
4526 * state.
4527 */
4528 ossl_statem_set_renegotiate(s);
4529 s->s3.renegotiate = 0;
4530 s->s3.num_renegotiations++;
4531 s->s3.total_renegotiations++;
4532 ret = 1;
4533 }
4534 }
4535 return ret;
4536 }
4537
4538 /*
4539 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4540 * handshake macs if required.
4541 *
4542 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4543 */
ssl_get_algorithm2(SSL * s)4544 long ssl_get_algorithm2(SSL *s)
4545 {
4546 long alg2;
4547 if (s->s3.tmp.new_cipher == NULL)
4548 return -1;
4549 alg2 = s->s3.tmp.new_cipher->algorithm2;
4550 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4551 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4552 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4553 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4554 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4555 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4556 }
4557 return alg2;
4558 }
4559
4560 /*
4561 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4562 * failure, 1 on success.
4563 */
ssl_fill_hello_random(SSL * s,int server,unsigned char * result,size_t len,DOWNGRADE dgrd)4564 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4565 DOWNGRADE dgrd)
4566 {
4567 int send_time = 0, ret;
4568
4569 if (len < 4)
4570 return 0;
4571 if (server)
4572 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4573 else
4574 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4575 if (send_time) {
4576 unsigned long Time = (unsigned long)time(NULL);
4577 unsigned char *p = result;
4578
4579 l2n(Time, p);
4580 ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4, 0);
4581 } else {
4582 ret = RAND_bytes_ex(s->ctx->libctx, result, len, 0);
4583 }
4584
4585 if (ret > 0) {
4586 if (!ossl_assert(sizeof(tls11downgrade) < len)
4587 || !ossl_assert(sizeof(tls12downgrade) < len))
4588 return 0;
4589 if (dgrd == DOWNGRADE_TO_1_2)
4590 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4591 sizeof(tls12downgrade));
4592 else if (dgrd == DOWNGRADE_TO_1_1)
4593 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4594 sizeof(tls11downgrade));
4595 }
4596
4597 return ret;
4598 }
4599
ssl_generate_master_secret(SSL * s,unsigned char * pms,size_t pmslen,int free_pms)4600 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4601 int free_pms)
4602 {
4603 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4604 int ret = 0;
4605
4606 if (alg_k & SSL_PSK) {
4607 #ifndef OPENSSL_NO_PSK
4608 unsigned char *pskpms, *t;
4609 size_t psklen = s->s3.tmp.psklen;
4610 size_t pskpmslen;
4611
4612 /* create PSK premaster_secret */
4613
4614 /* For plain PSK "other_secret" is psklen zeroes */
4615 if (alg_k & SSL_kPSK)
4616 pmslen = psklen;
4617
4618 pskpmslen = 4 + pmslen + psklen;
4619 pskpms = OPENSSL_malloc(pskpmslen);
4620 if (pskpms == NULL)
4621 goto err;
4622 t = pskpms;
4623 s2n(pmslen, t);
4624 if (alg_k & SSL_kPSK)
4625 memset(t, 0, pmslen);
4626 else
4627 memcpy(t, pms, pmslen);
4628 t += pmslen;
4629 s2n(psklen, t);
4630 memcpy(t, s->s3.tmp.psk, psklen);
4631
4632 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4633 s->s3.tmp.psk = NULL;
4634 s->s3.tmp.psklen = 0;
4635 if (!s->method->ssl3_enc->generate_master_secret(s,
4636 s->session->master_key, pskpms, pskpmslen,
4637 &s->session->master_key_length)) {
4638 OPENSSL_clear_free(pskpms, pskpmslen);
4639 /* SSLfatal() already called */
4640 goto err;
4641 }
4642 OPENSSL_clear_free(pskpms, pskpmslen);
4643 #else
4644 /* Should never happen */
4645 goto err;
4646 #endif
4647 } else {
4648 if (!s->method->ssl3_enc->generate_master_secret(s,
4649 s->session->master_key, pms, pmslen,
4650 &s->session->master_key_length)) {
4651 /* SSLfatal() already called */
4652 goto err;
4653 }
4654 }
4655
4656 ret = 1;
4657 err:
4658 if (pms) {
4659 if (free_pms)
4660 OPENSSL_clear_free(pms, pmslen);
4661 else
4662 OPENSSL_cleanse(pms, pmslen);
4663 }
4664 if (s->server == 0) {
4665 s->s3.tmp.pms = NULL;
4666 s->s3.tmp.pmslen = 0;
4667 }
4668 return ret;
4669 }
4670
4671 /* Generate a private key from parameters */
ssl_generate_pkey(SSL * s,EVP_PKEY * pm)4672 EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
4673 {
4674 EVP_PKEY_CTX *pctx = NULL;
4675 EVP_PKEY *pkey = NULL;
4676
4677 if (pm == NULL)
4678 return NULL;
4679 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq);
4680 if (pctx == NULL)
4681 goto err;
4682 if (EVP_PKEY_keygen_init(pctx) <= 0)
4683 goto err;
4684 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4685 EVP_PKEY_free(pkey);
4686 pkey = NULL;
4687 }
4688
4689 err:
4690 EVP_PKEY_CTX_free(pctx);
4691 return pkey;
4692 }
4693
4694 /* Generate a private key from a group ID */
ssl_generate_pkey_group(SSL * s,uint16_t id)4695 EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
4696 {
4697 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4698 EVP_PKEY_CTX *pctx = NULL;
4699 EVP_PKEY *pkey = NULL;
4700
4701 if (ginf == NULL) {
4702 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4703 goto err;
4704 }
4705
4706 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4707 s->ctx->propq);
4708
4709 if (pctx == NULL) {
4710 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4711 goto err;
4712 }
4713 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4714 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4715 goto err;
4716 }
4717 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4718 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4719 goto err;
4720 }
4721 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4722 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4723 EVP_PKEY_free(pkey);
4724 pkey = NULL;
4725 }
4726
4727 err:
4728 EVP_PKEY_CTX_free(pctx);
4729 return pkey;
4730 }
4731
4732 /*
4733 * Generate parameters from a group ID
4734 */
ssl_generate_param_group(SSL * s,uint16_t id)4735 EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
4736 {
4737 EVP_PKEY_CTX *pctx = NULL;
4738 EVP_PKEY *pkey = NULL;
4739 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
4740
4741 if (ginf == NULL)
4742 goto err;
4743
4744 pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
4745 s->ctx->propq);
4746
4747 if (pctx == NULL)
4748 goto err;
4749 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4750 goto err;
4751 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4752 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4753 goto err;
4754 }
4755 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4756 EVP_PKEY_free(pkey);
4757 pkey = NULL;
4758 }
4759
4760 err:
4761 EVP_PKEY_CTX_free(pctx);
4762 return pkey;
4763 }
4764
4765 /* Generate secrets from pms */
ssl_gensecret(SSL * s,unsigned char * pms,size_t pmslen)4766 int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen)
4767 {
4768 int rv = 0;
4769
4770 /* SSLfatal() called as appropriate in the below functions */
4771 if (SSL_IS_TLS13(s)) {
4772 /*
4773 * If we are resuming then we already generated the early secret
4774 * when we created the ClientHello, so don't recreate it.
4775 */
4776 if (!s->hit)
4777 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4778 0,
4779 (unsigned char *)&s->early_secret);
4780 else
4781 rv = 1;
4782
4783 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4784 } else {
4785 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4786 }
4787
4788 return rv;
4789 }
4790
4791 /* Derive secrets for ECDH/DH */
ssl_derive(SSL * s,EVP_PKEY * privkey,EVP_PKEY * pubkey,int gensecret)4792 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4793 {
4794 int rv = 0;
4795 unsigned char *pms = NULL;
4796 size_t pmslen = 0;
4797 EVP_PKEY_CTX *pctx;
4798
4799 if (privkey == NULL || pubkey == NULL) {
4800 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4801 return 0;
4802 }
4803
4804 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4805
4806 if (EVP_PKEY_derive_init(pctx) <= 0
4807 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4808 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4809 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4810 goto err;
4811 }
4812
4813 if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
4814 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4815
4816 pms = OPENSSL_malloc(pmslen);
4817 if (pms == NULL) {
4818 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4819 goto err;
4820 }
4821
4822 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4823 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4824 goto err;
4825 }
4826
4827 if (gensecret) {
4828 /* SSLfatal() called as appropriate in the below functions */
4829 rv = ssl_gensecret(s, pms, pmslen);
4830 } else {
4831 /* Save premaster secret */
4832 s->s3.tmp.pms = pms;
4833 s->s3.tmp.pmslen = pmslen;
4834 pms = NULL;
4835 rv = 1;
4836 }
4837
4838 err:
4839 OPENSSL_clear_free(pms, pmslen);
4840 EVP_PKEY_CTX_free(pctx);
4841 return rv;
4842 }
4843
4844 /* Decapsulate secrets for KEM */
ssl_decapsulate(SSL * s,EVP_PKEY * privkey,const unsigned char * ct,size_t ctlen,int gensecret)4845 int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
4846 const unsigned char *ct, size_t ctlen,
4847 int gensecret)
4848 {
4849 int rv = 0;
4850 unsigned char *pms = NULL;
4851 size_t pmslen = 0;
4852 EVP_PKEY_CTX *pctx;
4853
4854 if (privkey == NULL) {
4855 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4856 return 0;
4857 }
4858
4859 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
4860
4861 if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
4862 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
4863 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4864 goto err;
4865 }
4866
4867 pms = OPENSSL_malloc(pmslen);
4868 if (pms == NULL) {
4869 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4870 goto err;
4871 }
4872
4873 if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
4874 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4875 goto err;
4876 }
4877
4878 if (gensecret) {
4879 /* SSLfatal() called as appropriate in the below functions */
4880 rv = ssl_gensecret(s, pms, pmslen);
4881 } else {
4882 /* Save premaster secret */
4883 s->s3.tmp.pms = pms;
4884 s->s3.tmp.pmslen = pmslen;
4885 pms = NULL;
4886 rv = 1;
4887 }
4888
4889 err:
4890 OPENSSL_clear_free(pms, pmslen);
4891 EVP_PKEY_CTX_free(pctx);
4892 return rv;
4893 }
4894
ssl_encapsulate(SSL * s,EVP_PKEY * pubkey,unsigned char ** ctp,size_t * ctlenp,int gensecret)4895 int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
4896 unsigned char **ctp, size_t *ctlenp,
4897 int gensecret)
4898 {
4899 int rv = 0;
4900 unsigned char *pms = NULL, *ct = NULL;
4901 size_t pmslen = 0, ctlen = 0;
4902 EVP_PKEY_CTX *pctx;
4903
4904 if (pubkey == NULL) {
4905 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4906 return 0;
4907 }
4908
4909 pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq);
4910
4911 if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
4912 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
4913 || pmslen == 0 || ctlen == 0) {
4914 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4915 goto err;
4916 }
4917
4918 pms = OPENSSL_malloc(pmslen);
4919 ct = OPENSSL_malloc(ctlen);
4920 if (pms == NULL || ct == NULL) {
4921 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
4922 goto err;
4923 }
4924
4925 if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
4926 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4927 goto err;
4928 }
4929
4930 if (gensecret) {
4931 /* SSLfatal() called as appropriate in the below functions */
4932 rv = ssl_gensecret(s, pms, pmslen);
4933 } else {
4934 /* Save premaster secret */
4935 s->s3.tmp.pms = pms;
4936 s->s3.tmp.pmslen = pmslen;
4937 pms = NULL;
4938 rv = 1;
4939 }
4940
4941 if (rv > 0) {
4942 /* Pass ownership of ct to caller */
4943 *ctp = ct;
4944 *ctlenp = ctlen;
4945 ct = NULL;
4946 }
4947
4948 err:
4949 OPENSSL_clear_free(pms, pmslen);
4950 OPENSSL_free(ct);
4951 EVP_PKEY_CTX_free(pctx);
4952 return rv;
4953 }
4954
SSL_group_to_name(SSL * s,int nid)4955 const char *SSL_group_to_name(SSL *s, int nid) {
4956 int group_id = 0;
4957 const TLS_GROUP_INFO *cinf = NULL;
4958
4959 /* first convert to real group id for internal and external IDs */
4960 if (nid & TLSEXT_nid_unknown)
4961 group_id = nid & 0xFFFF;
4962 else
4963 group_id = tls1_nid2group_id(nid);
4964
4965 /* then look up */
4966 cinf = tls1_group_id_lookup(s->ctx, group_id);
4967
4968 if (cinf != NULL)
4969 return cinf->tlsname;
4970 return NULL;
4971 }
4972