xref: /freebsd/crypto/openssl/ssl/s3_lib.c (revision e7be843b4a162e68651d3911f0357ed464915629)
1 /*
2  * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4  * Copyright 2005 Nokia. All rights reserved.
5  *
6  * Licensed under the Apache License 2.0 (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  */
11 
12 #include "internal/e_os.h"
13 
14 #include <openssl/objects.h>
15 #include "internal/nelem.h"
16 #include "ssl_local.h"
17 #include <openssl/md5.h>
18 #include <openssl/dh.h>
19 #include <openssl/rand.h>
20 #include <openssl/trace.h>
21 #include <openssl/x509v3.h>
22 #include <openssl/core_names.h>
23 #include "internal/cryptlib.h"
24 #include "internal/ssl_unwrap.h"
25 
26 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
27 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
28 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
29 
30 /* TLSv1.3 downgrade protection sentinel values */
31 const unsigned char tls11downgrade[] = {
32     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
33 };
34 const unsigned char tls12downgrade[] = {
35     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
36 };
37 
38 /* The list of available TLSv1.3 ciphers */
39 static SSL_CIPHER tls13_ciphers[] = {
40     {
41         1,
42         TLS1_3_RFC_AES_128_GCM_SHA256,
43         TLS1_3_RFC_AES_128_GCM_SHA256,
44         TLS1_3_CK_AES_128_GCM_SHA256,
45         SSL_kANY,
46         SSL_aANY,
47         SSL_AES128GCM,
48         SSL_AEAD,
49         TLS1_3_VERSION, TLS1_3_VERSION,
50         0, 0,
51         SSL_HIGH,
52         SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
53         128,
54         128,
55     }, {
56         1,
57         TLS1_3_RFC_AES_256_GCM_SHA384,
58         TLS1_3_RFC_AES_256_GCM_SHA384,
59         TLS1_3_CK_AES_256_GCM_SHA384,
60         SSL_kANY,
61         SSL_aANY,
62         SSL_AES256GCM,
63         SSL_AEAD,
64         TLS1_3_VERSION, TLS1_3_VERSION,
65         0, 0,
66         SSL_HIGH,
67         SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
68         256,
69         256,
70     },
71     {
72         1,
73         TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
74         TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
75         TLS1_3_CK_CHACHA20_POLY1305_SHA256,
76         SSL_kANY,
77         SSL_aANY,
78         SSL_CHACHA20POLY1305,
79         SSL_AEAD,
80         TLS1_3_VERSION, TLS1_3_VERSION,
81         0, 0,
82         SSL_HIGH,
83         SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
84         256,
85         256,
86     },
87     {
88         1,
89         TLS1_3_RFC_AES_128_CCM_SHA256,
90         TLS1_3_RFC_AES_128_CCM_SHA256,
91         TLS1_3_CK_AES_128_CCM_SHA256,
92         SSL_kANY,
93         SSL_aANY,
94         SSL_AES128CCM,
95         SSL_AEAD,
96         TLS1_3_VERSION, TLS1_3_VERSION,
97         0, 0,
98         SSL_NOT_DEFAULT | SSL_HIGH,
99         SSL_HANDSHAKE_MAC_SHA256,
100         128,
101         128,
102     }, {
103         1,
104         TLS1_3_RFC_AES_128_CCM_8_SHA256,
105         TLS1_3_RFC_AES_128_CCM_8_SHA256,
106         TLS1_3_CK_AES_128_CCM_8_SHA256,
107         SSL_kANY,
108         SSL_aANY,
109         SSL_AES128CCM8,
110         SSL_AEAD,
111         TLS1_3_VERSION, TLS1_3_VERSION,
112         0, 0,
113         SSL_NOT_DEFAULT | SSL_MEDIUM,
114         SSL_HANDSHAKE_MAC_SHA256,
115         64, /* CCM8 uses a short tag, so we have a low security strength */
116         128,
117     },
118 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
119     {
120         1,
121         TLS1_3_RFC_SHA256_SHA256,
122         TLS1_3_RFC_SHA256_SHA256,
123         TLS1_3_CK_SHA256_SHA256,
124         SSL_kANY,
125         SSL_aANY,
126         SSL_eNULL,
127         SSL_SHA256,
128         TLS1_3_VERSION, TLS1_3_VERSION,
129         0, 0,
130         SSL_NOT_DEFAULT | SSL_STRONG_NONE,
131         SSL_HANDSHAKE_MAC_SHA256,
132         0,
133         256,
134     }, {
135         1,
136         TLS1_3_RFC_SHA384_SHA384,
137         TLS1_3_RFC_SHA384_SHA384,
138         TLS1_3_CK_SHA384_SHA384,
139         SSL_kANY,
140         SSL_aANY,
141         SSL_eNULL,
142         SSL_SHA384,
143         TLS1_3_VERSION, TLS1_3_VERSION,
144         0, 0,
145         SSL_NOT_DEFAULT | SSL_STRONG_NONE,
146         SSL_HANDSHAKE_MAC_SHA384,
147         0,
148         384,
149     },
150 #endif
151 };
152 
153 /*
154  * The list of available ciphers, mostly organized into the following
155  * groups:
156  *      Always there
157  *      EC
158  *      PSK
159  *      SRP (within that: RSA EC PSK)
160  *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
161  *      Weak ciphers
162  */
163 static SSL_CIPHER ssl3_ciphers[] = {
164 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
165     {
166      1,
167      SSL3_TXT_RSA_NULL_MD5,
168      SSL3_RFC_RSA_NULL_MD5,
169      SSL3_CK_RSA_NULL_MD5,
170      SSL_kRSA,
171      SSL_aRSA,
172      SSL_eNULL,
173      SSL_MD5,
174      SSL3_VERSION, TLS1_2_VERSION,
175      DTLS1_BAD_VER, DTLS1_2_VERSION,
176      SSL_STRONG_NONE,
177      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
178      0,
179      0,
180      },
181     {
182      1,
183      SSL3_TXT_RSA_NULL_SHA,
184      SSL3_RFC_RSA_NULL_SHA,
185      SSL3_CK_RSA_NULL_SHA,
186      SSL_kRSA,
187      SSL_aRSA,
188      SSL_eNULL,
189      SSL_SHA1,
190      SSL3_VERSION, TLS1_2_VERSION,
191      DTLS1_BAD_VER, DTLS1_2_VERSION,
192      SSL_STRONG_NONE | SSL_FIPS,
193      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
194      0,
195      0,
196      },
197 #endif
198 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
199     {
200      1,
201      SSL3_TXT_RSA_DES_192_CBC3_SHA,
202      SSL3_RFC_RSA_DES_192_CBC3_SHA,
203      SSL3_CK_RSA_DES_192_CBC3_SHA,
204      SSL_kRSA,
205      SSL_aRSA,
206      SSL_3DES,
207      SSL_SHA1,
208      SSL3_VERSION, TLS1_2_VERSION,
209      DTLS1_BAD_VER, DTLS1_2_VERSION,
210      SSL_NOT_DEFAULT | SSL_MEDIUM,
211      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
212      112,
213      168,
214      },
215     {
216      1,
217      SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
218      SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
219      SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
220      SSL_kDHE,
221      SSL_aDSS,
222      SSL_3DES,
223      SSL_SHA1,
224      SSL3_VERSION, TLS1_2_VERSION,
225      DTLS1_BAD_VER, DTLS1_2_VERSION,
226      SSL_NOT_DEFAULT | SSL_MEDIUM,
227      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228      112,
229      168,
230      },
231     {
232      1,
233      SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
234      SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
235      SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
236      SSL_kDHE,
237      SSL_aRSA,
238      SSL_3DES,
239      SSL_SHA1,
240      SSL3_VERSION, TLS1_2_VERSION,
241      DTLS1_BAD_VER, DTLS1_2_VERSION,
242      SSL_NOT_DEFAULT | SSL_MEDIUM,
243      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
244      112,
245      168,
246      },
247     {
248      1,
249      SSL3_TXT_ADH_DES_192_CBC_SHA,
250      SSL3_RFC_ADH_DES_192_CBC_SHA,
251      SSL3_CK_ADH_DES_192_CBC_SHA,
252      SSL_kDHE,
253      SSL_aNULL,
254      SSL_3DES,
255      SSL_SHA1,
256      SSL3_VERSION, TLS1_2_VERSION,
257      DTLS1_BAD_VER, DTLS1_2_VERSION,
258      SSL_NOT_DEFAULT | SSL_MEDIUM,
259      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
260      112,
261      168,
262      },
263 #endif
264     {
265      1,
266      TLS1_TXT_RSA_WITH_AES_128_SHA,
267      TLS1_RFC_RSA_WITH_AES_128_SHA,
268      TLS1_CK_RSA_WITH_AES_128_SHA,
269      SSL_kRSA,
270      SSL_aRSA,
271      SSL_AES128,
272      SSL_SHA1,
273      SSL3_VERSION, TLS1_2_VERSION,
274      DTLS1_BAD_VER, DTLS1_2_VERSION,
275      SSL_HIGH | SSL_FIPS,
276      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
277      128,
278      128,
279      },
280     {
281      1,
282      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
283      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
284      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
285      SSL_kDHE,
286      SSL_aDSS,
287      SSL_AES128,
288      SSL_SHA1,
289      SSL3_VERSION, TLS1_2_VERSION,
290      DTLS1_BAD_VER, DTLS1_2_VERSION,
291      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
292      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293      128,
294      128,
295      },
296     {
297      1,
298      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
299      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
300      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
301      SSL_kDHE,
302      SSL_aRSA,
303      SSL_AES128,
304      SSL_SHA1,
305      SSL3_VERSION, TLS1_2_VERSION,
306      DTLS1_BAD_VER, DTLS1_2_VERSION,
307      SSL_HIGH | SSL_FIPS,
308      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
309      128,
310      128,
311      },
312     {
313      1,
314      TLS1_TXT_ADH_WITH_AES_128_SHA,
315      TLS1_RFC_ADH_WITH_AES_128_SHA,
316      TLS1_CK_ADH_WITH_AES_128_SHA,
317      SSL_kDHE,
318      SSL_aNULL,
319      SSL_AES128,
320      SSL_SHA1,
321      SSL3_VERSION, TLS1_2_VERSION,
322      DTLS1_BAD_VER, DTLS1_2_VERSION,
323      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
324      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
325      128,
326      128,
327      },
328     {
329      1,
330      TLS1_TXT_RSA_WITH_AES_256_SHA,
331      TLS1_RFC_RSA_WITH_AES_256_SHA,
332      TLS1_CK_RSA_WITH_AES_256_SHA,
333      SSL_kRSA,
334      SSL_aRSA,
335      SSL_AES256,
336      SSL_SHA1,
337      SSL3_VERSION, TLS1_2_VERSION,
338      DTLS1_BAD_VER, DTLS1_2_VERSION,
339      SSL_HIGH | SSL_FIPS,
340      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
341      256,
342      256,
343      },
344     {
345      1,
346      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
347      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
348      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
349      SSL_kDHE,
350      SSL_aDSS,
351      SSL_AES256,
352      SSL_SHA1,
353      SSL3_VERSION, TLS1_2_VERSION,
354      DTLS1_BAD_VER, DTLS1_2_VERSION,
355      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
356      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
357      256,
358      256,
359      },
360     {
361      1,
362      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
363      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
364      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
365      SSL_kDHE,
366      SSL_aRSA,
367      SSL_AES256,
368      SSL_SHA1,
369      SSL3_VERSION, TLS1_2_VERSION,
370      DTLS1_BAD_VER, DTLS1_2_VERSION,
371      SSL_HIGH | SSL_FIPS,
372      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
373      256,
374      256,
375      },
376     {
377      1,
378      TLS1_TXT_ADH_WITH_AES_256_SHA,
379      TLS1_RFC_ADH_WITH_AES_256_SHA,
380      TLS1_CK_ADH_WITH_AES_256_SHA,
381      SSL_kDHE,
382      SSL_aNULL,
383      SSL_AES256,
384      SSL_SHA1,
385      SSL3_VERSION, TLS1_2_VERSION,
386      DTLS1_BAD_VER, DTLS1_2_VERSION,
387      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
388      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
389      256,
390      256,
391      },
392 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
393     {
394      1,
395      TLS1_TXT_RSA_WITH_NULL_SHA256,
396      TLS1_RFC_RSA_WITH_NULL_SHA256,
397      TLS1_CK_RSA_WITH_NULL_SHA256,
398      SSL_kRSA,
399      SSL_aRSA,
400      SSL_eNULL,
401      SSL_SHA256,
402      TLS1_2_VERSION, TLS1_2_VERSION,
403      DTLS1_2_VERSION, DTLS1_2_VERSION,
404      SSL_STRONG_NONE | SSL_FIPS,
405      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
406      0,
407      0,
408      },
409 #endif
410     {
411      1,
412      TLS1_TXT_RSA_WITH_AES_128_SHA256,
413      TLS1_RFC_RSA_WITH_AES_128_SHA256,
414      TLS1_CK_RSA_WITH_AES_128_SHA256,
415      SSL_kRSA,
416      SSL_aRSA,
417      SSL_AES128,
418      SSL_SHA256,
419      TLS1_2_VERSION, TLS1_2_VERSION,
420      DTLS1_2_VERSION, DTLS1_2_VERSION,
421      SSL_HIGH | SSL_FIPS,
422      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
423      128,
424      128,
425      },
426     {
427      1,
428      TLS1_TXT_RSA_WITH_AES_256_SHA256,
429      TLS1_RFC_RSA_WITH_AES_256_SHA256,
430      TLS1_CK_RSA_WITH_AES_256_SHA256,
431      SSL_kRSA,
432      SSL_aRSA,
433      SSL_AES256,
434      SSL_SHA256,
435      TLS1_2_VERSION, TLS1_2_VERSION,
436      DTLS1_2_VERSION, DTLS1_2_VERSION,
437      SSL_HIGH | SSL_FIPS,
438      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
439      256,
440      256,
441      },
442     {
443      1,
444      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
445      TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
446      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
447      SSL_kDHE,
448      SSL_aDSS,
449      SSL_AES128,
450      SSL_SHA256,
451      TLS1_2_VERSION, TLS1_2_VERSION,
452      DTLS1_2_VERSION, DTLS1_2_VERSION,
453      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
454      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
455      128,
456      128,
457      },
458     {
459      1,
460      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
461      TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
462      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
463      SSL_kDHE,
464      SSL_aRSA,
465      SSL_AES128,
466      SSL_SHA256,
467      TLS1_2_VERSION, TLS1_2_VERSION,
468      DTLS1_2_VERSION, DTLS1_2_VERSION,
469      SSL_HIGH | SSL_FIPS,
470      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
471      128,
472      128,
473      },
474     {
475      1,
476      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
477      TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
478      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
479      SSL_kDHE,
480      SSL_aDSS,
481      SSL_AES256,
482      SSL_SHA256,
483      TLS1_2_VERSION, TLS1_2_VERSION,
484      DTLS1_2_VERSION, DTLS1_2_VERSION,
485      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
486      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
487      256,
488      256,
489      },
490     {
491      1,
492      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
493      TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
494      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
495      SSL_kDHE,
496      SSL_aRSA,
497      SSL_AES256,
498      SSL_SHA256,
499      TLS1_2_VERSION, TLS1_2_VERSION,
500      DTLS1_2_VERSION, DTLS1_2_VERSION,
501      SSL_HIGH | SSL_FIPS,
502      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
503      256,
504      256,
505      },
506     {
507      1,
508      TLS1_TXT_ADH_WITH_AES_128_SHA256,
509      TLS1_RFC_ADH_WITH_AES_128_SHA256,
510      TLS1_CK_ADH_WITH_AES_128_SHA256,
511      SSL_kDHE,
512      SSL_aNULL,
513      SSL_AES128,
514      SSL_SHA256,
515      TLS1_2_VERSION, TLS1_2_VERSION,
516      DTLS1_2_VERSION, DTLS1_2_VERSION,
517      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
518      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
519      128,
520      128,
521      },
522     {
523      1,
524      TLS1_TXT_ADH_WITH_AES_256_SHA256,
525      TLS1_RFC_ADH_WITH_AES_256_SHA256,
526      TLS1_CK_ADH_WITH_AES_256_SHA256,
527      SSL_kDHE,
528      SSL_aNULL,
529      SSL_AES256,
530      SSL_SHA256,
531      TLS1_2_VERSION, TLS1_2_VERSION,
532      DTLS1_2_VERSION, DTLS1_2_VERSION,
533      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
534      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
535      256,
536      256,
537      },
538     {
539      1,
540      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
541      TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
542      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
543      SSL_kRSA,
544      SSL_aRSA,
545      SSL_AES128GCM,
546      SSL_AEAD,
547      TLS1_2_VERSION, TLS1_2_VERSION,
548      DTLS1_2_VERSION, DTLS1_2_VERSION,
549      SSL_HIGH | SSL_FIPS,
550      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
551      128,
552      128,
553      },
554     {
555      1,
556      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
557      TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
558      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
559      SSL_kRSA,
560      SSL_aRSA,
561      SSL_AES256GCM,
562      SSL_AEAD,
563      TLS1_2_VERSION, TLS1_2_VERSION,
564      DTLS1_2_VERSION, DTLS1_2_VERSION,
565      SSL_HIGH | SSL_FIPS,
566      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
567      256,
568      256,
569      },
570     {
571      1,
572      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
573      TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
574      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
575      SSL_kDHE,
576      SSL_aRSA,
577      SSL_AES128GCM,
578      SSL_AEAD,
579      TLS1_2_VERSION, TLS1_2_VERSION,
580      DTLS1_2_VERSION, DTLS1_2_VERSION,
581      SSL_HIGH | SSL_FIPS,
582      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
583      128,
584      128,
585      },
586     {
587      1,
588      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
589      TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
590      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
591      SSL_kDHE,
592      SSL_aRSA,
593      SSL_AES256GCM,
594      SSL_AEAD,
595      TLS1_2_VERSION, TLS1_2_VERSION,
596      DTLS1_2_VERSION, DTLS1_2_VERSION,
597      SSL_HIGH | SSL_FIPS,
598      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
599      256,
600      256,
601      },
602     {
603      1,
604      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
605      TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
606      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
607      SSL_kDHE,
608      SSL_aDSS,
609      SSL_AES128GCM,
610      SSL_AEAD,
611      TLS1_2_VERSION, TLS1_2_VERSION,
612      DTLS1_2_VERSION, DTLS1_2_VERSION,
613      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
614      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
615      128,
616      128,
617      },
618     {
619      1,
620      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
621      TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
622      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
623      SSL_kDHE,
624      SSL_aDSS,
625      SSL_AES256GCM,
626      SSL_AEAD,
627      TLS1_2_VERSION, TLS1_2_VERSION,
628      DTLS1_2_VERSION, DTLS1_2_VERSION,
629      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
630      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
631      256,
632      256,
633      },
634     {
635      1,
636      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
637      TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
638      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
639      SSL_kDHE,
640      SSL_aNULL,
641      SSL_AES128GCM,
642      SSL_AEAD,
643      TLS1_2_VERSION, TLS1_2_VERSION,
644      DTLS1_2_VERSION, DTLS1_2_VERSION,
645      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
646      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
647      128,
648      128,
649      },
650     {
651      1,
652      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
653      TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
654      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
655      SSL_kDHE,
656      SSL_aNULL,
657      SSL_AES256GCM,
658      SSL_AEAD,
659      TLS1_2_VERSION, TLS1_2_VERSION,
660      DTLS1_2_VERSION, DTLS1_2_VERSION,
661      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
662      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
663      256,
664      256,
665      },
666     {
667      1,
668      TLS1_TXT_RSA_WITH_AES_128_CCM,
669      TLS1_RFC_RSA_WITH_AES_128_CCM,
670      TLS1_CK_RSA_WITH_AES_128_CCM,
671      SSL_kRSA,
672      SSL_aRSA,
673      SSL_AES128CCM,
674      SSL_AEAD,
675      TLS1_2_VERSION, TLS1_2_VERSION,
676      DTLS1_2_VERSION, DTLS1_2_VERSION,
677      SSL_NOT_DEFAULT | SSL_HIGH,
678      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
679      128,
680      128,
681      },
682     {
683      1,
684      TLS1_TXT_RSA_WITH_AES_256_CCM,
685      TLS1_RFC_RSA_WITH_AES_256_CCM,
686      TLS1_CK_RSA_WITH_AES_256_CCM,
687      SSL_kRSA,
688      SSL_aRSA,
689      SSL_AES256CCM,
690      SSL_AEAD,
691      TLS1_2_VERSION, TLS1_2_VERSION,
692      DTLS1_2_VERSION, DTLS1_2_VERSION,
693      SSL_NOT_DEFAULT | SSL_HIGH,
694      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
695      256,
696      256,
697      },
698     {
699      1,
700      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
701      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
702      TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
703      SSL_kDHE,
704      SSL_aRSA,
705      SSL_AES128CCM,
706      SSL_AEAD,
707      TLS1_2_VERSION, TLS1_2_VERSION,
708      DTLS1_2_VERSION, DTLS1_2_VERSION,
709      SSL_NOT_DEFAULT | SSL_HIGH,
710      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
711      128,
712      128,
713      },
714     {
715      1,
716      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
717      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
718      TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
719      SSL_kDHE,
720      SSL_aRSA,
721      SSL_AES256CCM,
722      SSL_AEAD,
723      TLS1_2_VERSION, TLS1_2_VERSION,
724      DTLS1_2_VERSION, DTLS1_2_VERSION,
725      SSL_NOT_DEFAULT | SSL_HIGH,
726      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
727      256,
728      256,
729      },
730     {
731      1,
732      TLS1_TXT_RSA_WITH_AES_128_CCM_8,
733      TLS1_RFC_RSA_WITH_AES_128_CCM_8,
734      TLS1_CK_RSA_WITH_AES_128_CCM_8,
735      SSL_kRSA,
736      SSL_aRSA,
737      SSL_AES128CCM8,
738      SSL_AEAD,
739      TLS1_2_VERSION, TLS1_2_VERSION,
740      DTLS1_2_VERSION, DTLS1_2_VERSION,
741      SSL_NOT_DEFAULT | SSL_MEDIUM,
742      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
743      64, /* CCM8 uses a short tag, so we have a low security strength */
744      128,
745      },
746     {
747      1,
748      TLS1_TXT_RSA_WITH_AES_256_CCM_8,
749      TLS1_RFC_RSA_WITH_AES_256_CCM_8,
750      TLS1_CK_RSA_WITH_AES_256_CCM_8,
751      SSL_kRSA,
752      SSL_aRSA,
753      SSL_AES256CCM8,
754      SSL_AEAD,
755      TLS1_2_VERSION, TLS1_2_VERSION,
756      DTLS1_2_VERSION, DTLS1_2_VERSION,
757      SSL_NOT_DEFAULT | SSL_MEDIUM,
758      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
759      64, /* CCM8 uses a short tag, so we have a low security strength */
760      256,
761      },
762     {
763      1,
764      TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
765      TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
766      TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
767      SSL_kDHE,
768      SSL_aRSA,
769      SSL_AES128CCM8,
770      SSL_AEAD,
771      TLS1_2_VERSION, TLS1_2_VERSION,
772      DTLS1_2_VERSION, DTLS1_2_VERSION,
773      SSL_NOT_DEFAULT | SSL_MEDIUM,
774      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
775      64, /* CCM8 uses a short tag, so we have a low security strength */
776      128,
777      },
778     {
779      1,
780      TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
781      TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
782      TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
783      SSL_kDHE,
784      SSL_aRSA,
785      SSL_AES256CCM8,
786      SSL_AEAD,
787      TLS1_2_VERSION, TLS1_2_VERSION,
788      DTLS1_2_VERSION, DTLS1_2_VERSION,
789      SSL_NOT_DEFAULT | SSL_MEDIUM,
790      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
791      64, /* CCM8 uses a short tag, so we have a low security strength */
792      256,
793      },
794     {
795      1,
796      TLS1_TXT_PSK_WITH_AES_128_CCM,
797      TLS1_RFC_PSK_WITH_AES_128_CCM,
798      TLS1_CK_PSK_WITH_AES_128_CCM,
799      SSL_kPSK,
800      SSL_aPSK,
801      SSL_AES128CCM,
802      SSL_AEAD,
803      TLS1_2_VERSION, TLS1_2_VERSION,
804      DTLS1_2_VERSION, DTLS1_2_VERSION,
805      SSL_NOT_DEFAULT | SSL_HIGH,
806      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
807      128,
808      128,
809      },
810     {
811      1,
812      TLS1_TXT_PSK_WITH_AES_256_CCM,
813      TLS1_RFC_PSK_WITH_AES_256_CCM,
814      TLS1_CK_PSK_WITH_AES_256_CCM,
815      SSL_kPSK,
816      SSL_aPSK,
817      SSL_AES256CCM,
818      SSL_AEAD,
819      TLS1_2_VERSION, TLS1_2_VERSION,
820      DTLS1_2_VERSION, DTLS1_2_VERSION,
821      SSL_NOT_DEFAULT | SSL_HIGH,
822      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
823      256,
824      256,
825      },
826     {
827      1,
828      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
829      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
830      TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
831      SSL_kDHEPSK,
832      SSL_aPSK,
833      SSL_AES128CCM,
834      SSL_AEAD,
835      TLS1_2_VERSION, TLS1_2_VERSION,
836      DTLS1_2_VERSION, DTLS1_2_VERSION,
837      SSL_NOT_DEFAULT | SSL_HIGH,
838      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
839      128,
840      128,
841      },
842     {
843      1,
844      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
845      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
846      TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
847      SSL_kDHEPSK,
848      SSL_aPSK,
849      SSL_AES256CCM,
850      SSL_AEAD,
851      TLS1_2_VERSION, TLS1_2_VERSION,
852      DTLS1_2_VERSION, DTLS1_2_VERSION,
853      SSL_NOT_DEFAULT | SSL_HIGH,
854      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
855      256,
856      256,
857      },
858     {
859      1,
860      TLS1_TXT_PSK_WITH_AES_128_CCM_8,
861      TLS1_RFC_PSK_WITH_AES_128_CCM_8,
862      TLS1_CK_PSK_WITH_AES_128_CCM_8,
863      SSL_kPSK,
864      SSL_aPSK,
865      SSL_AES128CCM8,
866      SSL_AEAD,
867      TLS1_2_VERSION, TLS1_2_VERSION,
868      DTLS1_2_VERSION, DTLS1_2_VERSION,
869      SSL_NOT_DEFAULT | SSL_MEDIUM,
870      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
871      64, /* CCM8 uses a short tag, so we have a low security strength */
872      128,
873      },
874     {
875      1,
876      TLS1_TXT_PSK_WITH_AES_256_CCM_8,
877      TLS1_RFC_PSK_WITH_AES_256_CCM_8,
878      TLS1_CK_PSK_WITH_AES_256_CCM_8,
879      SSL_kPSK,
880      SSL_aPSK,
881      SSL_AES256CCM8,
882      SSL_AEAD,
883      TLS1_2_VERSION, TLS1_2_VERSION,
884      DTLS1_2_VERSION, DTLS1_2_VERSION,
885      SSL_NOT_DEFAULT | SSL_MEDIUM,
886      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
887      64, /* CCM8 uses a short tag, so we have a low security strength */
888      256,
889      },
890     {
891      1,
892      TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
893      TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
894      TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
895      SSL_kDHEPSK,
896      SSL_aPSK,
897      SSL_AES128CCM8,
898      SSL_AEAD,
899      TLS1_2_VERSION, TLS1_2_VERSION,
900      DTLS1_2_VERSION, DTLS1_2_VERSION,
901      SSL_NOT_DEFAULT | SSL_MEDIUM,
902      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
903      64, /* CCM8 uses a short tag, so we have a low security strength */
904      128,
905      },
906     {
907      1,
908      TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
909      TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
910      TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
911      SSL_kDHEPSK,
912      SSL_aPSK,
913      SSL_AES256CCM8,
914      SSL_AEAD,
915      TLS1_2_VERSION, TLS1_2_VERSION,
916      DTLS1_2_VERSION, DTLS1_2_VERSION,
917      SSL_NOT_DEFAULT | SSL_MEDIUM,
918      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
919      64, /* CCM8 uses a short tag, so we have a low security strength */
920      256,
921      },
922     {
923      1,
924      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
925      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
926      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
927      SSL_kECDHE,
928      SSL_aECDSA,
929      SSL_AES128CCM,
930      SSL_AEAD,
931      TLS1_2_VERSION, TLS1_2_VERSION,
932      DTLS1_2_VERSION, DTLS1_2_VERSION,
933      SSL_NOT_DEFAULT | SSL_HIGH,
934      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
935      128,
936      128,
937      },
938     {
939      1,
940      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
941      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
942      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
943      SSL_kECDHE,
944      SSL_aECDSA,
945      SSL_AES256CCM,
946      SSL_AEAD,
947      TLS1_2_VERSION, TLS1_2_VERSION,
948      DTLS1_2_VERSION, DTLS1_2_VERSION,
949      SSL_NOT_DEFAULT | SSL_HIGH,
950      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
951      256,
952      256,
953      },
954     {
955      1,
956      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
957      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
958      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
959      SSL_kECDHE,
960      SSL_aECDSA,
961      SSL_AES128CCM8,
962      SSL_AEAD,
963      TLS1_2_VERSION, TLS1_2_VERSION,
964      DTLS1_2_VERSION, DTLS1_2_VERSION,
965      SSL_NOT_DEFAULT | SSL_MEDIUM,
966      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
967      64, /* CCM8 uses a short tag, so we have a low security strength */
968      128,
969      },
970     {
971      1,
972      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
973      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
974      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
975      SSL_kECDHE,
976      SSL_aECDSA,
977      SSL_AES256CCM8,
978      SSL_AEAD,
979      TLS1_2_VERSION, TLS1_2_VERSION,
980      DTLS1_2_VERSION, DTLS1_2_VERSION,
981      SSL_NOT_DEFAULT | SSL_MEDIUM,
982      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
983      64, /* CCM8 uses a short tag, so we have a low security strength */
984      256,
985      },
986 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
987     {
988      1,
989      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
990      TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
991      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
992      SSL_kECDHE,
993      SSL_aECDSA,
994      SSL_eNULL,
995      SSL_SHA1,
996      TLS1_VERSION, TLS1_2_VERSION,
997      DTLS1_BAD_VER, DTLS1_2_VERSION,
998      SSL_STRONG_NONE | SSL_FIPS,
999      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1000      0,
1001      0,
1002      },
1003 #endif
1004 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1005     {
1006      1,
1007      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1008      TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1009      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1010      SSL_kECDHE,
1011      SSL_aECDSA,
1012      SSL_3DES,
1013      SSL_SHA1,
1014      TLS1_VERSION, TLS1_2_VERSION,
1015      DTLS1_BAD_VER, DTLS1_2_VERSION,
1016      SSL_NOT_DEFAULT | SSL_MEDIUM,
1017      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1018      112,
1019      168,
1020      },
1021 # endif
1022     {
1023      1,
1024      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1025      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1026      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1027      SSL_kECDHE,
1028      SSL_aECDSA,
1029      SSL_AES128,
1030      SSL_SHA1,
1031      TLS1_VERSION, TLS1_2_VERSION,
1032      DTLS1_BAD_VER, DTLS1_2_VERSION,
1033      SSL_HIGH | SSL_FIPS,
1034      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1035      128,
1036      128,
1037      },
1038     {
1039      1,
1040      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1041      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1042      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1043      SSL_kECDHE,
1044      SSL_aECDSA,
1045      SSL_AES256,
1046      SSL_SHA1,
1047      TLS1_VERSION, TLS1_2_VERSION,
1048      DTLS1_BAD_VER, DTLS1_2_VERSION,
1049      SSL_HIGH | SSL_FIPS,
1050      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1051      256,
1052      256,
1053      },
1054 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1055     {
1056      1,
1057      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1058      TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1059      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1060      SSL_kECDHE,
1061      SSL_aRSA,
1062      SSL_eNULL,
1063      SSL_SHA1,
1064      TLS1_VERSION, TLS1_2_VERSION,
1065      DTLS1_BAD_VER, DTLS1_2_VERSION,
1066      SSL_STRONG_NONE | SSL_FIPS,
1067      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1068      0,
1069      0,
1070      },
1071 #endif
1072 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1073     {
1074      1,
1075      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1076      TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1077      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1078      SSL_kECDHE,
1079      SSL_aRSA,
1080      SSL_3DES,
1081      SSL_SHA1,
1082      TLS1_VERSION, TLS1_2_VERSION,
1083      DTLS1_BAD_VER, DTLS1_2_VERSION,
1084      SSL_NOT_DEFAULT | SSL_MEDIUM,
1085      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1086      112,
1087      168,
1088      },
1089 # endif
1090     {
1091      1,
1092      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1093      TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1094      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1095      SSL_kECDHE,
1096      SSL_aRSA,
1097      SSL_AES128,
1098      SSL_SHA1,
1099      TLS1_VERSION, TLS1_2_VERSION,
1100      DTLS1_BAD_VER, DTLS1_2_VERSION,
1101      SSL_HIGH | SSL_FIPS,
1102      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1103      128,
1104      128,
1105      },
1106     {
1107      1,
1108      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1109      TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1110      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1111      SSL_kECDHE,
1112      SSL_aRSA,
1113      SSL_AES256,
1114      SSL_SHA1,
1115      TLS1_VERSION, TLS1_2_VERSION,
1116      DTLS1_BAD_VER, DTLS1_2_VERSION,
1117      SSL_HIGH | SSL_FIPS,
1118      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1119      256,
1120      256,
1121      },
1122 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1123     {
1124      1,
1125      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1126      TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1127      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1128      SSL_kECDHE,
1129      SSL_aNULL,
1130      SSL_eNULL,
1131      SSL_SHA1,
1132      TLS1_VERSION, TLS1_2_VERSION,
1133      DTLS1_BAD_VER, DTLS1_2_VERSION,
1134      SSL_STRONG_NONE | SSL_FIPS,
1135      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1136      0,
1137      0,
1138      },
1139 #endif
1140 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1141     {
1142      1,
1143      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1144      TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1145      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1146      SSL_kECDHE,
1147      SSL_aNULL,
1148      SSL_3DES,
1149      SSL_SHA1,
1150      TLS1_VERSION, TLS1_2_VERSION,
1151      DTLS1_BAD_VER, DTLS1_2_VERSION,
1152      SSL_NOT_DEFAULT | SSL_MEDIUM,
1153      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1154      112,
1155      168,
1156      },
1157 # endif
1158     {
1159      1,
1160      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1161      TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1162      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1163      SSL_kECDHE,
1164      SSL_aNULL,
1165      SSL_AES128,
1166      SSL_SHA1,
1167      TLS1_VERSION, TLS1_2_VERSION,
1168      DTLS1_BAD_VER, DTLS1_2_VERSION,
1169      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1170      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1171      128,
1172      128,
1173      },
1174     {
1175      1,
1176      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1177      TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1178      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1179      SSL_kECDHE,
1180      SSL_aNULL,
1181      SSL_AES256,
1182      SSL_SHA1,
1183      TLS1_VERSION, TLS1_2_VERSION,
1184      DTLS1_BAD_VER, DTLS1_2_VERSION,
1185      SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1186      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1187      256,
1188      256,
1189      },
1190     {
1191      1,
1192      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1193      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1194      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1195      SSL_kECDHE,
1196      SSL_aECDSA,
1197      SSL_AES128,
1198      SSL_SHA256,
1199      TLS1_2_VERSION, TLS1_2_VERSION,
1200      DTLS1_2_VERSION, DTLS1_2_VERSION,
1201      SSL_HIGH | SSL_FIPS,
1202      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1203      128,
1204      128,
1205      },
1206     {
1207      1,
1208      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1209      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1210      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1211      SSL_kECDHE,
1212      SSL_aECDSA,
1213      SSL_AES256,
1214      SSL_SHA384,
1215      TLS1_2_VERSION, TLS1_2_VERSION,
1216      DTLS1_2_VERSION, DTLS1_2_VERSION,
1217      SSL_HIGH | SSL_FIPS,
1218      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1219      256,
1220      256,
1221      },
1222     {
1223      1,
1224      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1225      TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1226      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1227      SSL_kECDHE,
1228      SSL_aRSA,
1229      SSL_AES128,
1230      SSL_SHA256,
1231      TLS1_2_VERSION, TLS1_2_VERSION,
1232      DTLS1_2_VERSION, DTLS1_2_VERSION,
1233      SSL_HIGH | SSL_FIPS,
1234      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1235      128,
1236      128,
1237      },
1238     {
1239      1,
1240      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1241      TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1242      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1243      SSL_kECDHE,
1244      SSL_aRSA,
1245      SSL_AES256,
1246      SSL_SHA384,
1247      TLS1_2_VERSION, TLS1_2_VERSION,
1248      DTLS1_2_VERSION, DTLS1_2_VERSION,
1249      SSL_HIGH | SSL_FIPS,
1250      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1251      256,
1252      256,
1253      },
1254     {
1255      1,
1256      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1257      TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1258      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1259      SSL_kECDHE,
1260      SSL_aECDSA,
1261      SSL_AES128GCM,
1262      SSL_AEAD,
1263      TLS1_2_VERSION, TLS1_2_VERSION,
1264      DTLS1_2_VERSION, DTLS1_2_VERSION,
1265      SSL_HIGH | SSL_FIPS,
1266      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1267      128,
1268      128,
1269      },
1270     {
1271      1,
1272      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1273      TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1274      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1275      SSL_kECDHE,
1276      SSL_aECDSA,
1277      SSL_AES256GCM,
1278      SSL_AEAD,
1279      TLS1_2_VERSION, TLS1_2_VERSION,
1280      DTLS1_2_VERSION, DTLS1_2_VERSION,
1281      SSL_HIGH | SSL_FIPS,
1282      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1283      256,
1284      256,
1285      },
1286     {
1287      1,
1288      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1289      TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1290      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1291      SSL_kECDHE,
1292      SSL_aRSA,
1293      SSL_AES128GCM,
1294      SSL_AEAD,
1295      TLS1_2_VERSION, TLS1_2_VERSION,
1296      DTLS1_2_VERSION, DTLS1_2_VERSION,
1297      SSL_HIGH | SSL_FIPS,
1298      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1299      128,
1300      128,
1301      },
1302     {
1303      1,
1304      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1305      TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1306      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1307      SSL_kECDHE,
1308      SSL_aRSA,
1309      SSL_AES256GCM,
1310      SSL_AEAD,
1311      TLS1_2_VERSION, TLS1_2_VERSION,
1312      DTLS1_2_VERSION, DTLS1_2_VERSION,
1313      SSL_HIGH | SSL_FIPS,
1314      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1315      256,
1316      256,
1317      },
1318 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1319     {
1320      1,
1321      TLS1_TXT_PSK_WITH_NULL_SHA,
1322      TLS1_RFC_PSK_WITH_NULL_SHA,
1323      TLS1_CK_PSK_WITH_NULL_SHA,
1324      SSL_kPSK,
1325      SSL_aPSK,
1326      SSL_eNULL,
1327      SSL_SHA1,
1328      SSL3_VERSION, TLS1_2_VERSION,
1329      DTLS1_BAD_VER, DTLS1_2_VERSION,
1330      SSL_STRONG_NONE | SSL_FIPS,
1331      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1332      0,
1333      0,
1334      },
1335     {
1336      1,
1337      TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1338      TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1339      TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1340      SSL_kDHEPSK,
1341      SSL_aPSK,
1342      SSL_eNULL,
1343      SSL_SHA1,
1344      SSL3_VERSION, TLS1_2_VERSION,
1345      DTLS1_BAD_VER, DTLS1_2_VERSION,
1346      SSL_STRONG_NONE | SSL_FIPS,
1347      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1348      0,
1349      0,
1350      },
1351     {
1352      1,
1353      TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1354      TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1355      TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1356      SSL_kRSAPSK,
1357      SSL_aRSA,
1358      SSL_eNULL,
1359      SSL_SHA1,
1360      SSL3_VERSION, TLS1_2_VERSION,
1361      DTLS1_BAD_VER, DTLS1_2_VERSION,
1362      SSL_STRONG_NONE | SSL_FIPS,
1363      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1364      0,
1365      0,
1366      },
1367 #endif
1368 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1369     {
1370      1,
1371      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1372      TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1373      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1374      SSL_kPSK,
1375      SSL_aPSK,
1376      SSL_3DES,
1377      SSL_SHA1,
1378      SSL3_VERSION, TLS1_2_VERSION,
1379      DTLS1_BAD_VER, DTLS1_2_VERSION,
1380      SSL_NOT_DEFAULT | SSL_MEDIUM,
1381      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1382      112,
1383      168,
1384      },
1385 # endif
1386     {
1387      1,
1388      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1389      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1390      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1391      SSL_kPSK,
1392      SSL_aPSK,
1393      SSL_AES128,
1394      SSL_SHA1,
1395      SSL3_VERSION, TLS1_2_VERSION,
1396      DTLS1_BAD_VER, DTLS1_2_VERSION,
1397      SSL_HIGH | SSL_FIPS,
1398      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1399      128,
1400      128,
1401      },
1402     {
1403      1,
1404      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1405      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1406      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1407      SSL_kPSK,
1408      SSL_aPSK,
1409      SSL_AES256,
1410      SSL_SHA1,
1411      SSL3_VERSION, TLS1_2_VERSION,
1412      DTLS1_BAD_VER, DTLS1_2_VERSION,
1413      SSL_HIGH | SSL_FIPS,
1414      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1415      256,
1416      256,
1417      },
1418 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1419     {
1420      1,
1421      TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1422      TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1423      TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1424      SSL_kDHEPSK,
1425      SSL_aPSK,
1426      SSL_3DES,
1427      SSL_SHA1,
1428      SSL3_VERSION, TLS1_2_VERSION,
1429      DTLS1_BAD_VER, DTLS1_2_VERSION,
1430      SSL_NOT_DEFAULT | SSL_MEDIUM,
1431      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1432      112,
1433      168,
1434      },
1435 # endif
1436     {
1437      1,
1438      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1439      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1440      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1441      SSL_kDHEPSK,
1442      SSL_aPSK,
1443      SSL_AES128,
1444      SSL_SHA1,
1445      SSL3_VERSION, TLS1_2_VERSION,
1446      DTLS1_BAD_VER, DTLS1_2_VERSION,
1447      SSL_HIGH | SSL_FIPS,
1448      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1449      128,
1450      128,
1451      },
1452     {
1453      1,
1454      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1455      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1456      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1457      SSL_kDHEPSK,
1458      SSL_aPSK,
1459      SSL_AES256,
1460      SSL_SHA1,
1461      SSL3_VERSION, TLS1_2_VERSION,
1462      DTLS1_BAD_VER, DTLS1_2_VERSION,
1463      SSL_HIGH | SSL_FIPS,
1464      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1465      256,
1466      256,
1467      },
1468 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1469     {
1470      1,
1471      TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1472      TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1473      TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1474      SSL_kRSAPSK,
1475      SSL_aRSA,
1476      SSL_3DES,
1477      SSL_SHA1,
1478      SSL3_VERSION, TLS1_2_VERSION,
1479      DTLS1_BAD_VER, DTLS1_2_VERSION,
1480      SSL_NOT_DEFAULT | SSL_MEDIUM,
1481      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1482      112,
1483      168,
1484      },
1485 # endif
1486     {
1487      1,
1488      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1489      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1490      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1491      SSL_kRSAPSK,
1492      SSL_aRSA,
1493      SSL_AES128,
1494      SSL_SHA1,
1495      SSL3_VERSION, TLS1_2_VERSION,
1496      DTLS1_BAD_VER, DTLS1_2_VERSION,
1497      SSL_HIGH | SSL_FIPS,
1498      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1499      128,
1500      128,
1501      },
1502     {
1503      1,
1504      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1505      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1506      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1507      SSL_kRSAPSK,
1508      SSL_aRSA,
1509      SSL_AES256,
1510      SSL_SHA1,
1511      SSL3_VERSION, TLS1_2_VERSION,
1512      DTLS1_BAD_VER, DTLS1_2_VERSION,
1513      SSL_HIGH | SSL_FIPS,
1514      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1515      256,
1516      256,
1517      },
1518     {
1519      1,
1520      TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1521      TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1522      TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1523      SSL_kPSK,
1524      SSL_aPSK,
1525      SSL_AES128GCM,
1526      SSL_AEAD,
1527      TLS1_2_VERSION, TLS1_2_VERSION,
1528      DTLS1_2_VERSION, DTLS1_2_VERSION,
1529      SSL_HIGH | SSL_FIPS,
1530      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1531      128,
1532      128,
1533      },
1534     {
1535      1,
1536      TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1537      TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1538      TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1539      SSL_kPSK,
1540      SSL_aPSK,
1541      SSL_AES256GCM,
1542      SSL_AEAD,
1543      TLS1_2_VERSION, TLS1_2_VERSION,
1544      DTLS1_2_VERSION, DTLS1_2_VERSION,
1545      SSL_HIGH | SSL_FIPS,
1546      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1547      256,
1548      256,
1549      },
1550     {
1551      1,
1552      TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1553      TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1554      TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1555      SSL_kDHEPSK,
1556      SSL_aPSK,
1557      SSL_AES128GCM,
1558      SSL_AEAD,
1559      TLS1_2_VERSION, TLS1_2_VERSION,
1560      DTLS1_2_VERSION, DTLS1_2_VERSION,
1561      SSL_HIGH | SSL_FIPS,
1562      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1563      128,
1564      128,
1565      },
1566     {
1567      1,
1568      TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1569      TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1570      TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1571      SSL_kDHEPSK,
1572      SSL_aPSK,
1573      SSL_AES256GCM,
1574      SSL_AEAD,
1575      TLS1_2_VERSION, TLS1_2_VERSION,
1576      DTLS1_2_VERSION, DTLS1_2_VERSION,
1577      SSL_HIGH | SSL_FIPS,
1578      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1579      256,
1580      256,
1581      },
1582     {
1583      1,
1584      TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1585      TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1586      TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1587      SSL_kRSAPSK,
1588      SSL_aRSA,
1589      SSL_AES128GCM,
1590      SSL_AEAD,
1591      TLS1_2_VERSION, TLS1_2_VERSION,
1592      DTLS1_2_VERSION, DTLS1_2_VERSION,
1593      SSL_HIGH | SSL_FIPS,
1594      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1595      128,
1596      128,
1597      },
1598     {
1599      1,
1600      TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1601      TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1602      TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1603      SSL_kRSAPSK,
1604      SSL_aRSA,
1605      SSL_AES256GCM,
1606      SSL_AEAD,
1607      TLS1_2_VERSION, TLS1_2_VERSION,
1608      DTLS1_2_VERSION, DTLS1_2_VERSION,
1609      SSL_HIGH | SSL_FIPS,
1610      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1611      256,
1612      256,
1613      },
1614     {
1615      1,
1616      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1617      TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1618      TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1619      SSL_kPSK,
1620      SSL_aPSK,
1621      SSL_AES128,
1622      SSL_SHA256,
1623      TLS1_VERSION, TLS1_2_VERSION,
1624      DTLS1_BAD_VER, DTLS1_2_VERSION,
1625      SSL_HIGH | SSL_FIPS,
1626      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1627      128,
1628      128,
1629      },
1630     {
1631      1,
1632      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1633      TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1634      TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1635      SSL_kPSK,
1636      SSL_aPSK,
1637      SSL_AES256,
1638      SSL_SHA384,
1639      TLS1_VERSION, TLS1_2_VERSION,
1640      DTLS1_BAD_VER, DTLS1_2_VERSION,
1641      SSL_HIGH | SSL_FIPS,
1642      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1643      256,
1644      256,
1645      },
1646 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1647     {
1648      1,
1649      TLS1_TXT_PSK_WITH_NULL_SHA256,
1650      TLS1_RFC_PSK_WITH_NULL_SHA256,
1651      TLS1_CK_PSK_WITH_NULL_SHA256,
1652      SSL_kPSK,
1653      SSL_aPSK,
1654      SSL_eNULL,
1655      SSL_SHA256,
1656      TLS1_VERSION, TLS1_2_VERSION,
1657      DTLS1_BAD_VER, DTLS1_2_VERSION,
1658      SSL_STRONG_NONE | SSL_FIPS,
1659      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1660      0,
1661      0,
1662      },
1663     {
1664      1,
1665      TLS1_TXT_PSK_WITH_NULL_SHA384,
1666      TLS1_RFC_PSK_WITH_NULL_SHA384,
1667      TLS1_CK_PSK_WITH_NULL_SHA384,
1668      SSL_kPSK,
1669      SSL_aPSK,
1670      SSL_eNULL,
1671      SSL_SHA384,
1672      TLS1_VERSION, TLS1_2_VERSION,
1673      DTLS1_BAD_VER, DTLS1_2_VERSION,
1674      SSL_STRONG_NONE | SSL_FIPS,
1675      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1676      0,
1677      0,
1678      },
1679 #endif
1680     {
1681      1,
1682      TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1683      TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1684      TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1685      SSL_kDHEPSK,
1686      SSL_aPSK,
1687      SSL_AES128,
1688      SSL_SHA256,
1689      TLS1_VERSION, TLS1_2_VERSION,
1690      DTLS1_BAD_VER, DTLS1_2_VERSION,
1691      SSL_HIGH | SSL_FIPS,
1692      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1693      128,
1694      128,
1695      },
1696     {
1697      1,
1698      TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1699      TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1700      TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1701      SSL_kDHEPSK,
1702      SSL_aPSK,
1703      SSL_AES256,
1704      SSL_SHA384,
1705      TLS1_VERSION, TLS1_2_VERSION,
1706      DTLS1_BAD_VER, DTLS1_2_VERSION,
1707      SSL_HIGH | SSL_FIPS,
1708      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1709      256,
1710      256,
1711      },
1712 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1713     {
1714      1,
1715      TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1716      TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1717      TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1718      SSL_kDHEPSK,
1719      SSL_aPSK,
1720      SSL_eNULL,
1721      SSL_SHA256,
1722      TLS1_VERSION, TLS1_2_VERSION,
1723      DTLS1_BAD_VER, DTLS1_2_VERSION,
1724      SSL_STRONG_NONE | SSL_FIPS,
1725      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1726      0,
1727      0,
1728      },
1729     {
1730      1,
1731      TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1732      TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1733      TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1734      SSL_kDHEPSK,
1735      SSL_aPSK,
1736      SSL_eNULL,
1737      SSL_SHA384,
1738      TLS1_VERSION, TLS1_2_VERSION,
1739      DTLS1_BAD_VER, DTLS1_2_VERSION,
1740      SSL_STRONG_NONE | SSL_FIPS,
1741      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1742      0,
1743      0,
1744      },
1745 #endif
1746     {
1747      1,
1748      TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1749      TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1750      TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1751      SSL_kRSAPSK,
1752      SSL_aRSA,
1753      SSL_AES128,
1754      SSL_SHA256,
1755      TLS1_VERSION, TLS1_2_VERSION,
1756      DTLS1_BAD_VER, DTLS1_2_VERSION,
1757      SSL_HIGH | SSL_FIPS,
1758      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1759      128,
1760      128,
1761      },
1762     {
1763      1,
1764      TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1765      TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1766      TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1767      SSL_kRSAPSK,
1768      SSL_aRSA,
1769      SSL_AES256,
1770      SSL_SHA384,
1771      TLS1_VERSION, TLS1_2_VERSION,
1772      DTLS1_BAD_VER, DTLS1_2_VERSION,
1773      SSL_HIGH | SSL_FIPS,
1774      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1775      256,
1776      256,
1777      },
1778 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1779     {
1780      1,
1781      TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1782      TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1783      TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1784      SSL_kRSAPSK,
1785      SSL_aRSA,
1786      SSL_eNULL,
1787      SSL_SHA256,
1788      TLS1_VERSION, TLS1_2_VERSION,
1789      DTLS1_BAD_VER, DTLS1_2_VERSION,
1790      SSL_STRONG_NONE | SSL_FIPS,
1791      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1792      0,
1793      0,
1794      },
1795     {
1796      1,
1797      TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1798      TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1799      TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1800      SSL_kRSAPSK,
1801      SSL_aRSA,
1802      SSL_eNULL,
1803      SSL_SHA384,
1804      TLS1_VERSION, TLS1_2_VERSION,
1805      DTLS1_BAD_VER, DTLS1_2_VERSION,
1806      SSL_STRONG_NONE | SSL_FIPS,
1807      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1808      0,
1809      0,
1810      },
1811 #endif
1812 #  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1813     {
1814      1,
1815      TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1816      TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1817      TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1818      SSL_kECDHEPSK,
1819      SSL_aPSK,
1820      SSL_3DES,
1821      SSL_SHA1,
1822      TLS1_VERSION, TLS1_2_VERSION,
1823      DTLS1_BAD_VER, DTLS1_2_VERSION,
1824      SSL_NOT_DEFAULT | SSL_MEDIUM,
1825      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1826      112,
1827      168,
1828      },
1829 #  endif
1830     {
1831      1,
1832      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1833      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1834      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1835      SSL_kECDHEPSK,
1836      SSL_aPSK,
1837      SSL_AES128,
1838      SSL_SHA1,
1839      TLS1_VERSION, TLS1_2_VERSION,
1840      DTLS1_BAD_VER, DTLS1_2_VERSION,
1841      SSL_HIGH | SSL_FIPS,
1842      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1843      128,
1844      128,
1845      },
1846     {
1847      1,
1848      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1849      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1850      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1851      SSL_kECDHEPSK,
1852      SSL_aPSK,
1853      SSL_AES256,
1854      SSL_SHA1,
1855      TLS1_VERSION, TLS1_2_VERSION,
1856      DTLS1_BAD_VER, DTLS1_2_VERSION,
1857      SSL_HIGH | SSL_FIPS,
1858      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859      256,
1860      256,
1861      },
1862     {
1863      1,
1864      TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1865      TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1866      TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1867      SSL_kECDHEPSK,
1868      SSL_aPSK,
1869      SSL_AES128,
1870      SSL_SHA256,
1871      TLS1_VERSION, TLS1_2_VERSION,
1872      DTLS1_BAD_VER, DTLS1_2_VERSION,
1873      SSL_HIGH | SSL_FIPS,
1874      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875      128,
1876      128,
1877      },
1878     {
1879      1,
1880      TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1881      TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1882      TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1883      SSL_kECDHEPSK,
1884      SSL_aPSK,
1885      SSL_AES256,
1886      SSL_SHA384,
1887      TLS1_VERSION, TLS1_2_VERSION,
1888      DTLS1_BAD_VER, DTLS1_2_VERSION,
1889      SSL_HIGH | SSL_FIPS,
1890      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1891      256,
1892      256,
1893      },
1894 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1895     {
1896      1,
1897      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1898      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1899      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1900      SSL_kECDHEPSK,
1901      SSL_aPSK,
1902      SSL_eNULL,
1903      SSL_SHA1,
1904      TLS1_VERSION, TLS1_2_VERSION,
1905      DTLS1_BAD_VER, DTLS1_2_VERSION,
1906      SSL_STRONG_NONE | SSL_FIPS,
1907      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1908      0,
1909      0,
1910      },
1911     {
1912      1,
1913      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1914      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1915      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1916      SSL_kECDHEPSK,
1917      SSL_aPSK,
1918      SSL_eNULL,
1919      SSL_SHA256,
1920      TLS1_VERSION, TLS1_2_VERSION,
1921      DTLS1_BAD_VER, DTLS1_2_VERSION,
1922      SSL_STRONG_NONE | SSL_FIPS,
1923      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1924      0,
1925      0,
1926      },
1927     {
1928      1,
1929      TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1930      TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1931      TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1932      SSL_kECDHEPSK,
1933      SSL_aPSK,
1934      SSL_eNULL,
1935      SSL_SHA384,
1936      TLS1_VERSION, TLS1_2_VERSION,
1937      DTLS1_BAD_VER, DTLS1_2_VERSION,
1938      SSL_STRONG_NONE | SSL_FIPS,
1939      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1940      0,
1941      0,
1942      },
1943 #endif
1944 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1945     {
1946      1,
1947      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1948      TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1949      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1950      SSL_kSRP,
1951      SSL_aSRP,
1952      SSL_3DES,
1953      SSL_SHA1,
1954      SSL3_VERSION, TLS1_2_VERSION,
1955      DTLS1_BAD_VER, DTLS1_2_VERSION,
1956      SSL_NOT_DEFAULT | SSL_MEDIUM,
1957      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1958      112,
1959      168,
1960      },
1961     {
1962      1,
1963      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1964      TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1965      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1966      SSL_kSRP,
1967      SSL_aRSA,
1968      SSL_3DES,
1969      SSL_SHA1,
1970      SSL3_VERSION, TLS1_2_VERSION,
1971      DTLS1_BAD_VER, DTLS1_2_VERSION,
1972      SSL_NOT_DEFAULT | SSL_MEDIUM,
1973      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1974      112,
1975      168,
1976      },
1977     {
1978      1,
1979      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1980      TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1981      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1982      SSL_kSRP,
1983      SSL_aDSS,
1984      SSL_3DES,
1985      SSL_SHA1,
1986      SSL3_VERSION, TLS1_2_VERSION,
1987      DTLS1_BAD_VER, DTLS1_2_VERSION,
1988      SSL_NOT_DEFAULT | SSL_MEDIUM,
1989      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1990      112,
1991      168,
1992      },
1993 # endif
1994     {
1995      1,
1996      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1997      TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1998      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1999      SSL_kSRP,
2000      SSL_aSRP,
2001      SSL_AES128,
2002      SSL_SHA1,
2003      SSL3_VERSION, TLS1_2_VERSION,
2004      DTLS1_BAD_VER, DTLS1_2_VERSION,
2005      SSL_HIGH,
2006      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2007      128,
2008      128,
2009      },
2010     {
2011      1,
2012      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2013      TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2014      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2015      SSL_kSRP,
2016      SSL_aRSA,
2017      SSL_AES128,
2018      SSL_SHA1,
2019      SSL3_VERSION, TLS1_2_VERSION,
2020      DTLS1_BAD_VER, DTLS1_2_VERSION,
2021      SSL_HIGH,
2022      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2023      128,
2024      128,
2025      },
2026     {
2027      1,
2028      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2029      TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2030      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2031      SSL_kSRP,
2032      SSL_aDSS,
2033      SSL_AES128,
2034      SSL_SHA1,
2035      SSL3_VERSION, TLS1_2_VERSION,
2036      DTLS1_BAD_VER, DTLS1_2_VERSION,
2037      SSL_NOT_DEFAULT | SSL_HIGH,
2038      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2039      128,
2040      128,
2041      },
2042     {
2043      1,
2044      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2045      TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2046      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2047      SSL_kSRP,
2048      SSL_aSRP,
2049      SSL_AES256,
2050      SSL_SHA1,
2051      SSL3_VERSION, TLS1_2_VERSION,
2052      DTLS1_BAD_VER, DTLS1_2_VERSION,
2053      SSL_HIGH,
2054      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2055      256,
2056      256,
2057      },
2058     {
2059      1,
2060      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2061      TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2062      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2063      SSL_kSRP,
2064      SSL_aRSA,
2065      SSL_AES256,
2066      SSL_SHA1,
2067      SSL3_VERSION, TLS1_2_VERSION,
2068      DTLS1_BAD_VER, DTLS1_2_VERSION,
2069      SSL_HIGH,
2070      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2071      256,
2072      256,
2073      },
2074     {
2075      1,
2076      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2077      TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2078      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2079      SSL_kSRP,
2080      SSL_aDSS,
2081      SSL_AES256,
2082      SSL_SHA1,
2083      SSL3_VERSION, TLS1_2_VERSION,
2084      DTLS1_BAD_VER, DTLS1_2_VERSION,
2085      SSL_NOT_DEFAULT | SSL_HIGH,
2086      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2087      256,
2088      256,
2089      },
2090 
2091     {
2092      1,
2093      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2094      TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2095      TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2096      SSL_kDHE,
2097      SSL_aRSA,
2098      SSL_CHACHA20POLY1305,
2099      SSL_AEAD,
2100      TLS1_2_VERSION, TLS1_2_VERSION,
2101      DTLS1_2_VERSION, DTLS1_2_VERSION,
2102      SSL_HIGH,
2103      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2104      256,
2105      256,
2106      },
2107     {
2108      1,
2109      TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2110      TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2111      TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2112      SSL_kECDHE,
2113      SSL_aRSA,
2114      SSL_CHACHA20POLY1305,
2115      SSL_AEAD,
2116      TLS1_2_VERSION, TLS1_2_VERSION,
2117      DTLS1_2_VERSION, DTLS1_2_VERSION,
2118      SSL_HIGH,
2119      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2120      256,
2121      256,
2122      },
2123     {
2124      1,
2125      TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2126      TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2127      TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2128      SSL_kECDHE,
2129      SSL_aECDSA,
2130      SSL_CHACHA20POLY1305,
2131      SSL_AEAD,
2132      TLS1_2_VERSION, TLS1_2_VERSION,
2133      DTLS1_2_VERSION, DTLS1_2_VERSION,
2134      SSL_HIGH,
2135      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2136      256,
2137      256,
2138      },
2139     {
2140      1,
2141      TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2142      TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2143      TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2144      SSL_kPSK,
2145      SSL_aPSK,
2146      SSL_CHACHA20POLY1305,
2147      SSL_AEAD,
2148      TLS1_2_VERSION, TLS1_2_VERSION,
2149      DTLS1_2_VERSION, DTLS1_2_VERSION,
2150      SSL_HIGH,
2151      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2152      256,
2153      256,
2154      },
2155     {
2156      1,
2157      TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2158      TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2159      TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2160      SSL_kECDHEPSK,
2161      SSL_aPSK,
2162      SSL_CHACHA20POLY1305,
2163      SSL_AEAD,
2164      TLS1_2_VERSION, TLS1_2_VERSION,
2165      DTLS1_2_VERSION, DTLS1_2_VERSION,
2166      SSL_HIGH,
2167      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2168      256,
2169      256,
2170      },
2171     {
2172      1,
2173      TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2174      TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2175      TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2176      SSL_kDHEPSK,
2177      SSL_aPSK,
2178      SSL_CHACHA20POLY1305,
2179      SSL_AEAD,
2180      TLS1_2_VERSION, TLS1_2_VERSION,
2181      DTLS1_2_VERSION, DTLS1_2_VERSION,
2182      SSL_HIGH,
2183      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2184      256,
2185      256,
2186      },
2187     {
2188      1,
2189      TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2190      TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2191      TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2192      SSL_kRSAPSK,
2193      SSL_aRSA,
2194      SSL_CHACHA20POLY1305,
2195      SSL_AEAD,
2196      TLS1_2_VERSION, TLS1_2_VERSION,
2197      DTLS1_2_VERSION, DTLS1_2_VERSION,
2198      SSL_HIGH,
2199      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2200      256,
2201      256,
2202      },
2203 
2204     {
2205      1,
2206      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2207      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2208      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2209      SSL_kRSA,
2210      SSL_aRSA,
2211      SSL_CAMELLIA128,
2212      SSL_SHA256,
2213      TLS1_2_VERSION, TLS1_2_VERSION,
2214      DTLS1_2_VERSION, DTLS1_2_VERSION,
2215      SSL_NOT_DEFAULT | SSL_HIGH,
2216      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2217      128,
2218      128,
2219      },
2220     {
2221      1,
2222      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2223      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2224      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2225      SSL_kDHE,
2226      SSL_aDSS,
2227      SSL_CAMELLIA128,
2228      SSL_SHA256,
2229      TLS1_2_VERSION, TLS1_2_VERSION,
2230      DTLS1_2_VERSION, DTLS1_2_VERSION,
2231      SSL_NOT_DEFAULT | SSL_HIGH,
2232      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2233      128,
2234      128,
2235      },
2236     {
2237      1,
2238      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2239      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2240      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2241      SSL_kDHE,
2242      SSL_aRSA,
2243      SSL_CAMELLIA128,
2244      SSL_SHA256,
2245      TLS1_2_VERSION, TLS1_2_VERSION,
2246      DTLS1_2_VERSION, DTLS1_2_VERSION,
2247      SSL_NOT_DEFAULT | SSL_HIGH,
2248      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2249      128,
2250      128,
2251      },
2252     {
2253      1,
2254      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2255      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2256      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2257      SSL_kDHE,
2258      SSL_aNULL,
2259      SSL_CAMELLIA128,
2260      SSL_SHA256,
2261      TLS1_2_VERSION, TLS1_2_VERSION,
2262      DTLS1_2_VERSION, DTLS1_2_VERSION,
2263      SSL_NOT_DEFAULT | SSL_HIGH,
2264      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2265      128,
2266      128,
2267      },
2268     {
2269      1,
2270      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2271      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2272      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2273      SSL_kRSA,
2274      SSL_aRSA,
2275      SSL_CAMELLIA256,
2276      SSL_SHA256,
2277      TLS1_2_VERSION, TLS1_2_VERSION,
2278      DTLS1_2_VERSION, DTLS1_2_VERSION,
2279      SSL_NOT_DEFAULT | SSL_HIGH,
2280      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2281      256,
2282      256,
2283      },
2284     {
2285      1,
2286      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2287      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2288      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2289      SSL_kDHE,
2290      SSL_aDSS,
2291      SSL_CAMELLIA256,
2292      SSL_SHA256,
2293      TLS1_2_VERSION, TLS1_2_VERSION,
2294      DTLS1_2_VERSION, DTLS1_2_VERSION,
2295      SSL_NOT_DEFAULT | SSL_HIGH,
2296      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2297      256,
2298      256,
2299      },
2300     {
2301      1,
2302      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2303      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2304      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2305      SSL_kDHE,
2306      SSL_aRSA,
2307      SSL_CAMELLIA256,
2308      SSL_SHA256,
2309      TLS1_2_VERSION, TLS1_2_VERSION,
2310      DTLS1_2_VERSION, DTLS1_2_VERSION,
2311      SSL_NOT_DEFAULT | SSL_HIGH,
2312      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2313      256,
2314      256,
2315      },
2316     {
2317      1,
2318      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2319      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2320      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2321      SSL_kDHE,
2322      SSL_aNULL,
2323      SSL_CAMELLIA256,
2324      SSL_SHA256,
2325      TLS1_2_VERSION, TLS1_2_VERSION,
2326      DTLS1_2_VERSION, DTLS1_2_VERSION,
2327      SSL_NOT_DEFAULT | SSL_HIGH,
2328      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2329      256,
2330      256,
2331      },
2332     {
2333      1,
2334      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2335      TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2336      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2337      SSL_kRSA,
2338      SSL_aRSA,
2339      SSL_CAMELLIA256,
2340      SSL_SHA1,
2341      SSL3_VERSION, TLS1_2_VERSION,
2342      DTLS1_BAD_VER, DTLS1_2_VERSION,
2343      SSL_NOT_DEFAULT | SSL_HIGH,
2344      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2345      256,
2346      256,
2347      },
2348     {
2349      1,
2350      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2351      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2352      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2353      SSL_kDHE,
2354      SSL_aDSS,
2355      SSL_CAMELLIA256,
2356      SSL_SHA1,
2357      SSL3_VERSION, TLS1_2_VERSION,
2358      DTLS1_BAD_VER, DTLS1_2_VERSION,
2359      SSL_NOT_DEFAULT | SSL_HIGH,
2360      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2361      256,
2362      256,
2363      },
2364     {
2365      1,
2366      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2367      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2368      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2369      SSL_kDHE,
2370      SSL_aRSA,
2371      SSL_CAMELLIA256,
2372      SSL_SHA1,
2373      SSL3_VERSION, TLS1_2_VERSION,
2374      DTLS1_BAD_VER, DTLS1_2_VERSION,
2375      SSL_NOT_DEFAULT | SSL_HIGH,
2376      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2377      256,
2378      256,
2379      },
2380     {
2381      1,
2382      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2383      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2384      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2385      SSL_kDHE,
2386      SSL_aNULL,
2387      SSL_CAMELLIA256,
2388      SSL_SHA1,
2389      SSL3_VERSION, TLS1_2_VERSION,
2390      DTLS1_BAD_VER, DTLS1_2_VERSION,
2391      SSL_NOT_DEFAULT | SSL_HIGH,
2392      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2393      256,
2394      256,
2395      },
2396     {
2397      1,
2398      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2399      TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2400      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2401      SSL_kRSA,
2402      SSL_aRSA,
2403      SSL_CAMELLIA128,
2404      SSL_SHA1,
2405      SSL3_VERSION, TLS1_2_VERSION,
2406      DTLS1_BAD_VER, DTLS1_2_VERSION,
2407      SSL_NOT_DEFAULT | SSL_HIGH,
2408      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2409      128,
2410      128,
2411      },
2412     {
2413      1,
2414      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2415      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2416      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2417      SSL_kDHE,
2418      SSL_aDSS,
2419      SSL_CAMELLIA128,
2420      SSL_SHA1,
2421      SSL3_VERSION, TLS1_2_VERSION,
2422      DTLS1_BAD_VER, DTLS1_2_VERSION,
2423      SSL_NOT_DEFAULT | SSL_HIGH,
2424      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2425      128,
2426      128,
2427      },
2428     {
2429      1,
2430      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2431      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2432      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2433      SSL_kDHE,
2434      SSL_aRSA,
2435      SSL_CAMELLIA128,
2436      SSL_SHA1,
2437      SSL3_VERSION, TLS1_2_VERSION,
2438      DTLS1_BAD_VER, DTLS1_2_VERSION,
2439      SSL_NOT_DEFAULT | SSL_HIGH,
2440      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2441      128,
2442      128,
2443      },
2444     {
2445      1,
2446      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2447      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2448      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2449      SSL_kDHE,
2450      SSL_aNULL,
2451      SSL_CAMELLIA128,
2452      SSL_SHA1,
2453      SSL3_VERSION, TLS1_2_VERSION,
2454      DTLS1_BAD_VER, DTLS1_2_VERSION,
2455      SSL_NOT_DEFAULT | SSL_HIGH,
2456      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2457      128,
2458      128,
2459      },
2460     {
2461      1,
2462      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2463      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2464      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2465      SSL_kECDHE,
2466      SSL_aECDSA,
2467      SSL_CAMELLIA128,
2468      SSL_SHA256,
2469      TLS1_2_VERSION, TLS1_2_VERSION,
2470      DTLS1_2_VERSION, DTLS1_2_VERSION,
2471      SSL_NOT_DEFAULT | SSL_HIGH,
2472      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2473      128,
2474      128,
2475      },
2476     {
2477      1,
2478      TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2479      TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2480      TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2481      SSL_kECDHE,
2482      SSL_aECDSA,
2483      SSL_CAMELLIA256,
2484      SSL_SHA384,
2485      TLS1_2_VERSION, TLS1_2_VERSION,
2486      DTLS1_2_VERSION, DTLS1_2_VERSION,
2487      SSL_NOT_DEFAULT | SSL_HIGH,
2488      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2489      256,
2490      256,
2491      },
2492     {
2493      1,
2494      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2495      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2496      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2497      SSL_kECDHE,
2498      SSL_aRSA,
2499      SSL_CAMELLIA128,
2500      SSL_SHA256,
2501      TLS1_2_VERSION, TLS1_2_VERSION,
2502      DTLS1_2_VERSION, DTLS1_2_VERSION,
2503      SSL_NOT_DEFAULT | SSL_HIGH,
2504      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2505      128,
2506      128,
2507      },
2508     {
2509      1,
2510      TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2511      TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2512      TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2513      SSL_kECDHE,
2514      SSL_aRSA,
2515      SSL_CAMELLIA256,
2516      SSL_SHA384,
2517      TLS1_2_VERSION, TLS1_2_VERSION,
2518      DTLS1_2_VERSION, DTLS1_2_VERSION,
2519      SSL_NOT_DEFAULT | SSL_HIGH,
2520      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2521      256,
2522      256,
2523      },
2524     {
2525      1,
2526      TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2527      TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528      TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529      SSL_kPSK,
2530      SSL_aPSK,
2531      SSL_CAMELLIA128,
2532      SSL_SHA256,
2533      TLS1_VERSION, TLS1_2_VERSION,
2534      DTLS1_BAD_VER, DTLS1_2_VERSION,
2535      SSL_NOT_DEFAULT | SSL_HIGH,
2536      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2537      128,
2538      128,
2539      },
2540     {
2541      1,
2542      TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2543      TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544      TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545      SSL_kPSK,
2546      SSL_aPSK,
2547      SSL_CAMELLIA256,
2548      SSL_SHA384,
2549      TLS1_VERSION, TLS1_2_VERSION,
2550      DTLS1_BAD_VER, DTLS1_2_VERSION,
2551      SSL_NOT_DEFAULT | SSL_HIGH,
2552      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2553      256,
2554      256,
2555      },
2556     {
2557      1,
2558      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2559      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560      TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561      SSL_kDHEPSK,
2562      SSL_aPSK,
2563      SSL_CAMELLIA128,
2564      SSL_SHA256,
2565      TLS1_VERSION, TLS1_2_VERSION,
2566      DTLS1_BAD_VER, DTLS1_2_VERSION,
2567      SSL_NOT_DEFAULT | SSL_HIGH,
2568      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2569      128,
2570      128,
2571      },
2572     {
2573      1,
2574      TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2575      TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576      TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577      SSL_kDHEPSK,
2578      SSL_aPSK,
2579      SSL_CAMELLIA256,
2580      SSL_SHA384,
2581      TLS1_VERSION, TLS1_2_VERSION,
2582      DTLS1_BAD_VER, DTLS1_2_VERSION,
2583      SSL_NOT_DEFAULT | SSL_HIGH,
2584      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2585      256,
2586      256,
2587      },
2588     {
2589      1,
2590      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2591      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592      TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593      SSL_kRSAPSK,
2594      SSL_aRSA,
2595      SSL_CAMELLIA128,
2596      SSL_SHA256,
2597      TLS1_VERSION, TLS1_2_VERSION,
2598      DTLS1_BAD_VER, DTLS1_2_VERSION,
2599      SSL_NOT_DEFAULT | SSL_HIGH,
2600      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2601      128,
2602      128,
2603      },
2604     {
2605      1,
2606      TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2607      TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608      TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609      SSL_kRSAPSK,
2610      SSL_aRSA,
2611      SSL_CAMELLIA256,
2612      SSL_SHA384,
2613      TLS1_VERSION, TLS1_2_VERSION,
2614      DTLS1_BAD_VER, DTLS1_2_VERSION,
2615      SSL_NOT_DEFAULT | SSL_HIGH,
2616      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2617      256,
2618      256,
2619      },
2620     {
2621      1,
2622      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2623      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2624      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2625      SSL_kECDHEPSK,
2626      SSL_aPSK,
2627      SSL_CAMELLIA128,
2628      SSL_SHA256,
2629      TLS1_VERSION, TLS1_2_VERSION,
2630      DTLS1_BAD_VER, DTLS1_2_VERSION,
2631      SSL_NOT_DEFAULT | SSL_HIGH,
2632      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2633      128,
2634      128,
2635      },
2636     {
2637      1,
2638      TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2639      TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2640      TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2641      SSL_kECDHEPSK,
2642      SSL_aPSK,
2643      SSL_CAMELLIA256,
2644      SSL_SHA384,
2645      TLS1_VERSION, TLS1_2_VERSION,
2646      DTLS1_BAD_VER, DTLS1_2_VERSION,
2647      SSL_NOT_DEFAULT | SSL_HIGH,
2648      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2649      256,
2650      256,
2651      },
2652 
2653 #ifndef OPENSSL_NO_GOST
2654     {
2655      1,
2656      "GOST2001-GOST89-GOST89",
2657      "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2658      0x3000081,
2659      SSL_kGOST,
2660      SSL_aGOST01,
2661      SSL_eGOST2814789CNT,
2662      SSL_GOST89MAC,
2663      TLS1_VERSION, TLS1_2_VERSION,
2664      0, 0,
2665      SSL_HIGH,
2666      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2667      256,
2668      256,
2669      },
2670 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2671     {
2672      1,
2673      "GOST2001-NULL-GOST94",
2674      "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2675      0x3000083,
2676      SSL_kGOST,
2677      SSL_aGOST01,
2678      SSL_eNULL,
2679      SSL_GOST94,
2680      TLS1_VERSION, TLS1_2_VERSION,
2681      0, 0,
2682      SSL_STRONG_NONE,
2683      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2684      0,
2685      0,
2686      },
2687 # endif
2688     {
2689      1,
2690      "IANA-GOST2012-GOST8912-GOST8912",
2691      NULL,
2692      0x0300c102,
2693      SSL_kGOST,
2694      SSL_aGOST12 | SSL_aGOST01,
2695      SSL_eGOST2814789CNT12,
2696      SSL_GOST89MAC12,
2697      TLS1_VERSION, TLS1_2_VERSION,
2698      0, 0,
2699      SSL_HIGH,
2700      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2701      256,
2702      256,
2703      },
2704     {
2705      1,
2706      "LEGACY-GOST2012-GOST8912-GOST8912",
2707      NULL,
2708      0x0300ff85,
2709      SSL_kGOST,
2710      SSL_aGOST12 | SSL_aGOST01,
2711      SSL_eGOST2814789CNT12,
2712      SSL_GOST89MAC12,
2713      TLS1_VERSION, TLS1_2_VERSION,
2714      0, 0,
2715      SSL_HIGH,
2716      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2717      256,
2718      256,
2719      },
2720 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2721     {
2722      1,
2723      "GOST2012-NULL-GOST12",
2724      NULL,
2725      0x0300ff87,
2726      SSL_kGOST,
2727      SSL_aGOST12 | SSL_aGOST01,
2728      SSL_eNULL,
2729      SSL_GOST12_256,
2730      TLS1_VERSION, TLS1_2_VERSION,
2731      0, 0,
2732      SSL_STRONG_NONE,
2733      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2734      0,
2735      0,
2736      },
2737 # endif
2738     {
2739      1,
2740      "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2741      NULL,
2742      0x0300C100,
2743      SSL_kGOST18,
2744      SSL_aGOST12,
2745      SSL_KUZNYECHIK,
2746      SSL_KUZNYECHIKOMAC,
2747      TLS1_2_VERSION, TLS1_2_VERSION,
2748      0, 0,
2749      SSL_HIGH,
2750      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2751      256,
2752      256,
2753      },
2754     {
2755      1,
2756      "GOST2012-MAGMA-MAGMAOMAC",
2757      NULL,
2758      0x0300C101,
2759      SSL_kGOST18,
2760      SSL_aGOST12,
2761      SSL_MAGMA,
2762      SSL_MAGMAOMAC,
2763      TLS1_2_VERSION, TLS1_2_VERSION,
2764      0, 0,
2765      SSL_HIGH,
2766      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2767      256,
2768      256,
2769      },
2770 #endif                          /* OPENSSL_NO_GOST */
2771 
2772     {
2773      1,
2774      SSL3_TXT_RSA_IDEA_128_SHA,
2775      SSL3_RFC_RSA_IDEA_128_SHA,
2776      SSL3_CK_RSA_IDEA_128_SHA,
2777      SSL_kRSA,
2778      SSL_aRSA,
2779      SSL_IDEA,
2780      SSL_SHA1,
2781      SSL3_VERSION, TLS1_1_VERSION,
2782      DTLS1_BAD_VER, DTLS1_VERSION,
2783      SSL_NOT_DEFAULT | SSL_MEDIUM,
2784      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2785      128,
2786      128,
2787      },
2788 
2789     {
2790      1,
2791      TLS1_TXT_RSA_WITH_SEED_SHA,
2792      TLS1_RFC_RSA_WITH_SEED_SHA,
2793      TLS1_CK_RSA_WITH_SEED_SHA,
2794      SSL_kRSA,
2795      SSL_aRSA,
2796      SSL_SEED,
2797      SSL_SHA1,
2798      SSL3_VERSION, TLS1_2_VERSION,
2799      DTLS1_BAD_VER, DTLS1_2_VERSION,
2800      SSL_NOT_DEFAULT | SSL_MEDIUM,
2801      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2802      128,
2803      128,
2804      },
2805     {
2806      1,
2807      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2808      TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2809      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2810      SSL_kDHE,
2811      SSL_aDSS,
2812      SSL_SEED,
2813      SSL_SHA1,
2814      SSL3_VERSION, TLS1_2_VERSION,
2815      DTLS1_BAD_VER, DTLS1_2_VERSION,
2816      SSL_NOT_DEFAULT | SSL_MEDIUM,
2817      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2818      128,
2819      128,
2820      },
2821     {
2822      1,
2823      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2824      TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2825      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2826      SSL_kDHE,
2827      SSL_aRSA,
2828      SSL_SEED,
2829      SSL_SHA1,
2830      SSL3_VERSION, TLS1_2_VERSION,
2831      DTLS1_BAD_VER, DTLS1_2_VERSION,
2832      SSL_NOT_DEFAULT | SSL_MEDIUM,
2833      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2834      128,
2835      128,
2836      },
2837     {
2838      1,
2839      TLS1_TXT_ADH_WITH_SEED_SHA,
2840      TLS1_RFC_ADH_WITH_SEED_SHA,
2841      TLS1_CK_ADH_WITH_SEED_SHA,
2842      SSL_kDHE,
2843      SSL_aNULL,
2844      SSL_SEED,
2845      SSL_SHA1,
2846      SSL3_VERSION, TLS1_2_VERSION,
2847      DTLS1_BAD_VER, DTLS1_2_VERSION,
2848      SSL_NOT_DEFAULT | SSL_MEDIUM,
2849      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2850      128,
2851      128,
2852      },
2853 
2854 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2855     {
2856      1,
2857      SSL3_TXT_RSA_RC4_128_MD5,
2858      SSL3_RFC_RSA_RC4_128_MD5,
2859      SSL3_CK_RSA_RC4_128_MD5,
2860      SSL_kRSA,
2861      SSL_aRSA,
2862      SSL_RC4,
2863      SSL_MD5,
2864      SSL3_VERSION, TLS1_2_VERSION,
2865      0, 0,
2866      SSL_NOT_DEFAULT | SSL_MEDIUM,
2867      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2868      80,
2869      128,
2870      },
2871     {
2872      1,
2873      SSL3_TXT_RSA_RC4_128_SHA,
2874      SSL3_RFC_RSA_RC4_128_SHA,
2875      SSL3_CK_RSA_RC4_128_SHA,
2876      SSL_kRSA,
2877      SSL_aRSA,
2878      SSL_RC4,
2879      SSL_SHA1,
2880      SSL3_VERSION, TLS1_2_VERSION,
2881      0, 0,
2882      SSL_NOT_DEFAULT | SSL_MEDIUM,
2883      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2884      80,
2885      128,
2886      },
2887     {
2888      1,
2889      SSL3_TXT_ADH_RC4_128_MD5,
2890      SSL3_RFC_ADH_RC4_128_MD5,
2891      SSL3_CK_ADH_RC4_128_MD5,
2892      SSL_kDHE,
2893      SSL_aNULL,
2894      SSL_RC4,
2895      SSL_MD5,
2896      SSL3_VERSION, TLS1_2_VERSION,
2897      0, 0,
2898      SSL_NOT_DEFAULT | SSL_MEDIUM,
2899      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2900      80,
2901      128,
2902      },
2903     {
2904      1,
2905      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2906      TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2907      TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2908      SSL_kECDHEPSK,
2909      SSL_aPSK,
2910      SSL_RC4,
2911      SSL_SHA1,
2912      TLS1_VERSION, TLS1_2_VERSION,
2913      0, 0,
2914      SSL_NOT_DEFAULT | SSL_MEDIUM,
2915      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2916      80,
2917      128,
2918      },
2919     {
2920      1,
2921      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2922      TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2923      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2924      SSL_kECDHE,
2925      SSL_aNULL,
2926      SSL_RC4,
2927      SSL_SHA1,
2928      TLS1_VERSION, TLS1_2_VERSION,
2929      0, 0,
2930      SSL_NOT_DEFAULT | SSL_MEDIUM,
2931      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2932      80,
2933      128,
2934      },
2935     {
2936      1,
2937      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2938      TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2939      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2940      SSL_kECDHE,
2941      SSL_aECDSA,
2942      SSL_RC4,
2943      SSL_SHA1,
2944      TLS1_VERSION, TLS1_2_VERSION,
2945      0, 0,
2946      SSL_NOT_DEFAULT | SSL_MEDIUM,
2947      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2948      80,
2949      128,
2950      },
2951     {
2952      1,
2953      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2954      TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2955      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2956      SSL_kECDHE,
2957      SSL_aRSA,
2958      SSL_RC4,
2959      SSL_SHA1,
2960      TLS1_VERSION, TLS1_2_VERSION,
2961      0, 0,
2962      SSL_NOT_DEFAULT | SSL_MEDIUM,
2963      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2964      80,
2965      128,
2966      },
2967     {
2968      1,
2969      TLS1_TXT_PSK_WITH_RC4_128_SHA,
2970      TLS1_RFC_PSK_WITH_RC4_128_SHA,
2971      TLS1_CK_PSK_WITH_RC4_128_SHA,
2972      SSL_kPSK,
2973      SSL_aPSK,
2974      SSL_RC4,
2975      SSL_SHA1,
2976      SSL3_VERSION, TLS1_2_VERSION,
2977      0, 0,
2978      SSL_NOT_DEFAULT | SSL_MEDIUM,
2979      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2980      80,
2981      128,
2982      },
2983     {
2984      1,
2985      TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2986      TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2987      TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2988      SSL_kRSAPSK,
2989      SSL_aRSA,
2990      SSL_RC4,
2991      SSL_SHA1,
2992      SSL3_VERSION, TLS1_2_VERSION,
2993      0, 0,
2994      SSL_NOT_DEFAULT | SSL_MEDIUM,
2995      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2996      80,
2997      128,
2998      },
2999     {
3000      1,
3001      TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3002      TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3003      TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3004      SSL_kDHEPSK,
3005      SSL_aPSK,
3006      SSL_RC4,
3007      SSL_SHA1,
3008      SSL3_VERSION, TLS1_2_VERSION,
3009      0, 0,
3010      SSL_NOT_DEFAULT | SSL_MEDIUM,
3011      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3012      80,
3013      128,
3014      },
3015 #endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3016 
3017     {
3018      1,
3019      TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3020      TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3021      TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3022      SSL_kRSA,
3023      SSL_aRSA,
3024      SSL_ARIA128GCM,
3025      SSL_AEAD,
3026      TLS1_2_VERSION, TLS1_2_VERSION,
3027      DTLS1_2_VERSION, DTLS1_2_VERSION,
3028      SSL_NOT_DEFAULT | SSL_HIGH,
3029      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3030      128,
3031      128,
3032      },
3033     {
3034      1,
3035      TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3036      TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3037      TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3038      SSL_kRSA,
3039      SSL_aRSA,
3040      SSL_ARIA256GCM,
3041      SSL_AEAD,
3042      TLS1_2_VERSION, TLS1_2_VERSION,
3043      DTLS1_2_VERSION, DTLS1_2_VERSION,
3044      SSL_NOT_DEFAULT | SSL_HIGH,
3045      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3046      256,
3047      256,
3048      },
3049     {
3050      1,
3051      TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052      TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053      TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3054      SSL_kDHE,
3055      SSL_aRSA,
3056      SSL_ARIA128GCM,
3057      SSL_AEAD,
3058      TLS1_2_VERSION, TLS1_2_VERSION,
3059      DTLS1_2_VERSION, DTLS1_2_VERSION,
3060      SSL_NOT_DEFAULT | SSL_HIGH,
3061      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3062      128,
3063      128,
3064      },
3065     {
3066      1,
3067      TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068      TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069      TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3070      SSL_kDHE,
3071      SSL_aRSA,
3072      SSL_ARIA256GCM,
3073      SSL_AEAD,
3074      TLS1_2_VERSION, TLS1_2_VERSION,
3075      DTLS1_2_VERSION, DTLS1_2_VERSION,
3076      SSL_NOT_DEFAULT | SSL_HIGH,
3077      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3078      256,
3079      256,
3080      },
3081     {
3082      1,
3083      TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3084      TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3085      TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3086      SSL_kDHE,
3087      SSL_aDSS,
3088      SSL_ARIA128GCM,
3089      SSL_AEAD,
3090      TLS1_2_VERSION, TLS1_2_VERSION,
3091      DTLS1_2_VERSION, DTLS1_2_VERSION,
3092      SSL_NOT_DEFAULT | SSL_HIGH,
3093      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3094      128,
3095      128,
3096      },
3097     {
3098      1,
3099      TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3100      TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3101      TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3102      SSL_kDHE,
3103      SSL_aDSS,
3104      SSL_ARIA256GCM,
3105      SSL_AEAD,
3106      TLS1_2_VERSION, TLS1_2_VERSION,
3107      DTLS1_2_VERSION, DTLS1_2_VERSION,
3108      SSL_NOT_DEFAULT | SSL_HIGH,
3109      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3110      256,
3111      256,
3112      },
3113     {
3114      1,
3115      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3116      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3117      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3118      SSL_kECDHE,
3119      SSL_aECDSA,
3120      SSL_ARIA128GCM,
3121      SSL_AEAD,
3122      TLS1_2_VERSION, TLS1_2_VERSION,
3123      DTLS1_2_VERSION, DTLS1_2_VERSION,
3124      SSL_NOT_DEFAULT | SSL_HIGH,
3125      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3126      128,
3127      128,
3128      },
3129     {
3130      1,
3131      TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3132      TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3133      TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3134      SSL_kECDHE,
3135      SSL_aECDSA,
3136      SSL_ARIA256GCM,
3137      SSL_AEAD,
3138      TLS1_2_VERSION, TLS1_2_VERSION,
3139      DTLS1_2_VERSION, DTLS1_2_VERSION,
3140      SSL_NOT_DEFAULT | SSL_HIGH,
3141      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3142      256,
3143      256,
3144      },
3145     {
3146      1,
3147      TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3148      TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3149      TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3150      SSL_kECDHE,
3151      SSL_aRSA,
3152      SSL_ARIA128GCM,
3153      SSL_AEAD,
3154      TLS1_2_VERSION, TLS1_2_VERSION,
3155      DTLS1_2_VERSION, DTLS1_2_VERSION,
3156      SSL_NOT_DEFAULT | SSL_HIGH,
3157      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3158      128,
3159      128,
3160      },
3161     {
3162      1,
3163      TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3164      TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3165      TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3166      SSL_kECDHE,
3167      SSL_aRSA,
3168      SSL_ARIA256GCM,
3169      SSL_AEAD,
3170      TLS1_2_VERSION, TLS1_2_VERSION,
3171      DTLS1_2_VERSION, DTLS1_2_VERSION,
3172      SSL_NOT_DEFAULT | SSL_HIGH,
3173      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3174      256,
3175      256,
3176      },
3177     {
3178      1,
3179      TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3180      TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3181      TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3182      SSL_kPSK,
3183      SSL_aPSK,
3184      SSL_ARIA128GCM,
3185      SSL_AEAD,
3186      TLS1_2_VERSION, TLS1_2_VERSION,
3187      DTLS1_2_VERSION, DTLS1_2_VERSION,
3188      SSL_NOT_DEFAULT | SSL_HIGH,
3189      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3190      128,
3191      128,
3192      },
3193     {
3194      1,
3195      TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3196      TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3197      TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3198      SSL_kPSK,
3199      SSL_aPSK,
3200      SSL_ARIA256GCM,
3201      SSL_AEAD,
3202      TLS1_2_VERSION, TLS1_2_VERSION,
3203      DTLS1_2_VERSION, DTLS1_2_VERSION,
3204      SSL_NOT_DEFAULT | SSL_HIGH,
3205      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3206      256,
3207      256,
3208      },
3209     {
3210      1,
3211      TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3212      TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3213      TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3214      SSL_kDHEPSK,
3215      SSL_aPSK,
3216      SSL_ARIA128GCM,
3217      SSL_AEAD,
3218      TLS1_2_VERSION, TLS1_2_VERSION,
3219      DTLS1_2_VERSION, DTLS1_2_VERSION,
3220      SSL_NOT_DEFAULT | SSL_HIGH,
3221      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3222      128,
3223      128,
3224      },
3225     {
3226      1,
3227      TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3228      TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3229      TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3230      SSL_kDHEPSK,
3231      SSL_aPSK,
3232      SSL_ARIA256GCM,
3233      SSL_AEAD,
3234      TLS1_2_VERSION, TLS1_2_VERSION,
3235      DTLS1_2_VERSION, DTLS1_2_VERSION,
3236      SSL_NOT_DEFAULT | SSL_HIGH,
3237      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3238      256,
3239      256,
3240      },
3241     {
3242      1,
3243      TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3244      TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3245      TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3246      SSL_kRSAPSK,
3247      SSL_aRSA,
3248      SSL_ARIA128GCM,
3249      SSL_AEAD,
3250      TLS1_2_VERSION, TLS1_2_VERSION,
3251      DTLS1_2_VERSION, DTLS1_2_VERSION,
3252      SSL_NOT_DEFAULT | SSL_HIGH,
3253      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3254      128,
3255      128,
3256      },
3257     {
3258      1,
3259      TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3260      TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3261      TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3262      SSL_kRSAPSK,
3263      SSL_aRSA,
3264      SSL_ARIA256GCM,
3265      SSL_AEAD,
3266      TLS1_2_VERSION, TLS1_2_VERSION,
3267      DTLS1_2_VERSION, DTLS1_2_VERSION,
3268      SSL_NOT_DEFAULT | SSL_HIGH,
3269      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3270      256,
3271      256,
3272      },
3273 };
3274 
3275 /*
3276  * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3277  * values stuffed into the ciphers field of the wire protocol for signalling
3278  * purposes.
3279  */
3280 static SSL_CIPHER ssl3_scsvs[] = {
3281     {
3282      0,
3283      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3284      "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3285      SSL3_CK_SCSV,
3286      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3287     },
3288     {
3289      0,
3290      "TLS_FALLBACK_SCSV",
3291      "TLS_FALLBACK_SCSV",
3292      SSL3_CK_FALLBACK_SCSV,
3293      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3294     },
3295 };
3296 
cipher_compare(const void * a,const void * b)3297 static int cipher_compare(const void *a, const void *b)
3298 {
3299     const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3300     const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3301 
3302     if (ap->id == bp->id)
3303         return 0;
3304     return ap->id < bp->id ? -1 : 1;
3305 }
3306 
ssl_sort_cipher_list(void)3307 void ssl_sort_cipher_list(void)
3308 {
3309     qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3310           cipher_compare);
3311     qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3312           cipher_compare);
3313     qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3314 }
3315 
sslcon_undefined_function_1(SSL_CONNECTION * sc,unsigned char * r,size_t s,const char * t,size_t u,const unsigned char * v,size_t w,int x)3316 static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3317                                        size_t s, const char *t, size_t u,
3318                                        const unsigned char *v, size_t w, int x)
3319 {
3320     (void)r;
3321     (void)s;
3322     (void)t;
3323     (void)u;
3324     (void)v;
3325     (void)w;
3326     (void)x;
3327     return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3328 }
3329 
3330 const SSL3_ENC_METHOD SSLv3_enc_data = {
3331     ssl3_setup_key_block,
3332     ssl3_generate_master_secret,
3333     ssl3_change_cipher_state,
3334     ssl3_final_finish_mac,
3335     SSL3_MD_CLIENT_FINISHED_CONST, 4,
3336     SSL3_MD_SERVER_FINISHED_CONST, 4,
3337     ssl3_alert_code,
3338     sslcon_undefined_function_1,
3339     0,
3340     ssl3_set_handshake_header,
3341     tls_close_construct_packet,
3342     ssl3_handshake_write
3343 };
3344 
ssl3_default_timeout(void)3345 OSSL_TIME ssl3_default_timeout(void)
3346 {
3347     /*
3348      * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3349      * http, the cache would over fill
3350      */
3351     return ossl_seconds2time(60 * 60 * 2);
3352 }
3353 
ssl3_num_ciphers(void)3354 int ssl3_num_ciphers(void)
3355 {
3356     return SSL3_NUM_CIPHERS;
3357 }
3358 
ssl3_get_cipher(unsigned int u)3359 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3360 {
3361     if (u < SSL3_NUM_CIPHERS)
3362         return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3363     else
3364         return NULL;
3365 }
3366 
ssl3_set_handshake_header(SSL_CONNECTION * s,WPACKET * pkt,int htype)3367 int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3368 {
3369     /* No header in the event of a CCS */
3370     if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3371         return 1;
3372 
3373     /* Set the content type and 3 bytes for the message len */
3374     if (!WPACKET_put_bytes_u8(pkt, htype)
3375             || !WPACKET_start_sub_packet_u24(pkt))
3376         return 0;
3377 
3378     return 1;
3379 }
3380 
ssl3_handshake_write(SSL_CONNECTION * s)3381 int ssl3_handshake_write(SSL_CONNECTION *s)
3382 {
3383     return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3384 }
3385 
ssl3_new(SSL * s)3386 int ssl3_new(SSL *s)
3387 {
3388 #ifndef OPENSSL_NO_SRP
3389     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3390 
3391     if (sc == NULL)
3392         return 0;
3393 
3394     if (!ssl_srp_ctx_init_intern(sc))
3395         return 0;
3396 #endif
3397 
3398     if (!s->method->ssl_clear(s))
3399         return 0;
3400 
3401     return 1;
3402 }
3403 
ssl3_free(SSL * s)3404 void ssl3_free(SSL *s)
3405 {
3406     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3407     size_t i;
3408 
3409     if (sc == NULL)
3410         return;
3411 
3412     ssl3_cleanup_key_block(sc);
3413 
3414     EVP_PKEY_free(sc->s3.peer_tmp);
3415     sc->s3.peer_tmp = NULL;
3416 
3417     for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3418         if (sc->s3.tmp.ks_pkey[i] != NULL) {
3419             if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3420                 sc->s3.tmp.pkey = NULL;
3421 
3422             EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3423             sc->s3.tmp.ks_pkey[i] = NULL;
3424         }
3425     sc->s3.tmp.num_ks_pkey = 0;
3426 
3427     if (sc->s3.tmp.pkey != NULL) {
3428         EVP_PKEY_free(sc->s3.tmp.pkey);
3429         sc->s3.tmp.pkey = NULL;
3430     }
3431 
3432     ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3433     ssl_evp_md_free(sc->s3.tmp.new_hash);
3434 
3435     OPENSSL_free(sc->s3.tmp.ctype);
3436     sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3437     OPENSSL_free(sc->s3.tmp.ciphers_raw);
3438     OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3439     OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3440     OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3441     OPENSSL_free(sc->s3.tmp.valid_flags);
3442     ssl3_free_digest_list(sc);
3443     OPENSSL_free(sc->s3.alpn_selected);
3444     OPENSSL_free(sc->s3.alpn_proposed);
3445     ossl_quic_tls_free(sc->qtls);
3446 
3447 #ifndef OPENSSL_NO_PSK
3448     OPENSSL_free(sc->s3.tmp.psk);
3449 #endif
3450 
3451 #ifndef OPENSSL_NO_SRP
3452     ssl_srp_ctx_free_intern(sc);
3453 #endif
3454     memset(&sc->s3, 0, sizeof(sc->s3));
3455 }
3456 
ssl3_clear(SSL * s)3457 int ssl3_clear(SSL *s)
3458 {
3459     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3460     int flags;
3461     size_t i;
3462 
3463     if (sc == NULL)
3464         return 0;
3465 
3466     ssl3_cleanup_key_block(sc);
3467     OPENSSL_free(sc->s3.tmp.ctype);
3468     sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3469     OPENSSL_free(sc->s3.tmp.ciphers_raw);
3470     OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3471     OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3472     OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3473     OPENSSL_free(sc->s3.tmp.valid_flags);
3474 
3475     EVP_PKEY_free(sc->s3.peer_tmp);
3476 
3477     for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3478         if (sc->s3.tmp.ks_pkey[i] != NULL) {
3479             if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3480                 sc->s3.tmp.pkey = NULL;
3481 
3482             EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3483             sc->s3.tmp.ks_pkey[i] = NULL;
3484         }
3485     sc->s3.tmp.num_ks_pkey = 0;
3486 
3487     if (sc->s3.tmp.pkey != NULL) {
3488         EVP_PKEY_free(sc->s3.tmp.pkey);
3489         sc->s3.tmp.pkey = NULL;
3490     }
3491 
3492     ssl3_free_digest_list(sc);
3493 
3494     OPENSSL_free(sc->s3.alpn_selected);
3495     OPENSSL_free(sc->s3.alpn_proposed);
3496 
3497     /*
3498      * NULL/zero-out everything in the s3 struct, but remember if we are doing
3499      * QUIC.
3500      */
3501     flags = sc->s3.flags & (TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL);
3502     memset(&sc->s3, 0, sizeof(sc->s3));
3503     sc->s3.flags |= flags;
3504 
3505     if (!ssl_free_wbio_buffer(sc))
3506         return 0;
3507 
3508     sc->version = SSL3_VERSION;
3509 
3510 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3511     OPENSSL_free(sc->ext.npn);
3512     sc->ext.npn = NULL;
3513     sc->ext.npn_len = 0;
3514 #endif
3515 
3516     return 1;
3517 }
3518 
3519 #ifndef OPENSSL_NO_SRP
srp_password_from_info_cb(SSL * s,void * arg)3520 static char *srp_password_from_info_cb(SSL *s, void *arg)
3521 {
3522     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3523 
3524     if (sc == NULL)
3525         return NULL;
3526 
3527     return OPENSSL_strdup(sc->srp_ctx.info);
3528 }
3529 #endif
3530 
3531 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3532 
ssl3_ctrl(SSL * s,int cmd,long larg,void * parg)3533 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3534 {
3535     int ret = 0;
3536     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3537 
3538     if (sc == NULL)
3539         return ret;
3540 
3541     switch (cmd) {
3542     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3543         break;
3544     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3545         ret = sc->s3.num_renegotiations;
3546         break;
3547     case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3548         ret = sc->s3.num_renegotiations;
3549         sc->s3.num_renegotiations = 0;
3550         break;
3551     case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3552         ret = sc->s3.total_renegotiations;
3553         break;
3554     case SSL_CTRL_GET_FLAGS:
3555         ret = (int)(sc->s3.flags);
3556         break;
3557 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3558     case SSL_CTRL_SET_TMP_DH:
3559         {
3560             EVP_PKEY *pkdh = NULL;
3561             if (parg == NULL) {
3562                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3563                 return 0;
3564             }
3565             pkdh = ssl_dh_to_pkey(parg);
3566             if (pkdh == NULL) {
3567                 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3568                 return 0;
3569             }
3570             if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3571                 EVP_PKEY_free(pkdh);
3572                 return 0;
3573             }
3574             return 1;
3575         }
3576         break;
3577     case SSL_CTRL_SET_TMP_DH_CB:
3578         {
3579             ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3580             return ret;
3581         }
3582 #endif
3583     case SSL_CTRL_SET_DH_AUTO:
3584         sc->cert->dh_tmp_auto = larg;
3585         return 1;
3586 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3587     case SSL_CTRL_SET_TMP_ECDH:
3588         {
3589             if (parg == NULL) {
3590                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3591                 return 0;
3592             }
3593             return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
3594                                            &sc->ext.supportedgroups_len,
3595                                            &sc->ext.keyshares,
3596                                            &sc->ext.keyshares_len,
3597                                            &sc->ext.tuples,
3598                                            &sc->ext.tuples_len,
3599                                            parg);
3600         }
3601 #endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
3602     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3603         /*
3604          * This API is only used for a client to set what SNI it will request
3605          * from the server, but we currently allow it to be used on servers
3606          * as well, which is a programming error.  Currently we just clear
3607          * the field in SSL_do_handshake() for server SSLs, but when we can
3608          * make ABI-breaking changes, we may want to make use of this API
3609          * an error on server SSLs.
3610          */
3611         if (larg == TLSEXT_NAMETYPE_host_name) {
3612             size_t len;
3613 
3614             OPENSSL_free(sc->ext.hostname);
3615             sc->ext.hostname = NULL;
3616 
3617             ret = 1;
3618             if (parg == NULL)
3619                 break;
3620             len = strlen((char *)parg);
3621             if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3622                 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3623                 return 0;
3624             }
3625             if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3626                 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3627                 return 0;
3628             }
3629         } else {
3630             ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3631             return 0;
3632         }
3633         break;
3634     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3635         sc->ext.debug_arg = parg;
3636         ret = 1;
3637         break;
3638 
3639     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3640         ret = sc->ext.status_type;
3641         break;
3642 
3643     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3644         sc->ext.status_type = larg;
3645         ret = 1;
3646         break;
3647 
3648     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3649         *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
3650         ret = 1;
3651         break;
3652 
3653     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3654         sc->ext.ocsp.exts = parg;
3655         ret = 1;
3656         break;
3657 
3658     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3659         *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
3660         ret = 1;
3661         break;
3662 
3663     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3664         sc->ext.ocsp.ids = parg;
3665         ret = 1;
3666         break;
3667 
3668     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3669         *(unsigned char **)parg = sc->ext.ocsp.resp;
3670         if (sc->ext.ocsp.resp_len == 0
3671                 || sc->ext.ocsp.resp_len > LONG_MAX)
3672             return -1;
3673         return (long)sc->ext.ocsp.resp_len;
3674 
3675     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3676         OPENSSL_free(sc->ext.ocsp.resp);
3677         sc->ext.ocsp.resp = parg;
3678         sc->ext.ocsp.resp_len = larg;
3679         ret = 1;
3680         break;
3681 
3682     case SSL_CTRL_CHAIN:
3683         if (larg)
3684             return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
3685         else
3686             return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
3687 
3688     case SSL_CTRL_CHAIN_CERT:
3689         if (larg)
3690             return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
3691         else
3692             return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
3693 
3694     case SSL_CTRL_GET_CHAIN_CERTS:
3695         *(STACK_OF(X509) **)parg = sc->cert->key->chain;
3696         ret = 1;
3697         break;
3698 
3699     case SSL_CTRL_SELECT_CURRENT_CERT:
3700         return ssl_cert_select_current(sc->cert, (X509 *)parg);
3701 
3702     case SSL_CTRL_SET_CURRENT_CERT:
3703         if (larg == SSL_CERT_SET_SERVER) {
3704             const SSL_CIPHER *cipher;
3705             if (!sc->server)
3706                 return 0;
3707             cipher = sc->s3.tmp.new_cipher;
3708             if (cipher == NULL)
3709                 return 0;
3710             /*
3711              * No certificate for unauthenticated ciphersuites or using SRP
3712              * authentication
3713              */
3714             if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3715                 return 2;
3716             if (sc->s3.tmp.cert == NULL)
3717                 return 0;
3718             sc->cert->key = sc->s3.tmp.cert;
3719             return 1;
3720         }
3721         return ssl_cert_set_current(sc->cert, larg);
3722 
3723     case SSL_CTRL_GET_GROUPS:
3724         {
3725             uint16_t *clist;
3726             size_t clistlen;
3727 
3728             if (!sc->session)
3729                 return 0;
3730             clist = sc->ext.peer_supportedgroups;
3731             clistlen = sc->ext.peer_supportedgroups_len;
3732             if (parg) {
3733                 size_t i;
3734                 int *cptr = parg;
3735 
3736                 for (i = 0; i < clistlen; i++) {
3737                     const TLS_GROUP_INFO *cinf
3738                         = tls1_group_id_lookup(s->ctx, clist[i]);
3739 
3740                     if (cinf != NULL)
3741                         cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3742                     else
3743                         cptr[i] = TLSEXT_nid_unknown | clist[i];
3744                 }
3745             }
3746             return (int)clistlen;
3747         }
3748 
3749     case SSL_CTRL_SET_GROUPS:
3750         return tls1_set_groups(&sc->ext.supportedgroups,
3751                                &sc->ext.supportedgroups_len,
3752                                &sc->ext.keyshares,
3753                                &sc->ext.keyshares_len,
3754                                &sc->ext.tuples,
3755                                &sc->ext.tuples_len,
3756                                parg, larg);
3757 
3758     case SSL_CTRL_SET_GROUPS_LIST:
3759         return tls1_set_groups_list(s->ctx,
3760                                     &sc->ext.supportedgroups,
3761                                     &sc->ext.supportedgroups_len,
3762                                     &sc->ext.keyshares,
3763                                     &sc->ext.keyshares_len,
3764                                     &sc->ext.tuples,
3765                                     &sc->ext.tuples_len,
3766                                     parg);
3767 
3768     case SSL_CTRL_GET_SHARED_GROUP:
3769         {
3770             uint16_t id = tls1_shared_group(sc, larg);
3771 
3772             if (larg != -1)
3773                 return tls1_group_id2nid(id, 1);
3774             return id;
3775         }
3776     case SSL_CTRL_GET_NEGOTIATED_GROUP:
3777         {
3778             unsigned int id;
3779 
3780             if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
3781                 id = sc->s3.group_id;
3782             else
3783                 id = (sc->session != NULL) ? sc->session->kex_group : NID_undef;
3784             ret = tls1_group_id2nid(id, 1);
3785             break;
3786         }
3787     case SSL_CTRL_SET_SIGALGS:
3788         return tls1_set_sigalgs(sc->cert, parg, larg, 0);
3789 
3790     case SSL_CTRL_SET_SIGALGS_LIST:
3791         return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
3792 
3793     case SSL_CTRL_SET_CLIENT_SIGALGS:
3794         return tls1_set_sigalgs(sc->cert, parg, larg, 1);
3795 
3796     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3797         return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
3798 
3799     case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3800         {
3801             const unsigned char **pctype = parg;
3802             if (sc->server || !sc->s3.tmp.cert_req)
3803                 return 0;
3804             if (pctype)
3805                 *pctype = sc->s3.tmp.ctype;
3806             return sc->s3.tmp.ctype_len;
3807         }
3808 
3809     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3810         if (!sc->server)
3811             return 0;
3812         return ssl3_set_req_cert_type(sc->cert, parg, larg);
3813 
3814     case SSL_CTRL_BUILD_CERT_CHAIN:
3815         return ssl_build_cert_chain(sc, NULL, larg);
3816 
3817     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3818         return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
3819 
3820     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3821         return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
3822 
3823     case SSL_CTRL_GET_VERIFY_CERT_STORE:
3824         return ssl_cert_get_cert_store(sc->cert, parg, 0);
3825 
3826     case SSL_CTRL_GET_CHAIN_CERT_STORE:
3827         return ssl_cert_get_cert_store(sc->cert, parg, 1);
3828 
3829     case SSL_CTRL_GET_PEER_SIGNATURE_NAME:
3830         if (parg == NULL || sc->s3.tmp.peer_sigalg == NULL)
3831             return 0;
3832         *(const char **)parg = sc->s3.tmp.peer_sigalg->name;
3833         return 1;
3834 
3835     case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3836         if (sc->s3.tmp.peer_sigalg == NULL)
3837             return 0;
3838         *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
3839         return 1;
3840 
3841     case SSL_CTRL_GET_SIGNATURE_NAME:
3842         if (parg == NULL || sc->s3.tmp.sigalg == NULL)
3843             return 0;
3844         *(const char **)parg = sc->s3.tmp.sigalg->name;
3845         return 1;
3846 
3847     case SSL_CTRL_GET_SIGNATURE_NID:
3848         if (sc->s3.tmp.sigalg == NULL)
3849             return 0;
3850         *(int *)parg = sc->s3.tmp.sigalg->hash;
3851         return 1;
3852 
3853     case SSL_CTRL_GET_PEER_TMP_KEY:
3854         if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
3855             return 0;
3856         } else {
3857             if (!EVP_PKEY_up_ref(sc->s3.peer_tmp))
3858                 return 0;
3859 
3860             *(EVP_PKEY **)parg = sc->s3.peer_tmp;
3861             return 1;
3862         }
3863 
3864     case SSL_CTRL_GET_TMP_KEY:
3865         if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
3866             return 0;
3867         } else {
3868             if (!EVP_PKEY_up_ref(sc->s3.tmp.pkey))
3869                 return 0;
3870 
3871             *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
3872             return 1;
3873         }
3874 
3875     case SSL_CTRL_GET_EC_POINT_FORMATS:
3876         {
3877             const unsigned char **pformat = parg;
3878 
3879             if (sc->ext.peer_ecpointformats == NULL)
3880                 return 0;
3881             *pformat = sc->ext.peer_ecpointformats;
3882             return (int)sc->ext.peer_ecpointformats_len;
3883         }
3884 
3885     case SSL_CTRL_GET_IANA_GROUPS:
3886         {
3887             if (parg != NULL) {
3888                 *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
3889             }
3890             return (int)sc->ext.peer_supportedgroups_len;
3891         }
3892 
3893     case SSL_CTRL_SET_MSG_CALLBACK_ARG:
3894         sc->msg_callback_arg = parg;
3895         return 1;
3896 
3897     default:
3898         break;
3899     }
3900     return ret;
3901 }
3902 
ssl3_callback_ctrl(SSL * s,int cmd,void (* fp)(void))3903 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3904 {
3905     int ret = 0;
3906     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3907 
3908     if (sc == NULL)
3909         return ret;
3910 
3911     switch (cmd) {
3912 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3913     case SSL_CTRL_SET_TMP_DH_CB:
3914         sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3915         ret = 1;
3916         break;
3917 #endif
3918     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3919         sc->ext.debug_cb = (void (*)(SSL *, int, int,
3920                                      const unsigned char *, int, void *))fp;
3921         ret = 1;
3922         break;
3923 
3924     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3925         sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3926         ret = 1;
3927         break;
3928 
3929     case SSL_CTRL_SET_MSG_CALLBACK:
3930         sc->msg_callback = (ossl_msg_cb)fp;
3931         return 1;
3932     default:
3933         break;
3934     }
3935     return ret;
3936 }
3937 
ssl3_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3938 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3939 {
3940     switch (cmd) {
3941 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3942     case SSL_CTRL_SET_TMP_DH:
3943         {
3944             EVP_PKEY *pkdh = NULL;
3945             if (parg == NULL) {
3946                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3947                 return 0;
3948             }
3949             pkdh = ssl_dh_to_pkey(parg);
3950             if (pkdh == NULL) {
3951                 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3952                 return 0;
3953             }
3954             if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
3955                 EVP_PKEY_free(pkdh);
3956                 return 0;
3957             }
3958             return 1;
3959         }
3960     case SSL_CTRL_SET_TMP_DH_CB:
3961         {
3962             ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3963             return 0;
3964         }
3965 #endif
3966     case SSL_CTRL_SET_DH_AUTO:
3967         ctx->cert->dh_tmp_auto = larg;
3968         return 1;
3969 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3970     case SSL_CTRL_SET_TMP_ECDH:
3971         {
3972             if (parg == NULL) {
3973                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3974                 return 0;
3975             }
3976             return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3977                                            &ctx->ext.supportedgroups_len,
3978                                            &ctx->ext.keyshares,
3979                                            &ctx->ext.keyshares_len,
3980                                            &ctx->ext.tuples,
3981                                            &ctx->ext.tuples_len,
3982                                            parg);
3983         }
3984 #endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
3985     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3986         ctx->ext.servername_arg = parg;
3987         break;
3988     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3989     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3990         {
3991             unsigned char *keys = parg;
3992             long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3993                                 sizeof(ctx->ext.secure->tick_hmac_key) +
3994                                 sizeof(ctx->ext.secure->tick_aes_key));
3995             if (keys == NULL)
3996                 return tick_keylen;
3997             if (larg != tick_keylen) {
3998                 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3999                 return 0;
4000             }
4001             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
4002                 memcpy(ctx->ext.tick_key_name, keys,
4003                        sizeof(ctx->ext.tick_key_name));
4004                 memcpy(ctx->ext.secure->tick_hmac_key,
4005                        keys + sizeof(ctx->ext.tick_key_name),
4006                        sizeof(ctx->ext.secure->tick_hmac_key));
4007                 memcpy(ctx->ext.secure->tick_aes_key,
4008                        keys + sizeof(ctx->ext.tick_key_name) +
4009                        sizeof(ctx->ext.secure->tick_hmac_key),
4010                        sizeof(ctx->ext.secure->tick_aes_key));
4011             } else {
4012                 memcpy(keys, ctx->ext.tick_key_name,
4013                        sizeof(ctx->ext.tick_key_name));
4014                 memcpy(keys + sizeof(ctx->ext.tick_key_name),
4015                        ctx->ext.secure->tick_hmac_key,
4016                        sizeof(ctx->ext.secure->tick_hmac_key));
4017                 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
4018                        sizeof(ctx->ext.secure->tick_hmac_key),
4019                        ctx->ext.secure->tick_aes_key,
4020                        sizeof(ctx->ext.secure->tick_aes_key));
4021             }
4022             return 1;
4023         }
4024 
4025     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
4026         return ctx->ext.status_type;
4027 
4028     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
4029         ctx->ext.status_type = larg;
4030         break;
4031 
4032     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
4033         ctx->ext.status_arg = parg;
4034         return 1;
4035 
4036     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
4037         *(void**)parg = ctx->ext.status_arg;
4038         break;
4039 
4040     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
4041         *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
4042         break;
4043 
4044 #ifndef OPENSSL_NO_SRP
4045     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
4046         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4047         OPENSSL_free(ctx->srp_ctx.login);
4048         ctx->srp_ctx.login = NULL;
4049         if (parg == NULL)
4050             break;
4051         if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
4052             ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
4053             return 0;
4054         }
4055         if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
4056             ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4057             return 0;
4058         }
4059         break;
4060     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
4061         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4062             srp_password_from_info_cb;
4063         if (ctx->srp_ctx.info != NULL)
4064             OPENSSL_free(ctx->srp_ctx.info);
4065         if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
4066             ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4067             return 0;
4068         }
4069         break;
4070     case SSL_CTRL_SET_SRP_ARG:
4071         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4072         ctx->srp_ctx.SRP_cb_arg = parg;
4073         break;
4074 
4075     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4076         ctx->srp_ctx.strength = larg;
4077         break;
4078 #endif
4079 
4080     case SSL_CTRL_SET_GROUPS:
4081         return tls1_set_groups(&ctx->ext.supportedgroups,
4082                                &ctx->ext.supportedgroups_len,
4083                                &ctx->ext.keyshares,
4084                                &ctx->ext.keyshares_len,
4085                                &ctx->ext.tuples,
4086                                &ctx->ext.tuples_len,
4087                                parg, larg);
4088 
4089     case SSL_CTRL_SET_GROUPS_LIST:
4090         return tls1_set_groups_list(ctx,
4091                                     &ctx->ext.supportedgroups,
4092                                     &ctx->ext.supportedgroups_len,
4093                                     &ctx->ext.keyshares,
4094                                     &ctx->ext.keyshares_len,
4095                                     &ctx->ext.tuples,
4096                                     &ctx->ext.tuples_len,
4097                                     parg);
4098 
4099     case SSL_CTRL_GET0_IMPLEMENTED_GROUPS:
4100         return tls1_get0_implemented_groups(ctx->min_proto_version,
4101                                             ctx->max_proto_version,
4102                                             ctx->group_list,
4103                                             ctx->group_list_len, larg, parg);
4104 
4105     case SSL_CTRL_SET_SIGALGS:
4106         return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4107 
4108     case SSL_CTRL_SET_SIGALGS_LIST:
4109         return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4110 
4111     case SSL_CTRL_SET_CLIENT_SIGALGS:
4112         return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4113 
4114     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4115         return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4116 
4117     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4118         return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4119 
4120     case SSL_CTRL_BUILD_CERT_CHAIN:
4121         return ssl_build_cert_chain(NULL, ctx, larg);
4122 
4123     case SSL_CTRL_SET_VERIFY_CERT_STORE:
4124         return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4125 
4126     case SSL_CTRL_SET_CHAIN_CERT_STORE:
4127         return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4128 
4129     case SSL_CTRL_GET_VERIFY_CERT_STORE:
4130         return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4131 
4132     case SSL_CTRL_GET_CHAIN_CERT_STORE:
4133         return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4134 
4135         /* A Thawte special :-) */
4136     case SSL_CTRL_EXTRA_CHAIN_CERT:
4137         if (ctx->extra_certs == NULL) {
4138             if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4139                 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4140                 return 0;
4141             }
4142         }
4143         if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4144             ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4145             return 0;
4146         }
4147         break;
4148 
4149     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4150         if (ctx->extra_certs == NULL && larg == 0)
4151             *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4152         else
4153             *(STACK_OF(X509) **)parg = ctx->extra_certs;
4154         break;
4155 
4156     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4157         OSSL_STACK_OF_X509_free(ctx->extra_certs);
4158         ctx->extra_certs = NULL;
4159         break;
4160 
4161     case SSL_CTRL_CHAIN:
4162         if (larg)
4163             return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4164         else
4165             return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4166 
4167     case SSL_CTRL_CHAIN_CERT:
4168         if (larg)
4169             return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4170         else
4171             return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4172 
4173     case SSL_CTRL_GET_CHAIN_CERTS:
4174         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4175         break;
4176 
4177     case SSL_CTRL_SELECT_CURRENT_CERT:
4178         return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4179 
4180     case SSL_CTRL_SET_CURRENT_CERT:
4181         return ssl_cert_set_current(ctx->cert, larg);
4182 
4183     default:
4184         return 0;
4185     }
4186     return 1;
4187 }
4188 
ssl3_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))4189 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4190 {
4191     switch (cmd) {
4192 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4193     case SSL_CTRL_SET_TMP_DH_CB:
4194         {
4195             ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4196         }
4197         break;
4198 #endif
4199     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4200         ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4201         break;
4202 
4203     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4204         ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4205         break;
4206 
4207 # ifndef OPENSSL_NO_DEPRECATED_3_0
4208     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4209         ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4210                                           unsigned char *,
4211                                           EVP_CIPHER_CTX *,
4212                                           HMAC_CTX *, int))fp;
4213         break;
4214 #endif
4215 
4216 #ifndef OPENSSL_NO_SRP
4217     case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4218         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4219         ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4220         break;
4221     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4222         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4223         ctx->srp_ctx.TLS_ext_srp_username_callback =
4224             (int (*)(SSL *, int *, void *))fp;
4225         break;
4226     case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4227         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4228         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4229             (char *(*)(SSL *, void *))fp;
4230         break;
4231 #endif
4232     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4233         {
4234             ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4235         }
4236         break;
4237     default:
4238         return 0;
4239     }
4240     return 1;
4241 }
4242 
SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX * ctx,int (* fp)(SSL *,unsigned char *,unsigned char *,EVP_CIPHER_CTX *,EVP_MAC_CTX *,int))4243 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4244     (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4245                              EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4246 {
4247     ctx->ext.ticket_key_evp_cb = fp;
4248     return 1;
4249 }
4250 
ssl3_get_cipher_by_id(uint32_t id)4251 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4252 {
4253     SSL_CIPHER c;
4254     const SSL_CIPHER *cp;
4255 
4256     c.id = id;
4257     cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4258     if (cp != NULL)
4259         return cp;
4260     cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4261     if (cp != NULL)
4262         return cp;
4263     return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4264 }
4265 
ssl3_get_cipher_by_std_name(const char * stdname)4266 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4267 {
4268     SSL_CIPHER *tbl;
4269     SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4270     size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4271                               SSL3_NUM_SCSVS};
4272 
4273     /* this is not efficient, necessary to optimize this? */
4274     for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4275         for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4276             if (tbl->stdname == NULL)
4277                 continue;
4278             if (strcmp(stdname, tbl->stdname) == 0) {
4279                 return tbl;
4280             }
4281         }
4282     }
4283     return NULL;
4284 }
4285 
4286 /*
4287  * This function needs to check if the ciphers required are actually
4288  * available
4289  */
ssl3_get_cipher_by_char(const unsigned char * p)4290 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4291 {
4292     return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4293                                  | ((uint32_t)p[0] << 8L)
4294                                  | (uint32_t)p[1]);
4295 }
4296 
ssl3_put_cipher_by_char(const SSL_CIPHER * c,WPACKET * pkt,size_t * len)4297 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4298 {
4299     if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4300         *len = 0;
4301         return 1;
4302     }
4303 
4304     if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4305         return 0;
4306 
4307     *len = 2;
4308     return 1;
4309 }
4310 
4311 /*
4312  * ssl3_choose_cipher - choose a cipher from those offered by the client
4313  * @s: SSL connection
4314  * @clnt: ciphers offered by the client
4315  * @srvr: ciphers enabled on the server?
4316  *
4317  * Returns the selected cipher or NULL when no common ciphers.
4318  */
ssl3_choose_cipher(SSL_CONNECTION * s,STACK_OF (SSL_CIPHER)* clnt,STACK_OF (SSL_CIPHER)* srvr)4319 const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4320                                      STACK_OF(SSL_CIPHER) *srvr)
4321 {
4322     const SSL_CIPHER *c, *ret = NULL;
4323     STACK_OF(SSL_CIPHER) *prio, *allow;
4324     int i, ii, ok, prefer_sha256 = 0;
4325     unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4326     STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4327 
4328     /* Let's see which ciphers we can support */
4329 
4330     /*
4331      * Do not set the compare functions, because this may lead to a
4332      * reordering by "id". We want to keep the original ordering. We may pay
4333      * a price in performance during sk_SSL_CIPHER_find(), but would have to
4334      * pay with the price of sk_SSL_CIPHER_dup().
4335      */
4336 
4337     OSSL_TRACE_BEGIN(TLS_CIPHER) {
4338         BIO_printf(trc_out, "Server has %d from %p:\n",
4339                    sk_SSL_CIPHER_num(srvr), (void *)srvr);
4340         for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4341             c = sk_SSL_CIPHER_value(srvr, i);
4342             BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4343         }
4344         BIO_printf(trc_out, "Client sent %d from %p:\n",
4345                    sk_SSL_CIPHER_num(clnt), (void *)clnt);
4346         for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4347             c = sk_SSL_CIPHER_value(clnt, i);
4348             BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4349         }
4350     } OSSL_TRACE_END(TLS_CIPHER);
4351 
4352     /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4353     if (tls1_suiteb(s)) {
4354         prio = srvr;
4355         allow = clnt;
4356     } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4357         prio = srvr;
4358         allow = clnt;
4359 
4360         /* If ChaCha20 is at the top of the client preference list,
4361            and there are ChaCha20 ciphers in the server list, then
4362            temporarily prioritize all ChaCha20 ciphers in the servers list. */
4363         if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4364             c = sk_SSL_CIPHER_value(clnt, 0);
4365             if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4366                 /* ChaCha20 is client preferred, check server... */
4367                 int num = sk_SSL_CIPHER_num(srvr);
4368                 int found = 0;
4369                 for (i = 0; i < num; i++) {
4370                     c = sk_SSL_CIPHER_value(srvr, i);
4371                     if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4372                         found = 1;
4373                         break;
4374                     }
4375                 }
4376                 if (found) {
4377                     prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4378                     /* if reserve fails, then there's likely a memory issue */
4379                     if (prio_chacha != NULL) {
4380                         /* Put all ChaCha20 at the top, starting with the one we just found */
4381                         sk_SSL_CIPHER_push(prio_chacha, c);
4382                         for (i++; i < num; i++) {
4383                             c = sk_SSL_CIPHER_value(srvr, i);
4384                             if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4385                                 sk_SSL_CIPHER_push(prio_chacha, c);
4386                         }
4387                         /* Pull in the rest */
4388                         for (i = 0; i < num; i++) {
4389                             c = sk_SSL_CIPHER_value(srvr, i);
4390                             if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4391                                 sk_SSL_CIPHER_push(prio_chacha, c);
4392                         }
4393                         prio = prio_chacha;
4394                     }
4395                 }
4396             }
4397         }
4398     } else {
4399         prio = clnt;
4400         allow = srvr;
4401     }
4402 
4403     if (SSL_CONNECTION_IS_TLS13(s)) {
4404 #ifndef OPENSSL_NO_PSK
4405         size_t j;
4406 
4407         /*
4408          * If we allow "old" style PSK callbacks, and we have no certificate (so
4409          * we're not going to succeed without a PSK anyway), and we're in
4410          * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4411          * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4412          * that.
4413          */
4414         if (s->psk_server_callback != NULL) {
4415             for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, j); j++);
4416             if (j == s->ssl_pkey_num) {
4417                 /* There are no certificates */
4418                 prefer_sha256 = 1;
4419             }
4420         }
4421 #endif
4422     } else {
4423         tls1_set_cert_validity(s);
4424         ssl_set_masks(s);
4425     }
4426 
4427     for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4428         int minversion, maxversion;
4429 
4430         c = sk_SSL_CIPHER_value(prio, i);
4431         minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4432         maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4433 
4434         /* Skip ciphers not supported by the protocol version */
4435         if (ssl_version_cmp(s, s->version, minversion) < 0
4436             || ssl_version_cmp(s, s->version, maxversion) > 0)
4437             continue;
4438 
4439         /*
4440          * Since TLS 1.3 ciphersuites can be used with any auth or
4441          * key exchange scheme skip tests.
4442          */
4443         if (!SSL_CONNECTION_IS_TLS13(s)) {
4444             mask_k = s->s3.tmp.mask_k;
4445             mask_a = s->s3.tmp.mask_a;
4446 #ifndef OPENSSL_NO_SRP
4447             if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4448                 mask_k |= SSL_kSRP;
4449                 mask_a |= SSL_aSRP;
4450             }
4451 #endif
4452 
4453             alg_k = c->algorithm_mkey;
4454             alg_a = c->algorithm_auth;
4455 
4456 #ifndef OPENSSL_NO_PSK
4457             /* with PSK there must be server callback set */
4458             if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4459                 continue;
4460 #endif                          /* OPENSSL_NO_PSK */
4461 
4462             ok = (alg_k & mask_k) && (alg_a & mask_a);
4463             OSSL_TRACE7(TLS_CIPHER,
4464                         "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4465                         ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4466 
4467             /*
4468              * if we are considering an ECC cipher suite that uses an ephemeral
4469              * EC key check it
4470              */
4471             if (alg_k & SSL_kECDHE)
4472                 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4473 
4474             if (!ok)
4475                 continue;
4476         }
4477         ii = sk_SSL_CIPHER_find(allow, c);
4478         if (ii >= 0) {
4479             /* Check security callback permits this cipher */
4480             if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4481                               c->strength_bits, 0, (void *)c))
4482                 continue;
4483 
4484             if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4485                 && s->s3.is_probably_safari) {
4486                 if (!ret)
4487                     ret = sk_SSL_CIPHER_value(allow, ii);
4488                 continue;
4489             }
4490 
4491             if (prefer_sha256) {
4492                 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4493                 const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4494                                           tmp->algorithm2);
4495 
4496                 if (md != NULL
4497                         && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4498                     ret = tmp;
4499                     break;
4500                 }
4501                 if (ret == NULL)
4502                     ret = tmp;
4503                 continue;
4504             }
4505             ret = sk_SSL_CIPHER_value(allow, ii);
4506             break;
4507         }
4508     }
4509 
4510     sk_SSL_CIPHER_free(prio_chacha);
4511 
4512     return ret;
4513 }
4514 
ssl3_get_req_cert_type(SSL_CONNECTION * s,WPACKET * pkt)4515 int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4516 {
4517     uint32_t alg_k, alg_a = 0;
4518 
4519     /* If we have custom certificate types set, use them */
4520     if (s->cert->ctype)
4521         return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4522     /* Get mask of algorithms disabled by signature list */
4523     ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4524 
4525     alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4526 
4527 #ifndef OPENSSL_NO_GOST
4528     if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4529         if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4530             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4531             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4532             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4533             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4534             return 0;
4535 
4536     if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4537         if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4538             || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4539             return 0;
4540 #endif
4541 
4542     if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4543         if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4544             return 0;
4545         if (!(alg_a & SSL_aDSS)
4546                 && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4547             return 0;
4548     }
4549     if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4550         return 0;
4551     if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4552         return 0;
4553 
4554     /*
4555      * ECDSA certs can be used with RSA cipher suites too so we don't
4556      * need to check for SSL_kECDH or SSL_kECDHE
4557      */
4558     if (s->version >= TLS1_VERSION
4559             && !(alg_a & SSL_aECDSA)
4560             && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4561         return 0;
4562 
4563     return 1;
4564 }
4565 
ssl3_set_req_cert_type(CERT * c,const unsigned char * p,size_t len)4566 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4567 {
4568     OPENSSL_free(c->ctype);
4569     c->ctype = NULL;
4570     c->ctype_len = 0;
4571     if (p == NULL || len == 0)
4572         return 1;
4573     if (len > 0xff)
4574         return 0;
4575     c->ctype = OPENSSL_memdup(p, len);
4576     if (c->ctype == NULL)
4577         return 0;
4578     c->ctype_len = len;
4579     return 1;
4580 }
4581 
ssl3_shutdown(SSL * s)4582 int ssl3_shutdown(SSL *s)
4583 {
4584     int ret;
4585     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4586 
4587     if (sc == NULL)
4588         return 0;
4589 
4590     /*
4591      * Don't do anything much if we have not done the handshake or we don't
4592      * want to send messages :-)
4593      */
4594     if (sc->quiet_shutdown || SSL_in_before(s)) {
4595         sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4596         return 1;
4597     }
4598 
4599     if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4600         sc->shutdown |= SSL_SENT_SHUTDOWN;
4601         ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4602         /*
4603          * our shutdown alert has been sent now, and if it still needs to be
4604          * written, s->s3.alert_dispatch will be > 0
4605          */
4606         if (sc->s3.alert_dispatch > 0)
4607             return -1;        /* return WANT_WRITE */
4608     } else if (sc->s3.alert_dispatch > 0) {
4609         /* resend it if not sent */
4610         ret = s->method->ssl_dispatch_alert(s);
4611         if (ret == -1) {
4612             /*
4613              * we only get to return -1 here the 2nd/Nth invocation, we must
4614              * have already signalled return 0 upon a previous invocation,
4615              * return WANT_WRITE
4616              */
4617             return ret;
4618         }
4619     } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4620         size_t readbytes;
4621         /*
4622          * If we are waiting for a close from our peer, we are closed
4623          */
4624         s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4625         if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4626             return -1;        /* return WANT_READ */
4627         }
4628     }
4629 
4630     if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
4631             && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
4632         return 1;
4633     else
4634         return 0;
4635 }
4636 
ssl3_write(SSL * s,const void * buf,size_t len,size_t * written)4637 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4638 {
4639     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4640 
4641     if (sc == NULL)
4642         return 0;
4643 
4644     clear_sys_error();
4645     if (sc->s3.renegotiate)
4646         ssl3_renegotiate_check(s, 0);
4647 
4648     return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4649                                       written);
4650 }
4651 
ssl3_read_internal(SSL * s,void * buf,size_t len,int peek,size_t * readbytes)4652 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4653                               size_t *readbytes)
4654 {
4655     int ret;
4656     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4657 
4658     if (sc == NULL)
4659         return 0;
4660 
4661     clear_sys_error();
4662     if (sc->s3.renegotiate)
4663         ssl3_renegotiate_check(s, 0);
4664     sc->s3.in_read_app_data = 1;
4665     ret =
4666         s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4667                                   peek, readbytes);
4668     if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
4669         /*
4670          * ssl3_read_bytes decided to call s->handshake_func, which called
4671          * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4672          * actually found application data and thinks that application data
4673          * makes sense here; so disable handshake processing and try to read
4674          * application data again.
4675          */
4676         ossl_statem_set_in_handshake(sc, 1);
4677         ret =
4678             s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4679                                       len, peek, readbytes);
4680         ossl_statem_set_in_handshake(sc, 0);
4681     } else
4682         sc->s3.in_read_app_data = 0;
4683 
4684     return ret;
4685 }
4686 
ssl3_read(SSL * s,void * buf,size_t len,size_t * readbytes)4687 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4688 {
4689     return ssl3_read_internal(s, buf, len, 0, readbytes);
4690 }
4691 
ssl3_peek(SSL * s,void * buf,size_t len,size_t * readbytes)4692 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4693 {
4694     return ssl3_read_internal(s, buf, len, 1, readbytes);
4695 }
4696 
ssl3_renegotiate(SSL * s)4697 int ssl3_renegotiate(SSL *s)
4698 {
4699     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4700 
4701     if (sc == NULL)
4702         return 0;
4703 
4704     if (sc->handshake_func == NULL)
4705         return 1;
4706 
4707     sc->s3.renegotiate = 1;
4708     return 1;
4709 }
4710 
4711 /*
4712  * Check if we are waiting to do a renegotiation and if so whether now is a
4713  * good time to do it. If |initok| is true then we are being called from inside
4714  * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4715  * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4716  * should do a renegotiation now and sets up the state machine for it. Otherwise
4717  * returns 0.
4718  */
ssl3_renegotiate_check(SSL * s,int initok)4719 int ssl3_renegotiate_check(SSL *s, int initok)
4720 {
4721     int ret = 0;
4722     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4723 
4724     if (sc == NULL)
4725         return 0;
4726 
4727     if (sc->s3.renegotiate) {
4728         if (!RECORD_LAYER_read_pending(&sc->rlayer)
4729             && !RECORD_LAYER_write_pending(&sc->rlayer)
4730             && (initok || !SSL_in_init(s))) {
4731             /*
4732              * if we are the server, and we have sent a 'RENEGOTIATE'
4733              * message, we need to set the state machine into the renegotiate
4734              * state.
4735              */
4736             ossl_statem_set_renegotiate(sc);
4737             sc->s3.renegotiate = 0;
4738             sc->s3.num_renegotiations++;
4739             sc->s3.total_renegotiations++;
4740             ret = 1;
4741         }
4742     }
4743     return ret;
4744 }
4745 
4746 /*
4747  * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4748  * handshake macs if required.
4749  *
4750  * If PSK and using SHA384 for TLS < 1.2 switch to default.
4751  */
ssl_get_algorithm2(SSL_CONNECTION * s)4752 long ssl_get_algorithm2(SSL_CONNECTION *s)
4753 {
4754     long alg2;
4755     SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4756 
4757     if (s->s3.tmp.new_cipher == NULL)
4758         return -1;
4759     alg2 = s->s3.tmp.new_cipher->algorithm2;
4760     if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4761         if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4762             return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4763     } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4764         if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4765             return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4766     }
4767     return alg2;
4768 }
4769 
4770 /*
4771  * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4772  * failure, 1 on success.
4773  */
ssl_fill_hello_random(SSL_CONNECTION * s,int server,unsigned char * result,size_t len,DOWNGRADE dgrd)4774 int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
4775                           unsigned char *result, size_t len,
4776                           DOWNGRADE dgrd)
4777 {
4778     int send_time = 0, ret;
4779 
4780     if (len < 4)
4781         return 0;
4782     if (server)
4783         send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4784     else
4785         send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4786     if (send_time) {
4787         unsigned long Time = (unsigned long)time(NULL);
4788         unsigned char *p = result;
4789 
4790         l2n(Time, p);
4791         ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
4792     } else {
4793         ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
4794     }
4795 
4796     if (ret > 0) {
4797         if (!ossl_assert(sizeof(tls11downgrade) < len)
4798                 || !ossl_assert(sizeof(tls12downgrade) < len))
4799              return 0;
4800         if (dgrd == DOWNGRADE_TO_1_2)
4801             memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4802                    sizeof(tls12downgrade));
4803         else if (dgrd == DOWNGRADE_TO_1_1)
4804             memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4805                    sizeof(tls11downgrade));
4806     }
4807 
4808     return ret;
4809 }
4810 
ssl_generate_master_secret(SSL_CONNECTION * s,unsigned char * pms,size_t pmslen,int free_pms)4811 int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
4812                                size_t pmslen, int free_pms)
4813 {
4814     unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4815     int ret = 0;
4816     SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4817 
4818     if (alg_k & SSL_PSK) {
4819 #ifndef OPENSSL_NO_PSK
4820         unsigned char *pskpms, *t;
4821         size_t psklen = s->s3.tmp.psklen;
4822         size_t pskpmslen;
4823 
4824         /* create PSK premaster_secret */
4825 
4826         /* For plain PSK "other_secret" is psklen zeroes */
4827         if (alg_k & SSL_kPSK)
4828             pmslen = psklen;
4829 
4830         pskpmslen = 4 + pmslen + psklen;
4831         pskpms = OPENSSL_malloc(pskpmslen);
4832         if (pskpms == NULL)
4833             goto err;
4834         t = pskpms;
4835         s2n(pmslen, t);
4836         if (alg_k & SSL_kPSK)
4837             memset(t, 0, pmslen);
4838         else
4839             memcpy(t, pms, pmslen);
4840         t += pmslen;
4841         s2n(psklen, t);
4842         memcpy(t, s->s3.tmp.psk, psklen);
4843 
4844         OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4845         s->s3.tmp.psk = NULL;
4846         s->s3.tmp.psklen = 0;
4847         if (!ssl->method->ssl3_enc->generate_master_secret(s,
4848                     s->session->master_key, pskpms, pskpmslen,
4849                     &s->session->master_key_length)) {
4850             OPENSSL_clear_free(pskpms, pskpmslen);
4851             /* SSLfatal() already called */
4852             goto err;
4853         }
4854         OPENSSL_clear_free(pskpms, pskpmslen);
4855 #else
4856         /* Should never happen */
4857         goto err;
4858 #endif
4859     } else {
4860         if (!ssl->method->ssl3_enc->generate_master_secret(s,
4861                 s->session->master_key, pms, pmslen,
4862                 &s->session->master_key_length)) {
4863             /* SSLfatal() already called */
4864             goto err;
4865         }
4866     }
4867 
4868     ret = 1;
4869  err:
4870     if (pms) {
4871         if (free_pms)
4872             OPENSSL_clear_free(pms, pmslen);
4873         else
4874             OPENSSL_cleanse(pms, pmslen);
4875     }
4876     if (s->server == 0) {
4877         s->s3.tmp.pms = NULL;
4878         s->s3.tmp.pmslen = 0;
4879     }
4880     return ret;
4881 }
4882 
4883 /* Generate a private key from parameters */
ssl_generate_pkey(SSL_CONNECTION * s,EVP_PKEY * pm)4884 EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
4885 {
4886     EVP_PKEY_CTX *pctx = NULL;
4887     EVP_PKEY *pkey = NULL;
4888     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4889 
4890     if (pm == NULL)
4891         return NULL;
4892     pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
4893     if (pctx == NULL)
4894         goto err;
4895     if (EVP_PKEY_keygen_init(pctx) <= 0)
4896         goto err;
4897     if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4898         EVP_PKEY_free(pkey);
4899         pkey = NULL;
4900     }
4901 
4902     err:
4903     EVP_PKEY_CTX_free(pctx);
4904     return pkey;
4905 }
4906 
4907 /* Generate a private key from a group ID */
ssl_generate_pkey_group(SSL_CONNECTION * s,uint16_t id)4908 EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
4909 {
4910     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4911     const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4912     EVP_PKEY_CTX *pctx = NULL;
4913     EVP_PKEY *pkey = NULL;
4914 
4915     if (ginf == NULL) {
4916         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4917         goto err;
4918     }
4919 
4920     pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4921                                       sctx->propq);
4922 
4923     if (pctx == NULL) {
4924         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4925         goto err;
4926     }
4927     if (EVP_PKEY_keygen_init(pctx) <= 0) {
4928         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4929         goto err;
4930     }
4931     if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4932         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4933         goto err;
4934     }
4935     if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4936         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4937         EVP_PKEY_free(pkey);
4938         pkey = NULL;
4939     }
4940 
4941  err:
4942     EVP_PKEY_CTX_free(pctx);
4943     return pkey;
4944 }
4945 
4946 /*
4947  * Generate parameters from a group ID
4948  */
ssl_generate_param_group(SSL_CONNECTION * s,uint16_t id)4949 EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
4950 {
4951     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4952     EVP_PKEY_CTX *pctx = NULL;
4953     EVP_PKEY *pkey = NULL;
4954     const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4955 
4956     if (ginf == NULL)
4957         goto err;
4958 
4959     pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4960                                       sctx->propq);
4961 
4962     if (pctx == NULL)
4963         goto err;
4964     if (EVP_PKEY_paramgen_init(pctx) <= 0)
4965         goto err;
4966     if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4967         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4968         goto err;
4969     }
4970     if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4971         EVP_PKEY_free(pkey);
4972         pkey = NULL;
4973     }
4974 
4975  err:
4976     EVP_PKEY_CTX_free(pctx);
4977     return pkey;
4978 }
4979 
4980 /* Generate secrets from pms */
ssl_gensecret(SSL_CONNECTION * s,unsigned char * pms,size_t pmslen)4981 int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
4982 {
4983     int rv = 0;
4984 
4985     /* SSLfatal() called as appropriate in the below functions */
4986     if (SSL_CONNECTION_IS_TLS13(s)) {
4987         /*
4988          * If we are resuming then we already generated the early secret
4989          * when we created the ClientHello, so don't recreate it.
4990          */
4991         if (!s->hit)
4992             rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4993                     0,
4994                     (unsigned char *)&s->early_secret);
4995         else
4996             rv = 1;
4997 
4998         rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4999     } else {
5000         rv = ssl_generate_master_secret(s, pms, pmslen, 0);
5001     }
5002 
5003     return rv;
5004 }
5005 
5006 /* Derive secrets for ECDH/DH */
ssl_derive(SSL_CONNECTION * s,EVP_PKEY * privkey,EVP_PKEY * pubkey,int gensecret)5007 int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
5008 {
5009     int rv = 0;
5010     unsigned char *pms = NULL;
5011     size_t pmslen = 0;
5012     EVP_PKEY_CTX *pctx;
5013     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5014 
5015     if (privkey == NULL || pubkey == NULL) {
5016         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5017         return 0;
5018     }
5019 
5020     pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5021 
5022     if (EVP_PKEY_derive_init(pctx) <= 0
5023         || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
5024         || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
5025         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5026         goto err;
5027     }
5028 
5029     if (SSL_CONNECTION_IS_TLS13(s) &&  EVP_PKEY_is_a(privkey, "DH"))
5030         EVP_PKEY_CTX_set_dh_pad(pctx, 1);
5031 
5032     pms = OPENSSL_malloc(pmslen);
5033     if (pms == NULL) {
5034         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5035         goto err;
5036     }
5037 
5038     if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
5039         /*
5040          * the public key was probably a weak key
5041          */
5042         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5043         goto err;
5044     }
5045 
5046     if (gensecret) {
5047         /* SSLfatal() called as appropriate in the below functions */
5048         rv = ssl_gensecret(s, pms, pmslen);
5049     } else {
5050         /* Save premaster secret */
5051         s->s3.tmp.pms = pms;
5052         s->s3.tmp.pmslen = pmslen;
5053         pms = NULL;
5054         rv = 1;
5055     }
5056 
5057  err:
5058     OPENSSL_clear_free(pms, pmslen);
5059     EVP_PKEY_CTX_free(pctx);
5060     return rv;
5061 }
5062 
5063 /* Decapsulate secrets for KEM */
ssl_decapsulate(SSL_CONNECTION * s,EVP_PKEY * privkey,const unsigned char * ct,size_t ctlen,int gensecret)5064 int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
5065                     const unsigned char *ct, size_t ctlen,
5066                     int gensecret)
5067 {
5068     int rv = 0;
5069     unsigned char *pms = NULL;
5070     size_t pmslen = 0;
5071     EVP_PKEY_CTX *pctx;
5072     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5073 
5074     if (privkey == NULL) {
5075         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5076         return 0;
5077     }
5078 
5079     pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5080 
5081     if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
5082             || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
5083         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5084         goto err;
5085     }
5086 
5087     pms = OPENSSL_malloc(pmslen);
5088     if (pms == NULL) {
5089         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5090         goto err;
5091     }
5092 
5093     if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5094         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5095         goto err;
5096     }
5097 
5098     if (gensecret) {
5099         /* SSLfatal() called as appropriate in the below functions */
5100         rv = ssl_gensecret(s, pms, pmslen);
5101     } else {
5102         /* Save premaster secret */
5103         s->s3.tmp.pms = pms;
5104         s->s3.tmp.pmslen = pmslen;
5105         pms = NULL;
5106         rv = 1;
5107     }
5108 
5109  err:
5110     OPENSSL_clear_free(pms, pmslen);
5111     EVP_PKEY_CTX_free(pctx);
5112     return rv;
5113 }
5114 
ssl_encapsulate(SSL_CONNECTION * s,EVP_PKEY * pubkey,unsigned char ** ctp,size_t * ctlenp,int gensecret)5115 int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5116                     unsigned char **ctp, size_t *ctlenp,
5117                     int gensecret)
5118 {
5119     int rv = 0;
5120     unsigned char *pms = NULL, *ct = NULL;
5121     size_t pmslen = 0, ctlen = 0;
5122     EVP_PKEY_CTX *pctx;
5123     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5124 
5125     if (pubkey == NULL) {
5126         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5127         return 0;
5128     }
5129 
5130     pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5131 
5132     if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5133             || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5134             || pmslen == 0 || ctlen == 0) {
5135         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5136         goto err;
5137     }
5138 
5139     pms = OPENSSL_malloc(pmslen);
5140     ct = OPENSSL_malloc(ctlen);
5141     if (pms == NULL || ct == NULL) {
5142         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5143         goto err;
5144     }
5145 
5146     if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5147         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5148         goto err;
5149     }
5150 
5151     if (gensecret) {
5152         /* SSLfatal() called as appropriate in the below functions */
5153         rv = ssl_gensecret(s, pms, pmslen);
5154     } else {
5155         /* Save premaster secret */
5156         s->s3.tmp.pms = pms;
5157         s->s3.tmp.pmslen = pmslen;
5158         pms = NULL;
5159         rv = 1;
5160     }
5161 
5162     if (rv > 0) {
5163         /* Pass ownership of ct to caller */
5164         *ctp = ct;
5165         *ctlenp = ctlen;
5166         ct = NULL;
5167     }
5168 
5169  err:
5170     OPENSSL_clear_free(pms, pmslen);
5171     OPENSSL_free(ct);
5172     EVP_PKEY_CTX_free(pctx);
5173     return rv;
5174 }
5175 
SSL_get0_group_name(SSL * s)5176 const char *SSL_get0_group_name(SSL *s)
5177 {
5178     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5179     unsigned int id;
5180 
5181     if (sc == NULL)
5182         return NULL;
5183 
5184     if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5185         id = sc->s3.group_id;
5186     else
5187         id = sc->session->kex_group;
5188 
5189     return tls1_group_id2name(s->ctx, id);
5190 }
5191 
SSL_group_to_name(SSL * s,int nid)5192 const char *SSL_group_to_name(SSL *s, int nid) {
5193     int group_id = 0;
5194     const TLS_GROUP_INFO *cinf = NULL;
5195 
5196     /* first convert to real group id for internal and external IDs */
5197     if (nid & TLSEXT_nid_unknown)
5198         group_id = nid & 0xFFFF;
5199     else
5200         group_id = tls1_nid2group_id(nid);
5201 
5202     /* then look up */
5203     cinf = tls1_group_id_lookup(s->ctx, group_id);
5204 
5205     if (cinf != NULL)
5206         return cinf->tlsname;
5207     return NULL;
5208 }
5209