2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
52 #include <openssl/objects.h>
54 #include <openssl/md5.h>
55 #include <openssl/dh.h>
56 #include <openssl/rand.h>
58 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
59 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
62 * The list of available ciphers, mostly organized into the following
67 * SRP (within that: RSA EC PSK)
68 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
71 static SSL_CIPHER ssl3_ciphers[] = {
74 SSL3_TXT_RSA_NULL_MD5,
80 SSL3_VERSION, TLS1_2_VERSION,
81 DTLS1_BAD_VER, DTLS1_2_VERSION,
83 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
89 SSL3_TXT_RSA_NULL_SHA,
95 SSL3_VERSION, TLS1_2_VERSION,
96 DTLS1_BAD_VER, DTLS1_2_VERSION,
97 SSL_STRONG_NONE | SSL_FIPS,
98 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
102 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
105 SSL3_TXT_RSA_DES_192_CBC3_SHA,
106 SSL3_CK_RSA_DES_192_CBC3_SHA,
111 SSL3_VERSION, TLS1_2_VERSION,
112 DTLS1_BAD_VER, DTLS1_2_VERSION,
113 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
114 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
120 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
121 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
126 SSL3_VERSION, TLS1_2_VERSION,
127 DTLS1_BAD_VER, DTLS1_2_VERSION,
128 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
129 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
135 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
136 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
141 SSL3_VERSION, TLS1_2_VERSION,
142 DTLS1_BAD_VER, DTLS1_2_VERSION,
143 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
144 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
150 SSL3_TXT_ADH_DES_192_CBC_SHA,
151 SSL3_CK_ADH_DES_192_CBC_SHA,
156 SSL3_VERSION, TLS1_2_VERSION,
157 DTLS1_BAD_VER, DTLS1_2_VERSION,
158 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
159 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
166 TLS1_TXT_RSA_WITH_AES_128_SHA,
167 TLS1_CK_RSA_WITH_AES_128_SHA,
172 SSL3_VERSION, TLS1_2_VERSION,
173 DTLS1_BAD_VER, DTLS1_2_VERSION,
175 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
181 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
182 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
187 SSL3_VERSION, TLS1_2_VERSION,
188 DTLS1_BAD_VER, DTLS1_2_VERSION,
189 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
190 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
196 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
197 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
202 SSL3_VERSION, TLS1_2_VERSION,
203 DTLS1_BAD_VER, DTLS1_2_VERSION,
205 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
211 TLS1_TXT_ADH_WITH_AES_128_SHA,
212 TLS1_CK_ADH_WITH_AES_128_SHA,
217 SSL3_VERSION, TLS1_2_VERSION,
218 DTLS1_BAD_VER, DTLS1_2_VERSION,
219 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
220 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
226 TLS1_TXT_RSA_WITH_AES_256_SHA,
227 TLS1_CK_RSA_WITH_AES_256_SHA,
232 SSL3_VERSION, TLS1_2_VERSION,
233 DTLS1_BAD_VER, DTLS1_2_VERSION,
235 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
241 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
242 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
247 SSL3_VERSION, TLS1_2_VERSION,
248 DTLS1_BAD_VER, DTLS1_2_VERSION,
249 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
250 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
257 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
262 SSL3_VERSION, TLS1_2_VERSION,
263 DTLS1_BAD_VER, DTLS1_2_VERSION,
265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271 TLS1_TXT_ADH_WITH_AES_256_SHA,
272 TLS1_CK_ADH_WITH_AES_256_SHA,
277 SSL3_VERSION, TLS1_2_VERSION,
278 DTLS1_BAD_VER, DTLS1_2_VERSION,
279 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
280 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
286 TLS1_TXT_RSA_WITH_NULL_SHA256,
287 TLS1_CK_RSA_WITH_NULL_SHA256,
292 TLS1_2_VERSION, TLS1_2_VERSION,
293 DTLS1_2_VERSION, DTLS1_2_VERSION,
294 SSL_STRONG_NONE | SSL_FIPS,
295 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
301 TLS1_TXT_RSA_WITH_AES_128_SHA256,
302 TLS1_CK_RSA_WITH_AES_128_SHA256,
307 TLS1_2_VERSION, TLS1_2_VERSION,
308 DTLS1_2_VERSION, DTLS1_2_VERSION,
310 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
316 TLS1_TXT_RSA_WITH_AES_256_SHA256,
317 TLS1_CK_RSA_WITH_AES_256_SHA256,
322 TLS1_2_VERSION, TLS1_2_VERSION,
323 DTLS1_2_VERSION, DTLS1_2_VERSION,
325 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
331 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
332 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
337 TLS1_2_VERSION, TLS1_2_VERSION,
338 DTLS1_2_VERSION, DTLS1_2_VERSION,
339 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
340 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
346 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
347 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
352 TLS1_2_VERSION, TLS1_2_VERSION,
353 DTLS1_2_VERSION, DTLS1_2_VERSION,
355 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
361 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
362 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
367 TLS1_2_VERSION, TLS1_2_VERSION,
368 DTLS1_2_VERSION, DTLS1_2_VERSION,
369 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
370 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
376 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
377 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
382 TLS1_2_VERSION, TLS1_2_VERSION,
383 DTLS1_2_VERSION, DTLS1_2_VERSION,
385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
391 TLS1_TXT_ADH_WITH_AES_128_SHA256,
392 TLS1_CK_ADH_WITH_AES_128_SHA256,
397 TLS1_2_VERSION, TLS1_2_VERSION,
398 DTLS1_2_VERSION, DTLS1_2_VERSION,
399 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
400 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
406 TLS1_TXT_ADH_WITH_AES_256_SHA256,
407 TLS1_CK_ADH_WITH_AES_256_SHA256,
412 TLS1_2_VERSION, TLS1_2_VERSION,
413 DTLS1_2_VERSION, DTLS1_2_VERSION,
414 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
415 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
421 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
422 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
427 TLS1_2_VERSION, TLS1_2_VERSION,
428 DTLS1_2_VERSION, DTLS1_2_VERSION,
430 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
436 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
437 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
442 TLS1_2_VERSION, TLS1_2_VERSION,
443 DTLS1_2_VERSION, DTLS1_2_VERSION,
445 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
451 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
452 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
457 TLS1_2_VERSION, TLS1_2_VERSION,
458 DTLS1_2_VERSION, DTLS1_2_VERSION,
460 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
466 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
467 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
472 TLS1_2_VERSION, TLS1_2_VERSION,
473 DTLS1_2_VERSION, DTLS1_2_VERSION,
475 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
481 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
482 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
487 TLS1_2_VERSION, TLS1_2_VERSION,
488 DTLS1_2_VERSION, DTLS1_2_VERSION,
489 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
490 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
496 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
497 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
502 TLS1_2_VERSION, TLS1_2_VERSION,
503 DTLS1_2_VERSION, DTLS1_2_VERSION,
504 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
505 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
511 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
517 TLS1_2_VERSION, TLS1_2_VERSION,
518 DTLS1_2_VERSION, DTLS1_2_VERSION,
519 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
520 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
526 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
527 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
532 TLS1_2_VERSION, TLS1_2_VERSION,
533 DTLS1_2_VERSION, DTLS1_2_VERSION,
534 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
535 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
541 TLS1_TXT_RSA_WITH_AES_128_CCM,
542 TLS1_CK_RSA_WITH_AES_128_CCM,
547 TLS1_2_VERSION, TLS1_2_VERSION,
548 DTLS1_2_VERSION, DTLS1_2_VERSION,
549 SSL_NOT_DEFAULT | SSL_HIGH,
550 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
556 TLS1_TXT_RSA_WITH_AES_256_CCM,
557 TLS1_CK_RSA_WITH_AES_256_CCM,
562 TLS1_2_VERSION, TLS1_2_VERSION,
563 DTLS1_2_VERSION, DTLS1_2_VERSION,
564 SSL_NOT_DEFAULT | SSL_HIGH,
565 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
571 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
572 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
577 TLS1_2_VERSION, TLS1_2_VERSION,
578 DTLS1_2_VERSION, DTLS1_2_VERSION,
579 SSL_NOT_DEFAULT | SSL_HIGH,
580 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
586 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
587 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
592 TLS1_2_VERSION, TLS1_2_VERSION,
593 DTLS1_2_VERSION, DTLS1_2_VERSION,
594 SSL_NOT_DEFAULT | SSL_HIGH,
595 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
601 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
602 TLS1_CK_RSA_WITH_AES_128_CCM_8,
607 TLS1_2_VERSION, TLS1_2_VERSION,
608 DTLS1_2_VERSION, DTLS1_2_VERSION,
609 SSL_NOT_DEFAULT | SSL_HIGH,
610 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
616 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
617 TLS1_CK_RSA_WITH_AES_256_CCM_8,
622 TLS1_2_VERSION, TLS1_2_VERSION,
623 DTLS1_2_VERSION, DTLS1_2_VERSION,
624 SSL_NOT_DEFAULT | SSL_HIGH,
625 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
631 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
632 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
637 TLS1_2_VERSION, TLS1_2_VERSION,
638 DTLS1_2_VERSION, DTLS1_2_VERSION,
639 SSL_NOT_DEFAULT | SSL_HIGH,
640 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
646 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
647 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
652 TLS1_2_VERSION, TLS1_2_VERSION,
653 DTLS1_2_VERSION, DTLS1_2_VERSION,
654 SSL_NOT_DEFAULT | SSL_HIGH,
655 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
661 TLS1_TXT_PSK_WITH_AES_128_CCM,
662 TLS1_CK_PSK_WITH_AES_128_CCM,
667 TLS1_2_VERSION, TLS1_2_VERSION,
668 DTLS1_2_VERSION, DTLS1_2_VERSION,
669 SSL_NOT_DEFAULT | SSL_HIGH,
670 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
676 TLS1_TXT_PSK_WITH_AES_256_CCM,
677 TLS1_CK_PSK_WITH_AES_256_CCM,
682 TLS1_2_VERSION, TLS1_2_VERSION,
683 DTLS1_2_VERSION, DTLS1_2_VERSION,
684 SSL_NOT_DEFAULT | SSL_HIGH,
685 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
691 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
692 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
697 TLS1_2_VERSION, TLS1_2_VERSION,
698 DTLS1_2_VERSION, DTLS1_2_VERSION,
699 SSL_NOT_DEFAULT | SSL_HIGH,
700 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
706 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
707 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
712 TLS1_2_VERSION, TLS1_2_VERSION,
713 DTLS1_2_VERSION, DTLS1_2_VERSION,
714 SSL_NOT_DEFAULT | SSL_HIGH,
715 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
721 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
722 TLS1_CK_PSK_WITH_AES_128_CCM_8,
727 TLS1_2_VERSION, TLS1_2_VERSION,
728 DTLS1_2_VERSION, DTLS1_2_VERSION,
729 SSL_NOT_DEFAULT | SSL_HIGH,
730 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
736 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
737 TLS1_CK_PSK_WITH_AES_256_CCM_8,
742 TLS1_2_VERSION, TLS1_2_VERSION,
743 DTLS1_2_VERSION, DTLS1_2_VERSION,
744 SSL_NOT_DEFAULT | SSL_HIGH,
745 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
751 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
752 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
757 TLS1_2_VERSION, TLS1_2_VERSION,
758 DTLS1_2_VERSION, DTLS1_2_VERSION,
759 SSL_NOT_DEFAULT | SSL_HIGH,
760 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
766 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
767 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
772 TLS1_2_VERSION, TLS1_2_VERSION,
773 DTLS1_2_VERSION, DTLS1_2_VERSION,
774 SSL_NOT_DEFAULT | SSL_HIGH,
775 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
781 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
782 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
787 TLS1_2_VERSION, TLS1_2_VERSION,
788 DTLS1_2_VERSION, DTLS1_2_VERSION,
789 SSL_NOT_DEFAULT | SSL_HIGH,
790 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
796 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
797 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
802 TLS1_2_VERSION, TLS1_2_VERSION,
803 DTLS1_2_VERSION, DTLS1_2_VERSION,
804 SSL_NOT_DEFAULT | SSL_HIGH,
805 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
811 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
812 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
817 TLS1_2_VERSION, TLS1_2_VERSION,
818 DTLS1_2_VERSION, DTLS1_2_VERSION,
819 SSL_NOT_DEFAULT | SSL_HIGH,
820 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
826 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
827 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
832 TLS1_2_VERSION, TLS1_2_VERSION,
833 DTLS1_2_VERSION, DTLS1_2_VERSION,
834 SSL_NOT_DEFAULT | SSL_HIGH,
835 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
841 TLS1_3_TXT_AES_128_GCM_SHA256,
842 TLS1_3_CK_AES_128_GCM_SHA256,
846 TLS1_3_VERSION, TLS1_3_VERSION,
850 SSL_HANDSHAKE_MAC_SHA256,
856 TLS1_3_TXT_AES_256_GCM_SHA384,
857 TLS1_3_CK_AES_256_GCM_SHA384,
862 TLS1_3_VERSION, TLS1_3_VERSION,
865 SSL_HANDSHAKE_MAC_SHA384,
869 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
872 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
873 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
876 SSL_CHACHA20POLY1305,
878 TLS1_3_VERSION, TLS1_3_VERSION,
881 SSL_HANDSHAKE_MAC_SHA256,
888 TLS1_3_TXT_AES_128_CCM_SHA256,
889 TLS1_3_CK_AES_128_CCM_SHA256,
894 TLS1_3_VERSION, TLS1_3_VERSION,
896 SSL_NOT_DEFAULT | SSL_HIGH,
897 SSL_HANDSHAKE_MAC_SHA256,
903 TLS1_3_TXT_AES_128_CCM_8_SHA256,
904 TLS1_3_CK_AES_128_CCM_8_SHA256,
909 TLS1_3_VERSION, TLS1_3_VERSION,
911 SSL_NOT_DEFAULT | SSL_HIGH,
912 SSL_HANDSHAKE_MAC_SHA256,
917 #ifndef OPENSSL_NO_EC
920 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
921 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
926 SSL3_VERSION, TLS1_2_VERSION,
927 DTLS1_BAD_VER, DTLS1_2_VERSION,
928 SSL_STRONG_NONE | SSL_FIPS,
929 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
933 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
936 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
937 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
942 SSL3_VERSION, TLS1_2_VERSION,
943 DTLS1_BAD_VER, DTLS1_2_VERSION,
944 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
945 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
952 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
953 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
958 SSL3_VERSION, TLS1_2_VERSION,
959 DTLS1_BAD_VER, DTLS1_2_VERSION,
961 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
967 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
968 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
973 SSL3_VERSION, TLS1_2_VERSION,
974 DTLS1_BAD_VER, DTLS1_2_VERSION,
976 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
982 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
983 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
988 SSL3_VERSION, TLS1_2_VERSION,
989 DTLS1_BAD_VER, DTLS1_2_VERSION,
990 SSL_STRONG_NONE | SSL_FIPS,
991 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
995 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
998 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
999 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1004 SSL3_VERSION, TLS1_2_VERSION,
1005 DTLS1_BAD_VER, DTLS1_2_VERSION,
1006 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1007 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1014 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1015 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1020 SSL3_VERSION, TLS1_2_VERSION,
1021 DTLS1_BAD_VER, DTLS1_2_VERSION,
1022 SSL_HIGH | SSL_FIPS,
1023 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1029 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1030 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1035 SSL3_VERSION, TLS1_2_VERSION,
1036 DTLS1_BAD_VER, DTLS1_2_VERSION,
1037 SSL_HIGH | SSL_FIPS,
1038 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1044 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1045 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1050 SSL3_VERSION, TLS1_2_VERSION,
1051 DTLS1_BAD_VER, DTLS1_2_VERSION,
1052 SSL_STRONG_NONE | SSL_FIPS,
1053 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1057 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1060 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1061 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1066 SSL3_VERSION, TLS1_2_VERSION,
1067 DTLS1_BAD_VER, DTLS1_2_VERSION,
1068 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1069 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1076 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1077 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1082 SSL3_VERSION, TLS1_2_VERSION,
1083 DTLS1_BAD_VER, DTLS1_2_VERSION,
1084 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1085 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1091 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1092 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1097 SSL3_VERSION, TLS1_2_VERSION,
1098 DTLS1_BAD_VER, DTLS1_2_VERSION,
1099 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1100 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1106 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1107 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1112 TLS1_2_VERSION, TLS1_2_VERSION,
1113 DTLS1_2_VERSION, DTLS1_2_VERSION,
1114 SSL_HIGH | SSL_FIPS,
1115 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1121 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1122 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1127 TLS1_2_VERSION, TLS1_2_VERSION,
1128 DTLS1_2_VERSION, DTLS1_2_VERSION,
1129 SSL_HIGH | SSL_FIPS,
1130 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1136 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1137 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1142 TLS1_2_VERSION, TLS1_2_VERSION,
1143 DTLS1_2_VERSION, DTLS1_2_VERSION,
1144 SSL_HIGH | SSL_FIPS,
1145 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1151 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1152 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1157 TLS1_2_VERSION, TLS1_2_VERSION,
1158 DTLS1_2_VERSION, DTLS1_2_VERSION,
1159 SSL_HIGH | SSL_FIPS,
1160 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1166 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1167 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1172 TLS1_2_VERSION, TLS1_2_VERSION,
1173 DTLS1_2_VERSION, DTLS1_2_VERSION,
1174 SSL_HIGH | SSL_FIPS,
1175 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1181 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1182 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1187 TLS1_2_VERSION, TLS1_2_VERSION,
1188 DTLS1_2_VERSION, DTLS1_2_VERSION,
1189 SSL_HIGH | SSL_FIPS,
1190 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1196 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1197 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1202 TLS1_2_VERSION, TLS1_2_VERSION,
1203 DTLS1_2_VERSION, DTLS1_2_VERSION,
1204 SSL_HIGH | SSL_FIPS,
1205 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1211 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1212 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1217 TLS1_2_VERSION, TLS1_2_VERSION,
1218 DTLS1_2_VERSION, DTLS1_2_VERSION,
1219 SSL_HIGH | SSL_FIPS,
1220 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1224 #endif /* OPENSSL_NO_EC */
1226 #ifndef OPENSSL_NO_PSK
1229 TLS1_TXT_PSK_WITH_NULL_SHA,
1230 TLS1_CK_PSK_WITH_NULL_SHA,
1235 SSL3_VERSION, TLS1_2_VERSION,
1236 DTLS1_BAD_VER, DTLS1_2_VERSION,
1237 SSL_STRONG_NONE | SSL_FIPS,
1238 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1244 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1245 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1250 SSL3_VERSION, TLS1_2_VERSION,
1251 DTLS1_BAD_VER, DTLS1_2_VERSION,
1252 SSL_STRONG_NONE | SSL_FIPS,
1253 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1259 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1260 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1265 SSL3_VERSION, TLS1_2_VERSION,
1266 DTLS1_BAD_VER, DTLS1_2_VERSION,
1267 SSL_STRONG_NONE | SSL_FIPS,
1268 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1272 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1275 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1276 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1281 SSL3_VERSION, TLS1_2_VERSION,
1282 DTLS1_BAD_VER, DTLS1_2_VERSION,
1283 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1284 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1291 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1292 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1297 SSL3_VERSION, TLS1_2_VERSION,
1298 DTLS1_BAD_VER, DTLS1_2_VERSION,
1299 SSL_HIGH | SSL_FIPS,
1300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1306 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1307 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1312 SSL3_VERSION, TLS1_2_VERSION,
1313 DTLS1_BAD_VER, DTLS1_2_VERSION,
1314 SSL_HIGH | SSL_FIPS,
1315 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1319 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1322 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1323 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1328 SSL3_VERSION, TLS1_2_VERSION,
1329 DTLS1_BAD_VER, DTLS1_2_VERSION,
1330 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1331 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1338 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1339 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1344 SSL3_VERSION, TLS1_2_VERSION,
1345 DTLS1_BAD_VER, DTLS1_2_VERSION,
1346 SSL_HIGH | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1353 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1354 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1359 SSL3_VERSION, TLS1_2_VERSION,
1360 DTLS1_BAD_VER, DTLS1_2_VERSION,
1361 SSL_HIGH | SSL_FIPS,
1362 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1366 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1369 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1370 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1375 SSL3_VERSION, TLS1_2_VERSION,
1376 DTLS1_BAD_VER, DTLS1_2_VERSION,
1377 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1378 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1385 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1386 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1391 SSL3_VERSION, TLS1_2_VERSION,
1392 DTLS1_BAD_VER, DTLS1_2_VERSION,
1393 SSL_HIGH | SSL_FIPS,
1394 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1400 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1401 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1406 SSL3_VERSION, TLS1_2_VERSION,
1407 DTLS1_BAD_VER, DTLS1_2_VERSION,
1408 SSL_HIGH | SSL_FIPS,
1409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1415 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1416 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1421 TLS1_2_VERSION, TLS1_2_VERSION,
1422 DTLS1_2_VERSION, DTLS1_2_VERSION,
1423 SSL_HIGH | SSL_FIPS,
1424 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1430 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1431 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1436 TLS1_2_VERSION, TLS1_2_VERSION,
1437 DTLS1_2_VERSION, DTLS1_2_VERSION,
1438 SSL_HIGH | SSL_FIPS,
1439 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1445 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1446 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1451 TLS1_2_VERSION, TLS1_2_VERSION,
1452 DTLS1_2_VERSION, DTLS1_2_VERSION,
1453 SSL_HIGH | SSL_FIPS,
1454 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1460 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1461 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1466 TLS1_2_VERSION, TLS1_2_VERSION,
1467 DTLS1_2_VERSION, DTLS1_2_VERSION,
1468 SSL_HIGH | SSL_FIPS,
1469 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1475 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1481 TLS1_2_VERSION, TLS1_2_VERSION,
1482 DTLS1_2_VERSION, DTLS1_2_VERSION,
1483 SSL_HIGH | SSL_FIPS,
1484 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1490 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1491 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1496 TLS1_2_VERSION, TLS1_2_VERSION,
1497 DTLS1_2_VERSION, DTLS1_2_VERSION,
1498 SSL_HIGH | SSL_FIPS,
1499 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1505 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1506 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1511 TLS1_VERSION, TLS1_2_VERSION,
1512 DTLS1_BAD_VER, DTLS1_2_VERSION,
1513 SSL_HIGH | SSL_FIPS,
1514 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1520 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1521 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1526 TLS1_VERSION, TLS1_2_VERSION,
1527 DTLS1_BAD_VER, DTLS1_2_VERSION,
1528 SSL_HIGH | SSL_FIPS,
1529 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1535 TLS1_TXT_PSK_WITH_NULL_SHA256,
1536 TLS1_CK_PSK_WITH_NULL_SHA256,
1541 TLS1_VERSION, TLS1_2_VERSION,
1542 DTLS1_BAD_VER, DTLS1_2_VERSION,
1543 SSL_STRONG_NONE | SSL_FIPS,
1544 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1550 TLS1_TXT_PSK_WITH_NULL_SHA384,
1551 TLS1_CK_PSK_WITH_NULL_SHA384,
1556 TLS1_VERSION, TLS1_2_VERSION,
1557 DTLS1_BAD_VER, DTLS1_2_VERSION,
1558 SSL_STRONG_NONE | SSL_FIPS,
1559 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1565 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1566 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1571 TLS1_VERSION, TLS1_2_VERSION,
1572 DTLS1_BAD_VER, DTLS1_2_VERSION,
1573 SSL_HIGH | SSL_FIPS,
1574 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1580 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1581 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1586 TLS1_VERSION, TLS1_2_VERSION,
1587 DTLS1_BAD_VER, DTLS1_2_VERSION,
1588 SSL_HIGH | SSL_FIPS,
1589 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1595 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1596 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1601 TLS1_VERSION, TLS1_2_VERSION,
1602 DTLS1_BAD_VER, DTLS1_2_VERSION,
1603 SSL_STRONG_NONE | SSL_FIPS,
1604 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1610 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1611 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1616 TLS1_VERSION, TLS1_2_VERSION,
1617 DTLS1_BAD_VER, DTLS1_2_VERSION,
1618 SSL_STRONG_NONE | SSL_FIPS,
1619 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1625 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1626 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1631 TLS1_VERSION, TLS1_2_VERSION,
1632 DTLS1_BAD_VER, DTLS1_2_VERSION,
1633 SSL_HIGH | SSL_FIPS,
1634 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1640 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1641 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1646 TLS1_VERSION, TLS1_2_VERSION,
1647 DTLS1_BAD_VER, DTLS1_2_VERSION,
1648 SSL_HIGH | SSL_FIPS,
1649 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1655 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1656 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1661 TLS1_VERSION, TLS1_2_VERSION,
1662 DTLS1_BAD_VER, DTLS1_2_VERSION,
1663 SSL_STRONG_NONE | SSL_FIPS,
1664 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1670 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1671 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1676 TLS1_VERSION, TLS1_2_VERSION,
1677 DTLS1_BAD_VER, DTLS1_2_VERSION,
1678 SSL_STRONG_NONE | SSL_FIPS,
1679 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1683 # ifndef OPENSSL_NO_EC
1684 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1687 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1688 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1693 SSL3_VERSION, TLS1_2_VERSION,
1694 DTLS1_BAD_VER, DTLS1_2_VERSION,
1695 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1696 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1703 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1704 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1709 SSL3_VERSION, TLS1_2_VERSION,
1710 DTLS1_BAD_VER, DTLS1_2_VERSION,
1711 SSL_HIGH | SSL_FIPS,
1712 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1718 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1719 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1724 SSL3_VERSION, TLS1_2_VERSION,
1725 DTLS1_BAD_VER, DTLS1_2_VERSION,
1726 SSL_HIGH | SSL_FIPS,
1727 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1733 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1734 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1739 TLS1_VERSION, TLS1_2_VERSION,
1740 DTLS1_BAD_VER, DTLS1_2_VERSION,
1741 SSL_HIGH | SSL_FIPS,
1742 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1748 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1749 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1754 TLS1_VERSION, TLS1_2_VERSION,
1755 DTLS1_BAD_VER, DTLS1_2_VERSION,
1756 SSL_HIGH | SSL_FIPS,
1757 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1763 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1764 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1769 SSL3_VERSION, TLS1_2_VERSION,
1770 DTLS1_BAD_VER, DTLS1_2_VERSION,
1771 SSL_STRONG_NONE | SSL_FIPS,
1772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1778 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1779 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1784 TLS1_VERSION, TLS1_2_VERSION,
1785 DTLS1_BAD_VER, DTLS1_2_VERSION,
1786 SSL_STRONG_NONE | SSL_FIPS,
1787 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1793 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1794 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1799 TLS1_VERSION, TLS1_2_VERSION,
1800 DTLS1_BAD_VER, DTLS1_2_VERSION,
1801 SSL_STRONG_NONE | SSL_FIPS,
1802 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1806 # endif /* OPENSSL_NO_EC */
1807 #endif /* OPENSSL_NO_PSK */
1809 #ifndef OPENSSL_NO_SRP
1810 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1813 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1814 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1819 SSL3_VERSION, TLS1_2_VERSION,
1820 DTLS1_BAD_VER, DTLS1_2_VERSION,
1821 SSL_NOT_DEFAULT | SSL_MEDIUM,
1822 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1828 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1829 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1834 SSL3_VERSION, TLS1_2_VERSION,
1835 DTLS1_BAD_VER, DTLS1_2_VERSION,
1836 SSL_NOT_DEFAULT | SSL_MEDIUM,
1837 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1843 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1844 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1849 SSL3_VERSION, TLS1_2_VERSION,
1850 DTLS1_BAD_VER, DTLS1_2_VERSION,
1851 SSL_NOT_DEFAULT | SSL_MEDIUM,
1852 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1860 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1865 SSL3_VERSION, TLS1_2_VERSION,
1866 DTLS1_BAD_VER, DTLS1_2_VERSION,
1868 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1874 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1875 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1880 SSL3_VERSION, TLS1_2_VERSION,
1881 DTLS1_BAD_VER, DTLS1_2_VERSION,
1883 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1889 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1890 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1895 SSL3_VERSION, TLS1_2_VERSION,
1896 DTLS1_BAD_VER, DTLS1_2_VERSION,
1897 SSL_NOT_DEFAULT | SSL_HIGH,
1898 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1904 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1905 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1910 SSL3_VERSION, TLS1_2_VERSION,
1911 DTLS1_BAD_VER, DTLS1_2_VERSION,
1913 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1919 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1920 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1925 SSL3_VERSION, TLS1_2_VERSION,
1926 DTLS1_BAD_VER, DTLS1_2_VERSION,
1928 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1934 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1935 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1940 SSL3_VERSION, TLS1_2_VERSION,
1941 DTLS1_BAD_VER, DTLS1_2_VERSION,
1942 SSL_NOT_DEFAULT | SSL_HIGH,
1943 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1947 #endif /* OPENSSL_NO_SRP */
1949 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1950 # ifndef OPENSSL_NO_RSA
1953 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1954 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1957 SSL_CHACHA20POLY1305,
1959 TLS1_2_VERSION, TLS1_2_VERSION,
1960 DTLS1_2_VERSION, DTLS1_2_VERSION,
1962 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1966 # endif /* OPENSSL_NO_RSA */
1968 # ifndef OPENSSL_NO_EC
1971 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1972 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1975 SSL_CHACHA20POLY1305,
1977 TLS1_2_VERSION, TLS1_2_VERSION,
1978 DTLS1_2_VERSION, DTLS1_2_VERSION,
1980 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1986 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1987 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1990 SSL_CHACHA20POLY1305,
1992 TLS1_2_VERSION, TLS1_2_VERSION,
1993 DTLS1_2_VERSION, DTLS1_2_VERSION,
1995 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1999 # endif /* OPENSSL_NO_EC */
2001 # ifndef OPENSSL_NO_PSK
2004 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2005 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2008 SSL_CHACHA20POLY1305,
2010 TLS1_2_VERSION, TLS1_2_VERSION,
2011 DTLS1_2_VERSION, DTLS1_2_VERSION,
2013 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2019 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2020 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2023 SSL_CHACHA20POLY1305,
2025 TLS1_2_VERSION, TLS1_2_VERSION,
2026 DTLS1_2_VERSION, DTLS1_2_VERSION,
2028 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2034 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2035 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2038 SSL_CHACHA20POLY1305,
2040 TLS1_2_VERSION, TLS1_2_VERSION,
2041 DTLS1_2_VERSION, DTLS1_2_VERSION,
2043 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2049 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2050 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2053 SSL_CHACHA20POLY1305,
2055 TLS1_2_VERSION, TLS1_2_VERSION,
2056 DTLS1_2_VERSION, DTLS1_2_VERSION,
2058 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2062 # endif /* OPENSSL_NO_PSK */
2063 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2064 * !defined(OPENSSL_NO_POLY1305) */
2066 #ifndef OPENSSL_NO_CAMELLIA
2069 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2070 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2075 TLS1_2_VERSION, TLS1_2_VERSION,
2076 DTLS1_2_VERSION, DTLS1_2_VERSION,
2077 SSL_NOT_DEFAULT | SSL_HIGH,
2078 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2084 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2085 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2090 TLS1_2_VERSION, TLS1_2_VERSION,
2091 DTLS1_2_VERSION, DTLS1_2_VERSION,
2092 SSL_NOT_DEFAULT | SSL_HIGH,
2093 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2099 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2100 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2105 TLS1_2_VERSION, TLS1_2_VERSION,
2106 DTLS1_2_VERSION, DTLS1_2_VERSION,
2107 SSL_NOT_DEFAULT | SSL_HIGH,
2108 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2114 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2115 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2120 TLS1_2_VERSION, TLS1_2_VERSION,
2121 DTLS1_2_VERSION, DTLS1_2_VERSION,
2122 SSL_NOT_DEFAULT | SSL_HIGH,
2123 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2129 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2130 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2135 TLS1_2_VERSION, TLS1_2_VERSION,
2136 DTLS1_2_VERSION, DTLS1_2_VERSION,
2137 SSL_NOT_DEFAULT | SSL_HIGH,
2138 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2144 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2145 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2150 TLS1_2_VERSION, TLS1_2_VERSION,
2151 DTLS1_2_VERSION, DTLS1_2_VERSION,
2152 SSL_NOT_DEFAULT | SSL_HIGH,
2153 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2159 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2160 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2165 TLS1_2_VERSION, TLS1_2_VERSION,
2166 DTLS1_2_VERSION, DTLS1_2_VERSION,
2167 SSL_NOT_DEFAULT | SSL_HIGH,
2168 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2174 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2175 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2180 TLS1_2_VERSION, TLS1_2_VERSION,
2181 DTLS1_2_VERSION, DTLS1_2_VERSION,
2182 SSL_NOT_DEFAULT | SSL_HIGH,
2183 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2189 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2190 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2195 SSL3_VERSION, TLS1_2_VERSION,
2196 DTLS1_BAD_VER, DTLS1_2_VERSION,
2197 SSL_NOT_DEFAULT | SSL_HIGH,
2198 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2204 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2205 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2210 SSL3_VERSION, TLS1_2_VERSION,
2211 DTLS1_BAD_VER, DTLS1_2_VERSION,
2212 SSL_NOT_DEFAULT | SSL_HIGH,
2213 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2219 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2220 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2225 SSL3_VERSION, TLS1_2_VERSION,
2226 DTLS1_BAD_VER, DTLS1_2_VERSION,
2227 SSL_NOT_DEFAULT | SSL_HIGH,
2228 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2234 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2235 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2240 SSL3_VERSION, TLS1_2_VERSION,
2241 DTLS1_BAD_VER, DTLS1_2_VERSION,
2242 SSL_NOT_DEFAULT | SSL_HIGH,
2243 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2249 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2250 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2255 SSL3_VERSION, TLS1_2_VERSION,
2256 DTLS1_BAD_VER, DTLS1_2_VERSION,
2257 SSL_NOT_DEFAULT | SSL_HIGH,
2258 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2264 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2265 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2270 SSL3_VERSION, TLS1_2_VERSION,
2271 DTLS1_BAD_VER, DTLS1_2_VERSION,
2272 SSL_NOT_DEFAULT | SSL_HIGH,
2273 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2279 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2280 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2285 SSL3_VERSION, TLS1_2_VERSION,
2286 DTLS1_BAD_VER, DTLS1_2_VERSION,
2287 SSL_NOT_DEFAULT | SSL_HIGH,
2288 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2294 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2295 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2300 SSL3_VERSION, TLS1_2_VERSION,
2301 DTLS1_BAD_VER, DTLS1_2_VERSION,
2302 SSL_NOT_DEFAULT | SSL_HIGH,
2303 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2308 # ifndef OPENSSL_NO_EC
2311 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2312 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2317 TLS1_2_VERSION, TLS1_2_VERSION,
2318 DTLS1_2_VERSION, DTLS1_2_VERSION,
2319 SSL_NOT_DEFAULT | SSL_HIGH,
2320 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2326 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2327 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2332 TLS1_2_VERSION, TLS1_2_VERSION,
2333 DTLS1_2_VERSION, DTLS1_2_VERSION,
2334 SSL_NOT_DEFAULT | SSL_HIGH,
2335 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2341 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2342 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2347 TLS1_2_VERSION, TLS1_2_VERSION,
2348 DTLS1_2_VERSION, DTLS1_2_VERSION,
2349 SSL_NOT_DEFAULT | SSL_HIGH,
2350 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2356 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2357 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2362 TLS1_2_VERSION, TLS1_2_VERSION,
2363 DTLS1_2_VERSION, DTLS1_2_VERSION,
2364 SSL_NOT_DEFAULT | SSL_HIGH,
2365 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2369 # endif /* OPENSSL_NO_EC */
2371 # ifndef OPENSSL_NO_PSK
2374 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2375 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2380 TLS1_VERSION, TLS1_2_VERSION,
2381 DTLS1_BAD_VER, DTLS1_2_VERSION,
2382 SSL_NOT_DEFAULT | SSL_HIGH,
2383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2389 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2390 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2395 TLS1_VERSION, TLS1_2_VERSION,
2396 DTLS1_BAD_VER, DTLS1_2_VERSION,
2397 SSL_NOT_DEFAULT | SSL_HIGH,
2398 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2404 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2405 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2410 TLS1_VERSION, TLS1_2_VERSION,
2411 DTLS1_BAD_VER, DTLS1_2_VERSION,
2412 SSL_NOT_DEFAULT | SSL_HIGH,
2413 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2419 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2420 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2425 TLS1_VERSION, TLS1_2_VERSION,
2426 DTLS1_BAD_VER, DTLS1_2_VERSION,
2427 SSL_NOT_DEFAULT | SSL_HIGH,
2428 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2434 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2435 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2440 TLS1_VERSION, TLS1_2_VERSION,
2441 DTLS1_BAD_VER, DTLS1_2_VERSION,
2442 SSL_NOT_DEFAULT | SSL_HIGH,
2443 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2449 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2450 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2455 TLS1_VERSION, TLS1_2_VERSION,
2456 DTLS1_BAD_VER, DTLS1_2_VERSION,
2457 SSL_NOT_DEFAULT | SSL_HIGH,
2458 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2464 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2465 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2470 TLS1_VERSION, TLS1_2_VERSION,
2471 DTLS1_BAD_VER, DTLS1_2_VERSION,
2472 SSL_NOT_DEFAULT | SSL_HIGH,
2473 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2479 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2480 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2485 TLS1_VERSION, TLS1_2_VERSION,
2486 DTLS1_BAD_VER, DTLS1_2_VERSION,
2487 SSL_NOT_DEFAULT | SSL_HIGH,
2488 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2492 # endif /* OPENSSL_NO_PSK */
2494 #endif /* OPENSSL_NO_CAMELLIA */
2496 #ifndef OPENSSL_NO_GOST
2499 "GOST2001-GOST89-GOST89",
2503 SSL_eGOST2814789CNT,
2505 TLS1_VERSION, TLS1_2_VERSION,
2508 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2514 "GOST2001-NULL-GOST94",
2520 TLS1_VERSION, TLS1_2_VERSION,
2523 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2529 "GOST2012-GOST8912-GOST8912",
2532 SSL_aGOST12 | SSL_aGOST01,
2533 SSL_eGOST2814789CNT12,
2535 TLS1_VERSION, TLS1_2_VERSION,
2538 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2544 "GOST2012-NULL-GOST12",
2547 SSL_aGOST12 | SSL_aGOST01,
2550 TLS1_VERSION, TLS1_2_VERSION,
2553 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2557 #endif /* OPENSSL_NO_GOST */
2559 #ifndef OPENSSL_NO_IDEA
2562 SSL3_TXT_RSA_IDEA_128_SHA,
2563 SSL3_CK_RSA_IDEA_128_SHA,
2568 SSL3_VERSION, TLS1_1_VERSION,
2569 DTLS1_BAD_VER, DTLS1_VERSION,
2570 SSL_NOT_DEFAULT | SSL_MEDIUM,
2571 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2577 #ifndef OPENSSL_NO_SEED
2580 TLS1_TXT_RSA_WITH_SEED_SHA,
2581 TLS1_CK_RSA_WITH_SEED_SHA,
2586 SSL3_VERSION, TLS1_2_VERSION,
2587 DTLS1_BAD_VER, DTLS1_2_VERSION,
2588 SSL_NOT_DEFAULT | SSL_MEDIUM,
2589 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2595 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2596 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2601 SSL3_VERSION, TLS1_2_VERSION,
2602 DTLS1_BAD_VER, DTLS1_2_VERSION,
2603 SSL_NOT_DEFAULT | SSL_MEDIUM,
2604 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2610 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2611 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2616 SSL3_VERSION, TLS1_2_VERSION,
2617 DTLS1_BAD_VER, DTLS1_2_VERSION,
2618 SSL_NOT_DEFAULT | SSL_MEDIUM,
2619 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2625 TLS1_TXT_ADH_WITH_SEED_SHA,
2626 TLS1_CK_ADH_WITH_SEED_SHA,
2631 SSL3_VERSION, TLS1_2_VERSION,
2632 DTLS1_BAD_VER, DTLS1_2_VERSION,
2633 SSL_NOT_DEFAULT | SSL_MEDIUM,
2634 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2638 #endif /* OPENSSL_NO_SEED */
2640 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2643 SSL3_TXT_RSA_RC4_128_MD5,
2644 SSL3_CK_RSA_RC4_128_MD5,
2649 SSL3_VERSION, TLS1_2_VERSION,
2651 SSL_NOT_DEFAULT | SSL_MEDIUM,
2652 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2658 SSL3_TXT_RSA_RC4_128_SHA,
2659 SSL3_CK_RSA_RC4_128_SHA,
2664 SSL3_VERSION, TLS1_2_VERSION,
2666 SSL_NOT_DEFAULT | SSL_MEDIUM,
2667 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2673 SSL3_TXT_ADH_RC4_128_MD5,
2674 SSL3_CK_ADH_RC4_128_MD5,
2679 SSL3_VERSION, TLS1_2_VERSION,
2681 SSL_NOT_DEFAULT | SSL_MEDIUM,
2682 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2687 # ifndef OPENSSL_NO_EC
2690 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2691 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2696 SSL3_VERSION, TLS1_2_VERSION,
2698 SSL_NOT_DEFAULT | SSL_MEDIUM,
2699 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2705 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2706 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2711 SSL3_VERSION, TLS1_2_VERSION,
2713 SSL_NOT_DEFAULT | SSL_MEDIUM,
2714 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2720 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2721 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2726 SSL3_VERSION, TLS1_2_VERSION,
2728 SSL_NOT_DEFAULT | SSL_MEDIUM,
2729 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2735 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2736 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2741 SSL3_VERSION, TLS1_2_VERSION,
2743 SSL_NOT_DEFAULT | SSL_MEDIUM,
2744 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2748 # endif /* OPENSSL_NO_EC */
2750 # ifndef OPENSSL_NO_PSK
2753 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2754 TLS1_CK_PSK_WITH_RC4_128_SHA,
2759 SSL3_VERSION, TLS1_2_VERSION,
2761 SSL_NOT_DEFAULT | SSL_MEDIUM,
2762 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2768 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2769 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2774 SSL3_VERSION, TLS1_2_VERSION,
2776 SSL_NOT_DEFAULT | SSL_MEDIUM,
2777 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2783 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2784 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2789 SSL3_VERSION, TLS1_2_VERSION,
2791 SSL_NOT_DEFAULT | SSL_MEDIUM,
2792 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2796 # endif /* OPENSSL_NO_PSK */
2798 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2803 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2804 * values stuffed into the ciphers field of the wire protocol for signalling
2807 static SSL_CIPHER ssl3_scsvs[] = {
2810 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2812 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2816 "TLS_FALLBACK_SCSV",
2817 SSL3_CK_FALLBACK_SCSV,
2818 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2822 static int cipher_compare(const void *a, const void *b)
2824 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2825 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2827 return ap->id - bp->id;
2830 void ssl_sort_cipher_list(void)
2832 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
2834 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
2837 const SSL3_ENC_METHOD SSLv3_enc_data = {
2840 ssl3_setup_key_block,
2841 ssl3_generate_master_secret,
2842 ssl3_change_cipher_state,
2843 ssl3_final_finish_mac,
2844 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2845 SSL3_MD_SERVER_FINISHED_CONST, 4,
2847 (int (*)(SSL *, unsigned char *, size_t, const char *,
2848 size_t, const unsigned char *, size_t,
2849 int use_context))ssl_undefined_function,
2851 ssl3_set_handshake_header,
2852 tls_close_construct_packet,
2853 ssl3_handshake_write
2856 long ssl3_default_timeout(void)
2859 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2860 * http, the cache would over fill
2862 return (60 * 60 * 2);
2865 int ssl3_num_ciphers(void)
2867 return (SSL3_NUM_CIPHERS);
2870 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2872 if (u < SSL3_NUM_CIPHERS)
2873 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2878 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
2880 /* No header in the event of a CCS */
2881 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
2884 /* Set the content type and 3 bytes for the message len */
2885 if (!WPACKET_put_bytes_u8(pkt, htype)
2886 || !WPACKET_start_sub_packet_u24(pkt))
2892 int ssl3_handshake_write(SSL *s)
2894 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2897 int ssl3_new(SSL *s)
2901 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2905 #ifndef OPENSSL_NO_SRP
2906 if (!SSL_SRP_CTX_init(s))
2909 s->method->ssl_clear(s);
2915 void ssl3_free(SSL *s)
2917 if (s == NULL || s->s3 == NULL)
2920 ssl3_cleanup_key_block(s);
2922 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2923 EVP_PKEY_free(s->s3->peer_tmp);
2924 s->s3->peer_tmp = NULL;
2925 EVP_PKEY_free(s->s3->tmp.pkey);
2926 s->s3->tmp.pkey = NULL;
2929 OPENSSL_free(s->s3->tmp.ctype);
2930 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2931 OPENSSL_free(s->s3->tmp.ciphers_raw);
2932 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2933 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2934 ssl3_free_digest_list(s);
2935 OPENSSL_free(s->s3->alpn_selected);
2936 OPENSSL_free(s->s3->alpn_proposed);
2938 #ifndef OPENSSL_NO_SRP
2939 SSL_SRP_CTX_free(s);
2941 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2945 void ssl3_clear(SSL *s)
2947 ssl3_cleanup_key_block(s);
2948 OPENSSL_free(s->s3->tmp.ctype);
2949 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2950 OPENSSL_free(s->s3->tmp.ciphers_raw);
2951 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2952 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2954 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2955 EVP_PKEY_free(s->s3->tmp.pkey);
2956 EVP_PKEY_free(s->s3->peer_tmp);
2957 #endif /* !OPENSSL_NO_EC */
2959 ssl3_free_digest_list(s);
2961 OPENSSL_free(s->s3->alpn_selected);
2962 OPENSSL_free(s->s3->alpn_proposed);
2964 /* NULL/zero-out everything in the s3 struct */
2965 memset(s->s3, 0, sizeof(*s->s3));
2967 ssl_free_wbio_buffer(s);
2969 s->version = SSL3_VERSION;
2971 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2972 OPENSSL_free(s->ext.npn);
2978 #ifndef OPENSSL_NO_SRP
2979 static char *srp_password_from_info_cb(SSL *s, void *arg)
2981 return OPENSSL_strdup(s->srp_ctx.info);
2985 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
2987 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2992 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2994 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2995 ret = s->s3->num_renegotiations;
2997 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2998 ret = s->s3->num_renegotiations;
2999 s->s3->num_renegotiations = 0;
3001 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3002 ret = s->s3->total_renegotiations;
3004 case SSL_CTRL_GET_FLAGS:
3005 ret = (int)(s->s3->flags);
3007 #ifndef OPENSSL_NO_DH
3008 case SSL_CTRL_SET_TMP_DH:
3010 DH *dh = (DH *)parg;
3011 EVP_PKEY *pkdh = NULL;
3013 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3016 pkdh = ssl_dh_to_pkey(dh);
3018 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3021 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3022 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3023 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3024 EVP_PKEY_free(pkdh);
3027 EVP_PKEY_free(s->cert->dh_tmp);
3028 s->cert->dh_tmp = pkdh;
3032 case SSL_CTRL_SET_TMP_DH_CB:
3034 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3037 case SSL_CTRL_SET_DH_AUTO:
3038 s->cert->dh_tmp_auto = larg;
3041 #ifndef OPENSSL_NO_EC
3042 case SSL_CTRL_SET_TMP_ECDH:
3044 const EC_GROUP *group = NULL;
3048 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3051 group = EC_KEY_get0_group((const EC_KEY *)parg);
3052 if (group == NULL) {
3053 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3056 nid = EC_GROUP_get_curve_name(group);
3057 if (nid == NID_undef)
3059 return tls1_set_groups(&s->ext.supportedgroups,
3060 &s->ext.supportedgroups_len,
3064 #endif /* !OPENSSL_NO_EC */
3065 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3066 if (larg == TLSEXT_NAMETYPE_host_name) {
3069 OPENSSL_free(s->ext.hostname);
3070 s->ext.hostname = NULL;
3075 len = strlen((char *)parg);
3076 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3077 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3080 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3081 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3085 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3089 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3090 s->ext.debug_arg = parg;
3094 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3095 ret = s->ext.status_type;
3098 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3099 s->ext.status_type = larg;
3103 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3104 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3108 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3109 s->ext.ocsp.exts = parg;
3113 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3114 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3118 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3119 s->ext.ocsp.ids = parg;
3123 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3124 *(unsigned char **)parg = s->ext.ocsp.resp;
3125 if (s->ext.ocsp.resp_len == 0
3126 || s->ext.ocsp.resp_len > LONG_MAX)
3128 return (long)s->ext.ocsp.resp_len;
3130 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3131 OPENSSL_free(s->ext.ocsp.resp);
3132 s->ext.ocsp.resp = parg;
3133 s->ext.ocsp.resp_len = larg;
3137 #ifndef OPENSSL_NO_HEARTBEATS
3138 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3139 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3140 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3144 case SSL_CTRL_CHAIN:
3146 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3148 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3150 case SSL_CTRL_CHAIN_CERT:
3152 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3154 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3156 case SSL_CTRL_GET_CHAIN_CERTS:
3157 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3160 case SSL_CTRL_SELECT_CURRENT_CERT:
3161 return ssl_cert_select_current(s->cert, (X509 *)parg);
3163 case SSL_CTRL_SET_CURRENT_CERT:
3164 if (larg == SSL_CERT_SET_SERVER) {
3165 const SSL_CIPHER *cipher;
3168 cipher = s->s3->tmp.new_cipher;
3172 * No certificate for unauthenticated ciphersuites or using SRP
3175 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3177 if (s->s3->tmp.cert == NULL)
3179 s->cert->key = s->s3->tmp.cert;
3182 return ssl_cert_set_current(s->cert, larg);
3184 #ifndef OPENSSL_NO_EC
3185 case SSL_CTRL_GET_GROUPS:
3187 unsigned char *clist;
3192 clist = s->session->ext.supportedgroups;
3193 clistlen = s->session->ext.supportedgroups_len / 2;
3197 unsigned int cid, nid;
3198 for (i = 0; i < clistlen; i++) {
3200 /* TODO(TLS1.3): Handle DH groups here */
3201 nid = tls1_ec_curve_id2nid(cid, NULL);
3205 cptr[i] = TLSEXT_nid_unknown | cid;
3208 return (int)clistlen;
3211 case SSL_CTRL_SET_GROUPS:
3212 return tls1_set_groups(&s->ext.supportedgroups,
3213 &s->ext.supportedgroups_len, parg, larg);
3215 case SSL_CTRL_SET_GROUPS_LIST:
3216 return tls1_set_groups_list(&s->ext.supportedgroups,
3217 &s->ext.supportedgroups_len, parg);
3219 case SSL_CTRL_GET_SHARED_GROUP:
3220 return tls1_shared_group(s, larg);
3223 case SSL_CTRL_SET_SIGALGS:
3224 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3226 case SSL_CTRL_SET_SIGALGS_LIST:
3227 return tls1_set_sigalgs_list(s->cert, parg, 0);
3229 case SSL_CTRL_SET_CLIENT_SIGALGS:
3230 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3232 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3233 return tls1_set_sigalgs_list(s->cert, parg, 1);
3235 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3237 const unsigned char **pctype = parg;
3238 if (s->server || !s->s3->tmp.cert_req)
3241 *pctype = s->s3->tmp.ctype;
3242 return s->s3->tmp.ctype_len;
3245 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3248 return ssl3_set_req_cert_type(s->cert, parg, larg);
3250 case SSL_CTRL_BUILD_CERT_CHAIN:
3251 return ssl_build_cert_chain(s, NULL, larg);
3253 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3254 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3256 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3257 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3259 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3260 if (s->s3->tmp.peer_sigalg == NULL)
3262 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3265 case SSL_CTRL_GET_SERVER_TMP_KEY:
3266 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3267 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3270 EVP_PKEY_up_ref(s->s3->peer_tmp);
3271 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3277 #ifndef OPENSSL_NO_EC
3278 case SSL_CTRL_GET_EC_POINT_FORMATS:
3280 SSL_SESSION *sess = s->session;
3281 const unsigned char **pformat = parg;
3283 if (sess == NULL || sess->ext.ecpointformats == NULL)
3285 *pformat = sess->ext.ecpointformats;
3286 return (int)sess->ext.ecpointformats_len;
3296 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3301 #ifndef OPENSSL_NO_DH
3302 case SSL_CTRL_SET_TMP_DH_CB:
3304 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3308 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3309 s->ext.debug_cb = (void (*)(SSL *, int, int,
3310 const unsigned char *, int, void *))fp;
3313 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3315 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3324 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3327 #ifndef OPENSSL_NO_DH
3328 case SSL_CTRL_SET_TMP_DH:
3330 DH *dh = (DH *)parg;
3331 EVP_PKEY *pkdh = NULL;
3333 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3336 pkdh = ssl_dh_to_pkey(dh);
3338 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3341 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3342 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3343 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3344 EVP_PKEY_free(pkdh);
3347 EVP_PKEY_free(ctx->cert->dh_tmp);
3348 ctx->cert->dh_tmp = pkdh;
3351 case SSL_CTRL_SET_TMP_DH_CB:
3353 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3356 case SSL_CTRL_SET_DH_AUTO:
3357 ctx->cert->dh_tmp_auto = larg;
3360 #ifndef OPENSSL_NO_EC
3361 case SSL_CTRL_SET_TMP_ECDH:
3363 const EC_GROUP *group = NULL;
3367 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3370 group = EC_KEY_get0_group((const EC_KEY *)parg);
3371 if (group == NULL) {
3372 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3375 nid = EC_GROUP_get_curve_name(group);
3376 if (nid == NID_undef)
3378 return tls1_set_groups(&ctx->ext.supportedgroups,
3379 &ctx->ext.supportedgroups_len,
3382 #endif /* !OPENSSL_NO_EC */
3383 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3384 ctx->ext.servername_arg = parg;
3386 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3387 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3389 unsigned char *keys = parg;
3390 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3391 sizeof(ctx->ext.tick_hmac_key) +
3392 sizeof(ctx->ext.tick_aes_key));
3395 if (larg != tick_keylen) {
3396 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3399 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3400 memcpy(ctx->ext.tick_key_name, keys,
3401 sizeof(ctx->ext.tick_key_name));
3402 memcpy(ctx->ext.tick_hmac_key,
3403 keys + sizeof(ctx->ext.tick_key_name),
3404 sizeof(ctx->ext.tick_hmac_key));
3405 memcpy(ctx->ext.tick_aes_key,
3406 keys + sizeof(ctx->ext.tick_key_name) +
3407 sizeof(ctx->ext.tick_hmac_key),
3408 sizeof(ctx->ext.tick_aes_key));
3410 memcpy(keys, ctx->ext.tick_key_name,
3411 sizeof(ctx->ext.tick_key_name));
3412 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3413 ctx->ext.tick_hmac_key,
3414 sizeof(ctx->ext.tick_hmac_key));
3415 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3416 sizeof(ctx->ext.tick_hmac_key),
3417 ctx->ext.tick_aes_key,
3418 sizeof(ctx->ext.tick_aes_key));
3423 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3424 return ctx->ext.status_type;
3426 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3427 ctx->ext.status_type = larg;
3430 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3431 ctx->ext.status_arg = parg;
3434 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3435 *(void**)parg = ctx->ext.status_arg;
3438 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3439 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3442 #ifndef OPENSSL_NO_SRP
3443 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3444 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3445 OPENSSL_free(ctx->srp_ctx.login);
3446 ctx->srp_ctx.login = NULL;
3449 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3450 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3453 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3454 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3458 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3459 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3460 srp_password_from_info_cb;
3461 ctx->srp_ctx.info = parg;
3463 case SSL_CTRL_SET_SRP_ARG:
3464 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3465 ctx->srp_ctx.SRP_cb_arg = parg;
3468 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3469 ctx->srp_ctx.strength = larg;
3473 #ifndef OPENSSL_NO_EC
3474 case SSL_CTRL_SET_GROUPS:
3475 return tls1_set_groups(&ctx->ext.supportedgroups,
3476 &ctx->ext.supportedgroups_len,
3479 case SSL_CTRL_SET_GROUPS_LIST:
3480 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3481 &ctx->ext.supportedgroups_len,
3484 case SSL_CTRL_SET_SIGALGS:
3485 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3487 case SSL_CTRL_SET_SIGALGS_LIST:
3488 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3490 case SSL_CTRL_SET_CLIENT_SIGALGS:
3491 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3493 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3494 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3496 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3497 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3499 case SSL_CTRL_BUILD_CERT_CHAIN:
3500 return ssl_build_cert_chain(NULL, ctx, larg);
3502 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3503 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3505 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3506 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3508 /* A Thawte special :-) */
3509 case SSL_CTRL_EXTRA_CHAIN_CERT:
3510 if (ctx->extra_certs == NULL) {
3511 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3512 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3516 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3517 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3522 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3523 if (ctx->extra_certs == NULL && larg == 0)
3524 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3526 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3529 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3530 sk_X509_pop_free(ctx->extra_certs, X509_free);
3531 ctx->extra_certs = NULL;
3534 case SSL_CTRL_CHAIN:
3536 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3538 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3540 case SSL_CTRL_CHAIN_CERT:
3542 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3544 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3546 case SSL_CTRL_GET_CHAIN_CERTS:
3547 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3550 case SSL_CTRL_SELECT_CURRENT_CERT:
3551 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3553 case SSL_CTRL_SET_CURRENT_CERT:
3554 return ssl_cert_set_current(ctx->cert, larg);
3562 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3565 #ifndef OPENSSL_NO_DH
3566 case SSL_CTRL_SET_TMP_DH_CB:
3568 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3572 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3573 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3576 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3577 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3580 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3581 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3584 HMAC_CTX *, int))fp;
3587 #ifndef OPENSSL_NO_SRP
3588 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3589 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3590 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3592 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3593 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3594 ctx->srp_ctx.TLS_ext_srp_username_callback =
3595 (int (*)(SSL *, int *, void *))fp;
3597 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3598 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3599 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3600 (char *(*)(SSL *, void *))fp;
3603 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3605 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3614 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
3617 const SSL_CIPHER *cp;
3620 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3623 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3627 * This function needs to check if the ciphers required are actually
3630 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3632 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3633 | ((uint32_t)p[0] << 8L)
3637 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3639 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3644 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3652 * ssl3_choose_cipher - choose a cipher from those offered by the client
3653 * @s: SSL connection
3654 * @clnt: ciphers offered by the client
3655 * @srvr: ciphers enabled on the server?
3657 * Returns the selected cipher or NULL when no common ciphers.
3659 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3660 STACK_OF(SSL_CIPHER) *srvr)
3662 const SSL_CIPHER *c, *ret = NULL;
3663 STACK_OF(SSL_CIPHER) *prio, *allow;
3665 unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a;
3667 /* Let's see which ciphers we can support */
3670 * Do not set the compare functions, because this may lead to a
3671 * reordering by "id". We want to keep the original ordering. We may pay
3672 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3673 * pay with the price of sk_SSL_CIPHER_dup().
3677 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3679 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3680 c = sk_SSL_CIPHER_value(srvr, i);
3681 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3683 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3685 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3686 c = sk_SSL_CIPHER_value(clnt, i);
3687 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3691 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3699 tls1_set_cert_validity(s);
3702 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3703 c = sk_SSL_CIPHER_value(prio, i);
3705 /* Skip ciphers not supported by the protocol version */
3706 if (!SSL_IS_DTLS(s) &&
3707 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3709 if (SSL_IS_DTLS(s) &&
3710 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3711 DTLS_VERSION_GT(s->version, c->max_dtls)))
3714 * Since TLS 1.3 ciphersuites can be used with any auth or
3715 * key exchange scheme skip tests.
3717 if (!SSL_IS_TLS13(s)) {
3718 mask_k = s->s3->tmp.mask_k;
3719 mask_a = s->s3->tmp.mask_a;
3720 #ifndef OPENSSL_NO_SRP
3721 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3727 alg_k = c->algorithm_mkey;
3728 alg_a = c->algorithm_auth;
3730 #ifndef OPENSSL_NO_PSK
3731 /* with PSK there must be server callback set */
3732 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3734 #endif /* OPENSSL_NO_PSK */
3736 ok = (alg_k & mask_k) && (alg_a & mask_a);
3738 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3739 alg_a, mask_k, mask_a, (void *)c, c->name);
3742 #ifndef OPENSSL_NO_EC
3744 * if we are considering an ECC cipher suite that uses an ephemeral
3747 if (alg_k & SSL_kECDHE)
3748 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3749 #endif /* OPENSSL_NO_EC */
3754 ii = sk_SSL_CIPHER_find(allow, c);
3756 /* Check security callback permits this cipher */
3757 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3758 c->strength_bits, 0, (void *)c))
3760 #if !defined(OPENSSL_NO_EC)
3761 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3762 && s->s3->is_probably_safari) {
3764 ret = sk_SSL_CIPHER_value(allow, ii);
3768 ret = sk_SSL_CIPHER_value(allow, ii);
3775 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3777 uint32_t alg_k, alg_a = 0;
3779 /* If we have custom certificate types set, use them */
3781 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3782 /* Get mask of algorithms disabled by signature list */
3783 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3785 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3787 #ifndef OPENSSL_NO_GOST
3788 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
3789 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
3790 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
3791 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
3794 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3795 #ifndef OPENSSL_NO_DH
3796 # ifndef OPENSSL_NO_RSA
3797 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
3800 # ifndef OPENSSL_NO_DSA
3801 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
3804 #endif /* !OPENSSL_NO_DH */
3806 #ifndef OPENSSL_NO_RSA
3807 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
3810 #ifndef OPENSSL_NO_DSA
3811 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
3814 #ifndef OPENSSL_NO_EC
3816 * ECDSA certs can be used with RSA cipher suites too so we don't
3817 * need to check for SSL_kECDH or SSL_kECDHE
3819 if (s->version >= TLS1_VERSION
3820 && !(alg_a & SSL_aECDSA)
3821 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
3827 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3829 OPENSSL_free(c->ctype);
3832 if (p == NULL || len == 0)
3836 c->ctype = OPENSSL_memdup(p, len);
3837 if (c->ctype == NULL)
3843 int ssl3_shutdown(SSL *s)
3848 * Don't do anything much if we have not done the handshake or we don't
3849 * want to send messages :-)
3851 if (s->quiet_shutdown || SSL_in_before(s)) {
3852 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3856 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3857 s->shutdown |= SSL_SENT_SHUTDOWN;
3858 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3860 * our shutdown alert has been sent now, and if it still needs to be
3861 * written, s->s3->alert_dispatch will be true
3863 if (s->s3->alert_dispatch)
3864 return (-1); /* return WANT_WRITE */
3865 } else if (s->s3->alert_dispatch) {
3866 /* resend it if not sent */
3867 ret = s->method->ssl_dispatch_alert(s);
3870 * we only get to return -1 here the 2nd/Nth invocation, we must
3871 * have already signalled return 0 upon a previous invocation,
3876 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3879 * If we are waiting for a close from our peer, we are closed
3881 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
3882 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3883 return -1; /* return WANT_READ */
3887 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3888 !s->s3->alert_dispatch)
3894 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
3897 if (s->s3->renegotiate)
3898 ssl3_renegotiate_check(s, 0);
3900 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
3904 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
3910 if (s->s3->renegotiate)
3911 ssl3_renegotiate_check(s, 0);
3912 s->s3->in_read_app_data = 1;
3914 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3916 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3918 * ssl3_read_bytes decided to call s->handshake_func, which called
3919 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3920 * actually found application data and thinks that application data
3921 * makes sense here; so disable handshake processing and try to read
3922 * application data again.
3924 ossl_statem_set_in_handshake(s, 1);
3926 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3927 len, peek, readbytes);
3928 ossl_statem_set_in_handshake(s, 0);
3930 s->s3->in_read_app_data = 0;
3935 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
3937 return ssl3_read_internal(s, buf, len, 0, readbytes);
3940 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
3942 return ssl3_read_internal(s, buf, len, 1, readbytes);
3945 int ssl3_renegotiate(SSL *s)
3947 if (s->handshake_func == NULL)
3950 s->s3->renegotiate = 1;
3955 * Check if we are waiting to do a renegotiation and if so whether now is a
3956 * good time to do it. If |initok| is true then we are being called from inside
3957 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
3958 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
3959 * should do a renegotiation now and sets up the state machine for it. Otherwise
3962 int ssl3_renegotiate_check(SSL *s, int initok)
3966 if (s->s3->renegotiate) {
3967 if (!RECORD_LAYER_read_pending(&s->rlayer)
3968 && !RECORD_LAYER_write_pending(&s->rlayer)
3969 && (initok || !SSL_in_init(s))) {
3971 * if we are the server, and we have sent a 'RENEGOTIATE'
3972 * message, we need to set the state machine into the renegotiate
3975 ossl_statem_set_renegotiate(s);
3976 s->s3->renegotiate = 0;
3977 s->s3->num_renegotiations++;
3978 s->s3->total_renegotiations++;
3986 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3987 * handshake macs if required.
3989 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3991 long ssl_get_algorithm2(SSL *s)
3994 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
3996 alg2 = s->s3->tmp.new_cipher->algorithm2;
3997 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3998 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3999 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4000 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4001 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4002 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4008 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4009 * failure, 1 on success.
4011 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4014 int send_time = 0, ret;
4019 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4021 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4023 unsigned long Time = (unsigned long)time(NULL);
4024 unsigned char *p = result;
4026 /* TODO(size_t): Convert this */
4027 ret = RAND_bytes(p, (int)(len - 4));
4029 ret = RAND_bytes(result, (int)len);
4031 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4033 static const unsigned char tls11downgrade[] = {
4034 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
4036 static const unsigned char tls12downgrade[] = {
4037 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
4040 assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
4041 if (dgrd == DOWNGRADE_TO_1_2)
4042 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4043 sizeof(tls12downgrade));
4044 else if (dgrd == DOWNGRADE_TO_1_1)
4045 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4046 sizeof(tls11downgrade));
4052 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4055 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4058 if (alg_k & SSL_PSK) {
4059 #ifndef OPENSSL_NO_PSK
4060 unsigned char *pskpms, *t;
4061 size_t psklen = s->s3->tmp.psklen;
4064 /* create PSK premaster_secret */
4066 /* For plain PSK "other_secret" is psklen zeroes */
4067 if (alg_k & SSL_kPSK)
4070 pskpmslen = 4 + pmslen + psklen;
4071 pskpms = OPENSSL_malloc(pskpmslen);
4076 if (alg_k & SSL_kPSK)
4077 memset(t, 0, pmslen);
4079 memcpy(t, pms, pmslen);
4082 memcpy(t, s->s3->tmp.psk, psklen);
4084 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4085 s->s3->tmp.psk = NULL;
4086 if (!s->method->ssl3_enc->generate_master_secret(s,
4087 s->session->master_key,pskpms, pskpmslen,
4088 &s->session->master_key_length))
4090 OPENSSL_clear_free(pskpms, pskpmslen);
4092 /* Should never happen */
4096 if (!s->method->ssl3_enc->generate_master_secret(s,
4097 s->session->master_key, pms, pmslen,
4098 &s->session->master_key_length))
4106 OPENSSL_clear_free(pms, pmslen);
4108 OPENSSL_cleanse(pms, pmslen);
4111 s->s3->tmp.pms = NULL;
4115 /* Generate a private key from parameters */
4116 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4118 EVP_PKEY_CTX *pctx = NULL;
4119 EVP_PKEY *pkey = NULL;
4123 pctx = EVP_PKEY_CTX_new(pm, NULL);
4126 if (EVP_PKEY_keygen_init(pctx) <= 0)
4128 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4129 EVP_PKEY_free(pkey);
4134 EVP_PKEY_CTX_free(pctx);
4137 #ifndef OPENSSL_NO_EC
4138 /* Generate a private key a curve ID */
4139 EVP_PKEY *ssl_generate_pkey_curve(int id)
4141 EVP_PKEY_CTX *pctx = NULL;
4142 EVP_PKEY *pkey = NULL;
4143 unsigned int curve_flags;
4144 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4148 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4149 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4152 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4156 if (EVP_PKEY_keygen_init(pctx) <= 0)
4158 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4160 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4161 EVP_PKEY_free(pkey);
4166 EVP_PKEY_CTX_free(pctx);
4171 /* Derive secrets for ECDH/DH */
4172 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4175 unsigned char *pms = NULL;
4179 if (privkey == NULL || pubkey == NULL)
4182 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4184 if (EVP_PKEY_derive_init(pctx) <= 0
4185 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4186 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4190 pms = OPENSSL_malloc(pmslen);
4194 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4198 if (SSL_IS_TLS13(s)) {
4200 * If we are resuming then we already generated the early secret
4201 * when we created the ClientHello, so don't recreate it.
4204 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4206 (unsigned char *)&s->early_secret);
4210 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4212 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4215 /* Save premaster secret */
4216 s->s3->tmp.pms = pms;
4217 s->s3->tmp.pmslen = pmslen;
4223 OPENSSL_clear_free(pms, pmslen);
4224 EVP_PKEY_CTX_free(pctx);
4228 #ifndef OPENSSL_NO_DH
4229 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4234 ret = EVP_PKEY_new();
4235 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {