1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
86 * 6. Redistributions of any form whatsoever must retain the following
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * Portions of the attached software ("Contribution") are developed by
114 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 * The Contribution is licensed pursuant to the OpenSSL open source
117 * license provided above.
119 * ECC cipher suite support in OpenSSL originally written by
120 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
123 /* ====================================================================
124 * Copyright 2005 Nokia. All rights reserved.
126 * The portions of the attached software ("Contribution") is developed by
127 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
130 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132 * support (see RFC 4279) to OpenSSL.
134 * No patent licenses or other rights except those expressly stated in
135 * the OpenSSL open source license shall be deemed granted or received
136 * expressly, by implication, estoppel, or otherwise.
138 * No assurances are provided by Nokia that the Contribution does not
139 * infringe the patent or other intellectual property rights of any third
140 * party or that the license provides you with all the necessary rights
141 * to make use of the Contribution.
143 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
151 #include <openssl/objects.h>
152 #include "ssl_locl.h"
153 #include <openssl/md5.h>
154 #ifndef OPENSSL_NO_DH
155 # include <openssl/dh.h>
157 #include <openssl/rand.h>
159 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
162 * The list of available ciphers, organized into the following
167 * SRP (within that: RSA EC PSK)
168 * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
171 static SSL_CIPHER ssl3_ciphers[] =
175 SSL3_TXT_RSA_NULL_MD5,
176 SSL3_CK_RSA_NULL_MD5,
181 SSL3_VERSION, TLS1_2_VERSION,
182 DTLS1_VERSION, DTLS1_2_VERSION,
184 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
190 SSL3_TXT_RSA_NULL_SHA,
191 SSL3_CK_RSA_NULL_SHA,
196 SSL3_VERSION, TLS1_2_VERSION,
197 DTLS1_VERSION, DTLS1_2_VERSION,
198 SSL_STRONG_NONE | SSL_FIPS,
199 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
205 SSL3_TXT_RSA_DES_192_CBC3_SHA,
206 SSL3_CK_RSA_DES_192_CBC3_SHA,
211 SSL3_VERSION, TLS1_2_VERSION,
212 DTLS1_VERSION, DTLS1_2_VERSION,
214 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
220 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
221 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
226 SSL3_VERSION, TLS1_2_VERSION,
227 DTLS1_VERSION, DTLS1_2_VERSION,
228 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
229 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
235 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
236 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
241 SSL3_VERSION, TLS1_2_VERSION,
242 DTLS1_VERSION, DTLS1_2_VERSION,
244 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
250 SSL3_TXT_ADH_DES_192_CBC_SHA,
251 SSL3_CK_ADH_DES_192_CBC_SHA,
256 SSL3_VERSION, TLS1_2_VERSION,
257 DTLS1_VERSION, DTLS1_2_VERSION,
258 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
259 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
265 TLS1_TXT_RSA_WITH_AES_128_SHA,
266 TLS1_CK_RSA_WITH_AES_128_SHA,
271 SSL3_VERSION, TLS1_2_VERSION,
272 DTLS1_VERSION, DTLS1_2_VERSION,
274 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
280 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
281 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
286 SSL3_VERSION, TLS1_2_VERSION,
287 DTLS1_VERSION, DTLS1_2_VERSION,
288 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
289 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
295 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
296 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
301 SSL3_VERSION, TLS1_2_VERSION,
302 DTLS1_VERSION, DTLS1_2_VERSION,
304 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
310 TLS1_TXT_ADH_WITH_AES_128_SHA,
311 TLS1_CK_ADH_WITH_AES_128_SHA,
316 SSL3_VERSION, TLS1_2_VERSION,
317 DTLS1_VERSION, DTLS1_2_VERSION,
318 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
319 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
325 TLS1_TXT_RSA_WITH_AES_256_SHA,
326 TLS1_CK_RSA_WITH_AES_256_SHA,
331 SSL3_VERSION, TLS1_2_VERSION,
332 DTLS1_VERSION, DTLS1_2_VERSION,
334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
340 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
341 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
346 SSL3_VERSION, TLS1_2_VERSION,
347 DTLS1_VERSION, DTLS1_2_VERSION,
348 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
349 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
355 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
356 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
361 SSL3_VERSION, TLS1_2_VERSION,
362 DTLS1_VERSION, DTLS1_2_VERSION,
364 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
370 TLS1_TXT_ADH_WITH_AES_256_SHA,
371 TLS1_CK_ADH_WITH_AES_256_SHA,
376 SSL3_VERSION, TLS1_2_VERSION,
377 DTLS1_VERSION, DTLS1_2_VERSION,
378 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
379 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
385 TLS1_TXT_RSA_WITH_NULL_SHA256,
386 TLS1_CK_RSA_WITH_NULL_SHA256,
391 TLS1_2_VERSION, TLS1_2_VERSION,
392 DTLS1_2_VERSION, DTLS1_2_VERSION,
393 SSL_STRONG_NONE | SSL_FIPS,
394 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
400 TLS1_TXT_RSA_WITH_AES_128_SHA256,
401 TLS1_CK_RSA_WITH_AES_128_SHA256,
406 TLS1_2_VERSION, TLS1_2_VERSION,
407 DTLS1_2_VERSION, DTLS1_2_VERSION,
409 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
415 TLS1_TXT_RSA_WITH_AES_256_SHA256,
416 TLS1_CK_RSA_WITH_AES_256_SHA256,
421 TLS1_2_VERSION, TLS1_2_VERSION,
422 DTLS1_2_VERSION, DTLS1_2_VERSION,
424 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
430 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
431 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
436 TLS1_2_VERSION, TLS1_2_VERSION,
437 DTLS1_2_VERSION, DTLS1_2_VERSION,
438 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
439 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
445 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
446 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
451 TLS1_2_VERSION, TLS1_2_VERSION,
452 DTLS1_2_VERSION, DTLS1_2_VERSION,
454 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
460 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
461 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
466 TLS1_2_VERSION, TLS1_2_VERSION,
467 DTLS1_2_VERSION, DTLS1_2_VERSION,
468 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
469 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
475 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
476 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
481 TLS1_2_VERSION, TLS1_2_VERSION,
482 DTLS1_2_VERSION, DTLS1_2_VERSION,
484 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
490 TLS1_TXT_ADH_WITH_AES_128_SHA256,
491 TLS1_CK_ADH_WITH_AES_128_SHA256,
496 TLS1_2_VERSION, TLS1_2_VERSION,
497 DTLS1_2_VERSION, DTLS1_2_VERSION,
498 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
499 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
505 TLS1_TXT_ADH_WITH_AES_256_SHA256,
506 TLS1_CK_ADH_WITH_AES_256_SHA256,
511 TLS1_2_VERSION, TLS1_2_VERSION,
512 DTLS1_2_VERSION, DTLS1_2_VERSION,
513 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
514 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
520 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
521 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
526 TLS1_2_VERSION, TLS1_2_VERSION,
527 DTLS1_2_VERSION, DTLS1_2_VERSION,
529 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
535 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
536 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
541 TLS1_2_VERSION, TLS1_2_VERSION,
542 DTLS1_2_VERSION, DTLS1_2_VERSION,
544 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
550 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
551 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
556 TLS1_2_VERSION, TLS1_2_VERSION,
557 DTLS1_2_VERSION, DTLS1_2_VERSION,
559 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
565 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
566 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
571 TLS1_2_VERSION, TLS1_2_VERSION,
572 DTLS1_2_VERSION, DTLS1_2_VERSION,
574 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
580 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
581 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
586 TLS1_2_VERSION, TLS1_2_VERSION,
587 DTLS1_2_VERSION, DTLS1_2_VERSION,
588 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
589 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
595 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
596 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
601 TLS1_2_VERSION, TLS1_2_VERSION,
602 DTLS1_2_VERSION, DTLS1_2_VERSION,
603 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
604 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
610 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
611 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
616 TLS1_2_VERSION, TLS1_2_VERSION,
617 DTLS1_2_VERSION, DTLS1_2_VERSION,
618 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
619 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
625 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
626 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
631 TLS1_2_VERSION, TLS1_2_VERSION,
632 DTLS1_2_VERSION, DTLS1_2_VERSION,
633 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
634 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
640 TLS1_TXT_RSA_WITH_AES_128_CCM,
641 TLS1_CK_RSA_WITH_AES_128_CCM,
646 TLS1_2_VERSION, TLS1_2_VERSION,
647 DTLS1_2_VERSION, DTLS1_2_VERSION,
648 SSL_NOT_DEFAULT | SSL_HIGH,
649 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
655 TLS1_TXT_RSA_WITH_AES_256_CCM,
656 TLS1_CK_RSA_WITH_AES_256_CCM,
661 TLS1_2_VERSION, TLS1_2_VERSION,
662 DTLS1_2_VERSION, DTLS1_2_VERSION,
663 SSL_NOT_DEFAULT | SSL_HIGH,
664 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
670 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
671 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
676 TLS1_2_VERSION, TLS1_2_VERSION,
677 DTLS1_2_VERSION, DTLS1_2_VERSION,
678 SSL_NOT_DEFAULT | SSL_HIGH,
679 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
685 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
686 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
691 TLS1_2_VERSION, TLS1_2_VERSION,
692 DTLS1_2_VERSION, DTLS1_2_VERSION,
693 SSL_NOT_DEFAULT | SSL_HIGH,
694 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
700 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
701 TLS1_CK_RSA_WITH_AES_128_CCM_8,
706 TLS1_2_VERSION, TLS1_2_VERSION,
707 DTLS1_2_VERSION, DTLS1_2_VERSION,
708 SSL_NOT_DEFAULT | SSL_HIGH,
709 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
715 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
716 TLS1_CK_RSA_WITH_AES_256_CCM_8,
721 TLS1_2_VERSION, TLS1_2_VERSION,
722 DTLS1_2_VERSION, DTLS1_2_VERSION,
723 SSL_NOT_DEFAULT | SSL_HIGH,
724 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
730 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
731 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
736 TLS1_2_VERSION, TLS1_2_VERSION,
737 DTLS1_2_VERSION, DTLS1_2_VERSION,
738 SSL_NOT_DEFAULT | SSL_HIGH,
739 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
745 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
746 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
751 TLS1_2_VERSION, TLS1_2_VERSION,
752 DTLS1_2_VERSION, DTLS1_2_VERSION,
753 SSL_NOT_DEFAULT | SSL_HIGH,
754 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
760 TLS1_TXT_PSK_WITH_AES_128_CCM,
761 TLS1_CK_PSK_WITH_AES_128_CCM,
766 TLS1_2_VERSION, TLS1_2_VERSION,
767 DTLS1_2_VERSION, DTLS1_2_VERSION,
768 SSL_NOT_DEFAULT | SSL_HIGH,
769 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
775 TLS1_TXT_PSK_WITH_AES_256_CCM,
776 TLS1_CK_PSK_WITH_AES_256_CCM,
781 TLS1_2_VERSION, TLS1_2_VERSION,
782 DTLS1_2_VERSION, DTLS1_2_VERSION,
783 SSL_NOT_DEFAULT | SSL_HIGH,
784 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
790 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
791 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
796 TLS1_2_VERSION, TLS1_2_VERSION,
797 DTLS1_2_VERSION, DTLS1_2_VERSION,
798 SSL_NOT_DEFAULT | SSL_HIGH,
799 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
805 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
806 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
811 TLS1_2_VERSION, TLS1_2_VERSION,
812 DTLS1_2_VERSION, DTLS1_2_VERSION,
813 SSL_NOT_DEFAULT | SSL_HIGH,
814 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
820 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
821 TLS1_CK_PSK_WITH_AES_128_CCM_8,
826 TLS1_2_VERSION, TLS1_2_VERSION,
827 DTLS1_2_VERSION, DTLS1_2_VERSION,
828 SSL_NOT_DEFAULT | SSL_HIGH,
829 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
835 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
836 TLS1_CK_PSK_WITH_AES_256_CCM_8,
841 TLS1_2_VERSION, TLS1_2_VERSION,
842 DTLS1_2_VERSION, DTLS1_2_VERSION,
843 SSL_NOT_DEFAULT | SSL_HIGH,
844 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
850 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
851 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
856 TLS1_2_VERSION, TLS1_2_VERSION,
857 DTLS1_2_VERSION, DTLS1_2_VERSION,
858 SSL_NOT_DEFAULT | SSL_HIGH,
859 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
865 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
866 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
871 TLS1_2_VERSION, TLS1_2_VERSION,
872 DTLS1_2_VERSION, DTLS1_2_VERSION,
873 SSL_NOT_DEFAULT | SSL_HIGH,
874 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
880 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
881 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
886 TLS1_2_VERSION, TLS1_2_VERSION,
887 DTLS1_2_VERSION, DTLS1_2_VERSION,
888 SSL_NOT_DEFAULT | SSL_HIGH,
889 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
895 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
896 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
901 TLS1_2_VERSION, TLS1_2_VERSION,
902 DTLS1_2_VERSION, DTLS1_2_VERSION,
903 SSL_NOT_DEFAULT | SSL_HIGH,
904 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
910 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
911 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
916 TLS1_2_VERSION, TLS1_2_VERSION,
917 DTLS1_2_VERSION, DTLS1_2_VERSION,
918 SSL_NOT_DEFAULT | SSL_HIGH,
919 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
925 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
926 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
931 TLS1_2_VERSION, TLS1_2_VERSION,
932 DTLS1_2_VERSION, DTLS1_2_VERSION,
933 SSL_NOT_DEFAULT | SSL_HIGH,
934 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
939 #ifndef OPENSSL_NO_EC
942 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
943 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
948 SSL3_VERSION, TLS1_2_VERSION,
949 DTLS1_VERSION, DTLS1_2_VERSION,
950 SSL_STRONG_NONE | SSL_FIPS,
951 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
957 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
958 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
963 SSL3_VERSION, TLS1_2_VERSION,
964 DTLS1_VERSION, DTLS1_2_VERSION,
966 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
972 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
973 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
978 SSL3_VERSION, TLS1_2_VERSION,
979 DTLS1_VERSION, DTLS1_2_VERSION,
981 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
987 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
988 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
993 SSL3_VERSION, TLS1_2_VERSION,
994 DTLS1_VERSION, DTLS1_2_VERSION,
996 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1002 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1003 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1008 SSL3_VERSION, TLS1_2_VERSION,
1009 DTLS1_VERSION, DTLS1_2_VERSION,
1010 SSL_STRONG_NONE | SSL_FIPS,
1011 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1017 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1018 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1023 SSL3_VERSION, TLS1_2_VERSION,
1024 DTLS1_VERSION, DTLS1_2_VERSION,
1025 SSL_HIGH | SSL_FIPS,
1026 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1032 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1033 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1038 SSL3_VERSION, TLS1_2_VERSION,
1039 DTLS1_VERSION, DTLS1_2_VERSION,
1040 SSL_HIGH | SSL_FIPS,
1041 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1047 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1048 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1053 SSL3_VERSION, TLS1_2_VERSION,
1054 DTLS1_VERSION, DTLS1_2_VERSION,
1055 SSL_HIGH | SSL_FIPS,
1056 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1062 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1063 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1068 SSL3_VERSION, TLS1_2_VERSION,
1069 DTLS1_VERSION, DTLS1_2_VERSION,
1070 SSL_STRONG_NONE | SSL_FIPS,
1071 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1077 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1078 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1083 SSL3_VERSION, TLS1_2_VERSION,
1084 DTLS1_VERSION, DTLS1_2_VERSION,
1085 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1086 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1092 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1093 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1098 SSL3_VERSION, TLS1_2_VERSION,
1099 DTLS1_VERSION, DTLS1_2_VERSION,
1100 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1101 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1107 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1108 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1113 SSL3_VERSION, TLS1_2_VERSION,
1114 DTLS1_VERSION, DTLS1_2_VERSION,
1115 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1116 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1122 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1123 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1128 TLS1_2_VERSION, TLS1_2_VERSION,
1129 DTLS1_2_VERSION, DTLS1_2_VERSION,
1130 SSL_HIGH | SSL_FIPS,
1131 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1137 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1138 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1143 TLS1_2_VERSION, TLS1_2_VERSION,
1144 DTLS1_2_VERSION, DTLS1_2_VERSION,
1145 SSL_HIGH | SSL_FIPS,
1146 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1152 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1153 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1158 TLS1_2_VERSION, TLS1_2_VERSION,
1159 DTLS1_2_VERSION, DTLS1_2_VERSION,
1160 SSL_HIGH | SSL_FIPS,
1161 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1167 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1168 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1173 TLS1_2_VERSION, TLS1_2_VERSION,
1174 DTLS1_2_VERSION, DTLS1_2_VERSION,
1175 SSL_HIGH | SSL_FIPS,
1176 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1182 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1183 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1188 TLS1_2_VERSION, TLS1_2_VERSION,
1189 DTLS1_2_VERSION, DTLS1_2_VERSION,
1190 SSL_HIGH | SSL_FIPS,
1191 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1197 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1198 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1203 TLS1_2_VERSION, TLS1_2_VERSION,
1204 DTLS1_2_VERSION, DTLS1_2_VERSION,
1205 SSL_HIGH | SSL_FIPS,
1206 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1212 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1213 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1218 TLS1_2_VERSION, TLS1_2_VERSION,
1219 DTLS1_2_VERSION, DTLS1_2_VERSION,
1220 SSL_HIGH | SSL_FIPS,
1221 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1227 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1228 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1233 TLS1_2_VERSION, TLS1_2_VERSION,
1234 DTLS1_2_VERSION, DTLS1_2_VERSION,
1235 SSL_HIGH | SSL_FIPS,
1236 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1240 #endif /* OPENSSL_NO_EC */
1242 #ifndef OPENSSL_NO_PSK
1245 TLS1_TXT_PSK_WITH_NULL_SHA,
1246 TLS1_CK_PSK_WITH_NULL_SHA,
1251 SSL3_VERSION, TLS1_2_VERSION,
1252 DTLS1_VERSION, DTLS1_2_VERSION,
1253 SSL_STRONG_NONE | SSL_FIPS,
1254 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1260 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1261 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1266 SSL3_VERSION, TLS1_2_VERSION,
1267 DTLS1_VERSION, DTLS1_2_VERSION,
1268 SSL_STRONG_NONE | SSL_FIPS,
1269 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1275 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1276 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1281 SSL3_VERSION, TLS1_2_VERSION,
1282 DTLS1_VERSION, DTLS1_2_VERSION,
1283 SSL_STRONG_NONE | SSL_FIPS,
1284 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1290 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1291 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1296 SSL3_VERSION, TLS1_2_VERSION,
1297 DTLS1_VERSION, DTLS1_2_VERSION,
1298 SSL_HIGH | SSL_FIPS,
1299 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1305 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1306 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1311 SSL3_VERSION, TLS1_2_VERSION,
1312 DTLS1_VERSION, DTLS1_2_VERSION,
1313 SSL_HIGH | SSL_FIPS,
1314 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1320 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1321 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1326 SSL3_VERSION, TLS1_2_VERSION,
1327 DTLS1_VERSION, DTLS1_2_VERSION,
1328 SSL_HIGH | SSL_FIPS,
1329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1335 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1336 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1341 SSL3_VERSION, TLS1_2_VERSION,
1342 DTLS1_VERSION, DTLS1_2_VERSION,
1343 SSL_HIGH | SSL_FIPS,
1344 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1350 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1351 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1356 SSL3_VERSION, TLS1_2_VERSION,
1357 DTLS1_VERSION, DTLS1_2_VERSION,
1358 SSL_HIGH | SSL_FIPS,
1359 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1365 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1366 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1371 SSL3_VERSION, TLS1_2_VERSION,
1372 DTLS1_VERSION, DTLS1_2_VERSION,
1373 SSL_HIGH | SSL_FIPS,
1374 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1380 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1381 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1386 SSL3_VERSION, TLS1_2_VERSION,
1387 DTLS1_VERSION, DTLS1_2_VERSION,
1388 SSL_HIGH | SSL_FIPS,
1389 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1395 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1396 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1401 SSL3_VERSION, TLS1_2_VERSION,
1402 DTLS1_VERSION, DTLS1_2_VERSION,
1403 SSL_HIGH | SSL_FIPS,
1404 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1410 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1411 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1416 SSL3_VERSION, TLS1_2_VERSION,
1417 DTLS1_VERSION, DTLS1_2_VERSION,
1418 SSL_HIGH | SSL_FIPS,
1419 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1425 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1426 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1431 TLS1_2_VERSION, TLS1_2_VERSION,
1432 DTLS1_2_VERSION, DTLS1_2_VERSION,
1433 SSL_HIGH | SSL_FIPS,
1434 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1440 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1441 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1446 TLS1_2_VERSION, TLS1_2_VERSION,
1447 DTLS1_2_VERSION, DTLS1_2_VERSION,
1448 SSL_HIGH | SSL_FIPS,
1449 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1455 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1456 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1461 TLS1_2_VERSION, TLS1_2_VERSION,
1462 DTLS1_2_VERSION, DTLS1_2_VERSION,
1463 SSL_HIGH | SSL_FIPS,
1464 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1470 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1471 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1476 TLS1_2_VERSION, TLS1_2_VERSION,
1477 DTLS1_2_VERSION, DTLS1_2_VERSION,
1478 SSL_HIGH | SSL_FIPS,
1479 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1485 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1486 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1491 TLS1_2_VERSION, TLS1_2_VERSION,
1492 DTLS1_2_VERSION, DTLS1_2_VERSION,
1493 SSL_HIGH | SSL_FIPS,
1494 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1500 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1501 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1506 TLS1_2_VERSION, TLS1_2_VERSION,
1507 DTLS1_2_VERSION, DTLS1_2_VERSION,
1508 SSL_HIGH | SSL_FIPS,
1509 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1515 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1516 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1521 TLS1_VERSION, TLS1_2_VERSION,
1522 DTLS1_VERSION, DTLS1_2_VERSION,
1523 SSL_HIGH | SSL_FIPS,
1524 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1530 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1531 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1536 TLS1_VERSION, TLS1_2_VERSION,
1537 DTLS1_VERSION, DTLS1_2_VERSION,
1538 SSL_HIGH | SSL_FIPS,
1539 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1545 TLS1_TXT_PSK_WITH_NULL_SHA256,
1546 TLS1_CK_PSK_WITH_NULL_SHA256,
1551 TLS1_VERSION, TLS1_2_VERSION,
1552 DTLS1_VERSION, DTLS1_2_VERSION,
1553 SSL_STRONG_NONE | SSL_FIPS,
1554 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1560 TLS1_TXT_PSK_WITH_NULL_SHA384,
1561 TLS1_CK_PSK_WITH_NULL_SHA384,
1566 TLS1_VERSION, TLS1_2_VERSION,
1567 DTLS1_VERSION, DTLS1_2_VERSION,
1568 SSL_STRONG_NONE | SSL_FIPS,
1569 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1575 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1576 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1581 TLS1_VERSION, TLS1_2_VERSION,
1582 DTLS1_VERSION, DTLS1_2_VERSION,
1583 SSL_HIGH | SSL_FIPS,
1584 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1590 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1591 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1596 TLS1_VERSION, TLS1_2_VERSION,
1597 DTLS1_VERSION, DTLS1_2_VERSION,
1598 SSL_HIGH | SSL_FIPS,
1599 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1605 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1606 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1611 TLS1_VERSION, TLS1_2_VERSION,
1612 DTLS1_VERSION, DTLS1_2_VERSION,
1613 SSL_STRONG_NONE | SSL_FIPS,
1614 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1620 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1621 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1626 TLS1_VERSION, TLS1_2_VERSION,
1627 DTLS1_VERSION, DTLS1_2_VERSION,
1628 SSL_STRONG_NONE | SSL_FIPS,
1629 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1635 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1636 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1641 TLS1_VERSION, TLS1_2_VERSION,
1642 DTLS1_VERSION, DTLS1_2_VERSION,
1643 SSL_HIGH | SSL_FIPS,
1644 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1650 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1651 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1656 TLS1_VERSION, TLS1_2_VERSION,
1657 DTLS1_VERSION, DTLS1_2_VERSION,
1658 SSL_HIGH | SSL_FIPS,
1659 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1665 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1666 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1671 TLS1_VERSION, TLS1_2_VERSION,
1672 DTLS1_VERSION, DTLS1_2_VERSION,
1673 SSL_STRONG_NONE | SSL_FIPS,
1674 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1680 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1681 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1686 TLS1_VERSION, TLS1_2_VERSION,
1687 DTLS1_VERSION, DTLS1_2_VERSION,
1688 SSL_STRONG_NONE | SSL_FIPS,
1689 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1693 # ifndef OPENSSL_NO_EC
1696 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1697 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1702 SSL3_VERSION, TLS1_2_VERSION,
1703 DTLS1_VERSION, DTLS1_2_VERSION,
1704 SSL_HIGH | SSL_FIPS,
1705 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1711 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1712 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1717 SSL3_VERSION, TLS1_2_VERSION,
1718 DTLS1_VERSION, DTLS1_2_VERSION,
1719 SSL_HIGH | SSL_FIPS,
1720 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1726 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1727 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1732 SSL3_VERSION, TLS1_2_VERSION,
1733 DTLS1_VERSION, DTLS1_2_VERSION,
1734 SSL_HIGH | SSL_FIPS,
1735 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1741 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1742 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1747 TLS1_VERSION, TLS1_2_VERSION,
1748 DTLS1_VERSION, DTLS1_2_VERSION,
1749 SSL_HIGH | SSL_FIPS,
1750 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1756 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1757 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1762 TLS1_VERSION, TLS1_2_VERSION,
1763 DTLS1_VERSION, DTLS1_2_VERSION,
1764 SSL_HIGH | SSL_FIPS,
1765 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1771 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1772 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1777 SSL3_VERSION, TLS1_2_VERSION,
1778 DTLS1_VERSION, DTLS1_2_VERSION,
1779 SSL_STRONG_NONE | SSL_FIPS,
1780 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1786 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1787 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1792 TLS1_VERSION, TLS1_2_VERSION,
1793 DTLS1_VERSION, DTLS1_2_VERSION,
1794 SSL_STRONG_NONE | SSL_FIPS,
1795 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1801 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1802 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1807 TLS1_VERSION, TLS1_2_VERSION,
1808 DTLS1_VERSION, DTLS1_2_VERSION,
1809 SSL_STRONG_NONE | SSL_FIPS,
1810 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1814 # endif /* OPENSSL_NO_EC */
1815 #endif /* OPENSSL_NO_PSK */
1817 #ifndef OPENSSL_NO_SRP
1820 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1821 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1826 SSL3_VERSION, TLS1_2_VERSION,
1827 DTLS1_VERSION, DTLS1_2_VERSION,
1829 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1835 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1836 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1841 SSL3_VERSION, TLS1_2_VERSION,
1842 DTLS1_VERSION, DTLS1_2_VERSION,
1844 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1850 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1851 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1856 SSL3_VERSION, TLS1_2_VERSION,
1857 DTLS1_VERSION, DTLS1_2_VERSION,
1858 SSL_NOT_DEFAULT | SSL_HIGH,
1859 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1865 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1866 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1871 SSL3_VERSION, TLS1_2_VERSION,
1872 DTLS1_VERSION, DTLS1_2_VERSION,
1874 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1880 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1881 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1886 SSL3_VERSION, TLS1_2_VERSION,
1887 DTLS1_VERSION, DTLS1_2_VERSION,
1889 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1895 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1896 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1901 SSL3_VERSION, TLS1_2_VERSION,
1902 DTLS1_VERSION, DTLS1_2_VERSION,
1903 SSL_NOT_DEFAULT | SSL_HIGH,
1904 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1910 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1911 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1916 SSL3_VERSION, TLS1_2_VERSION,
1917 DTLS1_VERSION, DTLS1_2_VERSION,
1919 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1925 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1926 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1931 SSL3_VERSION, TLS1_2_VERSION,
1932 DTLS1_VERSION, DTLS1_2_VERSION,
1934 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1940 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1941 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1946 SSL3_VERSION, TLS1_2_VERSION,
1947 DTLS1_VERSION, DTLS1_2_VERSION,
1948 SSL_NOT_DEFAULT | SSL_HIGH,
1949 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1953 #endif /* OPENSSL_NO_SRP */
1955 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1956 # ifndef OPENSSL_NO_RSA
1959 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1960 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1963 SSL_CHACHA20POLY1305,
1965 TLS1_2_VERSION, TLS1_2_VERSION,
1966 DTLS1_2_VERSION, DTLS1_2_VERSION,
1968 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1972 # endif /* OPENSSL_NO_RSA */
1974 # ifndef OPENSSL_NO_EC
1977 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1978 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1981 SSL_CHACHA20POLY1305,
1983 TLS1_2_VERSION, TLS1_2_VERSION,
1984 DTLS1_2_VERSION, DTLS1_2_VERSION,
1986 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1992 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1993 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1996 SSL_CHACHA20POLY1305,
1998 TLS1_2_VERSION, TLS1_2_VERSION,
1999 DTLS1_2_VERSION, DTLS1_2_VERSION,
2001 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2005 # endif /* OPENSSL_NO_EC */
2007 # ifndef OPENSSL_NO_PSK
2010 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2011 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2014 SSL_CHACHA20POLY1305,
2016 TLS1_2_VERSION, TLS1_2_VERSION,
2017 DTLS1_2_VERSION, DTLS1_2_VERSION,
2019 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2025 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2026 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2029 SSL_CHACHA20POLY1305,
2031 TLS1_2_VERSION, TLS1_2_VERSION,
2032 DTLS1_2_VERSION, DTLS1_2_VERSION,
2034 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2040 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2041 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2044 SSL_CHACHA20POLY1305,
2046 TLS1_2_VERSION, TLS1_2_VERSION,
2047 DTLS1_2_VERSION, DTLS1_2_VERSION,
2049 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2055 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2056 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2059 SSL_CHACHA20POLY1305,
2061 TLS1_2_VERSION, TLS1_2_VERSION,
2062 DTLS1_2_VERSION, DTLS1_2_VERSION,
2064 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2068 # endif /* OPENSSL_NO_PSK */
2069 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2071 #ifndef OPENSSL_NO_CAMELLIA
2074 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2075 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2080 TLS1_2_VERSION, TLS1_2_VERSION,
2081 DTLS1_2_VERSION, DTLS1_2_VERSION,
2082 SSL_NOT_DEFAULT | SSL_HIGH,
2083 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2089 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2090 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2095 TLS1_2_VERSION, TLS1_2_VERSION,
2096 DTLS1_2_VERSION, DTLS1_2_VERSION,
2097 SSL_NOT_DEFAULT | SSL_HIGH,
2098 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2104 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2105 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2110 TLS1_2_VERSION, TLS1_2_VERSION,
2111 DTLS1_2_VERSION, DTLS1_2_VERSION,
2112 SSL_NOT_DEFAULT | SSL_HIGH,
2113 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2119 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2120 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2125 TLS1_2_VERSION, TLS1_2_VERSION,
2126 DTLS1_2_VERSION, DTLS1_2_VERSION,
2127 SSL_NOT_DEFAULT | SSL_HIGH,
2128 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2134 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2135 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2140 TLS1_2_VERSION, TLS1_2_VERSION,
2141 DTLS1_2_VERSION, DTLS1_2_VERSION,
2142 SSL_NOT_DEFAULT | SSL_HIGH,
2143 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2149 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2150 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2155 TLS1_2_VERSION, TLS1_2_VERSION,
2156 DTLS1_2_VERSION, DTLS1_2_VERSION,
2157 SSL_NOT_DEFAULT | SSL_HIGH,
2158 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2164 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2165 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2170 TLS1_2_VERSION, TLS1_2_VERSION,
2171 DTLS1_2_VERSION, DTLS1_2_VERSION,
2172 SSL_NOT_DEFAULT | SSL_HIGH,
2173 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2179 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2180 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2185 TLS1_2_VERSION, TLS1_2_VERSION,
2186 DTLS1_2_VERSION, DTLS1_2_VERSION,
2187 SSL_NOT_DEFAULT | SSL_HIGH,
2188 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2194 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2195 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2200 SSL3_VERSION, TLS1_2_VERSION,
2201 DTLS1_VERSION, DTLS1_2_VERSION,
2202 SSL_NOT_DEFAULT | SSL_HIGH,
2203 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2209 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2210 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2215 SSL3_VERSION, TLS1_2_VERSION,
2216 DTLS1_VERSION, DTLS1_2_VERSION,
2217 SSL_NOT_DEFAULT | SSL_HIGH,
2218 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2224 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2225 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2230 SSL3_VERSION, TLS1_2_VERSION,
2231 DTLS1_VERSION, DTLS1_2_VERSION,
2232 SSL_NOT_DEFAULT | SSL_HIGH,
2233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2239 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2240 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2245 SSL3_VERSION, TLS1_2_VERSION,
2246 DTLS1_VERSION, DTLS1_2_VERSION,
2247 SSL_NOT_DEFAULT | SSL_HIGH,
2248 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2254 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2255 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2260 SSL3_VERSION, TLS1_2_VERSION,
2261 DTLS1_VERSION, DTLS1_2_VERSION,
2262 SSL_NOT_DEFAULT | SSL_HIGH,
2263 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2269 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2270 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2275 SSL3_VERSION, TLS1_2_VERSION,
2276 DTLS1_VERSION, DTLS1_2_VERSION,
2277 SSL_NOT_DEFAULT | SSL_HIGH,
2278 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2284 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2285 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2290 SSL3_VERSION, TLS1_2_VERSION,
2291 DTLS1_VERSION, DTLS1_2_VERSION,
2292 SSL_NOT_DEFAULT | SSL_HIGH,
2293 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2299 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2300 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2305 SSL3_VERSION, TLS1_2_VERSION,
2306 DTLS1_VERSION, DTLS1_2_VERSION,
2307 SSL_NOT_DEFAULT | SSL_HIGH,
2308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2313 # ifndef OPENSSL_NO_EC
2316 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2317 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2322 TLS1_2_VERSION, TLS1_2_VERSION,
2323 DTLS1_2_VERSION, DTLS1_2_VERSION,
2324 SSL_NOT_DEFAULT | SSL_HIGH,
2325 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2331 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2332 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2337 TLS1_2_VERSION, TLS1_2_VERSION,
2338 DTLS1_2_VERSION, DTLS1_2_VERSION,
2339 SSL_NOT_DEFAULT | SSL_HIGH,
2340 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2346 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2347 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2352 TLS1_2_VERSION, TLS1_2_VERSION,
2353 DTLS1_2_VERSION, DTLS1_2_VERSION,
2354 SSL_NOT_DEFAULT | SSL_HIGH,
2355 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2361 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2362 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2367 TLS1_2_VERSION, TLS1_2_VERSION,
2368 DTLS1_2_VERSION, DTLS1_2_VERSION,
2369 SSL_NOT_DEFAULT | SSL_HIGH,
2370 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2374 # endif /* OPENSSL_NO_EC */
2376 # ifndef OPENSSL_NO_PSK
2379 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2380 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2385 TLS1_VERSION, TLS1_2_VERSION,
2386 DTLS1_VERSION, DTLS1_2_VERSION,
2387 SSL_NOT_DEFAULT | SSL_HIGH,
2388 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2394 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2395 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2400 TLS1_VERSION, TLS1_2_VERSION,
2401 DTLS1_VERSION, DTLS1_2_VERSION,
2402 SSL_NOT_DEFAULT | SSL_HIGH,
2403 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2409 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2410 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2415 TLS1_VERSION, TLS1_2_VERSION,
2416 DTLS1_VERSION, DTLS1_2_VERSION,
2417 SSL_NOT_DEFAULT | SSL_HIGH,
2418 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2424 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2425 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2430 TLS1_VERSION, TLS1_2_VERSION,
2431 DTLS1_VERSION, DTLS1_2_VERSION,
2432 SSL_NOT_DEFAULT | SSL_HIGH,
2433 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2439 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2440 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2445 TLS1_VERSION, TLS1_2_VERSION,
2446 DTLS1_VERSION, DTLS1_2_VERSION,
2447 SSL_NOT_DEFAULT | SSL_HIGH,
2448 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2454 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2455 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2460 TLS1_VERSION, TLS1_2_VERSION,
2461 DTLS1_VERSION, DTLS1_2_VERSION,
2462 SSL_NOT_DEFAULT | SSL_HIGH,
2463 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2469 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2470 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2475 TLS1_VERSION, TLS1_2_VERSION,
2476 DTLS1_VERSION, DTLS1_2_VERSION,
2477 SSL_NOT_DEFAULT | SSL_HIGH,
2478 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2484 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2485 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2490 TLS1_VERSION, TLS1_2_VERSION,
2491 DTLS1_VERSION, DTLS1_2_VERSION,
2492 SSL_NOT_DEFAULT | SSL_HIGH,
2493 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2497 # endif /* OPENSSL_NO_PSK */
2499 #endif /* OPENSSL_NO_CAMELLIA */
2501 #ifndef OPENSL_NO_GOST
2504 "GOST2001-GOST89-GOST89",
2508 SSL_eGOST2814789CNT,
2510 TLS1_VERSION, TLS1_2_VERSION,
2511 DTLS1_VERSION, DTLS1_2_VERSION,
2513 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2519 "GOST2001-NULL-GOST94",
2525 TLS1_VERSION, TLS1_2_VERSION,
2526 DTLS1_VERSION, DTLS1_2_VERSION,
2528 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2534 "GOST2012-GOST8912-GOST8912",
2537 SSL_aGOST12 | SSL_aGOST01,
2538 SSL_eGOST2814789CNT12,
2540 TLS1_VERSION, TLS1_2_VERSION,
2541 DTLS1_VERSION, DTLS1_2_VERSION,
2543 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2549 "GOST2012-NULL-GOST12",
2552 SSL_aGOST12 | SSL_aGOST01,
2555 TLS1_VERSION, TLS1_2_VERSION,
2556 DTLS1_VERSION, DTLS1_2_VERSION,
2558 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2561 #endif /* OPENSL_NO_GOST */
2563 #ifndef OPENSSL_NO_IDEA
2566 SSL3_TXT_RSA_IDEA_128_SHA,
2567 SSL3_CK_RSA_IDEA_128_SHA,
2572 SSL3_VERSION, TLS1_1_VERSION,
2573 DTLS1_VERSION, DTLS1_VERSION,
2574 SSL_NOT_DEFAULT | SSL_MEDIUM,
2575 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2581 #ifndef OPENSSL_NO_SEED
2584 TLS1_TXT_RSA_WITH_SEED_SHA,
2585 TLS1_CK_RSA_WITH_SEED_SHA,
2590 SSL3_VERSION, TLS1_2_VERSION,
2591 DTLS1_VERSION, DTLS1_2_VERSION,
2592 SSL_NOT_DEFAULT | SSL_MEDIUM,
2593 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2599 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2600 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2605 SSL3_VERSION, TLS1_2_VERSION,
2606 DTLS1_VERSION, DTLS1_2_VERSION,
2607 SSL_NOT_DEFAULT | SSL_MEDIUM,
2608 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2614 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2615 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2620 SSL3_VERSION, TLS1_2_VERSION,
2621 DTLS1_VERSION, DTLS1_2_VERSION,
2622 SSL_NOT_DEFAULT | SSL_MEDIUM,
2623 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2629 TLS1_TXT_ADH_WITH_SEED_SHA,
2630 TLS1_CK_ADH_WITH_SEED_SHA,
2635 SSL3_VERSION, TLS1_2_VERSION,
2636 DTLS1_VERSION, DTLS1_2_VERSION,
2637 SSL_NOT_DEFAULT | SSL_MEDIUM,
2638 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2642 #endif /* OPENSSL_NO_SEED */
2644 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2647 SSL3_TXT_RSA_RC4_128_MD5,
2648 SSL3_CK_RSA_RC4_128_MD5,
2653 SSL3_VERSION, TLS1_2_VERSION,
2655 SSL_NOT_DEFAULT | SSL_MEDIUM,
2656 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2662 SSL3_TXT_RSA_RC4_128_SHA,
2663 SSL3_CK_RSA_RC4_128_SHA,
2668 SSL3_VERSION, TLS1_2_VERSION,
2670 SSL_NOT_DEFAULT | SSL_MEDIUM,
2671 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2677 SSL3_TXT_ADH_RC4_128_MD5,
2678 SSL3_CK_ADH_RC4_128_MD5,
2683 SSL3_VERSION, TLS1_2_VERSION,
2685 SSL_NOT_DEFAULT | SSL_MEDIUM,
2686 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2691 # ifndef OPENSSL_NO_EC
2694 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2695 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2700 SSL3_VERSION, TLS1_2_VERSION,
2702 SSL_NOT_DEFAULT | SSL_MEDIUM,
2703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2709 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2710 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2715 SSL3_VERSION, TLS1_2_VERSION,
2717 SSL_NOT_DEFAULT | SSL_MEDIUM,
2718 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2724 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2725 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2730 SSL3_VERSION, TLS1_2_VERSION,
2732 SSL_NOT_DEFAULT | SSL_MEDIUM,
2733 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2739 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2740 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2745 SSL3_VERSION, TLS1_2_VERSION,
2747 SSL_NOT_DEFAULT | SSL_MEDIUM,
2748 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2752 # endif /* OPENSSL_NO_EC */
2754 # ifndef OPENSSL_NO_PSK
2757 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2758 TLS1_CK_PSK_WITH_RC4_128_SHA,
2763 SSL3_VERSION, TLS1_2_VERSION,
2765 SSL_NOT_DEFAULT | SSL_MEDIUM,
2766 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2772 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2773 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2778 SSL3_VERSION, TLS1_2_VERSION,
2780 SSL_NOT_DEFAULT | SSL_MEDIUM,
2781 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2787 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2788 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2793 SSL3_VERSION, TLS1_2_VERSION,
2795 SSL_NOT_DEFAULT | SSL_MEDIUM,
2796 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2800 # endif /* OPENSSL_NO_PSK */
2802 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2807 static int cipher_compare(const void *a, const void *b)
2809 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2810 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2812 return ap->id - bp->id;
2815 void ssl_sort_cipher_list(void)
2817 qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
2822 const SSL3_ENC_METHOD SSLv3_enc_data = {
2825 ssl3_setup_key_block,
2826 ssl3_generate_master_secret,
2827 ssl3_change_cipher_state,
2828 ssl3_final_finish_mac,
2829 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2830 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2831 SSL3_MD_SERVER_FINISHED_CONST, 4,
2833 (int (*)(SSL *, unsigned char *, size_t, const char *,
2834 size_t, const unsigned char *, size_t,
2835 int use_context))ssl_undefined_function,
2837 SSL3_HM_HEADER_LENGTH,
2838 ssl3_set_handshake_header,
2839 ssl3_handshake_write
2842 long ssl3_default_timeout(void)
2845 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2846 * http, the cache would over fill
2848 return (60 * 60 * 2);
2851 int ssl3_num_ciphers(void)
2853 return (SSL3_NUM_CIPHERS);
2856 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2858 if (u < SSL3_NUM_CIPHERS)
2859 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2864 int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2866 unsigned char *p = (unsigned char *)s->init_buf->data;
2869 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2875 int ssl3_handshake_write(SSL *s)
2877 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2880 int ssl3_new(SSL *s)
2884 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2888 #ifndef OPENSSL_NO_SRP
2889 if (!SSL_SRP_CTX_init(s))
2892 s->method->ssl_clear(s);
2898 void ssl3_free(SSL *s)
2900 if (s == NULL || s->s3 == NULL)
2903 ssl3_cleanup_key_block(s);
2905 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2906 EVP_PKEY_free(s->s3->peer_tmp);
2907 s->s3->peer_tmp = NULL;
2908 EVP_PKEY_free(s->s3->tmp.pkey);
2909 s->s3->tmp.pkey = NULL;
2912 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2913 OPENSSL_free(s->s3->tmp.ciphers_raw);
2914 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2915 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2916 ssl3_free_digest_list(s);
2917 OPENSSL_free(s->s3->alpn_selected);
2918 OPENSSL_free(s->s3->alpn_proposed);
2920 #ifndef OPENSSL_NO_SRP
2921 SSL_SRP_CTX_free(s);
2923 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2927 void ssl3_clear(SSL *s)
2929 ssl3_cleanup_key_block(s);
2930 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2931 OPENSSL_free(s->s3->tmp.ciphers_raw);
2932 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2933 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2935 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2936 EVP_PKEY_free(s->s3->tmp.pkey);
2937 EVP_PKEY_free(s->s3->peer_tmp);
2938 #endif /* !OPENSSL_NO_EC */
2940 ssl3_free_digest_list(s);
2942 OPENSSL_free(s->s3->alpn_selected);
2943 OPENSSL_free(s->s3->alpn_proposed);
2945 /* NULL/zero-out everything in the s3 struct */
2946 memset(s->s3, 0, sizeof(*s->s3));
2948 ssl_free_wbio_buffer(s);
2950 s->version = SSL3_VERSION;
2952 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2953 OPENSSL_free(s->next_proto_negotiated);
2954 s->next_proto_negotiated = NULL;
2955 s->next_proto_negotiated_len = 0;
2959 #ifndef OPENSSL_NO_SRP
2960 static char *srp_password_from_info_cb(SSL *s, void *arg)
2962 return OPENSSL_strdup(s->srp_ctx.info);
2966 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
2969 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2974 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2976 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2977 ret = s->s3->num_renegotiations;
2979 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2980 ret = s->s3->num_renegotiations;
2981 s->s3->num_renegotiations = 0;
2983 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2984 ret = s->s3->total_renegotiations;
2986 case SSL_CTRL_GET_FLAGS:
2987 ret = (int)(s->s3->flags);
2989 #ifndef OPENSSL_NO_DH
2990 case SSL_CTRL_SET_TMP_DH:
2992 DH *dh = (DH *)parg;
2993 EVP_PKEY *pkdh = NULL;
2995 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2998 pkdh = ssl_dh_to_pkey(dh);
3000 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3003 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3004 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3005 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3006 EVP_PKEY_free(pkdh);
3009 EVP_PKEY_free(s->cert->dh_tmp);
3010 s->cert->dh_tmp = pkdh;
3014 case SSL_CTRL_SET_TMP_DH_CB:
3016 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3019 case SSL_CTRL_SET_DH_AUTO:
3020 s->cert->dh_tmp_auto = larg;
3023 #ifndef OPENSSL_NO_EC
3024 case SSL_CTRL_SET_TMP_ECDH:
3026 const EC_GROUP *group = NULL;
3030 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3033 group = EC_KEY_get0_group((const EC_KEY *)parg);
3034 if (group == NULL) {
3035 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3038 nid = EC_GROUP_get_curve_name(group);
3039 if (nid == NID_undef)
3041 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3042 &s->tlsext_ellipticcurvelist_length,
3046 #endif /* !OPENSSL_NO_EC */
3047 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3048 if (larg == TLSEXT_NAMETYPE_host_name) {
3051 OPENSSL_free(s->tlsext_hostname);
3052 s->tlsext_hostname = NULL;
3057 len = strlen((char *)parg);
3058 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3059 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3062 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3063 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3067 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3071 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3072 s->tlsext_debug_arg = parg;
3076 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3077 s->tlsext_status_type = larg;
3081 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3082 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3086 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3087 s->tlsext_ocsp_exts = parg;
3091 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3092 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3096 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3097 s->tlsext_ocsp_ids = parg;
3101 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3102 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3103 return s->tlsext_ocsp_resplen;
3105 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3106 OPENSSL_free(s->tlsext_ocsp_resp);
3107 s->tlsext_ocsp_resp = parg;
3108 s->tlsext_ocsp_resplen = larg;
3112 #ifndef OPENSSL_NO_HEARTBEATS
3113 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3115 ret = dtls1_heartbeat(s);
3118 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3120 ret = s->tlsext_hb_pending;
3123 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3124 if (SSL_IS_DTLS(s)) {
3126 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3128 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3134 case SSL_CTRL_CHAIN:
3136 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3138 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3140 case SSL_CTRL_CHAIN_CERT:
3142 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3144 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3146 case SSL_CTRL_GET_CHAIN_CERTS:
3147 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3150 case SSL_CTRL_SELECT_CURRENT_CERT:
3151 return ssl_cert_select_current(s->cert, (X509 *)parg);
3153 case SSL_CTRL_SET_CURRENT_CERT:
3154 if (larg == SSL_CERT_SET_SERVER) {
3156 const SSL_CIPHER *cipher;
3159 cipher = s->s3->tmp.new_cipher;
3163 * No certificate for unauthenticated ciphersuites or using SRP
3166 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3168 cpk = ssl_get_server_send_pkey(s);
3174 return ssl_cert_set_current(s->cert, larg);
3176 #ifndef OPENSSL_NO_EC
3177 case SSL_CTRL_GET_CURVES:
3179 unsigned char *clist;
3183 clist = s->session->tlsext_ellipticcurvelist;
3184 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3188 unsigned int cid, nid;
3189 for (i = 0; i < clistlen; i++) {
3191 nid = tls1_ec_curve_id2nid(cid);
3195 cptr[i] = TLSEXT_nid_unknown | cid;
3198 return (int)clistlen;
3201 case SSL_CTRL_SET_CURVES:
3202 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3203 &s->tlsext_ellipticcurvelist_length,
3206 case SSL_CTRL_SET_CURVES_LIST:
3207 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3208 &s->tlsext_ellipticcurvelist_length,
3211 case SSL_CTRL_GET_SHARED_CURVE:
3212 return tls1_shared_curve(s, larg);
3215 case SSL_CTRL_SET_SIGALGS:
3216 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3218 case SSL_CTRL_SET_SIGALGS_LIST:
3219 return tls1_set_sigalgs_list(s->cert, parg, 0);
3221 case SSL_CTRL_SET_CLIENT_SIGALGS:
3222 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3224 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3225 return tls1_set_sigalgs_list(s->cert, parg, 1);
3227 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3229 const unsigned char **pctype = parg;
3230 if (s->server || !s->s3->tmp.cert_req)
3232 if (s->cert->ctypes) {
3234 *pctype = s->cert->ctypes;
3235 return (int)s->cert->ctype_num;
3238 *pctype = (unsigned char *)s->s3->tmp.ctype;
3239 return s->s3->tmp.ctype_num;
3242 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3245 return ssl3_set_req_cert_type(s->cert, parg, larg);
3247 case SSL_CTRL_BUILD_CERT_CHAIN:
3248 return ssl_build_cert_chain(s, NULL, larg);
3250 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3251 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3253 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3254 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3256 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3257 if (SSL_USE_SIGALGS(s)) {
3260 sig = s->s3->tmp.peer_md;
3262 *(int *)parg = EVP_MD_type(sig);
3268 /* Might want to do something here for other versions */
3272 case SSL_CTRL_GET_SERVER_TMP_KEY:
3273 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3274 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3277 EVP_PKEY_up_ref(s->s3->peer_tmp);
3278 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3284 #ifndef OPENSSL_NO_EC
3285 case SSL_CTRL_GET_EC_POINT_FORMATS:
3287 SSL_SESSION *sess = s->session;
3288 const unsigned char **pformat = parg;
3289 if (!sess || !sess->tlsext_ecpointformatlist)
3291 *pformat = sess->tlsext_ecpointformatlist;
3292 return (int)sess->tlsext_ecpointformatlist_length;
3302 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3307 #ifndef OPENSSL_NO_DH
3308 case SSL_CTRL_SET_TMP_DH_CB:
3310 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3314 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3315 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3316 const unsigned char *, int, void *))fp;
3319 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3321 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3330 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3333 #ifndef OPENSSL_NO_DH
3334 case SSL_CTRL_SET_TMP_DH:
3336 DH *dh = (DH *)parg;
3337 EVP_PKEY *pkdh = NULL;
3339 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3342 pkdh = ssl_dh_to_pkey(dh);
3344 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3347 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3348 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3349 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3350 EVP_PKEY_free(pkdh);
3353 EVP_PKEY_free(ctx->cert->dh_tmp);
3354 ctx->cert->dh_tmp = pkdh;
3360 case SSL_CTRL_SET_TMP_DH_CB:
3362 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3365 case SSL_CTRL_SET_DH_AUTO:
3366 ctx->cert->dh_tmp_auto = larg;
3369 #ifndef OPENSSL_NO_EC
3370 case SSL_CTRL_SET_TMP_ECDH:
3372 const EC_GROUP *group = NULL;
3376 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3379 group = EC_KEY_get0_group((const EC_KEY *)parg);
3380 if (group == NULL) {
3381 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3384 nid = EC_GROUP_get_curve_name(group);
3385 if (nid == NID_undef)
3387 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3388 &ctx->tlsext_ellipticcurvelist_length,
3392 #endif /* !OPENSSL_NO_EC */
3393 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3394 ctx->tlsext_servername_arg = parg;
3396 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3397 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3399 unsigned char *keys = parg;
3403 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3406 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3407 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3408 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3409 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3411 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3412 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3413 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3418 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3419 ctx->tlsext_status_arg = parg;
3422 #ifndef OPENSSL_NO_SRP
3423 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3424 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3425 OPENSSL_free(ctx->srp_ctx.login);
3426 ctx->srp_ctx.login = NULL;
3429 if (strlen((const char *)parg) > 255
3430 || strlen((const char *)parg) < 1) {
3431 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3434 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3435 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3439 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3440 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3441 srp_password_from_info_cb;
3442 ctx->srp_ctx.info = parg;
3444 case SSL_CTRL_SET_SRP_ARG:
3445 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3446 ctx->srp_ctx.SRP_cb_arg = parg;
3449 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3450 ctx->srp_ctx.strength = larg;
3454 #ifndef OPENSSL_NO_EC
3455 case SSL_CTRL_SET_CURVES:
3456 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3457 &ctx->tlsext_ellipticcurvelist_length,
3460 case SSL_CTRL_SET_CURVES_LIST:
3461 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3462 &ctx->tlsext_ellipticcurvelist_length,
3465 case SSL_CTRL_SET_SIGALGS:
3466 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3468 case SSL_CTRL_SET_SIGALGS_LIST:
3469 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3471 case SSL_CTRL_SET_CLIENT_SIGALGS:
3472 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3474 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3475 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3477 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3478 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3480 case SSL_CTRL_BUILD_CERT_CHAIN:
3481 return ssl_build_cert_chain(NULL, ctx, larg);
3483 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3484 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3486 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3487 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3489 /* A Thawte special :-) */
3490 case SSL_CTRL_EXTRA_CHAIN_CERT:
3491 if (ctx->extra_certs == NULL) {
3492 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3495 sk_X509_push(ctx->extra_certs, (X509 *)parg);
3498 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3499 if (ctx->extra_certs == NULL && larg == 0)
3500 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3502 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3505 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3506 sk_X509_pop_free(ctx->extra_certs, X509_free);
3507 ctx->extra_certs = NULL;
3510 case SSL_CTRL_CHAIN:
3512 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3514 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3516 case SSL_CTRL_CHAIN_CERT:
3518 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3520 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3522 case SSL_CTRL_GET_CHAIN_CERTS:
3523 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3526 case SSL_CTRL_SELECT_CURRENT_CERT:
3527 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3529 case SSL_CTRL_SET_CURRENT_CERT:
3530 return ssl_cert_set_current(ctx->cert, larg);
3538 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3541 #ifndef OPENSSL_NO_DH
3542 case SSL_CTRL_SET_TMP_DH_CB:
3544 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3548 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3549 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3552 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3553 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3556 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3557 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3560 HMAC_CTX *, int))fp;
3563 #ifndef OPENSSL_NO_SRP
3564 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3565 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3566 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3568 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3569 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3570 ctx->srp_ctx.TLS_ext_srp_username_callback =
3571 (int (*)(SSL *, int *, void *))fp;
3573 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3574 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3575 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3576 (char *(*)(SSL *, void *))fp;
3579 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3581 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3591 * This function needs to check if the ciphers required are actually
3594 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3597 const SSL_CIPHER *cp;
3600 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
3602 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3606 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3612 if ((l & 0xff000000) != 0x03000000)
3614 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3615 p[1] = ((unsigned char)(l)) & 0xFF;
3621 * ssl3_choose_cipher - choose a cipher from those offered by the client
3622 * @s: SSL connection
3623 * @clnt: ciphers offered by the client
3624 * @srvr: ciphers enabled on the server?
3626 * Returns the selected cipher or NULL when no common ciphers.
3628 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3629 STACK_OF(SSL_CIPHER) *srvr)
3631 const SSL_CIPHER *c, *ret = NULL;
3632 STACK_OF(SSL_CIPHER) *prio, *allow;
3634 unsigned long alg_k, alg_a, mask_k, mask_a;
3636 /* Let's see which ciphers we can support */
3640 * Do not set the compare functions, because this may lead to a
3641 * reordering by "id". We want to keep the original ordering. We may pay
3642 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3643 * pay with the price of sk_SSL_CIPHER_dup().
3645 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3646 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3650 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3652 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3653 c = sk_SSL_CIPHER_value(srvr, i);
3654 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3656 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3658 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3659 c = sk_SSL_CIPHER_value(clnt, i);
3660 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3664 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3672 tls1_set_cert_validity(s);
3675 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3676 c = sk_SSL_CIPHER_value(prio, i);
3678 /* Skip ciphers not supported by the protocol version */
3679 if (!SSL_IS_DTLS(s) &&
3680 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3682 if (SSL_IS_DTLS(s) &&
3683 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3684 DTLS_VERSION_GT(s->version, c->max_dtls)))
3687 mask_k = s->s3->tmp.mask_k;
3688 mask_a = s->s3->tmp.mask_a;
3689 #ifndef OPENSSL_NO_SRP
3690 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3696 alg_k = c->algorithm_mkey;
3697 alg_a = c->algorithm_auth;
3699 #ifndef OPENSSL_NO_PSK
3700 /* with PSK there must be server callback set */
3701 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3703 #endif /* OPENSSL_NO_PSK */
3705 ok = (alg_k & mask_k) && (alg_a & mask_a);
3707 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3708 alg_a, mask_k, mask_a, (void *)c, c->name);
3711 # ifndef OPENSSL_NO_EC
3713 * if we are considering an ECC cipher suite that uses an ephemeral
3716 if (alg_k & SSL_kECDHE)
3717 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3718 # endif /* OPENSSL_NO_EC */
3722 ii = sk_SSL_CIPHER_find(allow, c);
3724 /* Check security callback permits this cipher */
3725 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3726 c->strength_bits, 0, (void *)c))
3728 #if !defined(OPENSSL_NO_EC)
3729 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3730 && s->s3->is_probably_safari) {
3732 ret = sk_SSL_CIPHER_value(allow, ii);
3736 ret = sk_SSL_CIPHER_value(allow, ii);
3743 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3746 uint32_t alg_k, alg_a = 0;
3748 /* If we have custom certificate types set, use them */
3749 if (s->cert->ctypes) {
3750 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
3751 return (int)s->cert->ctype_num;
3753 /* Get mask of algorithms disabled by signature list */
3754 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3756 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3758 #ifndef OPENSSL_NO_GOST
3759 if (s->version >= TLS1_VERSION) {
3760 if (alg_k & SSL_kGOST) {
3761 p[ret++] = TLS_CT_GOST01_SIGN;
3762 p[ret++] = TLS_CT_GOST12_SIGN;
3763 p[ret++] = TLS_CT_GOST12_512_SIGN;
3769 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3770 #ifndef OPENSSL_NO_DH
3771 # ifndef OPENSSL_NO_RSA
3772 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3774 # ifndef OPENSSL_NO_DSA
3775 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3777 #endif /* !OPENSSL_NO_DH */
3779 #ifndef OPENSSL_NO_RSA
3780 if (!(alg_a & SSL_aRSA))
3781 p[ret++] = SSL3_CT_RSA_SIGN;
3783 #ifndef OPENSSL_NO_DSA
3784 if (!(alg_a & SSL_aDSS))
3785 p[ret++] = SSL3_CT_DSS_SIGN;
3787 #ifndef OPENSSL_NO_EC
3789 * ECDSA certs can be used with RSA cipher suites too so we don't
3790 * need to check for SSL_kECDH or SSL_kECDHE
3792 if (s->version >= TLS1_VERSION) {
3793 if (!(alg_a & SSL_aECDSA))
3794 p[ret++] = TLS_CT_ECDSA_SIGN;
3800 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3802 OPENSSL_free(c->ctypes);
3808 c->ctypes = OPENSSL_malloc(len);
3809 if (c->ctypes == NULL)
3811 memcpy(c->ctypes, p, len);
3816 int ssl3_shutdown(SSL *s)
3821 * Don't do anything much if we have not done the handshake or we don't
3822 * want to send messages :-)
3824 if (s->quiet_shutdown || SSL_in_before(s)) {
3825 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3829 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3830 s->shutdown |= SSL_SENT_SHUTDOWN;
3831 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3833 * our shutdown alert has been sent now, and if it still needs to be
3834 * written, s->s3->alert_dispatch will be true
3836 if (s->s3->alert_dispatch)
3837 return (-1); /* return WANT_WRITE */
3838 } else if (s->s3->alert_dispatch) {
3839 /* resend it if not sent */
3840 ret = s->method->ssl_dispatch_alert(s);
3843 * we only get to return -1 here the 2nd/Nth invocation, we must
3844 * have already signalled return 0 upon a previous invoation,
3849 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3851 * If we are waiting for a close from our peer, we are closed
3853 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
3854 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3855 return (-1); /* return WANT_READ */
3859 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3860 !s->s3->alert_dispatch)
3866 int ssl3_write(SSL *s, const void *buf, int len)
3869 if (s->s3->renegotiate)
3870 ssl3_renegotiate_check(s);
3872 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
3876 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3881 if (s->s3->renegotiate)
3882 ssl3_renegotiate_check(s);
3883 s->s3->in_read_app_data = 1;
3885 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3887 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3889 * ssl3_read_bytes decided to call s->handshake_func, which called
3890 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3891 * actually found application data and thinks that application data
3892 * makes sense here; so disable handshake processing and try to read
3893 * application data again.
3895 ossl_statem_set_in_handshake(s, 1);
3897 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3899 ossl_statem_set_in_handshake(s, 0);
3901 s->s3->in_read_app_data = 0;
3906 int ssl3_read(SSL *s, void *buf, int len)
3908 return ssl3_read_internal(s, buf, len, 0);
3911 int ssl3_peek(SSL *s, void *buf, int len)
3913 return ssl3_read_internal(s, buf, len, 1);
3916 int ssl3_renegotiate(SSL *s)
3918 if (s->handshake_func == NULL)
3921 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3924 s->s3->renegotiate = 1;
3928 int ssl3_renegotiate_check(SSL *s)
3932 if (s->s3->renegotiate) {
3933 if (!RECORD_LAYER_read_pending(&s->rlayer)
3934 && !RECORD_LAYER_write_pending(&s->rlayer)
3935 && !SSL_in_init(s)) {
3937 * if we are the server, and we have sent a 'RENEGOTIATE'
3938 * message, we need to set the state machine into the renegotiate
3941 ossl_statem_set_renegotiate(s);
3942 s->s3->renegotiate = 0;
3943 s->s3->num_renegotiations++;
3944 s->s3->total_renegotiations++;
3952 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3953 * handshake macs if required.
3955 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3957 long ssl_get_algorithm2(SSL *s)
3959 long alg2 = s->s3->tmp.new_cipher->algorithm2;
3960 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3961 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3962 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3963 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3964 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3965 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3971 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3972 * failure, 1 on success.
3974 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
3981 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
3983 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
3985 unsigned long Time = (unsigned long)time(NULL);
3986 unsigned char *p = result;
3988 return RAND_bytes(p, len - 4);
3990 return RAND_bytes(result, len);
3993 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
3996 #ifndef OPENSSL_NO_PSK
3997 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3998 if (alg_k & SSL_PSK) {
3999 unsigned char *pskpms, *t;
4000 size_t psklen = s->s3->tmp.psklen;
4003 /* create PSK premaster_secret */
4005 /* For plain PSK "other_secret" is psklen zeroes */
4006 if (alg_k & SSL_kPSK)
4009 pskpmslen = 4 + pmslen + psklen;
4010 pskpms = OPENSSL_malloc(pskpmslen);
4011 if (pskpms == NULL) {
4012 s->session->master_key_length = 0;
4017 if (alg_k & SSL_kPSK)
4018 memset(t, 0, pmslen);
4020 memcpy(t, pms, pmslen);
4023 memcpy(t, s->s3->tmp.psk, psklen);
4025 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4026 s->s3->tmp.psk = NULL;
4027 s->session->master_key_length =
4028 s->method->ssl3_enc->generate_master_secret(s,
4029 s->session->master_key,
4031 OPENSSL_clear_free(pskpms, pskpmslen);
4034 s->session->master_key_length =
4035 s->method->ssl3_enc->generate_master_secret(s,
4036 s->session->master_key,
4038 #ifndef OPENSSL_NO_PSK
4043 OPENSSL_clear_free(pms, pmslen);
4045 OPENSSL_cleanse(pms, pmslen);
4048 s->s3->tmp.pms = NULL;
4049 return s->session->master_key_length >= 0;
4052 /* Generate a private key from parameters or a curve NID */
4053 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int nid)
4055 EVP_PKEY_CTX *pctx = NULL;
4056 EVP_PKEY *pkey = NULL;
4058 pctx = EVP_PKEY_CTX_new(pm, NULL);
4061 * Generate a new key for this curve.
4062 * Should not be called if EC is disabled: if it is it will
4063 * fail with an unknown algorithm error.
4065 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4069 if (EVP_PKEY_keygen_init(pctx) <= 0)
4071 #ifndef OPENSSL_NO_EC
4072 if (pm == NULL && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4076 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4077 EVP_PKEY_free(pkey);
4082 EVP_PKEY_CTX_free(pctx);
4085 /* Derive premaster or master secret for ECDH/DH */
4086 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4089 unsigned char *pms = NULL;
4093 if (privkey == NULL || pubkey == NULL)
4096 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4098 if (EVP_PKEY_derive_init(pctx) <= 0
4099 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4100 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4104 pms = OPENSSL_malloc(pmslen);
4108 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4112 /* For server generate master secret and discard premaster */
4113 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4116 /* For client just save premaster secret */
4117 s->s3->tmp.pms = pms;
4118 s->s3->tmp.pmslen = pmslen;
4124 OPENSSL_clear_free(pms, pmslen);
4125 EVP_PKEY_CTX_free(pctx);
4129 #ifndef OPENSSL_NO_DH
4130 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4135 ret = EVP_PKEY_new();
4136 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {