2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
51 #include <openssl/objects.h>
53 #include <openssl/md5.h>
54 #include <openssl/dh.h>
55 #include <openssl/rand.h>
57 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
60 * The list of available ciphers, organized into the following
65 * SRP (within that: RSA EC PSK)
66 * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
69 static SSL_CIPHER ssl3_ciphers[] =
73 SSL3_TXT_RSA_NULL_MD5,
79 SSL3_VERSION, TLS1_2_VERSION,
80 DTLS1_BAD_VER, DTLS1_2_VERSION,
82 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
88 SSL3_TXT_RSA_NULL_SHA,
94 SSL3_VERSION, TLS1_2_VERSION,
95 DTLS1_BAD_VER, DTLS1_2_VERSION,
96 SSL_STRONG_NONE | SSL_FIPS,
97 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
103 SSL3_TXT_RSA_DES_192_CBC3_SHA,
104 SSL3_CK_RSA_DES_192_CBC3_SHA,
109 SSL3_VERSION, TLS1_2_VERSION,
110 DTLS1_BAD_VER, DTLS1_2_VERSION,
111 SSL_MEDIUM | SSL_FIPS,
112 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
118 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
119 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
124 SSL3_VERSION, TLS1_2_VERSION,
125 DTLS1_BAD_VER, DTLS1_2_VERSION,
126 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
127 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
133 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
134 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
139 SSL3_VERSION, TLS1_2_VERSION,
140 DTLS1_BAD_VER, DTLS1_2_VERSION,
141 SSL_MEDIUM | SSL_FIPS,
142 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
148 SSL3_TXT_ADH_DES_192_CBC_SHA,
149 SSL3_CK_ADH_DES_192_CBC_SHA,
154 SSL3_VERSION, TLS1_2_VERSION,
155 DTLS1_BAD_VER, DTLS1_2_VERSION,
156 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
157 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
163 TLS1_TXT_RSA_WITH_AES_128_SHA,
164 TLS1_CK_RSA_WITH_AES_128_SHA,
169 SSL3_VERSION, TLS1_2_VERSION,
170 DTLS1_BAD_VER, DTLS1_2_VERSION,
172 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
178 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
179 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
184 SSL3_VERSION, TLS1_2_VERSION,
185 DTLS1_BAD_VER, DTLS1_2_VERSION,
186 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
187 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
193 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
194 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
199 SSL3_VERSION, TLS1_2_VERSION,
200 DTLS1_BAD_VER, DTLS1_2_VERSION,
202 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
208 TLS1_TXT_ADH_WITH_AES_128_SHA,
209 TLS1_CK_ADH_WITH_AES_128_SHA,
214 SSL3_VERSION, TLS1_2_VERSION,
215 DTLS1_BAD_VER, DTLS1_2_VERSION,
216 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
223 TLS1_TXT_RSA_WITH_AES_256_SHA,
224 TLS1_CK_RSA_WITH_AES_256_SHA,
229 SSL3_VERSION, TLS1_2_VERSION,
230 DTLS1_BAD_VER, DTLS1_2_VERSION,
232 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
238 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
239 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
244 SSL3_VERSION, TLS1_2_VERSION,
245 DTLS1_BAD_VER, DTLS1_2_VERSION,
246 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
247 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
253 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
254 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
259 SSL3_VERSION, TLS1_2_VERSION,
260 DTLS1_BAD_VER, DTLS1_2_VERSION,
262 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
268 TLS1_TXT_ADH_WITH_AES_256_SHA,
269 TLS1_CK_ADH_WITH_AES_256_SHA,
274 SSL3_VERSION, TLS1_2_VERSION,
275 DTLS1_BAD_VER, DTLS1_2_VERSION,
276 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
277 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
283 TLS1_TXT_RSA_WITH_NULL_SHA256,
284 TLS1_CK_RSA_WITH_NULL_SHA256,
289 TLS1_2_VERSION, TLS1_2_VERSION,
290 DTLS1_2_VERSION, DTLS1_2_VERSION,
291 SSL_STRONG_NONE | SSL_FIPS,
292 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
298 TLS1_TXT_RSA_WITH_AES_128_SHA256,
299 TLS1_CK_RSA_WITH_AES_128_SHA256,
304 TLS1_2_VERSION, TLS1_2_VERSION,
305 DTLS1_2_VERSION, DTLS1_2_VERSION,
307 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
313 TLS1_TXT_RSA_WITH_AES_256_SHA256,
314 TLS1_CK_RSA_WITH_AES_256_SHA256,
319 TLS1_2_VERSION, TLS1_2_VERSION,
320 DTLS1_2_VERSION, DTLS1_2_VERSION,
322 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
328 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
329 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
334 TLS1_2_VERSION, TLS1_2_VERSION,
335 DTLS1_2_VERSION, DTLS1_2_VERSION,
336 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
337 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
343 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
344 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
349 TLS1_2_VERSION, TLS1_2_VERSION,
350 DTLS1_2_VERSION, DTLS1_2_VERSION,
352 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
358 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
359 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
364 TLS1_2_VERSION, TLS1_2_VERSION,
365 DTLS1_2_VERSION, DTLS1_2_VERSION,
366 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
367 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
373 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
374 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
379 TLS1_2_VERSION, TLS1_2_VERSION,
380 DTLS1_2_VERSION, DTLS1_2_VERSION,
382 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
388 TLS1_TXT_ADH_WITH_AES_128_SHA256,
389 TLS1_CK_ADH_WITH_AES_128_SHA256,
394 TLS1_2_VERSION, TLS1_2_VERSION,
395 DTLS1_2_VERSION, DTLS1_2_VERSION,
396 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
397 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
403 TLS1_TXT_ADH_WITH_AES_256_SHA256,
404 TLS1_CK_ADH_WITH_AES_256_SHA256,
409 TLS1_2_VERSION, TLS1_2_VERSION,
410 DTLS1_2_VERSION, DTLS1_2_VERSION,
411 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
412 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
418 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
419 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
424 TLS1_2_VERSION, TLS1_2_VERSION,
425 DTLS1_2_VERSION, DTLS1_2_VERSION,
427 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
433 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
434 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
439 TLS1_2_VERSION, TLS1_2_VERSION,
440 DTLS1_2_VERSION, DTLS1_2_VERSION,
442 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
448 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
449 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
454 TLS1_2_VERSION, TLS1_2_VERSION,
455 DTLS1_2_VERSION, DTLS1_2_VERSION,
457 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
463 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
469 TLS1_2_VERSION, TLS1_2_VERSION,
470 DTLS1_2_VERSION, DTLS1_2_VERSION,
472 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
478 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
479 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
484 TLS1_2_VERSION, TLS1_2_VERSION,
485 DTLS1_2_VERSION, DTLS1_2_VERSION,
486 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
487 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
493 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
494 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
499 TLS1_2_VERSION, TLS1_2_VERSION,
500 DTLS1_2_VERSION, DTLS1_2_VERSION,
501 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
502 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
508 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
509 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
514 TLS1_2_VERSION, TLS1_2_VERSION,
515 DTLS1_2_VERSION, DTLS1_2_VERSION,
516 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
517 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
523 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
524 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
529 TLS1_2_VERSION, TLS1_2_VERSION,
530 DTLS1_2_VERSION, DTLS1_2_VERSION,
531 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
532 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
538 TLS1_TXT_RSA_WITH_AES_128_CCM,
539 TLS1_CK_RSA_WITH_AES_128_CCM,
544 TLS1_2_VERSION, TLS1_2_VERSION,
545 DTLS1_2_VERSION, DTLS1_2_VERSION,
546 SSL_NOT_DEFAULT | SSL_HIGH,
547 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
553 TLS1_TXT_RSA_WITH_AES_256_CCM,
554 TLS1_CK_RSA_WITH_AES_256_CCM,
559 TLS1_2_VERSION, TLS1_2_VERSION,
560 DTLS1_2_VERSION, DTLS1_2_VERSION,
561 SSL_NOT_DEFAULT | SSL_HIGH,
562 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
568 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
569 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
574 TLS1_2_VERSION, TLS1_2_VERSION,
575 DTLS1_2_VERSION, DTLS1_2_VERSION,
576 SSL_NOT_DEFAULT | SSL_HIGH,
577 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
583 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
584 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
589 TLS1_2_VERSION, TLS1_2_VERSION,
590 DTLS1_2_VERSION, DTLS1_2_VERSION,
591 SSL_NOT_DEFAULT | SSL_HIGH,
592 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
598 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
599 TLS1_CK_RSA_WITH_AES_128_CCM_8,
604 TLS1_2_VERSION, TLS1_2_VERSION,
605 DTLS1_2_VERSION, DTLS1_2_VERSION,
606 SSL_NOT_DEFAULT | SSL_HIGH,
607 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
613 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
614 TLS1_CK_RSA_WITH_AES_256_CCM_8,
619 TLS1_2_VERSION, TLS1_2_VERSION,
620 DTLS1_2_VERSION, DTLS1_2_VERSION,
621 SSL_NOT_DEFAULT | SSL_HIGH,
622 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
628 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
629 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
634 TLS1_2_VERSION, TLS1_2_VERSION,
635 DTLS1_2_VERSION, DTLS1_2_VERSION,
636 SSL_NOT_DEFAULT | SSL_HIGH,
637 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
643 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
644 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
649 TLS1_2_VERSION, TLS1_2_VERSION,
650 DTLS1_2_VERSION, DTLS1_2_VERSION,
651 SSL_NOT_DEFAULT | SSL_HIGH,
652 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
658 TLS1_TXT_PSK_WITH_AES_128_CCM,
659 TLS1_CK_PSK_WITH_AES_128_CCM,
664 TLS1_2_VERSION, TLS1_2_VERSION,
665 DTLS1_2_VERSION, DTLS1_2_VERSION,
666 SSL_NOT_DEFAULT | SSL_HIGH,
667 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
673 TLS1_TXT_PSK_WITH_AES_256_CCM,
674 TLS1_CK_PSK_WITH_AES_256_CCM,
679 TLS1_2_VERSION, TLS1_2_VERSION,
680 DTLS1_2_VERSION, DTLS1_2_VERSION,
681 SSL_NOT_DEFAULT | SSL_HIGH,
682 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
688 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
689 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
694 TLS1_2_VERSION, TLS1_2_VERSION,
695 DTLS1_2_VERSION, DTLS1_2_VERSION,
696 SSL_NOT_DEFAULT | SSL_HIGH,
697 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
703 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
704 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
709 TLS1_2_VERSION, TLS1_2_VERSION,
710 DTLS1_2_VERSION, DTLS1_2_VERSION,
711 SSL_NOT_DEFAULT | SSL_HIGH,
712 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
718 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
719 TLS1_CK_PSK_WITH_AES_128_CCM_8,
724 TLS1_2_VERSION, TLS1_2_VERSION,
725 DTLS1_2_VERSION, DTLS1_2_VERSION,
726 SSL_NOT_DEFAULT | SSL_HIGH,
727 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
733 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
734 TLS1_CK_PSK_WITH_AES_256_CCM_8,
739 TLS1_2_VERSION, TLS1_2_VERSION,
740 DTLS1_2_VERSION, DTLS1_2_VERSION,
741 SSL_NOT_DEFAULT | SSL_HIGH,
742 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
748 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
749 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
754 TLS1_2_VERSION, TLS1_2_VERSION,
755 DTLS1_2_VERSION, DTLS1_2_VERSION,
756 SSL_NOT_DEFAULT | SSL_HIGH,
757 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
763 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
764 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
769 TLS1_2_VERSION, TLS1_2_VERSION,
770 DTLS1_2_VERSION, DTLS1_2_VERSION,
771 SSL_NOT_DEFAULT | SSL_HIGH,
772 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
778 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
779 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
784 TLS1_2_VERSION, TLS1_2_VERSION,
785 DTLS1_2_VERSION, DTLS1_2_VERSION,
786 SSL_NOT_DEFAULT | SSL_HIGH,
787 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
793 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
794 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
799 TLS1_2_VERSION, TLS1_2_VERSION,
800 DTLS1_2_VERSION, DTLS1_2_VERSION,
801 SSL_NOT_DEFAULT | SSL_HIGH,
802 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
808 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
809 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
814 TLS1_2_VERSION, TLS1_2_VERSION,
815 DTLS1_2_VERSION, DTLS1_2_VERSION,
816 SSL_NOT_DEFAULT | SSL_HIGH,
817 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
823 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
824 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
829 TLS1_2_VERSION, TLS1_2_VERSION,
830 DTLS1_2_VERSION, DTLS1_2_VERSION,
831 SSL_NOT_DEFAULT | SSL_HIGH,
832 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
837 #ifndef OPENSSL_NO_EC
840 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
841 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
846 SSL3_VERSION, TLS1_2_VERSION,
847 DTLS1_BAD_VER, DTLS1_2_VERSION,
848 SSL_STRONG_NONE | SSL_FIPS,
849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
855 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
856 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
861 SSL3_VERSION, TLS1_2_VERSION,
862 DTLS1_BAD_VER, DTLS1_2_VERSION,
863 SSL_MEDIUM | SSL_FIPS,
864 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
870 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
871 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
876 SSL3_VERSION, TLS1_2_VERSION,
877 DTLS1_BAD_VER, DTLS1_2_VERSION,
879 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
885 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
886 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
891 SSL3_VERSION, TLS1_2_VERSION,
892 DTLS1_BAD_VER, DTLS1_2_VERSION,
894 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
900 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
901 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
906 SSL3_VERSION, TLS1_2_VERSION,
907 DTLS1_BAD_VER, DTLS1_2_VERSION,
908 SSL_STRONG_NONE | SSL_FIPS,
909 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
915 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
916 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
921 SSL3_VERSION, TLS1_2_VERSION,
922 DTLS1_BAD_VER, DTLS1_2_VERSION,
923 SSL_MEDIUM | SSL_FIPS,
924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
930 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
931 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
936 SSL3_VERSION, TLS1_2_VERSION,
937 DTLS1_BAD_VER, DTLS1_2_VERSION,
939 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
945 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
946 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
951 SSL3_VERSION, TLS1_2_VERSION,
952 DTLS1_BAD_VER, DTLS1_2_VERSION,
954 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
960 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
961 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
966 SSL3_VERSION, TLS1_2_VERSION,
967 DTLS1_BAD_VER, DTLS1_2_VERSION,
968 SSL_STRONG_NONE | SSL_FIPS,
969 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
975 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
976 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
981 SSL3_VERSION, TLS1_2_VERSION,
982 DTLS1_BAD_VER, DTLS1_2_VERSION,
983 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
984 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
990 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
991 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
996 SSL3_VERSION, TLS1_2_VERSION,
997 DTLS1_BAD_VER, DTLS1_2_VERSION,
998 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
999 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1005 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1006 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1011 SSL3_VERSION, TLS1_2_VERSION,
1012 DTLS1_BAD_VER, DTLS1_2_VERSION,
1013 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1014 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1020 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1021 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1026 TLS1_2_VERSION, TLS1_2_VERSION,
1027 DTLS1_2_VERSION, DTLS1_2_VERSION,
1028 SSL_HIGH | SSL_FIPS,
1029 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1035 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1036 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1041 TLS1_2_VERSION, TLS1_2_VERSION,
1042 DTLS1_2_VERSION, DTLS1_2_VERSION,
1043 SSL_HIGH | SSL_FIPS,
1044 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1050 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1051 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1056 TLS1_2_VERSION, TLS1_2_VERSION,
1057 DTLS1_2_VERSION, DTLS1_2_VERSION,
1058 SSL_HIGH | SSL_FIPS,
1059 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1065 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1066 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1071 TLS1_2_VERSION, TLS1_2_VERSION,
1072 DTLS1_2_VERSION, DTLS1_2_VERSION,
1073 SSL_HIGH | SSL_FIPS,
1074 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1080 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1081 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1086 TLS1_2_VERSION, TLS1_2_VERSION,
1087 DTLS1_2_VERSION, DTLS1_2_VERSION,
1088 SSL_HIGH | SSL_FIPS,
1089 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1095 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1096 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1101 TLS1_2_VERSION, TLS1_2_VERSION,
1102 DTLS1_2_VERSION, DTLS1_2_VERSION,
1103 SSL_HIGH | SSL_FIPS,
1104 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1110 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1111 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1116 TLS1_2_VERSION, TLS1_2_VERSION,
1117 DTLS1_2_VERSION, DTLS1_2_VERSION,
1118 SSL_HIGH | SSL_FIPS,
1119 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1125 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1126 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1131 TLS1_2_VERSION, TLS1_2_VERSION,
1132 DTLS1_2_VERSION, DTLS1_2_VERSION,
1133 SSL_HIGH | SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1138 #endif /* OPENSSL_NO_EC */
1140 #ifndef OPENSSL_NO_PSK
1143 TLS1_TXT_PSK_WITH_NULL_SHA,
1144 TLS1_CK_PSK_WITH_NULL_SHA,
1149 SSL3_VERSION, TLS1_2_VERSION,
1150 DTLS1_BAD_VER, DTLS1_2_VERSION,
1151 SSL_STRONG_NONE | SSL_FIPS,
1152 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1158 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1159 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1164 SSL3_VERSION, TLS1_2_VERSION,
1165 DTLS1_BAD_VER, DTLS1_2_VERSION,
1166 SSL_STRONG_NONE | SSL_FIPS,
1167 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1173 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1174 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1179 SSL3_VERSION, TLS1_2_VERSION,
1180 DTLS1_BAD_VER, DTLS1_2_VERSION,
1181 SSL_STRONG_NONE | SSL_FIPS,
1182 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1188 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1189 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1194 SSL3_VERSION, TLS1_2_VERSION,
1195 DTLS1_BAD_VER, DTLS1_2_VERSION,
1196 SSL_MEDIUM | SSL_FIPS,
1197 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1203 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1204 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1209 SSL3_VERSION, TLS1_2_VERSION,
1210 DTLS1_BAD_VER, DTLS1_2_VERSION,
1211 SSL_HIGH | SSL_FIPS,
1212 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1218 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1219 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1224 SSL3_VERSION, TLS1_2_VERSION,
1225 DTLS1_BAD_VER, DTLS1_2_VERSION,
1226 SSL_HIGH | SSL_FIPS,
1227 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1233 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1234 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1239 SSL3_VERSION, TLS1_2_VERSION,
1240 DTLS1_BAD_VER, DTLS1_2_VERSION,
1241 SSL_MEDIUM | SSL_FIPS,
1242 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1248 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1249 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1254 SSL3_VERSION, TLS1_2_VERSION,
1255 DTLS1_BAD_VER, DTLS1_2_VERSION,
1256 SSL_HIGH | SSL_FIPS,
1257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1263 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1264 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1269 SSL3_VERSION, TLS1_2_VERSION,
1270 DTLS1_BAD_VER, DTLS1_2_VERSION,
1271 SSL_HIGH | SSL_FIPS,
1272 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1278 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1279 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1284 SSL3_VERSION, TLS1_2_VERSION,
1285 DTLS1_BAD_VER, DTLS1_2_VERSION,
1286 SSL_MEDIUM | SSL_FIPS,
1287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1293 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1294 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1299 SSL3_VERSION, TLS1_2_VERSION,
1300 DTLS1_BAD_VER, DTLS1_2_VERSION,
1301 SSL_HIGH | SSL_FIPS,
1302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1308 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1309 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1314 SSL3_VERSION, TLS1_2_VERSION,
1315 DTLS1_BAD_VER, DTLS1_2_VERSION,
1316 SSL_HIGH | SSL_FIPS,
1317 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1323 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1324 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1329 TLS1_2_VERSION, TLS1_2_VERSION,
1330 DTLS1_2_VERSION, DTLS1_2_VERSION,
1331 SSL_HIGH | SSL_FIPS,
1332 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1338 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1339 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1344 TLS1_2_VERSION, TLS1_2_VERSION,
1345 DTLS1_2_VERSION, DTLS1_2_VERSION,
1346 SSL_HIGH | SSL_FIPS,
1347 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1353 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1354 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1359 TLS1_2_VERSION, TLS1_2_VERSION,
1360 DTLS1_2_VERSION, DTLS1_2_VERSION,
1361 SSL_HIGH | SSL_FIPS,
1362 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1368 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1369 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1374 TLS1_2_VERSION, TLS1_2_VERSION,
1375 DTLS1_2_VERSION, DTLS1_2_VERSION,
1376 SSL_HIGH | SSL_FIPS,
1377 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1383 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1384 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1389 TLS1_2_VERSION, TLS1_2_VERSION,
1390 DTLS1_2_VERSION, DTLS1_2_VERSION,
1391 SSL_HIGH | SSL_FIPS,
1392 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1398 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1399 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1404 TLS1_2_VERSION, TLS1_2_VERSION,
1405 DTLS1_2_VERSION, DTLS1_2_VERSION,
1406 SSL_HIGH | SSL_FIPS,
1407 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1413 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1414 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1419 TLS1_VERSION, TLS1_2_VERSION,
1420 DTLS1_BAD_VER, DTLS1_2_VERSION,
1421 SSL_HIGH | SSL_FIPS,
1422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1428 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1429 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1434 TLS1_VERSION, TLS1_2_VERSION,
1435 DTLS1_BAD_VER, DTLS1_2_VERSION,
1436 SSL_HIGH | SSL_FIPS,
1437 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1443 TLS1_TXT_PSK_WITH_NULL_SHA256,
1444 TLS1_CK_PSK_WITH_NULL_SHA256,
1449 TLS1_VERSION, TLS1_2_VERSION,
1450 DTLS1_BAD_VER, DTLS1_2_VERSION,
1451 SSL_STRONG_NONE | SSL_FIPS,
1452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1458 TLS1_TXT_PSK_WITH_NULL_SHA384,
1459 TLS1_CK_PSK_WITH_NULL_SHA384,
1464 TLS1_VERSION, TLS1_2_VERSION,
1465 DTLS1_BAD_VER, DTLS1_2_VERSION,
1466 SSL_STRONG_NONE | SSL_FIPS,
1467 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1473 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1474 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1479 TLS1_VERSION, TLS1_2_VERSION,
1480 DTLS1_BAD_VER, DTLS1_2_VERSION,
1481 SSL_HIGH | SSL_FIPS,
1482 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1488 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1489 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1494 TLS1_VERSION, TLS1_2_VERSION,
1495 DTLS1_BAD_VER, DTLS1_2_VERSION,
1496 SSL_HIGH | SSL_FIPS,
1497 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1503 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1504 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1509 TLS1_VERSION, TLS1_2_VERSION,
1510 DTLS1_BAD_VER, DTLS1_2_VERSION,
1511 SSL_STRONG_NONE | SSL_FIPS,
1512 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1518 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1519 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1524 TLS1_VERSION, TLS1_2_VERSION,
1525 DTLS1_BAD_VER, DTLS1_2_VERSION,
1526 SSL_STRONG_NONE | SSL_FIPS,
1527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1533 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1534 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1539 TLS1_VERSION, TLS1_2_VERSION,
1540 DTLS1_BAD_VER, DTLS1_2_VERSION,
1541 SSL_HIGH | SSL_FIPS,
1542 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1548 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1549 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1554 TLS1_VERSION, TLS1_2_VERSION,
1555 DTLS1_BAD_VER, DTLS1_2_VERSION,
1556 SSL_HIGH | SSL_FIPS,
1557 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1563 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1564 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1569 TLS1_VERSION, TLS1_2_VERSION,
1570 DTLS1_BAD_VER, DTLS1_2_VERSION,
1571 SSL_STRONG_NONE | SSL_FIPS,
1572 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1578 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1579 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1584 TLS1_VERSION, TLS1_2_VERSION,
1585 DTLS1_BAD_VER, DTLS1_2_VERSION,
1586 SSL_STRONG_NONE | SSL_FIPS,
1587 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1591 # ifndef OPENSSL_NO_EC
1594 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1595 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1600 SSL3_VERSION, TLS1_2_VERSION,
1601 DTLS1_BAD_VER, DTLS1_2_VERSION,
1602 SSL_MEDIUM | SSL_FIPS,
1603 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1609 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1610 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1615 SSL3_VERSION, TLS1_2_VERSION,
1616 DTLS1_BAD_VER, DTLS1_2_VERSION,
1617 SSL_HIGH | SSL_FIPS,
1618 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1624 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1625 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1630 SSL3_VERSION, TLS1_2_VERSION,
1631 DTLS1_BAD_VER, DTLS1_2_VERSION,
1632 SSL_HIGH | SSL_FIPS,
1633 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1639 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1640 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1645 TLS1_VERSION, TLS1_2_VERSION,
1646 DTLS1_BAD_VER, DTLS1_2_VERSION,
1647 SSL_HIGH | SSL_FIPS,
1648 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1654 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1655 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1660 TLS1_VERSION, TLS1_2_VERSION,
1661 DTLS1_BAD_VER, DTLS1_2_VERSION,
1662 SSL_HIGH | SSL_FIPS,
1663 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1669 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1670 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1675 SSL3_VERSION, TLS1_2_VERSION,
1676 DTLS1_BAD_VER, DTLS1_2_VERSION,
1677 SSL_STRONG_NONE | SSL_FIPS,
1678 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1684 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1685 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1690 TLS1_VERSION, TLS1_2_VERSION,
1691 DTLS1_BAD_VER, DTLS1_2_VERSION,
1692 SSL_STRONG_NONE | SSL_FIPS,
1693 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1699 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1700 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1705 TLS1_VERSION, TLS1_2_VERSION,
1706 DTLS1_BAD_VER, DTLS1_2_VERSION,
1707 SSL_STRONG_NONE | SSL_FIPS,
1708 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1712 # endif /* OPENSSL_NO_EC */
1713 #endif /* OPENSSL_NO_PSK */
1715 #ifndef OPENSSL_NO_SRP
1718 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1719 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1724 SSL3_VERSION, TLS1_2_VERSION,
1725 DTLS1_BAD_VER, DTLS1_2_VERSION,
1727 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1733 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1734 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1739 SSL3_VERSION, TLS1_2_VERSION,
1740 DTLS1_BAD_VER, DTLS1_2_VERSION,
1742 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1748 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1749 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1754 SSL3_VERSION, TLS1_2_VERSION,
1755 DTLS1_BAD_VER, DTLS1_2_VERSION,
1756 SSL_NOT_DEFAULT | SSL_MEDIUM,
1757 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1763 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1764 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1769 SSL3_VERSION, TLS1_2_VERSION,
1770 DTLS1_BAD_VER, DTLS1_2_VERSION,
1772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1778 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1779 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1784 SSL3_VERSION, TLS1_2_VERSION,
1785 DTLS1_BAD_VER, DTLS1_2_VERSION,
1787 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1793 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1794 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1799 SSL3_VERSION, TLS1_2_VERSION,
1800 DTLS1_BAD_VER, DTLS1_2_VERSION,
1801 SSL_NOT_DEFAULT | SSL_HIGH,
1802 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1808 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1809 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1814 SSL3_VERSION, TLS1_2_VERSION,
1815 DTLS1_BAD_VER, DTLS1_2_VERSION,
1817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1823 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1824 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1829 SSL3_VERSION, TLS1_2_VERSION,
1830 DTLS1_BAD_VER, DTLS1_2_VERSION,
1832 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1838 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1839 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1844 SSL3_VERSION, TLS1_2_VERSION,
1845 DTLS1_BAD_VER, DTLS1_2_VERSION,
1846 SSL_NOT_DEFAULT | SSL_HIGH,
1847 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1851 #endif /* OPENSSL_NO_SRP */
1853 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1854 # ifndef OPENSSL_NO_RSA
1857 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1858 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1861 SSL_CHACHA20POLY1305,
1863 TLS1_2_VERSION, TLS1_2_VERSION,
1864 DTLS1_2_VERSION, DTLS1_2_VERSION,
1866 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1870 # endif /* OPENSSL_NO_RSA */
1872 # ifndef OPENSSL_NO_EC
1875 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1876 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1879 SSL_CHACHA20POLY1305,
1881 TLS1_2_VERSION, TLS1_2_VERSION,
1882 DTLS1_2_VERSION, DTLS1_2_VERSION,
1884 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1890 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1891 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1894 SSL_CHACHA20POLY1305,
1896 TLS1_2_VERSION, TLS1_2_VERSION,
1897 DTLS1_2_VERSION, DTLS1_2_VERSION,
1899 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1903 # endif /* OPENSSL_NO_EC */
1905 # ifndef OPENSSL_NO_PSK
1908 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
1909 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
1912 SSL_CHACHA20POLY1305,
1914 TLS1_2_VERSION, TLS1_2_VERSION,
1915 DTLS1_2_VERSION, DTLS1_2_VERSION,
1917 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1923 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1924 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1927 SSL_CHACHA20POLY1305,
1929 TLS1_2_VERSION, TLS1_2_VERSION,
1930 DTLS1_2_VERSION, DTLS1_2_VERSION,
1932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1938 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
1939 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
1942 SSL_CHACHA20POLY1305,
1944 TLS1_2_VERSION, TLS1_2_VERSION,
1945 DTLS1_2_VERSION, DTLS1_2_VERSION,
1947 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1953 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
1954 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
1957 SSL_CHACHA20POLY1305,
1959 TLS1_2_VERSION, TLS1_2_VERSION,
1960 DTLS1_2_VERSION, DTLS1_2_VERSION,
1962 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1966 # endif /* OPENSSL_NO_PSK */
1967 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1969 #ifndef OPENSSL_NO_CAMELLIA
1972 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1973 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1978 TLS1_2_VERSION, TLS1_2_VERSION,
1979 DTLS1_2_VERSION, DTLS1_2_VERSION,
1980 SSL_NOT_DEFAULT | SSL_HIGH,
1981 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1987 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1988 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1993 TLS1_2_VERSION, TLS1_2_VERSION,
1994 DTLS1_2_VERSION, DTLS1_2_VERSION,
1995 SSL_NOT_DEFAULT | SSL_HIGH,
1996 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2002 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2003 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2008 TLS1_2_VERSION, TLS1_2_VERSION,
2009 DTLS1_2_VERSION, DTLS1_2_VERSION,
2010 SSL_NOT_DEFAULT | SSL_HIGH,
2011 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2017 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2018 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2023 TLS1_2_VERSION, TLS1_2_VERSION,
2024 DTLS1_2_VERSION, DTLS1_2_VERSION,
2025 SSL_NOT_DEFAULT | SSL_HIGH,
2026 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2032 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2033 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2038 TLS1_2_VERSION, TLS1_2_VERSION,
2039 DTLS1_2_VERSION, DTLS1_2_VERSION,
2040 SSL_NOT_DEFAULT | SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2047 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2048 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2053 TLS1_2_VERSION, TLS1_2_VERSION,
2054 DTLS1_2_VERSION, DTLS1_2_VERSION,
2055 SSL_NOT_DEFAULT | SSL_HIGH,
2056 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2062 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2063 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2068 TLS1_2_VERSION, TLS1_2_VERSION,
2069 DTLS1_2_VERSION, DTLS1_2_VERSION,
2070 SSL_NOT_DEFAULT | SSL_HIGH,
2071 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2077 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2078 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2083 TLS1_2_VERSION, TLS1_2_VERSION,
2084 DTLS1_2_VERSION, DTLS1_2_VERSION,
2085 SSL_NOT_DEFAULT | SSL_HIGH,
2086 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2092 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2093 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2098 SSL3_VERSION, TLS1_2_VERSION,
2099 DTLS1_BAD_VER, DTLS1_2_VERSION,
2100 SSL_NOT_DEFAULT | SSL_HIGH,
2101 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2107 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2108 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2113 SSL3_VERSION, TLS1_2_VERSION,
2114 DTLS1_BAD_VER, DTLS1_2_VERSION,
2115 SSL_NOT_DEFAULT | SSL_HIGH,
2116 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2122 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2123 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2128 SSL3_VERSION, TLS1_2_VERSION,
2129 DTLS1_BAD_VER, DTLS1_2_VERSION,
2130 SSL_NOT_DEFAULT | SSL_HIGH,
2131 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2137 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2138 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2143 SSL3_VERSION, TLS1_2_VERSION,
2144 DTLS1_BAD_VER, DTLS1_2_VERSION,
2145 SSL_NOT_DEFAULT | SSL_HIGH,
2146 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2152 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2153 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2158 SSL3_VERSION, TLS1_2_VERSION,
2159 DTLS1_BAD_VER, DTLS1_2_VERSION,
2160 SSL_NOT_DEFAULT | SSL_HIGH,
2161 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2167 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2168 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2173 SSL3_VERSION, TLS1_2_VERSION,
2174 DTLS1_BAD_VER, DTLS1_2_VERSION,
2175 SSL_NOT_DEFAULT | SSL_HIGH,
2176 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2182 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2183 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2188 SSL3_VERSION, TLS1_2_VERSION,
2189 DTLS1_BAD_VER, DTLS1_2_VERSION,
2190 SSL_NOT_DEFAULT | SSL_HIGH,
2191 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2197 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2198 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2203 SSL3_VERSION, TLS1_2_VERSION,
2204 DTLS1_BAD_VER, DTLS1_2_VERSION,
2205 SSL_NOT_DEFAULT | SSL_HIGH,
2206 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2211 # ifndef OPENSSL_NO_EC
2214 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2215 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2220 TLS1_2_VERSION, TLS1_2_VERSION,
2221 DTLS1_2_VERSION, DTLS1_2_VERSION,
2222 SSL_NOT_DEFAULT | SSL_HIGH,
2223 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2229 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2230 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2235 TLS1_2_VERSION, TLS1_2_VERSION,
2236 DTLS1_2_VERSION, DTLS1_2_VERSION,
2237 SSL_NOT_DEFAULT | SSL_HIGH,
2238 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2244 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2245 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2250 TLS1_2_VERSION, TLS1_2_VERSION,
2251 DTLS1_2_VERSION, DTLS1_2_VERSION,
2252 SSL_NOT_DEFAULT | SSL_HIGH,
2253 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2259 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2260 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2265 TLS1_2_VERSION, TLS1_2_VERSION,
2266 DTLS1_2_VERSION, DTLS1_2_VERSION,
2267 SSL_NOT_DEFAULT | SSL_HIGH,
2268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2272 # endif /* OPENSSL_NO_EC */
2274 # ifndef OPENSSL_NO_PSK
2277 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2278 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2283 TLS1_VERSION, TLS1_2_VERSION,
2284 DTLS1_BAD_VER, DTLS1_2_VERSION,
2285 SSL_NOT_DEFAULT | SSL_HIGH,
2286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2292 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2293 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2298 TLS1_VERSION, TLS1_2_VERSION,
2299 DTLS1_BAD_VER, DTLS1_2_VERSION,
2300 SSL_NOT_DEFAULT | SSL_HIGH,
2301 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2307 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2308 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2313 TLS1_VERSION, TLS1_2_VERSION,
2314 DTLS1_BAD_VER, DTLS1_2_VERSION,
2315 SSL_NOT_DEFAULT | SSL_HIGH,
2316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2322 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2323 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2328 TLS1_VERSION, TLS1_2_VERSION,
2329 DTLS1_BAD_VER, DTLS1_2_VERSION,
2330 SSL_NOT_DEFAULT | SSL_HIGH,
2331 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2337 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2338 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2343 TLS1_VERSION, TLS1_2_VERSION,
2344 DTLS1_BAD_VER, DTLS1_2_VERSION,
2345 SSL_NOT_DEFAULT | SSL_HIGH,
2346 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2352 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2353 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2358 TLS1_VERSION, TLS1_2_VERSION,
2359 DTLS1_BAD_VER, DTLS1_2_VERSION,
2360 SSL_NOT_DEFAULT | SSL_HIGH,
2361 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2367 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2368 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2373 TLS1_VERSION, TLS1_2_VERSION,
2374 DTLS1_BAD_VER, DTLS1_2_VERSION,
2375 SSL_NOT_DEFAULT | SSL_HIGH,
2376 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2382 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2383 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2388 TLS1_VERSION, TLS1_2_VERSION,
2389 DTLS1_BAD_VER, DTLS1_2_VERSION,
2390 SSL_NOT_DEFAULT | SSL_HIGH,
2391 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2395 # endif /* OPENSSL_NO_PSK */
2397 #endif /* OPENSSL_NO_CAMELLIA */
2399 #ifndef OPENSSL_NO_GOST
2402 "GOST2001-GOST89-GOST89",
2406 SSL_eGOST2814789CNT,
2408 TLS1_VERSION, TLS1_2_VERSION,
2411 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2417 "GOST2001-NULL-GOST94",
2423 TLS1_VERSION, TLS1_2_VERSION,
2426 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2432 "GOST2012-GOST8912-GOST8912",
2435 SSL_aGOST12 | SSL_aGOST01,
2436 SSL_eGOST2814789CNT12,
2438 TLS1_VERSION, TLS1_2_VERSION,
2441 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2447 "GOST2012-NULL-GOST12",
2450 SSL_aGOST12 | SSL_aGOST01,
2453 TLS1_VERSION, TLS1_2_VERSION,
2456 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2459 #endif /* OPENSSL_NO_GOST */
2461 #ifndef OPENSSL_NO_IDEA
2464 SSL3_TXT_RSA_IDEA_128_SHA,
2465 SSL3_CK_RSA_IDEA_128_SHA,
2470 SSL3_VERSION, TLS1_1_VERSION,
2471 DTLS1_BAD_VER, DTLS1_VERSION,
2472 SSL_NOT_DEFAULT | SSL_MEDIUM,
2473 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2479 #ifndef OPENSSL_NO_SEED
2482 TLS1_TXT_RSA_WITH_SEED_SHA,
2483 TLS1_CK_RSA_WITH_SEED_SHA,
2488 SSL3_VERSION, TLS1_2_VERSION,
2489 DTLS1_BAD_VER, DTLS1_2_VERSION,
2490 SSL_NOT_DEFAULT | SSL_MEDIUM,
2491 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2497 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2498 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2503 SSL3_VERSION, TLS1_2_VERSION,
2504 DTLS1_BAD_VER, DTLS1_2_VERSION,
2505 SSL_NOT_DEFAULT | SSL_MEDIUM,
2506 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2512 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2513 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2518 SSL3_VERSION, TLS1_2_VERSION,
2519 DTLS1_BAD_VER, DTLS1_2_VERSION,
2520 SSL_NOT_DEFAULT | SSL_MEDIUM,
2521 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2527 TLS1_TXT_ADH_WITH_SEED_SHA,
2528 TLS1_CK_ADH_WITH_SEED_SHA,
2533 SSL3_VERSION, TLS1_2_VERSION,
2534 DTLS1_BAD_VER, DTLS1_2_VERSION,
2535 SSL_NOT_DEFAULT | SSL_MEDIUM,
2536 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2540 #endif /* OPENSSL_NO_SEED */
2542 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2545 SSL3_TXT_RSA_RC4_128_MD5,
2546 SSL3_CK_RSA_RC4_128_MD5,
2551 SSL3_VERSION, TLS1_2_VERSION,
2553 SSL_NOT_DEFAULT | SSL_MEDIUM,
2554 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2560 SSL3_TXT_RSA_RC4_128_SHA,
2561 SSL3_CK_RSA_RC4_128_SHA,
2566 SSL3_VERSION, TLS1_2_VERSION,
2568 SSL_NOT_DEFAULT | SSL_MEDIUM,
2569 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2575 SSL3_TXT_ADH_RC4_128_MD5,
2576 SSL3_CK_ADH_RC4_128_MD5,
2581 SSL3_VERSION, TLS1_2_VERSION,
2583 SSL_NOT_DEFAULT | SSL_MEDIUM,
2584 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2589 # ifndef OPENSSL_NO_EC
2592 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2593 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2598 SSL3_VERSION, TLS1_2_VERSION,
2600 SSL_NOT_DEFAULT | SSL_MEDIUM,
2601 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2607 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2608 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2613 SSL3_VERSION, TLS1_2_VERSION,
2615 SSL_NOT_DEFAULT | SSL_MEDIUM,
2616 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2622 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2623 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2628 SSL3_VERSION, TLS1_2_VERSION,
2630 SSL_NOT_DEFAULT | SSL_MEDIUM,
2631 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2637 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2638 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2643 SSL3_VERSION, TLS1_2_VERSION,
2645 SSL_NOT_DEFAULT | SSL_MEDIUM,
2646 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2650 # endif /* OPENSSL_NO_EC */
2652 # ifndef OPENSSL_NO_PSK
2655 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2656 TLS1_CK_PSK_WITH_RC4_128_SHA,
2661 SSL3_VERSION, TLS1_2_VERSION,
2663 SSL_NOT_DEFAULT | SSL_MEDIUM,
2664 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2670 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2671 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2676 SSL3_VERSION, TLS1_2_VERSION,
2678 SSL_NOT_DEFAULT | SSL_MEDIUM,
2679 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2685 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2686 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2691 SSL3_VERSION, TLS1_2_VERSION,
2693 SSL_NOT_DEFAULT | SSL_MEDIUM,
2694 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2698 # endif /* OPENSSL_NO_PSK */
2700 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2705 static int cipher_compare(const void *a, const void *b)
2707 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2708 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2710 return ap->id - bp->id;
2713 void ssl_sort_cipher_list(void)
2715 qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
2720 const SSL3_ENC_METHOD SSLv3_enc_data = {
2723 ssl3_setup_key_block,
2724 ssl3_generate_master_secret,
2725 ssl3_change_cipher_state,
2726 ssl3_final_finish_mac,
2727 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2728 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2729 SSL3_MD_SERVER_FINISHED_CONST, 4,
2731 (int (*)(SSL *, unsigned char *, size_t, const char *,
2732 size_t, const unsigned char *, size_t,
2733 int use_context))ssl_undefined_function,
2735 SSL3_HM_HEADER_LENGTH,
2736 ssl3_set_handshake_header,
2737 ssl3_handshake_write
2740 long ssl3_default_timeout(void)
2743 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2744 * http, the cache would over fill
2746 return (60 * 60 * 2);
2749 int ssl3_num_ciphers(void)
2751 return (SSL3_NUM_CIPHERS);
2754 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2756 if (u < SSL3_NUM_CIPHERS)
2757 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2762 int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2764 unsigned char *p = (unsigned char *)s->init_buf->data;
2767 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2773 int ssl3_handshake_write(SSL *s)
2775 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2778 int ssl3_new(SSL *s)
2782 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2786 #ifndef OPENSSL_NO_SRP
2787 if (!SSL_SRP_CTX_init(s))
2790 s->method->ssl_clear(s);
2796 void ssl3_free(SSL *s)
2798 if (s == NULL || s->s3 == NULL)
2801 ssl3_cleanup_key_block(s);
2803 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2804 EVP_PKEY_free(s->s3->peer_tmp);
2805 s->s3->peer_tmp = NULL;
2806 EVP_PKEY_free(s->s3->tmp.pkey);
2807 s->s3->tmp.pkey = NULL;
2810 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2811 OPENSSL_free(s->s3->tmp.ciphers_raw);
2812 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2813 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2814 ssl3_free_digest_list(s);
2815 OPENSSL_free(s->s3->alpn_selected);
2816 OPENSSL_free(s->s3->alpn_proposed);
2818 #ifndef OPENSSL_NO_SRP
2819 SSL_SRP_CTX_free(s);
2821 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2825 void ssl3_clear(SSL *s)
2827 ssl3_cleanup_key_block(s);
2828 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2829 OPENSSL_free(s->s3->tmp.ciphers_raw);
2830 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2831 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2833 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2834 EVP_PKEY_free(s->s3->tmp.pkey);
2835 EVP_PKEY_free(s->s3->peer_tmp);
2836 #endif /* !OPENSSL_NO_EC */
2838 ssl3_free_digest_list(s);
2840 OPENSSL_free(s->s3->alpn_selected);
2841 OPENSSL_free(s->s3->alpn_proposed);
2843 /* NULL/zero-out everything in the s3 struct */
2844 memset(s->s3, 0, sizeof(*s->s3));
2846 ssl_free_wbio_buffer(s);
2848 s->version = SSL3_VERSION;
2850 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2851 OPENSSL_free(s->next_proto_negotiated);
2852 s->next_proto_negotiated = NULL;
2853 s->next_proto_negotiated_len = 0;
2857 #ifndef OPENSSL_NO_SRP
2858 static char *srp_password_from_info_cb(SSL *s, void *arg)
2860 return OPENSSL_strdup(s->srp_ctx.info);
2864 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
2867 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2872 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2874 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2875 ret = s->s3->num_renegotiations;
2877 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2878 ret = s->s3->num_renegotiations;
2879 s->s3->num_renegotiations = 0;
2881 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2882 ret = s->s3->total_renegotiations;
2884 case SSL_CTRL_GET_FLAGS:
2885 ret = (int)(s->s3->flags);
2887 #ifndef OPENSSL_NO_DH
2888 case SSL_CTRL_SET_TMP_DH:
2890 DH *dh = (DH *)parg;
2891 EVP_PKEY *pkdh = NULL;
2893 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2896 pkdh = ssl_dh_to_pkey(dh);
2898 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2901 if (!ssl_security(s, SSL_SECOP_TMP_DH,
2902 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
2903 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
2904 EVP_PKEY_free(pkdh);
2907 EVP_PKEY_free(s->cert->dh_tmp);
2908 s->cert->dh_tmp = pkdh;
2912 case SSL_CTRL_SET_TMP_DH_CB:
2914 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2917 case SSL_CTRL_SET_DH_AUTO:
2918 s->cert->dh_tmp_auto = larg;
2921 #ifndef OPENSSL_NO_EC
2922 case SSL_CTRL_SET_TMP_ECDH:
2924 const EC_GROUP *group = NULL;
2928 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2931 group = EC_KEY_get0_group((const EC_KEY *)parg);
2932 if (group == NULL) {
2933 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
2936 nid = EC_GROUP_get_curve_name(group);
2937 if (nid == NID_undef)
2939 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
2940 &s->tlsext_ellipticcurvelist_length,
2944 #endif /* !OPENSSL_NO_EC */
2945 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2946 if (larg == TLSEXT_NAMETYPE_host_name) {
2949 OPENSSL_free(s->tlsext_hostname);
2950 s->tlsext_hostname = NULL;
2955 len = strlen((char *)parg);
2956 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
2957 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2960 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
2961 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2965 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2969 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2970 s->tlsext_debug_arg = parg;
2974 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
2975 ret = s->tlsext_status_type;
2978 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2979 s->tlsext_status_type = larg;
2983 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2984 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2988 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2989 s->tlsext_ocsp_exts = parg;
2993 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2994 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2998 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2999 s->tlsext_ocsp_ids = parg;
3003 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3004 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3005 return s->tlsext_ocsp_resplen;
3007 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3008 OPENSSL_free(s->tlsext_ocsp_resp);
3009 s->tlsext_ocsp_resp = parg;
3010 s->tlsext_ocsp_resplen = larg;
3014 #ifndef OPENSSL_NO_HEARTBEATS
3015 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3017 ret = dtls1_heartbeat(s);
3020 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3022 ret = s->tlsext_hb_pending;
3025 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3026 if (SSL_IS_DTLS(s)) {
3028 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3030 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3036 case SSL_CTRL_CHAIN:
3038 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3040 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3042 case SSL_CTRL_CHAIN_CERT:
3044 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3046 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3048 case SSL_CTRL_GET_CHAIN_CERTS:
3049 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3052 case SSL_CTRL_SELECT_CURRENT_CERT:
3053 return ssl_cert_select_current(s->cert, (X509 *)parg);
3055 case SSL_CTRL_SET_CURRENT_CERT:
3056 if (larg == SSL_CERT_SET_SERVER) {
3058 const SSL_CIPHER *cipher;
3061 cipher = s->s3->tmp.new_cipher;
3065 * No certificate for unauthenticated ciphersuites or using SRP
3068 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3070 cpk = ssl_get_server_send_pkey(s);
3076 return ssl_cert_set_current(s->cert, larg);
3078 #ifndef OPENSSL_NO_EC
3079 case SSL_CTRL_GET_CURVES:
3081 unsigned char *clist;
3085 clist = s->session->tlsext_ellipticcurvelist;
3086 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3090 unsigned int cid, nid;
3091 for (i = 0; i < clistlen; i++) {
3093 nid = tls1_ec_curve_id2nid(cid, NULL);
3097 cptr[i] = TLSEXT_nid_unknown | cid;
3100 return (int)clistlen;
3103 case SSL_CTRL_SET_CURVES:
3104 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3105 &s->tlsext_ellipticcurvelist_length,
3108 case SSL_CTRL_SET_CURVES_LIST:
3109 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3110 &s->tlsext_ellipticcurvelist_length,
3113 case SSL_CTRL_GET_SHARED_CURVE:
3114 return tls1_shared_curve(s, larg);
3117 case SSL_CTRL_SET_SIGALGS:
3118 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3120 case SSL_CTRL_SET_SIGALGS_LIST:
3121 return tls1_set_sigalgs_list(s->cert, parg, 0);
3123 case SSL_CTRL_SET_CLIENT_SIGALGS:
3124 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3126 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3127 return tls1_set_sigalgs_list(s->cert, parg, 1);
3129 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3131 const unsigned char **pctype = parg;
3132 if (s->server || !s->s3->tmp.cert_req)
3134 if (s->cert->ctypes) {
3136 *pctype = s->cert->ctypes;
3137 return (int)s->cert->ctype_num;
3140 *pctype = (unsigned char *)s->s3->tmp.ctype;
3141 return s->s3->tmp.ctype_num;
3144 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3147 return ssl3_set_req_cert_type(s->cert, parg, larg);
3149 case SSL_CTRL_BUILD_CERT_CHAIN:
3150 return ssl_build_cert_chain(s, NULL, larg);
3152 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3153 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3155 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3156 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3158 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3159 if (SSL_USE_SIGALGS(s)) {
3162 sig = s->s3->tmp.peer_md;
3164 *(int *)parg = EVP_MD_type(sig);
3170 /* Might want to do something here for other versions */
3174 case SSL_CTRL_GET_SERVER_TMP_KEY:
3175 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3176 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3179 EVP_PKEY_up_ref(s->s3->peer_tmp);
3180 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3186 #ifndef OPENSSL_NO_EC
3187 case SSL_CTRL_GET_EC_POINT_FORMATS:
3189 SSL_SESSION *sess = s->session;
3190 const unsigned char **pformat = parg;
3191 if (!sess || !sess->tlsext_ecpointformatlist)
3193 *pformat = sess->tlsext_ecpointformatlist;
3194 return (int)sess->tlsext_ecpointformatlist_length;
3204 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3209 #ifndef OPENSSL_NO_DH
3210 case SSL_CTRL_SET_TMP_DH_CB:
3212 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3216 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3217 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3218 const unsigned char *, int, void *))fp;
3221 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3223 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3232 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3235 #ifndef OPENSSL_NO_DH
3236 case SSL_CTRL_SET_TMP_DH:
3238 DH *dh = (DH *)parg;
3239 EVP_PKEY *pkdh = NULL;
3241 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3244 pkdh = ssl_dh_to_pkey(dh);
3246 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3249 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3250 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3251 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3252 EVP_PKEY_free(pkdh);
3255 EVP_PKEY_free(ctx->cert->dh_tmp);
3256 ctx->cert->dh_tmp = pkdh;
3262 case SSL_CTRL_SET_TMP_DH_CB:
3264 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3267 case SSL_CTRL_SET_DH_AUTO:
3268 ctx->cert->dh_tmp_auto = larg;
3271 #ifndef OPENSSL_NO_EC
3272 case SSL_CTRL_SET_TMP_ECDH:
3274 const EC_GROUP *group = NULL;
3278 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3281 group = EC_KEY_get0_group((const EC_KEY *)parg);
3282 if (group == NULL) {
3283 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3286 nid = EC_GROUP_get_curve_name(group);
3287 if (nid == NID_undef)
3289 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3290 &ctx->tlsext_ellipticcurvelist_length,
3294 #endif /* !OPENSSL_NO_EC */
3295 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3296 ctx->tlsext_servername_arg = parg;
3298 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3299 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3301 unsigned char *keys = parg;
3302 long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
3303 sizeof(ctx->tlsext_tick_hmac_key) + sizeof(ctx->tlsext_tick_aes_key));
3305 return tlsext_tick_keylen;
3306 if (larg != tlsext_tick_keylen) {
3307 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3310 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3311 memcpy(ctx->tlsext_tick_key_name, keys,
3312 sizeof(ctx->tlsext_tick_key_name));
3313 memcpy(ctx->tlsext_tick_hmac_key,
3314 keys + sizeof(ctx->tlsext_tick_key_name),
3315 sizeof(ctx->tlsext_tick_hmac_key));
3316 memcpy(ctx->tlsext_tick_aes_key,
3317 keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
3318 sizeof(ctx->tlsext_tick_aes_key));
3320 memcpy(keys, ctx->tlsext_tick_key_name,
3321 sizeof(ctx->tlsext_tick_key_name));
3322 memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
3323 ctx->tlsext_tick_hmac_key,
3324 sizeof(ctx->tlsext_tick_hmac_key));
3325 memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
3326 ctx->tlsext_tick_aes_key,
3327 sizeof(ctx->tlsext_tick_aes_key));
3332 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3333 return ctx->tlsext_status_type;
3335 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3336 ctx->tlsext_status_type = larg;
3339 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3340 ctx->tlsext_status_arg = parg;
3343 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3344 *(void**)parg = ctx->tlsext_status_arg;
3347 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3348 *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb;
3351 #ifndef OPENSSL_NO_SRP
3352 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3353 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3354 OPENSSL_free(ctx->srp_ctx.login);
3355 ctx->srp_ctx.login = NULL;
3358 if (strlen((const char *)parg) > 255
3359 || strlen((const char *)parg) < 1) {
3360 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3363 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3364 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3368 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3369 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3370 srp_password_from_info_cb;
3371 ctx->srp_ctx.info = parg;
3373 case SSL_CTRL_SET_SRP_ARG:
3374 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3375 ctx->srp_ctx.SRP_cb_arg = parg;
3378 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3379 ctx->srp_ctx.strength = larg;
3383 #ifndef OPENSSL_NO_EC
3384 case SSL_CTRL_SET_CURVES:
3385 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3386 &ctx->tlsext_ellipticcurvelist_length,
3389 case SSL_CTRL_SET_CURVES_LIST:
3390 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3391 &ctx->tlsext_ellipticcurvelist_length,
3394 case SSL_CTRL_SET_SIGALGS:
3395 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3397 case SSL_CTRL_SET_SIGALGS_LIST:
3398 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3400 case SSL_CTRL_SET_CLIENT_SIGALGS:
3401 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3403 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3404 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3406 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3407 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3409 case SSL_CTRL_BUILD_CERT_CHAIN:
3410 return ssl_build_cert_chain(NULL, ctx, larg);
3412 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3413 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3415 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3416 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3418 /* A Thawte special :-) */
3419 case SSL_CTRL_EXTRA_CHAIN_CERT:
3420 if (ctx->extra_certs == NULL) {
3421 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3422 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3426 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3427 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3432 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3433 if (ctx->extra_certs == NULL && larg == 0)
3434 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3436 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3439 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3440 sk_X509_pop_free(ctx->extra_certs, X509_free);
3441 ctx->extra_certs = NULL;
3444 case SSL_CTRL_CHAIN:
3446 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3448 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3450 case SSL_CTRL_CHAIN_CERT:
3452 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3454 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3456 case SSL_CTRL_GET_CHAIN_CERTS:
3457 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3460 case SSL_CTRL_SELECT_CURRENT_CERT:
3461 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3463 case SSL_CTRL_SET_CURRENT_CERT:
3464 return ssl_cert_set_current(ctx->cert, larg);
3472 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3475 #ifndef OPENSSL_NO_DH
3476 case SSL_CTRL_SET_TMP_DH_CB:
3478 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3482 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3483 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3486 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3487 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3490 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3491 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3494 HMAC_CTX *, int))fp;
3497 #ifndef OPENSSL_NO_SRP
3498 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3499 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3500 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3502 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3503 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3504 ctx->srp_ctx.TLS_ext_srp_username_callback =
3505 (int (*)(SSL *, int *, void *))fp;
3507 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3508 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3509 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3510 (char *(*)(SSL *, void *))fp;
3513 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3515 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3525 * This function needs to check if the ciphers required are actually
3528 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3531 const SSL_CIPHER *cp;
3534 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
3536 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3540 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3546 if ((l & 0xff000000) != 0x03000000)
3548 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3549 p[1] = ((unsigned char)(l)) & 0xFF;
3555 * ssl3_choose_cipher - choose a cipher from those offered by the client
3556 * @s: SSL connection
3557 * @clnt: ciphers offered by the client
3558 * @srvr: ciphers enabled on the server?
3560 * Returns the selected cipher or NULL when no common ciphers.
3562 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3563 STACK_OF(SSL_CIPHER) *srvr)
3565 const SSL_CIPHER *c, *ret = NULL;
3566 STACK_OF(SSL_CIPHER) *prio, *allow;
3568 unsigned long alg_k, alg_a, mask_k, mask_a;
3570 /* Let's see which ciphers we can support */
3574 * Do not set the compare functions, because this may lead to a
3575 * reordering by "id". We want to keep the original ordering. We may pay
3576 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3577 * pay with the price of sk_SSL_CIPHER_dup().
3579 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3580 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3584 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3586 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3587 c = sk_SSL_CIPHER_value(srvr, i);
3588 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3590 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3592 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3593 c = sk_SSL_CIPHER_value(clnt, i);
3594 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3598 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3606 tls1_set_cert_validity(s);
3609 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3610 c = sk_SSL_CIPHER_value(prio, i);
3612 /* Skip ciphers not supported by the protocol version */
3613 if (!SSL_IS_DTLS(s) &&
3614 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3616 if (SSL_IS_DTLS(s) &&
3617 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3618 DTLS_VERSION_GT(s->version, c->max_dtls)))
3621 mask_k = s->s3->tmp.mask_k;
3622 mask_a = s->s3->tmp.mask_a;
3623 #ifndef OPENSSL_NO_SRP
3624 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3630 alg_k = c->algorithm_mkey;
3631 alg_a = c->algorithm_auth;
3633 #ifndef OPENSSL_NO_PSK
3634 /* with PSK there must be server callback set */
3635 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3637 #endif /* OPENSSL_NO_PSK */
3639 ok = (alg_k & mask_k) && (alg_a & mask_a);
3641 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3642 alg_a, mask_k, mask_a, (void *)c, c->name);
3645 # ifndef OPENSSL_NO_EC
3647 * if we are considering an ECC cipher suite that uses an ephemeral
3650 if (alg_k & SSL_kECDHE)
3651 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3652 # endif /* OPENSSL_NO_EC */
3656 ii = sk_SSL_CIPHER_find(allow, c);
3658 /* Check security callback permits this cipher */
3659 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3660 c->strength_bits, 0, (void *)c))
3662 #if !defined(OPENSSL_NO_EC)
3663 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3664 && s->s3->is_probably_safari) {
3666 ret = sk_SSL_CIPHER_value(allow, ii);
3670 ret = sk_SSL_CIPHER_value(allow, ii);
3677 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3680 uint32_t alg_k, alg_a = 0;
3682 /* If we have custom certificate types set, use them */
3683 if (s->cert->ctypes) {
3684 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
3685 return (int)s->cert->ctype_num;
3687 /* Get mask of algorithms disabled by signature list */
3688 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3690 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3692 #ifndef OPENSSL_NO_GOST
3693 if (s->version >= TLS1_VERSION) {
3694 if (alg_k & SSL_kGOST) {
3695 p[ret++] = TLS_CT_GOST01_SIGN;
3696 p[ret++] = TLS_CT_GOST12_SIGN;
3697 p[ret++] = TLS_CT_GOST12_512_SIGN;
3703 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3704 #ifndef OPENSSL_NO_DH
3705 # ifndef OPENSSL_NO_RSA
3706 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3708 # ifndef OPENSSL_NO_DSA
3709 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3711 #endif /* !OPENSSL_NO_DH */
3713 #ifndef OPENSSL_NO_RSA
3714 if (!(alg_a & SSL_aRSA))
3715 p[ret++] = SSL3_CT_RSA_SIGN;
3717 #ifndef OPENSSL_NO_DSA
3718 if (!(alg_a & SSL_aDSS))
3719 p[ret++] = SSL3_CT_DSS_SIGN;
3721 #ifndef OPENSSL_NO_EC
3723 * ECDSA certs can be used with RSA cipher suites too so we don't
3724 * need to check for SSL_kECDH or SSL_kECDHE
3726 if (s->version >= TLS1_VERSION) {
3727 if (!(alg_a & SSL_aECDSA))
3728 p[ret++] = TLS_CT_ECDSA_SIGN;
3734 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3736 OPENSSL_free(c->ctypes);
3742 c->ctypes = OPENSSL_malloc(len);
3743 if (c->ctypes == NULL)
3745 memcpy(c->ctypes, p, len);
3750 int ssl3_shutdown(SSL *s)
3755 * Don't do anything much if we have not done the handshake or we don't
3756 * want to send messages :-)
3758 if (s->quiet_shutdown || SSL_in_before(s)) {
3759 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3763 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3764 s->shutdown |= SSL_SENT_SHUTDOWN;
3765 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3767 * our shutdown alert has been sent now, and if it still needs to be
3768 * written, s->s3->alert_dispatch will be true
3770 if (s->s3->alert_dispatch)
3771 return (-1); /* return WANT_WRITE */
3772 } else if (s->s3->alert_dispatch) {
3773 /* resend it if not sent */
3774 ret = s->method->ssl_dispatch_alert(s);
3777 * we only get to return -1 here the 2nd/Nth invocation, we must
3778 * have already signalled return 0 upon a previous invocation,
3783 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3785 * If we are waiting for a close from our peer, we are closed
3787 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
3788 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3789 return (-1); /* return WANT_READ */
3793 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3794 !s->s3->alert_dispatch)
3800 int ssl3_write(SSL *s, const void *buf, int len)
3803 if (s->s3->renegotiate)
3804 ssl3_renegotiate_check(s);
3806 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
3810 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3815 if (s->s3->renegotiate)
3816 ssl3_renegotiate_check(s);
3817 s->s3->in_read_app_data = 1;
3819 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3821 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3823 * ssl3_read_bytes decided to call s->handshake_func, which called
3824 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3825 * actually found application data and thinks that application data
3826 * makes sense here; so disable handshake processing and try to read
3827 * application data again.
3829 ossl_statem_set_in_handshake(s, 1);
3831 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3833 ossl_statem_set_in_handshake(s, 0);
3835 s->s3->in_read_app_data = 0;
3840 int ssl3_read(SSL *s, void *buf, int len)
3842 return ssl3_read_internal(s, buf, len, 0);
3845 int ssl3_peek(SSL *s, void *buf, int len)
3847 return ssl3_read_internal(s, buf, len, 1);
3850 int ssl3_renegotiate(SSL *s)
3852 if (s->handshake_func == NULL)
3855 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3858 s->s3->renegotiate = 1;
3862 int ssl3_renegotiate_check(SSL *s)
3866 if (s->s3->renegotiate) {
3867 if (!RECORD_LAYER_read_pending(&s->rlayer)
3868 && !RECORD_LAYER_write_pending(&s->rlayer)
3869 && !SSL_in_init(s)) {
3871 * if we are the server, and we have sent a 'RENEGOTIATE'
3872 * message, we need to set the state machine into the renegotiate
3875 ossl_statem_set_renegotiate(s);
3876 s->s3->renegotiate = 0;
3877 s->s3->num_renegotiations++;
3878 s->s3->total_renegotiations++;
3886 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3887 * handshake macs if required.
3889 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3891 long ssl_get_algorithm2(SSL *s)
3894 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
3896 alg2 = s->s3->tmp.new_cipher->algorithm2;
3897 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3898 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3899 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3900 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3901 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3902 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3908 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3909 * failure, 1 on success.
3911 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
3918 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
3920 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
3922 unsigned long Time = (unsigned long)time(NULL);
3923 unsigned char *p = result;
3925 return RAND_bytes(p, len - 4);
3927 return RAND_bytes(result, len);
3930 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
3933 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3934 if (alg_k & SSL_PSK) {
3935 #ifndef OPENSSL_NO_PSK
3936 unsigned char *pskpms, *t;
3937 size_t psklen = s->s3->tmp.psklen;
3940 /* create PSK premaster_secret */
3942 /* For plain PSK "other_secret" is psklen zeroes */
3943 if (alg_k & SSL_kPSK)
3946 pskpmslen = 4 + pmslen + psklen;
3947 pskpms = OPENSSL_malloc(pskpmslen);
3948 if (pskpms == NULL) {
3949 s->session->master_key_length = 0;
3954 if (alg_k & SSL_kPSK)
3955 memset(t, 0, pmslen);
3957 memcpy(t, pms, pmslen);
3960 memcpy(t, s->s3->tmp.psk, psklen);
3962 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
3963 s->s3->tmp.psk = NULL;
3964 s->session->master_key_length =
3965 s->method->ssl3_enc->generate_master_secret(s,
3966 s->session->master_key,
3968 OPENSSL_clear_free(pskpms, pskpmslen);
3970 /* Should never happen */
3971 s->session->master_key_length = 0;
3975 s->session->master_key_length =
3976 s->method->ssl3_enc->generate_master_secret(s,
3977 s->session->master_key,
3984 OPENSSL_clear_free(pms, pmslen);
3986 OPENSSL_cleanse(pms, pmslen);
3989 s->s3->tmp.pms = NULL;
3990 return s->session->master_key_length >= 0;
3993 /* Generate a private key from parameters */
3994 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
3996 EVP_PKEY_CTX *pctx = NULL;
3997 EVP_PKEY *pkey = NULL;
4001 pctx = EVP_PKEY_CTX_new(pm, NULL);
4004 if (EVP_PKEY_keygen_init(pctx) <= 0)
4006 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4007 EVP_PKEY_free(pkey);
4012 EVP_PKEY_CTX_free(pctx);
4015 #ifndef OPENSSL_NO_EC
4016 /* Generate a private key a curve ID */
4017 EVP_PKEY *ssl_generate_pkey_curve(int id)
4019 EVP_PKEY_CTX *pctx = NULL;
4020 EVP_PKEY *pkey = NULL;
4021 unsigned int curve_flags;
4022 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4026 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4027 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4030 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4034 if (EVP_PKEY_keygen_init(pctx) <= 0)
4036 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4038 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4039 EVP_PKEY_free(pkey);
4044 EVP_PKEY_CTX_free(pctx);
4048 /* Derive premaster or master secret for ECDH/DH */
4049 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4052 unsigned char *pms = NULL;
4056 if (privkey == NULL || pubkey == NULL)
4059 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4061 if (EVP_PKEY_derive_init(pctx) <= 0
4062 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4063 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4067 pms = OPENSSL_malloc(pmslen);
4071 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4075 /* For server generate master secret and discard premaster */
4076 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4079 /* For client just save premaster secret */
4080 s->s3->tmp.pms = pms;
4081 s->s3->tmp.pmslen = pmslen;
4087 OPENSSL_clear_free(pms, pmslen);
4088 EVP_PKEY_CTX_free(pctx);
4092 #ifndef OPENSSL_NO_DH
4093 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4098 ret = EVP_PKEY_new();
4099 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {