2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
51 #include <openssl/objects.h>
53 #include <openssl/md5.h>
54 #include <openssl/dh.h>
55 #include <openssl/rand.h>
57 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
60 * The list of available ciphers, mostly organized into the following
65 * SRP (within that: RSA EC PSK)
66 * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
69 static SSL_CIPHER ssl3_ciphers[] = {
72 SSL3_TXT_RSA_NULL_MD5,
78 SSL3_VERSION, TLS1_2_VERSION,
79 DTLS1_BAD_VER, DTLS1_2_VERSION,
81 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
87 SSL3_TXT_RSA_NULL_SHA,
93 SSL3_VERSION, TLS1_2_VERSION,
94 DTLS1_BAD_VER, DTLS1_2_VERSION,
95 SSL_STRONG_NONE | SSL_FIPS,
96 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
100 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
103 SSL3_TXT_RSA_DES_192_CBC3_SHA,
104 SSL3_CK_RSA_DES_192_CBC3_SHA,
109 SSL3_VERSION, TLS1_2_VERSION,
110 DTLS1_BAD_VER, DTLS1_2_VERSION,
111 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
112 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
118 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
119 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
124 SSL3_VERSION, TLS1_2_VERSION,
125 DTLS1_BAD_VER, DTLS1_2_VERSION,
126 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
127 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
133 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
134 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
139 SSL3_VERSION, TLS1_2_VERSION,
140 DTLS1_BAD_VER, DTLS1_2_VERSION,
141 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
142 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
148 SSL3_TXT_ADH_DES_192_CBC_SHA,
149 SSL3_CK_ADH_DES_192_CBC_SHA,
154 SSL3_VERSION, TLS1_2_VERSION,
155 DTLS1_BAD_VER, DTLS1_2_VERSION,
156 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
157 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
164 TLS1_TXT_RSA_WITH_AES_128_SHA,
165 TLS1_CK_RSA_WITH_AES_128_SHA,
170 SSL3_VERSION, TLS1_2_VERSION,
171 DTLS1_BAD_VER, DTLS1_2_VERSION,
173 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
179 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
180 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
185 SSL3_VERSION, TLS1_2_VERSION,
186 DTLS1_BAD_VER, DTLS1_2_VERSION,
187 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
188 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
194 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
195 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
200 SSL3_VERSION, TLS1_2_VERSION,
201 DTLS1_BAD_VER, DTLS1_2_VERSION,
203 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
209 TLS1_TXT_ADH_WITH_AES_128_SHA,
210 TLS1_CK_ADH_WITH_AES_128_SHA,
215 SSL3_VERSION, TLS1_2_VERSION,
216 DTLS1_BAD_VER, DTLS1_2_VERSION,
217 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
218 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
224 TLS1_TXT_RSA_WITH_AES_256_SHA,
225 TLS1_CK_RSA_WITH_AES_256_SHA,
230 SSL3_VERSION, TLS1_2_VERSION,
231 DTLS1_BAD_VER, DTLS1_2_VERSION,
233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
239 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
240 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
245 SSL3_VERSION, TLS1_2_VERSION,
246 DTLS1_BAD_VER, DTLS1_2_VERSION,
247 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
248 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
254 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
255 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
260 SSL3_VERSION, TLS1_2_VERSION,
261 DTLS1_BAD_VER, DTLS1_2_VERSION,
263 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
269 TLS1_TXT_ADH_WITH_AES_256_SHA,
270 TLS1_CK_ADH_WITH_AES_256_SHA,
275 SSL3_VERSION, TLS1_2_VERSION,
276 DTLS1_BAD_VER, DTLS1_2_VERSION,
277 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
278 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
284 TLS1_TXT_RSA_WITH_NULL_SHA256,
285 TLS1_CK_RSA_WITH_NULL_SHA256,
290 TLS1_2_VERSION, TLS1_2_VERSION,
291 DTLS1_2_VERSION, DTLS1_2_VERSION,
292 SSL_STRONG_NONE | SSL_FIPS,
293 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
299 TLS1_TXT_RSA_WITH_AES_128_SHA256,
300 TLS1_CK_RSA_WITH_AES_128_SHA256,
305 TLS1_2_VERSION, TLS1_2_VERSION,
306 DTLS1_2_VERSION, DTLS1_2_VERSION,
308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
314 TLS1_TXT_RSA_WITH_AES_256_SHA256,
315 TLS1_CK_RSA_WITH_AES_256_SHA256,
320 TLS1_2_VERSION, TLS1_2_VERSION,
321 DTLS1_2_VERSION, DTLS1_2_VERSION,
323 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
329 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
330 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
335 TLS1_2_VERSION, TLS1_2_VERSION,
336 DTLS1_2_VERSION, DTLS1_2_VERSION,
337 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
344 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
345 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
350 TLS1_2_VERSION, TLS1_2_VERSION,
351 DTLS1_2_VERSION, DTLS1_2_VERSION,
353 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
359 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
360 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
365 TLS1_2_VERSION, TLS1_2_VERSION,
366 DTLS1_2_VERSION, DTLS1_2_VERSION,
367 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
368 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
374 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
375 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
380 TLS1_2_VERSION, TLS1_2_VERSION,
381 DTLS1_2_VERSION, DTLS1_2_VERSION,
383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
389 TLS1_TXT_ADH_WITH_AES_128_SHA256,
390 TLS1_CK_ADH_WITH_AES_128_SHA256,
395 TLS1_2_VERSION, TLS1_2_VERSION,
396 DTLS1_2_VERSION, DTLS1_2_VERSION,
397 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
398 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
404 TLS1_TXT_ADH_WITH_AES_256_SHA256,
405 TLS1_CK_ADH_WITH_AES_256_SHA256,
410 TLS1_2_VERSION, TLS1_2_VERSION,
411 DTLS1_2_VERSION, DTLS1_2_VERSION,
412 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
413 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
419 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
420 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
425 TLS1_2_VERSION, TLS1_2_VERSION,
426 DTLS1_2_VERSION, DTLS1_2_VERSION,
428 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
434 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
435 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
440 TLS1_2_VERSION, TLS1_2_VERSION,
441 DTLS1_2_VERSION, DTLS1_2_VERSION,
443 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
449 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
450 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
455 TLS1_2_VERSION, TLS1_2_VERSION,
456 DTLS1_2_VERSION, DTLS1_2_VERSION,
458 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
464 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
470 TLS1_2_VERSION, TLS1_2_VERSION,
471 DTLS1_2_VERSION, DTLS1_2_VERSION,
473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
479 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
485 TLS1_2_VERSION, TLS1_2_VERSION,
486 DTLS1_2_VERSION, DTLS1_2_VERSION,
487 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
488 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
494 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
495 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
500 TLS1_2_VERSION, TLS1_2_VERSION,
501 DTLS1_2_VERSION, DTLS1_2_VERSION,
502 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
503 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
509 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
510 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
515 TLS1_2_VERSION, TLS1_2_VERSION,
516 DTLS1_2_VERSION, DTLS1_2_VERSION,
517 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
518 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
524 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
525 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
530 TLS1_2_VERSION, TLS1_2_VERSION,
531 DTLS1_2_VERSION, DTLS1_2_VERSION,
532 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
533 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
539 TLS1_TXT_RSA_WITH_AES_128_CCM,
540 TLS1_CK_RSA_WITH_AES_128_CCM,
545 TLS1_2_VERSION, TLS1_2_VERSION,
546 DTLS1_2_VERSION, DTLS1_2_VERSION,
547 SSL_NOT_DEFAULT | SSL_HIGH,
548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
554 TLS1_TXT_RSA_WITH_AES_256_CCM,
555 TLS1_CK_RSA_WITH_AES_256_CCM,
560 TLS1_2_VERSION, TLS1_2_VERSION,
561 DTLS1_2_VERSION, DTLS1_2_VERSION,
562 SSL_NOT_DEFAULT | SSL_HIGH,
563 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
569 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
570 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
575 TLS1_2_VERSION, TLS1_2_VERSION,
576 DTLS1_2_VERSION, DTLS1_2_VERSION,
577 SSL_NOT_DEFAULT | SSL_HIGH,
578 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
584 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
585 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
590 TLS1_2_VERSION, TLS1_2_VERSION,
591 DTLS1_2_VERSION, DTLS1_2_VERSION,
592 SSL_NOT_DEFAULT | SSL_HIGH,
593 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
599 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
600 TLS1_CK_RSA_WITH_AES_128_CCM_8,
605 TLS1_2_VERSION, TLS1_2_VERSION,
606 DTLS1_2_VERSION, DTLS1_2_VERSION,
607 SSL_NOT_DEFAULT | SSL_HIGH,
608 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
614 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
615 TLS1_CK_RSA_WITH_AES_256_CCM_8,
620 TLS1_2_VERSION, TLS1_2_VERSION,
621 DTLS1_2_VERSION, DTLS1_2_VERSION,
622 SSL_NOT_DEFAULT | SSL_HIGH,
623 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
629 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
630 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
635 TLS1_2_VERSION, TLS1_2_VERSION,
636 DTLS1_2_VERSION, DTLS1_2_VERSION,
637 SSL_NOT_DEFAULT | SSL_HIGH,
638 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
644 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
645 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
650 TLS1_2_VERSION, TLS1_2_VERSION,
651 DTLS1_2_VERSION, DTLS1_2_VERSION,
652 SSL_NOT_DEFAULT | SSL_HIGH,
653 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
659 TLS1_TXT_PSK_WITH_AES_128_CCM,
660 TLS1_CK_PSK_WITH_AES_128_CCM,
665 TLS1_2_VERSION, TLS1_2_VERSION,
666 DTLS1_2_VERSION, DTLS1_2_VERSION,
667 SSL_NOT_DEFAULT | SSL_HIGH,
668 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
674 TLS1_TXT_PSK_WITH_AES_256_CCM,
675 TLS1_CK_PSK_WITH_AES_256_CCM,
680 TLS1_2_VERSION, TLS1_2_VERSION,
681 DTLS1_2_VERSION, DTLS1_2_VERSION,
682 SSL_NOT_DEFAULT | SSL_HIGH,
683 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
689 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
690 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
695 TLS1_2_VERSION, TLS1_2_VERSION,
696 DTLS1_2_VERSION, DTLS1_2_VERSION,
697 SSL_NOT_DEFAULT | SSL_HIGH,
698 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
704 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
705 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
712 SSL_NOT_DEFAULT | SSL_HIGH,
713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
719 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
720 TLS1_CK_PSK_WITH_AES_128_CCM_8,
725 TLS1_2_VERSION, TLS1_2_VERSION,
726 DTLS1_2_VERSION, DTLS1_2_VERSION,
727 SSL_NOT_DEFAULT | SSL_HIGH,
728 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
734 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
735 TLS1_CK_PSK_WITH_AES_256_CCM_8,
740 TLS1_2_VERSION, TLS1_2_VERSION,
741 DTLS1_2_VERSION, DTLS1_2_VERSION,
742 SSL_NOT_DEFAULT | SSL_HIGH,
743 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
749 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
750 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
755 TLS1_2_VERSION, TLS1_2_VERSION,
756 DTLS1_2_VERSION, DTLS1_2_VERSION,
757 SSL_NOT_DEFAULT | SSL_HIGH,
758 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
764 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
765 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
770 TLS1_2_VERSION, TLS1_2_VERSION,
771 DTLS1_2_VERSION, DTLS1_2_VERSION,
772 SSL_NOT_DEFAULT | SSL_HIGH,
773 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
779 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
780 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
785 TLS1_2_VERSION, TLS1_2_VERSION,
786 DTLS1_2_VERSION, DTLS1_2_VERSION,
787 SSL_NOT_DEFAULT | SSL_HIGH,
788 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
794 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
795 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
800 TLS1_2_VERSION, TLS1_2_VERSION,
801 DTLS1_2_VERSION, DTLS1_2_VERSION,
802 SSL_NOT_DEFAULT | SSL_HIGH,
803 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
809 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
810 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
815 TLS1_2_VERSION, TLS1_2_VERSION,
816 DTLS1_2_VERSION, DTLS1_2_VERSION,
817 SSL_NOT_DEFAULT | SSL_HIGH,
818 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
824 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
825 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
830 TLS1_2_VERSION, TLS1_2_VERSION,
831 DTLS1_2_VERSION, DTLS1_2_VERSION,
832 SSL_NOT_DEFAULT | SSL_HIGH,
833 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
839 TLS1_3_TXT_AES_128_GCM_SHA256,
840 TLS1_3_CK_AES_128_GCM_SHA256,
844 TLS1_3_VERSION, TLS1_3_VERSION,
848 SSL_HANDSHAKE_MAC_SHA256,
854 TLS1_3_TXT_AES_256_GCM_SHA384,
855 TLS1_3_CK_AES_256_GCM_SHA384,
860 TLS1_3_VERSION, TLS1_3_VERSION,
863 SSL_HANDSHAKE_MAC_SHA384,
867 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
870 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
871 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
874 SSL_CHACHA20POLY1305,
876 TLS1_3_VERSION, TLS1_3_VERSION,
879 SSL_HANDSHAKE_MAC_SHA256,
886 TLS1_3_TXT_AES_128_CCM_SHA256,
887 TLS1_3_CK_AES_128_CCM_SHA256,
892 TLS1_3_VERSION, TLS1_3_VERSION,
894 SSL_NOT_DEFAULT | SSL_HIGH,
895 SSL_HANDSHAKE_MAC_SHA256,
901 TLS1_3_TXT_AES_128_CCM_8_SHA256,
902 TLS1_3_CK_AES_128_CCM_8_SHA256,
907 TLS1_3_VERSION, TLS1_3_VERSION,
909 SSL_NOT_DEFAULT | SSL_HIGH,
910 SSL_HANDSHAKE_MAC_SHA256,
915 #ifndef OPENSSL_NO_EC
918 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
919 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
924 SSL3_VERSION, TLS1_2_VERSION,
925 DTLS1_BAD_VER, DTLS1_2_VERSION,
926 SSL_STRONG_NONE | SSL_FIPS,
927 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
931 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
934 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
935 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
940 SSL3_VERSION, TLS1_2_VERSION,
941 DTLS1_BAD_VER, DTLS1_2_VERSION,
942 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
943 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
950 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
951 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
956 SSL3_VERSION, TLS1_2_VERSION,
957 DTLS1_BAD_VER, DTLS1_2_VERSION,
959 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
965 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
966 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
971 SSL3_VERSION, TLS1_2_VERSION,
972 DTLS1_BAD_VER, DTLS1_2_VERSION,
974 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
980 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
981 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
986 SSL3_VERSION, TLS1_2_VERSION,
987 DTLS1_BAD_VER, DTLS1_2_VERSION,
988 SSL_STRONG_NONE | SSL_FIPS,
989 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
993 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
996 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
997 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1002 SSL3_VERSION, TLS1_2_VERSION,
1003 DTLS1_BAD_VER, DTLS1_2_VERSION,
1004 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1012 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1013 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1018 SSL3_VERSION, TLS1_2_VERSION,
1019 DTLS1_BAD_VER, DTLS1_2_VERSION,
1020 SSL_HIGH | SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1027 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1028 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1033 SSL3_VERSION, TLS1_2_VERSION,
1034 DTLS1_BAD_VER, DTLS1_2_VERSION,
1035 SSL_HIGH | SSL_FIPS,
1036 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1042 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1043 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1048 SSL3_VERSION, TLS1_2_VERSION,
1049 DTLS1_BAD_VER, DTLS1_2_VERSION,
1050 SSL_STRONG_NONE | SSL_FIPS,
1051 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1055 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1058 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1059 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1064 SSL3_VERSION, TLS1_2_VERSION,
1065 DTLS1_BAD_VER, DTLS1_2_VERSION,
1066 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1067 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1074 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1075 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1080 SSL3_VERSION, TLS1_2_VERSION,
1081 DTLS1_BAD_VER, DTLS1_2_VERSION,
1082 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1083 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1089 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1090 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1095 SSL3_VERSION, TLS1_2_VERSION,
1096 DTLS1_BAD_VER, DTLS1_2_VERSION,
1097 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1098 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1104 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1105 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1110 TLS1_2_VERSION, TLS1_2_VERSION,
1111 DTLS1_2_VERSION, DTLS1_2_VERSION,
1112 SSL_HIGH | SSL_FIPS,
1113 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1119 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1120 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1125 TLS1_2_VERSION, TLS1_2_VERSION,
1126 DTLS1_2_VERSION, DTLS1_2_VERSION,
1127 SSL_HIGH | SSL_FIPS,
1128 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1134 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1135 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1140 TLS1_2_VERSION, TLS1_2_VERSION,
1141 DTLS1_2_VERSION, DTLS1_2_VERSION,
1142 SSL_HIGH | SSL_FIPS,
1143 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1149 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1150 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1155 TLS1_2_VERSION, TLS1_2_VERSION,
1156 DTLS1_2_VERSION, DTLS1_2_VERSION,
1157 SSL_HIGH | SSL_FIPS,
1158 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1164 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1165 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1170 TLS1_2_VERSION, TLS1_2_VERSION,
1171 DTLS1_2_VERSION, DTLS1_2_VERSION,
1172 SSL_HIGH | SSL_FIPS,
1173 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1179 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1180 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1185 TLS1_2_VERSION, TLS1_2_VERSION,
1186 DTLS1_2_VERSION, DTLS1_2_VERSION,
1187 SSL_HIGH | SSL_FIPS,
1188 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1194 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1195 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1200 TLS1_2_VERSION, TLS1_2_VERSION,
1201 DTLS1_2_VERSION, DTLS1_2_VERSION,
1202 SSL_HIGH | SSL_FIPS,
1203 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1209 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1210 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1215 TLS1_2_VERSION, TLS1_2_VERSION,
1216 DTLS1_2_VERSION, DTLS1_2_VERSION,
1217 SSL_HIGH | SSL_FIPS,
1218 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1222 #endif /* OPENSSL_NO_EC */
1224 #ifndef OPENSSL_NO_PSK
1227 TLS1_TXT_PSK_WITH_NULL_SHA,
1228 TLS1_CK_PSK_WITH_NULL_SHA,
1233 SSL3_VERSION, TLS1_2_VERSION,
1234 DTLS1_BAD_VER, DTLS1_2_VERSION,
1235 SSL_STRONG_NONE | SSL_FIPS,
1236 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1242 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1243 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1248 SSL3_VERSION, TLS1_2_VERSION,
1249 DTLS1_BAD_VER, DTLS1_2_VERSION,
1250 SSL_STRONG_NONE | SSL_FIPS,
1251 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1257 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1258 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1263 SSL3_VERSION, TLS1_2_VERSION,
1264 DTLS1_BAD_VER, DTLS1_2_VERSION,
1265 SSL_STRONG_NONE | SSL_FIPS,
1266 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1270 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1273 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1274 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1279 SSL3_VERSION, TLS1_2_VERSION,
1280 DTLS1_BAD_VER, DTLS1_2_VERSION,
1281 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1282 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1289 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1290 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1295 SSL3_VERSION, TLS1_2_VERSION,
1296 DTLS1_BAD_VER, DTLS1_2_VERSION,
1297 SSL_HIGH | SSL_FIPS,
1298 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1304 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1305 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1310 SSL3_VERSION, TLS1_2_VERSION,
1311 DTLS1_BAD_VER, DTLS1_2_VERSION,
1312 SSL_HIGH | SSL_FIPS,
1313 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1317 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1320 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1321 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1326 SSL3_VERSION, TLS1_2_VERSION,
1327 DTLS1_BAD_VER, DTLS1_2_VERSION,
1328 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1329 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1336 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1337 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1342 SSL3_VERSION, TLS1_2_VERSION,
1343 DTLS1_BAD_VER, DTLS1_2_VERSION,
1344 SSL_HIGH | SSL_FIPS,
1345 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1351 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1352 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1357 SSL3_VERSION, TLS1_2_VERSION,
1358 DTLS1_BAD_VER, DTLS1_2_VERSION,
1359 SSL_HIGH | SSL_FIPS,
1360 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1364 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1367 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1368 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1373 SSL3_VERSION, TLS1_2_VERSION,
1374 DTLS1_BAD_VER, DTLS1_2_VERSION,
1375 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1376 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1383 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1384 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1389 SSL3_VERSION, TLS1_2_VERSION,
1390 DTLS1_BAD_VER, DTLS1_2_VERSION,
1391 SSL_HIGH | SSL_FIPS,
1392 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1398 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1399 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1404 SSL3_VERSION, TLS1_2_VERSION,
1405 DTLS1_BAD_VER, DTLS1_2_VERSION,
1406 SSL_HIGH | SSL_FIPS,
1407 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1413 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1414 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1419 TLS1_2_VERSION, TLS1_2_VERSION,
1420 DTLS1_2_VERSION, DTLS1_2_VERSION,
1421 SSL_HIGH | SSL_FIPS,
1422 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1428 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1429 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1434 TLS1_2_VERSION, TLS1_2_VERSION,
1435 DTLS1_2_VERSION, DTLS1_2_VERSION,
1436 SSL_HIGH | SSL_FIPS,
1437 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1443 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1444 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1449 TLS1_2_VERSION, TLS1_2_VERSION,
1450 DTLS1_2_VERSION, DTLS1_2_VERSION,
1451 SSL_HIGH | SSL_FIPS,
1452 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1458 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1459 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1464 TLS1_2_VERSION, TLS1_2_VERSION,
1465 DTLS1_2_VERSION, DTLS1_2_VERSION,
1466 SSL_HIGH | SSL_FIPS,
1467 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1473 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1474 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1479 TLS1_2_VERSION, TLS1_2_VERSION,
1480 DTLS1_2_VERSION, DTLS1_2_VERSION,
1481 SSL_HIGH | SSL_FIPS,
1482 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1488 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1489 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1494 TLS1_2_VERSION, TLS1_2_VERSION,
1495 DTLS1_2_VERSION, DTLS1_2_VERSION,
1496 SSL_HIGH | SSL_FIPS,
1497 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1503 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1504 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1509 TLS1_VERSION, TLS1_2_VERSION,
1510 DTLS1_BAD_VER, DTLS1_2_VERSION,
1511 SSL_HIGH | SSL_FIPS,
1512 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1518 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1519 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1524 TLS1_VERSION, TLS1_2_VERSION,
1525 DTLS1_BAD_VER, DTLS1_2_VERSION,
1526 SSL_HIGH | SSL_FIPS,
1527 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1533 TLS1_TXT_PSK_WITH_NULL_SHA256,
1534 TLS1_CK_PSK_WITH_NULL_SHA256,
1539 TLS1_VERSION, TLS1_2_VERSION,
1540 DTLS1_BAD_VER, DTLS1_2_VERSION,
1541 SSL_STRONG_NONE | SSL_FIPS,
1542 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1548 TLS1_TXT_PSK_WITH_NULL_SHA384,
1549 TLS1_CK_PSK_WITH_NULL_SHA384,
1554 TLS1_VERSION, TLS1_2_VERSION,
1555 DTLS1_BAD_VER, DTLS1_2_VERSION,
1556 SSL_STRONG_NONE | SSL_FIPS,
1557 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1563 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1564 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1569 TLS1_VERSION, TLS1_2_VERSION,
1570 DTLS1_BAD_VER, DTLS1_2_VERSION,
1571 SSL_HIGH | SSL_FIPS,
1572 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1578 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1579 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1584 TLS1_VERSION, TLS1_2_VERSION,
1585 DTLS1_BAD_VER, DTLS1_2_VERSION,
1586 SSL_HIGH | SSL_FIPS,
1587 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1593 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1594 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1599 TLS1_VERSION, TLS1_2_VERSION,
1600 DTLS1_BAD_VER, DTLS1_2_VERSION,
1601 SSL_STRONG_NONE | SSL_FIPS,
1602 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1608 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1609 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1614 TLS1_VERSION, TLS1_2_VERSION,
1615 DTLS1_BAD_VER, DTLS1_2_VERSION,
1616 SSL_STRONG_NONE | SSL_FIPS,
1617 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1623 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1624 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1629 TLS1_VERSION, TLS1_2_VERSION,
1630 DTLS1_BAD_VER, DTLS1_2_VERSION,
1631 SSL_HIGH | SSL_FIPS,
1632 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1638 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1639 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1644 TLS1_VERSION, TLS1_2_VERSION,
1645 DTLS1_BAD_VER, DTLS1_2_VERSION,
1646 SSL_HIGH | SSL_FIPS,
1647 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1653 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1654 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1659 TLS1_VERSION, TLS1_2_VERSION,
1660 DTLS1_BAD_VER, DTLS1_2_VERSION,
1661 SSL_STRONG_NONE | SSL_FIPS,
1662 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1668 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1669 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1674 TLS1_VERSION, TLS1_2_VERSION,
1675 DTLS1_BAD_VER, DTLS1_2_VERSION,
1676 SSL_STRONG_NONE | SSL_FIPS,
1677 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1681 # ifndef OPENSSL_NO_EC
1682 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1685 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1686 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1691 SSL3_VERSION, TLS1_2_VERSION,
1692 DTLS1_BAD_VER, DTLS1_2_VERSION,
1693 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1694 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1701 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1702 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1707 SSL3_VERSION, TLS1_2_VERSION,
1708 DTLS1_BAD_VER, DTLS1_2_VERSION,
1709 SSL_HIGH | SSL_FIPS,
1710 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1716 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1717 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1722 SSL3_VERSION, TLS1_2_VERSION,
1723 DTLS1_BAD_VER, DTLS1_2_VERSION,
1724 SSL_HIGH | SSL_FIPS,
1725 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1731 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1732 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1737 TLS1_VERSION, TLS1_2_VERSION,
1738 DTLS1_BAD_VER, DTLS1_2_VERSION,
1739 SSL_HIGH | SSL_FIPS,
1740 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1746 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1747 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1752 TLS1_VERSION, TLS1_2_VERSION,
1753 DTLS1_BAD_VER, DTLS1_2_VERSION,
1754 SSL_HIGH | SSL_FIPS,
1755 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1761 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1762 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1767 SSL3_VERSION, TLS1_2_VERSION,
1768 DTLS1_BAD_VER, DTLS1_2_VERSION,
1769 SSL_STRONG_NONE | SSL_FIPS,
1770 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1776 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1777 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1782 TLS1_VERSION, TLS1_2_VERSION,
1783 DTLS1_BAD_VER, DTLS1_2_VERSION,
1784 SSL_STRONG_NONE | SSL_FIPS,
1785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1791 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1792 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1797 TLS1_VERSION, TLS1_2_VERSION,
1798 DTLS1_BAD_VER, DTLS1_2_VERSION,
1799 SSL_STRONG_NONE | SSL_FIPS,
1800 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1804 # endif /* OPENSSL_NO_EC */
1805 #endif /* OPENSSL_NO_PSK */
1807 #ifndef OPENSSL_NO_SRP
1808 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1811 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1812 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1817 SSL3_VERSION, TLS1_2_VERSION,
1818 DTLS1_BAD_VER, DTLS1_2_VERSION,
1819 SSL_NOT_DEFAULT | SSL_MEDIUM,
1820 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1826 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1827 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1832 SSL3_VERSION, TLS1_2_VERSION,
1833 DTLS1_BAD_VER, DTLS1_2_VERSION,
1834 SSL_NOT_DEFAULT | SSL_MEDIUM,
1835 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1841 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1842 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1847 SSL3_VERSION, TLS1_2_VERSION,
1848 DTLS1_BAD_VER, DTLS1_2_VERSION,
1849 SSL_NOT_DEFAULT | SSL_MEDIUM,
1850 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1857 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1858 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1863 SSL3_VERSION, TLS1_2_VERSION,
1864 DTLS1_BAD_VER, DTLS1_2_VERSION,
1866 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1872 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1873 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1878 SSL3_VERSION, TLS1_2_VERSION,
1879 DTLS1_BAD_VER, DTLS1_2_VERSION,
1881 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1887 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1888 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1893 SSL3_VERSION, TLS1_2_VERSION,
1894 DTLS1_BAD_VER, DTLS1_2_VERSION,
1895 SSL_NOT_DEFAULT | SSL_HIGH,
1896 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1902 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1903 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1908 SSL3_VERSION, TLS1_2_VERSION,
1909 DTLS1_BAD_VER, DTLS1_2_VERSION,
1911 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1917 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1918 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1923 SSL3_VERSION, TLS1_2_VERSION,
1924 DTLS1_BAD_VER, DTLS1_2_VERSION,
1926 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1932 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1933 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1938 SSL3_VERSION, TLS1_2_VERSION,
1939 DTLS1_BAD_VER, DTLS1_2_VERSION,
1940 SSL_NOT_DEFAULT | SSL_HIGH,
1941 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1945 #endif /* OPENSSL_NO_SRP */
1947 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1948 # ifndef OPENSSL_NO_RSA
1951 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1952 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1955 SSL_CHACHA20POLY1305,
1957 TLS1_2_VERSION, TLS1_2_VERSION,
1958 DTLS1_2_VERSION, DTLS1_2_VERSION,
1960 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1964 # endif /* OPENSSL_NO_RSA */
1966 # ifndef OPENSSL_NO_EC
1969 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1970 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1973 SSL_CHACHA20POLY1305,
1975 TLS1_2_VERSION, TLS1_2_VERSION,
1976 DTLS1_2_VERSION, DTLS1_2_VERSION,
1978 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1984 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1985 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1988 SSL_CHACHA20POLY1305,
1990 TLS1_2_VERSION, TLS1_2_VERSION,
1991 DTLS1_2_VERSION, DTLS1_2_VERSION,
1993 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1997 # endif /* OPENSSL_NO_EC */
1999 # ifndef OPENSSL_NO_PSK
2002 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2003 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2006 SSL_CHACHA20POLY1305,
2008 TLS1_2_VERSION, TLS1_2_VERSION,
2009 DTLS1_2_VERSION, DTLS1_2_VERSION,
2011 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2017 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2018 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2021 SSL_CHACHA20POLY1305,
2023 TLS1_2_VERSION, TLS1_2_VERSION,
2024 DTLS1_2_VERSION, DTLS1_2_VERSION,
2026 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2032 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2033 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2036 SSL_CHACHA20POLY1305,
2038 TLS1_2_VERSION, TLS1_2_VERSION,
2039 DTLS1_2_VERSION, DTLS1_2_VERSION,
2041 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2047 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2048 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2051 SSL_CHACHA20POLY1305,
2053 TLS1_2_VERSION, TLS1_2_VERSION,
2054 DTLS1_2_VERSION, DTLS1_2_VERSION,
2056 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2060 # endif /* OPENSSL_NO_PSK */
2061 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2062 * !defined(OPENSSL_NO_POLY1305) */
2064 #ifndef OPENSSL_NO_CAMELLIA
2067 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2068 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2073 TLS1_2_VERSION, TLS1_2_VERSION,
2074 DTLS1_2_VERSION, DTLS1_2_VERSION,
2075 SSL_NOT_DEFAULT | SSL_HIGH,
2076 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2082 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2083 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2088 TLS1_2_VERSION, TLS1_2_VERSION,
2089 DTLS1_2_VERSION, DTLS1_2_VERSION,
2090 SSL_NOT_DEFAULT | SSL_HIGH,
2091 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2097 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2098 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2103 TLS1_2_VERSION, TLS1_2_VERSION,
2104 DTLS1_2_VERSION, DTLS1_2_VERSION,
2105 SSL_NOT_DEFAULT | SSL_HIGH,
2106 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2112 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2113 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2118 TLS1_2_VERSION, TLS1_2_VERSION,
2119 DTLS1_2_VERSION, DTLS1_2_VERSION,
2120 SSL_NOT_DEFAULT | SSL_HIGH,
2121 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2127 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2128 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2133 TLS1_2_VERSION, TLS1_2_VERSION,
2134 DTLS1_2_VERSION, DTLS1_2_VERSION,
2135 SSL_NOT_DEFAULT | SSL_HIGH,
2136 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2142 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2143 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2148 TLS1_2_VERSION, TLS1_2_VERSION,
2149 DTLS1_2_VERSION, DTLS1_2_VERSION,
2150 SSL_NOT_DEFAULT | SSL_HIGH,
2151 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2157 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2158 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2163 TLS1_2_VERSION, TLS1_2_VERSION,
2164 DTLS1_2_VERSION, DTLS1_2_VERSION,
2165 SSL_NOT_DEFAULT | SSL_HIGH,
2166 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2172 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2173 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2178 TLS1_2_VERSION, TLS1_2_VERSION,
2179 DTLS1_2_VERSION, DTLS1_2_VERSION,
2180 SSL_NOT_DEFAULT | SSL_HIGH,
2181 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2187 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2188 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2193 SSL3_VERSION, TLS1_2_VERSION,
2194 DTLS1_BAD_VER, DTLS1_2_VERSION,
2195 SSL_NOT_DEFAULT | SSL_HIGH,
2196 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2202 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2203 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2208 SSL3_VERSION, TLS1_2_VERSION,
2209 DTLS1_BAD_VER, DTLS1_2_VERSION,
2210 SSL_NOT_DEFAULT | SSL_HIGH,
2211 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2217 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2218 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2223 SSL3_VERSION, TLS1_2_VERSION,
2224 DTLS1_BAD_VER, DTLS1_2_VERSION,
2225 SSL_NOT_DEFAULT | SSL_HIGH,
2226 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2232 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2233 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2238 SSL3_VERSION, TLS1_2_VERSION,
2239 DTLS1_BAD_VER, DTLS1_2_VERSION,
2240 SSL_NOT_DEFAULT | SSL_HIGH,
2241 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2247 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2248 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2253 SSL3_VERSION, TLS1_2_VERSION,
2254 DTLS1_BAD_VER, DTLS1_2_VERSION,
2255 SSL_NOT_DEFAULT | SSL_HIGH,
2256 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2262 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2263 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2268 SSL3_VERSION, TLS1_2_VERSION,
2269 DTLS1_BAD_VER, DTLS1_2_VERSION,
2270 SSL_NOT_DEFAULT | SSL_HIGH,
2271 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2277 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2278 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2283 SSL3_VERSION, TLS1_2_VERSION,
2284 DTLS1_BAD_VER, DTLS1_2_VERSION,
2285 SSL_NOT_DEFAULT | SSL_HIGH,
2286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2292 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2293 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2298 SSL3_VERSION, TLS1_2_VERSION,
2299 DTLS1_BAD_VER, DTLS1_2_VERSION,
2300 SSL_NOT_DEFAULT | SSL_HIGH,
2301 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2306 # ifndef OPENSSL_NO_EC
2309 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2310 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2315 TLS1_2_VERSION, TLS1_2_VERSION,
2316 DTLS1_2_VERSION, DTLS1_2_VERSION,
2317 SSL_NOT_DEFAULT | SSL_HIGH,
2318 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2324 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2325 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2330 TLS1_2_VERSION, TLS1_2_VERSION,
2331 DTLS1_2_VERSION, DTLS1_2_VERSION,
2332 SSL_NOT_DEFAULT | SSL_HIGH,
2333 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2339 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2340 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2345 TLS1_2_VERSION, TLS1_2_VERSION,
2346 DTLS1_2_VERSION, DTLS1_2_VERSION,
2347 SSL_NOT_DEFAULT | SSL_HIGH,
2348 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2354 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2355 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2360 TLS1_2_VERSION, TLS1_2_VERSION,
2361 DTLS1_2_VERSION, DTLS1_2_VERSION,
2362 SSL_NOT_DEFAULT | SSL_HIGH,
2363 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2367 # endif /* OPENSSL_NO_EC */
2369 # ifndef OPENSSL_NO_PSK
2372 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2373 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2378 TLS1_VERSION, TLS1_2_VERSION,
2379 DTLS1_BAD_VER, DTLS1_2_VERSION,
2380 SSL_NOT_DEFAULT | SSL_HIGH,
2381 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2387 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2388 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2393 TLS1_VERSION, TLS1_2_VERSION,
2394 DTLS1_BAD_VER, DTLS1_2_VERSION,
2395 SSL_NOT_DEFAULT | SSL_HIGH,
2396 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2402 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2403 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2408 TLS1_VERSION, TLS1_2_VERSION,
2409 DTLS1_BAD_VER, DTLS1_2_VERSION,
2410 SSL_NOT_DEFAULT | SSL_HIGH,
2411 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2417 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2418 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2423 TLS1_VERSION, TLS1_2_VERSION,
2424 DTLS1_BAD_VER, DTLS1_2_VERSION,
2425 SSL_NOT_DEFAULT | SSL_HIGH,
2426 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2432 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2433 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2438 TLS1_VERSION, TLS1_2_VERSION,
2439 DTLS1_BAD_VER, DTLS1_2_VERSION,
2440 SSL_NOT_DEFAULT | SSL_HIGH,
2441 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2447 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2448 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2453 TLS1_VERSION, TLS1_2_VERSION,
2454 DTLS1_BAD_VER, DTLS1_2_VERSION,
2455 SSL_NOT_DEFAULT | SSL_HIGH,
2456 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2462 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2463 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2468 TLS1_VERSION, TLS1_2_VERSION,
2469 DTLS1_BAD_VER, DTLS1_2_VERSION,
2470 SSL_NOT_DEFAULT | SSL_HIGH,
2471 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2477 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2478 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2483 TLS1_VERSION, TLS1_2_VERSION,
2484 DTLS1_BAD_VER, DTLS1_2_VERSION,
2485 SSL_NOT_DEFAULT | SSL_HIGH,
2486 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2490 # endif /* OPENSSL_NO_PSK */
2492 #endif /* OPENSSL_NO_CAMELLIA */
2494 #ifndef OPENSSL_NO_GOST
2497 "GOST2001-GOST89-GOST89",
2501 SSL_eGOST2814789CNT,
2503 TLS1_VERSION, TLS1_2_VERSION,
2506 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2512 "GOST2001-NULL-GOST94",
2518 TLS1_VERSION, TLS1_2_VERSION,
2521 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2527 "GOST2012-GOST8912-GOST8912",
2530 SSL_aGOST12 | SSL_aGOST01,
2531 SSL_eGOST2814789CNT12,
2533 TLS1_VERSION, TLS1_2_VERSION,
2536 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2542 "GOST2012-NULL-GOST12",
2545 SSL_aGOST12 | SSL_aGOST01,
2548 TLS1_VERSION, TLS1_2_VERSION,
2551 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2555 #endif /* OPENSSL_NO_GOST */
2557 #ifndef OPENSSL_NO_IDEA
2560 SSL3_TXT_RSA_IDEA_128_SHA,
2561 SSL3_CK_RSA_IDEA_128_SHA,
2566 SSL3_VERSION, TLS1_1_VERSION,
2567 DTLS1_BAD_VER, DTLS1_VERSION,
2568 SSL_NOT_DEFAULT | SSL_MEDIUM,
2569 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2575 #ifndef OPENSSL_NO_SEED
2578 TLS1_TXT_RSA_WITH_SEED_SHA,
2579 TLS1_CK_RSA_WITH_SEED_SHA,
2584 SSL3_VERSION, TLS1_2_VERSION,
2585 DTLS1_BAD_VER, DTLS1_2_VERSION,
2586 SSL_NOT_DEFAULT | SSL_MEDIUM,
2587 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2593 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2594 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2599 SSL3_VERSION, TLS1_2_VERSION,
2600 DTLS1_BAD_VER, DTLS1_2_VERSION,
2601 SSL_NOT_DEFAULT | SSL_MEDIUM,
2602 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2608 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2609 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2614 SSL3_VERSION, TLS1_2_VERSION,
2615 DTLS1_BAD_VER, DTLS1_2_VERSION,
2616 SSL_NOT_DEFAULT | SSL_MEDIUM,
2617 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2623 TLS1_TXT_ADH_WITH_SEED_SHA,
2624 TLS1_CK_ADH_WITH_SEED_SHA,
2629 SSL3_VERSION, TLS1_2_VERSION,
2630 DTLS1_BAD_VER, DTLS1_2_VERSION,
2631 SSL_NOT_DEFAULT | SSL_MEDIUM,
2632 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2636 #endif /* OPENSSL_NO_SEED */
2638 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2641 SSL3_TXT_RSA_RC4_128_MD5,
2642 SSL3_CK_RSA_RC4_128_MD5,
2647 SSL3_VERSION, TLS1_2_VERSION,
2649 SSL_NOT_DEFAULT | SSL_MEDIUM,
2650 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2656 SSL3_TXT_RSA_RC4_128_SHA,
2657 SSL3_CK_RSA_RC4_128_SHA,
2662 SSL3_VERSION, TLS1_2_VERSION,
2664 SSL_NOT_DEFAULT | SSL_MEDIUM,
2665 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2671 SSL3_TXT_ADH_RC4_128_MD5,
2672 SSL3_CK_ADH_RC4_128_MD5,
2677 SSL3_VERSION, TLS1_2_VERSION,
2679 SSL_NOT_DEFAULT | SSL_MEDIUM,
2680 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2685 # ifndef OPENSSL_NO_EC
2688 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2689 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2694 SSL3_VERSION, TLS1_2_VERSION,
2696 SSL_NOT_DEFAULT | SSL_MEDIUM,
2697 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2703 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2704 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2709 SSL3_VERSION, TLS1_2_VERSION,
2711 SSL_NOT_DEFAULT | SSL_MEDIUM,
2712 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2718 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2719 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2724 SSL3_VERSION, TLS1_2_VERSION,
2726 SSL_NOT_DEFAULT | SSL_MEDIUM,
2727 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2733 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2734 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2739 SSL3_VERSION, TLS1_2_VERSION,
2741 SSL_NOT_DEFAULT | SSL_MEDIUM,
2742 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2746 # endif /* OPENSSL_NO_EC */
2748 # ifndef OPENSSL_NO_PSK
2751 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2752 TLS1_CK_PSK_WITH_RC4_128_SHA,
2757 SSL3_VERSION, TLS1_2_VERSION,
2759 SSL_NOT_DEFAULT | SSL_MEDIUM,
2760 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2766 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2767 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2772 SSL3_VERSION, TLS1_2_VERSION,
2774 SSL_NOT_DEFAULT | SSL_MEDIUM,
2775 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2781 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2782 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2787 SSL3_VERSION, TLS1_2_VERSION,
2789 SSL_NOT_DEFAULT | SSL_MEDIUM,
2790 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2794 # endif /* OPENSSL_NO_PSK */
2796 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2800 static int cipher_compare(const void *a, const void *b)
2802 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2803 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2805 return ap->id - bp->id;
2808 void ssl_sort_cipher_list(void)
2810 qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
2814 const SSL3_ENC_METHOD SSLv3_enc_data = {
2817 ssl3_setup_key_block,
2818 ssl3_generate_master_secret,
2819 ssl3_change_cipher_state,
2820 ssl3_final_finish_mac,
2821 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2822 SSL3_MD_SERVER_FINISHED_CONST, 4,
2824 (int (*)(SSL *, unsigned char *, size_t, const char *,
2825 size_t, const unsigned char *, size_t,
2826 int use_context))ssl_undefined_function,
2828 ssl3_set_handshake_header,
2829 tls_close_construct_packet,
2830 ssl3_handshake_write
2833 long ssl3_default_timeout(void)
2836 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2837 * http, the cache would over fill
2839 return (60 * 60 * 2);
2842 int ssl3_num_ciphers(void)
2844 return (SSL3_NUM_CIPHERS);
2847 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2849 if (u < SSL3_NUM_CIPHERS)
2850 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2855 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
2857 /* No header in the event of a CCS */
2858 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
2861 /* Set the content type and 3 bytes for the message len */
2862 if (!WPACKET_put_bytes_u8(pkt, htype)
2863 || !WPACKET_start_sub_packet_u24(pkt))
2869 int ssl3_handshake_write(SSL *s)
2871 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2874 int ssl3_new(SSL *s)
2878 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2882 #ifndef OPENSSL_NO_SRP
2883 if (!SSL_SRP_CTX_init(s))
2886 s->method->ssl_clear(s);
2892 void ssl3_free(SSL *s)
2894 if (s == NULL || s->s3 == NULL)
2897 ssl3_cleanup_key_block(s);
2899 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2900 EVP_PKEY_free(s->s3->peer_tmp);
2901 s->s3->peer_tmp = NULL;
2902 EVP_PKEY_free(s->s3->tmp.pkey);
2903 s->s3->tmp.pkey = NULL;
2906 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2907 OPENSSL_free(s->s3->tmp.ciphers_raw);
2908 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2909 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2910 ssl3_free_digest_list(s);
2911 OPENSSL_free(s->s3->alpn_selected);
2912 OPENSSL_free(s->s3->alpn_proposed);
2914 #ifndef OPENSSL_NO_SRP
2915 SSL_SRP_CTX_free(s);
2917 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2921 void ssl3_clear(SSL *s)
2923 ssl3_cleanup_key_block(s);
2924 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2925 OPENSSL_free(s->s3->tmp.ciphers_raw);
2926 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2927 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2929 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2930 EVP_PKEY_free(s->s3->tmp.pkey);
2931 EVP_PKEY_free(s->s3->peer_tmp);
2932 #endif /* !OPENSSL_NO_EC */
2934 ssl3_free_digest_list(s);
2936 OPENSSL_free(s->s3->alpn_selected);
2937 OPENSSL_free(s->s3->alpn_proposed);
2939 /* NULL/zero-out everything in the s3 struct */
2940 memset(s->s3, 0, sizeof(*s->s3));
2942 ssl_free_wbio_buffer(s);
2944 s->version = SSL3_VERSION;
2946 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2947 OPENSSL_free(s->ext.npn);
2953 #ifndef OPENSSL_NO_SRP
2954 static char *srp_password_from_info_cb(SSL *s, void *arg)
2956 return OPENSSL_strdup(s->srp_ctx.info);
2960 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
2962 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2967 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2969 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2970 ret = s->s3->num_renegotiations;
2972 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2973 ret = s->s3->num_renegotiations;
2974 s->s3->num_renegotiations = 0;
2976 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2977 ret = s->s3->total_renegotiations;
2979 case SSL_CTRL_GET_FLAGS:
2980 ret = (int)(s->s3->flags);
2982 #ifndef OPENSSL_NO_DH
2983 case SSL_CTRL_SET_TMP_DH:
2985 DH *dh = (DH *)parg;
2986 EVP_PKEY *pkdh = NULL;
2988 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2991 pkdh = ssl_dh_to_pkey(dh);
2993 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2996 if (!ssl_security(s, SSL_SECOP_TMP_DH,
2997 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
2998 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
2999 EVP_PKEY_free(pkdh);
3002 EVP_PKEY_free(s->cert->dh_tmp);
3003 s->cert->dh_tmp = pkdh;
3007 case SSL_CTRL_SET_TMP_DH_CB:
3009 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3012 case SSL_CTRL_SET_DH_AUTO:
3013 s->cert->dh_tmp_auto = larg;
3016 #ifndef OPENSSL_NO_EC
3017 case SSL_CTRL_SET_TMP_ECDH:
3019 const EC_GROUP *group = NULL;
3023 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3026 group = EC_KEY_get0_group((const EC_KEY *)parg);
3027 if (group == NULL) {
3028 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3031 nid = EC_GROUP_get_curve_name(group);
3032 if (nid == NID_undef)
3034 return tls1_set_groups(&s->ext.supportedgroups,
3035 &s->ext.supportedgroups_len,
3039 #endif /* !OPENSSL_NO_EC */
3040 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3041 if (larg == TLSEXT_NAMETYPE_host_name) {
3044 OPENSSL_free(s->ext.hostname);
3045 s->ext.hostname = NULL;
3050 len = strlen((char *)parg);
3051 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3052 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3055 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3056 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3060 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3064 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3065 s->ext.debug_arg = parg;
3069 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3070 ret = s->ext.status_type;
3073 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3074 s->ext.status_type = larg;
3078 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3079 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3083 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3084 s->ext.ocsp.exts = parg;
3088 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3089 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3093 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3094 s->ext.ocsp.ids = parg;
3098 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3099 *(unsigned char **)parg = s->ext.ocsp.resp;
3100 if (s->ext.ocsp.resp_len == 0
3101 || s->ext.ocsp.resp_len > LONG_MAX)
3103 return (long)s->ext.ocsp.resp_len;
3105 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3106 OPENSSL_free(s->ext.ocsp.resp);
3107 s->ext.ocsp.resp = parg;
3108 s->ext.ocsp.resp_len = larg;
3112 #ifndef OPENSSL_NO_HEARTBEATS
3113 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3114 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3115 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3119 case SSL_CTRL_CHAIN:
3121 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3123 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3125 case SSL_CTRL_CHAIN_CERT:
3127 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3129 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3131 case SSL_CTRL_GET_CHAIN_CERTS:
3132 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3135 case SSL_CTRL_SELECT_CURRENT_CERT:
3136 return ssl_cert_select_current(s->cert, (X509 *)parg);
3138 case SSL_CTRL_SET_CURRENT_CERT:
3139 if (larg == SSL_CERT_SET_SERVER) {
3140 const SSL_CIPHER *cipher;
3143 cipher = s->s3->tmp.new_cipher;
3147 * No certificate for unauthenticated ciphersuites or using SRP
3150 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3152 if (s->s3->tmp.cert == NULL)
3154 s->cert->key = s->s3->tmp.cert;
3157 return ssl_cert_set_current(s->cert, larg);
3159 #ifndef OPENSSL_NO_EC
3160 case SSL_CTRL_GET_GROUPS:
3162 unsigned char *clist;
3167 clist = s->session->ext.supportedgroups;
3168 clistlen = s->session->ext.supportedgroups_len / 2;
3172 unsigned int cid, nid;
3173 for (i = 0; i < clistlen; i++) {
3175 /* TODO(TLS1.3): Handle DH groups here */
3176 nid = tls1_ec_curve_id2nid(cid, NULL);
3180 cptr[i] = TLSEXT_nid_unknown | cid;
3183 return (int)clistlen;
3186 case SSL_CTRL_SET_GROUPS:
3187 return tls1_set_groups(&s->ext.supportedgroups,
3188 &s->ext.supportedgroups_len, parg, larg);
3190 case SSL_CTRL_SET_GROUPS_LIST:
3191 return tls1_set_groups_list(&s->ext.supportedgroups,
3192 &s->ext.supportedgroups_len, parg);
3194 case SSL_CTRL_GET_SHARED_GROUP:
3195 return tls1_shared_group(s, larg);
3198 case SSL_CTRL_SET_SIGALGS:
3199 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3201 case SSL_CTRL_SET_SIGALGS_LIST:
3202 return tls1_set_sigalgs_list(s->cert, parg, 0);
3204 case SSL_CTRL_SET_CLIENT_SIGALGS:
3205 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3207 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3208 return tls1_set_sigalgs_list(s->cert, parg, 1);
3210 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3212 const unsigned char **pctype = parg;
3213 if (s->server || !s->s3->tmp.cert_req)
3215 if (s->cert->ctypes) {
3217 *pctype = s->cert->ctypes;
3218 return (int)s->cert->ctype_num;
3221 *pctype = (unsigned char *)s->s3->tmp.ctype;
3222 return s->s3->tmp.ctype_num;
3225 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3228 return ssl3_set_req_cert_type(s->cert, parg, larg);
3230 case SSL_CTRL_BUILD_CERT_CHAIN:
3231 return ssl_build_cert_chain(s, NULL, larg);
3233 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3234 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3236 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3237 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3239 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3240 if (s->s3->tmp.peer_sigalg == NULL)
3242 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3245 case SSL_CTRL_GET_SERVER_TMP_KEY:
3246 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3247 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3250 EVP_PKEY_up_ref(s->s3->peer_tmp);
3251 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3257 #ifndef OPENSSL_NO_EC
3258 case SSL_CTRL_GET_EC_POINT_FORMATS:
3260 SSL_SESSION *sess = s->session;
3261 const unsigned char **pformat = parg;
3263 if (sess == NULL || sess->ext.ecpointformats == NULL)
3265 *pformat = sess->ext.ecpointformats;
3266 return (int)sess->ext.ecpointformats_len;
3276 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3281 #ifndef OPENSSL_NO_DH
3282 case SSL_CTRL_SET_TMP_DH_CB:
3284 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3288 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3289 s->ext.debug_cb = (void (*)(SSL *, int, int,
3290 const unsigned char *, int, void *))fp;
3293 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3295 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3304 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3307 #ifndef OPENSSL_NO_DH
3308 case SSL_CTRL_SET_TMP_DH:
3310 DH *dh = (DH *)parg;
3311 EVP_PKEY *pkdh = NULL;
3313 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3316 pkdh = ssl_dh_to_pkey(dh);
3318 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3321 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3322 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3323 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3324 EVP_PKEY_free(pkdh);
3327 EVP_PKEY_free(ctx->cert->dh_tmp);
3328 ctx->cert->dh_tmp = pkdh;
3334 case SSL_CTRL_SET_TMP_DH_CB:
3336 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3339 case SSL_CTRL_SET_DH_AUTO:
3340 ctx->cert->dh_tmp_auto = larg;
3343 #ifndef OPENSSL_NO_EC
3344 case SSL_CTRL_SET_TMP_ECDH:
3346 const EC_GROUP *group = NULL;
3350 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3353 group = EC_KEY_get0_group((const EC_KEY *)parg);
3354 if (group == NULL) {
3355 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3358 nid = EC_GROUP_get_curve_name(group);
3359 if (nid == NID_undef)
3361 return tls1_set_groups(&ctx->ext.supportedgroups,
3362 &ctx->ext.supportedgroups_len,
3366 #endif /* !OPENSSL_NO_EC */
3367 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3368 ctx->ext.servername_arg = parg;
3370 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3371 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3373 unsigned char *keys = parg;
3374 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3375 sizeof(ctx->ext.tick_hmac_key) +
3376 sizeof(ctx->ext.tick_aes_key));
3379 if (larg != tick_keylen) {
3380 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3383 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3384 memcpy(ctx->ext.tick_key_name, keys,
3385 sizeof(ctx->ext.tick_key_name));
3386 memcpy(ctx->ext.tick_hmac_key,
3387 keys + sizeof(ctx->ext.tick_key_name),
3388 sizeof(ctx->ext.tick_hmac_key));
3389 memcpy(ctx->ext.tick_aes_key,
3390 keys + sizeof(ctx->ext.tick_key_name) +
3391 sizeof(ctx->ext.tick_hmac_key),
3392 sizeof(ctx->ext.tick_aes_key));
3394 memcpy(keys, ctx->ext.tick_key_name,
3395 sizeof(ctx->ext.tick_key_name));
3396 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3397 ctx->ext.tick_hmac_key,
3398 sizeof(ctx->ext.tick_hmac_key));
3399 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3400 sizeof(ctx->ext.tick_hmac_key),
3401 ctx->ext.tick_aes_key,
3402 sizeof(ctx->ext.tick_aes_key));
3407 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3408 return ctx->ext.status_type;
3410 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3411 ctx->ext.status_type = larg;
3414 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3415 ctx->ext.status_arg = parg;
3418 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3419 *(void**)parg = ctx->ext.status_arg;
3422 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3423 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3426 #ifndef OPENSSL_NO_SRP
3427 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3428 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3429 OPENSSL_free(ctx->srp_ctx.login);
3430 ctx->srp_ctx.login = NULL;
3433 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3434 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3437 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3438 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3442 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3443 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3444 srp_password_from_info_cb;
3445 ctx->srp_ctx.info = parg;
3447 case SSL_CTRL_SET_SRP_ARG:
3448 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3449 ctx->srp_ctx.SRP_cb_arg = parg;
3452 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3453 ctx->srp_ctx.strength = larg;
3457 #ifndef OPENSSL_NO_EC
3458 case SSL_CTRL_SET_GROUPS:
3459 return tls1_set_groups(&ctx->ext.supportedgroups,
3460 &ctx->ext.supportedgroups_len,
3463 case SSL_CTRL_SET_GROUPS_LIST:
3464 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3465 &ctx->ext.supportedgroups_len,
3468 case SSL_CTRL_SET_SIGALGS:
3469 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3471 case SSL_CTRL_SET_SIGALGS_LIST:
3472 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3474 case SSL_CTRL_SET_CLIENT_SIGALGS:
3475 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3477 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3478 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3480 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3481 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3483 case SSL_CTRL_BUILD_CERT_CHAIN:
3484 return ssl_build_cert_chain(NULL, ctx, larg);
3486 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3487 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3489 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3490 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3492 /* A Thawte special :-) */
3493 case SSL_CTRL_EXTRA_CHAIN_CERT:
3494 if (ctx->extra_certs == NULL) {
3495 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3496 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3500 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3501 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3506 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3507 if (ctx->extra_certs == NULL && larg == 0)
3508 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3510 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3513 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3514 sk_X509_pop_free(ctx->extra_certs, X509_free);
3515 ctx->extra_certs = NULL;
3518 case SSL_CTRL_CHAIN:
3520 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3522 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3524 case SSL_CTRL_CHAIN_CERT:
3526 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3528 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3530 case SSL_CTRL_GET_CHAIN_CERTS:
3531 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3534 case SSL_CTRL_SELECT_CURRENT_CERT:
3535 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3537 case SSL_CTRL_SET_CURRENT_CERT:
3538 return ssl_cert_set_current(ctx->cert, larg);
3546 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3549 #ifndef OPENSSL_NO_DH
3550 case SSL_CTRL_SET_TMP_DH_CB:
3552 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3556 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3557 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3560 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3561 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3564 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3565 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3568 HMAC_CTX *, int))fp;
3571 #ifndef OPENSSL_NO_SRP
3572 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3573 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3574 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3576 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3577 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3578 ctx->srp_ctx.TLS_ext_srp_username_callback =
3579 (int (*)(SSL *, int *, void *))fp;
3581 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3582 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3583 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3584 (char *(*)(SSL *, void *))fp;
3587 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3589 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3598 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
3603 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3607 * This function needs to check if the ciphers required are actually
3610 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3612 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3613 | ((uint32_t)p[0] << 8L)
3617 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3619 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3624 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3632 * ssl3_choose_cipher - choose a cipher from those offered by the client
3633 * @s: SSL connection
3634 * @clnt: ciphers offered by the client
3635 * @srvr: ciphers enabled on the server?
3637 * Returns the selected cipher or NULL when no common ciphers.
3639 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3640 STACK_OF(SSL_CIPHER) *srvr)
3642 const SSL_CIPHER *c, *ret = NULL;
3643 STACK_OF(SSL_CIPHER) *prio, *allow;
3645 unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a;
3647 /* Let's see which ciphers we can support */
3651 * Do not set the compare functions, because this may lead to a
3652 * reordering by "id". We want to keep the original ordering. We may pay
3653 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3654 * pay with the price of sk_SSL_CIPHER_dup().
3656 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3657 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3661 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3663 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3664 c = sk_SSL_CIPHER_value(srvr, i);
3665 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3667 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3669 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3670 c = sk_SSL_CIPHER_value(clnt, i);
3671 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3675 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3683 tls1_set_cert_validity(s);
3686 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3687 c = sk_SSL_CIPHER_value(prio, i);
3689 /* Skip ciphers not supported by the protocol version */
3690 if (!SSL_IS_DTLS(s) &&
3691 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3693 if (SSL_IS_DTLS(s) &&
3694 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3695 DTLS_VERSION_GT(s->version, c->max_dtls)))
3698 * Since TLS 1.3 ciphersuites can be used with any auth or
3699 * key exchange scheme skip tests.
3701 if (!SSL_IS_TLS13(s)) {
3702 mask_k = s->s3->tmp.mask_k;
3703 mask_a = s->s3->tmp.mask_a;
3704 #ifndef OPENSSL_NO_SRP
3705 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3711 alg_k = c->algorithm_mkey;
3712 alg_a = c->algorithm_auth;
3714 #ifndef OPENSSL_NO_PSK
3715 /* with PSK there must be server callback set */
3716 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3718 #endif /* OPENSSL_NO_PSK */
3720 ok = (alg_k & mask_k) && (alg_a & mask_a);
3722 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3723 alg_a, mask_k, mask_a, (void *)c, c->name);
3726 #ifndef OPENSSL_NO_EC
3728 * if we are considering an ECC cipher suite that uses an ephemeral
3731 if (alg_k & SSL_kECDHE)
3732 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3733 #endif /* OPENSSL_NO_EC */
3738 ii = sk_SSL_CIPHER_find(allow, c);
3740 /* Check security callback permits this cipher */
3741 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3742 c->strength_bits, 0, (void *)c))
3744 #if !defined(OPENSSL_NO_EC)
3745 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3746 && s->s3->is_probably_safari) {
3748 ret = sk_SSL_CIPHER_value(allow, ii);
3752 ret = sk_SSL_CIPHER_value(allow, ii);
3759 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3761 uint32_t alg_k, alg_a = 0;
3763 /* If we have custom certificate types set, use them */
3764 if (s->cert->ctypes) {
3765 return WPACKET_memcpy(pkt, s->cert->ctypes, s->cert->ctype_num);
3767 /* Get mask of algorithms disabled by signature list */
3768 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3770 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3772 #ifndef OPENSSL_NO_GOST
3773 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
3774 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
3775 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
3776 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
3779 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3780 #ifndef OPENSSL_NO_DH
3781 # ifndef OPENSSL_NO_RSA
3782 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
3785 # ifndef OPENSSL_NO_DSA
3786 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
3789 #endif /* !OPENSSL_NO_DH */
3791 #ifndef OPENSSL_NO_RSA
3792 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
3795 #ifndef OPENSSL_NO_DSA
3796 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
3799 #ifndef OPENSSL_NO_EC
3801 * ECDSA certs can be used with RSA cipher suites too so we don't
3802 * need to check for SSL_kECDH or SSL_kECDHE
3804 if (s->version >= TLS1_VERSION
3805 && !(alg_a & SSL_aECDSA)
3806 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
3812 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3814 OPENSSL_free(c->ctypes);
3820 c->ctypes = OPENSSL_malloc(len);
3821 if (c->ctypes == NULL)
3823 memcpy(c->ctypes, p, len);
3828 int ssl3_shutdown(SSL *s)
3833 * Don't do anything much if we have not done the handshake or we don't
3834 * want to send messages :-)
3836 if (s->quiet_shutdown || SSL_in_before(s)) {
3837 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3841 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3842 s->shutdown |= SSL_SENT_SHUTDOWN;
3843 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3845 * our shutdown alert has been sent now, and if it still needs to be
3846 * written, s->s3->alert_dispatch will be true
3848 if (s->s3->alert_dispatch)
3849 return (-1); /* return WANT_WRITE */
3850 } else if (s->s3->alert_dispatch) {
3851 /* resend it if not sent */
3852 ret = s->method->ssl_dispatch_alert(s);
3855 * we only get to return -1 here the 2nd/Nth invocation, we must
3856 * have already signalled return 0 upon a previous invocation,
3861 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3864 * If we are waiting for a close from our peer, we are closed
3866 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
3867 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3868 return -1; /* return WANT_READ */
3872 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3873 !s->s3->alert_dispatch)
3879 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
3882 if (s->s3->renegotiate)
3883 ssl3_renegotiate_check(s, 0);
3885 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
3889 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
3895 if (s->s3->renegotiate)
3896 ssl3_renegotiate_check(s, 0);
3897 s->s3->in_read_app_data = 1;
3899 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3901 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3903 * ssl3_read_bytes decided to call s->handshake_func, which called
3904 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3905 * actually found application data and thinks that application data
3906 * makes sense here; so disable handshake processing and try to read
3907 * application data again.
3909 ossl_statem_set_in_handshake(s, 1);
3911 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3912 len, peek, readbytes);
3913 ossl_statem_set_in_handshake(s, 0);
3915 s->s3->in_read_app_data = 0;
3920 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
3922 return ssl3_read_internal(s, buf, len, 0, readbytes);
3925 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
3927 return ssl3_read_internal(s, buf, len, 1, readbytes);
3930 int ssl3_renegotiate(SSL *s)
3932 if (s->handshake_func == NULL)
3935 s->s3->renegotiate = 1;
3940 * Check if we are waiting to do a renegotiation and if so whether now is a
3941 * good time to do it. If |initok| is true then we are being called from inside
3942 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
3943 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
3944 * should do a renegotiation now and sets up the state machine for it. Otherwise
3947 int ssl3_renegotiate_check(SSL *s, int initok)
3951 if (s->s3->renegotiate) {
3952 if (!RECORD_LAYER_read_pending(&s->rlayer)
3953 && !RECORD_LAYER_write_pending(&s->rlayer)
3954 && (initok || !SSL_in_init(s))) {
3956 * if we are the server, and we have sent a 'RENEGOTIATE'
3957 * message, we need to set the state machine into the renegotiate
3960 ossl_statem_set_renegotiate(s);
3961 s->s3->renegotiate = 0;
3962 s->s3->num_renegotiations++;
3963 s->s3->total_renegotiations++;
3971 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3972 * handshake macs if required.
3974 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3976 long ssl_get_algorithm2(SSL *s)
3979 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
3981 alg2 = s->s3->tmp.new_cipher->algorithm2;
3982 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3983 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3984 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3985 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3986 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3987 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3993 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3994 * failure, 1 on success.
3996 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len)
4003 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4005 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4007 unsigned long Time = (unsigned long)time(NULL);
4008 unsigned char *p = result;
4010 /* TODO(size_t): Convert this */
4011 return RAND_bytes(p, (int)(len - 4));
4013 return RAND_bytes(result, (int)len);
4016 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4019 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4022 if (alg_k & SSL_PSK) {
4023 #ifndef OPENSSL_NO_PSK
4024 unsigned char *pskpms, *t;
4025 size_t psklen = s->s3->tmp.psklen;
4028 /* create PSK premaster_secret */
4030 /* For plain PSK "other_secret" is psklen zeroes */
4031 if (alg_k & SSL_kPSK)
4034 pskpmslen = 4 + pmslen + psklen;
4035 pskpms = OPENSSL_malloc(pskpmslen);
4040 if (alg_k & SSL_kPSK)
4041 memset(t, 0, pmslen);
4043 memcpy(t, pms, pmslen);
4046 memcpy(t, s->s3->tmp.psk, psklen);
4048 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4049 s->s3->tmp.psk = NULL;
4050 if (!s->method->ssl3_enc->generate_master_secret(s,
4051 s->session->master_key,pskpms, pskpmslen,
4052 &s->session->master_key_length))
4054 OPENSSL_clear_free(pskpms, pskpmslen);
4056 /* Should never happen */
4060 if (!s->method->ssl3_enc->generate_master_secret(s,
4061 s->session->master_key, pms, pmslen,
4062 &s->session->master_key_length))
4070 OPENSSL_clear_free(pms, pmslen);
4072 OPENSSL_cleanse(pms, pmslen);
4075 s->s3->tmp.pms = NULL;
4079 /* Generate a private key from parameters */
4080 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4082 EVP_PKEY_CTX *pctx = NULL;
4083 EVP_PKEY *pkey = NULL;
4087 pctx = EVP_PKEY_CTX_new(pm, NULL);
4090 if (EVP_PKEY_keygen_init(pctx) <= 0)
4092 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4093 EVP_PKEY_free(pkey);
4098 EVP_PKEY_CTX_free(pctx);
4101 #ifndef OPENSSL_NO_EC
4102 /* Generate a private key a curve ID */
4103 EVP_PKEY *ssl_generate_pkey_curve(int id)
4105 EVP_PKEY_CTX *pctx = NULL;
4106 EVP_PKEY *pkey = NULL;
4107 unsigned int curve_flags;
4108 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4112 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4113 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4116 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4120 if (EVP_PKEY_keygen_init(pctx) <= 0)
4122 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4124 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4125 EVP_PKEY_free(pkey);
4130 EVP_PKEY_CTX_free(pctx);
4135 /* Derive secrets for ECDH/DH */
4136 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4139 unsigned char *pms = NULL;
4143 if (privkey == NULL || pubkey == NULL)
4146 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4148 if (EVP_PKEY_derive_init(pctx) <= 0
4149 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4150 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4154 pms = OPENSSL_malloc(pmslen);
4158 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4162 if (SSL_IS_TLS13(s)) {
4164 * If we are resuming then we already generated the early secret
4165 * when we created the ClientHello, so don't recreate it.
4168 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4170 (unsigned char *)&s->early_secret);
4174 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4176 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4179 /* Save premaster secret */
4180 s->s3->tmp.pms = pms;
4181 s->s3->tmp.pmslen = pmslen;
4187 OPENSSL_clear_free(pms, pmslen);
4188 EVP_PKEY_CTX_free(pctx);
4192 #ifndef OPENSSL_NO_DH
4193 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4198 ret = EVP_PKEY_new();
4199 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {