1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
86 * 6. Redistributions of any form whatsoever must retain the following
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * Portions of the attached software ("Contribution") are developed by
114 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 * The Contribution is licensed pursuant to the OpenSSL open source
117 * license provided above.
119 * ECC cipher suite support in OpenSSL originally written by
120 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
123 /* ====================================================================
124 * Copyright 2005 Nokia. All rights reserved.
126 * The portions of the attached software ("Contribution") is developed by
127 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
130 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132 * support (see RFC 4279) to OpenSSL.
134 * No patent licenses or other rights except those expressly stated in
135 * the OpenSSL open source license shall be deemed granted or received
136 * expressly, by implication, estoppel, or otherwise.
138 * No assurances are provided by Nokia that the Contribution does not
139 * infringe the patent or other intellectual property rights of any third
140 * party or that the license provides you with all the necessary rights
141 * to make use of the Contribution.
143 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
151 #include <openssl/objects.h>
152 #include "ssl_locl.h"
153 #include <openssl/md5.h>
154 #include <openssl/dh.h>
155 #include <openssl/rand.h>
157 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
160 * The list of available ciphers, organized into the following
165 * SRP (within that: RSA EC PSK)
166 * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
169 static SSL_CIPHER ssl3_ciphers[] =
173 SSL3_TXT_RSA_NULL_MD5,
174 SSL3_CK_RSA_NULL_MD5,
179 SSL3_VERSION, TLS1_2_VERSION,
180 DTLS1_VERSION, DTLS1_2_VERSION,
182 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
188 SSL3_TXT_RSA_NULL_SHA,
189 SSL3_CK_RSA_NULL_SHA,
194 SSL3_VERSION, TLS1_2_VERSION,
195 DTLS1_VERSION, DTLS1_2_VERSION,
196 SSL_STRONG_NONE | SSL_FIPS,
197 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
203 SSL3_TXT_RSA_DES_192_CBC3_SHA,
204 SSL3_CK_RSA_DES_192_CBC3_SHA,
209 SSL3_VERSION, TLS1_2_VERSION,
210 DTLS1_VERSION, DTLS1_2_VERSION,
211 SSL_MEDIUM | SSL_FIPS,
212 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
218 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
219 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
224 SSL3_VERSION, TLS1_2_VERSION,
225 DTLS1_VERSION, DTLS1_2_VERSION,
226 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
227 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
233 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
234 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
239 SSL3_VERSION, TLS1_2_VERSION,
240 DTLS1_VERSION, DTLS1_2_VERSION,
241 SSL_MEDIUM | SSL_FIPS,
242 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
248 SSL3_TXT_ADH_DES_192_CBC_SHA,
249 SSL3_CK_ADH_DES_192_CBC_SHA,
254 SSL3_VERSION, TLS1_2_VERSION,
255 DTLS1_VERSION, DTLS1_2_VERSION,
256 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
257 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
263 TLS1_TXT_RSA_WITH_AES_128_SHA,
264 TLS1_CK_RSA_WITH_AES_128_SHA,
269 SSL3_VERSION, TLS1_2_VERSION,
270 DTLS1_VERSION, DTLS1_2_VERSION,
272 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
278 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
279 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
284 SSL3_VERSION, TLS1_2_VERSION,
285 DTLS1_VERSION, DTLS1_2_VERSION,
286 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
287 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
294 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
299 SSL3_VERSION, TLS1_2_VERSION,
300 DTLS1_VERSION, DTLS1_2_VERSION,
302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
308 TLS1_TXT_ADH_WITH_AES_128_SHA,
309 TLS1_CK_ADH_WITH_AES_128_SHA,
314 SSL3_VERSION, TLS1_2_VERSION,
315 DTLS1_VERSION, DTLS1_2_VERSION,
316 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
317 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
323 TLS1_TXT_RSA_WITH_AES_256_SHA,
324 TLS1_CK_RSA_WITH_AES_256_SHA,
329 SSL3_VERSION, TLS1_2_VERSION,
330 DTLS1_VERSION, DTLS1_2_VERSION,
332 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
338 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
339 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
344 SSL3_VERSION, TLS1_2_VERSION,
345 DTLS1_VERSION, DTLS1_2_VERSION,
346 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
353 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
354 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
359 SSL3_VERSION, TLS1_2_VERSION,
360 DTLS1_VERSION, DTLS1_2_VERSION,
362 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
368 TLS1_TXT_ADH_WITH_AES_256_SHA,
369 TLS1_CK_ADH_WITH_AES_256_SHA,
374 SSL3_VERSION, TLS1_2_VERSION,
375 DTLS1_VERSION, DTLS1_2_VERSION,
376 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
377 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
383 TLS1_TXT_RSA_WITH_NULL_SHA256,
384 TLS1_CK_RSA_WITH_NULL_SHA256,
389 TLS1_2_VERSION, TLS1_2_VERSION,
390 DTLS1_2_VERSION, DTLS1_2_VERSION,
391 SSL_STRONG_NONE | SSL_FIPS,
392 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
398 TLS1_TXT_RSA_WITH_AES_128_SHA256,
399 TLS1_CK_RSA_WITH_AES_128_SHA256,
404 TLS1_2_VERSION, TLS1_2_VERSION,
405 DTLS1_2_VERSION, DTLS1_2_VERSION,
407 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
413 TLS1_TXT_RSA_WITH_AES_256_SHA256,
414 TLS1_CK_RSA_WITH_AES_256_SHA256,
419 TLS1_2_VERSION, TLS1_2_VERSION,
420 DTLS1_2_VERSION, DTLS1_2_VERSION,
422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
428 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
429 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
434 TLS1_2_VERSION, TLS1_2_VERSION,
435 DTLS1_2_VERSION, DTLS1_2_VERSION,
436 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
437 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
443 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
444 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
449 TLS1_2_VERSION, TLS1_2_VERSION,
450 DTLS1_2_VERSION, DTLS1_2_VERSION,
452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
458 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
459 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
464 TLS1_2_VERSION, TLS1_2_VERSION,
465 DTLS1_2_VERSION, DTLS1_2_VERSION,
466 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
467 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
473 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
474 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
479 TLS1_2_VERSION, TLS1_2_VERSION,
480 DTLS1_2_VERSION, DTLS1_2_VERSION,
482 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
488 TLS1_TXT_ADH_WITH_AES_128_SHA256,
489 TLS1_CK_ADH_WITH_AES_128_SHA256,
494 TLS1_2_VERSION, TLS1_2_VERSION,
495 DTLS1_2_VERSION, DTLS1_2_VERSION,
496 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
497 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
503 TLS1_TXT_ADH_WITH_AES_256_SHA256,
504 TLS1_CK_ADH_WITH_AES_256_SHA256,
509 TLS1_2_VERSION, TLS1_2_VERSION,
510 DTLS1_2_VERSION, DTLS1_2_VERSION,
511 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
512 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
518 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
519 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
524 TLS1_2_VERSION, TLS1_2_VERSION,
525 DTLS1_2_VERSION, DTLS1_2_VERSION,
527 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
533 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
534 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
539 TLS1_2_VERSION, TLS1_2_VERSION,
540 DTLS1_2_VERSION, DTLS1_2_VERSION,
542 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
548 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
549 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
554 TLS1_2_VERSION, TLS1_2_VERSION,
555 DTLS1_2_VERSION, DTLS1_2_VERSION,
557 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
563 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
564 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
569 TLS1_2_VERSION, TLS1_2_VERSION,
570 DTLS1_2_VERSION, DTLS1_2_VERSION,
572 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
578 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
579 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
584 TLS1_2_VERSION, TLS1_2_VERSION,
585 DTLS1_2_VERSION, DTLS1_2_VERSION,
586 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
587 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
593 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
594 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
599 TLS1_2_VERSION, TLS1_2_VERSION,
600 DTLS1_2_VERSION, DTLS1_2_VERSION,
601 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
602 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
608 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
609 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
614 TLS1_2_VERSION, TLS1_2_VERSION,
615 DTLS1_2_VERSION, DTLS1_2_VERSION,
616 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
617 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
623 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
624 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
629 TLS1_2_VERSION, TLS1_2_VERSION,
630 DTLS1_2_VERSION, DTLS1_2_VERSION,
631 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
632 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
638 TLS1_TXT_RSA_WITH_AES_128_CCM,
639 TLS1_CK_RSA_WITH_AES_128_CCM,
644 TLS1_2_VERSION, TLS1_2_VERSION,
645 DTLS1_2_VERSION, DTLS1_2_VERSION,
646 SSL_NOT_DEFAULT | SSL_HIGH,
647 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
653 TLS1_TXT_RSA_WITH_AES_256_CCM,
654 TLS1_CK_RSA_WITH_AES_256_CCM,
659 TLS1_2_VERSION, TLS1_2_VERSION,
660 DTLS1_2_VERSION, DTLS1_2_VERSION,
661 SSL_NOT_DEFAULT | SSL_HIGH,
662 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
668 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
669 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
674 TLS1_2_VERSION, TLS1_2_VERSION,
675 DTLS1_2_VERSION, DTLS1_2_VERSION,
676 SSL_NOT_DEFAULT | SSL_HIGH,
677 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
683 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
684 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
689 TLS1_2_VERSION, TLS1_2_VERSION,
690 DTLS1_2_VERSION, DTLS1_2_VERSION,
691 SSL_NOT_DEFAULT | SSL_HIGH,
692 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
698 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
699 TLS1_CK_RSA_WITH_AES_128_CCM_8,
704 TLS1_2_VERSION, TLS1_2_VERSION,
705 DTLS1_2_VERSION, DTLS1_2_VERSION,
706 SSL_NOT_DEFAULT | SSL_HIGH,
707 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
713 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
714 TLS1_CK_RSA_WITH_AES_256_CCM_8,
719 TLS1_2_VERSION, TLS1_2_VERSION,
720 DTLS1_2_VERSION, DTLS1_2_VERSION,
721 SSL_NOT_DEFAULT | SSL_HIGH,
722 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
728 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
729 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
734 TLS1_2_VERSION, TLS1_2_VERSION,
735 DTLS1_2_VERSION, DTLS1_2_VERSION,
736 SSL_NOT_DEFAULT | SSL_HIGH,
737 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
743 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
744 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
749 TLS1_2_VERSION, TLS1_2_VERSION,
750 DTLS1_2_VERSION, DTLS1_2_VERSION,
751 SSL_NOT_DEFAULT | SSL_HIGH,
752 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
758 TLS1_TXT_PSK_WITH_AES_128_CCM,
759 TLS1_CK_PSK_WITH_AES_128_CCM,
764 TLS1_2_VERSION, TLS1_2_VERSION,
765 DTLS1_2_VERSION, DTLS1_2_VERSION,
766 SSL_NOT_DEFAULT | SSL_HIGH,
767 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
773 TLS1_TXT_PSK_WITH_AES_256_CCM,
774 TLS1_CK_PSK_WITH_AES_256_CCM,
779 TLS1_2_VERSION, TLS1_2_VERSION,
780 DTLS1_2_VERSION, DTLS1_2_VERSION,
781 SSL_NOT_DEFAULT | SSL_HIGH,
782 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
788 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
789 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
794 TLS1_2_VERSION, TLS1_2_VERSION,
795 DTLS1_2_VERSION, DTLS1_2_VERSION,
796 SSL_NOT_DEFAULT | SSL_HIGH,
797 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
803 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
804 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
809 TLS1_2_VERSION, TLS1_2_VERSION,
810 DTLS1_2_VERSION, DTLS1_2_VERSION,
811 SSL_NOT_DEFAULT | SSL_HIGH,
812 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
818 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
819 TLS1_CK_PSK_WITH_AES_128_CCM_8,
824 TLS1_2_VERSION, TLS1_2_VERSION,
825 DTLS1_2_VERSION, DTLS1_2_VERSION,
826 SSL_NOT_DEFAULT | SSL_HIGH,
827 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
833 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
834 TLS1_CK_PSK_WITH_AES_256_CCM_8,
839 TLS1_2_VERSION, TLS1_2_VERSION,
840 DTLS1_2_VERSION, DTLS1_2_VERSION,
841 SSL_NOT_DEFAULT | SSL_HIGH,
842 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
848 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
849 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
854 TLS1_2_VERSION, TLS1_2_VERSION,
855 DTLS1_2_VERSION, DTLS1_2_VERSION,
856 SSL_NOT_DEFAULT | SSL_HIGH,
857 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
863 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
864 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
869 TLS1_2_VERSION, TLS1_2_VERSION,
870 DTLS1_2_VERSION, DTLS1_2_VERSION,
871 SSL_NOT_DEFAULT | SSL_HIGH,
872 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
878 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
879 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
884 TLS1_2_VERSION, TLS1_2_VERSION,
885 DTLS1_2_VERSION, DTLS1_2_VERSION,
886 SSL_NOT_DEFAULT | SSL_HIGH,
887 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
893 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
894 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
899 TLS1_2_VERSION, TLS1_2_VERSION,
900 DTLS1_2_VERSION, DTLS1_2_VERSION,
901 SSL_NOT_DEFAULT | SSL_HIGH,
902 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
908 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
909 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
914 TLS1_2_VERSION, TLS1_2_VERSION,
915 DTLS1_2_VERSION, DTLS1_2_VERSION,
916 SSL_NOT_DEFAULT | SSL_HIGH,
917 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
923 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
924 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
929 TLS1_2_VERSION, TLS1_2_VERSION,
930 DTLS1_2_VERSION, DTLS1_2_VERSION,
931 SSL_NOT_DEFAULT | SSL_HIGH,
932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
937 #ifndef OPENSSL_NO_EC
940 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
941 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
946 SSL3_VERSION, TLS1_2_VERSION,
947 DTLS1_VERSION, DTLS1_2_VERSION,
948 SSL_STRONG_NONE | SSL_FIPS,
949 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
955 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
956 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
961 SSL3_VERSION, TLS1_2_VERSION,
962 DTLS1_VERSION, DTLS1_2_VERSION,
963 SSL_MEDIUM | SSL_FIPS,
964 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
970 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
971 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
976 SSL3_VERSION, TLS1_2_VERSION,
977 DTLS1_VERSION, DTLS1_2_VERSION,
979 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
985 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
986 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
991 SSL3_VERSION, TLS1_2_VERSION,
992 DTLS1_VERSION, DTLS1_2_VERSION,
994 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1000 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1001 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1006 SSL3_VERSION, TLS1_2_VERSION,
1007 DTLS1_VERSION, DTLS1_2_VERSION,
1008 SSL_STRONG_NONE | SSL_FIPS,
1009 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1015 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1016 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1021 SSL3_VERSION, TLS1_2_VERSION,
1022 DTLS1_VERSION, DTLS1_2_VERSION,
1023 SSL_MEDIUM | SSL_FIPS,
1024 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1030 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1031 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1036 SSL3_VERSION, TLS1_2_VERSION,
1037 DTLS1_VERSION, DTLS1_2_VERSION,
1038 SSL_HIGH | SSL_FIPS,
1039 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1045 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1046 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1051 SSL3_VERSION, TLS1_2_VERSION,
1052 DTLS1_VERSION, DTLS1_2_VERSION,
1053 SSL_HIGH | SSL_FIPS,
1054 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1060 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1061 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1066 SSL3_VERSION, TLS1_2_VERSION,
1067 DTLS1_VERSION, DTLS1_2_VERSION,
1068 SSL_STRONG_NONE | SSL_FIPS,
1069 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1075 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1076 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1081 SSL3_VERSION, TLS1_2_VERSION,
1082 DTLS1_VERSION, DTLS1_2_VERSION,
1083 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1084 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1090 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1091 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1096 SSL3_VERSION, TLS1_2_VERSION,
1097 DTLS1_VERSION, DTLS1_2_VERSION,
1098 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1099 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1105 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1106 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1111 SSL3_VERSION, TLS1_2_VERSION,
1112 DTLS1_VERSION, DTLS1_2_VERSION,
1113 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1114 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1120 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1121 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1126 TLS1_2_VERSION, TLS1_2_VERSION,
1127 DTLS1_2_VERSION, DTLS1_2_VERSION,
1128 SSL_HIGH | SSL_FIPS,
1129 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1135 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1136 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1141 TLS1_2_VERSION, TLS1_2_VERSION,
1142 DTLS1_2_VERSION, DTLS1_2_VERSION,
1143 SSL_HIGH | SSL_FIPS,
1144 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1150 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1151 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1156 TLS1_2_VERSION, TLS1_2_VERSION,
1157 DTLS1_2_VERSION, DTLS1_2_VERSION,
1158 SSL_HIGH | SSL_FIPS,
1159 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1165 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1166 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1171 TLS1_2_VERSION, TLS1_2_VERSION,
1172 DTLS1_2_VERSION, DTLS1_2_VERSION,
1173 SSL_HIGH | SSL_FIPS,
1174 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1180 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1181 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1186 TLS1_2_VERSION, TLS1_2_VERSION,
1187 DTLS1_2_VERSION, DTLS1_2_VERSION,
1188 SSL_HIGH | SSL_FIPS,
1189 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1195 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1196 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1201 TLS1_2_VERSION, TLS1_2_VERSION,
1202 DTLS1_2_VERSION, DTLS1_2_VERSION,
1203 SSL_HIGH | SSL_FIPS,
1204 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1210 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1211 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1216 TLS1_2_VERSION, TLS1_2_VERSION,
1217 DTLS1_2_VERSION, DTLS1_2_VERSION,
1218 SSL_HIGH | SSL_FIPS,
1219 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1225 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1226 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1231 TLS1_2_VERSION, TLS1_2_VERSION,
1232 DTLS1_2_VERSION, DTLS1_2_VERSION,
1233 SSL_HIGH | SSL_FIPS,
1234 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1238 #endif /* OPENSSL_NO_EC */
1240 #ifndef OPENSSL_NO_PSK
1243 TLS1_TXT_PSK_WITH_NULL_SHA,
1244 TLS1_CK_PSK_WITH_NULL_SHA,
1249 SSL3_VERSION, TLS1_2_VERSION,
1250 DTLS1_VERSION, DTLS1_2_VERSION,
1251 SSL_STRONG_NONE | SSL_FIPS,
1252 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1258 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1259 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1264 SSL3_VERSION, TLS1_2_VERSION,
1265 DTLS1_VERSION, DTLS1_2_VERSION,
1266 SSL_STRONG_NONE | SSL_FIPS,
1267 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1273 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1274 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1279 SSL3_VERSION, TLS1_2_VERSION,
1280 DTLS1_VERSION, DTLS1_2_VERSION,
1281 SSL_STRONG_NONE | SSL_FIPS,
1282 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1288 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1289 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1294 SSL3_VERSION, TLS1_2_VERSION,
1295 DTLS1_VERSION, DTLS1_2_VERSION,
1296 SSL_MEDIUM | SSL_FIPS,
1297 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1303 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1304 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1309 SSL3_VERSION, TLS1_2_VERSION,
1310 DTLS1_VERSION, DTLS1_2_VERSION,
1311 SSL_HIGH | SSL_FIPS,
1312 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1318 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1319 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1324 SSL3_VERSION, TLS1_2_VERSION,
1325 DTLS1_VERSION, DTLS1_2_VERSION,
1326 SSL_HIGH | SSL_FIPS,
1327 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1333 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1334 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1339 SSL3_VERSION, TLS1_2_VERSION,
1340 DTLS1_VERSION, DTLS1_2_VERSION,
1341 SSL_MEDIUM | SSL_FIPS,
1342 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1348 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1349 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1354 SSL3_VERSION, TLS1_2_VERSION,
1355 DTLS1_VERSION, DTLS1_2_VERSION,
1356 SSL_HIGH | SSL_FIPS,
1357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1363 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1364 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1369 SSL3_VERSION, TLS1_2_VERSION,
1370 DTLS1_VERSION, DTLS1_2_VERSION,
1371 SSL_HIGH | SSL_FIPS,
1372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1378 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1379 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1384 SSL3_VERSION, TLS1_2_VERSION,
1385 DTLS1_VERSION, DTLS1_2_VERSION,
1386 SSL_MEDIUM | SSL_FIPS,
1387 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1393 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1394 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1399 SSL3_VERSION, TLS1_2_VERSION,
1400 DTLS1_VERSION, DTLS1_2_VERSION,
1401 SSL_HIGH | SSL_FIPS,
1402 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1408 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1409 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1414 SSL3_VERSION, TLS1_2_VERSION,
1415 DTLS1_VERSION, DTLS1_2_VERSION,
1416 SSL_HIGH | SSL_FIPS,
1417 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1423 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1424 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1429 TLS1_2_VERSION, TLS1_2_VERSION,
1430 DTLS1_2_VERSION, DTLS1_2_VERSION,
1431 SSL_HIGH | SSL_FIPS,
1432 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1438 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1439 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1444 TLS1_2_VERSION, TLS1_2_VERSION,
1445 DTLS1_2_VERSION, DTLS1_2_VERSION,
1446 SSL_HIGH | SSL_FIPS,
1447 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1453 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1454 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1459 TLS1_2_VERSION, TLS1_2_VERSION,
1460 DTLS1_2_VERSION, DTLS1_2_VERSION,
1461 SSL_HIGH | SSL_FIPS,
1462 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1468 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1469 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1474 TLS1_2_VERSION, TLS1_2_VERSION,
1475 DTLS1_2_VERSION, DTLS1_2_VERSION,
1476 SSL_HIGH | SSL_FIPS,
1477 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1483 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1484 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1489 TLS1_2_VERSION, TLS1_2_VERSION,
1490 DTLS1_2_VERSION, DTLS1_2_VERSION,
1491 SSL_HIGH | SSL_FIPS,
1492 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1498 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1499 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1504 TLS1_2_VERSION, TLS1_2_VERSION,
1505 DTLS1_2_VERSION, DTLS1_2_VERSION,
1506 SSL_HIGH | SSL_FIPS,
1507 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1513 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1514 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1519 TLS1_VERSION, TLS1_2_VERSION,
1520 DTLS1_VERSION, DTLS1_2_VERSION,
1521 SSL_HIGH | SSL_FIPS,
1522 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1528 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1529 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1534 TLS1_VERSION, TLS1_2_VERSION,
1535 DTLS1_VERSION, DTLS1_2_VERSION,
1536 SSL_HIGH | SSL_FIPS,
1537 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1543 TLS1_TXT_PSK_WITH_NULL_SHA256,
1544 TLS1_CK_PSK_WITH_NULL_SHA256,
1549 TLS1_VERSION, TLS1_2_VERSION,
1550 DTLS1_VERSION, DTLS1_2_VERSION,
1551 SSL_STRONG_NONE | SSL_FIPS,
1552 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1558 TLS1_TXT_PSK_WITH_NULL_SHA384,
1559 TLS1_CK_PSK_WITH_NULL_SHA384,
1564 TLS1_VERSION, TLS1_2_VERSION,
1565 DTLS1_VERSION, DTLS1_2_VERSION,
1566 SSL_STRONG_NONE | SSL_FIPS,
1567 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1573 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1574 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1579 TLS1_VERSION, TLS1_2_VERSION,
1580 DTLS1_VERSION, DTLS1_2_VERSION,
1581 SSL_HIGH | SSL_FIPS,
1582 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1588 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1589 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1594 TLS1_VERSION, TLS1_2_VERSION,
1595 DTLS1_VERSION, DTLS1_2_VERSION,
1596 SSL_HIGH | SSL_FIPS,
1597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1603 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1604 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1609 TLS1_VERSION, TLS1_2_VERSION,
1610 DTLS1_VERSION, DTLS1_2_VERSION,
1611 SSL_STRONG_NONE | SSL_FIPS,
1612 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1618 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1619 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1624 TLS1_VERSION, TLS1_2_VERSION,
1625 DTLS1_VERSION, DTLS1_2_VERSION,
1626 SSL_STRONG_NONE | SSL_FIPS,
1627 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1633 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1634 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1639 TLS1_VERSION, TLS1_2_VERSION,
1640 DTLS1_VERSION, DTLS1_2_VERSION,
1641 SSL_HIGH | SSL_FIPS,
1642 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1648 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1649 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1654 TLS1_VERSION, TLS1_2_VERSION,
1655 DTLS1_VERSION, DTLS1_2_VERSION,
1656 SSL_HIGH | SSL_FIPS,
1657 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1663 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1664 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1669 TLS1_VERSION, TLS1_2_VERSION,
1670 DTLS1_VERSION, DTLS1_2_VERSION,
1671 SSL_STRONG_NONE | SSL_FIPS,
1672 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1678 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1679 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1684 TLS1_VERSION, TLS1_2_VERSION,
1685 DTLS1_VERSION, DTLS1_2_VERSION,
1686 SSL_STRONG_NONE | SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1691 # ifndef OPENSSL_NO_EC
1694 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1695 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1700 SSL3_VERSION, TLS1_2_VERSION,
1701 DTLS1_VERSION, DTLS1_2_VERSION,
1702 SSL_MEDIUM | SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1709 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1710 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1715 SSL3_VERSION, TLS1_2_VERSION,
1716 DTLS1_VERSION, DTLS1_2_VERSION,
1717 SSL_HIGH | SSL_FIPS,
1718 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1724 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1725 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1730 SSL3_VERSION, TLS1_2_VERSION,
1731 DTLS1_VERSION, DTLS1_2_VERSION,
1732 SSL_HIGH | SSL_FIPS,
1733 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1739 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1740 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1745 TLS1_VERSION, TLS1_2_VERSION,
1746 DTLS1_VERSION, DTLS1_2_VERSION,
1747 SSL_HIGH | SSL_FIPS,
1748 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1754 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1755 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1760 TLS1_VERSION, TLS1_2_VERSION,
1761 DTLS1_VERSION, DTLS1_2_VERSION,
1762 SSL_HIGH | SSL_FIPS,
1763 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1769 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1770 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1775 SSL3_VERSION, TLS1_2_VERSION,
1776 DTLS1_VERSION, DTLS1_2_VERSION,
1777 SSL_STRONG_NONE | SSL_FIPS,
1778 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1784 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1785 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1790 TLS1_VERSION, TLS1_2_VERSION,
1791 DTLS1_VERSION, DTLS1_2_VERSION,
1792 SSL_STRONG_NONE | SSL_FIPS,
1793 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1799 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1800 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1805 TLS1_VERSION, TLS1_2_VERSION,
1806 DTLS1_VERSION, DTLS1_2_VERSION,
1807 SSL_STRONG_NONE | SSL_FIPS,
1808 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1812 # endif /* OPENSSL_NO_EC */
1813 #endif /* OPENSSL_NO_PSK */
1815 #ifndef OPENSSL_NO_SRP
1818 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1819 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1824 SSL3_VERSION, TLS1_2_VERSION,
1825 DTLS1_VERSION, DTLS1_2_VERSION,
1827 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1833 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1834 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1839 SSL3_VERSION, TLS1_2_VERSION,
1840 DTLS1_VERSION, DTLS1_2_VERSION,
1842 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1848 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1849 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1854 SSL3_VERSION, TLS1_2_VERSION,
1855 DTLS1_VERSION, DTLS1_2_VERSION,
1856 SSL_NOT_DEFAULT | SSL_MEDIUM,
1857 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1863 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1864 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1869 SSL3_VERSION, TLS1_2_VERSION,
1870 DTLS1_VERSION, DTLS1_2_VERSION,
1872 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1878 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1879 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1884 SSL3_VERSION, TLS1_2_VERSION,
1885 DTLS1_VERSION, DTLS1_2_VERSION,
1887 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1893 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1894 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1899 SSL3_VERSION, TLS1_2_VERSION,
1900 DTLS1_VERSION, DTLS1_2_VERSION,
1901 SSL_NOT_DEFAULT | SSL_HIGH,
1902 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1908 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1909 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1914 SSL3_VERSION, TLS1_2_VERSION,
1915 DTLS1_VERSION, DTLS1_2_VERSION,
1917 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1923 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1924 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1929 SSL3_VERSION, TLS1_2_VERSION,
1930 DTLS1_VERSION, DTLS1_2_VERSION,
1932 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1938 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1939 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1944 SSL3_VERSION, TLS1_2_VERSION,
1945 DTLS1_VERSION, DTLS1_2_VERSION,
1946 SSL_NOT_DEFAULT | SSL_HIGH,
1947 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1951 #endif /* OPENSSL_NO_SRP */
1953 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1954 # ifndef OPENSSL_NO_RSA
1957 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1958 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1961 SSL_CHACHA20POLY1305,
1963 TLS1_2_VERSION, TLS1_2_VERSION,
1964 DTLS1_2_VERSION, DTLS1_2_VERSION,
1966 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1970 # endif /* OPENSSL_NO_RSA */
1972 # ifndef OPENSSL_NO_EC
1975 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1976 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1979 SSL_CHACHA20POLY1305,
1981 TLS1_2_VERSION, TLS1_2_VERSION,
1982 DTLS1_2_VERSION, DTLS1_2_VERSION,
1984 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1990 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1991 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1994 SSL_CHACHA20POLY1305,
1996 TLS1_2_VERSION, TLS1_2_VERSION,
1997 DTLS1_2_VERSION, DTLS1_2_VERSION,
1999 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2003 # endif /* OPENSSL_NO_EC */
2005 # ifndef OPENSSL_NO_PSK
2008 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2009 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2012 SSL_CHACHA20POLY1305,
2014 TLS1_2_VERSION, TLS1_2_VERSION,
2015 DTLS1_2_VERSION, DTLS1_2_VERSION,
2017 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2023 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2024 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2027 SSL_CHACHA20POLY1305,
2029 TLS1_2_VERSION, TLS1_2_VERSION,
2030 DTLS1_2_VERSION, DTLS1_2_VERSION,
2032 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2038 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2039 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2042 SSL_CHACHA20POLY1305,
2044 TLS1_2_VERSION, TLS1_2_VERSION,
2045 DTLS1_2_VERSION, DTLS1_2_VERSION,
2047 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2053 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2054 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2057 SSL_CHACHA20POLY1305,
2059 TLS1_2_VERSION, TLS1_2_VERSION,
2060 DTLS1_2_VERSION, DTLS1_2_VERSION,
2062 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2066 # endif /* OPENSSL_NO_PSK */
2067 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2069 #ifndef OPENSSL_NO_CAMELLIA
2072 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2073 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2078 TLS1_2_VERSION, TLS1_2_VERSION,
2079 DTLS1_2_VERSION, DTLS1_2_VERSION,
2080 SSL_NOT_DEFAULT | SSL_HIGH,
2081 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2087 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2088 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2093 TLS1_2_VERSION, TLS1_2_VERSION,
2094 DTLS1_2_VERSION, DTLS1_2_VERSION,
2095 SSL_NOT_DEFAULT | SSL_HIGH,
2096 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2102 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2103 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2108 TLS1_2_VERSION, TLS1_2_VERSION,
2109 DTLS1_2_VERSION, DTLS1_2_VERSION,
2110 SSL_NOT_DEFAULT | SSL_HIGH,
2111 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2117 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2118 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2123 TLS1_2_VERSION, TLS1_2_VERSION,
2124 DTLS1_2_VERSION, DTLS1_2_VERSION,
2125 SSL_NOT_DEFAULT | SSL_HIGH,
2126 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2132 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2133 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2138 TLS1_2_VERSION, TLS1_2_VERSION,
2139 DTLS1_2_VERSION, DTLS1_2_VERSION,
2140 SSL_NOT_DEFAULT | SSL_HIGH,
2141 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2147 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2148 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2153 TLS1_2_VERSION, TLS1_2_VERSION,
2154 DTLS1_2_VERSION, DTLS1_2_VERSION,
2155 SSL_NOT_DEFAULT | SSL_HIGH,
2156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2162 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2163 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2168 TLS1_2_VERSION, TLS1_2_VERSION,
2169 DTLS1_2_VERSION, DTLS1_2_VERSION,
2170 SSL_NOT_DEFAULT | SSL_HIGH,
2171 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2177 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2178 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2183 TLS1_2_VERSION, TLS1_2_VERSION,
2184 DTLS1_2_VERSION, DTLS1_2_VERSION,
2185 SSL_NOT_DEFAULT | SSL_HIGH,
2186 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2192 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2193 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2198 SSL3_VERSION, TLS1_2_VERSION,
2199 DTLS1_VERSION, DTLS1_2_VERSION,
2200 SSL_NOT_DEFAULT | SSL_HIGH,
2201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2207 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2208 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2213 SSL3_VERSION, TLS1_2_VERSION,
2214 DTLS1_VERSION, DTLS1_2_VERSION,
2215 SSL_NOT_DEFAULT | SSL_HIGH,
2216 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2222 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2223 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2228 SSL3_VERSION, TLS1_2_VERSION,
2229 DTLS1_VERSION, DTLS1_2_VERSION,
2230 SSL_NOT_DEFAULT | SSL_HIGH,
2231 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2237 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2238 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2243 SSL3_VERSION, TLS1_2_VERSION,
2244 DTLS1_VERSION, DTLS1_2_VERSION,
2245 SSL_NOT_DEFAULT | SSL_HIGH,
2246 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2252 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2253 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2258 SSL3_VERSION, TLS1_2_VERSION,
2259 DTLS1_VERSION, DTLS1_2_VERSION,
2260 SSL_NOT_DEFAULT | SSL_HIGH,
2261 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2267 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2268 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2273 SSL3_VERSION, TLS1_2_VERSION,
2274 DTLS1_VERSION, DTLS1_2_VERSION,
2275 SSL_NOT_DEFAULT | SSL_HIGH,
2276 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2282 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2283 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2288 SSL3_VERSION, TLS1_2_VERSION,
2289 DTLS1_VERSION, DTLS1_2_VERSION,
2290 SSL_NOT_DEFAULT | SSL_HIGH,
2291 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2297 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2298 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2303 SSL3_VERSION, TLS1_2_VERSION,
2304 DTLS1_VERSION, DTLS1_2_VERSION,
2305 SSL_NOT_DEFAULT | SSL_HIGH,
2306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2311 # ifndef OPENSSL_NO_EC
2314 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2315 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2320 TLS1_2_VERSION, TLS1_2_VERSION,
2321 DTLS1_2_VERSION, DTLS1_2_VERSION,
2322 SSL_NOT_DEFAULT | SSL_HIGH,
2323 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2329 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2330 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2335 TLS1_2_VERSION, TLS1_2_VERSION,
2336 DTLS1_2_VERSION, DTLS1_2_VERSION,
2337 SSL_NOT_DEFAULT | SSL_HIGH,
2338 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2344 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2345 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2350 TLS1_2_VERSION, TLS1_2_VERSION,
2351 DTLS1_2_VERSION, DTLS1_2_VERSION,
2352 SSL_NOT_DEFAULT | SSL_HIGH,
2353 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2359 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2360 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2365 TLS1_2_VERSION, TLS1_2_VERSION,
2366 DTLS1_2_VERSION, DTLS1_2_VERSION,
2367 SSL_NOT_DEFAULT | SSL_HIGH,
2368 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2372 # endif /* OPENSSL_NO_EC */
2374 # ifndef OPENSSL_NO_PSK
2377 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2378 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2383 TLS1_VERSION, TLS1_2_VERSION,
2384 DTLS1_VERSION, DTLS1_2_VERSION,
2385 SSL_NOT_DEFAULT | SSL_HIGH,
2386 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2392 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2393 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2398 TLS1_VERSION, TLS1_2_VERSION,
2399 DTLS1_VERSION, DTLS1_2_VERSION,
2400 SSL_NOT_DEFAULT | SSL_HIGH,
2401 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2407 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2408 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2413 TLS1_VERSION, TLS1_2_VERSION,
2414 DTLS1_VERSION, DTLS1_2_VERSION,
2415 SSL_NOT_DEFAULT | SSL_HIGH,
2416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2422 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2423 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2428 TLS1_VERSION, TLS1_2_VERSION,
2429 DTLS1_VERSION, DTLS1_2_VERSION,
2430 SSL_NOT_DEFAULT | SSL_HIGH,
2431 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2437 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2438 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2443 TLS1_VERSION, TLS1_2_VERSION,
2444 DTLS1_VERSION, DTLS1_2_VERSION,
2445 SSL_NOT_DEFAULT | SSL_HIGH,
2446 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2452 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2453 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2458 TLS1_VERSION, TLS1_2_VERSION,
2459 DTLS1_VERSION, DTLS1_2_VERSION,
2460 SSL_NOT_DEFAULT | SSL_HIGH,
2461 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2467 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2468 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2473 TLS1_VERSION, TLS1_2_VERSION,
2474 DTLS1_VERSION, DTLS1_2_VERSION,
2475 SSL_NOT_DEFAULT | SSL_HIGH,
2476 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2482 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2483 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2488 TLS1_VERSION, TLS1_2_VERSION,
2489 DTLS1_VERSION, DTLS1_2_VERSION,
2490 SSL_NOT_DEFAULT | SSL_HIGH,
2491 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2495 # endif /* OPENSSL_NO_PSK */
2497 #endif /* OPENSSL_NO_CAMELLIA */
2499 #ifndef OPENSSL_NO_GOST
2502 "GOST2001-GOST89-GOST89",
2506 SSL_eGOST2814789CNT,
2508 TLS1_VERSION, TLS1_2_VERSION,
2511 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2517 "GOST2001-NULL-GOST94",
2523 TLS1_VERSION, TLS1_2_VERSION,
2526 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2532 "GOST2012-GOST8912-GOST8912",
2535 SSL_aGOST12 | SSL_aGOST01,
2536 SSL_eGOST2814789CNT12,
2538 TLS1_VERSION, TLS1_2_VERSION,
2541 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2547 "GOST2012-NULL-GOST12",
2550 SSL_aGOST12 | SSL_aGOST01,
2553 TLS1_VERSION, TLS1_2_VERSION,
2556 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2559 #endif /* OPENSSL_NO_GOST */
2561 #ifndef OPENSSL_NO_IDEA
2564 SSL3_TXT_RSA_IDEA_128_SHA,
2565 SSL3_CK_RSA_IDEA_128_SHA,
2570 SSL3_VERSION, TLS1_1_VERSION,
2571 DTLS1_VERSION, DTLS1_VERSION,
2572 SSL_NOT_DEFAULT | SSL_MEDIUM,
2573 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2579 #ifndef OPENSSL_NO_SEED
2582 TLS1_TXT_RSA_WITH_SEED_SHA,
2583 TLS1_CK_RSA_WITH_SEED_SHA,
2588 SSL3_VERSION, TLS1_2_VERSION,
2589 DTLS1_VERSION, DTLS1_2_VERSION,
2590 SSL_NOT_DEFAULT | SSL_MEDIUM,
2591 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2597 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2598 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2603 SSL3_VERSION, TLS1_2_VERSION,
2604 DTLS1_VERSION, DTLS1_2_VERSION,
2605 SSL_NOT_DEFAULT | SSL_MEDIUM,
2606 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2612 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2613 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2618 SSL3_VERSION, TLS1_2_VERSION,
2619 DTLS1_VERSION, DTLS1_2_VERSION,
2620 SSL_NOT_DEFAULT | SSL_MEDIUM,
2621 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2627 TLS1_TXT_ADH_WITH_SEED_SHA,
2628 TLS1_CK_ADH_WITH_SEED_SHA,
2633 SSL3_VERSION, TLS1_2_VERSION,
2634 DTLS1_VERSION, DTLS1_2_VERSION,
2635 SSL_NOT_DEFAULT | SSL_MEDIUM,
2636 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2640 #endif /* OPENSSL_NO_SEED */
2642 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2645 SSL3_TXT_RSA_RC4_128_MD5,
2646 SSL3_CK_RSA_RC4_128_MD5,
2651 SSL3_VERSION, TLS1_2_VERSION,
2653 SSL_NOT_DEFAULT | SSL_MEDIUM,
2654 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2660 SSL3_TXT_RSA_RC4_128_SHA,
2661 SSL3_CK_RSA_RC4_128_SHA,
2666 SSL3_VERSION, TLS1_2_VERSION,
2668 SSL_NOT_DEFAULT | SSL_MEDIUM,
2669 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2675 SSL3_TXT_ADH_RC4_128_MD5,
2676 SSL3_CK_ADH_RC4_128_MD5,
2681 SSL3_VERSION, TLS1_2_VERSION,
2683 SSL_NOT_DEFAULT | SSL_MEDIUM,
2684 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2689 # ifndef OPENSSL_NO_EC
2692 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2693 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2698 SSL3_VERSION, TLS1_2_VERSION,
2700 SSL_NOT_DEFAULT | SSL_MEDIUM,
2701 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2707 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2708 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2713 SSL3_VERSION, TLS1_2_VERSION,
2715 SSL_NOT_DEFAULT | SSL_MEDIUM,
2716 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2722 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2723 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2728 SSL3_VERSION, TLS1_2_VERSION,
2730 SSL_NOT_DEFAULT | SSL_MEDIUM,
2731 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2737 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2738 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2743 SSL3_VERSION, TLS1_2_VERSION,
2745 SSL_NOT_DEFAULT | SSL_MEDIUM,
2746 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2750 # endif /* OPENSSL_NO_EC */
2752 # ifndef OPENSSL_NO_PSK
2755 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2756 TLS1_CK_PSK_WITH_RC4_128_SHA,
2761 SSL3_VERSION, TLS1_2_VERSION,
2763 SSL_NOT_DEFAULT | SSL_MEDIUM,
2764 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2770 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2771 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2776 SSL3_VERSION, TLS1_2_VERSION,
2778 SSL_NOT_DEFAULT | SSL_MEDIUM,
2779 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2785 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2786 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2791 SSL3_VERSION, TLS1_2_VERSION,
2793 SSL_NOT_DEFAULT | SSL_MEDIUM,
2794 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2798 # endif /* OPENSSL_NO_PSK */
2800 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2805 static int cipher_compare(const void *a, const void *b)
2807 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2808 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2810 return ap->id - bp->id;
2813 void ssl_sort_cipher_list(void)
2815 qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
2820 const SSL3_ENC_METHOD SSLv3_enc_data = {
2823 ssl3_setup_key_block,
2824 ssl3_generate_master_secret,
2825 ssl3_change_cipher_state,
2826 ssl3_final_finish_mac,
2827 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2828 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2829 SSL3_MD_SERVER_FINISHED_CONST, 4,
2831 (int (*)(SSL *, unsigned char *, size_t, const char *,
2832 size_t, const unsigned char *, size_t,
2833 int use_context))ssl_undefined_function,
2835 SSL3_HM_HEADER_LENGTH,
2836 ssl3_set_handshake_header,
2837 ssl3_handshake_write
2840 long ssl3_default_timeout(void)
2843 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2844 * http, the cache would over fill
2846 return (60 * 60 * 2);
2849 int ssl3_num_ciphers(void)
2851 return (SSL3_NUM_CIPHERS);
2854 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2856 if (u < SSL3_NUM_CIPHERS)
2857 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2862 int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2864 unsigned char *p = (unsigned char *)s->init_buf->data;
2867 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2873 int ssl3_handshake_write(SSL *s)
2875 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2878 int ssl3_new(SSL *s)
2882 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2886 #ifndef OPENSSL_NO_SRP
2887 if (!SSL_SRP_CTX_init(s))
2890 s->method->ssl_clear(s);
2896 void ssl3_free(SSL *s)
2898 if (s == NULL || s->s3 == NULL)
2901 ssl3_cleanup_key_block(s);
2903 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2904 EVP_PKEY_free(s->s3->peer_tmp);
2905 s->s3->peer_tmp = NULL;
2906 EVP_PKEY_free(s->s3->tmp.pkey);
2907 s->s3->tmp.pkey = NULL;
2910 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2911 OPENSSL_free(s->s3->tmp.ciphers_raw);
2912 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2913 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2914 ssl3_free_digest_list(s);
2915 OPENSSL_free(s->s3->alpn_selected);
2916 OPENSSL_free(s->s3->alpn_proposed);
2918 #ifndef OPENSSL_NO_SRP
2919 SSL_SRP_CTX_free(s);
2921 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2925 void ssl3_clear(SSL *s)
2927 ssl3_cleanup_key_block(s);
2928 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2929 OPENSSL_free(s->s3->tmp.ciphers_raw);
2930 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2931 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2933 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2934 EVP_PKEY_free(s->s3->tmp.pkey);
2935 EVP_PKEY_free(s->s3->peer_tmp);
2936 #endif /* !OPENSSL_NO_EC */
2938 ssl3_free_digest_list(s);
2940 OPENSSL_free(s->s3->alpn_selected);
2941 OPENSSL_free(s->s3->alpn_proposed);
2943 /* NULL/zero-out everything in the s3 struct */
2944 memset(s->s3, 0, sizeof(*s->s3));
2946 ssl_free_wbio_buffer(s);
2948 s->version = SSL3_VERSION;
2950 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2951 OPENSSL_free(s->next_proto_negotiated);
2952 s->next_proto_negotiated = NULL;
2953 s->next_proto_negotiated_len = 0;
2957 #ifndef OPENSSL_NO_SRP
2958 static char *srp_password_from_info_cb(SSL *s, void *arg)
2960 return OPENSSL_strdup(s->srp_ctx.info);
2964 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
2967 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2972 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2974 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2975 ret = s->s3->num_renegotiations;
2977 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2978 ret = s->s3->num_renegotiations;
2979 s->s3->num_renegotiations = 0;
2981 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2982 ret = s->s3->total_renegotiations;
2984 case SSL_CTRL_GET_FLAGS:
2985 ret = (int)(s->s3->flags);
2987 #ifndef OPENSSL_NO_DH
2988 case SSL_CTRL_SET_TMP_DH:
2990 DH *dh = (DH *)parg;
2991 EVP_PKEY *pkdh = NULL;
2993 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2996 pkdh = ssl_dh_to_pkey(dh);
2998 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3001 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3002 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3003 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3004 EVP_PKEY_free(pkdh);
3007 EVP_PKEY_free(s->cert->dh_tmp);
3008 s->cert->dh_tmp = pkdh;
3012 case SSL_CTRL_SET_TMP_DH_CB:
3014 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3017 case SSL_CTRL_SET_DH_AUTO:
3018 s->cert->dh_tmp_auto = larg;
3021 #ifndef OPENSSL_NO_EC
3022 case SSL_CTRL_SET_TMP_ECDH:
3024 const EC_GROUP *group = NULL;
3028 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3031 group = EC_KEY_get0_group((const EC_KEY *)parg);
3032 if (group == NULL) {
3033 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3036 nid = EC_GROUP_get_curve_name(group);
3037 if (nid == NID_undef)
3039 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3040 &s->tlsext_ellipticcurvelist_length,
3044 #endif /* !OPENSSL_NO_EC */
3045 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3046 if (larg == TLSEXT_NAMETYPE_host_name) {
3049 OPENSSL_free(s->tlsext_hostname);
3050 s->tlsext_hostname = NULL;
3055 len = strlen((char *)parg);
3056 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3057 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3060 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3061 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3065 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3069 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3070 s->tlsext_debug_arg = parg;
3074 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3075 s->tlsext_status_type = larg;
3079 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3080 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3084 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3085 s->tlsext_ocsp_exts = parg;
3089 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3090 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3094 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3095 s->tlsext_ocsp_ids = parg;
3099 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3100 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3101 return s->tlsext_ocsp_resplen;
3103 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3104 OPENSSL_free(s->tlsext_ocsp_resp);
3105 s->tlsext_ocsp_resp = parg;
3106 s->tlsext_ocsp_resplen = larg;
3110 #ifndef OPENSSL_NO_HEARTBEATS
3111 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3113 ret = dtls1_heartbeat(s);
3116 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3118 ret = s->tlsext_hb_pending;
3121 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3122 if (SSL_IS_DTLS(s)) {
3124 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3126 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3132 case SSL_CTRL_CHAIN:
3134 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3136 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3138 case SSL_CTRL_CHAIN_CERT:
3140 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3142 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3144 case SSL_CTRL_GET_CHAIN_CERTS:
3145 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3148 case SSL_CTRL_SELECT_CURRENT_CERT:
3149 return ssl_cert_select_current(s->cert, (X509 *)parg);
3151 case SSL_CTRL_SET_CURRENT_CERT:
3152 if (larg == SSL_CERT_SET_SERVER) {
3154 const SSL_CIPHER *cipher;
3157 cipher = s->s3->tmp.new_cipher;
3161 * No certificate for unauthenticated ciphersuites or using SRP
3164 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3166 cpk = ssl_get_server_send_pkey(s);
3172 return ssl_cert_set_current(s->cert, larg);
3174 #ifndef OPENSSL_NO_EC
3175 case SSL_CTRL_GET_CURVES:
3177 unsigned char *clist;
3181 clist = s->session->tlsext_ellipticcurvelist;
3182 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3186 unsigned int cid, nid;
3187 for (i = 0; i < clistlen; i++) {
3189 nid = tls1_ec_curve_id2nid(cid);
3193 cptr[i] = TLSEXT_nid_unknown | cid;
3196 return (int)clistlen;
3199 case SSL_CTRL_SET_CURVES:
3200 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3201 &s->tlsext_ellipticcurvelist_length,
3204 case SSL_CTRL_SET_CURVES_LIST:
3205 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3206 &s->tlsext_ellipticcurvelist_length,
3209 case SSL_CTRL_GET_SHARED_CURVE:
3210 return tls1_shared_curve(s, larg);
3213 case SSL_CTRL_SET_SIGALGS:
3214 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3216 case SSL_CTRL_SET_SIGALGS_LIST:
3217 return tls1_set_sigalgs_list(s->cert, parg, 0);
3219 case SSL_CTRL_SET_CLIENT_SIGALGS:
3220 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3222 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3223 return tls1_set_sigalgs_list(s->cert, parg, 1);
3225 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3227 const unsigned char **pctype = parg;
3228 if (s->server || !s->s3->tmp.cert_req)
3230 if (s->cert->ctypes) {
3232 *pctype = s->cert->ctypes;
3233 return (int)s->cert->ctype_num;
3236 *pctype = (unsigned char *)s->s3->tmp.ctype;
3237 return s->s3->tmp.ctype_num;
3240 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3243 return ssl3_set_req_cert_type(s->cert, parg, larg);
3245 case SSL_CTRL_BUILD_CERT_CHAIN:
3246 return ssl_build_cert_chain(s, NULL, larg);
3248 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3249 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3251 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3252 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3254 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3255 if (SSL_USE_SIGALGS(s)) {
3258 sig = s->s3->tmp.peer_md;
3260 *(int *)parg = EVP_MD_type(sig);
3266 /* Might want to do something here for other versions */
3270 case SSL_CTRL_GET_SERVER_TMP_KEY:
3271 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3272 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3275 EVP_PKEY_up_ref(s->s3->peer_tmp);
3276 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3282 #ifndef OPENSSL_NO_EC
3283 case SSL_CTRL_GET_EC_POINT_FORMATS:
3285 SSL_SESSION *sess = s->session;
3286 const unsigned char **pformat = parg;
3287 if (!sess || !sess->tlsext_ecpointformatlist)
3289 *pformat = sess->tlsext_ecpointformatlist;
3290 return (int)sess->tlsext_ecpointformatlist_length;
3300 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3305 #ifndef OPENSSL_NO_DH
3306 case SSL_CTRL_SET_TMP_DH_CB:
3308 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3312 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3313 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3314 const unsigned char *, int, void *))fp;
3317 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3319 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3328 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3331 #ifndef OPENSSL_NO_DH
3332 case SSL_CTRL_SET_TMP_DH:
3334 DH *dh = (DH *)parg;
3335 EVP_PKEY *pkdh = NULL;
3337 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3340 pkdh = ssl_dh_to_pkey(dh);
3342 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3345 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3346 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3347 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3348 EVP_PKEY_free(pkdh);
3351 EVP_PKEY_free(ctx->cert->dh_tmp);
3352 ctx->cert->dh_tmp = pkdh;
3358 case SSL_CTRL_SET_TMP_DH_CB:
3360 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3363 case SSL_CTRL_SET_DH_AUTO:
3364 ctx->cert->dh_tmp_auto = larg;
3367 #ifndef OPENSSL_NO_EC
3368 case SSL_CTRL_SET_TMP_ECDH:
3370 const EC_GROUP *group = NULL;
3374 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3377 group = EC_KEY_get0_group((const EC_KEY *)parg);
3378 if (group == NULL) {
3379 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3382 nid = EC_GROUP_get_curve_name(group);
3383 if (nid == NID_undef)
3385 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3386 &ctx->tlsext_ellipticcurvelist_length,
3390 #endif /* !OPENSSL_NO_EC */
3391 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3392 ctx->tlsext_servername_arg = parg;
3394 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3395 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3397 unsigned char *keys = parg;
3401 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3404 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3405 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3406 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3407 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3409 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3410 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3411 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3416 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3417 ctx->tlsext_status_arg = parg;
3420 #ifndef OPENSSL_NO_SRP
3421 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3422 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3423 OPENSSL_free(ctx->srp_ctx.login);
3424 ctx->srp_ctx.login = NULL;
3427 if (strlen((const char *)parg) > 255
3428 || strlen((const char *)parg) < 1) {
3429 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3432 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3433 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3437 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3438 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3439 srp_password_from_info_cb;
3440 ctx->srp_ctx.info = parg;
3442 case SSL_CTRL_SET_SRP_ARG:
3443 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3444 ctx->srp_ctx.SRP_cb_arg = parg;
3447 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3448 ctx->srp_ctx.strength = larg;
3452 #ifndef OPENSSL_NO_EC
3453 case SSL_CTRL_SET_CURVES:
3454 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3455 &ctx->tlsext_ellipticcurvelist_length,
3458 case SSL_CTRL_SET_CURVES_LIST:
3459 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3460 &ctx->tlsext_ellipticcurvelist_length,
3463 case SSL_CTRL_SET_SIGALGS:
3464 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3466 case SSL_CTRL_SET_SIGALGS_LIST:
3467 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3469 case SSL_CTRL_SET_CLIENT_SIGALGS:
3470 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3472 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3473 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3475 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3476 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3478 case SSL_CTRL_BUILD_CERT_CHAIN:
3479 return ssl_build_cert_chain(NULL, ctx, larg);
3481 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3482 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3484 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3485 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3487 /* A Thawte special :-) */
3488 case SSL_CTRL_EXTRA_CHAIN_CERT:
3489 if (ctx->extra_certs == NULL) {
3490 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3493 sk_X509_push(ctx->extra_certs, (X509 *)parg);
3496 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3497 if (ctx->extra_certs == NULL && larg == 0)
3498 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3500 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3503 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3504 sk_X509_pop_free(ctx->extra_certs, X509_free);
3505 ctx->extra_certs = NULL;
3508 case SSL_CTRL_CHAIN:
3510 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3512 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3514 case SSL_CTRL_CHAIN_CERT:
3516 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3518 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3520 case SSL_CTRL_GET_CHAIN_CERTS:
3521 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3524 case SSL_CTRL_SELECT_CURRENT_CERT:
3525 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3527 case SSL_CTRL_SET_CURRENT_CERT:
3528 return ssl_cert_set_current(ctx->cert, larg);
3536 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3539 #ifndef OPENSSL_NO_DH
3540 case SSL_CTRL_SET_TMP_DH_CB:
3542 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3546 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3547 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3550 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3551 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3554 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3555 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3558 HMAC_CTX *, int))fp;
3561 #ifndef OPENSSL_NO_SRP
3562 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3563 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3564 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3566 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3567 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3568 ctx->srp_ctx.TLS_ext_srp_username_callback =
3569 (int (*)(SSL *, int *, void *))fp;
3571 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3572 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3573 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3574 (char *(*)(SSL *, void *))fp;
3577 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3579 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3589 * This function needs to check if the ciphers required are actually
3592 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3595 const SSL_CIPHER *cp;
3598 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
3600 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3604 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3610 if ((l & 0xff000000) != 0x03000000)
3612 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3613 p[1] = ((unsigned char)(l)) & 0xFF;
3619 * ssl3_choose_cipher - choose a cipher from those offered by the client
3620 * @s: SSL connection
3621 * @clnt: ciphers offered by the client
3622 * @srvr: ciphers enabled on the server?
3624 * Returns the selected cipher or NULL when no common ciphers.
3626 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3627 STACK_OF(SSL_CIPHER) *srvr)
3629 const SSL_CIPHER *c, *ret = NULL;
3630 STACK_OF(SSL_CIPHER) *prio, *allow;
3632 unsigned long alg_k, alg_a, mask_k, mask_a;
3634 /* Let's see which ciphers we can support */
3638 * Do not set the compare functions, because this may lead to a
3639 * reordering by "id". We want to keep the original ordering. We may pay
3640 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3641 * pay with the price of sk_SSL_CIPHER_dup().
3643 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3644 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3648 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3650 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3651 c = sk_SSL_CIPHER_value(srvr, i);
3652 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3654 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3656 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3657 c = sk_SSL_CIPHER_value(clnt, i);
3658 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3662 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3670 tls1_set_cert_validity(s);
3673 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3674 c = sk_SSL_CIPHER_value(prio, i);
3676 /* Skip ciphers not supported by the protocol version */
3677 if (!SSL_IS_DTLS(s) &&
3678 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3680 if (SSL_IS_DTLS(s) &&
3681 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3682 DTLS_VERSION_GT(s->version, c->max_dtls)))
3685 mask_k = s->s3->tmp.mask_k;
3686 mask_a = s->s3->tmp.mask_a;
3687 #ifndef OPENSSL_NO_SRP
3688 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3694 alg_k = c->algorithm_mkey;
3695 alg_a = c->algorithm_auth;
3697 #ifndef OPENSSL_NO_PSK
3698 /* with PSK there must be server callback set */
3699 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3701 #endif /* OPENSSL_NO_PSK */
3703 ok = (alg_k & mask_k) && (alg_a & mask_a);
3705 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3706 alg_a, mask_k, mask_a, (void *)c, c->name);
3709 # ifndef OPENSSL_NO_EC
3711 * if we are considering an ECC cipher suite that uses an ephemeral
3714 if (alg_k & SSL_kECDHE)
3715 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3716 # endif /* OPENSSL_NO_EC */
3720 ii = sk_SSL_CIPHER_find(allow, c);
3722 /* Check security callback permits this cipher */
3723 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3724 c->strength_bits, 0, (void *)c))
3726 #if !defined(OPENSSL_NO_EC)
3727 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3728 && s->s3->is_probably_safari) {
3730 ret = sk_SSL_CIPHER_value(allow, ii);
3734 ret = sk_SSL_CIPHER_value(allow, ii);
3741 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3744 uint32_t alg_k, alg_a = 0;
3746 /* If we have custom certificate types set, use them */
3747 if (s->cert->ctypes) {
3748 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
3749 return (int)s->cert->ctype_num;
3751 /* Get mask of algorithms disabled by signature list */
3752 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3754 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3756 #ifndef OPENSSL_NO_GOST
3757 if (s->version >= TLS1_VERSION) {
3758 if (alg_k & SSL_kGOST) {
3759 p[ret++] = TLS_CT_GOST01_SIGN;
3760 p[ret++] = TLS_CT_GOST12_SIGN;
3761 p[ret++] = TLS_CT_GOST12_512_SIGN;
3767 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3768 #ifndef OPENSSL_NO_DH
3769 # ifndef OPENSSL_NO_RSA
3770 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3772 # ifndef OPENSSL_NO_DSA
3773 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3775 #endif /* !OPENSSL_NO_DH */
3777 #ifndef OPENSSL_NO_RSA
3778 if (!(alg_a & SSL_aRSA))
3779 p[ret++] = SSL3_CT_RSA_SIGN;
3781 #ifndef OPENSSL_NO_DSA
3782 if (!(alg_a & SSL_aDSS))
3783 p[ret++] = SSL3_CT_DSS_SIGN;
3785 #ifndef OPENSSL_NO_EC
3787 * ECDSA certs can be used with RSA cipher suites too so we don't
3788 * need to check for SSL_kECDH or SSL_kECDHE
3790 if (s->version >= TLS1_VERSION) {
3791 if (!(alg_a & SSL_aECDSA))
3792 p[ret++] = TLS_CT_ECDSA_SIGN;
3798 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3800 OPENSSL_free(c->ctypes);
3806 c->ctypes = OPENSSL_malloc(len);
3807 if (c->ctypes == NULL)
3809 memcpy(c->ctypes, p, len);
3814 int ssl3_shutdown(SSL *s)
3819 * Don't do anything much if we have not done the handshake or we don't
3820 * want to send messages :-)
3822 if (s->quiet_shutdown || SSL_in_before(s)) {
3823 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3827 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3828 s->shutdown |= SSL_SENT_SHUTDOWN;
3829 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3831 * our shutdown alert has been sent now, and if it still needs to be
3832 * written, s->s3->alert_dispatch will be true
3834 if (s->s3->alert_dispatch)
3835 return (-1); /* return WANT_WRITE */
3836 } else if (s->s3->alert_dispatch) {
3837 /* resend it if not sent */
3838 ret = s->method->ssl_dispatch_alert(s);
3841 * we only get to return -1 here the 2nd/Nth invocation, we must
3842 * have already signalled return 0 upon a previous invocation,
3847 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3849 * If we are waiting for a close from our peer, we are closed
3851 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
3852 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3853 return (-1); /* return WANT_READ */
3857 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3858 !s->s3->alert_dispatch)
3864 int ssl3_write(SSL *s, const void *buf, int len)
3867 if (s->s3->renegotiate)
3868 ssl3_renegotiate_check(s);
3870 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
3874 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3879 if (s->s3->renegotiate)
3880 ssl3_renegotiate_check(s);
3881 s->s3->in_read_app_data = 1;
3883 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3885 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3887 * ssl3_read_bytes decided to call s->handshake_func, which called
3888 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3889 * actually found application data and thinks that application data
3890 * makes sense here; so disable handshake processing and try to read
3891 * application data again.
3893 ossl_statem_set_in_handshake(s, 1);
3895 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3897 ossl_statem_set_in_handshake(s, 0);
3899 s->s3->in_read_app_data = 0;
3904 int ssl3_read(SSL *s, void *buf, int len)
3906 return ssl3_read_internal(s, buf, len, 0);
3909 int ssl3_peek(SSL *s, void *buf, int len)
3911 return ssl3_read_internal(s, buf, len, 1);
3914 int ssl3_renegotiate(SSL *s)
3916 if (s->handshake_func == NULL)
3919 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3922 s->s3->renegotiate = 1;
3926 int ssl3_renegotiate_check(SSL *s)
3930 if (s->s3->renegotiate) {
3931 if (!RECORD_LAYER_read_pending(&s->rlayer)
3932 && !RECORD_LAYER_write_pending(&s->rlayer)
3933 && !SSL_in_init(s)) {
3935 * if we are the server, and we have sent a 'RENEGOTIATE'
3936 * message, we need to set the state machine into the renegotiate
3939 ossl_statem_set_renegotiate(s);
3940 s->s3->renegotiate = 0;
3941 s->s3->num_renegotiations++;
3942 s->s3->total_renegotiations++;
3950 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3951 * handshake macs if required.
3953 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3955 long ssl_get_algorithm2(SSL *s)
3957 long alg2 = s->s3->tmp.new_cipher->algorithm2;
3958 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3959 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3960 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3961 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3962 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3963 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3969 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3970 * failure, 1 on success.
3972 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
3979 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
3981 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
3983 unsigned long Time = (unsigned long)time(NULL);
3984 unsigned char *p = result;
3986 return RAND_bytes(p, len - 4);
3988 return RAND_bytes(result, len);
3991 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
3994 #ifndef OPENSSL_NO_PSK
3995 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3996 if (alg_k & SSL_PSK) {
3997 unsigned char *pskpms, *t;
3998 size_t psklen = s->s3->tmp.psklen;
4001 /* create PSK premaster_secret */
4003 /* For plain PSK "other_secret" is psklen zeroes */
4004 if (alg_k & SSL_kPSK)
4007 pskpmslen = 4 + pmslen + psklen;
4008 pskpms = OPENSSL_malloc(pskpmslen);
4009 if (pskpms == NULL) {
4010 s->session->master_key_length = 0;
4015 if (alg_k & SSL_kPSK)
4016 memset(t, 0, pmslen);
4018 memcpy(t, pms, pmslen);
4021 memcpy(t, s->s3->tmp.psk, psklen);
4023 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4024 s->s3->tmp.psk = NULL;
4025 s->session->master_key_length =
4026 s->method->ssl3_enc->generate_master_secret(s,
4027 s->session->master_key,
4029 OPENSSL_clear_free(pskpms, pskpmslen);
4032 s->session->master_key_length =
4033 s->method->ssl3_enc->generate_master_secret(s,
4034 s->session->master_key,
4036 #ifndef OPENSSL_NO_PSK
4041 OPENSSL_clear_free(pms, pmslen);
4043 OPENSSL_cleanse(pms, pmslen);
4046 s->s3->tmp.pms = NULL;
4047 return s->session->master_key_length >= 0;
4050 /* Generate a private key from parameters or a curve NID */
4051 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int nid)
4053 EVP_PKEY_CTX *pctx = NULL;
4054 EVP_PKEY *pkey = NULL;
4056 pctx = EVP_PKEY_CTX_new(pm, NULL);
4059 * Generate a new key for this curve.
4060 * Should not be called if EC is disabled: if it is it will
4061 * fail with an unknown algorithm error.
4063 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4067 if (EVP_PKEY_keygen_init(pctx) <= 0)
4069 #ifndef OPENSSL_NO_EC
4070 if (pm == NULL && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4074 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4075 EVP_PKEY_free(pkey);
4080 EVP_PKEY_CTX_free(pctx);
4083 /* Derive premaster or master secret for ECDH/DH */
4084 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4087 unsigned char *pms = NULL;
4091 if (privkey == NULL || pubkey == NULL)
4094 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4096 if (EVP_PKEY_derive_init(pctx) <= 0
4097 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4098 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4102 pms = OPENSSL_malloc(pmslen);
4106 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4110 /* For server generate master secret and discard premaster */
4111 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4114 /* For client just save premaster secret */
4115 s->s3->tmp.pms = pms;
4116 s->s3->tmp.pmslen = pmslen;
4122 OPENSSL_clear_free(pms, pmslen);
4123 EVP_PKEY_CTX_free(pctx);
4127 #ifndef OPENSSL_NO_DH
4128 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4133 ret = EVP_PKEY_new();
4134 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {