1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include "internal/e_os.h"
13
14 #include <openssl/objects.h>
15 #include "internal/nelem.h"
16 #include "ssl_local.h"
17 #include <openssl/md5.h>
18 #include <openssl/dh.h>
19 #include <openssl/rand.h>
20 #include <openssl/trace.h>
21 #include <openssl/x509v3.h>
22 #include <openssl/core_names.h>
23 #include "internal/cryptlib.h"
24
25 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
26 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
27 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
28
29 /* TLSv1.3 downgrade protection sentinel values */
30 const unsigned char tls11downgrade[] = {
31 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
32 };
33 const unsigned char tls12downgrade[] = {
34 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
35 };
36
37 /* The list of available TLSv1.3 ciphers */
38 static SSL_CIPHER tls13_ciphers[] = {
39 {
40 1,
41 TLS1_3_RFC_AES_128_GCM_SHA256,
42 TLS1_3_RFC_AES_128_GCM_SHA256,
43 TLS1_3_CK_AES_128_GCM_SHA256,
44 SSL_kANY,
45 SSL_aANY,
46 SSL_AES128GCM,
47 SSL_AEAD,
48 TLS1_3_VERSION, TLS1_3_VERSION,
49 0, 0,
50 SSL_HIGH,
51 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
52 128,
53 128,
54 }, {
55 1,
56 TLS1_3_RFC_AES_256_GCM_SHA384,
57 TLS1_3_RFC_AES_256_GCM_SHA384,
58 TLS1_3_CK_AES_256_GCM_SHA384,
59 SSL_kANY,
60 SSL_aANY,
61 SSL_AES256GCM,
62 SSL_AEAD,
63 TLS1_3_VERSION, TLS1_3_VERSION,
64 0, 0,
65 SSL_HIGH,
66 SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
67 256,
68 256,
69 },
70 {
71 1,
72 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
73 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
74 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
75 SSL_kANY,
76 SSL_aANY,
77 SSL_CHACHA20POLY1305,
78 SSL_AEAD,
79 TLS1_3_VERSION, TLS1_3_VERSION,
80 0, 0,
81 SSL_HIGH,
82 SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
83 256,
84 256,
85 },
86 {
87 1,
88 TLS1_3_RFC_AES_128_CCM_SHA256,
89 TLS1_3_RFC_AES_128_CCM_SHA256,
90 TLS1_3_CK_AES_128_CCM_SHA256,
91 SSL_kANY,
92 SSL_aANY,
93 SSL_AES128CCM,
94 SSL_AEAD,
95 TLS1_3_VERSION, TLS1_3_VERSION,
96 0, 0,
97 SSL_NOT_DEFAULT | SSL_HIGH,
98 SSL_HANDSHAKE_MAC_SHA256,
99 128,
100 128,
101 }, {
102 1,
103 TLS1_3_RFC_AES_128_CCM_8_SHA256,
104 TLS1_3_RFC_AES_128_CCM_8_SHA256,
105 TLS1_3_CK_AES_128_CCM_8_SHA256,
106 SSL_kANY,
107 SSL_aANY,
108 SSL_AES128CCM8,
109 SSL_AEAD,
110 TLS1_3_VERSION, TLS1_3_VERSION,
111 0, 0,
112 SSL_NOT_DEFAULT | SSL_MEDIUM,
113 SSL_HANDSHAKE_MAC_SHA256,
114 64, /* CCM8 uses a short tag, so we have a low security strength */
115 128,
116 },
117 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
118 {
119 1,
120 TLS1_3_RFC_SHA256_SHA256,
121 TLS1_3_RFC_SHA256_SHA256,
122 TLS1_3_CK_SHA256_SHA256,
123 SSL_kANY,
124 SSL_aANY,
125 SSL_eNULL,
126 SSL_SHA256,
127 TLS1_3_VERSION, TLS1_3_VERSION,
128 0, 0,
129 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
130 SSL_HANDSHAKE_MAC_SHA256,
131 0,
132 256,
133 }, {
134 1,
135 TLS1_3_RFC_SHA384_SHA384,
136 TLS1_3_RFC_SHA384_SHA384,
137 TLS1_3_CK_SHA384_SHA384,
138 SSL_kANY,
139 SSL_aANY,
140 SSL_eNULL,
141 SSL_SHA384,
142 TLS1_3_VERSION, TLS1_3_VERSION,
143 0, 0,
144 SSL_NOT_DEFAULT | SSL_STRONG_NONE,
145 SSL_HANDSHAKE_MAC_SHA384,
146 0,
147 384,
148 },
149 #endif
150 };
151
152 /*
153 * The list of available ciphers, mostly organized into the following
154 * groups:
155 * Always there
156 * EC
157 * PSK
158 * SRP (within that: RSA EC PSK)
159 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
160 * Weak ciphers
161 */
162 static SSL_CIPHER ssl3_ciphers[] = {
163 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
164 {
165 1,
166 SSL3_TXT_RSA_NULL_MD5,
167 SSL3_RFC_RSA_NULL_MD5,
168 SSL3_CK_RSA_NULL_MD5,
169 SSL_kRSA,
170 SSL_aRSA,
171 SSL_eNULL,
172 SSL_MD5,
173 SSL3_VERSION, TLS1_2_VERSION,
174 DTLS1_BAD_VER, DTLS1_2_VERSION,
175 SSL_STRONG_NONE,
176 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
177 0,
178 0,
179 },
180 {
181 1,
182 SSL3_TXT_RSA_NULL_SHA,
183 SSL3_RFC_RSA_NULL_SHA,
184 SSL3_CK_RSA_NULL_SHA,
185 SSL_kRSA,
186 SSL_aRSA,
187 SSL_eNULL,
188 SSL_SHA1,
189 SSL3_VERSION, TLS1_2_VERSION,
190 DTLS1_BAD_VER, DTLS1_2_VERSION,
191 SSL_STRONG_NONE | SSL_FIPS,
192 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
193 0,
194 0,
195 },
196 #endif
197 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
198 {
199 1,
200 SSL3_TXT_RSA_DES_192_CBC3_SHA,
201 SSL3_RFC_RSA_DES_192_CBC3_SHA,
202 SSL3_CK_RSA_DES_192_CBC3_SHA,
203 SSL_kRSA,
204 SSL_aRSA,
205 SSL_3DES,
206 SSL_SHA1,
207 SSL3_VERSION, TLS1_2_VERSION,
208 DTLS1_BAD_VER, DTLS1_2_VERSION,
209 SSL_NOT_DEFAULT | SSL_MEDIUM,
210 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
211 112,
212 168,
213 },
214 {
215 1,
216 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
217 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
218 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
219 SSL_kDHE,
220 SSL_aDSS,
221 SSL_3DES,
222 SSL_SHA1,
223 SSL3_VERSION, TLS1_2_VERSION,
224 DTLS1_BAD_VER, DTLS1_2_VERSION,
225 SSL_NOT_DEFAULT | SSL_MEDIUM,
226 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
227 112,
228 168,
229 },
230 {
231 1,
232 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
233 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
234 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
235 SSL_kDHE,
236 SSL_aRSA,
237 SSL_3DES,
238 SSL_SHA1,
239 SSL3_VERSION, TLS1_2_VERSION,
240 DTLS1_BAD_VER, DTLS1_2_VERSION,
241 SSL_NOT_DEFAULT | SSL_MEDIUM,
242 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
243 112,
244 168,
245 },
246 {
247 1,
248 SSL3_TXT_ADH_DES_192_CBC_SHA,
249 SSL3_RFC_ADH_DES_192_CBC_SHA,
250 SSL3_CK_ADH_DES_192_CBC_SHA,
251 SSL_kDHE,
252 SSL_aNULL,
253 SSL_3DES,
254 SSL_SHA1,
255 SSL3_VERSION, TLS1_2_VERSION,
256 DTLS1_BAD_VER, DTLS1_2_VERSION,
257 SSL_NOT_DEFAULT | SSL_MEDIUM,
258 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
259 112,
260 168,
261 },
262 #endif
263 {
264 1,
265 TLS1_TXT_RSA_WITH_AES_128_SHA,
266 TLS1_RFC_RSA_WITH_AES_128_SHA,
267 TLS1_CK_RSA_WITH_AES_128_SHA,
268 SSL_kRSA,
269 SSL_aRSA,
270 SSL_AES128,
271 SSL_SHA1,
272 SSL3_VERSION, TLS1_2_VERSION,
273 DTLS1_BAD_VER, DTLS1_2_VERSION,
274 SSL_HIGH | SSL_FIPS,
275 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
276 128,
277 128,
278 },
279 {
280 1,
281 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
282 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
283 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
284 SSL_kDHE,
285 SSL_aDSS,
286 SSL_AES128,
287 SSL_SHA1,
288 SSL3_VERSION, TLS1_2_VERSION,
289 DTLS1_BAD_VER, DTLS1_2_VERSION,
290 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
291 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
292 128,
293 128,
294 },
295 {
296 1,
297 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
298 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
299 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
300 SSL_kDHE,
301 SSL_aRSA,
302 SSL_AES128,
303 SSL_SHA1,
304 SSL3_VERSION, TLS1_2_VERSION,
305 DTLS1_BAD_VER, DTLS1_2_VERSION,
306 SSL_HIGH | SSL_FIPS,
307 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
308 128,
309 128,
310 },
311 {
312 1,
313 TLS1_TXT_ADH_WITH_AES_128_SHA,
314 TLS1_RFC_ADH_WITH_AES_128_SHA,
315 TLS1_CK_ADH_WITH_AES_128_SHA,
316 SSL_kDHE,
317 SSL_aNULL,
318 SSL_AES128,
319 SSL_SHA1,
320 SSL3_VERSION, TLS1_2_VERSION,
321 DTLS1_BAD_VER, DTLS1_2_VERSION,
322 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
323 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
324 128,
325 128,
326 },
327 {
328 1,
329 TLS1_TXT_RSA_WITH_AES_256_SHA,
330 TLS1_RFC_RSA_WITH_AES_256_SHA,
331 TLS1_CK_RSA_WITH_AES_256_SHA,
332 SSL_kRSA,
333 SSL_aRSA,
334 SSL_AES256,
335 SSL_SHA1,
336 SSL3_VERSION, TLS1_2_VERSION,
337 DTLS1_BAD_VER, DTLS1_2_VERSION,
338 SSL_HIGH | SSL_FIPS,
339 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
340 256,
341 256,
342 },
343 {
344 1,
345 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
346 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
347 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
348 SSL_kDHE,
349 SSL_aDSS,
350 SSL_AES256,
351 SSL_SHA1,
352 SSL3_VERSION, TLS1_2_VERSION,
353 DTLS1_BAD_VER, DTLS1_2_VERSION,
354 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
355 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
356 256,
357 256,
358 },
359 {
360 1,
361 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
362 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
363 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
364 SSL_kDHE,
365 SSL_aRSA,
366 SSL_AES256,
367 SSL_SHA1,
368 SSL3_VERSION, TLS1_2_VERSION,
369 DTLS1_BAD_VER, DTLS1_2_VERSION,
370 SSL_HIGH | SSL_FIPS,
371 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
372 256,
373 256,
374 },
375 {
376 1,
377 TLS1_TXT_ADH_WITH_AES_256_SHA,
378 TLS1_RFC_ADH_WITH_AES_256_SHA,
379 TLS1_CK_ADH_WITH_AES_256_SHA,
380 SSL_kDHE,
381 SSL_aNULL,
382 SSL_AES256,
383 SSL_SHA1,
384 SSL3_VERSION, TLS1_2_VERSION,
385 DTLS1_BAD_VER, DTLS1_2_VERSION,
386 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
387 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
388 256,
389 256,
390 },
391 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
392 {
393 1,
394 TLS1_TXT_RSA_WITH_NULL_SHA256,
395 TLS1_RFC_RSA_WITH_NULL_SHA256,
396 TLS1_CK_RSA_WITH_NULL_SHA256,
397 SSL_kRSA,
398 SSL_aRSA,
399 SSL_eNULL,
400 SSL_SHA256,
401 TLS1_2_VERSION, TLS1_2_VERSION,
402 DTLS1_2_VERSION, DTLS1_2_VERSION,
403 SSL_STRONG_NONE | SSL_FIPS,
404 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
405 0,
406 0,
407 },
408 #endif
409 {
410 1,
411 TLS1_TXT_RSA_WITH_AES_128_SHA256,
412 TLS1_RFC_RSA_WITH_AES_128_SHA256,
413 TLS1_CK_RSA_WITH_AES_128_SHA256,
414 SSL_kRSA,
415 SSL_aRSA,
416 SSL_AES128,
417 SSL_SHA256,
418 TLS1_2_VERSION, TLS1_2_VERSION,
419 DTLS1_2_VERSION, DTLS1_2_VERSION,
420 SSL_HIGH | SSL_FIPS,
421 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
422 128,
423 128,
424 },
425 {
426 1,
427 TLS1_TXT_RSA_WITH_AES_256_SHA256,
428 TLS1_RFC_RSA_WITH_AES_256_SHA256,
429 TLS1_CK_RSA_WITH_AES_256_SHA256,
430 SSL_kRSA,
431 SSL_aRSA,
432 SSL_AES256,
433 SSL_SHA256,
434 TLS1_2_VERSION, TLS1_2_VERSION,
435 DTLS1_2_VERSION, DTLS1_2_VERSION,
436 SSL_HIGH | SSL_FIPS,
437 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
438 256,
439 256,
440 },
441 {
442 1,
443 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
444 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
445 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
446 SSL_kDHE,
447 SSL_aDSS,
448 SSL_AES128,
449 SSL_SHA256,
450 TLS1_2_VERSION, TLS1_2_VERSION,
451 DTLS1_2_VERSION, DTLS1_2_VERSION,
452 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
453 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
454 128,
455 128,
456 },
457 {
458 1,
459 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
460 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
461 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
462 SSL_kDHE,
463 SSL_aRSA,
464 SSL_AES128,
465 SSL_SHA256,
466 TLS1_2_VERSION, TLS1_2_VERSION,
467 DTLS1_2_VERSION, DTLS1_2_VERSION,
468 SSL_HIGH | SSL_FIPS,
469 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
470 128,
471 128,
472 },
473 {
474 1,
475 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
476 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
477 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
478 SSL_kDHE,
479 SSL_aDSS,
480 SSL_AES256,
481 SSL_SHA256,
482 TLS1_2_VERSION, TLS1_2_VERSION,
483 DTLS1_2_VERSION, DTLS1_2_VERSION,
484 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
485 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
486 256,
487 256,
488 },
489 {
490 1,
491 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
492 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
493 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
494 SSL_kDHE,
495 SSL_aRSA,
496 SSL_AES256,
497 SSL_SHA256,
498 TLS1_2_VERSION, TLS1_2_VERSION,
499 DTLS1_2_VERSION, DTLS1_2_VERSION,
500 SSL_HIGH | SSL_FIPS,
501 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
502 256,
503 256,
504 },
505 {
506 1,
507 TLS1_TXT_ADH_WITH_AES_128_SHA256,
508 TLS1_RFC_ADH_WITH_AES_128_SHA256,
509 TLS1_CK_ADH_WITH_AES_128_SHA256,
510 SSL_kDHE,
511 SSL_aNULL,
512 SSL_AES128,
513 SSL_SHA256,
514 TLS1_2_VERSION, TLS1_2_VERSION,
515 DTLS1_2_VERSION, DTLS1_2_VERSION,
516 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
517 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
518 128,
519 128,
520 },
521 {
522 1,
523 TLS1_TXT_ADH_WITH_AES_256_SHA256,
524 TLS1_RFC_ADH_WITH_AES_256_SHA256,
525 TLS1_CK_ADH_WITH_AES_256_SHA256,
526 SSL_kDHE,
527 SSL_aNULL,
528 SSL_AES256,
529 SSL_SHA256,
530 TLS1_2_VERSION, TLS1_2_VERSION,
531 DTLS1_2_VERSION, DTLS1_2_VERSION,
532 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
533 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
534 256,
535 256,
536 },
537 {
538 1,
539 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
540 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
541 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
542 SSL_kRSA,
543 SSL_aRSA,
544 SSL_AES128GCM,
545 SSL_AEAD,
546 TLS1_2_VERSION, TLS1_2_VERSION,
547 DTLS1_2_VERSION, DTLS1_2_VERSION,
548 SSL_HIGH | SSL_FIPS,
549 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
550 128,
551 128,
552 },
553 {
554 1,
555 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
556 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
557 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
558 SSL_kRSA,
559 SSL_aRSA,
560 SSL_AES256GCM,
561 SSL_AEAD,
562 TLS1_2_VERSION, TLS1_2_VERSION,
563 DTLS1_2_VERSION, DTLS1_2_VERSION,
564 SSL_HIGH | SSL_FIPS,
565 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
566 256,
567 256,
568 },
569 {
570 1,
571 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
572 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
573 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
574 SSL_kDHE,
575 SSL_aRSA,
576 SSL_AES128GCM,
577 SSL_AEAD,
578 TLS1_2_VERSION, TLS1_2_VERSION,
579 DTLS1_2_VERSION, DTLS1_2_VERSION,
580 SSL_HIGH | SSL_FIPS,
581 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
582 128,
583 128,
584 },
585 {
586 1,
587 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
588 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
589 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
590 SSL_kDHE,
591 SSL_aRSA,
592 SSL_AES256GCM,
593 SSL_AEAD,
594 TLS1_2_VERSION, TLS1_2_VERSION,
595 DTLS1_2_VERSION, DTLS1_2_VERSION,
596 SSL_HIGH | SSL_FIPS,
597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
598 256,
599 256,
600 },
601 {
602 1,
603 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
604 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
605 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
606 SSL_kDHE,
607 SSL_aDSS,
608 SSL_AES128GCM,
609 SSL_AEAD,
610 TLS1_2_VERSION, TLS1_2_VERSION,
611 DTLS1_2_VERSION, DTLS1_2_VERSION,
612 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
613 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
614 128,
615 128,
616 },
617 {
618 1,
619 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
620 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
621 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
622 SSL_kDHE,
623 SSL_aDSS,
624 SSL_AES256GCM,
625 SSL_AEAD,
626 TLS1_2_VERSION, TLS1_2_VERSION,
627 DTLS1_2_VERSION, DTLS1_2_VERSION,
628 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
629 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
630 256,
631 256,
632 },
633 {
634 1,
635 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
636 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
637 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
638 SSL_kDHE,
639 SSL_aNULL,
640 SSL_AES128GCM,
641 SSL_AEAD,
642 TLS1_2_VERSION, TLS1_2_VERSION,
643 DTLS1_2_VERSION, DTLS1_2_VERSION,
644 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
645 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
646 128,
647 128,
648 },
649 {
650 1,
651 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
652 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
653 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
654 SSL_kDHE,
655 SSL_aNULL,
656 SSL_AES256GCM,
657 SSL_AEAD,
658 TLS1_2_VERSION, TLS1_2_VERSION,
659 DTLS1_2_VERSION, DTLS1_2_VERSION,
660 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
661 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
662 256,
663 256,
664 },
665 {
666 1,
667 TLS1_TXT_RSA_WITH_AES_128_CCM,
668 TLS1_RFC_RSA_WITH_AES_128_CCM,
669 TLS1_CK_RSA_WITH_AES_128_CCM,
670 SSL_kRSA,
671 SSL_aRSA,
672 SSL_AES128CCM,
673 SSL_AEAD,
674 TLS1_2_VERSION, TLS1_2_VERSION,
675 DTLS1_2_VERSION, DTLS1_2_VERSION,
676 SSL_NOT_DEFAULT | SSL_HIGH,
677 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
678 128,
679 128,
680 },
681 {
682 1,
683 TLS1_TXT_RSA_WITH_AES_256_CCM,
684 TLS1_RFC_RSA_WITH_AES_256_CCM,
685 TLS1_CK_RSA_WITH_AES_256_CCM,
686 SSL_kRSA,
687 SSL_aRSA,
688 SSL_AES256CCM,
689 SSL_AEAD,
690 TLS1_2_VERSION, TLS1_2_VERSION,
691 DTLS1_2_VERSION, DTLS1_2_VERSION,
692 SSL_NOT_DEFAULT | SSL_HIGH,
693 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
694 256,
695 256,
696 },
697 {
698 1,
699 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
700 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
701 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
702 SSL_kDHE,
703 SSL_aRSA,
704 SSL_AES128CCM,
705 SSL_AEAD,
706 TLS1_2_VERSION, TLS1_2_VERSION,
707 DTLS1_2_VERSION, DTLS1_2_VERSION,
708 SSL_NOT_DEFAULT | SSL_HIGH,
709 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
710 128,
711 128,
712 },
713 {
714 1,
715 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
716 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
717 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
718 SSL_kDHE,
719 SSL_aRSA,
720 SSL_AES256CCM,
721 SSL_AEAD,
722 TLS1_2_VERSION, TLS1_2_VERSION,
723 DTLS1_2_VERSION, DTLS1_2_VERSION,
724 SSL_NOT_DEFAULT | SSL_HIGH,
725 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
726 256,
727 256,
728 },
729 {
730 1,
731 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
732 TLS1_RFC_RSA_WITH_AES_128_CCM_8,
733 TLS1_CK_RSA_WITH_AES_128_CCM_8,
734 SSL_kRSA,
735 SSL_aRSA,
736 SSL_AES128CCM8,
737 SSL_AEAD,
738 TLS1_2_VERSION, TLS1_2_VERSION,
739 DTLS1_2_VERSION, DTLS1_2_VERSION,
740 SSL_NOT_DEFAULT | SSL_MEDIUM,
741 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
742 64, /* CCM8 uses a short tag, so we have a low security strength */
743 128,
744 },
745 {
746 1,
747 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
748 TLS1_RFC_RSA_WITH_AES_256_CCM_8,
749 TLS1_CK_RSA_WITH_AES_256_CCM_8,
750 SSL_kRSA,
751 SSL_aRSA,
752 SSL_AES256CCM8,
753 SSL_AEAD,
754 TLS1_2_VERSION, TLS1_2_VERSION,
755 DTLS1_2_VERSION, DTLS1_2_VERSION,
756 SSL_NOT_DEFAULT | SSL_MEDIUM,
757 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
758 64, /* CCM8 uses a short tag, so we have a low security strength */
759 256,
760 },
761 {
762 1,
763 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
764 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
765 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
766 SSL_kDHE,
767 SSL_aRSA,
768 SSL_AES128CCM8,
769 SSL_AEAD,
770 TLS1_2_VERSION, TLS1_2_VERSION,
771 DTLS1_2_VERSION, DTLS1_2_VERSION,
772 SSL_NOT_DEFAULT | SSL_MEDIUM,
773 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
774 64, /* CCM8 uses a short tag, so we have a low security strength */
775 128,
776 },
777 {
778 1,
779 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
780 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
781 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
782 SSL_kDHE,
783 SSL_aRSA,
784 SSL_AES256CCM8,
785 SSL_AEAD,
786 TLS1_2_VERSION, TLS1_2_VERSION,
787 DTLS1_2_VERSION, DTLS1_2_VERSION,
788 SSL_NOT_DEFAULT | SSL_MEDIUM,
789 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
790 64, /* CCM8 uses a short tag, so we have a low security strength */
791 256,
792 },
793 {
794 1,
795 TLS1_TXT_PSK_WITH_AES_128_CCM,
796 TLS1_RFC_PSK_WITH_AES_128_CCM,
797 TLS1_CK_PSK_WITH_AES_128_CCM,
798 SSL_kPSK,
799 SSL_aPSK,
800 SSL_AES128CCM,
801 SSL_AEAD,
802 TLS1_2_VERSION, TLS1_2_VERSION,
803 DTLS1_2_VERSION, DTLS1_2_VERSION,
804 SSL_NOT_DEFAULT | SSL_HIGH,
805 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
806 128,
807 128,
808 },
809 {
810 1,
811 TLS1_TXT_PSK_WITH_AES_256_CCM,
812 TLS1_RFC_PSK_WITH_AES_256_CCM,
813 TLS1_CK_PSK_WITH_AES_256_CCM,
814 SSL_kPSK,
815 SSL_aPSK,
816 SSL_AES256CCM,
817 SSL_AEAD,
818 TLS1_2_VERSION, TLS1_2_VERSION,
819 DTLS1_2_VERSION, DTLS1_2_VERSION,
820 SSL_NOT_DEFAULT | SSL_HIGH,
821 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
822 256,
823 256,
824 },
825 {
826 1,
827 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
828 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
829 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
830 SSL_kDHEPSK,
831 SSL_aPSK,
832 SSL_AES128CCM,
833 SSL_AEAD,
834 TLS1_2_VERSION, TLS1_2_VERSION,
835 DTLS1_2_VERSION, DTLS1_2_VERSION,
836 SSL_NOT_DEFAULT | SSL_HIGH,
837 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
838 128,
839 128,
840 },
841 {
842 1,
843 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
844 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
845 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
846 SSL_kDHEPSK,
847 SSL_aPSK,
848 SSL_AES256CCM,
849 SSL_AEAD,
850 TLS1_2_VERSION, TLS1_2_VERSION,
851 DTLS1_2_VERSION, DTLS1_2_VERSION,
852 SSL_NOT_DEFAULT | SSL_HIGH,
853 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
854 256,
855 256,
856 },
857 {
858 1,
859 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
860 TLS1_RFC_PSK_WITH_AES_128_CCM_8,
861 TLS1_CK_PSK_WITH_AES_128_CCM_8,
862 SSL_kPSK,
863 SSL_aPSK,
864 SSL_AES128CCM8,
865 SSL_AEAD,
866 TLS1_2_VERSION, TLS1_2_VERSION,
867 DTLS1_2_VERSION, DTLS1_2_VERSION,
868 SSL_NOT_DEFAULT | SSL_MEDIUM,
869 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
870 64, /* CCM8 uses a short tag, so we have a low security strength */
871 128,
872 },
873 {
874 1,
875 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
876 TLS1_RFC_PSK_WITH_AES_256_CCM_8,
877 TLS1_CK_PSK_WITH_AES_256_CCM_8,
878 SSL_kPSK,
879 SSL_aPSK,
880 SSL_AES256CCM8,
881 SSL_AEAD,
882 TLS1_2_VERSION, TLS1_2_VERSION,
883 DTLS1_2_VERSION, DTLS1_2_VERSION,
884 SSL_NOT_DEFAULT | SSL_MEDIUM,
885 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
886 64, /* CCM8 uses a short tag, so we have a low security strength */
887 256,
888 },
889 {
890 1,
891 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
892 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
893 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
894 SSL_kDHEPSK,
895 SSL_aPSK,
896 SSL_AES128CCM8,
897 SSL_AEAD,
898 TLS1_2_VERSION, TLS1_2_VERSION,
899 DTLS1_2_VERSION, DTLS1_2_VERSION,
900 SSL_NOT_DEFAULT | SSL_MEDIUM,
901 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
902 64, /* CCM8 uses a short tag, so we have a low security strength */
903 128,
904 },
905 {
906 1,
907 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
908 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
909 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
910 SSL_kDHEPSK,
911 SSL_aPSK,
912 SSL_AES256CCM8,
913 SSL_AEAD,
914 TLS1_2_VERSION, TLS1_2_VERSION,
915 DTLS1_2_VERSION, DTLS1_2_VERSION,
916 SSL_NOT_DEFAULT | SSL_MEDIUM,
917 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
918 64, /* CCM8 uses a short tag, so we have a low security strength */
919 256,
920 },
921 {
922 1,
923 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
924 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
925 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
926 SSL_kECDHE,
927 SSL_aECDSA,
928 SSL_AES128CCM,
929 SSL_AEAD,
930 TLS1_2_VERSION, TLS1_2_VERSION,
931 DTLS1_2_VERSION, DTLS1_2_VERSION,
932 SSL_NOT_DEFAULT | SSL_HIGH,
933 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
934 128,
935 128,
936 },
937 {
938 1,
939 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
940 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
941 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
942 SSL_kECDHE,
943 SSL_aECDSA,
944 SSL_AES256CCM,
945 SSL_AEAD,
946 TLS1_2_VERSION, TLS1_2_VERSION,
947 DTLS1_2_VERSION, DTLS1_2_VERSION,
948 SSL_NOT_DEFAULT | SSL_HIGH,
949 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
950 256,
951 256,
952 },
953 {
954 1,
955 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
956 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
957 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
958 SSL_kECDHE,
959 SSL_aECDSA,
960 SSL_AES128CCM8,
961 SSL_AEAD,
962 TLS1_2_VERSION, TLS1_2_VERSION,
963 DTLS1_2_VERSION, DTLS1_2_VERSION,
964 SSL_NOT_DEFAULT | SSL_MEDIUM,
965 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
966 64, /* CCM8 uses a short tag, so we have a low security strength */
967 128,
968 },
969 {
970 1,
971 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
972 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
973 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
974 SSL_kECDHE,
975 SSL_aECDSA,
976 SSL_AES256CCM8,
977 SSL_AEAD,
978 TLS1_2_VERSION, TLS1_2_VERSION,
979 DTLS1_2_VERSION, DTLS1_2_VERSION,
980 SSL_NOT_DEFAULT | SSL_MEDIUM,
981 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
982 64, /* CCM8 uses a short tag, so we have a low security strength */
983 256,
984 },
985 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
986 {
987 1,
988 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
989 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
990 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
991 SSL_kECDHE,
992 SSL_aECDSA,
993 SSL_eNULL,
994 SSL_SHA1,
995 TLS1_VERSION, TLS1_2_VERSION,
996 DTLS1_BAD_VER, DTLS1_2_VERSION,
997 SSL_STRONG_NONE | SSL_FIPS,
998 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
999 0,
1000 0,
1001 },
1002 #endif
1003 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1004 {
1005 1,
1006 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1007 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1008 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1009 SSL_kECDHE,
1010 SSL_aECDSA,
1011 SSL_3DES,
1012 SSL_SHA1,
1013 TLS1_VERSION, TLS1_2_VERSION,
1014 DTLS1_BAD_VER, DTLS1_2_VERSION,
1015 SSL_NOT_DEFAULT | SSL_MEDIUM,
1016 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1017 112,
1018 168,
1019 },
1020 # endif
1021 {
1022 1,
1023 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1024 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1025 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1026 SSL_kECDHE,
1027 SSL_aECDSA,
1028 SSL_AES128,
1029 SSL_SHA1,
1030 TLS1_VERSION, TLS1_2_VERSION,
1031 DTLS1_BAD_VER, DTLS1_2_VERSION,
1032 SSL_HIGH | SSL_FIPS,
1033 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1034 128,
1035 128,
1036 },
1037 {
1038 1,
1039 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1040 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1041 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1042 SSL_kECDHE,
1043 SSL_aECDSA,
1044 SSL_AES256,
1045 SSL_SHA1,
1046 TLS1_VERSION, TLS1_2_VERSION,
1047 DTLS1_BAD_VER, DTLS1_2_VERSION,
1048 SSL_HIGH | SSL_FIPS,
1049 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1050 256,
1051 256,
1052 },
1053 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1054 {
1055 1,
1056 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1057 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1058 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1059 SSL_kECDHE,
1060 SSL_aRSA,
1061 SSL_eNULL,
1062 SSL_SHA1,
1063 TLS1_VERSION, TLS1_2_VERSION,
1064 DTLS1_BAD_VER, DTLS1_2_VERSION,
1065 SSL_STRONG_NONE | SSL_FIPS,
1066 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1067 0,
1068 0,
1069 },
1070 #endif
1071 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1072 {
1073 1,
1074 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1075 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1076 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1077 SSL_kECDHE,
1078 SSL_aRSA,
1079 SSL_3DES,
1080 SSL_SHA1,
1081 TLS1_VERSION, TLS1_2_VERSION,
1082 DTLS1_BAD_VER, DTLS1_2_VERSION,
1083 SSL_NOT_DEFAULT | SSL_MEDIUM,
1084 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1085 112,
1086 168,
1087 },
1088 # endif
1089 {
1090 1,
1091 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1092 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1093 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1094 SSL_kECDHE,
1095 SSL_aRSA,
1096 SSL_AES128,
1097 SSL_SHA1,
1098 TLS1_VERSION, TLS1_2_VERSION,
1099 DTLS1_BAD_VER, DTLS1_2_VERSION,
1100 SSL_HIGH | SSL_FIPS,
1101 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1102 128,
1103 128,
1104 },
1105 {
1106 1,
1107 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1108 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1109 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1110 SSL_kECDHE,
1111 SSL_aRSA,
1112 SSL_AES256,
1113 SSL_SHA1,
1114 TLS1_VERSION, TLS1_2_VERSION,
1115 DTLS1_BAD_VER, DTLS1_2_VERSION,
1116 SSL_HIGH | SSL_FIPS,
1117 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1118 256,
1119 256,
1120 },
1121 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1122 {
1123 1,
1124 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1125 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1126 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1127 SSL_kECDHE,
1128 SSL_aNULL,
1129 SSL_eNULL,
1130 SSL_SHA1,
1131 TLS1_VERSION, TLS1_2_VERSION,
1132 DTLS1_BAD_VER, DTLS1_2_VERSION,
1133 SSL_STRONG_NONE | SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1135 0,
1136 0,
1137 },
1138 #endif
1139 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1140 {
1141 1,
1142 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1143 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1144 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1145 SSL_kECDHE,
1146 SSL_aNULL,
1147 SSL_3DES,
1148 SSL_SHA1,
1149 TLS1_VERSION, TLS1_2_VERSION,
1150 DTLS1_BAD_VER, DTLS1_2_VERSION,
1151 SSL_NOT_DEFAULT | SSL_MEDIUM,
1152 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1153 112,
1154 168,
1155 },
1156 # endif
1157 {
1158 1,
1159 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1160 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1161 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1162 SSL_kECDHE,
1163 SSL_aNULL,
1164 SSL_AES128,
1165 SSL_SHA1,
1166 TLS1_VERSION, TLS1_2_VERSION,
1167 DTLS1_BAD_VER, DTLS1_2_VERSION,
1168 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1169 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1170 128,
1171 128,
1172 },
1173 {
1174 1,
1175 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1176 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1177 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1178 SSL_kECDHE,
1179 SSL_aNULL,
1180 SSL_AES256,
1181 SSL_SHA1,
1182 TLS1_VERSION, TLS1_2_VERSION,
1183 DTLS1_BAD_VER, DTLS1_2_VERSION,
1184 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1186 256,
1187 256,
1188 },
1189 {
1190 1,
1191 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1192 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1193 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1194 SSL_kECDHE,
1195 SSL_aECDSA,
1196 SSL_AES128,
1197 SSL_SHA256,
1198 TLS1_2_VERSION, TLS1_2_VERSION,
1199 DTLS1_2_VERSION, DTLS1_2_VERSION,
1200 SSL_HIGH | SSL_FIPS,
1201 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1202 128,
1203 128,
1204 },
1205 {
1206 1,
1207 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1208 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1209 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1210 SSL_kECDHE,
1211 SSL_aECDSA,
1212 SSL_AES256,
1213 SSL_SHA384,
1214 TLS1_2_VERSION, TLS1_2_VERSION,
1215 DTLS1_2_VERSION, DTLS1_2_VERSION,
1216 SSL_HIGH | SSL_FIPS,
1217 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1218 256,
1219 256,
1220 },
1221 {
1222 1,
1223 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1224 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1225 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1226 SSL_kECDHE,
1227 SSL_aRSA,
1228 SSL_AES128,
1229 SSL_SHA256,
1230 TLS1_2_VERSION, TLS1_2_VERSION,
1231 DTLS1_2_VERSION, DTLS1_2_VERSION,
1232 SSL_HIGH | SSL_FIPS,
1233 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1234 128,
1235 128,
1236 },
1237 {
1238 1,
1239 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1240 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1241 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1242 SSL_kECDHE,
1243 SSL_aRSA,
1244 SSL_AES256,
1245 SSL_SHA384,
1246 TLS1_2_VERSION, TLS1_2_VERSION,
1247 DTLS1_2_VERSION, DTLS1_2_VERSION,
1248 SSL_HIGH | SSL_FIPS,
1249 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1250 256,
1251 256,
1252 },
1253 {
1254 1,
1255 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1256 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1257 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1258 SSL_kECDHE,
1259 SSL_aECDSA,
1260 SSL_AES128GCM,
1261 SSL_AEAD,
1262 TLS1_2_VERSION, TLS1_2_VERSION,
1263 DTLS1_2_VERSION, DTLS1_2_VERSION,
1264 SSL_HIGH | SSL_FIPS,
1265 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1266 128,
1267 128,
1268 },
1269 {
1270 1,
1271 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1272 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1273 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1274 SSL_kECDHE,
1275 SSL_aECDSA,
1276 SSL_AES256GCM,
1277 SSL_AEAD,
1278 TLS1_2_VERSION, TLS1_2_VERSION,
1279 DTLS1_2_VERSION, DTLS1_2_VERSION,
1280 SSL_HIGH | SSL_FIPS,
1281 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1282 256,
1283 256,
1284 },
1285 {
1286 1,
1287 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1288 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1289 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1290 SSL_kECDHE,
1291 SSL_aRSA,
1292 SSL_AES128GCM,
1293 SSL_AEAD,
1294 TLS1_2_VERSION, TLS1_2_VERSION,
1295 DTLS1_2_VERSION, DTLS1_2_VERSION,
1296 SSL_HIGH | SSL_FIPS,
1297 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1298 128,
1299 128,
1300 },
1301 {
1302 1,
1303 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1304 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1305 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1306 SSL_kECDHE,
1307 SSL_aRSA,
1308 SSL_AES256GCM,
1309 SSL_AEAD,
1310 TLS1_2_VERSION, TLS1_2_VERSION,
1311 DTLS1_2_VERSION, DTLS1_2_VERSION,
1312 SSL_HIGH | SSL_FIPS,
1313 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1314 256,
1315 256,
1316 },
1317 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1318 {
1319 1,
1320 TLS1_TXT_PSK_WITH_NULL_SHA,
1321 TLS1_RFC_PSK_WITH_NULL_SHA,
1322 TLS1_CK_PSK_WITH_NULL_SHA,
1323 SSL_kPSK,
1324 SSL_aPSK,
1325 SSL_eNULL,
1326 SSL_SHA1,
1327 SSL3_VERSION, TLS1_2_VERSION,
1328 DTLS1_BAD_VER, DTLS1_2_VERSION,
1329 SSL_STRONG_NONE | SSL_FIPS,
1330 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1331 0,
1332 0,
1333 },
1334 {
1335 1,
1336 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1337 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1338 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1339 SSL_kDHEPSK,
1340 SSL_aPSK,
1341 SSL_eNULL,
1342 SSL_SHA1,
1343 SSL3_VERSION, TLS1_2_VERSION,
1344 DTLS1_BAD_VER, DTLS1_2_VERSION,
1345 SSL_STRONG_NONE | SSL_FIPS,
1346 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1347 0,
1348 0,
1349 },
1350 {
1351 1,
1352 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1353 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1354 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1355 SSL_kRSAPSK,
1356 SSL_aRSA,
1357 SSL_eNULL,
1358 SSL_SHA1,
1359 SSL3_VERSION, TLS1_2_VERSION,
1360 DTLS1_BAD_VER, DTLS1_2_VERSION,
1361 SSL_STRONG_NONE | SSL_FIPS,
1362 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1363 0,
1364 0,
1365 },
1366 #endif
1367 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1368 {
1369 1,
1370 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1371 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1372 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1373 SSL_kPSK,
1374 SSL_aPSK,
1375 SSL_3DES,
1376 SSL_SHA1,
1377 SSL3_VERSION, TLS1_2_VERSION,
1378 DTLS1_BAD_VER, DTLS1_2_VERSION,
1379 SSL_NOT_DEFAULT | SSL_MEDIUM,
1380 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1381 112,
1382 168,
1383 },
1384 # endif
1385 {
1386 1,
1387 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1388 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1389 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1390 SSL_kPSK,
1391 SSL_aPSK,
1392 SSL_AES128,
1393 SSL_SHA1,
1394 SSL3_VERSION, TLS1_2_VERSION,
1395 DTLS1_BAD_VER, DTLS1_2_VERSION,
1396 SSL_HIGH | SSL_FIPS,
1397 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1398 128,
1399 128,
1400 },
1401 {
1402 1,
1403 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1404 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1405 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1406 SSL_kPSK,
1407 SSL_aPSK,
1408 SSL_AES256,
1409 SSL_SHA1,
1410 SSL3_VERSION, TLS1_2_VERSION,
1411 DTLS1_BAD_VER, DTLS1_2_VERSION,
1412 SSL_HIGH | SSL_FIPS,
1413 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1414 256,
1415 256,
1416 },
1417 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1418 {
1419 1,
1420 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1421 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1422 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1423 SSL_kDHEPSK,
1424 SSL_aPSK,
1425 SSL_3DES,
1426 SSL_SHA1,
1427 SSL3_VERSION, TLS1_2_VERSION,
1428 DTLS1_BAD_VER, DTLS1_2_VERSION,
1429 SSL_NOT_DEFAULT | SSL_MEDIUM,
1430 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1431 112,
1432 168,
1433 },
1434 # endif
1435 {
1436 1,
1437 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1438 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1439 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1440 SSL_kDHEPSK,
1441 SSL_aPSK,
1442 SSL_AES128,
1443 SSL_SHA1,
1444 SSL3_VERSION, TLS1_2_VERSION,
1445 DTLS1_BAD_VER, DTLS1_2_VERSION,
1446 SSL_HIGH | SSL_FIPS,
1447 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1448 128,
1449 128,
1450 },
1451 {
1452 1,
1453 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1454 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1455 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1456 SSL_kDHEPSK,
1457 SSL_aPSK,
1458 SSL_AES256,
1459 SSL_SHA1,
1460 SSL3_VERSION, TLS1_2_VERSION,
1461 DTLS1_BAD_VER, DTLS1_2_VERSION,
1462 SSL_HIGH | SSL_FIPS,
1463 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1464 256,
1465 256,
1466 },
1467 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1468 {
1469 1,
1470 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1471 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1472 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1473 SSL_kRSAPSK,
1474 SSL_aRSA,
1475 SSL_3DES,
1476 SSL_SHA1,
1477 SSL3_VERSION, TLS1_2_VERSION,
1478 DTLS1_BAD_VER, DTLS1_2_VERSION,
1479 SSL_NOT_DEFAULT | SSL_MEDIUM,
1480 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1481 112,
1482 168,
1483 },
1484 # endif
1485 {
1486 1,
1487 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1488 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1489 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1490 SSL_kRSAPSK,
1491 SSL_aRSA,
1492 SSL_AES128,
1493 SSL_SHA1,
1494 SSL3_VERSION, TLS1_2_VERSION,
1495 DTLS1_BAD_VER, DTLS1_2_VERSION,
1496 SSL_HIGH | SSL_FIPS,
1497 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1498 128,
1499 128,
1500 },
1501 {
1502 1,
1503 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1504 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1505 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1506 SSL_kRSAPSK,
1507 SSL_aRSA,
1508 SSL_AES256,
1509 SSL_SHA1,
1510 SSL3_VERSION, TLS1_2_VERSION,
1511 DTLS1_BAD_VER, DTLS1_2_VERSION,
1512 SSL_HIGH | SSL_FIPS,
1513 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1514 256,
1515 256,
1516 },
1517 {
1518 1,
1519 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1520 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1521 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1522 SSL_kPSK,
1523 SSL_aPSK,
1524 SSL_AES128GCM,
1525 SSL_AEAD,
1526 TLS1_2_VERSION, TLS1_2_VERSION,
1527 DTLS1_2_VERSION, DTLS1_2_VERSION,
1528 SSL_HIGH | SSL_FIPS,
1529 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1530 128,
1531 128,
1532 },
1533 {
1534 1,
1535 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1536 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1537 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1538 SSL_kPSK,
1539 SSL_aPSK,
1540 SSL_AES256GCM,
1541 SSL_AEAD,
1542 TLS1_2_VERSION, TLS1_2_VERSION,
1543 DTLS1_2_VERSION, DTLS1_2_VERSION,
1544 SSL_HIGH | SSL_FIPS,
1545 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1546 256,
1547 256,
1548 },
1549 {
1550 1,
1551 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1552 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1553 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1554 SSL_kDHEPSK,
1555 SSL_aPSK,
1556 SSL_AES128GCM,
1557 SSL_AEAD,
1558 TLS1_2_VERSION, TLS1_2_VERSION,
1559 DTLS1_2_VERSION, DTLS1_2_VERSION,
1560 SSL_HIGH | SSL_FIPS,
1561 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1562 128,
1563 128,
1564 },
1565 {
1566 1,
1567 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1568 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1569 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1570 SSL_kDHEPSK,
1571 SSL_aPSK,
1572 SSL_AES256GCM,
1573 SSL_AEAD,
1574 TLS1_2_VERSION, TLS1_2_VERSION,
1575 DTLS1_2_VERSION, DTLS1_2_VERSION,
1576 SSL_HIGH | SSL_FIPS,
1577 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1578 256,
1579 256,
1580 },
1581 {
1582 1,
1583 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1584 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1585 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1586 SSL_kRSAPSK,
1587 SSL_aRSA,
1588 SSL_AES128GCM,
1589 SSL_AEAD,
1590 TLS1_2_VERSION, TLS1_2_VERSION,
1591 DTLS1_2_VERSION, DTLS1_2_VERSION,
1592 SSL_HIGH | SSL_FIPS,
1593 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1594 128,
1595 128,
1596 },
1597 {
1598 1,
1599 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1600 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1601 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1602 SSL_kRSAPSK,
1603 SSL_aRSA,
1604 SSL_AES256GCM,
1605 SSL_AEAD,
1606 TLS1_2_VERSION, TLS1_2_VERSION,
1607 DTLS1_2_VERSION, DTLS1_2_VERSION,
1608 SSL_HIGH | SSL_FIPS,
1609 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1610 256,
1611 256,
1612 },
1613 {
1614 1,
1615 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1616 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1617 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1618 SSL_kPSK,
1619 SSL_aPSK,
1620 SSL_AES128,
1621 SSL_SHA256,
1622 TLS1_VERSION, TLS1_2_VERSION,
1623 DTLS1_BAD_VER, DTLS1_2_VERSION,
1624 SSL_HIGH | SSL_FIPS,
1625 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1626 128,
1627 128,
1628 },
1629 {
1630 1,
1631 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1632 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1633 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1634 SSL_kPSK,
1635 SSL_aPSK,
1636 SSL_AES256,
1637 SSL_SHA384,
1638 TLS1_VERSION, TLS1_2_VERSION,
1639 DTLS1_BAD_VER, DTLS1_2_VERSION,
1640 SSL_HIGH | SSL_FIPS,
1641 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1642 256,
1643 256,
1644 },
1645 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1646 {
1647 1,
1648 TLS1_TXT_PSK_WITH_NULL_SHA256,
1649 TLS1_RFC_PSK_WITH_NULL_SHA256,
1650 TLS1_CK_PSK_WITH_NULL_SHA256,
1651 SSL_kPSK,
1652 SSL_aPSK,
1653 SSL_eNULL,
1654 SSL_SHA256,
1655 TLS1_VERSION, TLS1_2_VERSION,
1656 DTLS1_BAD_VER, DTLS1_2_VERSION,
1657 SSL_STRONG_NONE | SSL_FIPS,
1658 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1659 0,
1660 0,
1661 },
1662 {
1663 1,
1664 TLS1_TXT_PSK_WITH_NULL_SHA384,
1665 TLS1_RFC_PSK_WITH_NULL_SHA384,
1666 TLS1_CK_PSK_WITH_NULL_SHA384,
1667 SSL_kPSK,
1668 SSL_aPSK,
1669 SSL_eNULL,
1670 SSL_SHA384,
1671 TLS1_VERSION, TLS1_2_VERSION,
1672 DTLS1_BAD_VER, DTLS1_2_VERSION,
1673 SSL_STRONG_NONE | SSL_FIPS,
1674 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1675 0,
1676 0,
1677 },
1678 #endif
1679 {
1680 1,
1681 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1682 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1683 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1684 SSL_kDHEPSK,
1685 SSL_aPSK,
1686 SSL_AES128,
1687 SSL_SHA256,
1688 TLS1_VERSION, TLS1_2_VERSION,
1689 DTLS1_BAD_VER, DTLS1_2_VERSION,
1690 SSL_HIGH | SSL_FIPS,
1691 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1692 128,
1693 128,
1694 },
1695 {
1696 1,
1697 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1698 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1699 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1700 SSL_kDHEPSK,
1701 SSL_aPSK,
1702 SSL_AES256,
1703 SSL_SHA384,
1704 TLS1_VERSION, TLS1_2_VERSION,
1705 DTLS1_BAD_VER, DTLS1_2_VERSION,
1706 SSL_HIGH | SSL_FIPS,
1707 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1708 256,
1709 256,
1710 },
1711 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1712 {
1713 1,
1714 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1715 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1716 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1717 SSL_kDHEPSK,
1718 SSL_aPSK,
1719 SSL_eNULL,
1720 SSL_SHA256,
1721 TLS1_VERSION, TLS1_2_VERSION,
1722 DTLS1_BAD_VER, DTLS1_2_VERSION,
1723 SSL_STRONG_NONE | SSL_FIPS,
1724 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1725 0,
1726 0,
1727 },
1728 {
1729 1,
1730 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1731 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1732 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1733 SSL_kDHEPSK,
1734 SSL_aPSK,
1735 SSL_eNULL,
1736 SSL_SHA384,
1737 TLS1_VERSION, TLS1_2_VERSION,
1738 DTLS1_BAD_VER, DTLS1_2_VERSION,
1739 SSL_STRONG_NONE | SSL_FIPS,
1740 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1741 0,
1742 0,
1743 },
1744 #endif
1745 {
1746 1,
1747 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1748 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1749 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1750 SSL_kRSAPSK,
1751 SSL_aRSA,
1752 SSL_AES128,
1753 SSL_SHA256,
1754 TLS1_VERSION, TLS1_2_VERSION,
1755 DTLS1_BAD_VER, DTLS1_2_VERSION,
1756 SSL_HIGH | SSL_FIPS,
1757 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1758 128,
1759 128,
1760 },
1761 {
1762 1,
1763 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1764 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1765 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1766 SSL_kRSAPSK,
1767 SSL_aRSA,
1768 SSL_AES256,
1769 SSL_SHA384,
1770 TLS1_VERSION, TLS1_2_VERSION,
1771 DTLS1_BAD_VER, DTLS1_2_VERSION,
1772 SSL_HIGH | SSL_FIPS,
1773 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1774 256,
1775 256,
1776 },
1777 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1778 {
1779 1,
1780 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1781 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1782 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1783 SSL_kRSAPSK,
1784 SSL_aRSA,
1785 SSL_eNULL,
1786 SSL_SHA256,
1787 TLS1_VERSION, TLS1_2_VERSION,
1788 DTLS1_BAD_VER, DTLS1_2_VERSION,
1789 SSL_STRONG_NONE | SSL_FIPS,
1790 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1791 0,
1792 0,
1793 },
1794 {
1795 1,
1796 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1797 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1798 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1799 SSL_kRSAPSK,
1800 SSL_aRSA,
1801 SSL_eNULL,
1802 SSL_SHA384,
1803 TLS1_VERSION, TLS1_2_VERSION,
1804 DTLS1_BAD_VER, DTLS1_2_VERSION,
1805 SSL_STRONG_NONE | SSL_FIPS,
1806 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1807 0,
1808 0,
1809 },
1810 #endif
1811 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1812 {
1813 1,
1814 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1815 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1816 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1817 SSL_kECDHEPSK,
1818 SSL_aPSK,
1819 SSL_3DES,
1820 SSL_SHA1,
1821 TLS1_VERSION, TLS1_2_VERSION,
1822 DTLS1_BAD_VER, DTLS1_2_VERSION,
1823 SSL_NOT_DEFAULT | SSL_MEDIUM,
1824 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1825 112,
1826 168,
1827 },
1828 # endif
1829 {
1830 1,
1831 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1832 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1833 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1834 SSL_kECDHEPSK,
1835 SSL_aPSK,
1836 SSL_AES128,
1837 SSL_SHA1,
1838 TLS1_VERSION, TLS1_2_VERSION,
1839 DTLS1_BAD_VER, DTLS1_2_VERSION,
1840 SSL_HIGH | SSL_FIPS,
1841 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1842 128,
1843 128,
1844 },
1845 {
1846 1,
1847 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1848 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1849 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1850 SSL_kECDHEPSK,
1851 SSL_aPSK,
1852 SSL_AES256,
1853 SSL_SHA1,
1854 TLS1_VERSION, TLS1_2_VERSION,
1855 DTLS1_BAD_VER, DTLS1_2_VERSION,
1856 SSL_HIGH | SSL_FIPS,
1857 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1858 256,
1859 256,
1860 },
1861 {
1862 1,
1863 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1864 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1865 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1866 SSL_kECDHEPSK,
1867 SSL_aPSK,
1868 SSL_AES128,
1869 SSL_SHA256,
1870 TLS1_VERSION, TLS1_2_VERSION,
1871 DTLS1_BAD_VER, DTLS1_2_VERSION,
1872 SSL_HIGH | SSL_FIPS,
1873 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1874 128,
1875 128,
1876 },
1877 {
1878 1,
1879 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1880 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1881 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1882 SSL_kECDHEPSK,
1883 SSL_aPSK,
1884 SSL_AES256,
1885 SSL_SHA384,
1886 TLS1_VERSION, TLS1_2_VERSION,
1887 DTLS1_BAD_VER, DTLS1_2_VERSION,
1888 SSL_HIGH | SSL_FIPS,
1889 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1890 256,
1891 256,
1892 },
1893 #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1894 {
1895 1,
1896 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1897 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1898 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1899 SSL_kECDHEPSK,
1900 SSL_aPSK,
1901 SSL_eNULL,
1902 SSL_SHA1,
1903 TLS1_VERSION, TLS1_2_VERSION,
1904 DTLS1_BAD_VER, DTLS1_2_VERSION,
1905 SSL_STRONG_NONE | SSL_FIPS,
1906 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1907 0,
1908 0,
1909 },
1910 {
1911 1,
1912 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1913 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1914 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1915 SSL_kECDHEPSK,
1916 SSL_aPSK,
1917 SSL_eNULL,
1918 SSL_SHA256,
1919 TLS1_VERSION, TLS1_2_VERSION,
1920 DTLS1_BAD_VER, DTLS1_2_VERSION,
1921 SSL_STRONG_NONE | SSL_FIPS,
1922 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1923 0,
1924 0,
1925 },
1926 {
1927 1,
1928 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1929 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1930 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1931 SSL_kECDHEPSK,
1932 SSL_aPSK,
1933 SSL_eNULL,
1934 SSL_SHA384,
1935 TLS1_VERSION, TLS1_2_VERSION,
1936 DTLS1_BAD_VER, DTLS1_2_VERSION,
1937 SSL_STRONG_NONE | SSL_FIPS,
1938 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1939 0,
1940 0,
1941 },
1942 #endif
1943 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1944 {
1945 1,
1946 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1947 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1948 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1949 SSL_kSRP,
1950 SSL_aSRP,
1951 SSL_3DES,
1952 SSL_SHA1,
1953 SSL3_VERSION, TLS1_2_VERSION,
1954 DTLS1_BAD_VER, DTLS1_2_VERSION,
1955 SSL_NOT_DEFAULT | SSL_MEDIUM,
1956 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1957 112,
1958 168,
1959 },
1960 {
1961 1,
1962 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1963 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1964 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1965 SSL_kSRP,
1966 SSL_aRSA,
1967 SSL_3DES,
1968 SSL_SHA1,
1969 SSL3_VERSION, TLS1_2_VERSION,
1970 DTLS1_BAD_VER, DTLS1_2_VERSION,
1971 SSL_NOT_DEFAULT | SSL_MEDIUM,
1972 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1973 112,
1974 168,
1975 },
1976 {
1977 1,
1978 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1979 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1980 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1981 SSL_kSRP,
1982 SSL_aDSS,
1983 SSL_3DES,
1984 SSL_SHA1,
1985 SSL3_VERSION, TLS1_2_VERSION,
1986 DTLS1_BAD_VER, DTLS1_2_VERSION,
1987 SSL_NOT_DEFAULT | SSL_MEDIUM,
1988 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1989 112,
1990 168,
1991 },
1992 # endif
1993 {
1994 1,
1995 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1996 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1997 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1998 SSL_kSRP,
1999 SSL_aSRP,
2000 SSL_AES128,
2001 SSL_SHA1,
2002 SSL3_VERSION, TLS1_2_VERSION,
2003 DTLS1_BAD_VER, DTLS1_2_VERSION,
2004 SSL_HIGH,
2005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2006 128,
2007 128,
2008 },
2009 {
2010 1,
2011 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2012 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2013 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2014 SSL_kSRP,
2015 SSL_aRSA,
2016 SSL_AES128,
2017 SSL_SHA1,
2018 SSL3_VERSION, TLS1_2_VERSION,
2019 DTLS1_BAD_VER, DTLS1_2_VERSION,
2020 SSL_HIGH,
2021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2022 128,
2023 128,
2024 },
2025 {
2026 1,
2027 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2028 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2029 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2030 SSL_kSRP,
2031 SSL_aDSS,
2032 SSL_AES128,
2033 SSL_SHA1,
2034 SSL3_VERSION, TLS1_2_VERSION,
2035 DTLS1_BAD_VER, DTLS1_2_VERSION,
2036 SSL_NOT_DEFAULT | SSL_HIGH,
2037 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2038 128,
2039 128,
2040 },
2041 {
2042 1,
2043 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2044 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2045 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2046 SSL_kSRP,
2047 SSL_aSRP,
2048 SSL_AES256,
2049 SSL_SHA1,
2050 SSL3_VERSION, TLS1_2_VERSION,
2051 DTLS1_BAD_VER, DTLS1_2_VERSION,
2052 SSL_HIGH,
2053 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2054 256,
2055 256,
2056 },
2057 {
2058 1,
2059 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2060 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2061 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2062 SSL_kSRP,
2063 SSL_aRSA,
2064 SSL_AES256,
2065 SSL_SHA1,
2066 SSL3_VERSION, TLS1_2_VERSION,
2067 DTLS1_BAD_VER, DTLS1_2_VERSION,
2068 SSL_HIGH,
2069 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2070 256,
2071 256,
2072 },
2073 {
2074 1,
2075 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2076 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2077 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2078 SSL_kSRP,
2079 SSL_aDSS,
2080 SSL_AES256,
2081 SSL_SHA1,
2082 SSL3_VERSION, TLS1_2_VERSION,
2083 DTLS1_BAD_VER, DTLS1_2_VERSION,
2084 SSL_NOT_DEFAULT | SSL_HIGH,
2085 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2086 256,
2087 256,
2088 },
2089
2090 {
2091 1,
2092 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2093 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2094 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2095 SSL_kDHE,
2096 SSL_aRSA,
2097 SSL_CHACHA20POLY1305,
2098 SSL_AEAD,
2099 TLS1_2_VERSION, TLS1_2_VERSION,
2100 DTLS1_2_VERSION, DTLS1_2_VERSION,
2101 SSL_HIGH,
2102 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2103 256,
2104 256,
2105 },
2106 {
2107 1,
2108 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2109 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2110 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2111 SSL_kECDHE,
2112 SSL_aRSA,
2113 SSL_CHACHA20POLY1305,
2114 SSL_AEAD,
2115 TLS1_2_VERSION, TLS1_2_VERSION,
2116 DTLS1_2_VERSION, DTLS1_2_VERSION,
2117 SSL_HIGH,
2118 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2119 256,
2120 256,
2121 },
2122 {
2123 1,
2124 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2125 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2126 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2127 SSL_kECDHE,
2128 SSL_aECDSA,
2129 SSL_CHACHA20POLY1305,
2130 SSL_AEAD,
2131 TLS1_2_VERSION, TLS1_2_VERSION,
2132 DTLS1_2_VERSION, DTLS1_2_VERSION,
2133 SSL_HIGH,
2134 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2135 256,
2136 256,
2137 },
2138 {
2139 1,
2140 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2141 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2142 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2143 SSL_kPSK,
2144 SSL_aPSK,
2145 SSL_CHACHA20POLY1305,
2146 SSL_AEAD,
2147 TLS1_2_VERSION, TLS1_2_VERSION,
2148 DTLS1_2_VERSION, DTLS1_2_VERSION,
2149 SSL_HIGH,
2150 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2151 256,
2152 256,
2153 },
2154 {
2155 1,
2156 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2157 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2158 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2159 SSL_kECDHEPSK,
2160 SSL_aPSK,
2161 SSL_CHACHA20POLY1305,
2162 SSL_AEAD,
2163 TLS1_2_VERSION, TLS1_2_VERSION,
2164 DTLS1_2_VERSION, DTLS1_2_VERSION,
2165 SSL_HIGH,
2166 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2167 256,
2168 256,
2169 },
2170 {
2171 1,
2172 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2173 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2174 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2175 SSL_kDHEPSK,
2176 SSL_aPSK,
2177 SSL_CHACHA20POLY1305,
2178 SSL_AEAD,
2179 TLS1_2_VERSION, TLS1_2_VERSION,
2180 DTLS1_2_VERSION, DTLS1_2_VERSION,
2181 SSL_HIGH,
2182 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2183 256,
2184 256,
2185 },
2186 {
2187 1,
2188 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2189 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2190 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2191 SSL_kRSAPSK,
2192 SSL_aRSA,
2193 SSL_CHACHA20POLY1305,
2194 SSL_AEAD,
2195 TLS1_2_VERSION, TLS1_2_VERSION,
2196 DTLS1_2_VERSION, DTLS1_2_VERSION,
2197 SSL_HIGH,
2198 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2199 256,
2200 256,
2201 },
2202
2203 {
2204 1,
2205 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2206 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2207 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2208 SSL_kRSA,
2209 SSL_aRSA,
2210 SSL_CAMELLIA128,
2211 SSL_SHA256,
2212 TLS1_2_VERSION, TLS1_2_VERSION,
2213 DTLS1_2_VERSION, DTLS1_2_VERSION,
2214 SSL_NOT_DEFAULT | SSL_HIGH,
2215 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2216 128,
2217 128,
2218 },
2219 {
2220 1,
2221 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2222 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2223 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2224 SSL_kDHE,
2225 SSL_aDSS,
2226 SSL_CAMELLIA128,
2227 SSL_SHA256,
2228 TLS1_2_VERSION, TLS1_2_VERSION,
2229 DTLS1_2_VERSION, DTLS1_2_VERSION,
2230 SSL_NOT_DEFAULT | SSL_HIGH,
2231 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2232 128,
2233 128,
2234 },
2235 {
2236 1,
2237 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2238 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2239 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2240 SSL_kDHE,
2241 SSL_aRSA,
2242 SSL_CAMELLIA128,
2243 SSL_SHA256,
2244 TLS1_2_VERSION, TLS1_2_VERSION,
2245 DTLS1_2_VERSION, DTLS1_2_VERSION,
2246 SSL_NOT_DEFAULT | SSL_HIGH,
2247 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2248 128,
2249 128,
2250 },
2251 {
2252 1,
2253 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2254 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2255 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2256 SSL_kDHE,
2257 SSL_aNULL,
2258 SSL_CAMELLIA128,
2259 SSL_SHA256,
2260 TLS1_2_VERSION, TLS1_2_VERSION,
2261 DTLS1_2_VERSION, DTLS1_2_VERSION,
2262 SSL_NOT_DEFAULT | SSL_HIGH,
2263 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2264 128,
2265 128,
2266 },
2267 {
2268 1,
2269 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2270 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2271 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2272 SSL_kRSA,
2273 SSL_aRSA,
2274 SSL_CAMELLIA256,
2275 SSL_SHA256,
2276 TLS1_2_VERSION, TLS1_2_VERSION,
2277 DTLS1_2_VERSION, DTLS1_2_VERSION,
2278 SSL_NOT_DEFAULT | SSL_HIGH,
2279 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2280 256,
2281 256,
2282 },
2283 {
2284 1,
2285 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2286 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2287 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2288 SSL_kDHE,
2289 SSL_aDSS,
2290 SSL_CAMELLIA256,
2291 SSL_SHA256,
2292 TLS1_2_VERSION, TLS1_2_VERSION,
2293 DTLS1_2_VERSION, DTLS1_2_VERSION,
2294 SSL_NOT_DEFAULT | SSL_HIGH,
2295 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2296 256,
2297 256,
2298 },
2299 {
2300 1,
2301 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2302 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2303 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2304 SSL_kDHE,
2305 SSL_aRSA,
2306 SSL_CAMELLIA256,
2307 SSL_SHA256,
2308 TLS1_2_VERSION, TLS1_2_VERSION,
2309 DTLS1_2_VERSION, DTLS1_2_VERSION,
2310 SSL_NOT_DEFAULT | SSL_HIGH,
2311 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2312 256,
2313 256,
2314 },
2315 {
2316 1,
2317 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2318 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2319 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2320 SSL_kDHE,
2321 SSL_aNULL,
2322 SSL_CAMELLIA256,
2323 SSL_SHA256,
2324 TLS1_2_VERSION, TLS1_2_VERSION,
2325 DTLS1_2_VERSION, DTLS1_2_VERSION,
2326 SSL_NOT_DEFAULT | SSL_HIGH,
2327 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2328 256,
2329 256,
2330 },
2331 {
2332 1,
2333 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2334 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2335 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2336 SSL_kRSA,
2337 SSL_aRSA,
2338 SSL_CAMELLIA256,
2339 SSL_SHA1,
2340 SSL3_VERSION, TLS1_2_VERSION,
2341 DTLS1_BAD_VER, DTLS1_2_VERSION,
2342 SSL_NOT_DEFAULT | SSL_HIGH,
2343 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2344 256,
2345 256,
2346 },
2347 {
2348 1,
2349 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2350 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2351 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2352 SSL_kDHE,
2353 SSL_aDSS,
2354 SSL_CAMELLIA256,
2355 SSL_SHA1,
2356 SSL3_VERSION, TLS1_2_VERSION,
2357 DTLS1_BAD_VER, DTLS1_2_VERSION,
2358 SSL_NOT_DEFAULT | SSL_HIGH,
2359 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2360 256,
2361 256,
2362 },
2363 {
2364 1,
2365 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2366 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2367 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2368 SSL_kDHE,
2369 SSL_aRSA,
2370 SSL_CAMELLIA256,
2371 SSL_SHA1,
2372 SSL3_VERSION, TLS1_2_VERSION,
2373 DTLS1_BAD_VER, DTLS1_2_VERSION,
2374 SSL_NOT_DEFAULT | SSL_HIGH,
2375 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2376 256,
2377 256,
2378 },
2379 {
2380 1,
2381 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2382 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2383 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2384 SSL_kDHE,
2385 SSL_aNULL,
2386 SSL_CAMELLIA256,
2387 SSL_SHA1,
2388 SSL3_VERSION, TLS1_2_VERSION,
2389 DTLS1_BAD_VER, DTLS1_2_VERSION,
2390 SSL_NOT_DEFAULT | SSL_HIGH,
2391 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2392 256,
2393 256,
2394 },
2395 {
2396 1,
2397 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2398 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2399 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2400 SSL_kRSA,
2401 SSL_aRSA,
2402 SSL_CAMELLIA128,
2403 SSL_SHA1,
2404 SSL3_VERSION, TLS1_2_VERSION,
2405 DTLS1_BAD_VER, DTLS1_2_VERSION,
2406 SSL_NOT_DEFAULT | SSL_HIGH,
2407 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2408 128,
2409 128,
2410 },
2411 {
2412 1,
2413 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2414 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2415 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2416 SSL_kDHE,
2417 SSL_aDSS,
2418 SSL_CAMELLIA128,
2419 SSL_SHA1,
2420 SSL3_VERSION, TLS1_2_VERSION,
2421 DTLS1_BAD_VER, DTLS1_2_VERSION,
2422 SSL_NOT_DEFAULT | SSL_HIGH,
2423 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2424 128,
2425 128,
2426 },
2427 {
2428 1,
2429 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2430 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2431 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2432 SSL_kDHE,
2433 SSL_aRSA,
2434 SSL_CAMELLIA128,
2435 SSL_SHA1,
2436 SSL3_VERSION, TLS1_2_VERSION,
2437 DTLS1_BAD_VER, DTLS1_2_VERSION,
2438 SSL_NOT_DEFAULT | SSL_HIGH,
2439 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2440 128,
2441 128,
2442 },
2443 {
2444 1,
2445 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2446 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2447 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2448 SSL_kDHE,
2449 SSL_aNULL,
2450 SSL_CAMELLIA128,
2451 SSL_SHA1,
2452 SSL3_VERSION, TLS1_2_VERSION,
2453 DTLS1_BAD_VER, DTLS1_2_VERSION,
2454 SSL_NOT_DEFAULT | SSL_HIGH,
2455 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2456 128,
2457 128,
2458 },
2459 {
2460 1,
2461 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2462 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2463 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2464 SSL_kECDHE,
2465 SSL_aECDSA,
2466 SSL_CAMELLIA128,
2467 SSL_SHA256,
2468 TLS1_2_VERSION, TLS1_2_VERSION,
2469 DTLS1_2_VERSION, DTLS1_2_VERSION,
2470 SSL_NOT_DEFAULT | SSL_HIGH,
2471 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2472 128,
2473 128,
2474 },
2475 {
2476 1,
2477 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2478 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2479 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2480 SSL_kECDHE,
2481 SSL_aECDSA,
2482 SSL_CAMELLIA256,
2483 SSL_SHA384,
2484 TLS1_2_VERSION, TLS1_2_VERSION,
2485 DTLS1_2_VERSION, DTLS1_2_VERSION,
2486 SSL_NOT_DEFAULT | SSL_HIGH,
2487 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2488 256,
2489 256,
2490 },
2491 {
2492 1,
2493 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2494 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2495 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2496 SSL_kECDHE,
2497 SSL_aRSA,
2498 SSL_CAMELLIA128,
2499 SSL_SHA256,
2500 TLS1_2_VERSION, TLS1_2_VERSION,
2501 DTLS1_2_VERSION, DTLS1_2_VERSION,
2502 SSL_NOT_DEFAULT | SSL_HIGH,
2503 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2504 128,
2505 128,
2506 },
2507 {
2508 1,
2509 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2510 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2511 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2512 SSL_kECDHE,
2513 SSL_aRSA,
2514 SSL_CAMELLIA256,
2515 SSL_SHA384,
2516 TLS1_2_VERSION, TLS1_2_VERSION,
2517 DTLS1_2_VERSION, DTLS1_2_VERSION,
2518 SSL_NOT_DEFAULT | SSL_HIGH,
2519 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2520 256,
2521 256,
2522 },
2523 {
2524 1,
2525 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2526 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2527 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528 SSL_kPSK,
2529 SSL_aPSK,
2530 SSL_CAMELLIA128,
2531 SSL_SHA256,
2532 TLS1_VERSION, TLS1_2_VERSION,
2533 DTLS1_BAD_VER, DTLS1_2_VERSION,
2534 SSL_NOT_DEFAULT | SSL_HIGH,
2535 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2536 128,
2537 128,
2538 },
2539 {
2540 1,
2541 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2542 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2543 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544 SSL_kPSK,
2545 SSL_aPSK,
2546 SSL_CAMELLIA256,
2547 SSL_SHA384,
2548 TLS1_VERSION, TLS1_2_VERSION,
2549 DTLS1_BAD_VER, DTLS1_2_VERSION,
2550 SSL_NOT_DEFAULT | SSL_HIGH,
2551 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2552 256,
2553 256,
2554 },
2555 {
2556 1,
2557 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2558 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2559 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560 SSL_kDHEPSK,
2561 SSL_aPSK,
2562 SSL_CAMELLIA128,
2563 SSL_SHA256,
2564 TLS1_VERSION, TLS1_2_VERSION,
2565 DTLS1_BAD_VER, DTLS1_2_VERSION,
2566 SSL_NOT_DEFAULT | SSL_HIGH,
2567 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2568 128,
2569 128,
2570 },
2571 {
2572 1,
2573 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2574 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2575 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576 SSL_kDHEPSK,
2577 SSL_aPSK,
2578 SSL_CAMELLIA256,
2579 SSL_SHA384,
2580 TLS1_VERSION, TLS1_2_VERSION,
2581 DTLS1_BAD_VER, DTLS1_2_VERSION,
2582 SSL_NOT_DEFAULT | SSL_HIGH,
2583 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2584 256,
2585 256,
2586 },
2587 {
2588 1,
2589 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2590 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2591 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592 SSL_kRSAPSK,
2593 SSL_aRSA,
2594 SSL_CAMELLIA128,
2595 SSL_SHA256,
2596 TLS1_VERSION, TLS1_2_VERSION,
2597 DTLS1_BAD_VER, DTLS1_2_VERSION,
2598 SSL_NOT_DEFAULT | SSL_HIGH,
2599 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2600 128,
2601 128,
2602 },
2603 {
2604 1,
2605 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2606 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2607 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608 SSL_kRSAPSK,
2609 SSL_aRSA,
2610 SSL_CAMELLIA256,
2611 SSL_SHA384,
2612 TLS1_VERSION, TLS1_2_VERSION,
2613 DTLS1_BAD_VER, DTLS1_2_VERSION,
2614 SSL_NOT_DEFAULT | SSL_HIGH,
2615 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2616 256,
2617 256,
2618 },
2619 {
2620 1,
2621 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2622 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2623 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2624 SSL_kECDHEPSK,
2625 SSL_aPSK,
2626 SSL_CAMELLIA128,
2627 SSL_SHA256,
2628 TLS1_VERSION, TLS1_2_VERSION,
2629 DTLS1_BAD_VER, DTLS1_2_VERSION,
2630 SSL_NOT_DEFAULT | SSL_HIGH,
2631 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2632 128,
2633 128,
2634 },
2635 {
2636 1,
2637 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2638 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2639 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2640 SSL_kECDHEPSK,
2641 SSL_aPSK,
2642 SSL_CAMELLIA256,
2643 SSL_SHA384,
2644 TLS1_VERSION, TLS1_2_VERSION,
2645 DTLS1_BAD_VER, DTLS1_2_VERSION,
2646 SSL_NOT_DEFAULT | SSL_HIGH,
2647 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2648 256,
2649 256,
2650 },
2651
2652 #ifndef OPENSSL_NO_GOST
2653 {
2654 1,
2655 "GOST2001-GOST89-GOST89",
2656 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2657 0x3000081,
2658 SSL_kGOST,
2659 SSL_aGOST01,
2660 SSL_eGOST2814789CNT,
2661 SSL_GOST89MAC,
2662 TLS1_VERSION, TLS1_2_VERSION,
2663 0, 0,
2664 SSL_HIGH,
2665 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2666 256,
2667 256,
2668 },
2669 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2670 {
2671 1,
2672 "GOST2001-NULL-GOST94",
2673 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2674 0x3000083,
2675 SSL_kGOST,
2676 SSL_aGOST01,
2677 SSL_eNULL,
2678 SSL_GOST94,
2679 TLS1_VERSION, TLS1_2_VERSION,
2680 0, 0,
2681 SSL_STRONG_NONE,
2682 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2683 0,
2684 0,
2685 },
2686 # endif
2687 {
2688 1,
2689 "IANA-GOST2012-GOST8912-GOST8912",
2690 NULL,
2691 0x0300c102,
2692 SSL_kGOST,
2693 SSL_aGOST12 | SSL_aGOST01,
2694 SSL_eGOST2814789CNT12,
2695 SSL_GOST89MAC12,
2696 TLS1_VERSION, TLS1_2_VERSION,
2697 0, 0,
2698 SSL_HIGH,
2699 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2700 256,
2701 256,
2702 },
2703 {
2704 1,
2705 "LEGACY-GOST2012-GOST8912-GOST8912",
2706 NULL,
2707 0x0300ff85,
2708 SSL_kGOST,
2709 SSL_aGOST12 | SSL_aGOST01,
2710 SSL_eGOST2814789CNT12,
2711 SSL_GOST89MAC12,
2712 TLS1_VERSION, TLS1_2_VERSION,
2713 0, 0,
2714 SSL_HIGH,
2715 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2716 256,
2717 256,
2718 },
2719 # ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2720 {
2721 1,
2722 "GOST2012-NULL-GOST12",
2723 NULL,
2724 0x0300ff87,
2725 SSL_kGOST,
2726 SSL_aGOST12 | SSL_aGOST01,
2727 SSL_eNULL,
2728 SSL_GOST12_256,
2729 TLS1_VERSION, TLS1_2_VERSION,
2730 0, 0,
2731 SSL_STRONG_NONE,
2732 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2733 0,
2734 0,
2735 },
2736 # endif
2737 {
2738 1,
2739 "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2740 NULL,
2741 0x0300C100,
2742 SSL_kGOST18,
2743 SSL_aGOST12,
2744 SSL_KUZNYECHIK,
2745 SSL_KUZNYECHIKOMAC,
2746 TLS1_2_VERSION, TLS1_2_VERSION,
2747 0, 0,
2748 SSL_HIGH,
2749 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2750 256,
2751 256,
2752 },
2753 {
2754 1,
2755 "GOST2012-MAGMA-MAGMAOMAC",
2756 NULL,
2757 0x0300C101,
2758 SSL_kGOST18,
2759 SSL_aGOST12,
2760 SSL_MAGMA,
2761 SSL_MAGMAOMAC,
2762 TLS1_2_VERSION, TLS1_2_VERSION,
2763 0, 0,
2764 SSL_HIGH,
2765 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2766 256,
2767 256,
2768 },
2769 #endif /* OPENSSL_NO_GOST */
2770
2771 {
2772 1,
2773 SSL3_TXT_RSA_IDEA_128_SHA,
2774 SSL3_RFC_RSA_IDEA_128_SHA,
2775 SSL3_CK_RSA_IDEA_128_SHA,
2776 SSL_kRSA,
2777 SSL_aRSA,
2778 SSL_IDEA,
2779 SSL_SHA1,
2780 SSL3_VERSION, TLS1_1_VERSION,
2781 DTLS1_BAD_VER, DTLS1_VERSION,
2782 SSL_NOT_DEFAULT | SSL_MEDIUM,
2783 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2784 128,
2785 128,
2786 },
2787
2788 {
2789 1,
2790 TLS1_TXT_RSA_WITH_SEED_SHA,
2791 TLS1_RFC_RSA_WITH_SEED_SHA,
2792 TLS1_CK_RSA_WITH_SEED_SHA,
2793 SSL_kRSA,
2794 SSL_aRSA,
2795 SSL_SEED,
2796 SSL_SHA1,
2797 SSL3_VERSION, TLS1_2_VERSION,
2798 DTLS1_BAD_VER, DTLS1_2_VERSION,
2799 SSL_NOT_DEFAULT | SSL_MEDIUM,
2800 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2801 128,
2802 128,
2803 },
2804 {
2805 1,
2806 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2807 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2808 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2809 SSL_kDHE,
2810 SSL_aDSS,
2811 SSL_SEED,
2812 SSL_SHA1,
2813 SSL3_VERSION, TLS1_2_VERSION,
2814 DTLS1_BAD_VER, DTLS1_2_VERSION,
2815 SSL_NOT_DEFAULT | SSL_MEDIUM,
2816 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2817 128,
2818 128,
2819 },
2820 {
2821 1,
2822 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2823 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2824 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2825 SSL_kDHE,
2826 SSL_aRSA,
2827 SSL_SEED,
2828 SSL_SHA1,
2829 SSL3_VERSION, TLS1_2_VERSION,
2830 DTLS1_BAD_VER, DTLS1_2_VERSION,
2831 SSL_NOT_DEFAULT | SSL_MEDIUM,
2832 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2833 128,
2834 128,
2835 },
2836 {
2837 1,
2838 TLS1_TXT_ADH_WITH_SEED_SHA,
2839 TLS1_RFC_ADH_WITH_SEED_SHA,
2840 TLS1_CK_ADH_WITH_SEED_SHA,
2841 SSL_kDHE,
2842 SSL_aNULL,
2843 SSL_SEED,
2844 SSL_SHA1,
2845 SSL3_VERSION, TLS1_2_VERSION,
2846 DTLS1_BAD_VER, DTLS1_2_VERSION,
2847 SSL_NOT_DEFAULT | SSL_MEDIUM,
2848 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2849 128,
2850 128,
2851 },
2852
2853 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2854 {
2855 1,
2856 SSL3_TXT_RSA_RC4_128_MD5,
2857 SSL3_RFC_RSA_RC4_128_MD5,
2858 SSL3_CK_RSA_RC4_128_MD5,
2859 SSL_kRSA,
2860 SSL_aRSA,
2861 SSL_RC4,
2862 SSL_MD5,
2863 SSL3_VERSION, TLS1_2_VERSION,
2864 0, 0,
2865 SSL_NOT_DEFAULT | SSL_MEDIUM,
2866 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2867 80,
2868 128,
2869 },
2870 {
2871 1,
2872 SSL3_TXT_RSA_RC4_128_SHA,
2873 SSL3_RFC_RSA_RC4_128_SHA,
2874 SSL3_CK_RSA_RC4_128_SHA,
2875 SSL_kRSA,
2876 SSL_aRSA,
2877 SSL_RC4,
2878 SSL_SHA1,
2879 SSL3_VERSION, TLS1_2_VERSION,
2880 0, 0,
2881 SSL_NOT_DEFAULT | SSL_MEDIUM,
2882 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2883 80,
2884 128,
2885 },
2886 {
2887 1,
2888 SSL3_TXT_ADH_RC4_128_MD5,
2889 SSL3_RFC_ADH_RC4_128_MD5,
2890 SSL3_CK_ADH_RC4_128_MD5,
2891 SSL_kDHE,
2892 SSL_aNULL,
2893 SSL_RC4,
2894 SSL_MD5,
2895 SSL3_VERSION, TLS1_2_VERSION,
2896 0, 0,
2897 SSL_NOT_DEFAULT | SSL_MEDIUM,
2898 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2899 80,
2900 128,
2901 },
2902 {
2903 1,
2904 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2905 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2906 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2907 SSL_kECDHEPSK,
2908 SSL_aPSK,
2909 SSL_RC4,
2910 SSL_SHA1,
2911 TLS1_VERSION, TLS1_2_VERSION,
2912 0, 0,
2913 SSL_NOT_DEFAULT | SSL_MEDIUM,
2914 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2915 80,
2916 128,
2917 },
2918 {
2919 1,
2920 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2921 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2922 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2923 SSL_kECDHE,
2924 SSL_aNULL,
2925 SSL_RC4,
2926 SSL_SHA1,
2927 TLS1_VERSION, TLS1_2_VERSION,
2928 0, 0,
2929 SSL_NOT_DEFAULT | SSL_MEDIUM,
2930 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2931 80,
2932 128,
2933 },
2934 {
2935 1,
2936 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2937 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2938 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2939 SSL_kECDHE,
2940 SSL_aECDSA,
2941 SSL_RC4,
2942 SSL_SHA1,
2943 TLS1_VERSION, TLS1_2_VERSION,
2944 0, 0,
2945 SSL_NOT_DEFAULT | SSL_MEDIUM,
2946 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2947 80,
2948 128,
2949 },
2950 {
2951 1,
2952 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2953 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2954 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2955 SSL_kECDHE,
2956 SSL_aRSA,
2957 SSL_RC4,
2958 SSL_SHA1,
2959 TLS1_VERSION, TLS1_2_VERSION,
2960 0, 0,
2961 SSL_NOT_DEFAULT | SSL_MEDIUM,
2962 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2963 80,
2964 128,
2965 },
2966 {
2967 1,
2968 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2969 TLS1_RFC_PSK_WITH_RC4_128_SHA,
2970 TLS1_CK_PSK_WITH_RC4_128_SHA,
2971 SSL_kPSK,
2972 SSL_aPSK,
2973 SSL_RC4,
2974 SSL_SHA1,
2975 SSL3_VERSION, TLS1_2_VERSION,
2976 0, 0,
2977 SSL_NOT_DEFAULT | SSL_MEDIUM,
2978 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2979 80,
2980 128,
2981 },
2982 {
2983 1,
2984 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2985 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2986 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2987 SSL_kRSAPSK,
2988 SSL_aRSA,
2989 SSL_RC4,
2990 SSL_SHA1,
2991 SSL3_VERSION, TLS1_2_VERSION,
2992 0, 0,
2993 SSL_NOT_DEFAULT | SSL_MEDIUM,
2994 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2995 80,
2996 128,
2997 },
2998 {
2999 1,
3000 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3001 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3002 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3003 SSL_kDHEPSK,
3004 SSL_aPSK,
3005 SSL_RC4,
3006 SSL_SHA1,
3007 SSL3_VERSION, TLS1_2_VERSION,
3008 0, 0,
3009 SSL_NOT_DEFAULT | SSL_MEDIUM,
3010 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3011 80,
3012 128,
3013 },
3014 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3015
3016 {
3017 1,
3018 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3019 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3020 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3021 SSL_kRSA,
3022 SSL_aRSA,
3023 SSL_ARIA128GCM,
3024 SSL_AEAD,
3025 TLS1_2_VERSION, TLS1_2_VERSION,
3026 DTLS1_2_VERSION, DTLS1_2_VERSION,
3027 SSL_NOT_DEFAULT | SSL_HIGH,
3028 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3029 128,
3030 128,
3031 },
3032 {
3033 1,
3034 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3035 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3036 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3037 SSL_kRSA,
3038 SSL_aRSA,
3039 SSL_ARIA256GCM,
3040 SSL_AEAD,
3041 TLS1_2_VERSION, TLS1_2_VERSION,
3042 DTLS1_2_VERSION, DTLS1_2_VERSION,
3043 SSL_NOT_DEFAULT | SSL_HIGH,
3044 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3045 256,
3046 256,
3047 },
3048 {
3049 1,
3050 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3051 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053 SSL_kDHE,
3054 SSL_aRSA,
3055 SSL_ARIA128GCM,
3056 SSL_AEAD,
3057 TLS1_2_VERSION, TLS1_2_VERSION,
3058 DTLS1_2_VERSION, DTLS1_2_VERSION,
3059 SSL_NOT_DEFAULT | SSL_HIGH,
3060 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3061 128,
3062 128,
3063 },
3064 {
3065 1,
3066 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3067 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069 SSL_kDHE,
3070 SSL_aRSA,
3071 SSL_ARIA256GCM,
3072 SSL_AEAD,
3073 TLS1_2_VERSION, TLS1_2_VERSION,
3074 DTLS1_2_VERSION, DTLS1_2_VERSION,
3075 SSL_NOT_DEFAULT | SSL_HIGH,
3076 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3077 256,
3078 256,
3079 },
3080 {
3081 1,
3082 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3083 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3084 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3085 SSL_kDHE,
3086 SSL_aDSS,
3087 SSL_ARIA128GCM,
3088 SSL_AEAD,
3089 TLS1_2_VERSION, TLS1_2_VERSION,
3090 DTLS1_2_VERSION, DTLS1_2_VERSION,
3091 SSL_NOT_DEFAULT | SSL_HIGH,
3092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3093 128,
3094 128,
3095 },
3096 {
3097 1,
3098 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3099 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3100 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3101 SSL_kDHE,
3102 SSL_aDSS,
3103 SSL_ARIA256GCM,
3104 SSL_AEAD,
3105 TLS1_2_VERSION, TLS1_2_VERSION,
3106 DTLS1_2_VERSION, DTLS1_2_VERSION,
3107 SSL_NOT_DEFAULT | SSL_HIGH,
3108 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3109 256,
3110 256,
3111 },
3112 {
3113 1,
3114 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3115 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3116 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3117 SSL_kECDHE,
3118 SSL_aECDSA,
3119 SSL_ARIA128GCM,
3120 SSL_AEAD,
3121 TLS1_2_VERSION, TLS1_2_VERSION,
3122 DTLS1_2_VERSION, DTLS1_2_VERSION,
3123 SSL_NOT_DEFAULT | SSL_HIGH,
3124 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3125 128,
3126 128,
3127 },
3128 {
3129 1,
3130 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3131 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3132 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3133 SSL_kECDHE,
3134 SSL_aECDSA,
3135 SSL_ARIA256GCM,
3136 SSL_AEAD,
3137 TLS1_2_VERSION, TLS1_2_VERSION,
3138 DTLS1_2_VERSION, DTLS1_2_VERSION,
3139 SSL_NOT_DEFAULT | SSL_HIGH,
3140 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3141 256,
3142 256,
3143 },
3144 {
3145 1,
3146 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3147 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3148 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3149 SSL_kECDHE,
3150 SSL_aRSA,
3151 SSL_ARIA128GCM,
3152 SSL_AEAD,
3153 TLS1_2_VERSION, TLS1_2_VERSION,
3154 DTLS1_2_VERSION, DTLS1_2_VERSION,
3155 SSL_NOT_DEFAULT | SSL_HIGH,
3156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3157 128,
3158 128,
3159 },
3160 {
3161 1,
3162 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3163 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3164 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3165 SSL_kECDHE,
3166 SSL_aRSA,
3167 SSL_ARIA256GCM,
3168 SSL_AEAD,
3169 TLS1_2_VERSION, TLS1_2_VERSION,
3170 DTLS1_2_VERSION, DTLS1_2_VERSION,
3171 SSL_NOT_DEFAULT | SSL_HIGH,
3172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3173 256,
3174 256,
3175 },
3176 {
3177 1,
3178 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3179 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3180 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3181 SSL_kPSK,
3182 SSL_aPSK,
3183 SSL_ARIA128GCM,
3184 SSL_AEAD,
3185 TLS1_2_VERSION, TLS1_2_VERSION,
3186 DTLS1_2_VERSION, DTLS1_2_VERSION,
3187 SSL_NOT_DEFAULT | SSL_HIGH,
3188 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3189 128,
3190 128,
3191 },
3192 {
3193 1,
3194 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3195 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3196 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3197 SSL_kPSK,
3198 SSL_aPSK,
3199 SSL_ARIA256GCM,
3200 SSL_AEAD,
3201 TLS1_2_VERSION, TLS1_2_VERSION,
3202 DTLS1_2_VERSION, DTLS1_2_VERSION,
3203 SSL_NOT_DEFAULT | SSL_HIGH,
3204 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3205 256,
3206 256,
3207 },
3208 {
3209 1,
3210 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3211 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3212 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3213 SSL_kDHEPSK,
3214 SSL_aPSK,
3215 SSL_ARIA128GCM,
3216 SSL_AEAD,
3217 TLS1_2_VERSION, TLS1_2_VERSION,
3218 DTLS1_2_VERSION, DTLS1_2_VERSION,
3219 SSL_NOT_DEFAULT | SSL_HIGH,
3220 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3221 128,
3222 128,
3223 },
3224 {
3225 1,
3226 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3227 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3228 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3229 SSL_kDHEPSK,
3230 SSL_aPSK,
3231 SSL_ARIA256GCM,
3232 SSL_AEAD,
3233 TLS1_2_VERSION, TLS1_2_VERSION,
3234 DTLS1_2_VERSION, DTLS1_2_VERSION,
3235 SSL_NOT_DEFAULT | SSL_HIGH,
3236 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3237 256,
3238 256,
3239 },
3240 {
3241 1,
3242 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3243 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3244 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3245 SSL_kRSAPSK,
3246 SSL_aRSA,
3247 SSL_ARIA128GCM,
3248 SSL_AEAD,
3249 TLS1_2_VERSION, TLS1_2_VERSION,
3250 DTLS1_2_VERSION, DTLS1_2_VERSION,
3251 SSL_NOT_DEFAULT | SSL_HIGH,
3252 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3253 128,
3254 128,
3255 },
3256 {
3257 1,
3258 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3259 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3260 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3261 SSL_kRSAPSK,
3262 SSL_aRSA,
3263 SSL_ARIA256GCM,
3264 SSL_AEAD,
3265 TLS1_2_VERSION, TLS1_2_VERSION,
3266 DTLS1_2_VERSION, DTLS1_2_VERSION,
3267 SSL_NOT_DEFAULT | SSL_HIGH,
3268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3269 256,
3270 256,
3271 },
3272 };
3273
3274 /*
3275 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3276 * values stuffed into the ciphers field of the wire protocol for signalling
3277 * purposes.
3278 */
3279 static SSL_CIPHER ssl3_scsvs[] = {
3280 {
3281 0,
3282 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3283 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3284 SSL3_CK_SCSV,
3285 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3286 },
3287 {
3288 0,
3289 "TLS_FALLBACK_SCSV",
3290 "TLS_FALLBACK_SCSV",
3291 SSL3_CK_FALLBACK_SCSV,
3292 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3293 },
3294 };
3295
cipher_compare(const void * a,const void * b)3296 static int cipher_compare(const void *a, const void *b)
3297 {
3298 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3299 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3300
3301 if (ap->id == bp->id)
3302 return 0;
3303 return ap->id < bp->id ? -1 : 1;
3304 }
3305
ssl_sort_cipher_list(void)3306 void ssl_sort_cipher_list(void)
3307 {
3308 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3309 cipher_compare);
3310 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3311 cipher_compare);
3312 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3313 }
3314
sslcon_undefined_function_1(SSL_CONNECTION * sc,unsigned char * r,size_t s,const char * t,size_t u,const unsigned char * v,size_t w,int x)3315 static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3316 size_t s, const char *t, size_t u,
3317 const unsigned char *v, size_t w, int x)
3318 {
3319 (void)r;
3320 (void)s;
3321 (void)t;
3322 (void)u;
3323 (void)v;
3324 (void)w;
3325 (void)x;
3326 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3327 }
3328
3329 const SSL3_ENC_METHOD SSLv3_enc_data = {
3330 ssl3_setup_key_block,
3331 ssl3_generate_master_secret,
3332 ssl3_change_cipher_state,
3333 ssl3_final_finish_mac,
3334 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3335 SSL3_MD_SERVER_FINISHED_CONST, 4,
3336 ssl3_alert_code,
3337 sslcon_undefined_function_1,
3338 0,
3339 ssl3_set_handshake_header,
3340 tls_close_construct_packet,
3341 ssl3_handshake_write
3342 };
3343
ssl3_default_timeout(void)3344 OSSL_TIME ssl3_default_timeout(void)
3345 {
3346 /*
3347 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3348 * http, the cache would over fill
3349 */
3350 return ossl_seconds2time(60 * 60 * 2);
3351 }
3352
ssl3_num_ciphers(void)3353 int ssl3_num_ciphers(void)
3354 {
3355 return SSL3_NUM_CIPHERS;
3356 }
3357
ssl3_get_cipher(unsigned int u)3358 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3359 {
3360 if (u < SSL3_NUM_CIPHERS)
3361 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3362 else
3363 return NULL;
3364 }
3365
ssl3_set_handshake_header(SSL_CONNECTION * s,WPACKET * pkt,int htype)3366 int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3367 {
3368 /* No header in the event of a CCS */
3369 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3370 return 1;
3371
3372 /* Set the content type and 3 bytes for the message len */
3373 if (!WPACKET_put_bytes_u8(pkt, htype)
3374 || !WPACKET_start_sub_packet_u24(pkt))
3375 return 0;
3376
3377 return 1;
3378 }
3379
ssl3_handshake_write(SSL_CONNECTION * s)3380 int ssl3_handshake_write(SSL_CONNECTION *s)
3381 {
3382 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3383 }
3384
ssl3_new(SSL * s)3385 int ssl3_new(SSL *s)
3386 {
3387 #ifndef OPENSSL_NO_SRP
3388 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3389
3390 if (sc == NULL)
3391 return 0;
3392
3393 if (!ssl_srp_ctx_init_intern(sc))
3394 return 0;
3395 #endif
3396
3397 if (!s->method->ssl_clear(s))
3398 return 0;
3399
3400 return 1;
3401 }
3402
ssl3_free(SSL * s)3403 void ssl3_free(SSL *s)
3404 {
3405 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3406
3407 if (sc == NULL)
3408 return;
3409
3410 ssl3_cleanup_key_block(sc);
3411
3412 EVP_PKEY_free(sc->s3.peer_tmp);
3413 sc->s3.peer_tmp = NULL;
3414 EVP_PKEY_free(sc->s3.tmp.pkey);
3415 sc->s3.tmp.pkey = NULL;
3416
3417 ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3418 ssl_evp_md_free(sc->s3.tmp.new_hash);
3419
3420 OPENSSL_free(sc->s3.tmp.ctype);
3421 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3422 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3423 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3424 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3425 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3426 OPENSSL_free(sc->s3.tmp.valid_flags);
3427 ssl3_free_digest_list(sc);
3428 OPENSSL_free(sc->s3.alpn_selected);
3429 OPENSSL_free(sc->s3.alpn_proposed);
3430
3431 #ifndef OPENSSL_NO_PSK
3432 OPENSSL_free(sc->s3.tmp.psk);
3433 #endif
3434
3435 #ifndef OPENSSL_NO_SRP
3436 ssl_srp_ctx_free_intern(sc);
3437 #endif
3438 memset(&sc->s3, 0, sizeof(sc->s3));
3439 }
3440
ssl3_clear(SSL * s)3441 int ssl3_clear(SSL *s)
3442 {
3443 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3444 int flags;
3445
3446 if (sc == NULL)
3447 return 0;
3448
3449 ssl3_cleanup_key_block(sc);
3450 OPENSSL_free(sc->s3.tmp.ctype);
3451 sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3452 OPENSSL_free(sc->s3.tmp.ciphers_raw);
3453 OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3454 OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3455 OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3456 OPENSSL_free(sc->s3.tmp.valid_flags);
3457
3458 EVP_PKEY_free(sc->s3.tmp.pkey);
3459 EVP_PKEY_free(sc->s3.peer_tmp);
3460
3461 ssl3_free_digest_list(sc);
3462
3463 OPENSSL_free(sc->s3.alpn_selected);
3464 OPENSSL_free(sc->s3.alpn_proposed);
3465
3466 /*
3467 * NULL/zero-out everything in the s3 struct, but remember if we are doing
3468 * QUIC.
3469 */
3470 flags = sc->s3.flags & TLS1_FLAGS_QUIC;
3471 memset(&sc->s3, 0, sizeof(sc->s3));
3472 sc->s3.flags |= flags;
3473
3474 if (!ssl_free_wbio_buffer(sc))
3475 return 0;
3476
3477 sc->version = SSL3_VERSION;
3478
3479 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3480 OPENSSL_free(sc->ext.npn);
3481 sc->ext.npn = NULL;
3482 sc->ext.npn_len = 0;
3483 #endif
3484
3485 return 1;
3486 }
3487
3488 #ifndef OPENSSL_NO_SRP
srp_password_from_info_cb(SSL * s,void * arg)3489 static char *srp_password_from_info_cb(SSL *s, void *arg)
3490 {
3491 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3492
3493 if (sc == NULL)
3494 return NULL;
3495
3496 return OPENSSL_strdup(sc->srp_ctx.info);
3497 }
3498 #endif
3499
3500 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3501
ssl3_ctrl(SSL * s,int cmd,long larg,void * parg)3502 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3503 {
3504 int ret = 0;
3505 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3506
3507 if (sc == NULL)
3508 return ret;
3509
3510 switch (cmd) {
3511 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3512 break;
3513 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3514 ret = sc->s3.num_renegotiations;
3515 break;
3516 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3517 ret = sc->s3.num_renegotiations;
3518 sc->s3.num_renegotiations = 0;
3519 break;
3520 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3521 ret = sc->s3.total_renegotiations;
3522 break;
3523 case SSL_CTRL_GET_FLAGS:
3524 ret = (int)(sc->s3.flags);
3525 break;
3526 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3527 case SSL_CTRL_SET_TMP_DH:
3528 {
3529 EVP_PKEY *pkdh = NULL;
3530 if (parg == NULL) {
3531 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3532 return 0;
3533 }
3534 pkdh = ssl_dh_to_pkey(parg);
3535 if (pkdh == NULL) {
3536 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3537 return 0;
3538 }
3539 if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3540 EVP_PKEY_free(pkdh);
3541 return 0;
3542 }
3543 return 1;
3544 }
3545 break;
3546 case SSL_CTRL_SET_TMP_DH_CB:
3547 {
3548 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3549 return ret;
3550 }
3551 #endif
3552 case SSL_CTRL_SET_DH_AUTO:
3553 sc->cert->dh_tmp_auto = larg;
3554 return 1;
3555 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3556 case SSL_CTRL_SET_TMP_ECDH:
3557 {
3558 if (parg == NULL) {
3559 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3560 return 0;
3561 }
3562 return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
3563 &sc->ext.supportedgroups_len,
3564 parg);
3565 }
3566 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3567 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3568 /*
3569 * This API is only used for a client to set what SNI it will request
3570 * from the server, but we currently allow it to be used on servers
3571 * as well, which is a programming error. Currently we just clear
3572 * the field in SSL_do_handshake() for server SSLs, but when we can
3573 * make ABI-breaking changes, we may want to make use of this API
3574 * an error on server SSLs.
3575 */
3576 if (larg == TLSEXT_NAMETYPE_host_name) {
3577 size_t len;
3578
3579 OPENSSL_free(sc->ext.hostname);
3580 sc->ext.hostname = NULL;
3581
3582 ret = 1;
3583 if (parg == NULL)
3584 break;
3585 len = strlen((char *)parg);
3586 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3587 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3588 return 0;
3589 }
3590 if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3591 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3592 return 0;
3593 }
3594 } else {
3595 ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3596 return 0;
3597 }
3598 break;
3599 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3600 sc->ext.debug_arg = parg;
3601 ret = 1;
3602 break;
3603
3604 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3605 ret = sc->ext.status_type;
3606 break;
3607
3608 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3609 sc->ext.status_type = larg;
3610 ret = 1;
3611 break;
3612
3613 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3614 *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
3615 ret = 1;
3616 break;
3617
3618 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3619 sc->ext.ocsp.exts = parg;
3620 ret = 1;
3621 break;
3622
3623 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3624 *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
3625 ret = 1;
3626 break;
3627
3628 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3629 sc->ext.ocsp.ids = parg;
3630 ret = 1;
3631 break;
3632
3633 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3634 *(unsigned char **)parg = sc->ext.ocsp.resp;
3635 if (sc->ext.ocsp.resp_len == 0
3636 || sc->ext.ocsp.resp_len > LONG_MAX)
3637 return -1;
3638 return (long)sc->ext.ocsp.resp_len;
3639
3640 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3641 OPENSSL_free(sc->ext.ocsp.resp);
3642 sc->ext.ocsp.resp = parg;
3643 sc->ext.ocsp.resp_len = larg;
3644 ret = 1;
3645 break;
3646
3647 case SSL_CTRL_CHAIN:
3648 if (larg)
3649 return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
3650 else
3651 return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
3652
3653 case SSL_CTRL_CHAIN_CERT:
3654 if (larg)
3655 return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
3656 else
3657 return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
3658
3659 case SSL_CTRL_GET_CHAIN_CERTS:
3660 *(STACK_OF(X509) **)parg = sc->cert->key->chain;
3661 ret = 1;
3662 break;
3663
3664 case SSL_CTRL_SELECT_CURRENT_CERT:
3665 return ssl_cert_select_current(sc->cert, (X509 *)parg);
3666
3667 case SSL_CTRL_SET_CURRENT_CERT:
3668 if (larg == SSL_CERT_SET_SERVER) {
3669 const SSL_CIPHER *cipher;
3670 if (!sc->server)
3671 return 0;
3672 cipher = sc->s3.tmp.new_cipher;
3673 if (cipher == NULL)
3674 return 0;
3675 /*
3676 * No certificate for unauthenticated ciphersuites or using SRP
3677 * authentication
3678 */
3679 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3680 return 2;
3681 if (sc->s3.tmp.cert == NULL)
3682 return 0;
3683 sc->cert->key = sc->s3.tmp.cert;
3684 return 1;
3685 }
3686 return ssl_cert_set_current(sc->cert, larg);
3687
3688 case SSL_CTRL_GET_GROUPS:
3689 {
3690 uint16_t *clist;
3691 size_t clistlen;
3692
3693 if (!sc->session)
3694 return 0;
3695 clist = sc->ext.peer_supportedgroups;
3696 clistlen = sc->ext.peer_supportedgroups_len;
3697 if (parg) {
3698 size_t i;
3699 int *cptr = parg;
3700
3701 for (i = 0; i < clistlen; i++) {
3702 const TLS_GROUP_INFO *cinf
3703 = tls1_group_id_lookup(s->ctx, clist[i]);
3704
3705 if (cinf != NULL)
3706 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3707 else
3708 cptr[i] = TLSEXT_nid_unknown | clist[i];
3709 }
3710 }
3711 return (int)clistlen;
3712 }
3713
3714 case SSL_CTRL_SET_GROUPS:
3715 return tls1_set_groups(&sc->ext.supportedgroups,
3716 &sc->ext.supportedgroups_len, parg, larg);
3717
3718 case SSL_CTRL_SET_GROUPS_LIST:
3719 return tls1_set_groups_list(s->ctx, &sc->ext.supportedgroups,
3720 &sc->ext.supportedgroups_len, parg);
3721
3722 case SSL_CTRL_GET_SHARED_GROUP:
3723 {
3724 uint16_t id = tls1_shared_group(sc, larg);
3725
3726 if (larg != -1)
3727 return tls1_group_id2nid(id, 1);
3728 return id;
3729 }
3730 case SSL_CTRL_GET_NEGOTIATED_GROUP:
3731 {
3732 unsigned int id;
3733
3734 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
3735 id = sc->s3.group_id;
3736 else
3737 id = sc->session->kex_group;
3738 ret = tls1_group_id2nid(id, 1);
3739 break;
3740 }
3741 case SSL_CTRL_SET_SIGALGS:
3742 return tls1_set_sigalgs(sc->cert, parg, larg, 0);
3743
3744 case SSL_CTRL_SET_SIGALGS_LIST:
3745 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
3746
3747 case SSL_CTRL_SET_CLIENT_SIGALGS:
3748 return tls1_set_sigalgs(sc->cert, parg, larg, 1);
3749
3750 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3751 return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
3752
3753 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3754 {
3755 const unsigned char **pctype = parg;
3756 if (sc->server || !sc->s3.tmp.cert_req)
3757 return 0;
3758 if (pctype)
3759 *pctype = sc->s3.tmp.ctype;
3760 return sc->s3.tmp.ctype_len;
3761 }
3762
3763 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3764 if (!sc->server)
3765 return 0;
3766 return ssl3_set_req_cert_type(sc->cert, parg, larg);
3767
3768 case SSL_CTRL_BUILD_CERT_CHAIN:
3769 return ssl_build_cert_chain(sc, NULL, larg);
3770
3771 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3772 return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
3773
3774 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3775 return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
3776
3777 case SSL_CTRL_GET_VERIFY_CERT_STORE:
3778 return ssl_cert_get_cert_store(sc->cert, parg, 0);
3779
3780 case SSL_CTRL_GET_CHAIN_CERT_STORE:
3781 return ssl_cert_get_cert_store(sc->cert, parg, 1);
3782
3783 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3784 if (sc->s3.tmp.peer_sigalg == NULL)
3785 return 0;
3786 *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
3787 return 1;
3788
3789 case SSL_CTRL_GET_SIGNATURE_NID:
3790 if (sc->s3.tmp.sigalg == NULL)
3791 return 0;
3792 *(int *)parg = sc->s3.tmp.sigalg->hash;
3793 return 1;
3794
3795 case SSL_CTRL_GET_PEER_TMP_KEY:
3796 if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
3797 return 0;
3798 } else {
3799 EVP_PKEY_up_ref(sc->s3.peer_tmp);
3800 *(EVP_PKEY **)parg = sc->s3.peer_tmp;
3801 return 1;
3802 }
3803
3804 case SSL_CTRL_GET_TMP_KEY:
3805 if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
3806 return 0;
3807 } else {
3808 EVP_PKEY_up_ref(sc->s3.tmp.pkey);
3809 *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
3810 return 1;
3811 }
3812
3813 case SSL_CTRL_GET_EC_POINT_FORMATS:
3814 {
3815 const unsigned char **pformat = parg;
3816
3817 if (sc->ext.peer_ecpointformats == NULL)
3818 return 0;
3819 *pformat = sc->ext.peer_ecpointformats;
3820 return (int)sc->ext.peer_ecpointformats_len;
3821 }
3822
3823 case SSL_CTRL_GET_IANA_GROUPS:
3824 {
3825 if (parg != NULL) {
3826 *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
3827 }
3828 return (int)sc->ext.peer_supportedgroups_len;
3829 }
3830
3831 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
3832 sc->msg_callback_arg = parg;
3833 return 1;
3834
3835 default:
3836 break;
3837 }
3838 return ret;
3839 }
3840
ssl3_callback_ctrl(SSL * s,int cmd,void (* fp)(void))3841 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3842 {
3843 int ret = 0;
3844 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3845
3846 if (sc == NULL)
3847 return ret;
3848
3849 switch (cmd) {
3850 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3851 case SSL_CTRL_SET_TMP_DH_CB:
3852 sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3853 ret = 1;
3854 break;
3855 #endif
3856 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3857 sc->ext.debug_cb = (void (*)(SSL *, int, int,
3858 const unsigned char *, int, void *))fp;
3859 ret = 1;
3860 break;
3861
3862 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3863 sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3864 ret = 1;
3865 break;
3866
3867 case SSL_CTRL_SET_MSG_CALLBACK:
3868 sc->msg_callback = (ossl_msg_cb)fp;
3869 return 1;
3870 default:
3871 break;
3872 }
3873 return ret;
3874 }
3875
ssl3_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)3876 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3877 {
3878 switch (cmd) {
3879 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3880 case SSL_CTRL_SET_TMP_DH:
3881 {
3882 EVP_PKEY *pkdh = NULL;
3883 if (parg == NULL) {
3884 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3885 return 0;
3886 }
3887 pkdh = ssl_dh_to_pkey(parg);
3888 if (pkdh == NULL) {
3889 ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3890 return 0;
3891 }
3892 if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
3893 EVP_PKEY_free(pkdh);
3894 return 0;
3895 }
3896 return 1;
3897 }
3898 case SSL_CTRL_SET_TMP_DH_CB:
3899 {
3900 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3901 return 0;
3902 }
3903 #endif
3904 case SSL_CTRL_SET_DH_AUTO:
3905 ctx->cert->dh_tmp_auto = larg;
3906 return 1;
3907 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
3908 case SSL_CTRL_SET_TMP_ECDH:
3909 {
3910 if (parg == NULL) {
3911 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3912 return 0;
3913 }
3914 return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3915 &ctx->ext.supportedgroups_len,
3916 parg);
3917 }
3918 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3919 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3920 ctx->ext.servername_arg = parg;
3921 break;
3922 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3923 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3924 {
3925 unsigned char *keys = parg;
3926 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3927 sizeof(ctx->ext.secure->tick_hmac_key) +
3928 sizeof(ctx->ext.secure->tick_aes_key));
3929 if (keys == NULL)
3930 return tick_keylen;
3931 if (larg != tick_keylen) {
3932 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3933 return 0;
3934 }
3935 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3936 memcpy(ctx->ext.tick_key_name, keys,
3937 sizeof(ctx->ext.tick_key_name));
3938 memcpy(ctx->ext.secure->tick_hmac_key,
3939 keys + sizeof(ctx->ext.tick_key_name),
3940 sizeof(ctx->ext.secure->tick_hmac_key));
3941 memcpy(ctx->ext.secure->tick_aes_key,
3942 keys + sizeof(ctx->ext.tick_key_name) +
3943 sizeof(ctx->ext.secure->tick_hmac_key),
3944 sizeof(ctx->ext.secure->tick_aes_key));
3945 } else {
3946 memcpy(keys, ctx->ext.tick_key_name,
3947 sizeof(ctx->ext.tick_key_name));
3948 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3949 ctx->ext.secure->tick_hmac_key,
3950 sizeof(ctx->ext.secure->tick_hmac_key));
3951 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3952 sizeof(ctx->ext.secure->tick_hmac_key),
3953 ctx->ext.secure->tick_aes_key,
3954 sizeof(ctx->ext.secure->tick_aes_key));
3955 }
3956 return 1;
3957 }
3958
3959 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3960 return ctx->ext.status_type;
3961
3962 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3963 ctx->ext.status_type = larg;
3964 break;
3965
3966 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3967 ctx->ext.status_arg = parg;
3968 return 1;
3969
3970 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3971 *(void**)parg = ctx->ext.status_arg;
3972 break;
3973
3974 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3975 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3976 break;
3977
3978 #ifndef OPENSSL_NO_SRP
3979 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3980 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3981 OPENSSL_free(ctx->srp_ctx.login);
3982 ctx->srp_ctx.login = NULL;
3983 if (parg == NULL)
3984 break;
3985 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3986 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
3987 return 0;
3988 }
3989 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3990 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3991 return 0;
3992 }
3993 break;
3994 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3995 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3996 srp_password_from_info_cb;
3997 if (ctx->srp_ctx.info != NULL)
3998 OPENSSL_free(ctx->srp_ctx.info);
3999 if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
4000 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4001 return 0;
4002 }
4003 break;
4004 case SSL_CTRL_SET_SRP_ARG:
4005 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4006 ctx->srp_ctx.SRP_cb_arg = parg;
4007 break;
4008
4009 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4010 ctx->srp_ctx.strength = larg;
4011 break;
4012 #endif
4013
4014 case SSL_CTRL_SET_GROUPS:
4015 return tls1_set_groups(&ctx->ext.supportedgroups,
4016 &ctx->ext.supportedgroups_len,
4017 parg, larg);
4018
4019 case SSL_CTRL_SET_GROUPS_LIST:
4020 return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
4021 &ctx->ext.supportedgroups_len,
4022 parg);
4023
4024 case SSL_CTRL_SET_SIGALGS:
4025 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4026
4027 case SSL_CTRL_SET_SIGALGS_LIST:
4028 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4029
4030 case SSL_CTRL_SET_CLIENT_SIGALGS:
4031 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4032
4033 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4034 return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4035
4036 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4037 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4038
4039 case SSL_CTRL_BUILD_CERT_CHAIN:
4040 return ssl_build_cert_chain(NULL, ctx, larg);
4041
4042 case SSL_CTRL_SET_VERIFY_CERT_STORE:
4043 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4044
4045 case SSL_CTRL_SET_CHAIN_CERT_STORE:
4046 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4047
4048 case SSL_CTRL_GET_VERIFY_CERT_STORE:
4049 return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4050
4051 case SSL_CTRL_GET_CHAIN_CERT_STORE:
4052 return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4053
4054 /* A Thawte special :-) */
4055 case SSL_CTRL_EXTRA_CHAIN_CERT:
4056 if (ctx->extra_certs == NULL) {
4057 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4058 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4059 return 0;
4060 }
4061 }
4062 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4063 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4064 return 0;
4065 }
4066 break;
4067
4068 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4069 if (ctx->extra_certs == NULL && larg == 0)
4070 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4071 else
4072 *(STACK_OF(X509) **)parg = ctx->extra_certs;
4073 break;
4074
4075 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4076 OSSL_STACK_OF_X509_free(ctx->extra_certs);
4077 ctx->extra_certs = NULL;
4078 break;
4079
4080 case SSL_CTRL_CHAIN:
4081 if (larg)
4082 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4083 else
4084 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4085
4086 case SSL_CTRL_CHAIN_CERT:
4087 if (larg)
4088 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4089 else
4090 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4091
4092 case SSL_CTRL_GET_CHAIN_CERTS:
4093 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4094 break;
4095
4096 case SSL_CTRL_SELECT_CURRENT_CERT:
4097 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4098
4099 case SSL_CTRL_SET_CURRENT_CERT:
4100 return ssl_cert_set_current(ctx->cert, larg);
4101
4102 default:
4103 return 0;
4104 }
4105 return 1;
4106 }
4107
ssl3_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))4108 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4109 {
4110 switch (cmd) {
4111 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
4112 case SSL_CTRL_SET_TMP_DH_CB:
4113 {
4114 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4115 }
4116 break;
4117 #endif
4118 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4119 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4120 break;
4121
4122 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4123 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4124 break;
4125
4126 # ifndef OPENSSL_NO_DEPRECATED_3_0
4127 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4128 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4129 unsigned char *,
4130 EVP_CIPHER_CTX *,
4131 HMAC_CTX *, int))fp;
4132 break;
4133 #endif
4134
4135 #ifndef OPENSSL_NO_SRP
4136 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4137 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4138 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4139 break;
4140 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4141 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4142 ctx->srp_ctx.TLS_ext_srp_username_callback =
4143 (int (*)(SSL *, int *, void *))fp;
4144 break;
4145 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4146 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4147 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4148 (char *(*)(SSL *, void *))fp;
4149 break;
4150 #endif
4151 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4152 {
4153 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4154 }
4155 break;
4156 default:
4157 return 0;
4158 }
4159 return 1;
4160 }
4161
SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX * ctx,int (* fp)(SSL *,unsigned char *,unsigned char *,EVP_CIPHER_CTX *,EVP_MAC_CTX *,int))4162 int SSL_CTX_set_tlsext_ticket_key_evp_cb
4163 (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4164 EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4165 {
4166 ctx->ext.ticket_key_evp_cb = fp;
4167 return 1;
4168 }
4169
ssl3_get_cipher_by_id(uint32_t id)4170 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4171 {
4172 SSL_CIPHER c;
4173 const SSL_CIPHER *cp;
4174
4175 c.id = id;
4176 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4177 if (cp != NULL)
4178 return cp;
4179 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4180 if (cp != NULL)
4181 return cp;
4182 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4183 }
4184
ssl3_get_cipher_by_std_name(const char * stdname)4185 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4186 {
4187 SSL_CIPHER *tbl;
4188 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4189 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4190 SSL3_NUM_SCSVS};
4191
4192 /* this is not efficient, necessary to optimize this? */
4193 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4194 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4195 if (tbl->stdname == NULL)
4196 continue;
4197 if (strcmp(stdname, tbl->stdname) == 0) {
4198 return tbl;
4199 }
4200 }
4201 }
4202 return NULL;
4203 }
4204
4205 /*
4206 * This function needs to check if the ciphers required are actually
4207 * available
4208 */
ssl3_get_cipher_by_char(const unsigned char * p)4209 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4210 {
4211 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4212 | ((uint32_t)p[0] << 8L)
4213 | (uint32_t)p[1]);
4214 }
4215
ssl3_put_cipher_by_char(const SSL_CIPHER * c,WPACKET * pkt,size_t * len)4216 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4217 {
4218 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4219 *len = 0;
4220 return 1;
4221 }
4222
4223 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4224 return 0;
4225
4226 *len = 2;
4227 return 1;
4228 }
4229
4230 /*
4231 * ssl3_choose_cipher - choose a cipher from those offered by the client
4232 * @s: SSL connection
4233 * @clnt: ciphers offered by the client
4234 * @srvr: ciphers enabled on the server?
4235 *
4236 * Returns the selected cipher or NULL when no common ciphers.
4237 */
ssl3_choose_cipher(SSL_CONNECTION * s,STACK_OF (SSL_CIPHER)* clnt,STACK_OF (SSL_CIPHER)* srvr)4238 const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4239 STACK_OF(SSL_CIPHER) *srvr)
4240 {
4241 const SSL_CIPHER *c, *ret = NULL;
4242 STACK_OF(SSL_CIPHER) *prio, *allow;
4243 int i, ii, ok, prefer_sha256 = 0;
4244 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4245 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4246
4247 /* Let's see which ciphers we can support */
4248
4249 /*
4250 * Do not set the compare functions, because this may lead to a
4251 * reordering by "id". We want to keep the original ordering. We may pay
4252 * a price in performance during sk_SSL_CIPHER_find(), but would have to
4253 * pay with the price of sk_SSL_CIPHER_dup().
4254 */
4255
4256 OSSL_TRACE_BEGIN(TLS_CIPHER) {
4257 BIO_printf(trc_out, "Server has %d from %p:\n",
4258 sk_SSL_CIPHER_num(srvr), (void *)srvr);
4259 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4260 c = sk_SSL_CIPHER_value(srvr, i);
4261 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4262 }
4263 BIO_printf(trc_out, "Client sent %d from %p:\n",
4264 sk_SSL_CIPHER_num(clnt), (void *)clnt);
4265 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4266 c = sk_SSL_CIPHER_value(clnt, i);
4267 BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4268 }
4269 } OSSL_TRACE_END(TLS_CIPHER);
4270
4271 /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4272 if (tls1_suiteb(s)) {
4273 prio = srvr;
4274 allow = clnt;
4275 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4276 prio = srvr;
4277 allow = clnt;
4278
4279 /* If ChaCha20 is at the top of the client preference list,
4280 and there are ChaCha20 ciphers in the server list, then
4281 temporarily prioritize all ChaCha20 ciphers in the servers list. */
4282 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4283 c = sk_SSL_CIPHER_value(clnt, 0);
4284 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4285 /* ChaCha20 is client preferred, check server... */
4286 int num = sk_SSL_CIPHER_num(srvr);
4287 int found = 0;
4288 for (i = 0; i < num; i++) {
4289 c = sk_SSL_CIPHER_value(srvr, i);
4290 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4291 found = 1;
4292 break;
4293 }
4294 }
4295 if (found) {
4296 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4297 /* if reserve fails, then there's likely a memory issue */
4298 if (prio_chacha != NULL) {
4299 /* Put all ChaCha20 at the top, starting with the one we just found */
4300 sk_SSL_CIPHER_push(prio_chacha, c);
4301 for (i++; i < num; i++) {
4302 c = sk_SSL_CIPHER_value(srvr, i);
4303 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4304 sk_SSL_CIPHER_push(prio_chacha, c);
4305 }
4306 /* Pull in the rest */
4307 for (i = 0; i < num; i++) {
4308 c = sk_SSL_CIPHER_value(srvr, i);
4309 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4310 sk_SSL_CIPHER_push(prio_chacha, c);
4311 }
4312 prio = prio_chacha;
4313 }
4314 }
4315 }
4316 }
4317 } else {
4318 prio = clnt;
4319 allow = srvr;
4320 }
4321
4322 if (SSL_CONNECTION_IS_TLS13(s)) {
4323 #ifndef OPENSSL_NO_PSK
4324 size_t j;
4325
4326 /*
4327 * If we allow "old" style PSK callbacks, and we have no certificate (so
4328 * we're not going to succeed without a PSK anyway), and we're in
4329 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4330 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4331 * that.
4332 */
4333 if (s->psk_server_callback != NULL) {
4334 for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, j); j++);
4335 if (j == s->ssl_pkey_num) {
4336 /* There are no certificates */
4337 prefer_sha256 = 1;
4338 }
4339 }
4340 #endif
4341 } else {
4342 tls1_set_cert_validity(s);
4343 ssl_set_masks(s);
4344 }
4345
4346 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4347 int minversion, maxversion;
4348
4349 c = sk_SSL_CIPHER_value(prio, i);
4350 minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4351 maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4352
4353 /* Skip ciphers not supported by the protocol version */
4354 if (ssl_version_cmp(s, s->version, minversion) < 0
4355 || ssl_version_cmp(s, s->version, maxversion) > 0)
4356 continue;
4357
4358 /*
4359 * Since TLS 1.3 ciphersuites can be used with any auth or
4360 * key exchange scheme skip tests.
4361 */
4362 if (!SSL_CONNECTION_IS_TLS13(s)) {
4363 mask_k = s->s3.tmp.mask_k;
4364 mask_a = s->s3.tmp.mask_a;
4365 #ifndef OPENSSL_NO_SRP
4366 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4367 mask_k |= SSL_kSRP;
4368 mask_a |= SSL_aSRP;
4369 }
4370 #endif
4371
4372 alg_k = c->algorithm_mkey;
4373 alg_a = c->algorithm_auth;
4374
4375 #ifndef OPENSSL_NO_PSK
4376 /* with PSK there must be server callback set */
4377 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4378 continue;
4379 #endif /* OPENSSL_NO_PSK */
4380
4381 ok = (alg_k & mask_k) && (alg_a & mask_a);
4382 OSSL_TRACE7(TLS_CIPHER,
4383 "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4384 ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4385
4386 /*
4387 * if we are considering an ECC cipher suite that uses an ephemeral
4388 * EC key check it
4389 */
4390 if (alg_k & SSL_kECDHE)
4391 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4392
4393 if (!ok)
4394 continue;
4395 }
4396 ii = sk_SSL_CIPHER_find(allow, c);
4397 if (ii >= 0) {
4398 /* Check security callback permits this cipher */
4399 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4400 c->strength_bits, 0, (void *)c))
4401 continue;
4402
4403 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4404 && s->s3.is_probably_safari) {
4405 if (!ret)
4406 ret = sk_SSL_CIPHER_value(allow, ii);
4407 continue;
4408 }
4409
4410 if (prefer_sha256) {
4411 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4412 const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4413 tmp->algorithm2);
4414
4415 if (md != NULL
4416 && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4417 ret = tmp;
4418 break;
4419 }
4420 if (ret == NULL)
4421 ret = tmp;
4422 continue;
4423 }
4424 ret = sk_SSL_CIPHER_value(allow, ii);
4425 break;
4426 }
4427 }
4428
4429 sk_SSL_CIPHER_free(prio_chacha);
4430
4431 return ret;
4432 }
4433
ssl3_get_req_cert_type(SSL_CONNECTION * s,WPACKET * pkt)4434 int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4435 {
4436 uint32_t alg_k, alg_a = 0;
4437
4438 /* If we have custom certificate types set, use them */
4439 if (s->cert->ctype)
4440 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4441 /* Get mask of algorithms disabled by signature list */
4442 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4443
4444 alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4445
4446 #ifndef OPENSSL_NO_GOST
4447 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4448 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4449 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4450 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4451 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4452 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4453 return 0;
4454
4455 if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4456 if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4457 || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4458 return 0;
4459 #endif
4460
4461 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4462 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4463 return 0;
4464 if (!(alg_a & SSL_aDSS)
4465 && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4466 return 0;
4467 }
4468 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4469 return 0;
4470 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4471 return 0;
4472
4473 /*
4474 * ECDSA certs can be used with RSA cipher suites too so we don't
4475 * need to check for SSL_kECDH or SSL_kECDHE
4476 */
4477 if (s->version >= TLS1_VERSION
4478 && !(alg_a & SSL_aECDSA)
4479 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4480 return 0;
4481
4482 return 1;
4483 }
4484
ssl3_set_req_cert_type(CERT * c,const unsigned char * p,size_t len)4485 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4486 {
4487 OPENSSL_free(c->ctype);
4488 c->ctype = NULL;
4489 c->ctype_len = 0;
4490 if (p == NULL || len == 0)
4491 return 1;
4492 if (len > 0xff)
4493 return 0;
4494 c->ctype = OPENSSL_memdup(p, len);
4495 if (c->ctype == NULL)
4496 return 0;
4497 c->ctype_len = len;
4498 return 1;
4499 }
4500
ssl3_shutdown(SSL * s)4501 int ssl3_shutdown(SSL *s)
4502 {
4503 int ret;
4504 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4505
4506 if (sc == NULL)
4507 return 0;
4508
4509 /*
4510 * Don't do anything much if we have not done the handshake or we don't
4511 * want to send messages :-)
4512 */
4513 if (sc->quiet_shutdown || SSL_in_before(s)) {
4514 sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4515 return 1;
4516 }
4517
4518 if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4519 sc->shutdown |= SSL_SENT_SHUTDOWN;
4520 ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4521 /*
4522 * our shutdown alert has been sent now, and if it still needs to be
4523 * written, s->s3.alert_dispatch will be > 0
4524 */
4525 if (sc->s3.alert_dispatch > 0)
4526 return -1; /* return WANT_WRITE */
4527 } else if (sc->s3.alert_dispatch > 0) {
4528 /* resend it if not sent */
4529 ret = s->method->ssl_dispatch_alert(s);
4530 if (ret == -1) {
4531 /*
4532 * we only get to return -1 here the 2nd/Nth invocation, we must
4533 * have already signalled return 0 upon a previous invocation,
4534 * return WANT_WRITE
4535 */
4536 return ret;
4537 }
4538 } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4539 size_t readbytes;
4540 /*
4541 * If we are waiting for a close from our peer, we are closed
4542 */
4543 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4544 if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4545 return -1; /* return WANT_READ */
4546 }
4547 }
4548
4549 if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
4550 && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
4551 return 1;
4552 else
4553 return 0;
4554 }
4555
ssl3_write(SSL * s,const void * buf,size_t len,size_t * written)4556 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4557 {
4558 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4559
4560 if (sc == NULL)
4561 return 0;
4562
4563 clear_sys_error();
4564 if (sc->s3.renegotiate)
4565 ssl3_renegotiate_check(s, 0);
4566
4567 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4568 written);
4569 }
4570
ssl3_read_internal(SSL * s,void * buf,size_t len,int peek,size_t * readbytes)4571 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4572 size_t *readbytes)
4573 {
4574 int ret;
4575 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4576
4577 if (sc == NULL)
4578 return 0;
4579
4580 clear_sys_error();
4581 if (sc->s3.renegotiate)
4582 ssl3_renegotiate_check(s, 0);
4583 sc->s3.in_read_app_data = 1;
4584 ret =
4585 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4586 peek, readbytes);
4587 if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
4588 /*
4589 * ssl3_read_bytes decided to call s->handshake_func, which called
4590 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4591 * actually found application data and thinks that application data
4592 * makes sense here; so disable handshake processing and try to read
4593 * application data again.
4594 */
4595 ossl_statem_set_in_handshake(sc, 1);
4596 ret =
4597 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4598 len, peek, readbytes);
4599 ossl_statem_set_in_handshake(sc, 0);
4600 } else
4601 sc->s3.in_read_app_data = 0;
4602
4603 return ret;
4604 }
4605
ssl3_read(SSL * s,void * buf,size_t len,size_t * readbytes)4606 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4607 {
4608 return ssl3_read_internal(s, buf, len, 0, readbytes);
4609 }
4610
ssl3_peek(SSL * s,void * buf,size_t len,size_t * readbytes)4611 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4612 {
4613 return ssl3_read_internal(s, buf, len, 1, readbytes);
4614 }
4615
ssl3_renegotiate(SSL * s)4616 int ssl3_renegotiate(SSL *s)
4617 {
4618 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4619
4620 if (sc == NULL)
4621 return 0;
4622
4623 if (sc->handshake_func == NULL)
4624 return 1;
4625
4626 sc->s3.renegotiate = 1;
4627 return 1;
4628 }
4629
4630 /*
4631 * Check if we are waiting to do a renegotiation and if so whether now is a
4632 * good time to do it. If |initok| is true then we are being called from inside
4633 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4634 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4635 * should do a renegotiation now and sets up the state machine for it. Otherwise
4636 * returns 0.
4637 */
ssl3_renegotiate_check(SSL * s,int initok)4638 int ssl3_renegotiate_check(SSL *s, int initok)
4639 {
4640 int ret = 0;
4641 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4642
4643 if (sc == NULL)
4644 return 0;
4645
4646 if (sc->s3.renegotiate) {
4647 if (!RECORD_LAYER_read_pending(&sc->rlayer)
4648 && !RECORD_LAYER_write_pending(&sc->rlayer)
4649 && (initok || !SSL_in_init(s))) {
4650 /*
4651 * if we are the server, and we have sent a 'RENEGOTIATE'
4652 * message, we need to set the state machine into the renegotiate
4653 * state.
4654 */
4655 ossl_statem_set_renegotiate(sc);
4656 sc->s3.renegotiate = 0;
4657 sc->s3.num_renegotiations++;
4658 sc->s3.total_renegotiations++;
4659 ret = 1;
4660 }
4661 }
4662 return ret;
4663 }
4664
4665 /*
4666 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4667 * handshake macs if required.
4668 *
4669 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4670 */
ssl_get_algorithm2(SSL_CONNECTION * s)4671 long ssl_get_algorithm2(SSL_CONNECTION *s)
4672 {
4673 long alg2;
4674 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4675
4676 if (s->s3.tmp.new_cipher == NULL)
4677 return -1;
4678 alg2 = s->s3.tmp.new_cipher->algorithm2;
4679 if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4680 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4681 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4682 } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4683 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4684 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4685 }
4686 return alg2;
4687 }
4688
4689 /*
4690 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4691 * failure, 1 on success.
4692 */
ssl_fill_hello_random(SSL_CONNECTION * s,int server,unsigned char * result,size_t len,DOWNGRADE dgrd)4693 int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
4694 unsigned char *result, size_t len,
4695 DOWNGRADE dgrd)
4696 {
4697 int send_time = 0, ret;
4698
4699 if (len < 4)
4700 return 0;
4701 if (server)
4702 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4703 else
4704 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4705 if (send_time) {
4706 unsigned long Time = (unsigned long)time(NULL);
4707 unsigned char *p = result;
4708
4709 l2n(Time, p);
4710 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
4711 } else {
4712 ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
4713 }
4714
4715 if (ret > 0) {
4716 if (!ossl_assert(sizeof(tls11downgrade) < len)
4717 || !ossl_assert(sizeof(tls12downgrade) < len))
4718 return 0;
4719 if (dgrd == DOWNGRADE_TO_1_2)
4720 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4721 sizeof(tls12downgrade));
4722 else if (dgrd == DOWNGRADE_TO_1_1)
4723 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4724 sizeof(tls11downgrade));
4725 }
4726
4727 return ret;
4728 }
4729
ssl_generate_master_secret(SSL_CONNECTION * s,unsigned char * pms,size_t pmslen,int free_pms)4730 int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
4731 size_t pmslen, int free_pms)
4732 {
4733 unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4734 int ret = 0;
4735 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4736
4737 if (alg_k & SSL_PSK) {
4738 #ifndef OPENSSL_NO_PSK
4739 unsigned char *pskpms, *t;
4740 size_t psklen = s->s3.tmp.psklen;
4741 size_t pskpmslen;
4742
4743 /* create PSK premaster_secret */
4744
4745 /* For plain PSK "other_secret" is psklen zeroes */
4746 if (alg_k & SSL_kPSK)
4747 pmslen = psklen;
4748
4749 pskpmslen = 4 + pmslen + psklen;
4750 pskpms = OPENSSL_malloc(pskpmslen);
4751 if (pskpms == NULL)
4752 goto err;
4753 t = pskpms;
4754 s2n(pmslen, t);
4755 if (alg_k & SSL_kPSK)
4756 memset(t, 0, pmslen);
4757 else
4758 memcpy(t, pms, pmslen);
4759 t += pmslen;
4760 s2n(psklen, t);
4761 memcpy(t, s->s3.tmp.psk, psklen);
4762
4763 OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4764 s->s3.tmp.psk = NULL;
4765 s->s3.tmp.psklen = 0;
4766 if (!ssl->method->ssl3_enc->generate_master_secret(s,
4767 s->session->master_key, pskpms, pskpmslen,
4768 &s->session->master_key_length)) {
4769 OPENSSL_clear_free(pskpms, pskpmslen);
4770 /* SSLfatal() already called */
4771 goto err;
4772 }
4773 OPENSSL_clear_free(pskpms, pskpmslen);
4774 #else
4775 /* Should never happen */
4776 goto err;
4777 #endif
4778 } else {
4779 if (!ssl->method->ssl3_enc->generate_master_secret(s,
4780 s->session->master_key, pms, pmslen,
4781 &s->session->master_key_length)) {
4782 /* SSLfatal() already called */
4783 goto err;
4784 }
4785 }
4786
4787 ret = 1;
4788 err:
4789 if (pms) {
4790 if (free_pms)
4791 OPENSSL_clear_free(pms, pmslen);
4792 else
4793 OPENSSL_cleanse(pms, pmslen);
4794 }
4795 if (s->server == 0) {
4796 s->s3.tmp.pms = NULL;
4797 s->s3.tmp.pmslen = 0;
4798 }
4799 return ret;
4800 }
4801
4802 /* Generate a private key from parameters */
ssl_generate_pkey(SSL_CONNECTION * s,EVP_PKEY * pm)4803 EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
4804 {
4805 EVP_PKEY_CTX *pctx = NULL;
4806 EVP_PKEY *pkey = NULL;
4807 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4808
4809 if (pm == NULL)
4810 return NULL;
4811 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
4812 if (pctx == NULL)
4813 goto err;
4814 if (EVP_PKEY_keygen_init(pctx) <= 0)
4815 goto err;
4816 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4817 EVP_PKEY_free(pkey);
4818 pkey = NULL;
4819 }
4820
4821 err:
4822 EVP_PKEY_CTX_free(pctx);
4823 return pkey;
4824 }
4825
4826 /* Generate a private key from a group ID */
ssl_generate_pkey_group(SSL_CONNECTION * s,uint16_t id)4827 EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
4828 {
4829 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4830 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4831 EVP_PKEY_CTX *pctx = NULL;
4832 EVP_PKEY *pkey = NULL;
4833
4834 if (ginf == NULL) {
4835 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4836 goto err;
4837 }
4838
4839 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4840 sctx->propq);
4841
4842 if (pctx == NULL) {
4843 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4844 goto err;
4845 }
4846 if (EVP_PKEY_keygen_init(pctx) <= 0) {
4847 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4848 goto err;
4849 }
4850 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4851 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4852 goto err;
4853 }
4854 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4855 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4856 EVP_PKEY_free(pkey);
4857 pkey = NULL;
4858 }
4859
4860 err:
4861 EVP_PKEY_CTX_free(pctx);
4862 return pkey;
4863 }
4864
4865 /*
4866 * Generate parameters from a group ID
4867 */
ssl_generate_param_group(SSL_CONNECTION * s,uint16_t id)4868 EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
4869 {
4870 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4871 EVP_PKEY_CTX *pctx = NULL;
4872 EVP_PKEY *pkey = NULL;
4873 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4874
4875 if (ginf == NULL)
4876 goto err;
4877
4878 pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4879 sctx->propq);
4880
4881 if (pctx == NULL)
4882 goto err;
4883 if (EVP_PKEY_paramgen_init(pctx) <= 0)
4884 goto err;
4885 if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4886 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4887 goto err;
4888 }
4889 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4890 EVP_PKEY_free(pkey);
4891 pkey = NULL;
4892 }
4893
4894 err:
4895 EVP_PKEY_CTX_free(pctx);
4896 return pkey;
4897 }
4898
4899 /* Generate secrets from pms */
ssl_gensecret(SSL_CONNECTION * s,unsigned char * pms,size_t pmslen)4900 int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
4901 {
4902 int rv = 0;
4903
4904 /* SSLfatal() called as appropriate in the below functions */
4905 if (SSL_CONNECTION_IS_TLS13(s)) {
4906 /*
4907 * If we are resuming then we already generated the early secret
4908 * when we created the ClientHello, so don't recreate it.
4909 */
4910 if (!s->hit)
4911 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4912 0,
4913 (unsigned char *)&s->early_secret);
4914 else
4915 rv = 1;
4916
4917 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4918 } else {
4919 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4920 }
4921
4922 return rv;
4923 }
4924
4925 /* Derive secrets for ECDH/DH */
ssl_derive(SSL_CONNECTION * s,EVP_PKEY * privkey,EVP_PKEY * pubkey,int gensecret)4926 int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4927 {
4928 int rv = 0;
4929 unsigned char *pms = NULL;
4930 size_t pmslen = 0;
4931 EVP_PKEY_CTX *pctx;
4932 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4933
4934 if (privkey == NULL || pubkey == NULL) {
4935 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4936 return 0;
4937 }
4938
4939 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
4940
4941 if (EVP_PKEY_derive_init(pctx) <= 0
4942 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4943 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4944 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4945 goto err;
4946 }
4947
4948 if (SSL_CONNECTION_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
4949 EVP_PKEY_CTX_set_dh_pad(pctx, 1);
4950
4951 pms = OPENSSL_malloc(pmslen);
4952 if (pms == NULL) {
4953 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
4954 goto err;
4955 }
4956
4957 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
4958 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4959 goto err;
4960 }
4961
4962 if (gensecret) {
4963 /* SSLfatal() called as appropriate in the below functions */
4964 rv = ssl_gensecret(s, pms, pmslen);
4965 } else {
4966 /* Save premaster secret */
4967 s->s3.tmp.pms = pms;
4968 s->s3.tmp.pmslen = pmslen;
4969 pms = NULL;
4970 rv = 1;
4971 }
4972
4973 err:
4974 OPENSSL_clear_free(pms, pmslen);
4975 EVP_PKEY_CTX_free(pctx);
4976 return rv;
4977 }
4978
4979 /* Decapsulate secrets for KEM */
ssl_decapsulate(SSL_CONNECTION * s,EVP_PKEY * privkey,const unsigned char * ct,size_t ctlen,int gensecret)4980 int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
4981 const unsigned char *ct, size_t ctlen,
4982 int gensecret)
4983 {
4984 int rv = 0;
4985 unsigned char *pms = NULL;
4986 size_t pmslen = 0;
4987 EVP_PKEY_CTX *pctx;
4988 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4989
4990 if (privkey == NULL) {
4991 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4992 return 0;
4993 }
4994
4995 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
4996
4997 if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
4998 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
4999 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5000 goto err;
5001 }
5002
5003 pms = OPENSSL_malloc(pmslen);
5004 if (pms == NULL) {
5005 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5006 goto err;
5007 }
5008
5009 if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5010 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5011 goto err;
5012 }
5013
5014 if (gensecret) {
5015 /* SSLfatal() called as appropriate in the below functions */
5016 rv = ssl_gensecret(s, pms, pmslen);
5017 } else {
5018 /* Save premaster secret */
5019 s->s3.tmp.pms = pms;
5020 s->s3.tmp.pmslen = pmslen;
5021 pms = NULL;
5022 rv = 1;
5023 }
5024
5025 err:
5026 OPENSSL_clear_free(pms, pmslen);
5027 EVP_PKEY_CTX_free(pctx);
5028 return rv;
5029 }
5030
ssl_encapsulate(SSL_CONNECTION * s,EVP_PKEY * pubkey,unsigned char ** ctp,size_t * ctlenp,int gensecret)5031 int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5032 unsigned char **ctp, size_t *ctlenp,
5033 int gensecret)
5034 {
5035 int rv = 0;
5036 unsigned char *pms = NULL, *ct = NULL;
5037 size_t pmslen = 0, ctlen = 0;
5038 EVP_PKEY_CTX *pctx;
5039 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5040
5041 if (pubkey == NULL) {
5042 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5043 return 0;
5044 }
5045
5046 pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5047
5048 if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5049 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5050 || pmslen == 0 || ctlen == 0) {
5051 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5052 goto err;
5053 }
5054
5055 pms = OPENSSL_malloc(pmslen);
5056 ct = OPENSSL_malloc(ctlen);
5057 if (pms == NULL || ct == NULL) {
5058 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5059 goto err;
5060 }
5061
5062 if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5063 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5064 goto err;
5065 }
5066
5067 if (gensecret) {
5068 /* SSLfatal() called as appropriate in the below functions */
5069 rv = ssl_gensecret(s, pms, pmslen);
5070 } else {
5071 /* Save premaster secret */
5072 s->s3.tmp.pms = pms;
5073 s->s3.tmp.pmslen = pmslen;
5074 pms = NULL;
5075 rv = 1;
5076 }
5077
5078 if (rv > 0) {
5079 /* Pass ownership of ct to caller */
5080 *ctp = ct;
5081 *ctlenp = ctlen;
5082 ct = NULL;
5083 }
5084
5085 err:
5086 OPENSSL_clear_free(pms, pmslen);
5087 OPENSSL_free(ct);
5088 EVP_PKEY_CTX_free(pctx);
5089 return rv;
5090 }
5091
SSL_get0_group_name(SSL * s)5092 const char *SSL_get0_group_name(SSL *s)
5093 {
5094 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5095 unsigned int id;
5096
5097 if (sc == NULL)
5098 return NULL;
5099
5100 if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5101 id = sc->s3.group_id;
5102 else
5103 id = sc->session->kex_group;
5104
5105 return tls1_group_id2name(s->ctx, id);
5106 }
5107
SSL_group_to_name(SSL * s,int nid)5108 const char *SSL_group_to_name(SSL *s, int nid) {
5109 int group_id = 0;
5110 const TLS_GROUP_INFO *cinf = NULL;
5111
5112 /* first convert to real group id for internal and external IDs */
5113 if (nid & TLSEXT_nid_unknown)
5114 group_id = nid & 0xFFFF;
5115 else
5116 group_id = tls1_nid2group_id(nid);
5117
5118 /* then look up */
5119 cinf = tls1_group_id_lookup(s->ctx, group_id);
5120
5121 if (cinf != NULL)
5122 return cinf->tlsname;
5123 return NULL;
5124 }
5125
