1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
86 * 6. Redistributions of any form whatsoever must retain the following
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * Portions of the attached software ("Contribution") are developed by
114 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 * The Contribution is licensed pursuant to the OpenSSL open source
117 * license provided above.
119 * ECC cipher suite support in OpenSSL originally written by
120 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
123 /* ====================================================================
124 * Copyright 2005 Nokia. All rights reserved.
126 * The portions of the attached software ("Contribution") is developed by
127 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
130 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132 * support (see RFC 4279) to OpenSSL.
134 * No patent licenses or other rights except those expressly stated in
135 * the OpenSSL open source license shall be deemed granted or received
136 * expressly, by implication, estoppel, or otherwise.
138 * No assurances are provided by Nokia that the Contribution does not
139 * infringe the patent or other intellectual property rights of any third
140 * party or that the license provides you with all the necessary rights
141 * to make use of the Contribution.
143 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
151 #include <openssl/objects.h>
152 #include "ssl_locl.h"
153 #include <openssl/md5.h>
154 #ifndef OPENSSL_NO_DH
155 # include <openssl/dh.h>
157 #include <openssl/rand.h>
159 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
161 /* list of available SSLv3 ciphers (sorted by id) */
162 static const SSL_CIPHER ssl3_ciphers[] = {
164 /* The RSA ciphers */
168 SSL3_TXT_RSA_NULL_MD5,
169 SSL3_CK_RSA_NULL_MD5,
174 SSL3_VERSION, TLS1_2_VERSION,
175 DTLS1_VERSION, DTLS1_2_VERSION,
177 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
185 SSL3_TXT_RSA_NULL_SHA,
186 SSL3_CK_RSA_NULL_SHA,
191 SSL3_VERSION, TLS1_2_VERSION,
192 DTLS1_VERSION, DTLS1_2_VERSION,
193 SSL_STRONG_NONE | SSL_FIPS,
194 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
200 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
203 SSL3_TXT_RSA_RC4_128_MD5,
204 SSL3_CK_RSA_RC4_128_MD5,
209 SSL3_VERSION, TLS1_2_VERSION,
210 DTLS1_VERSION, DTLS1_2_VERSION,
211 SSL_NOT_DEFAULT | SSL_MEDIUM,
212 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
220 SSL3_TXT_RSA_RC4_128_SHA,
221 SSL3_CK_RSA_RC4_128_SHA,
226 SSL3_VERSION, TLS1_2_VERSION,
227 DTLS1_VERSION, DTLS1_2_VERSION,
228 SSL_NOT_DEFAULT | SSL_MEDIUM,
229 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
236 #ifndef OPENSSL_NO_IDEA
239 SSL3_TXT_RSA_IDEA_128_SHA,
240 SSL3_CK_RSA_IDEA_128_SHA,
245 SSL3_VERSION, TLS1_2_VERSION,
246 DTLS1_VERSION, DTLS1_2_VERSION,
247 SSL_NOT_DEFAULT | SSL_MEDIUM,
248 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
257 SSL3_TXT_RSA_DES_192_CBC3_SHA,
258 SSL3_CK_RSA_DES_192_CBC3_SHA,
263 SSL3_VERSION, TLS1_2_VERSION,
264 DTLS1_VERSION, DTLS1_2_VERSION,
266 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
274 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
275 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
280 SSL3_VERSION, TLS1_2_VERSION,
281 DTLS1_VERSION, DTLS1_2_VERSION,
282 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
283 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
291 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
292 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
297 SSL3_VERSION, TLS1_2_VERSION,
298 DTLS1_VERSION, DTLS1_2_VERSION,
300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
306 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
309 SSL3_TXT_ADH_RC4_128_MD5,
310 SSL3_CK_ADH_RC4_128_MD5,
315 SSL3_VERSION, TLS1_2_VERSION,
316 DTLS1_VERSION, DTLS1_2_VERSION,
317 SSL_NOT_DEFAULT | SSL_MEDIUM,
318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
327 SSL3_TXT_ADH_DES_192_CBC_SHA,
328 SSL3_CK_ADH_DES_192_CBC_SHA,
333 SSL3_VERSION, TLS1_2_VERSION,
334 DTLS1_VERSION, DTLS1_2_VERSION,
335 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
336 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
340 #ifndef OPENSSL_NO_PSK
344 TLS1_TXT_PSK_WITH_NULL_SHA,
345 TLS1_CK_PSK_WITH_NULL_SHA,
350 SSL3_VERSION, TLS1_2_VERSION,
351 DTLS1_VERSION, DTLS1_2_VERSION,
352 SSL_STRONG_NONE | SSL_FIPS,
353 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
360 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
361 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
366 SSL3_VERSION, TLS1_2_VERSION,
367 DTLS1_VERSION, DTLS1_2_VERSION,
368 SSL_STRONG_NONE | SSL_FIPS,
369 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
376 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
377 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
382 SSL3_VERSION, TLS1_2_VERSION,
383 DTLS1_VERSION, DTLS1_2_VERSION,
384 SSL_STRONG_NONE | SSL_FIPS,
385 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
391 /* New AES ciphersuites */
395 TLS1_TXT_RSA_WITH_AES_128_SHA,
396 TLS1_CK_RSA_WITH_AES_128_SHA,
401 SSL3_VERSION, TLS1_2_VERSION,
402 DTLS1_VERSION, DTLS1_2_VERSION,
404 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
411 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
412 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
417 SSL3_VERSION, TLS1_2_VERSION,
418 DTLS1_VERSION, DTLS1_2_VERSION,
419 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
427 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
428 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
433 SSL3_VERSION, TLS1_2_VERSION,
434 DTLS1_VERSION, DTLS1_2_VERSION,
436 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
443 TLS1_TXT_ADH_WITH_AES_128_SHA,
444 TLS1_CK_ADH_WITH_AES_128_SHA,
449 SSL3_VERSION, TLS1_2_VERSION,
450 DTLS1_VERSION, DTLS1_2_VERSION,
451 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
452 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
460 TLS1_TXT_RSA_WITH_AES_256_SHA,
461 TLS1_CK_RSA_WITH_AES_256_SHA,
466 SSL3_VERSION, TLS1_2_VERSION,
467 DTLS1_VERSION, DTLS1_2_VERSION,
469 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
477 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
478 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
483 SSL3_VERSION, TLS1_2_VERSION,
484 DTLS1_VERSION, DTLS1_2_VERSION,
485 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
486 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
494 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
495 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
500 SSL3_VERSION, TLS1_2_VERSION,
501 DTLS1_VERSION, DTLS1_2_VERSION,
503 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
511 TLS1_TXT_ADH_WITH_AES_256_SHA,
512 TLS1_CK_ADH_WITH_AES_256_SHA,
517 SSL3_VERSION, TLS1_2_VERSION,
518 DTLS1_VERSION, DTLS1_2_VERSION,
519 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
520 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
525 /* TLS v1.2 ciphersuites */
529 TLS1_TXT_RSA_WITH_NULL_SHA256,
530 TLS1_CK_RSA_WITH_NULL_SHA256,
535 TLS1_2_VERSION, TLS1_2_VERSION,
536 DTLS1_2_VERSION, DTLS1_2_VERSION,
537 SSL_STRONG_NONE | SSL_FIPS,
538 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
546 TLS1_TXT_RSA_WITH_AES_128_SHA256,
547 TLS1_CK_RSA_WITH_AES_128_SHA256,
552 TLS1_2_VERSION, TLS1_2_VERSION,
553 DTLS1_2_VERSION, DTLS1_2_VERSION,
555 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
563 TLS1_TXT_RSA_WITH_AES_256_SHA256,
564 TLS1_CK_RSA_WITH_AES_256_SHA256,
569 TLS1_2_VERSION, TLS1_2_VERSION,
570 DTLS1_2_VERSION, DTLS1_2_VERSION,
572 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
580 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
581 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
586 TLS1_2_VERSION, TLS1_2_VERSION,
587 DTLS1_2_VERSION, DTLS1_2_VERSION,
588 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
589 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
594 #ifndef OPENSSL_NO_CAMELLIA
595 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
600 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
601 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
606 SSL3_VERSION, TLS1_2_VERSION,
607 DTLS1_VERSION, DTLS1_2_VERSION,
608 SSL_NOT_DEFAULT | SSL_HIGH,
609 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
617 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
618 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
623 SSL3_VERSION, TLS1_2_VERSION,
624 DTLS1_VERSION, DTLS1_2_VERSION,
625 SSL_NOT_DEFAULT | SSL_HIGH,
626 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
634 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
635 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
640 SSL3_VERSION, TLS1_2_VERSION,
641 DTLS1_VERSION, DTLS1_2_VERSION,
642 SSL_NOT_DEFAULT | SSL_HIGH,
643 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
651 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
652 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
657 SSL3_VERSION, TLS1_2_VERSION,
658 DTLS1_VERSION, DTLS1_2_VERSION,
659 SSL_NOT_DEFAULT | SSL_HIGH,
660 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
664 #endif /* OPENSSL_NO_CAMELLIA */
666 /* TLS v1.2 ciphersuites */
670 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
671 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
676 TLS1_2_VERSION, TLS1_2_VERSION,
677 DTLS1_2_VERSION, DTLS1_2_VERSION,
679 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
687 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
688 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
693 TLS1_2_VERSION, TLS1_2_VERSION,
694 DTLS1_2_VERSION, DTLS1_2_VERSION,
695 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
696 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
704 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
705 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
713 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
721 TLS1_TXT_ADH_WITH_AES_128_SHA256,
722 TLS1_CK_ADH_WITH_AES_128_SHA256,
727 TLS1_2_VERSION, TLS1_2_VERSION,
728 DTLS1_2_VERSION, DTLS1_2_VERSION,
729 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
730 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
738 TLS1_TXT_ADH_WITH_AES_256_SHA256,
739 TLS1_CK_ADH_WITH_AES_256_SHA256,
744 TLS1_2_VERSION, TLS1_2_VERSION,
745 DTLS1_2_VERSION, DTLS1_2_VERSION,
746 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
747 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
752 /* GOST Ciphersuites */
753 #ifndef OPENSL_NO_GOST
756 "GOST2001-GOST89-GOST89",
762 TLS1_VERSION, TLS1_2_VERSION,
763 DTLS1_VERSION, DTLS1_2_VERSION,
765 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
771 "GOST2001-NULL-GOST94",
777 TLS1_VERSION, TLS1_2_VERSION,
778 DTLS1_VERSION, DTLS1_2_VERSION,
780 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
785 #ifndef OPENSSL_NO_CAMELLIA
786 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
791 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
792 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
797 SSL3_VERSION, TLS1_2_VERSION,
798 DTLS1_VERSION, DTLS1_2_VERSION,
799 SSL_NOT_DEFAULT | SSL_HIGH,
800 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
808 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
809 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
814 SSL3_VERSION, TLS1_2_VERSION,
815 DTLS1_VERSION, DTLS1_2_VERSION,
816 SSL_NOT_DEFAULT | SSL_HIGH,
817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
825 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
826 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
831 SSL3_VERSION, TLS1_2_VERSION,
832 DTLS1_VERSION, DTLS1_2_VERSION,
833 SSL_NOT_DEFAULT | SSL_HIGH,
834 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
842 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
843 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
848 SSL3_VERSION, TLS1_2_VERSION,
849 DTLS1_VERSION, DTLS1_2_VERSION,
850 SSL_NOT_DEFAULT | SSL_HIGH,
851 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
855 #endif /* OPENSSL_NO_CAMELLIA */
857 #ifndef OPENSSL_NO_PSK
858 /* PSK ciphersuites from RFC 4279 */
860 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
863 TLS1_TXT_PSK_WITH_RC4_128_SHA,
864 TLS1_CK_PSK_WITH_RC4_128_SHA,
869 SSL3_VERSION, TLS1_2_VERSION,
870 DTLS1_VERSION, DTLS1_2_VERSION,
871 SSL_NOT_DEFAULT | SSL_MEDIUM,
872 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
881 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
882 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
887 SSL3_VERSION, TLS1_2_VERSION,
888 DTLS1_VERSION, DTLS1_2_VERSION,
890 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
898 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
899 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
904 SSL3_VERSION, TLS1_2_VERSION,
905 DTLS1_VERSION, DTLS1_2_VERSION,
907 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
915 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
916 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
921 SSL3_VERSION, TLS1_2_VERSION,
922 DTLS1_VERSION, DTLS1_2_VERSION,
924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
930 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
933 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
934 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
939 SSL3_VERSION, TLS1_2_VERSION,
940 DTLS1_VERSION, DTLS1_2_VERSION,
941 SSL_NOT_DEFAULT | SSL_MEDIUM,
942 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
951 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
952 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
957 SSL3_VERSION, TLS1_2_VERSION,
958 DTLS1_VERSION, DTLS1_2_VERSION,
960 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
968 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
969 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
974 SSL3_VERSION, TLS1_2_VERSION,
975 DTLS1_VERSION, DTLS1_2_VERSION,
977 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
985 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
986 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
991 SSL3_VERSION, TLS1_2_VERSION,
992 DTLS1_VERSION, DTLS1_2_VERSION,
994 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1000 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1003 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
1004 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
1009 SSL3_VERSION, TLS1_2_VERSION,
1010 DTLS1_VERSION, DTLS1_2_VERSION,
1011 SSL_NOT_DEFAULT | SSL_MEDIUM,
1012 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1021 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1022 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1027 SSL3_VERSION, TLS1_2_VERSION,
1028 DTLS1_VERSION, DTLS1_2_VERSION,
1029 SSL_HIGH | SSL_FIPS,
1030 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1038 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1039 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1044 SSL3_VERSION, TLS1_2_VERSION,
1045 DTLS1_VERSION, DTLS1_2_VERSION,
1046 SSL_HIGH | SSL_FIPS,
1047 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1055 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1056 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1061 SSL3_VERSION, TLS1_2_VERSION,
1062 DTLS1_VERSION, DTLS1_2_VERSION,
1063 SSL_HIGH | SSL_FIPS,
1064 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1068 #endif /* OPENSSL_NO_PSK */
1070 #ifndef OPENSSL_NO_SEED
1071 /* SEED ciphersuites from RFC4162 */
1076 TLS1_TXT_RSA_WITH_SEED_SHA,
1077 TLS1_CK_RSA_WITH_SEED_SHA,
1082 SSL3_VERSION, TLS1_2_VERSION,
1083 DTLS1_VERSION, DTLS1_2_VERSION,
1084 SSL_NOT_DEFAULT | SSL_MEDIUM,
1085 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1093 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1094 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1099 SSL3_VERSION, TLS1_2_VERSION,
1100 DTLS1_VERSION, DTLS1_2_VERSION,
1101 SSL_NOT_DEFAULT | SSL_MEDIUM,
1102 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1110 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1111 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1116 SSL3_VERSION, TLS1_2_VERSION,
1117 DTLS1_VERSION, DTLS1_2_VERSION,
1118 SSL_NOT_DEFAULT | SSL_MEDIUM,
1119 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1127 TLS1_TXT_ADH_WITH_SEED_SHA,
1128 TLS1_CK_ADH_WITH_SEED_SHA,
1133 SSL3_VERSION, TLS1_2_VERSION,
1134 DTLS1_VERSION, DTLS1_2_VERSION,
1135 SSL_NOT_DEFAULT | SSL_MEDIUM,
1136 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1141 #endif /* OPENSSL_NO_SEED */
1143 /* GCM ciphersuites from RFC5288 */
1148 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1149 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1154 TLS1_2_VERSION, TLS1_2_VERSION,
1155 DTLS1_2_VERSION, DTLS1_2_VERSION,
1156 SSL_HIGH | SSL_FIPS,
1157 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1165 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1166 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1171 TLS1_2_VERSION, TLS1_2_VERSION,
1172 DTLS1_2_VERSION, DTLS1_2_VERSION,
1173 SSL_HIGH | SSL_FIPS,
1174 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1182 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1183 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1188 TLS1_2_VERSION, TLS1_2_VERSION,
1189 DTLS1_2_VERSION, DTLS1_2_VERSION,
1190 SSL_HIGH | SSL_FIPS,
1191 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1199 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1200 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1205 TLS1_2_VERSION, TLS1_2_VERSION,
1206 DTLS1_2_VERSION, DTLS1_2_VERSION,
1207 SSL_HIGH | SSL_FIPS,
1208 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1216 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1217 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1222 TLS1_2_VERSION, TLS1_2_VERSION,
1223 DTLS1_2_VERSION, DTLS1_2_VERSION,
1224 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1225 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1233 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1234 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1239 TLS1_2_VERSION, TLS1_2_VERSION,
1240 DTLS1_2_VERSION, DTLS1_2_VERSION,
1241 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1242 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1250 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1251 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1256 TLS1_2_VERSION, TLS1_2_VERSION,
1257 DTLS1_2_VERSION, DTLS1_2_VERSION,
1258 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1259 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1267 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
1268 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
1273 TLS1_2_VERSION, TLS1_2_VERSION,
1274 DTLS1_2_VERSION, DTLS1_2_VERSION,
1275 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1276 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1280 #ifndef OPENSSL_NO_PSK
1281 /* PSK ciphersuites from RFC5487 */
1286 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1287 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1292 TLS1_2_VERSION, TLS1_2_VERSION,
1293 DTLS1_2_VERSION, DTLS1_2_VERSION,
1294 SSL_HIGH | SSL_FIPS,
1295 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1303 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1304 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1309 TLS1_2_VERSION, TLS1_2_VERSION,
1310 DTLS1_2_VERSION, DTLS1_2_VERSION,
1311 SSL_HIGH | SSL_FIPS,
1312 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1320 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1321 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1326 TLS1_2_VERSION, TLS1_2_VERSION,
1327 DTLS1_2_VERSION, DTLS1_2_VERSION,
1328 SSL_HIGH | SSL_FIPS,
1329 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1337 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1338 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1343 TLS1_2_VERSION, TLS1_2_VERSION,
1344 DTLS1_2_VERSION, DTLS1_2_VERSION,
1345 SSL_HIGH | SSL_FIPS,
1346 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1354 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1355 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1360 TLS1_2_VERSION, TLS1_2_VERSION,
1361 DTLS1_2_VERSION, DTLS1_2_VERSION,
1362 SSL_HIGH | SSL_FIPS,
1363 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1371 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1372 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1377 TLS1_2_VERSION, TLS1_2_VERSION,
1378 DTLS1_2_VERSION, DTLS1_2_VERSION,
1379 SSL_HIGH | SSL_FIPS,
1380 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1388 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1389 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1394 TLS1_VERSION, TLS1_2_VERSION,
1395 DTLS1_VERSION, DTLS1_2_VERSION,
1396 SSL_HIGH | SSL_FIPS,
1397 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1405 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1406 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1411 TLS1_VERSION, TLS1_2_VERSION,
1412 DTLS1_VERSION, DTLS1_2_VERSION,
1413 SSL_HIGH | SSL_FIPS,
1414 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1422 TLS1_TXT_PSK_WITH_NULL_SHA256,
1423 TLS1_CK_PSK_WITH_NULL_SHA256,
1428 TLS1_VERSION, TLS1_2_VERSION,
1429 DTLS1_VERSION, DTLS1_2_VERSION,
1430 SSL_STRONG_NONE | SSL_FIPS,
1431 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1439 TLS1_TXT_PSK_WITH_NULL_SHA384,
1440 TLS1_CK_PSK_WITH_NULL_SHA384,
1445 TLS1_VERSION, TLS1_2_VERSION,
1446 DTLS1_VERSION, DTLS1_2_VERSION,
1447 SSL_STRONG_NONE | SSL_FIPS,
1448 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1456 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1457 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1462 TLS1_VERSION, TLS1_2_VERSION,
1463 DTLS1_VERSION, DTLS1_2_VERSION,
1464 SSL_HIGH | SSL_FIPS,
1465 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1473 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1474 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1479 TLS1_VERSION, TLS1_2_VERSION,
1480 DTLS1_VERSION, DTLS1_2_VERSION,
1481 SSL_HIGH | SSL_FIPS,
1482 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1490 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1491 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1496 TLS1_VERSION, TLS1_2_VERSION,
1497 DTLS1_VERSION, DTLS1_2_VERSION,
1498 SSL_STRONG_NONE | SSL_FIPS,
1499 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1507 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1508 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1513 TLS1_VERSION, TLS1_2_VERSION,
1514 DTLS1_VERSION, DTLS1_2_VERSION,
1515 SSL_STRONG_NONE | SSL_FIPS,
1516 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1524 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1525 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1530 TLS1_VERSION, TLS1_2_VERSION,
1531 DTLS1_VERSION, DTLS1_2_VERSION,
1532 SSL_HIGH | SSL_FIPS,
1533 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1541 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1542 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1547 TLS1_VERSION, TLS1_2_VERSION,
1548 DTLS1_VERSION, DTLS1_2_VERSION,
1549 SSL_HIGH | SSL_FIPS,
1550 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1558 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1559 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1564 TLS1_VERSION, TLS1_2_VERSION,
1565 DTLS1_VERSION, DTLS1_2_VERSION,
1566 SSL_STRONG_NONE | SSL_FIPS,
1567 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1575 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1576 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1581 TLS1_VERSION, TLS1_2_VERSION,
1582 DTLS1_VERSION, DTLS1_2_VERSION,
1583 SSL_STRONG_NONE | SSL_FIPS,
1584 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1588 #endif /* OPENSSL_NO_PSK */
1590 #ifndef OPENSSL_NO_CAMELLIA
1591 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
1596 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1597 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1602 TLS1_2_VERSION, TLS1_2_VERSION,
1603 DTLS1_2_VERSION, DTLS1_2_VERSION,
1604 SSL_NOT_DEFAULT | SSL_HIGH,
1605 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1613 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1614 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1619 TLS1_2_VERSION, TLS1_2_VERSION,
1620 DTLS1_2_VERSION, DTLS1_2_VERSION,
1621 SSL_NOT_DEFAULT | SSL_HIGH,
1622 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1630 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1631 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1636 TLS1_2_VERSION, TLS1_2_VERSION,
1637 DTLS1_2_VERSION, DTLS1_2_VERSION,
1638 SSL_NOT_DEFAULT | SSL_HIGH,
1639 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1647 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1648 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1653 TLS1_2_VERSION, TLS1_2_VERSION,
1654 DTLS1_2_VERSION, DTLS1_2_VERSION,
1655 SSL_NOT_DEFAULT | SSL_HIGH,
1656 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1664 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1665 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1670 TLS1_2_VERSION, TLS1_2_VERSION,
1671 DTLS1_2_VERSION, DTLS1_2_VERSION,
1672 SSL_NOT_DEFAULT | SSL_HIGH,
1673 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1681 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1682 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1687 TLS1_2_VERSION, TLS1_2_VERSION,
1688 DTLS1_2_VERSION, DTLS1_2_VERSION,
1689 SSL_NOT_DEFAULT | SSL_HIGH,
1690 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1698 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1699 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1704 TLS1_2_VERSION, TLS1_2_VERSION,
1705 DTLS1_2_VERSION, DTLS1_2_VERSION,
1706 SSL_NOT_DEFAULT | SSL_HIGH,
1707 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1715 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1716 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1721 TLS1_2_VERSION, TLS1_2_VERSION,
1722 DTLS1_2_VERSION, DTLS1_2_VERSION,
1723 SSL_NOT_DEFAULT | SSL_HIGH,
1724 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1730 #ifndef OPENSSL_NO_EC
1735 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1736 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1741 SSL3_VERSION, TLS1_2_VERSION,
1742 DTLS1_VERSION, DTLS1_2_VERSION,
1743 SSL_STRONG_NONE | SSL_FIPS,
1744 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1750 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1753 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1754 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1759 SSL3_VERSION, TLS1_2_VERSION,
1760 DTLS1_VERSION, DTLS1_2_VERSION,
1761 SSL_NOT_DEFAULT | SSL_MEDIUM,
1762 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1771 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1772 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1777 SSL3_VERSION, TLS1_2_VERSION,
1778 DTLS1_VERSION, DTLS1_2_VERSION,
1779 SSL_HIGH | SSL_FIPS,
1780 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1788 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1789 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1794 SSL3_VERSION, TLS1_2_VERSION,
1795 DTLS1_VERSION, DTLS1_2_VERSION,
1796 SSL_HIGH | SSL_FIPS,
1797 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1805 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1806 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1811 SSL3_VERSION, TLS1_2_VERSION,
1812 DTLS1_VERSION, DTLS1_2_VERSION,
1813 SSL_HIGH | SSL_FIPS,
1814 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1822 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1823 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1828 SSL3_VERSION, TLS1_2_VERSION,
1829 DTLS1_VERSION, DTLS1_2_VERSION,
1830 SSL_STRONG_NONE | SSL_FIPS,
1831 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1837 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1840 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1841 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1846 SSL3_VERSION, TLS1_2_VERSION,
1847 DTLS1_VERSION, DTLS1_2_VERSION,
1848 SSL_NOT_DEFAULT | SSL_MEDIUM,
1849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1858 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1859 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1864 SSL3_VERSION, TLS1_2_VERSION,
1865 DTLS1_VERSION, DTLS1_2_VERSION,
1866 SSL_HIGH | SSL_FIPS,
1867 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1876 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1881 SSL3_VERSION, TLS1_2_VERSION,
1882 DTLS1_VERSION, DTLS1_2_VERSION,
1883 SSL_HIGH | SSL_FIPS,
1884 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1892 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1893 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1898 SSL3_VERSION, TLS1_2_VERSION,
1899 DTLS1_VERSION, DTLS1_2_VERSION,
1900 SSL_HIGH | SSL_FIPS,
1901 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1909 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1910 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1915 SSL3_VERSION, TLS1_2_VERSION,
1916 DTLS1_VERSION, DTLS1_2_VERSION,
1917 SSL_STRONG_NONE | SSL_FIPS,
1918 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1924 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1927 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1928 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1933 SSL3_VERSION, TLS1_2_VERSION,
1934 DTLS1_VERSION, DTLS1_2_VERSION,
1935 SSL_NOT_DEFAULT | SSL_MEDIUM,
1936 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1945 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1946 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1951 SSL3_VERSION, TLS1_2_VERSION,
1952 DTLS1_VERSION, DTLS1_2_VERSION,
1953 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1954 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1962 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1963 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1968 SSL3_VERSION, TLS1_2_VERSION,
1969 DTLS1_VERSION, DTLS1_2_VERSION,
1970 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1971 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1979 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1980 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1985 SSL3_VERSION, TLS1_2_VERSION,
1986 DTLS1_VERSION, DTLS1_2_VERSION,
1987 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1988 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1992 #endif /* OPENSSL_NO_EC */
1994 #ifndef OPENSSL_NO_SRP
1998 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1999 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2004 SSL3_VERSION, TLS1_2_VERSION,
2005 DTLS1_VERSION, DTLS1_2_VERSION,
2007 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2015 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2016 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2021 SSL3_VERSION, TLS1_2_VERSION,
2022 DTLS1_VERSION, DTLS1_2_VERSION,
2024 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2032 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2033 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2038 SSL3_VERSION, TLS1_2_VERSION,
2039 DTLS1_VERSION, DTLS1_2_VERSION,
2040 SSL_NOT_DEFAULT | SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2049 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2050 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2055 SSL3_VERSION, TLS1_2_VERSION,
2056 DTLS1_VERSION, DTLS1_2_VERSION,
2058 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2066 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2067 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2072 SSL3_VERSION, TLS1_2_VERSION,
2073 DTLS1_VERSION, DTLS1_2_VERSION,
2075 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2083 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2084 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2089 SSL3_VERSION, TLS1_2_VERSION,
2090 DTLS1_VERSION, DTLS1_2_VERSION,
2091 SSL_NOT_DEFAULT | SSL_HIGH,
2092 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2100 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2101 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2106 SSL3_VERSION, TLS1_2_VERSION,
2107 DTLS1_VERSION, DTLS1_2_VERSION,
2109 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2117 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2118 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2123 SSL3_VERSION, TLS1_2_VERSION,
2124 DTLS1_VERSION, DTLS1_2_VERSION,
2126 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2134 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2135 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2140 SSL3_VERSION, TLS1_2_VERSION,
2141 DTLS1_VERSION, DTLS1_2_VERSION,
2142 SSL_NOT_DEFAULT | SSL_HIGH,
2143 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2147 #endif /* OPENSSL_NO_SRP */
2148 #ifndef OPENSSL_NO_EC
2150 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2155 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2156 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2161 TLS1_2_VERSION, TLS1_2_VERSION,
2162 DTLS1_2_VERSION, DTLS1_2_VERSION,
2163 SSL_HIGH | SSL_FIPS,
2164 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2172 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2173 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2178 TLS1_2_VERSION, TLS1_2_VERSION,
2179 DTLS1_2_VERSION, DTLS1_2_VERSION,
2180 SSL_HIGH | SSL_FIPS,
2181 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2190 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2191 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2196 TLS1_2_VERSION, TLS1_2_VERSION,
2197 DTLS1_2_VERSION, DTLS1_2_VERSION,
2198 SSL_HIGH | SSL_FIPS,
2199 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2207 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2208 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2213 TLS1_2_VERSION, TLS1_2_VERSION,
2214 DTLS1_2_VERSION, DTLS1_2_VERSION,
2215 SSL_HIGH | SSL_FIPS,
2216 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2221 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2226 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2227 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2232 TLS1_2_VERSION, TLS1_2_VERSION,
2233 DTLS1_2_VERSION, DTLS1_2_VERSION,
2234 SSL_HIGH | SSL_FIPS,
2235 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2243 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2244 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2249 TLS1_2_VERSION, TLS1_2_VERSION,
2250 DTLS1_2_VERSION, DTLS1_2_VERSION,
2251 SSL_HIGH | SSL_FIPS,
2252 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2260 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2261 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2266 TLS1_2_VERSION, TLS1_2_VERSION,
2267 DTLS1_2_VERSION, DTLS1_2_VERSION,
2268 SSL_HIGH | SSL_FIPS,
2269 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2277 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2278 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2283 TLS1_2_VERSION, TLS1_2_VERSION,
2284 DTLS1_2_VERSION, DTLS1_2_VERSION,
2285 SSL_HIGH | SSL_FIPS,
2286 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2291 /* PSK ciphersuites from RFC 5489 */
2293 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2296 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2297 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2302 SSL3_VERSION, TLS1_2_VERSION,
2303 DTLS1_VERSION, DTLS1_2_VERSION,
2304 SSL_NOT_DEFAULT | SSL_MEDIUM,
2305 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2314 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2315 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2320 SSL3_VERSION, TLS1_2_VERSION,
2321 DTLS1_VERSION, DTLS1_2_VERSION,
2322 SSL_HIGH | SSL_FIPS,
2323 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2331 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2332 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2337 SSL3_VERSION, TLS1_2_VERSION,
2338 DTLS1_VERSION, DTLS1_2_VERSION,
2339 SSL_HIGH | SSL_FIPS,
2340 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2348 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2349 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2354 SSL3_VERSION, TLS1_2_VERSION,
2355 DTLS1_VERSION, DTLS1_2_VERSION,
2356 SSL_HIGH | SSL_FIPS,
2357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2365 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2366 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2371 TLS1_VERSION, TLS1_2_VERSION,
2372 DTLS1_VERSION, DTLS1_2_VERSION,
2373 SSL_HIGH | SSL_FIPS,
2374 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2382 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2383 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2388 TLS1_VERSION, TLS1_2_VERSION,
2389 DTLS1_VERSION, DTLS1_2_VERSION,
2390 SSL_HIGH | SSL_FIPS,
2391 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2399 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
2400 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
2405 SSL3_VERSION, TLS1_2_VERSION,
2406 DTLS1_VERSION, DTLS1_2_VERSION,
2407 SSL_STRONG_NONE | SSL_FIPS,
2408 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2416 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
2417 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
2422 TLS1_VERSION, TLS1_2_VERSION,
2423 DTLS1_VERSION, DTLS1_2_VERSION,
2424 SSL_STRONG_NONE | SSL_FIPS,
2425 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2433 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
2434 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
2439 TLS1_VERSION, TLS1_2_VERSION,
2440 DTLS1_VERSION, DTLS1_2_VERSION,
2441 SSL_STRONG_NONE | SSL_FIPS,
2442 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2447 # ifndef OPENSSL_NO_CAMELLIA
2450 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2451 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2456 TLS1_2_VERSION, TLS1_2_VERSION,
2457 DTLS1_2_VERSION, DTLS1_2_VERSION,
2458 SSL_NOT_DEFAULT | SSL_HIGH,
2459 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2465 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2466 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2471 TLS1_2_VERSION, TLS1_2_VERSION,
2472 DTLS1_2_VERSION, DTLS1_2_VERSION,
2473 SSL_NOT_DEFAULT | SSL_HIGH,
2474 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2480 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2481 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2486 TLS1_2_VERSION, TLS1_2_VERSION,
2487 DTLS1_2_VERSION, DTLS1_2_VERSION,
2488 SSL_NOT_DEFAULT | SSL_HIGH,
2489 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2495 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2496 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2501 TLS1_2_VERSION, TLS1_2_VERSION,
2502 DTLS1_2_VERSION, DTLS1_2_VERSION,
2503 SSL_NOT_DEFAULT | SSL_HIGH,
2504 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2508 # endif /* OPENSSL_NO_CAMELLIA */
2509 #endif /* OPENSSL_NO_EC */
2511 #if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_PSK)
2514 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2515 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2520 TLS1_VERSION, TLS1_2_VERSION,
2521 DTLS1_VERSION, DTLS1_2_VERSION,
2522 SSL_NOT_DEFAULT | SSL_HIGH,
2523 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2529 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2530 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2535 TLS1_VERSION, TLS1_2_VERSION,
2536 DTLS1_VERSION, DTLS1_2_VERSION,
2537 SSL_NOT_DEFAULT | SSL_HIGH,
2538 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2544 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2545 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2550 TLS1_VERSION, TLS1_2_VERSION,
2551 DTLS1_VERSION, DTLS1_2_VERSION,
2552 SSL_NOT_DEFAULT | SSL_HIGH,
2553 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2559 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2560 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2565 TLS1_VERSION, TLS1_2_VERSION,
2566 DTLS1_VERSION, DTLS1_2_VERSION,
2567 SSL_NOT_DEFAULT | SSL_HIGH,
2568 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2574 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2575 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2580 TLS1_VERSION, TLS1_2_VERSION,
2581 DTLS1_VERSION, DTLS1_2_VERSION,
2582 SSL_NOT_DEFAULT | SSL_HIGH,
2583 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2589 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2590 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2595 TLS1_VERSION, TLS1_2_VERSION,
2596 DTLS1_VERSION, DTLS1_2_VERSION,
2597 SSL_NOT_DEFAULT | SSL_HIGH,
2598 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2604 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2605 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2610 TLS1_VERSION, TLS1_2_VERSION,
2611 DTLS1_VERSION, DTLS1_2_VERSION,
2612 SSL_NOT_DEFAULT | SSL_HIGH,
2613 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2619 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2620 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2625 TLS1_VERSION, TLS1_2_VERSION,
2626 DTLS1_VERSION, DTLS1_2_VERSION,
2627 SSL_NOT_DEFAULT | SSL_HIGH,
2628 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2636 TLS1_TXT_RSA_WITH_AES_128_CCM,
2637 TLS1_CK_RSA_WITH_AES_128_CCM,
2642 TLS1_2_VERSION, TLS1_2_VERSION,
2643 DTLS1_2_VERSION, DTLS1_2_VERSION,
2644 SSL_NOT_DEFAULT | SSL_HIGH,
2645 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2653 TLS1_TXT_RSA_WITH_AES_256_CCM,
2654 TLS1_CK_RSA_WITH_AES_256_CCM,
2659 TLS1_2_VERSION, TLS1_2_VERSION,
2660 DTLS1_2_VERSION, DTLS1_2_VERSION,
2661 SSL_NOT_DEFAULT | SSL_HIGH,
2662 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2670 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
2671 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
2676 TLS1_2_VERSION, TLS1_2_VERSION,
2677 DTLS1_2_VERSION, DTLS1_2_VERSION,
2678 SSL_NOT_DEFAULT | SSL_HIGH,
2679 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2687 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
2688 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
2693 TLS1_2_VERSION, TLS1_2_VERSION,
2694 DTLS1_2_VERSION, DTLS1_2_VERSION,
2695 SSL_NOT_DEFAULT | SSL_HIGH,
2696 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2704 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
2705 TLS1_CK_RSA_WITH_AES_128_CCM_8,
2710 TLS1_2_VERSION, TLS1_2_VERSION,
2711 DTLS1_2_VERSION, DTLS1_2_VERSION,
2712 SSL_NOT_DEFAULT | SSL_HIGH,
2713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2721 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
2722 TLS1_CK_RSA_WITH_AES_256_CCM_8,
2727 TLS1_2_VERSION, TLS1_2_VERSION,
2728 DTLS1_2_VERSION, DTLS1_2_VERSION,
2729 SSL_NOT_DEFAULT | SSL_HIGH,
2730 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2738 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
2739 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
2744 TLS1_2_VERSION, TLS1_2_VERSION,
2745 DTLS1_2_VERSION, DTLS1_2_VERSION,
2746 SSL_NOT_DEFAULT | SSL_HIGH,
2747 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2755 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
2756 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
2761 TLS1_2_VERSION, TLS1_2_VERSION,
2762 DTLS1_2_VERSION, DTLS1_2_VERSION,
2763 SSL_NOT_DEFAULT | SSL_HIGH,
2764 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2772 TLS1_TXT_PSK_WITH_AES_128_CCM,
2773 TLS1_CK_PSK_WITH_AES_128_CCM,
2778 TLS1_2_VERSION, TLS1_2_VERSION,
2779 DTLS1_2_VERSION, DTLS1_2_VERSION,
2780 SSL_NOT_DEFAULT | SSL_HIGH,
2781 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2789 TLS1_TXT_PSK_WITH_AES_256_CCM,
2790 TLS1_CK_PSK_WITH_AES_256_CCM,
2795 TLS1_2_VERSION, TLS1_2_VERSION,
2796 DTLS1_2_VERSION, DTLS1_2_VERSION,
2797 SSL_NOT_DEFAULT | SSL_HIGH,
2798 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2806 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
2807 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
2812 TLS1_2_VERSION, TLS1_2_VERSION,
2813 DTLS1_2_VERSION, DTLS1_2_VERSION,
2814 SSL_NOT_DEFAULT | SSL_HIGH,
2815 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2823 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
2824 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
2829 TLS1_2_VERSION, TLS1_2_VERSION,
2830 DTLS1_2_VERSION, DTLS1_2_VERSION,
2831 SSL_NOT_DEFAULT | SSL_HIGH,
2832 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2840 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
2841 TLS1_CK_PSK_WITH_AES_128_CCM_8,
2846 TLS1_2_VERSION, TLS1_2_VERSION,
2847 DTLS1_2_VERSION, DTLS1_2_VERSION,
2848 SSL_NOT_DEFAULT | SSL_HIGH,
2849 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2857 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
2858 TLS1_CK_PSK_WITH_AES_256_CCM_8,
2863 TLS1_2_VERSION, TLS1_2_VERSION,
2864 DTLS1_2_VERSION, DTLS1_2_VERSION,
2865 SSL_NOT_DEFAULT | SSL_HIGH,
2866 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2874 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
2875 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
2880 TLS1_2_VERSION, TLS1_2_VERSION,
2881 DTLS1_2_VERSION, DTLS1_2_VERSION,
2882 SSL_NOT_DEFAULT | SSL_HIGH,
2883 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2891 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
2892 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
2897 TLS1_2_VERSION, TLS1_2_VERSION,
2898 DTLS1_2_VERSION, DTLS1_2_VERSION,
2899 SSL_NOT_DEFAULT | SSL_HIGH,
2900 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2908 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
2909 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
2914 TLS1_2_VERSION, TLS1_2_VERSION,
2915 DTLS1_2_VERSION, DTLS1_2_VERSION,
2916 SSL_NOT_DEFAULT | SSL_HIGH,
2917 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2925 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
2926 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
2931 TLS1_2_VERSION, TLS1_2_VERSION,
2932 DTLS1_2_VERSION, DTLS1_2_VERSION,
2933 SSL_NOT_DEFAULT | SSL_HIGH,
2934 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2942 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
2943 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
2948 TLS1_2_VERSION, TLS1_2_VERSION,
2949 DTLS1_2_VERSION, DTLS1_2_VERSION,
2950 SSL_NOT_DEFAULT | SSL_HIGH,
2951 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2959 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
2960 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
2965 TLS1_2_VERSION, TLS1_2_VERSION,
2966 DTLS1_2_VERSION, DTLS1_2_VERSION,
2967 SSL_NOT_DEFAULT | SSL_HIGH,
2968 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2972 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2973 # ifndef OPENSSL_NO_EC
2977 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2978 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2981 SSL_CHACHA20POLY1305,
2983 TLS1_2_VERSION, TLS1_2_VERSION,
2984 DTLS1_2_VERSION, DTLS1_2_VERSION,
2986 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2993 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2994 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2997 SSL_CHACHA20POLY1305,
2999 TLS1_2_VERSION, TLS1_2_VERSION,
3000 DTLS1_2_VERSION, DTLS1_2_VERSION,
3002 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3007 # ifndef OPENSSL_NO_RSA
3011 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
3012 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
3015 SSL_CHACHA20POLY1305,
3017 TLS1_2_VERSION, TLS1_2_VERSION,
3018 DTLS1_2_VERSION, DTLS1_2_VERSION,
3020 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3025 # ifndef OPENSSL_NO_PSK
3029 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
3030 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
3033 SSL_CHACHA20POLY1305,
3035 TLS1_2_VERSION, TLS1_2_VERSION,
3036 DTLS1_2_VERSION, DTLS1_2_VERSION,
3038 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3045 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
3046 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
3049 SSL_CHACHA20POLY1305,
3051 TLS1_2_VERSION, TLS1_2_VERSION,
3052 DTLS1_2_VERSION, DTLS1_2_VERSION,
3054 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3061 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
3062 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
3065 SSL_CHACHA20POLY1305,
3067 TLS1_2_VERSION, TLS1_2_VERSION,
3068 DTLS1_2_VERSION, DTLS1_2_VERSION,
3070 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3077 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
3078 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
3081 SSL_CHACHA20POLY1305,
3083 TLS1_2_VERSION, TLS1_2_VERSION,
3084 DTLS1_2_VERSION, DTLS1_2_VERSION,
3086 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3092 #ifndef OPENSSL_NO_GOST
3095 "GOST2012-GOST8912-GOST8912",
3098 SSL_aGOST12 | SSL_aGOST01,
3099 SSL_eGOST2814789CNT12,
3101 TLS1_VERSION, TLS1_2_VERSION,
3102 DTLS1_VERSION, DTLS1_2_VERSION,
3104 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
3109 "GOST2012-NULL-GOST12",
3112 SSL_aGOST12 | SSL_aGOST01,
3115 TLS1_VERSION, TLS1_2_VERSION,
3116 DTLS1_VERSION, DTLS1_2_VERSION,
3118 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
3126 const SSL3_ENC_METHOD SSLv3_enc_data = {
3129 ssl3_setup_key_block,
3130 ssl3_generate_master_secret,
3131 ssl3_change_cipher_state,
3132 ssl3_final_finish_mac,
3133 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
3134 SSL3_MD_CLIENT_FINISHED_CONST, 4,
3135 SSL3_MD_SERVER_FINISHED_CONST, 4,
3137 (int (*)(SSL *, unsigned char *, size_t, const char *,
3138 size_t, const unsigned char *, size_t,
3139 int use_context))ssl_undefined_function,
3141 SSL3_HM_HEADER_LENGTH,
3142 ssl3_set_handshake_header,
3143 ssl3_handshake_write
3146 long ssl3_default_timeout(void)
3149 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3150 * http, the cache would over fill
3152 return (60 * 60 * 2);
3155 int ssl3_num_ciphers(void)
3157 return (SSL3_NUM_CIPHERS);
3160 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3162 if (u < SSL3_NUM_CIPHERS)
3163 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
3168 int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
3170 unsigned char *p = (unsigned char *)s->init_buf->data;
3173 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
3179 int ssl3_handshake_write(SSL *s)
3181 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3184 int ssl3_new(SSL *s)
3188 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3192 #ifndef OPENSSL_NO_SRP
3193 if (!SSL_SRP_CTX_init(s))
3196 s->method->ssl_clear(s);
3202 void ssl3_free(SSL *s)
3204 if (s == NULL || s->s3 == NULL)
3207 ssl3_cleanup_key_block(s);
3209 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3210 EVP_PKEY_free(s->s3->peer_tmp);
3211 s->s3->peer_tmp = NULL;
3212 EVP_PKEY_free(s->s3->tmp.pkey);
3213 s->s3->tmp.pkey = NULL;
3216 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3217 OPENSSL_free(s->s3->tmp.ciphers_raw);
3218 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3219 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3220 ssl3_free_digest_list(s);
3221 OPENSSL_free(s->s3->alpn_selected);
3222 OPENSSL_free(s->s3->alpn_proposed);
3224 #ifndef OPENSSL_NO_SRP
3225 SSL_SRP_CTX_free(s);
3227 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3231 void ssl3_clear(SSL *s)
3233 ssl3_cleanup_key_block(s);
3234 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3235 OPENSSL_free(s->s3->tmp.ciphers_raw);
3236 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3237 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3239 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3240 EVP_PKEY_free(s->s3->tmp.pkey);
3241 EVP_PKEY_free(s->s3->peer_tmp);
3242 #endif /* !OPENSSL_NO_EC */
3244 ssl3_free_digest_list(s);
3246 OPENSSL_free(s->s3->alpn_selected);
3247 OPENSSL_free(s->s3->alpn_proposed);
3249 /* NULL/zero-out everything in the s3 struct */
3250 memset(s->s3, 0, sizeof(*s->s3));
3252 ssl_free_wbio_buffer(s);
3254 s->version = SSL3_VERSION;
3256 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3257 OPENSSL_free(s->next_proto_negotiated);
3258 s->next_proto_negotiated = NULL;
3259 s->next_proto_negotiated_len = 0;
3263 #ifndef OPENSSL_NO_SRP
3264 static char *srp_password_from_info_cb(SSL *s, void *arg)
3266 return OPENSSL_strdup(s->srp_ctx.info);
3270 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
3273 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3278 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3280 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3281 ret = s->s3->num_renegotiations;
3283 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3284 ret = s->s3->num_renegotiations;
3285 s->s3->num_renegotiations = 0;
3287 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3288 ret = s->s3->total_renegotiations;
3290 case SSL_CTRL_GET_FLAGS:
3291 ret = (int)(s->s3->flags);
3293 #ifndef OPENSSL_NO_DH
3294 case SSL_CTRL_SET_TMP_DH:
3296 DH *dh = (DH *)parg;
3297 EVP_PKEY *pkdh = NULL;
3299 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3302 pkdh = ssl_dh_to_pkey(dh);
3304 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3307 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3308 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3309 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3310 EVP_PKEY_free(pkdh);
3313 EVP_PKEY_free(s->cert->dh_tmp);
3314 s->cert->dh_tmp = pkdh;
3318 case SSL_CTRL_SET_TMP_DH_CB:
3320 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3323 case SSL_CTRL_SET_DH_AUTO:
3324 s->cert->dh_tmp_auto = larg;
3327 #ifndef OPENSSL_NO_EC
3328 case SSL_CTRL_SET_TMP_ECDH:
3330 const EC_GROUP *group = NULL;
3334 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3337 group = EC_KEY_get0_group((const EC_KEY *)parg);
3338 if (group == NULL) {
3339 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3342 nid = EC_GROUP_get_curve_name(group);
3343 if (nid == NID_undef)
3345 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3346 &s->tlsext_ellipticcurvelist_length,
3350 #endif /* !OPENSSL_NO_EC */
3351 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3352 if (larg == TLSEXT_NAMETYPE_host_name) {
3355 OPENSSL_free(s->tlsext_hostname);
3356 s->tlsext_hostname = NULL;
3361 len = strlen((char *)parg);
3362 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3363 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3366 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3367 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3371 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3375 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3376 s->tlsext_debug_arg = parg;
3380 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3381 s->tlsext_status_type = larg;
3385 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3386 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3390 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3391 s->tlsext_ocsp_exts = parg;
3395 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3396 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3400 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3401 s->tlsext_ocsp_ids = parg;
3405 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3406 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3407 return s->tlsext_ocsp_resplen;
3409 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3410 OPENSSL_free(s->tlsext_ocsp_resp);
3411 s->tlsext_ocsp_resp = parg;
3412 s->tlsext_ocsp_resplen = larg;
3416 #ifndef OPENSSL_NO_HEARTBEATS
3417 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3419 ret = dtls1_heartbeat(s);
3422 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3424 ret = s->tlsext_hb_pending;
3427 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3428 if (SSL_IS_DTLS(s)) {
3430 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3432 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3438 case SSL_CTRL_CHAIN:
3440 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3442 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3444 case SSL_CTRL_CHAIN_CERT:
3446 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3448 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3450 case SSL_CTRL_GET_CHAIN_CERTS:
3451 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3454 case SSL_CTRL_SELECT_CURRENT_CERT:
3455 return ssl_cert_select_current(s->cert, (X509 *)parg);
3457 case SSL_CTRL_SET_CURRENT_CERT:
3458 if (larg == SSL_CERT_SET_SERVER) {
3460 const SSL_CIPHER *cipher;
3463 cipher = s->s3->tmp.new_cipher;
3467 * No certificate for unauthenticated ciphersuites or using SRP
3470 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3472 cpk = ssl_get_server_send_pkey(s);
3478 return ssl_cert_set_current(s->cert, larg);
3480 #ifndef OPENSSL_NO_EC
3481 case SSL_CTRL_GET_CURVES:
3483 unsigned char *clist;
3487 clist = s->session->tlsext_ellipticcurvelist;
3488 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3492 unsigned int cid, nid;
3493 for (i = 0; i < clistlen; i++) {
3495 nid = tls1_ec_curve_id2nid(cid);
3499 cptr[i] = TLSEXT_nid_unknown | cid;
3502 return (int)clistlen;
3505 case SSL_CTRL_SET_CURVES:
3506 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3507 &s->tlsext_ellipticcurvelist_length,
3510 case SSL_CTRL_SET_CURVES_LIST:
3511 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3512 &s->tlsext_ellipticcurvelist_length,
3515 case SSL_CTRL_GET_SHARED_CURVE:
3516 return tls1_shared_curve(s, larg);
3519 case SSL_CTRL_SET_SIGALGS:
3520 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3522 case SSL_CTRL_SET_SIGALGS_LIST:
3523 return tls1_set_sigalgs_list(s->cert, parg, 0);
3525 case SSL_CTRL_SET_CLIENT_SIGALGS:
3526 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3528 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3529 return tls1_set_sigalgs_list(s->cert, parg, 1);
3531 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3533 const unsigned char **pctype = parg;
3534 if (s->server || !s->s3->tmp.cert_req)
3536 if (s->cert->ctypes) {
3538 *pctype = s->cert->ctypes;
3539 return (int)s->cert->ctype_num;
3542 *pctype = (unsigned char *)s->s3->tmp.ctype;
3543 return s->s3->tmp.ctype_num;
3546 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3549 return ssl3_set_req_cert_type(s->cert, parg, larg);
3551 case SSL_CTRL_BUILD_CERT_CHAIN:
3552 return ssl_build_cert_chain(s, NULL, larg);
3554 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3555 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3557 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3558 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3560 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3561 if (SSL_USE_SIGALGS(s)) {
3564 sig = s->s3->tmp.peer_md;
3566 *(int *)parg = EVP_MD_type(sig);
3572 /* Might want to do something here for other versions */
3576 case SSL_CTRL_GET_SERVER_TMP_KEY:
3577 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3578 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3581 EVP_PKEY_up_ref(s->s3->peer_tmp);
3582 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3588 #ifndef OPENSSL_NO_EC
3589 case SSL_CTRL_GET_EC_POINT_FORMATS:
3591 SSL_SESSION *sess = s->session;
3592 const unsigned char **pformat = parg;
3593 if (!sess || !sess->tlsext_ecpointformatlist)
3595 *pformat = sess->tlsext_ecpointformatlist;
3596 return (int)sess->tlsext_ecpointformatlist_length;
3606 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3611 #ifndef OPENSSL_NO_DH
3612 case SSL_CTRL_SET_TMP_DH_CB:
3614 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3618 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3619 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3620 const unsigned char *, int, void *))fp;
3623 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3625 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3634 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3637 #ifndef OPENSSL_NO_DH
3638 case SSL_CTRL_SET_TMP_DH:
3640 DH *dh = (DH *)parg;
3641 EVP_PKEY *pkdh = NULL;
3643 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3646 pkdh = ssl_dh_to_pkey(dh);
3648 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3651 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3652 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3653 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3654 EVP_PKEY_free(pkdh);
3657 EVP_PKEY_free(ctx->cert->dh_tmp);
3658 ctx->cert->dh_tmp = pkdh;
3664 case SSL_CTRL_SET_TMP_DH_CB:
3666 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3669 case SSL_CTRL_SET_DH_AUTO:
3670 ctx->cert->dh_tmp_auto = larg;
3673 #ifndef OPENSSL_NO_EC
3674 case SSL_CTRL_SET_TMP_ECDH:
3676 const EC_GROUP *group = NULL;
3680 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3683 group = EC_KEY_get0_group((const EC_KEY *)parg);
3684 if (group == NULL) {
3685 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3688 nid = EC_GROUP_get_curve_name(group);
3689 if (nid == NID_undef)
3691 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3692 &ctx->tlsext_ellipticcurvelist_length,
3696 #endif /* !OPENSSL_NO_EC */
3697 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3698 ctx->tlsext_servername_arg = parg;
3700 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3701 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3703 unsigned char *keys = parg;
3707 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3710 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3711 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3712 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3713 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3715 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3716 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3717 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3722 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3723 ctx->tlsext_status_arg = parg;
3726 #ifndef OPENSSL_NO_SRP
3727 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3728 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3729 OPENSSL_free(ctx->srp_ctx.login);
3730 ctx->srp_ctx.login = NULL;
3733 if (strlen((const char *)parg) > 255
3734 || strlen((const char *)parg) < 1) {
3735 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3738 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3739 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3743 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3744 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3745 srp_password_from_info_cb;
3746 ctx->srp_ctx.info = parg;
3748 case SSL_CTRL_SET_SRP_ARG:
3749 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3750 ctx->srp_ctx.SRP_cb_arg = parg;
3753 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3754 ctx->srp_ctx.strength = larg;
3758 #ifndef OPENSSL_NO_EC
3759 case SSL_CTRL_SET_CURVES:
3760 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3761 &ctx->tlsext_ellipticcurvelist_length,
3764 case SSL_CTRL_SET_CURVES_LIST:
3765 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3766 &ctx->tlsext_ellipticcurvelist_length,
3769 case SSL_CTRL_SET_SIGALGS:
3770 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3772 case SSL_CTRL_SET_SIGALGS_LIST:
3773 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3775 case SSL_CTRL_SET_CLIENT_SIGALGS:
3776 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3778 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3779 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3781 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3782 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3784 case SSL_CTRL_BUILD_CERT_CHAIN:
3785 return ssl_build_cert_chain(NULL, ctx, larg);
3787 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3788 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3790 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3791 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3793 /* A Thawte special :-) */
3794 case SSL_CTRL_EXTRA_CHAIN_CERT:
3795 if (ctx->extra_certs == NULL) {
3796 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3799 sk_X509_push(ctx->extra_certs, (X509 *)parg);
3802 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3803 if (ctx->extra_certs == NULL && larg == 0)
3804 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3806 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3809 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3810 sk_X509_pop_free(ctx->extra_certs, X509_free);
3811 ctx->extra_certs = NULL;
3814 case SSL_CTRL_CHAIN:
3816 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3818 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3820 case SSL_CTRL_CHAIN_CERT:
3822 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3824 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3826 case SSL_CTRL_GET_CHAIN_CERTS:
3827 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3830 case SSL_CTRL_SELECT_CURRENT_CERT:
3831 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3833 case SSL_CTRL_SET_CURRENT_CERT:
3834 return ssl_cert_set_current(ctx->cert, larg);
3842 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3845 #ifndef OPENSSL_NO_DH
3846 case SSL_CTRL_SET_TMP_DH_CB:
3848 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3852 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3853 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3856 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3857 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3860 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3861 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3864 HMAC_CTX *, int))fp;
3867 #ifndef OPENSSL_NO_SRP
3868 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3869 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3870 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3872 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3873 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3874 ctx->srp_ctx.TLS_ext_srp_username_callback =
3875 (int (*)(SSL *, int *, void *))fp;
3877 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3878 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3879 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3880 (char *(*)(SSL *, void *))fp;
3883 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3885 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3895 * This function needs to check if the ciphers required are actually
3898 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3901 const SSL_CIPHER *cp;
3904 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
3906 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3910 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3916 if ((l & 0xff000000) != 0x03000000)
3918 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3919 p[1] = ((unsigned char)(l)) & 0xFF;
3925 * ssl3_choose_cipher - choose a cipher from those offered by the client
3926 * @s: SSL connection
3927 * @clnt: ciphers offered by the client
3928 * @srvr: ciphers enabled on the server?
3930 * Returns the selected cipher or NULL when no common ciphers.
3932 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3933 STACK_OF(SSL_CIPHER) *srvr)
3935 const SSL_CIPHER *c, *ret = NULL;
3936 STACK_OF(SSL_CIPHER) *prio, *allow;
3938 unsigned long alg_k, alg_a, mask_k, mask_a;
3940 /* Let's see which ciphers we can support */
3944 * Do not set the compare functions, because this may lead to a
3945 * reordering by "id". We want to keep the original ordering. We may pay
3946 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3947 * pay with the price of sk_SSL_CIPHER_dup().
3949 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3950 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3954 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3956 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3957 c = sk_SSL_CIPHER_value(srvr, i);
3958 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3960 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3962 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3963 c = sk_SSL_CIPHER_value(clnt, i);
3964 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3968 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3976 tls1_set_cert_validity(s);
3979 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3980 c = sk_SSL_CIPHER_value(prio, i);
3982 /* Skip ciphers not supported by the protocol version */
3983 if (!SSL_IS_DTLS(s) &&
3984 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3986 if (SSL_IS_DTLS(s) &&
3987 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3988 DTLS_VERSION_GT(s->version, c->max_dtls)))
3991 mask_k = s->s3->tmp.mask_k;
3992 mask_a = s->s3->tmp.mask_a;
3993 #ifndef OPENSSL_NO_SRP
3994 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4000 alg_k = c->algorithm_mkey;
4001 alg_a = c->algorithm_auth;
4003 #ifndef OPENSSL_NO_PSK
4004 /* with PSK there must be server callback set */
4005 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4007 #endif /* OPENSSL_NO_PSK */
4009 ok = (alg_k & mask_k) && (alg_a & mask_a);
4011 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4012 alg_a, mask_k, mask_a, (void *)c, c->name);
4015 # ifndef OPENSSL_NO_EC
4017 * if we are considering an ECC cipher suite that uses an ephemeral
4020 if (alg_k & SSL_kECDHE)
4021 ok = ok && tls1_check_ec_tmp_key(s, c->id);
4022 # endif /* OPENSSL_NO_EC */
4026 ii = sk_SSL_CIPHER_find(allow, c);
4028 /* Check security callback permits this cipher */
4029 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4030 c->strength_bits, 0, (void *)c))
4032 #if !defined(OPENSSL_NO_EC)
4033 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4034 && s->s3->is_probably_safari) {
4036 ret = sk_SSL_CIPHER_value(allow, ii);
4040 ret = sk_SSL_CIPHER_value(allow, ii);
4047 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4050 uint32_t alg_k, alg_a = 0;
4052 /* If we have custom certificate types set, use them */
4053 if (s->cert->ctypes) {
4054 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
4055 return (int)s->cert->ctype_num;
4057 /* Get mask of algorithms disabled by signature list */
4058 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4060 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4062 #ifndef OPENSSL_NO_GOST
4063 if (s->version >= TLS1_VERSION) {
4064 if (alg_k & SSL_kGOST) {
4065 p[ret++] = TLS_CT_GOST01_SIGN;
4066 p[ret++] = TLS_CT_GOST12_SIGN;
4067 p[ret++] = TLS_CT_GOST12_512_SIGN;
4073 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4074 #ifndef OPENSSL_NO_DH
4075 # ifndef OPENSSL_NO_RSA
4076 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4078 # ifndef OPENSSL_NO_DSA
4079 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4081 #endif /* !OPENSSL_NO_DH */
4083 #ifndef OPENSSL_NO_RSA
4084 if (!(alg_a & SSL_aRSA))
4085 p[ret++] = SSL3_CT_RSA_SIGN;
4087 #ifndef OPENSSL_NO_DSA
4088 if (!(alg_a & SSL_aDSS))
4089 p[ret++] = SSL3_CT_DSS_SIGN;
4091 #ifndef OPENSSL_NO_EC
4093 * ECDSA certs can be used with RSA cipher suites too so we don't
4094 * need to check for SSL_kECDH or SSL_kECDHE
4096 if (s->version >= TLS1_VERSION) {
4097 if (!(alg_a & SSL_aECDSA))
4098 p[ret++] = TLS_CT_ECDSA_SIGN;
4104 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4106 OPENSSL_free(c->ctypes);
4112 c->ctypes = OPENSSL_malloc(len);
4113 if (c->ctypes == NULL)
4115 memcpy(c->ctypes, p, len);
4120 int ssl3_shutdown(SSL *s)
4125 * Don't do anything much if we have not done the handshake or we don't
4126 * want to send messages :-)
4128 if (s->quiet_shutdown || SSL_in_before(s)) {
4129 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4133 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4134 s->shutdown |= SSL_SENT_SHUTDOWN;
4135 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4137 * our shutdown alert has been sent now, and if it still needs to be
4138 * written, s->s3->alert_dispatch will be true
4140 if (s->s3->alert_dispatch)
4141 return (-1); /* return WANT_WRITE */
4142 } else if (s->s3->alert_dispatch) {
4143 /* resend it if not sent */
4144 ret = s->method->ssl_dispatch_alert(s);
4147 * we only get to return -1 here the 2nd/Nth invocation, we must
4148 * have already signalled return 0 upon a previous invoation,
4153 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4155 * If we are waiting for a close from our peer, we are closed
4157 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
4158 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4159 return (-1); /* return WANT_READ */
4163 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4164 !s->s3->alert_dispatch)
4170 int ssl3_write(SSL *s, const void *buf, int len)
4173 if (s->s3->renegotiate)
4174 ssl3_renegotiate_check(s);
4176 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4180 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4185 if (s->s3->renegotiate)
4186 ssl3_renegotiate_check(s);
4187 s->s3->in_read_app_data = 1;
4189 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4191 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4193 * ssl3_read_bytes decided to call s->handshake_func, which called
4194 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4195 * actually found application data and thinks that application data
4196 * makes sense here; so disable handshake processing and try to read
4197 * application data again.
4199 ossl_statem_set_in_handshake(s, 1);
4201 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4203 ossl_statem_set_in_handshake(s, 0);
4205 s->s3->in_read_app_data = 0;
4210 int ssl3_read(SSL *s, void *buf, int len)
4212 return ssl3_read_internal(s, buf, len, 0);
4215 int ssl3_peek(SSL *s, void *buf, int len)
4217 return ssl3_read_internal(s, buf, len, 1);
4220 int ssl3_renegotiate(SSL *s)
4222 if (s->handshake_func == NULL)
4225 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4228 s->s3->renegotiate = 1;
4232 int ssl3_renegotiate_check(SSL *s)
4236 if (s->s3->renegotiate) {
4237 if (!RECORD_LAYER_read_pending(&s->rlayer)
4238 && !RECORD_LAYER_write_pending(&s->rlayer)
4239 && !SSL_in_init(s)) {
4241 * if we are the server, and we have sent a 'RENEGOTIATE'
4242 * message, we need to set the state machine into the renegotiate
4245 ossl_statem_set_renegotiate(s);
4246 s->s3->renegotiate = 0;
4247 s->s3->num_renegotiations++;
4248 s->s3->total_renegotiations++;
4256 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4257 * handshake macs if required.
4259 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4261 long ssl_get_algorithm2(SSL *s)
4263 long alg2 = s->s3->tmp.new_cipher->algorithm2;
4264 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4265 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4266 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4267 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4268 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4269 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4275 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4276 * failure, 1 on success.
4278 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
4285 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4287 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4289 unsigned long Time = (unsigned long)time(NULL);
4290 unsigned char *p = result;
4292 return RAND_bytes(p, len - 4);
4294 return RAND_bytes(result, len);
4297 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4300 #ifndef OPENSSL_NO_PSK
4301 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4302 if (alg_k & SSL_PSK) {
4303 unsigned char *pskpms, *t;
4304 size_t psklen = s->s3->tmp.psklen;
4307 /* create PSK premaster_secret */
4309 /* For plain PSK "other_secret" is psklen zeroes */
4310 if (alg_k & SSL_kPSK)
4313 pskpmslen = 4 + pmslen + psklen;
4314 pskpms = OPENSSL_malloc(pskpmslen);
4315 if (pskpms == NULL) {
4316 s->session->master_key_length = 0;
4321 if (alg_k & SSL_kPSK)
4322 memset(t, 0, pmslen);
4324 memcpy(t, pms, pmslen);
4327 memcpy(t, s->s3->tmp.psk, psklen);
4329 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4330 s->s3->tmp.psk = NULL;
4331 s->session->master_key_length =
4332 s->method->ssl3_enc->generate_master_secret(s,
4333 s->session->master_key,
4335 OPENSSL_clear_free(pskpms, pskpmslen);
4338 s->session->master_key_length =
4339 s->method->ssl3_enc->generate_master_secret(s,
4340 s->session->master_key,
4342 #ifndef OPENSSL_NO_PSK
4347 OPENSSL_clear_free(pms, pmslen);
4349 OPENSSL_cleanse(pms, pmslen);
4352 s->s3->tmp.pms = NULL;
4353 return s->session->master_key_length >= 0;
4356 /* Generate a private key from parameters or a curve NID */
4357 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int nid)
4359 EVP_PKEY_CTX *pctx = NULL;
4360 EVP_PKEY *pkey = NULL;
4362 pctx = EVP_PKEY_CTX_new(pm, NULL);
4365 * Generate a new key for this curve.
4366 * Should not be called if EC is disabled: if it is it will
4367 * fail with an unknown algorithm error.
4369 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4373 if (EVP_PKEY_keygen_init(pctx) <= 0)
4375 #ifndef OPENSSL_NO_EC
4376 if (pm == NULL && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4380 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4381 EVP_PKEY_free(pkey);
4386 EVP_PKEY_CTX_free(pctx);
4389 /* Derive premaster or master secret for ECDH/DH */
4390 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4393 unsigned char *pms = NULL;
4397 if (privkey == NULL || pubkey == NULL)
4400 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4402 if (EVP_PKEY_derive_init(pctx) <= 0
4403 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4404 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4408 pms = OPENSSL_malloc(pmslen);
4412 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4416 /* For server generate master secret and discard premaster */
4417 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4420 /* For client just save premaster secret */
4421 s->s3->tmp.pms = pms;
4422 s->s3->tmp.pmslen = pmslen;
4428 OPENSSL_clear_free(pms, pmslen);
4429 EVP_PKEY_CTX_free(pctx);
4433 #ifndef OPENSSL_NO_DH
4434 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4439 ret = EVP_PKEY_new();
4440 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {