2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
51 #include <openssl/objects.h>
53 #include <openssl/md5.h>
54 #include <openssl/dh.h>
55 #include <openssl/rand.h>
57 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
60 * The list of available ciphers, organized into the following
65 * SRP (within that: RSA EC PSK)
66 * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
69 static SSL_CIPHER ssl3_ciphers[] = {
72 SSL3_TXT_RSA_NULL_MD5,
78 SSL3_VERSION, TLS1_2_VERSION,
79 DTLS1_BAD_VER, DTLS1_2_VERSION,
81 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
87 SSL3_TXT_RSA_NULL_SHA,
93 SSL3_VERSION, TLS1_2_VERSION,
94 DTLS1_BAD_VER, DTLS1_2_VERSION,
95 SSL_STRONG_NONE | SSL_FIPS,
96 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
102 SSL3_TXT_RSA_DES_192_CBC3_SHA,
103 SSL3_CK_RSA_DES_192_CBC3_SHA,
108 SSL3_VERSION, TLS1_2_VERSION,
109 DTLS1_BAD_VER, DTLS1_2_VERSION,
110 SSL_MEDIUM | SSL_FIPS,
111 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
117 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
118 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
123 SSL3_VERSION, TLS1_2_VERSION,
124 DTLS1_BAD_VER, DTLS1_2_VERSION,
125 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
126 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
132 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
133 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
138 SSL3_VERSION, TLS1_2_VERSION,
139 DTLS1_BAD_VER, DTLS1_2_VERSION,
140 SSL_MEDIUM | SSL_FIPS,
141 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
147 SSL3_TXT_ADH_DES_192_CBC_SHA,
148 SSL3_CK_ADH_DES_192_CBC_SHA,
153 SSL3_VERSION, TLS1_2_VERSION,
154 DTLS1_BAD_VER, DTLS1_2_VERSION,
155 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
156 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
162 TLS1_TXT_RSA_WITH_AES_128_SHA,
163 TLS1_CK_RSA_WITH_AES_128_SHA,
168 SSL3_VERSION, TLS1_2_VERSION,
169 DTLS1_BAD_VER, DTLS1_2_VERSION,
171 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
177 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
178 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
183 SSL3_VERSION, TLS1_2_VERSION,
184 DTLS1_BAD_VER, DTLS1_2_VERSION,
185 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
186 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
192 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
193 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
198 SSL3_VERSION, TLS1_2_VERSION,
199 DTLS1_BAD_VER, DTLS1_2_VERSION,
201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
207 TLS1_TXT_ADH_WITH_AES_128_SHA,
208 TLS1_CK_ADH_WITH_AES_128_SHA,
213 SSL3_VERSION, TLS1_2_VERSION,
214 DTLS1_BAD_VER, DTLS1_2_VERSION,
215 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
216 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
222 TLS1_TXT_RSA_WITH_AES_256_SHA,
223 TLS1_CK_RSA_WITH_AES_256_SHA,
228 SSL3_VERSION, TLS1_2_VERSION,
229 DTLS1_BAD_VER, DTLS1_2_VERSION,
231 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
237 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
238 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
243 SSL3_VERSION, TLS1_2_VERSION,
244 DTLS1_BAD_VER, DTLS1_2_VERSION,
245 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
246 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
252 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
253 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
258 SSL3_VERSION, TLS1_2_VERSION,
259 DTLS1_BAD_VER, DTLS1_2_VERSION,
261 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
267 TLS1_TXT_ADH_WITH_AES_256_SHA,
268 TLS1_CK_ADH_WITH_AES_256_SHA,
273 SSL3_VERSION, TLS1_2_VERSION,
274 DTLS1_BAD_VER, DTLS1_2_VERSION,
275 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
276 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
282 TLS1_TXT_RSA_WITH_NULL_SHA256,
283 TLS1_CK_RSA_WITH_NULL_SHA256,
288 TLS1_2_VERSION, TLS1_2_VERSION,
289 DTLS1_2_VERSION, DTLS1_2_VERSION,
290 SSL_STRONG_NONE | SSL_FIPS,
291 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
297 TLS1_TXT_RSA_WITH_AES_128_SHA256,
298 TLS1_CK_RSA_WITH_AES_128_SHA256,
303 TLS1_2_VERSION, TLS1_2_VERSION,
304 DTLS1_2_VERSION, DTLS1_2_VERSION,
306 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
312 TLS1_TXT_RSA_WITH_AES_256_SHA256,
313 TLS1_CK_RSA_WITH_AES_256_SHA256,
318 TLS1_2_VERSION, TLS1_2_VERSION,
319 DTLS1_2_VERSION, DTLS1_2_VERSION,
321 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
327 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
328 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
333 TLS1_2_VERSION, TLS1_2_VERSION,
334 DTLS1_2_VERSION, DTLS1_2_VERSION,
335 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
336 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
342 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
343 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
348 TLS1_2_VERSION, TLS1_2_VERSION,
349 DTLS1_2_VERSION, DTLS1_2_VERSION,
351 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
357 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
358 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
363 TLS1_2_VERSION, TLS1_2_VERSION,
364 DTLS1_2_VERSION, DTLS1_2_VERSION,
365 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
372 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
373 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
378 TLS1_2_VERSION, TLS1_2_VERSION,
379 DTLS1_2_VERSION, DTLS1_2_VERSION,
381 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
387 TLS1_TXT_ADH_WITH_AES_128_SHA256,
388 TLS1_CK_ADH_WITH_AES_128_SHA256,
393 TLS1_2_VERSION, TLS1_2_VERSION,
394 DTLS1_2_VERSION, DTLS1_2_VERSION,
395 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
396 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
402 TLS1_TXT_ADH_WITH_AES_256_SHA256,
403 TLS1_CK_ADH_WITH_AES_256_SHA256,
408 TLS1_2_VERSION, TLS1_2_VERSION,
409 DTLS1_2_VERSION, DTLS1_2_VERSION,
410 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
411 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
417 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
418 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
423 TLS1_2_VERSION, TLS1_2_VERSION,
424 DTLS1_2_VERSION, DTLS1_2_VERSION,
426 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
432 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
433 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
438 TLS1_2_VERSION, TLS1_2_VERSION,
439 DTLS1_2_VERSION, DTLS1_2_VERSION,
441 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
447 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
453 TLS1_2_VERSION, TLS1_2_VERSION,
454 DTLS1_2_VERSION, DTLS1_2_VERSION,
456 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
462 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
463 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
468 TLS1_2_VERSION, TLS1_2_VERSION,
469 DTLS1_2_VERSION, DTLS1_2_VERSION,
471 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
477 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
478 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
483 TLS1_2_VERSION, TLS1_2_VERSION,
484 DTLS1_2_VERSION, DTLS1_2_VERSION,
485 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
486 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
492 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
493 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
498 TLS1_2_VERSION, TLS1_2_VERSION,
499 DTLS1_2_VERSION, DTLS1_2_VERSION,
500 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
501 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
507 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
508 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
513 TLS1_2_VERSION, TLS1_2_VERSION,
514 DTLS1_2_VERSION, DTLS1_2_VERSION,
515 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
516 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
522 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
523 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
528 TLS1_2_VERSION, TLS1_2_VERSION,
529 DTLS1_2_VERSION, DTLS1_2_VERSION,
530 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
531 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
537 TLS1_TXT_RSA_WITH_AES_128_CCM,
538 TLS1_CK_RSA_WITH_AES_128_CCM,
543 TLS1_2_VERSION, TLS1_2_VERSION,
544 DTLS1_2_VERSION, DTLS1_2_VERSION,
545 SSL_NOT_DEFAULT | SSL_HIGH,
546 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
552 TLS1_TXT_RSA_WITH_AES_256_CCM,
553 TLS1_CK_RSA_WITH_AES_256_CCM,
558 TLS1_2_VERSION, TLS1_2_VERSION,
559 DTLS1_2_VERSION, DTLS1_2_VERSION,
560 SSL_NOT_DEFAULT | SSL_HIGH,
561 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
567 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
568 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
573 TLS1_2_VERSION, TLS1_2_VERSION,
574 DTLS1_2_VERSION, DTLS1_2_VERSION,
575 SSL_NOT_DEFAULT | SSL_HIGH,
576 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
582 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
583 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
588 TLS1_2_VERSION, TLS1_2_VERSION,
589 DTLS1_2_VERSION, DTLS1_2_VERSION,
590 SSL_NOT_DEFAULT | SSL_HIGH,
591 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
597 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
598 TLS1_CK_RSA_WITH_AES_128_CCM_8,
603 TLS1_2_VERSION, TLS1_2_VERSION,
604 DTLS1_2_VERSION, DTLS1_2_VERSION,
605 SSL_NOT_DEFAULT | SSL_HIGH,
606 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
612 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
613 TLS1_CK_RSA_WITH_AES_256_CCM_8,
618 TLS1_2_VERSION, TLS1_2_VERSION,
619 DTLS1_2_VERSION, DTLS1_2_VERSION,
620 SSL_NOT_DEFAULT | SSL_HIGH,
621 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
627 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
628 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
633 TLS1_2_VERSION, TLS1_2_VERSION,
634 DTLS1_2_VERSION, DTLS1_2_VERSION,
635 SSL_NOT_DEFAULT | SSL_HIGH,
636 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
642 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
643 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
648 TLS1_2_VERSION, TLS1_2_VERSION,
649 DTLS1_2_VERSION, DTLS1_2_VERSION,
650 SSL_NOT_DEFAULT | SSL_HIGH,
651 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
657 TLS1_TXT_PSK_WITH_AES_128_CCM,
658 TLS1_CK_PSK_WITH_AES_128_CCM,
663 TLS1_2_VERSION, TLS1_2_VERSION,
664 DTLS1_2_VERSION, DTLS1_2_VERSION,
665 SSL_NOT_DEFAULT | SSL_HIGH,
666 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
672 TLS1_TXT_PSK_WITH_AES_256_CCM,
673 TLS1_CK_PSK_WITH_AES_256_CCM,
678 TLS1_2_VERSION, TLS1_2_VERSION,
679 DTLS1_2_VERSION, DTLS1_2_VERSION,
680 SSL_NOT_DEFAULT | SSL_HIGH,
681 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
687 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
688 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
693 TLS1_2_VERSION, TLS1_2_VERSION,
694 DTLS1_2_VERSION, DTLS1_2_VERSION,
695 SSL_NOT_DEFAULT | SSL_HIGH,
696 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
702 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
703 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
708 TLS1_2_VERSION, TLS1_2_VERSION,
709 DTLS1_2_VERSION, DTLS1_2_VERSION,
710 SSL_NOT_DEFAULT | SSL_HIGH,
711 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
717 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
718 TLS1_CK_PSK_WITH_AES_128_CCM_8,
723 TLS1_2_VERSION, TLS1_2_VERSION,
724 DTLS1_2_VERSION, DTLS1_2_VERSION,
725 SSL_NOT_DEFAULT | SSL_HIGH,
726 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
732 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
733 TLS1_CK_PSK_WITH_AES_256_CCM_8,
738 TLS1_2_VERSION, TLS1_2_VERSION,
739 DTLS1_2_VERSION, DTLS1_2_VERSION,
740 SSL_NOT_DEFAULT | SSL_HIGH,
741 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
747 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
748 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
753 TLS1_2_VERSION, TLS1_2_VERSION,
754 DTLS1_2_VERSION, DTLS1_2_VERSION,
755 SSL_NOT_DEFAULT | SSL_HIGH,
756 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
762 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
763 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
768 TLS1_2_VERSION, TLS1_2_VERSION,
769 DTLS1_2_VERSION, DTLS1_2_VERSION,
770 SSL_NOT_DEFAULT | SSL_HIGH,
771 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
777 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
778 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
783 TLS1_2_VERSION, TLS1_2_VERSION,
784 DTLS1_2_VERSION, DTLS1_2_VERSION,
785 SSL_NOT_DEFAULT | SSL_HIGH,
786 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
792 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
793 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
798 TLS1_2_VERSION, TLS1_2_VERSION,
799 DTLS1_2_VERSION, DTLS1_2_VERSION,
800 SSL_NOT_DEFAULT | SSL_HIGH,
801 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
807 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
808 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
813 TLS1_2_VERSION, TLS1_2_VERSION,
814 DTLS1_2_VERSION, DTLS1_2_VERSION,
815 SSL_NOT_DEFAULT | SSL_HIGH,
816 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
822 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
823 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
828 TLS1_2_VERSION, TLS1_2_VERSION,
829 DTLS1_2_VERSION, DTLS1_2_VERSION,
830 SSL_NOT_DEFAULT | SSL_HIGH,
831 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
836 #ifndef OPENSSL_NO_EC
839 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
840 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
845 SSL3_VERSION, TLS1_2_VERSION,
846 DTLS1_BAD_VER, DTLS1_2_VERSION,
847 SSL_STRONG_NONE | SSL_FIPS,
848 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
854 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
855 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
860 SSL3_VERSION, TLS1_2_VERSION,
861 DTLS1_BAD_VER, DTLS1_2_VERSION,
862 SSL_MEDIUM | SSL_FIPS,
863 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
869 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
870 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
875 SSL3_VERSION, TLS1_2_VERSION,
876 DTLS1_BAD_VER, DTLS1_2_VERSION,
878 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
884 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
885 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
890 SSL3_VERSION, TLS1_2_VERSION,
891 DTLS1_BAD_VER, DTLS1_2_VERSION,
893 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
899 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
900 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
905 SSL3_VERSION, TLS1_2_VERSION,
906 DTLS1_BAD_VER, DTLS1_2_VERSION,
907 SSL_STRONG_NONE | SSL_FIPS,
908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
914 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
915 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
920 SSL3_VERSION, TLS1_2_VERSION,
921 DTLS1_BAD_VER, DTLS1_2_VERSION,
922 SSL_MEDIUM | SSL_FIPS,
923 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
929 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
930 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
935 SSL3_VERSION, TLS1_2_VERSION,
936 DTLS1_BAD_VER, DTLS1_2_VERSION,
938 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
944 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
945 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
950 SSL3_VERSION, TLS1_2_VERSION,
951 DTLS1_BAD_VER, DTLS1_2_VERSION,
953 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
959 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
960 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
965 SSL3_VERSION, TLS1_2_VERSION,
966 DTLS1_BAD_VER, DTLS1_2_VERSION,
967 SSL_STRONG_NONE | SSL_FIPS,
968 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
974 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
975 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
980 SSL3_VERSION, TLS1_2_VERSION,
981 DTLS1_BAD_VER, DTLS1_2_VERSION,
982 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
983 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
989 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
990 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
995 SSL3_VERSION, TLS1_2_VERSION,
996 DTLS1_BAD_VER, DTLS1_2_VERSION,
997 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
998 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1004 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1005 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1010 SSL3_VERSION, TLS1_2_VERSION,
1011 DTLS1_BAD_VER, DTLS1_2_VERSION,
1012 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1013 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1019 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1020 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1025 TLS1_2_VERSION, TLS1_2_VERSION,
1026 DTLS1_2_VERSION, DTLS1_2_VERSION,
1027 SSL_HIGH | SSL_FIPS,
1028 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1034 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1035 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1040 TLS1_2_VERSION, TLS1_2_VERSION,
1041 DTLS1_2_VERSION, DTLS1_2_VERSION,
1042 SSL_HIGH | SSL_FIPS,
1043 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1049 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1050 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1055 TLS1_2_VERSION, TLS1_2_VERSION,
1056 DTLS1_2_VERSION, DTLS1_2_VERSION,
1057 SSL_HIGH | SSL_FIPS,
1058 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1064 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1065 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1070 TLS1_2_VERSION, TLS1_2_VERSION,
1071 DTLS1_2_VERSION, DTLS1_2_VERSION,
1072 SSL_HIGH | SSL_FIPS,
1073 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1079 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1080 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1085 TLS1_2_VERSION, TLS1_2_VERSION,
1086 DTLS1_2_VERSION, DTLS1_2_VERSION,
1087 SSL_HIGH | SSL_FIPS,
1088 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1094 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1095 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1100 TLS1_2_VERSION, TLS1_2_VERSION,
1101 DTLS1_2_VERSION, DTLS1_2_VERSION,
1102 SSL_HIGH | SSL_FIPS,
1103 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1109 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1110 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1115 TLS1_2_VERSION, TLS1_2_VERSION,
1116 DTLS1_2_VERSION, DTLS1_2_VERSION,
1117 SSL_HIGH | SSL_FIPS,
1118 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1124 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1125 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1130 TLS1_2_VERSION, TLS1_2_VERSION,
1131 DTLS1_2_VERSION, DTLS1_2_VERSION,
1132 SSL_HIGH | SSL_FIPS,
1133 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1137 #endif /* OPENSSL_NO_EC */
1139 #ifndef OPENSSL_NO_PSK
1142 TLS1_TXT_PSK_WITH_NULL_SHA,
1143 TLS1_CK_PSK_WITH_NULL_SHA,
1148 SSL3_VERSION, TLS1_2_VERSION,
1149 DTLS1_BAD_VER, DTLS1_2_VERSION,
1150 SSL_STRONG_NONE | SSL_FIPS,
1151 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1157 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1158 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1163 SSL3_VERSION, TLS1_2_VERSION,
1164 DTLS1_BAD_VER, DTLS1_2_VERSION,
1165 SSL_STRONG_NONE | SSL_FIPS,
1166 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1172 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1173 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1178 SSL3_VERSION, TLS1_2_VERSION,
1179 DTLS1_BAD_VER, DTLS1_2_VERSION,
1180 SSL_STRONG_NONE | SSL_FIPS,
1181 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1187 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1188 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1193 SSL3_VERSION, TLS1_2_VERSION,
1194 DTLS1_BAD_VER, DTLS1_2_VERSION,
1195 SSL_MEDIUM | SSL_FIPS,
1196 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1202 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1203 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1208 SSL3_VERSION, TLS1_2_VERSION,
1209 DTLS1_BAD_VER, DTLS1_2_VERSION,
1210 SSL_HIGH | SSL_FIPS,
1211 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1217 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1218 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1223 SSL3_VERSION, TLS1_2_VERSION,
1224 DTLS1_BAD_VER, DTLS1_2_VERSION,
1225 SSL_HIGH | SSL_FIPS,
1226 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1232 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1233 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1238 SSL3_VERSION, TLS1_2_VERSION,
1239 DTLS1_BAD_VER, DTLS1_2_VERSION,
1240 SSL_MEDIUM | SSL_FIPS,
1241 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1247 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1248 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1253 SSL3_VERSION, TLS1_2_VERSION,
1254 DTLS1_BAD_VER, DTLS1_2_VERSION,
1255 SSL_HIGH | SSL_FIPS,
1256 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1262 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1263 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1268 SSL3_VERSION, TLS1_2_VERSION,
1269 DTLS1_BAD_VER, DTLS1_2_VERSION,
1270 SSL_HIGH | SSL_FIPS,
1271 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1277 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1278 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1283 SSL3_VERSION, TLS1_2_VERSION,
1284 DTLS1_BAD_VER, DTLS1_2_VERSION,
1285 SSL_MEDIUM | SSL_FIPS,
1286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1292 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1293 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1298 SSL3_VERSION, TLS1_2_VERSION,
1299 DTLS1_BAD_VER, DTLS1_2_VERSION,
1300 SSL_HIGH | SSL_FIPS,
1301 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1307 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1308 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1313 SSL3_VERSION, TLS1_2_VERSION,
1314 DTLS1_BAD_VER, DTLS1_2_VERSION,
1315 SSL_HIGH | SSL_FIPS,
1316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1322 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1323 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1328 TLS1_2_VERSION, TLS1_2_VERSION,
1329 DTLS1_2_VERSION, DTLS1_2_VERSION,
1330 SSL_HIGH | SSL_FIPS,
1331 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1337 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1338 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1343 TLS1_2_VERSION, TLS1_2_VERSION,
1344 DTLS1_2_VERSION, DTLS1_2_VERSION,
1345 SSL_HIGH | SSL_FIPS,
1346 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1352 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1353 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1358 TLS1_2_VERSION, TLS1_2_VERSION,
1359 DTLS1_2_VERSION, DTLS1_2_VERSION,
1360 SSL_HIGH | SSL_FIPS,
1361 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1367 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1368 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1373 TLS1_2_VERSION, TLS1_2_VERSION,
1374 DTLS1_2_VERSION, DTLS1_2_VERSION,
1375 SSL_HIGH | SSL_FIPS,
1376 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1382 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1383 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1388 TLS1_2_VERSION, TLS1_2_VERSION,
1389 DTLS1_2_VERSION, DTLS1_2_VERSION,
1390 SSL_HIGH | SSL_FIPS,
1391 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1397 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1398 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1403 TLS1_2_VERSION, TLS1_2_VERSION,
1404 DTLS1_2_VERSION, DTLS1_2_VERSION,
1405 SSL_HIGH | SSL_FIPS,
1406 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1412 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1413 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1418 TLS1_VERSION, TLS1_2_VERSION,
1419 DTLS1_BAD_VER, DTLS1_2_VERSION,
1420 SSL_HIGH | SSL_FIPS,
1421 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1427 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1428 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1433 TLS1_VERSION, TLS1_2_VERSION,
1434 DTLS1_BAD_VER, DTLS1_2_VERSION,
1435 SSL_HIGH | SSL_FIPS,
1436 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1442 TLS1_TXT_PSK_WITH_NULL_SHA256,
1443 TLS1_CK_PSK_WITH_NULL_SHA256,
1448 TLS1_VERSION, TLS1_2_VERSION,
1449 DTLS1_BAD_VER, DTLS1_2_VERSION,
1450 SSL_STRONG_NONE | SSL_FIPS,
1451 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1457 TLS1_TXT_PSK_WITH_NULL_SHA384,
1458 TLS1_CK_PSK_WITH_NULL_SHA384,
1463 TLS1_VERSION, TLS1_2_VERSION,
1464 DTLS1_BAD_VER, DTLS1_2_VERSION,
1465 SSL_STRONG_NONE | SSL_FIPS,
1466 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1472 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1473 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1478 TLS1_VERSION, TLS1_2_VERSION,
1479 DTLS1_BAD_VER, DTLS1_2_VERSION,
1480 SSL_HIGH | SSL_FIPS,
1481 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1487 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1488 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1493 TLS1_VERSION, TLS1_2_VERSION,
1494 DTLS1_BAD_VER, DTLS1_2_VERSION,
1495 SSL_HIGH | SSL_FIPS,
1496 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1502 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1503 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1508 TLS1_VERSION, TLS1_2_VERSION,
1509 DTLS1_BAD_VER, DTLS1_2_VERSION,
1510 SSL_STRONG_NONE | SSL_FIPS,
1511 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1517 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1518 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1523 TLS1_VERSION, TLS1_2_VERSION,
1524 DTLS1_BAD_VER, DTLS1_2_VERSION,
1525 SSL_STRONG_NONE | SSL_FIPS,
1526 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1532 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1533 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1538 TLS1_VERSION, TLS1_2_VERSION,
1539 DTLS1_BAD_VER, DTLS1_2_VERSION,
1540 SSL_HIGH | SSL_FIPS,
1541 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1547 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1548 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1553 TLS1_VERSION, TLS1_2_VERSION,
1554 DTLS1_BAD_VER, DTLS1_2_VERSION,
1555 SSL_HIGH | SSL_FIPS,
1556 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1562 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1563 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1568 TLS1_VERSION, TLS1_2_VERSION,
1569 DTLS1_BAD_VER, DTLS1_2_VERSION,
1570 SSL_STRONG_NONE | SSL_FIPS,
1571 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1577 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1578 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1583 TLS1_VERSION, TLS1_2_VERSION,
1584 DTLS1_BAD_VER, DTLS1_2_VERSION,
1585 SSL_STRONG_NONE | SSL_FIPS,
1586 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1590 # ifndef OPENSSL_NO_EC
1593 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1594 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1599 SSL3_VERSION, TLS1_2_VERSION,
1600 DTLS1_BAD_VER, DTLS1_2_VERSION,
1601 SSL_MEDIUM | SSL_FIPS,
1602 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1608 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1609 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1614 SSL3_VERSION, TLS1_2_VERSION,
1615 DTLS1_BAD_VER, DTLS1_2_VERSION,
1616 SSL_HIGH | SSL_FIPS,
1617 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1623 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1624 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1629 SSL3_VERSION, TLS1_2_VERSION,
1630 DTLS1_BAD_VER, DTLS1_2_VERSION,
1631 SSL_HIGH | SSL_FIPS,
1632 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1638 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1639 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1644 TLS1_VERSION, TLS1_2_VERSION,
1645 DTLS1_BAD_VER, DTLS1_2_VERSION,
1646 SSL_HIGH | SSL_FIPS,
1647 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1653 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1654 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1659 TLS1_VERSION, TLS1_2_VERSION,
1660 DTLS1_BAD_VER, DTLS1_2_VERSION,
1661 SSL_HIGH | SSL_FIPS,
1662 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1668 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1669 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1674 SSL3_VERSION, TLS1_2_VERSION,
1675 DTLS1_BAD_VER, DTLS1_2_VERSION,
1676 SSL_STRONG_NONE | SSL_FIPS,
1677 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1683 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1684 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1689 TLS1_VERSION, TLS1_2_VERSION,
1690 DTLS1_BAD_VER, DTLS1_2_VERSION,
1691 SSL_STRONG_NONE | SSL_FIPS,
1692 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1698 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1699 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1704 TLS1_VERSION, TLS1_2_VERSION,
1705 DTLS1_BAD_VER, DTLS1_2_VERSION,
1706 SSL_STRONG_NONE | SSL_FIPS,
1707 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1711 # endif /* OPENSSL_NO_EC */
1712 #endif /* OPENSSL_NO_PSK */
1714 #ifndef OPENSSL_NO_SRP
1717 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1718 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1723 SSL3_VERSION, TLS1_2_VERSION,
1724 DTLS1_BAD_VER, DTLS1_2_VERSION,
1726 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1732 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1733 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1738 SSL3_VERSION, TLS1_2_VERSION,
1739 DTLS1_BAD_VER, DTLS1_2_VERSION,
1741 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1747 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1748 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1753 SSL3_VERSION, TLS1_2_VERSION,
1754 DTLS1_BAD_VER, DTLS1_2_VERSION,
1755 SSL_NOT_DEFAULT | SSL_MEDIUM,
1756 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1762 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1763 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1768 SSL3_VERSION, TLS1_2_VERSION,
1769 DTLS1_BAD_VER, DTLS1_2_VERSION,
1771 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1777 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1778 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1783 SSL3_VERSION, TLS1_2_VERSION,
1784 DTLS1_BAD_VER, DTLS1_2_VERSION,
1786 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1792 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1793 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1798 SSL3_VERSION, TLS1_2_VERSION,
1799 DTLS1_BAD_VER, DTLS1_2_VERSION,
1800 SSL_NOT_DEFAULT | SSL_HIGH,
1801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1807 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1808 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1813 SSL3_VERSION, TLS1_2_VERSION,
1814 DTLS1_BAD_VER, DTLS1_2_VERSION,
1816 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1822 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1823 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1828 SSL3_VERSION, TLS1_2_VERSION,
1829 DTLS1_BAD_VER, DTLS1_2_VERSION,
1831 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1837 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1838 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1843 SSL3_VERSION, TLS1_2_VERSION,
1844 DTLS1_BAD_VER, DTLS1_2_VERSION,
1845 SSL_NOT_DEFAULT | SSL_HIGH,
1846 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1850 #endif /* OPENSSL_NO_SRP */
1852 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1853 # ifndef OPENSSL_NO_RSA
1856 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1857 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1860 SSL_CHACHA20POLY1305,
1862 TLS1_2_VERSION, TLS1_2_VERSION,
1863 DTLS1_2_VERSION, DTLS1_2_VERSION,
1865 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1869 # endif /* OPENSSL_NO_RSA */
1871 # ifndef OPENSSL_NO_EC
1874 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1875 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1878 SSL_CHACHA20POLY1305,
1880 TLS1_2_VERSION, TLS1_2_VERSION,
1881 DTLS1_2_VERSION, DTLS1_2_VERSION,
1883 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1889 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1890 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1893 SSL_CHACHA20POLY1305,
1895 TLS1_2_VERSION, TLS1_2_VERSION,
1896 DTLS1_2_VERSION, DTLS1_2_VERSION,
1898 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1902 # endif /* OPENSSL_NO_EC */
1904 # ifndef OPENSSL_NO_PSK
1907 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
1908 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
1911 SSL_CHACHA20POLY1305,
1913 TLS1_2_VERSION, TLS1_2_VERSION,
1914 DTLS1_2_VERSION, DTLS1_2_VERSION,
1916 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1922 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1923 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1926 SSL_CHACHA20POLY1305,
1928 TLS1_2_VERSION, TLS1_2_VERSION,
1929 DTLS1_2_VERSION, DTLS1_2_VERSION,
1931 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1937 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
1938 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
1941 SSL_CHACHA20POLY1305,
1943 TLS1_2_VERSION, TLS1_2_VERSION,
1944 DTLS1_2_VERSION, DTLS1_2_VERSION,
1946 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1952 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
1953 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
1956 SSL_CHACHA20POLY1305,
1958 TLS1_2_VERSION, TLS1_2_VERSION,
1959 DTLS1_2_VERSION, DTLS1_2_VERSION,
1961 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1965 # endif /* OPENSSL_NO_PSK */
1966 #endif /* !defined(OPENSSL_NO_CHACHA) &&
1967 * !defined(OPENSSL_NO_POLY1305) */
1969 #ifndef OPENSSL_NO_CAMELLIA
1972 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1973 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1978 TLS1_2_VERSION, TLS1_2_VERSION,
1979 DTLS1_2_VERSION, DTLS1_2_VERSION,
1980 SSL_NOT_DEFAULT | SSL_HIGH,
1981 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1987 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1988 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1993 TLS1_2_VERSION, TLS1_2_VERSION,
1994 DTLS1_2_VERSION, DTLS1_2_VERSION,
1995 SSL_NOT_DEFAULT | SSL_HIGH,
1996 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2002 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2003 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2008 TLS1_2_VERSION, TLS1_2_VERSION,
2009 DTLS1_2_VERSION, DTLS1_2_VERSION,
2010 SSL_NOT_DEFAULT | SSL_HIGH,
2011 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2017 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2018 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2023 TLS1_2_VERSION, TLS1_2_VERSION,
2024 DTLS1_2_VERSION, DTLS1_2_VERSION,
2025 SSL_NOT_DEFAULT | SSL_HIGH,
2026 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2032 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2033 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2038 TLS1_2_VERSION, TLS1_2_VERSION,
2039 DTLS1_2_VERSION, DTLS1_2_VERSION,
2040 SSL_NOT_DEFAULT | SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2047 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2048 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2053 TLS1_2_VERSION, TLS1_2_VERSION,
2054 DTLS1_2_VERSION, DTLS1_2_VERSION,
2055 SSL_NOT_DEFAULT | SSL_HIGH,
2056 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2062 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2063 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2068 TLS1_2_VERSION, TLS1_2_VERSION,
2069 DTLS1_2_VERSION, DTLS1_2_VERSION,
2070 SSL_NOT_DEFAULT | SSL_HIGH,
2071 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2077 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2078 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2083 TLS1_2_VERSION, TLS1_2_VERSION,
2084 DTLS1_2_VERSION, DTLS1_2_VERSION,
2085 SSL_NOT_DEFAULT | SSL_HIGH,
2086 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2092 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2093 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2098 SSL3_VERSION, TLS1_2_VERSION,
2099 DTLS1_BAD_VER, DTLS1_2_VERSION,
2100 SSL_NOT_DEFAULT | SSL_HIGH,
2101 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2107 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2108 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2113 SSL3_VERSION, TLS1_2_VERSION,
2114 DTLS1_BAD_VER, DTLS1_2_VERSION,
2115 SSL_NOT_DEFAULT | SSL_HIGH,
2116 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2122 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2123 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2128 SSL3_VERSION, TLS1_2_VERSION,
2129 DTLS1_BAD_VER, DTLS1_2_VERSION,
2130 SSL_NOT_DEFAULT | SSL_HIGH,
2131 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2137 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2138 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2143 SSL3_VERSION, TLS1_2_VERSION,
2144 DTLS1_BAD_VER, DTLS1_2_VERSION,
2145 SSL_NOT_DEFAULT | SSL_HIGH,
2146 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2152 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2153 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2158 SSL3_VERSION, TLS1_2_VERSION,
2159 DTLS1_BAD_VER, DTLS1_2_VERSION,
2160 SSL_NOT_DEFAULT | SSL_HIGH,
2161 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2167 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2168 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2173 SSL3_VERSION, TLS1_2_VERSION,
2174 DTLS1_BAD_VER, DTLS1_2_VERSION,
2175 SSL_NOT_DEFAULT | SSL_HIGH,
2176 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2182 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2183 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2188 SSL3_VERSION, TLS1_2_VERSION,
2189 DTLS1_BAD_VER, DTLS1_2_VERSION,
2190 SSL_NOT_DEFAULT | SSL_HIGH,
2191 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2197 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2198 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2203 SSL3_VERSION, TLS1_2_VERSION,
2204 DTLS1_BAD_VER, DTLS1_2_VERSION,
2205 SSL_NOT_DEFAULT | SSL_HIGH,
2206 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2211 # ifndef OPENSSL_NO_EC
2214 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2215 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2220 TLS1_2_VERSION, TLS1_2_VERSION,
2221 DTLS1_2_VERSION, DTLS1_2_VERSION,
2222 SSL_NOT_DEFAULT | SSL_HIGH,
2223 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2229 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2230 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2235 TLS1_2_VERSION, TLS1_2_VERSION,
2236 DTLS1_2_VERSION, DTLS1_2_VERSION,
2237 SSL_NOT_DEFAULT | SSL_HIGH,
2238 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2244 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2245 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2250 TLS1_2_VERSION, TLS1_2_VERSION,
2251 DTLS1_2_VERSION, DTLS1_2_VERSION,
2252 SSL_NOT_DEFAULT | SSL_HIGH,
2253 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2259 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2260 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2265 TLS1_2_VERSION, TLS1_2_VERSION,
2266 DTLS1_2_VERSION, DTLS1_2_VERSION,
2267 SSL_NOT_DEFAULT | SSL_HIGH,
2268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2272 # endif /* OPENSSL_NO_EC */
2274 # ifndef OPENSSL_NO_PSK
2277 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2278 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2283 TLS1_VERSION, TLS1_2_VERSION,
2284 DTLS1_BAD_VER, DTLS1_2_VERSION,
2285 SSL_NOT_DEFAULT | SSL_HIGH,
2286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2292 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2293 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2298 TLS1_VERSION, TLS1_2_VERSION,
2299 DTLS1_BAD_VER, DTLS1_2_VERSION,
2300 SSL_NOT_DEFAULT | SSL_HIGH,
2301 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2307 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2308 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2313 TLS1_VERSION, TLS1_2_VERSION,
2314 DTLS1_BAD_VER, DTLS1_2_VERSION,
2315 SSL_NOT_DEFAULT | SSL_HIGH,
2316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2322 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2323 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2328 TLS1_VERSION, TLS1_2_VERSION,
2329 DTLS1_BAD_VER, DTLS1_2_VERSION,
2330 SSL_NOT_DEFAULT | SSL_HIGH,
2331 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2337 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2338 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2343 TLS1_VERSION, TLS1_2_VERSION,
2344 DTLS1_BAD_VER, DTLS1_2_VERSION,
2345 SSL_NOT_DEFAULT | SSL_HIGH,
2346 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2352 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2353 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2358 TLS1_VERSION, TLS1_2_VERSION,
2359 DTLS1_BAD_VER, DTLS1_2_VERSION,
2360 SSL_NOT_DEFAULT | SSL_HIGH,
2361 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2367 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2368 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2373 TLS1_VERSION, TLS1_2_VERSION,
2374 DTLS1_BAD_VER, DTLS1_2_VERSION,
2375 SSL_NOT_DEFAULT | SSL_HIGH,
2376 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2382 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2383 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2388 TLS1_VERSION, TLS1_2_VERSION,
2389 DTLS1_BAD_VER, DTLS1_2_VERSION,
2390 SSL_NOT_DEFAULT | SSL_HIGH,
2391 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2395 # endif /* OPENSSL_NO_PSK */
2397 #endif /* OPENSSL_NO_CAMELLIA */
2399 #ifndef OPENSSL_NO_GOST
2402 "GOST2001-GOST89-GOST89",
2406 SSL_eGOST2814789CNT,
2408 TLS1_VERSION, TLS1_2_VERSION,
2411 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2417 "GOST2001-NULL-GOST94",
2423 TLS1_VERSION, TLS1_2_VERSION,
2426 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2432 "GOST2012-GOST8912-GOST8912",
2435 SSL_aGOST12 | SSL_aGOST01,
2436 SSL_eGOST2814789CNT12,
2438 TLS1_VERSION, TLS1_2_VERSION,
2441 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2447 "GOST2012-NULL-GOST12",
2450 SSL_aGOST12 | SSL_aGOST01,
2453 TLS1_VERSION, TLS1_2_VERSION,
2456 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2460 #endif /* OPENSSL_NO_GOST */
2462 #ifndef OPENSSL_NO_IDEA
2465 SSL3_TXT_RSA_IDEA_128_SHA,
2466 SSL3_CK_RSA_IDEA_128_SHA,
2471 SSL3_VERSION, TLS1_1_VERSION,
2472 DTLS1_BAD_VER, DTLS1_VERSION,
2473 SSL_NOT_DEFAULT | SSL_MEDIUM,
2474 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2480 #ifndef OPENSSL_NO_SEED
2483 TLS1_TXT_RSA_WITH_SEED_SHA,
2484 TLS1_CK_RSA_WITH_SEED_SHA,
2489 SSL3_VERSION, TLS1_2_VERSION,
2490 DTLS1_BAD_VER, DTLS1_2_VERSION,
2491 SSL_NOT_DEFAULT | SSL_MEDIUM,
2492 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2498 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2499 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2504 SSL3_VERSION, TLS1_2_VERSION,
2505 DTLS1_BAD_VER, DTLS1_2_VERSION,
2506 SSL_NOT_DEFAULT | SSL_MEDIUM,
2507 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2513 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2514 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2519 SSL3_VERSION, TLS1_2_VERSION,
2520 DTLS1_BAD_VER, DTLS1_2_VERSION,
2521 SSL_NOT_DEFAULT | SSL_MEDIUM,
2522 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2528 TLS1_TXT_ADH_WITH_SEED_SHA,
2529 TLS1_CK_ADH_WITH_SEED_SHA,
2534 SSL3_VERSION, TLS1_2_VERSION,
2535 DTLS1_BAD_VER, DTLS1_2_VERSION,
2536 SSL_NOT_DEFAULT | SSL_MEDIUM,
2537 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2541 #endif /* OPENSSL_NO_SEED */
2543 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2546 SSL3_TXT_RSA_RC4_128_MD5,
2547 SSL3_CK_RSA_RC4_128_MD5,
2552 SSL3_VERSION, TLS1_2_VERSION,
2554 SSL_NOT_DEFAULT | SSL_MEDIUM,
2555 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2561 SSL3_TXT_RSA_RC4_128_SHA,
2562 SSL3_CK_RSA_RC4_128_SHA,
2567 SSL3_VERSION, TLS1_2_VERSION,
2569 SSL_NOT_DEFAULT | SSL_MEDIUM,
2570 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2576 SSL3_TXT_ADH_RC4_128_MD5,
2577 SSL3_CK_ADH_RC4_128_MD5,
2582 SSL3_VERSION, TLS1_2_VERSION,
2584 SSL_NOT_DEFAULT | SSL_MEDIUM,
2585 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2590 # ifndef OPENSSL_NO_EC
2593 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2594 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2599 SSL3_VERSION, TLS1_2_VERSION,
2601 SSL_NOT_DEFAULT | SSL_MEDIUM,
2602 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2608 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2609 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2614 SSL3_VERSION, TLS1_2_VERSION,
2616 SSL_NOT_DEFAULT | SSL_MEDIUM,
2617 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2623 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2624 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2629 SSL3_VERSION, TLS1_2_VERSION,
2631 SSL_NOT_DEFAULT | SSL_MEDIUM,
2632 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2638 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2639 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2644 SSL3_VERSION, TLS1_2_VERSION,
2646 SSL_NOT_DEFAULT | SSL_MEDIUM,
2647 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2651 # endif /* OPENSSL_NO_EC */
2653 # ifndef OPENSSL_NO_PSK
2656 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2657 TLS1_CK_PSK_WITH_RC4_128_SHA,
2662 SSL3_VERSION, TLS1_2_VERSION,
2664 SSL_NOT_DEFAULT | SSL_MEDIUM,
2665 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2671 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2672 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2677 SSL3_VERSION, TLS1_2_VERSION,
2679 SSL_NOT_DEFAULT | SSL_MEDIUM,
2680 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2686 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2687 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2692 SSL3_VERSION, TLS1_2_VERSION,
2694 SSL_NOT_DEFAULT | SSL_MEDIUM,
2695 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2699 # endif /* OPENSSL_NO_PSK */
2701 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2705 static int cipher_compare(const void *a, const void *b)
2707 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2708 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2710 return ap->id - bp->id;
2713 void ssl_sort_cipher_list(void)
2715 qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
2719 const SSL3_ENC_METHOD SSLv3_enc_data = {
2722 ssl3_setup_key_block,
2723 ssl3_generate_master_secret,
2724 ssl3_change_cipher_state,
2725 ssl3_final_finish_mac,
2726 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2727 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2728 SSL3_MD_SERVER_FINISHED_CONST, 4,
2730 (int (*)(SSL *, unsigned char *, size_t, const char *,
2731 size_t, const unsigned char *, size_t,
2732 int use_context))ssl_undefined_function,
2734 SSL3_HM_HEADER_LENGTH,
2735 ssl3_set_handshake_header,
2736 ssl3_handshake_write
2739 long ssl3_default_timeout(void)
2742 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2743 * http, the cache would over fill
2745 return (60 * 60 * 2);
2748 int ssl3_num_ciphers(void)
2750 return (SSL3_NUM_CIPHERS);
2753 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2755 if (u < SSL3_NUM_CIPHERS)
2756 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2761 int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2763 unsigned char *p = (unsigned char *)s->init_buf->data;
2766 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2772 int ssl3_handshake_write(SSL *s)
2774 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2777 int ssl3_new(SSL *s)
2781 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2785 #ifndef OPENSSL_NO_SRP
2786 if (!SSL_SRP_CTX_init(s))
2789 s->method->ssl_clear(s);
2795 void ssl3_free(SSL *s)
2797 if (s == NULL || s->s3 == NULL)
2800 ssl3_cleanup_key_block(s);
2802 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2803 EVP_PKEY_free(s->s3->peer_tmp);
2804 s->s3->peer_tmp = NULL;
2805 EVP_PKEY_free(s->s3->tmp.pkey);
2806 s->s3->tmp.pkey = NULL;
2809 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2810 OPENSSL_free(s->s3->tmp.ciphers_raw);
2811 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2812 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2813 ssl3_free_digest_list(s);
2814 OPENSSL_free(s->s3->alpn_selected);
2815 OPENSSL_free(s->s3->alpn_proposed);
2817 #ifndef OPENSSL_NO_SRP
2818 SSL_SRP_CTX_free(s);
2820 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2824 void ssl3_clear(SSL *s)
2826 ssl3_cleanup_key_block(s);
2827 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2828 OPENSSL_free(s->s3->tmp.ciphers_raw);
2829 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2830 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2832 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2833 EVP_PKEY_free(s->s3->tmp.pkey);
2834 EVP_PKEY_free(s->s3->peer_tmp);
2835 #endif /* !OPENSSL_NO_EC */
2837 ssl3_free_digest_list(s);
2839 OPENSSL_free(s->s3->alpn_selected);
2840 OPENSSL_free(s->s3->alpn_proposed);
2842 /* NULL/zero-out everything in the s3 struct */
2843 memset(s->s3, 0, sizeof(*s->s3));
2845 ssl_free_wbio_buffer(s);
2847 s->version = SSL3_VERSION;
2849 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2850 OPENSSL_free(s->next_proto_negotiated);
2851 s->next_proto_negotiated = NULL;
2852 s->next_proto_negotiated_len = 0;
2856 #ifndef OPENSSL_NO_SRP
2857 static char *srp_password_from_info_cb(SSL *s, void *arg)
2859 return OPENSSL_strdup(s->srp_ctx.info);
2863 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
2865 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2870 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2872 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2873 ret = s->s3->num_renegotiations;
2875 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2876 ret = s->s3->num_renegotiations;
2877 s->s3->num_renegotiations = 0;
2879 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2880 ret = s->s3->total_renegotiations;
2882 case SSL_CTRL_GET_FLAGS:
2883 ret = (int)(s->s3->flags);
2885 #ifndef OPENSSL_NO_DH
2886 case SSL_CTRL_SET_TMP_DH:
2888 DH *dh = (DH *)parg;
2889 EVP_PKEY *pkdh = NULL;
2891 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2894 pkdh = ssl_dh_to_pkey(dh);
2896 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2899 if (!ssl_security(s, SSL_SECOP_TMP_DH,
2900 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
2901 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
2902 EVP_PKEY_free(pkdh);
2905 EVP_PKEY_free(s->cert->dh_tmp);
2906 s->cert->dh_tmp = pkdh;
2910 case SSL_CTRL_SET_TMP_DH_CB:
2912 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2915 case SSL_CTRL_SET_DH_AUTO:
2916 s->cert->dh_tmp_auto = larg;
2919 #ifndef OPENSSL_NO_EC
2920 case SSL_CTRL_SET_TMP_ECDH:
2922 const EC_GROUP *group = NULL;
2926 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2929 group = EC_KEY_get0_group((const EC_KEY *)parg);
2930 if (group == NULL) {
2931 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
2934 nid = EC_GROUP_get_curve_name(group);
2935 if (nid == NID_undef)
2937 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
2938 &s->tlsext_ellipticcurvelist_length,
2942 #endif /* !OPENSSL_NO_EC */
2943 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2944 if (larg == TLSEXT_NAMETYPE_host_name) {
2947 OPENSSL_free(s->tlsext_hostname);
2948 s->tlsext_hostname = NULL;
2953 len = strlen((char *)parg);
2954 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
2955 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2958 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
2959 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2963 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2967 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2968 s->tlsext_debug_arg = parg;
2972 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
2973 ret = s->tlsext_status_type;
2976 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2977 s->tlsext_status_type = larg;
2981 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2982 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2986 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2987 s->tlsext_ocsp_exts = parg;
2991 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2992 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2996 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2997 s->tlsext_ocsp_ids = parg;
3001 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3002 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3003 return s->tlsext_ocsp_resplen;
3005 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3006 OPENSSL_free(s->tlsext_ocsp_resp);
3007 s->tlsext_ocsp_resp = parg;
3008 s->tlsext_ocsp_resplen = larg;
3012 #ifndef OPENSSL_NO_HEARTBEATS
3013 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3015 ret = dtls1_heartbeat(s);
3018 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3020 ret = s->tlsext_hb_pending;
3023 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3024 if (SSL_IS_DTLS(s)) {
3026 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3028 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3034 case SSL_CTRL_CHAIN:
3036 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3038 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3040 case SSL_CTRL_CHAIN_CERT:
3042 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3044 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3046 case SSL_CTRL_GET_CHAIN_CERTS:
3047 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3050 case SSL_CTRL_SELECT_CURRENT_CERT:
3051 return ssl_cert_select_current(s->cert, (X509 *)parg);
3053 case SSL_CTRL_SET_CURRENT_CERT:
3054 if (larg == SSL_CERT_SET_SERVER) {
3056 const SSL_CIPHER *cipher;
3059 cipher = s->s3->tmp.new_cipher;
3063 * No certificate for unauthenticated ciphersuites or using SRP
3066 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3068 cpk = ssl_get_server_send_pkey(s);
3074 return ssl_cert_set_current(s->cert, larg);
3076 #ifndef OPENSSL_NO_EC
3077 case SSL_CTRL_GET_CURVES:
3079 unsigned char *clist;
3083 clist = s->session->tlsext_ellipticcurvelist;
3084 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3088 unsigned int cid, nid;
3089 for (i = 0; i < clistlen; i++) {
3091 nid = tls1_ec_curve_id2nid(cid, NULL);
3095 cptr[i] = TLSEXT_nid_unknown | cid;
3098 return (int)clistlen;
3101 case SSL_CTRL_SET_CURVES:
3102 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3103 &s->tlsext_ellipticcurvelist_length, parg, larg);
3105 case SSL_CTRL_SET_CURVES_LIST:
3106 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3107 &s->tlsext_ellipticcurvelist_length, parg);
3109 case SSL_CTRL_GET_SHARED_CURVE:
3110 return tls1_shared_curve(s, larg);
3113 case SSL_CTRL_SET_SIGALGS:
3114 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3116 case SSL_CTRL_SET_SIGALGS_LIST:
3117 return tls1_set_sigalgs_list(s->cert, parg, 0);
3119 case SSL_CTRL_SET_CLIENT_SIGALGS:
3120 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3122 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3123 return tls1_set_sigalgs_list(s->cert, parg, 1);
3125 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3127 const unsigned char **pctype = parg;
3128 if (s->server || !s->s3->tmp.cert_req)
3130 if (s->cert->ctypes) {
3132 *pctype = s->cert->ctypes;
3133 return (int)s->cert->ctype_num;
3136 *pctype = (unsigned char *)s->s3->tmp.ctype;
3137 return s->s3->tmp.ctype_num;
3140 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3143 return ssl3_set_req_cert_type(s->cert, parg, larg);
3145 case SSL_CTRL_BUILD_CERT_CHAIN:
3146 return ssl_build_cert_chain(s, NULL, larg);
3148 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3149 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3151 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3152 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3154 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3155 if (SSL_USE_SIGALGS(s)) {
3158 sig = s->s3->tmp.peer_md;
3160 *(int *)parg = EVP_MD_type(sig);
3166 /* Might want to do something here for other versions */
3170 case SSL_CTRL_GET_SERVER_TMP_KEY:
3171 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3172 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3175 EVP_PKEY_up_ref(s->s3->peer_tmp);
3176 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3182 #ifndef OPENSSL_NO_EC
3183 case SSL_CTRL_GET_EC_POINT_FORMATS:
3185 SSL_SESSION *sess = s->session;
3186 const unsigned char **pformat = parg;
3187 if (!sess || !sess->tlsext_ecpointformatlist)
3189 *pformat = sess->tlsext_ecpointformatlist;
3190 return (int)sess->tlsext_ecpointformatlist_length;
3200 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3205 #ifndef OPENSSL_NO_DH
3206 case SSL_CTRL_SET_TMP_DH_CB:
3208 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3212 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3213 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3214 const unsigned char *, int, void *))fp;
3217 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3219 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3228 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3231 #ifndef OPENSSL_NO_DH
3232 case SSL_CTRL_SET_TMP_DH:
3234 DH *dh = (DH *)parg;
3235 EVP_PKEY *pkdh = NULL;
3237 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3240 pkdh = ssl_dh_to_pkey(dh);
3242 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3245 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3246 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3247 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3248 EVP_PKEY_free(pkdh);
3251 EVP_PKEY_free(ctx->cert->dh_tmp);
3252 ctx->cert->dh_tmp = pkdh;
3258 case SSL_CTRL_SET_TMP_DH_CB:
3260 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3263 case SSL_CTRL_SET_DH_AUTO:
3264 ctx->cert->dh_tmp_auto = larg;
3267 #ifndef OPENSSL_NO_EC
3268 case SSL_CTRL_SET_TMP_ECDH:
3270 const EC_GROUP *group = NULL;
3274 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3277 group = EC_KEY_get0_group((const EC_KEY *)parg);
3278 if (group == NULL) {
3279 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3282 nid = EC_GROUP_get_curve_name(group);
3283 if (nid == NID_undef)
3285 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3286 &ctx->tlsext_ellipticcurvelist_length,
3290 #endif /* !OPENSSL_NO_EC */
3291 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3292 ctx->tlsext_servername_arg = parg;
3294 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3295 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3297 unsigned char *keys = parg;
3298 long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
3299 sizeof(ctx->tlsext_tick_hmac_key) +
3300 sizeof(ctx->tlsext_tick_aes_key));
3302 return tlsext_tick_keylen;
3303 if (larg != tlsext_tick_keylen) {
3304 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3307 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3308 memcpy(ctx->tlsext_tick_key_name, keys,
3309 sizeof(ctx->tlsext_tick_key_name));
3310 memcpy(ctx->tlsext_tick_hmac_key,
3311 keys + sizeof(ctx->tlsext_tick_key_name),
3312 sizeof(ctx->tlsext_tick_hmac_key));
3313 memcpy(ctx->tlsext_tick_aes_key,
3314 keys + sizeof(ctx->tlsext_tick_key_name) +
3315 sizeof(ctx->tlsext_tick_hmac_key),
3316 sizeof(ctx->tlsext_tick_aes_key));
3318 memcpy(keys, ctx->tlsext_tick_key_name,
3319 sizeof(ctx->tlsext_tick_key_name));
3320 memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
3321 ctx->tlsext_tick_hmac_key,
3322 sizeof(ctx->tlsext_tick_hmac_key));
3323 memcpy(keys + sizeof(ctx->tlsext_tick_key_name) +
3324 sizeof(ctx->tlsext_tick_hmac_key),
3325 ctx->tlsext_tick_aes_key,
3326 sizeof(ctx->tlsext_tick_aes_key));
3331 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3332 return ctx->tlsext_status_type;
3334 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3335 ctx->tlsext_status_type = larg;
3338 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3339 ctx->tlsext_status_arg = parg;
3342 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3343 *(void**)parg = ctx->tlsext_status_arg;
3346 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3347 *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb;
3350 #ifndef OPENSSL_NO_SRP
3351 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3352 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3353 OPENSSL_free(ctx->srp_ctx.login);
3354 ctx->srp_ctx.login = NULL;
3357 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3358 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3361 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3362 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3366 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3367 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3368 srp_password_from_info_cb;
3369 ctx->srp_ctx.info = parg;
3371 case SSL_CTRL_SET_SRP_ARG:
3372 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3373 ctx->srp_ctx.SRP_cb_arg = parg;
3376 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3377 ctx->srp_ctx.strength = larg;
3381 #ifndef OPENSSL_NO_EC
3382 case SSL_CTRL_SET_CURVES:
3383 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3384 &ctx->tlsext_ellipticcurvelist_length,
3387 case SSL_CTRL_SET_CURVES_LIST:
3388 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3389 &ctx->tlsext_ellipticcurvelist_length,
3392 case SSL_CTRL_SET_SIGALGS:
3393 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3395 case SSL_CTRL_SET_SIGALGS_LIST:
3396 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3398 case SSL_CTRL_SET_CLIENT_SIGALGS:
3399 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3401 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3402 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3404 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3405 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3407 case SSL_CTRL_BUILD_CERT_CHAIN:
3408 return ssl_build_cert_chain(NULL, ctx, larg);
3410 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3411 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3413 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3414 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3416 /* A Thawte special :-) */
3417 case SSL_CTRL_EXTRA_CHAIN_CERT:
3418 if (ctx->extra_certs == NULL) {
3419 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3420 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3424 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3425 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3430 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3431 if (ctx->extra_certs == NULL && larg == 0)
3432 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3434 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3437 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3438 sk_X509_pop_free(ctx->extra_certs, X509_free);
3439 ctx->extra_certs = NULL;
3442 case SSL_CTRL_CHAIN:
3444 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3446 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3448 case SSL_CTRL_CHAIN_CERT:
3450 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3452 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3454 case SSL_CTRL_GET_CHAIN_CERTS:
3455 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3458 case SSL_CTRL_SELECT_CURRENT_CERT:
3459 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3461 case SSL_CTRL_SET_CURRENT_CERT:
3462 return ssl_cert_set_current(ctx->cert, larg);
3470 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3473 #ifndef OPENSSL_NO_DH
3474 case SSL_CTRL_SET_TMP_DH_CB:
3476 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3480 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3481 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3484 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3485 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3488 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3489 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3492 HMAC_CTX *, int))fp;
3495 #ifndef OPENSSL_NO_SRP
3496 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3497 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3498 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3500 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3501 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3502 ctx->srp_ctx.TLS_ext_srp_username_callback =
3503 (int (*)(SSL *, int *, void *))fp;
3505 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3506 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3507 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3508 (char *(*)(SSL *, void *))fp;
3511 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3513 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3523 * This function needs to check if the ciphers required are actually
3526 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3529 const SSL_CIPHER *cp;
3532 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
3534 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3538 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3544 if ((l & 0xff000000) != 0x03000000)
3546 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3547 p[1] = ((unsigned char)(l)) & 0xFF;
3553 * ssl3_choose_cipher - choose a cipher from those offered by the client
3554 * @s: SSL connection
3555 * @clnt: ciphers offered by the client
3556 * @srvr: ciphers enabled on the server?
3558 * Returns the selected cipher or NULL when no common ciphers.
3560 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3561 STACK_OF(SSL_CIPHER) *srvr)
3563 const SSL_CIPHER *c, *ret = NULL;
3564 STACK_OF(SSL_CIPHER) *prio, *allow;
3566 unsigned long alg_k, alg_a, mask_k, mask_a;
3568 /* Let's see which ciphers we can support */
3572 * Do not set the compare functions, because this may lead to a
3573 * reordering by "id". We want to keep the original ordering. We may pay
3574 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3575 * pay with the price of sk_SSL_CIPHER_dup().
3577 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3578 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3582 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3584 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3585 c = sk_SSL_CIPHER_value(srvr, i);
3586 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3588 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3590 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3591 c = sk_SSL_CIPHER_value(clnt, i);
3592 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3596 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3604 tls1_set_cert_validity(s);
3607 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3608 c = sk_SSL_CIPHER_value(prio, i);
3610 /* Skip ciphers not supported by the protocol version */
3611 if (!SSL_IS_DTLS(s) &&
3612 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3614 if (SSL_IS_DTLS(s) &&
3615 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3616 DTLS_VERSION_GT(s->version, c->max_dtls)))
3619 mask_k = s->s3->tmp.mask_k;
3620 mask_a = s->s3->tmp.mask_a;
3621 #ifndef OPENSSL_NO_SRP
3622 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3628 alg_k = c->algorithm_mkey;
3629 alg_a = c->algorithm_auth;
3631 #ifndef OPENSSL_NO_PSK
3632 /* with PSK there must be server callback set */
3633 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3635 #endif /* OPENSSL_NO_PSK */
3637 ok = (alg_k & mask_k) && (alg_a & mask_a);
3639 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3640 alg_a, mask_k, mask_a, (void *)c, c->name);
3643 #ifndef OPENSSL_NO_EC
3645 * if we are considering an ECC cipher suite that uses an ephemeral
3648 if (alg_k & SSL_kECDHE)
3649 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3650 #endif /* OPENSSL_NO_EC */
3654 ii = sk_SSL_CIPHER_find(allow, c);
3656 /* Check security callback permits this cipher */
3657 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3658 c->strength_bits, 0, (void *)c))
3660 #if !defined(OPENSSL_NO_EC)
3661 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3662 && s->s3->is_probably_safari) {
3664 ret = sk_SSL_CIPHER_value(allow, ii);
3668 ret = sk_SSL_CIPHER_value(allow, ii);
3675 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3678 uint32_t alg_k, alg_a = 0;
3680 /* If we have custom certificate types set, use them */
3681 if (s->cert->ctypes) {
3682 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
3683 return (int)s->cert->ctype_num;
3685 /* Get mask of algorithms disabled by signature list */
3686 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3688 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3690 #ifndef OPENSSL_NO_GOST
3691 if (s->version >= TLS1_VERSION) {
3692 if (alg_k & SSL_kGOST) {
3693 p[ret++] = TLS_CT_GOST01_SIGN;
3694 p[ret++] = TLS_CT_GOST12_SIGN;
3695 p[ret++] = TLS_CT_GOST12_512_SIGN;
3701 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3702 #ifndef OPENSSL_NO_DH
3703 # ifndef OPENSSL_NO_RSA
3704 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3706 # ifndef OPENSSL_NO_DSA
3707 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3709 #endif /* !OPENSSL_NO_DH */
3711 #ifndef OPENSSL_NO_RSA
3712 if (!(alg_a & SSL_aRSA))
3713 p[ret++] = SSL3_CT_RSA_SIGN;
3715 #ifndef OPENSSL_NO_DSA
3716 if (!(alg_a & SSL_aDSS))
3717 p[ret++] = SSL3_CT_DSS_SIGN;
3719 #ifndef OPENSSL_NO_EC
3721 * ECDSA certs can be used with RSA cipher suites too so we don't
3722 * need to check for SSL_kECDH or SSL_kECDHE
3724 if (s->version >= TLS1_VERSION) {
3725 if (!(alg_a & SSL_aECDSA))
3726 p[ret++] = TLS_CT_ECDSA_SIGN;
3732 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3734 OPENSSL_free(c->ctypes);
3740 c->ctypes = OPENSSL_malloc(len);
3741 if (c->ctypes == NULL)
3743 memcpy(c->ctypes, p, len);
3748 int ssl3_shutdown(SSL *s)
3753 * Don't do anything much if we have not done the handshake or we don't
3754 * want to send messages :-)
3756 if (s->quiet_shutdown || SSL_in_before(s)) {
3757 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3761 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3762 s->shutdown |= SSL_SENT_SHUTDOWN;
3763 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3765 * our shutdown alert has been sent now, and if it still needs to be
3766 * written, s->s3->alert_dispatch will be true
3768 if (s->s3->alert_dispatch)
3769 return (-1); /* return WANT_WRITE */
3770 } else if (s->s3->alert_dispatch) {
3771 /* resend it if not sent */
3772 ret = s->method->ssl_dispatch_alert(s);
3775 * we only get to return -1 here the 2nd/Nth invocation, we must
3776 * have already signalled return 0 upon a previous invocation,
3781 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3783 * If we are waiting for a close from our peer, we are closed
3785 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
3786 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3787 return (-1); /* return WANT_READ */
3791 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3792 !s->s3->alert_dispatch)
3798 int ssl3_write(SSL *s, const void *buf, int len)
3801 if (s->s3->renegotiate)
3802 ssl3_renegotiate_check(s);
3804 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
3807 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3812 if (s->s3->renegotiate)
3813 ssl3_renegotiate_check(s);
3814 s->s3->in_read_app_data = 1;
3816 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3818 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3820 * ssl3_read_bytes decided to call s->handshake_func, which called
3821 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3822 * actually found application data and thinks that application data
3823 * makes sense here; so disable handshake processing and try to read
3824 * application data again.
3826 ossl_statem_set_in_handshake(s, 1);
3828 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3830 ossl_statem_set_in_handshake(s, 0);
3832 s->s3->in_read_app_data = 0;
3837 int ssl3_read(SSL *s, void *buf, int len)
3839 return ssl3_read_internal(s, buf, len, 0);
3842 int ssl3_peek(SSL *s, void *buf, int len)
3844 return ssl3_read_internal(s, buf, len, 1);
3847 int ssl3_renegotiate(SSL *s)
3849 if (s->handshake_func == NULL)
3852 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3855 s->s3->renegotiate = 1;
3859 int ssl3_renegotiate_check(SSL *s)
3863 if (s->s3->renegotiate) {
3864 if (!RECORD_LAYER_read_pending(&s->rlayer)
3865 && !RECORD_LAYER_write_pending(&s->rlayer)
3866 && !SSL_in_init(s)) {
3868 * if we are the server, and we have sent a 'RENEGOTIATE'
3869 * message, we need to set the state machine into the renegotiate
3872 ossl_statem_set_renegotiate(s);
3873 s->s3->renegotiate = 0;
3874 s->s3->num_renegotiations++;
3875 s->s3->total_renegotiations++;
3883 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3884 * handshake macs if required.
3886 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3888 long ssl_get_algorithm2(SSL *s)
3891 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
3893 alg2 = s->s3->tmp.new_cipher->algorithm2;
3894 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3895 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3896 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3897 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3898 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3899 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3905 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3906 * failure, 1 on success.
3908 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
3915 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
3917 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
3919 unsigned long Time = (unsigned long)time(NULL);
3920 unsigned char *p = result;
3922 return RAND_bytes(p, len - 4);
3924 return RAND_bytes(result, len);
3927 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
3930 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3931 if (alg_k & SSL_PSK) {
3932 #ifndef OPENSSL_NO_PSK
3933 unsigned char *pskpms, *t;
3934 size_t psklen = s->s3->tmp.psklen;
3937 /* create PSK premaster_secret */
3939 /* For plain PSK "other_secret" is psklen zeroes */
3940 if (alg_k & SSL_kPSK)
3943 pskpmslen = 4 + pmslen + psklen;
3944 pskpms = OPENSSL_malloc(pskpmslen);
3945 if (pskpms == NULL) {
3946 s->session->master_key_length = 0;
3951 if (alg_k & SSL_kPSK)
3952 memset(t, 0, pmslen);
3954 memcpy(t, pms, pmslen);
3957 memcpy(t, s->s3->tmp.psk, psklen);
3959 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
3960 s->s3->tmp.psk = NULL;
3961 s->session->master_key_length =
3962 s->method->ssl3_enc->generate_master_secret(s,
3963 s->session->master_key,
3965 OPENSSL_clear_free(pskpms, pskpmslen);
3967 /* Should never happen */
3968 s->session->master_key_length = 0;
3972 s->session->master_key_length =
3973 s->method->ssl3_enc->generate_master_secret(s,
3974 s->session->master_key,
3981 OPENSSL_clear_free(pms, pmslen);
3983 OPENSSL_cleanse(pms, pmslen);
3986 s->s3->tmp.pms = NULL;
3987 return s->session->master_key_length >= 0;
3990 /* Generate a private key from parameters */
3991 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
3993 EVP_PKEY_CTX *pctx = NULL;
3994 EVP_PKEY *pkey = NULL;
3998 pctx = EVP_PKEY_CTX_new(pm, NULL);
4001 if (EVP_PKEY_keygen_init(pctx) <= 0)
4003 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4004 EVP_PKEY_free(pkey);
4009 EVP_PKEY_CTX_free(pctx);
4012 #ifndef OPENSSL_NO_EC
4013 /* Generate a private key a curve ID */
4014 EVP_PKEY *ssl_generate_pkey_curve(int id)
4016 EVP_PKEY_CTX *pctx = NULL;
4017 EVP_PKEY *pkey = NULL;
4018 unsigned int curve_flags;
4019 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4023 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4024 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4027 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4031 if (EVP_PKEY_keygen_init(pctx) <= 0)
4033 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4035 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4036 EVP_PKEY_free(pkey);
4041 EVP_PKEY_CTX_free(pctx);
4046 /* Derive premaster or master secret for ECDH/DH */
4047 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4050 unsigned char *pms = NULL;
4054 if (privkey == NULL || pubkey == NULL)
4057 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4059 if (EVP_PKEY_derive_init(pctx) <= 0
4060 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4061 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4065 pms = OPENSSL_malloc(pmslen);
4069 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4073 /* For server generate master secret and discard premaster */
4074 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4077 /* For client just save premaster secret */
4078 s->s3->tmp.pms = pms;
4079 s->s3->tmp.pmslen = pmslen;
4085 OPENSSL_clear_free(pms, pmslen);
4086 EVP_PKEY_CTX_free(pctx);
4090 #ifndef OPENSSL_NO_DH
4091 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4096 ret = EVP_PKEY_new();
4097 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {