1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
86 * 6. Redistributions of any form whatsoever must retain the following
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * Portions of the attached software ("Contribution") are developed by
114 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 * The Contribution is licensed pursuant to the OpenSSL open source
117 * license provided above.
119 * ECC cipher suite support in OpenSSL originally written by
120 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
123 /* ====================================================================
124 * Copyright 2005 Nokia. All rights reserved.
126 * The portions of the attached software ("Contribution") is developed by
127 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
130 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132 * support (see RFC 4279) to OpenSSL.
134 * No patent licenses or other rights except those expressly stated in
135 * the OpenSSL open source license shall be deemed granted or received
136 * expressly, by implication, estoppel, or otherwise.
138 * No assurances are provided by Nokia that the Contribution does not
139 * infringe the patent or other intellectual property rights of any third
140 * party or that the license provides you with all the necessary rights
141 * to make use of the Contribution.
143 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
151 #include <openssl/objects.h>
152 #include "ssl_locl.h"
153 #include <openssl/md5.h>
154 #ifndef OPENSSL_NO_DH
155 # include <openssl/dh.h>
157 #include <openssl/rand.h>
159 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
161 /* list of available SSLv3 ciphers (sorted by id) */
162 static const SSL_CIPHER ssl3_ciphers[] = {
164 /* The RSA ciphers */
168 SSL3_TXT_RSA_NULL_MD5,
169 SSL3_CK_RSA_NULL_MD5,
176 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
184 SSL3_TXT_RSA_NULL_SHA,
185 SSL3_CK_RSA_NULL_SHA,
191 SSL_STRONG_NONE | SSL_FIPS,
192 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
198 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
201 SSL3_TXT_RSA_RC4_128_MD5,
202 SSL3_CK_RSA_RC4_128_MD5,
208 SSL_NOT_DEFAULT | SSL_MEDIUM,
209 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
217 SSL3_TXT_RSA_RC4_128_SHA,
218 SSL3_CK_RSA_RC4_128_SHA,
224 SSL_NOT_DEFAULT | SSL_MEDIUM,
225 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
232 #ifndef OPENSSL_NO_IDEA
235 SSL3_TXT_RSA_IDEA_128_SHA,
236 SSL3_CK_RSA_IDEA_128_SHA,
242 SSL_NOT_DEFAULT | SSL_MEDIUM,
243 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
252 SSL3_TXT_RSA_DES_192_CBC3_SHA,
253 SSL3_CK_RSA_DES_192_CBC3_SHA,
260 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
268 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
269 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
275 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
276 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
284 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
285 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
292 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
298 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
301 SSL3_TXT_ADH_RC4_128_MD5,
302 SSL3_CK_ADH_RC4_128_MD5,
308 SSL_NOT_DEFAULT | SSL_MEDIUM,
309 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
318 SSL3_TXT_ADH_DES_192_CBC_SHA,
319 SSL3_CK_ADH_DES_192_CBC_SHA,
325 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
326 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
330 #ifndef OPENSSL_NO_PSK
334 TLS1_TXT_PSK_WITH_NULL_SHA,
335 TLS1_CK_PSK_WITH_NULL_SHA,
341 SSL_STRONG_NONE | SSL_FIPS,
342 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
349 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
350 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
356 SSL_STRONG_NONE | SSL_FIPS,
357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
364 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
365 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
371 SSL_STRONG_NONE | SSL_FIPS,
372 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
378 /* New AES ciphersuites */
382 TLS1_TXT_RSA_WITH_AES_128_SHA,
383 TLS1_CK_RSA_WITH_AES_128_SHA,
390 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
397 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
398 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
404 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
405 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
412 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
413 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
420 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
427 TLS1_TXT_ADH_WITH_AES_128_SHA,
428 TLS1_CK_ADH_WITH_AES_128_SHA,
434 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
435 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
443 TLS1_TXT_RSA_WITH_AES_256_SHA,
444 TLS1_CK_RSA_WITH_AES_256_SHA,
451 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
459 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
460 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
466 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
467 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
475 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
476 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
483 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
491 TLS1_TXT_ADH_WITH_AES_256_SHA,
492 TLS1_CK_ADH_WITH_AES_256_SHA,
498 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
499 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
504 /* TLS v1.2 ciphersuites */
508 TLS1_TXT_RSA_WITH_NULL_SHA256,
509 TLS1_CK_RSA_WITH_NULL_SHA256,
515 SSL_STRONG_NONE | SSL_FIPS,
516 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
524 TLS1_TXT_RSA_WITH_AES_128_SHA256,
525 TLS1_CK_RSA_WITH_AES_128_SHA256,
532 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
540 TLS1_TXT_RSA_WITH_AES_256_SHA256,
541 TLS1_CK_RSA_WITH_AES_256_SHA256,
548 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
556 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
557 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
563 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
564 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
569 #ifndef OPENSSL_NO_CAMELLIA
570 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
575 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
576 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
582 SSL_NOT_DEFAULT | SSL_HIGH,
583 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
591 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
592 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
598 SSL_NOT_DEFAULT | SSL_HIGH,
599 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
607 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
608 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
614 SSL_NOT_DEFAULT | SSL_HIGH,
615 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
623 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
624 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
630 SSL_NOT_DEFAULT | SSL_HIGH,
631 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
635 #endif /* OPENSSL_NO_CAMELLIA */
637 /* TLS v1.2 ciphersuites */
641 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
642 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
649 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
657 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
658 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
664 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
665 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
673 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
674 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
681 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
689 TLS1_TXT_ADH_WITH_AES_128_SHA256,
690 TLS1_CK_ADH_WITH_AES_128_SHA256,
696 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
697 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
705 TLS1_TXT_ADH_WITH_AES_256_SHA256,
706 TLS1_CK_ADH_WITH_AES_256_SHA256,
712 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
713 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
718 /* GOST Ciphersuites */
719 #ifndef OPENSL_NO_GOST
722 "GOST2001-GOST89-GOST89",
730 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
736 "GOST2001-NULL-GOST94",
744 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
749 #ifndef OPENSSL_NO_CAMELLIA
750 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
755 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
756 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
762 SSL_NOT_DEFAULT | SSL_HIGH,
763 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
771 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
772 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
778 SSL_NOT_DEFAULT | SSL_HIGH,
779 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
787 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
788 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
794 SSL_NOT_DEFAULT | SSL_HIGH,
795 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
803 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
804 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
810 SSL_NOT_DEFAULT | SSL_HIGH,
811 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
815 #endif /* OPENSSL_NO_CAMELLIA */
817 #ifndef OPENSSL_NO_PSK
818 /* PSK ciphersuites from RFC 4279 */
820 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
823 TLS1_TXT_PSK_WITH_RC4_128_SHA,
824 TLS1_CK_PSK_WITH_RC4_128_SHA,
830 SSL_NOT_DEFAULT | SSL_MEDIUM,
831 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
840 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
841 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
848 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
856 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
857 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
864 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
872 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
873 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
880 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
886 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
889 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
890 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
896 SSL_NOT_DEFAULT | SSL_MEDIUM,
897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
906 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
907 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
914 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
922 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
923 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
930 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
938 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
939 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
946 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
952 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
955 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
956 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
962 SSL_NOT_DEFAULT | SSL_MEDIUM,
963 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
972 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
973 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
980 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
988 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
989 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
996 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1004 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1005 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1011 SSL_HIGH | SSL_FIPS,
1012 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1016 #endif /* OPENSSL_NO_PSK */
1018 #ifndef OPENSSL_NO_SEED
1019 /* SEED ciphersuites from RFC4162 */
1024 TLS1_TXT_RSA_WITH_SEED_SHA,
1025 TLS1_CK_RSA_WITH_SEED_SHA,
1031 SSL_NOT_DEFAULT | SSL_MEDIUM,
1032 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1040 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1041 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1047 SSL_NOT_DEFAULT | SSL_MEDIUM,
1048 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1056 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1057 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1063 SSL_NOT_DEFAULT | SSL_MEDIUM,
1064 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1072 TLS1_TXT_ADH_WITH_SEED_SHA,
1073 TLS1_CK_ADH_WITH_SEED_SHA,
1079 SSL_NOT_DEFAULT | SSL_MEDIUM,
1080 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1085 #endif /* OPENSSL_NO_SEED */
1087 /* GCM ciphersuites from RFC5288 */
1092 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1093 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1099 SSL_HIGH | SSL_FIPS,
1100 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1108 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1109 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1115 SSL_HIGH | SSL_FIPS,
1116 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1124 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1125 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1131 SSL_HIGH | SSL_FIPS,
1132 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1140 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1141 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1147 SSL_HIGH | SSL_FIPS,
1148 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1156 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1157 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1163 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1164 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1172 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1173 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1179 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1180 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1188 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1189 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1195 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1196 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1204 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
1205 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
1211 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1212 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1216 #ifndef OPENSSL_NO_PSK
1217 /* PSK ciphersuites from RFC5487 */
1222 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1223 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1229 SSL_HIGH | SSL_FIPS,
1230 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1238 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1239 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1245 SSL_HIGH | SSL_FIPS,
1246 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1254 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1255 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1261 SSL_HIGH | SSL_FIPS,
1262 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1270 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1271 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1277 SSL_HIGH | SSL_FIPS,
1278 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1286 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1287 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1293 SSL_HIGH | SSL_FIPS,
1294 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1302 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1303 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1309 SSL_HIGH | SSL_FIPS,
1310 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1318 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1319 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1325 SSL_HIGH | SSL_FIPS,
1326 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1334 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1335 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1341 SSL_HIGH | SSL_FIPS,
1342 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1350 TLS1_TXT_PSK_WITH_NULL_SHA256,
1351 TLS1_CK_PSK_WITH_NULL_SHA256,
1357 SSL_STRONG_NONE | SSL_FIPS,
1358 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1366 TLS1_TXT_PSK_WITH_NULL_SHA384,
1367 TLS1_CK_PSK_WITH_NULL_SHA384,
1373 SSL_STRONG_NONE | SSL_FIPS,
1374 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1382 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1383 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1389 SSL_HIGH | SSL_FIPS,
1390 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1398 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1399 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1405 SSL_HIGH | SSL_FIPS,
1406 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1414 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1415 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1421 SSL_STRONG_NONE | SSL_FIPS,
1422 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1430 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1431 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1437 SSL_STRONG_NONE | SSL_FIPS,
1438 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1446 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1447 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1453 SSL_HIGH | SSL_FIPS,
1454 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1462 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1463 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1469 SSL_HIGH | SSL_FIPS,
1470 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1478 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1479 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1485 SSL_STRONG_NONE | SSL_FIPS,
1486 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1494 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1495 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1501 SSL_STRONG_NONE | SSL_FIPS,
1502 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1506 #endif /* OPENSSL_NO_PSK */
1508 #ifndef OPENSSL_NO_CAMELLIA
1509 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
1514 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1515 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1521 SSL_NOT_DEFAULT | SSL_HIGH,
1522 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1530 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1531 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1537 SSL_NOT_DEFAULT | SSL_HIGH,
1538 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1546 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1547 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1553 SSL_NOT_DEFAULT | SSL_HIGH,
1554 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1562 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1563 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1569 SSL_NOT_DEFAULT | SSL_HIGH,
1570 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1578 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1579 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1585 SSL_NOT_DEFAULT | SSL_HIGH,
1586 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1594 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1595 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1601 SSL_NOT_DEFAULT | SSL_HIGH,
1602 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1610 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1611 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1617 SSL_NOT_DEFAULT | SSL_HIGH,
1618 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1626 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1627 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1633 SSL_NOT_DEFAULT | SSL_HIGH,
1634 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1640 #ifndef OPENSSL_NO_EC
1645 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1646 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1652 SSL_STRONG_NONE | SSL_FIPS,
1653 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1659 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1662 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1663 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1669 SSL_NOT_DEFAULT | SSL_MEDIUM,
1670 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1679 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1680 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1686 SSL_HIGH | SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1695 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1696 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1702 SSL_HIGH | SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1711 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1712 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1718 SSL_HIGH | SSL_FIPS,
1719 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1727 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1728 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1734 SSL_STRONG_NONE | SSL_FIPS,
1735 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1741 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1744 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1745 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1751 SSL_NOT_DEFAULT | SSL_MEDIUM,
1752 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1761 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1762 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1768 SSL_HIGH | SSL_FIPS,
1769 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1777 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1778 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1784 SSL_HIGH | SSL_FIPS,
1785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1793 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1794 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1800 SSL_HIGH | SSL_FIPS,
1801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1809 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1810 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1816 SSL_STRONG_NONE | SSL_FIPS,
1817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1823 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1826 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1827 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1833 SSL_NOT_DEFAULT | SSL_MEDIUM,
1834 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1843 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1844 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1850 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1851 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1860 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1866 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1867 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1876 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1882 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1883 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1887 #endif /* OPENSSL_NO_EC */
1889 #ifndef OPENSSL_NO_SRP
1893 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1894 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1901 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1909 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1910 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1917 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1925 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1926 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1932 SSL_NOT_DEFAULT | SSL_HIGH,
1933 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1941 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1942 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1949 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1957 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1958 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1965 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1973 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1974 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980 SSL_NOT_DEFAULT | SSL_HIGH,
1981 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1989 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1990 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1997 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2005 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2006 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2013 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2021 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2022 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028 SSL_NOT_DEFAULT | SSL_HIGH,
2029 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2033 #endif /* OPENSSL_NO_SRP */
2034 #ifndef OPENSSL_NO_EC
2036 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2041 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2042 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2048 SSL_HIGH | SSL_FIPS,
2049 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2057 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2058 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2064 SSL_HIGH | SSL_FIPS,
2065 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2074 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2075 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2081 SSL_HIGH | SSL_FIPS,
2082 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2090 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2091 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2097 SSL_HIGH | SSL_FIPS,
2098 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2103 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2108 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2109 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2115 SSL_HIGH | SSL_FIPS,
2116 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2124 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2125 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2131 SSL_HIGH | SSL_FIPS,
2132 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2140 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2141 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2147 SSL_HIGH | SSL_FIPS,
2148 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2156 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2157 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2163 SSL_HIGH | SSL_FIPS,
2164 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2169 /* PSK ciphersuites from RFC 5489 */
2171 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2174 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2175 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2181 SSL_NOT_DEFAULT | SSL_MEDIUM,
2182 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2191 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2192 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2198 SSL_HIGH | SSL_FIPS,
2199 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2207 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2208 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2214 SSL_HIGH | SSL_FIPS,
2215 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2223 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2224 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2230 SSL_HIGH | SSL_FIPS,
2231 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2239 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2240 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2246 SSL_HIGH | SSL_FIPS,
2247 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2255 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2256 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2262 SSL_HIGH | SSL_FIPS,
2263 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2271 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
2272 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
2278 SSL_STRONG_NONE | SSL_FIPS,
2279 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2287 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
2288 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
2294 SSL_STRONG_NONE | SSL_FIPS,
2295 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2303 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
2304 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
2310 SSL_STRONG_NONE | SSL_FIPS,
2311 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2316 # ifndef OPENSSL_NO_CAMELLIA
2319 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2320 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2326 SSL_NOT_DEFAULT | SSL_HIGH,
2327 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2333 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2334 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2340 SSL_NOT_DEFAULT | SSL_HIGH,
2341 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2347 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2348 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2354 SSL_NOT_DEFAULT | SSL_HIGH,
2355 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2361 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2362 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2368 SSL_NOT_DEFAULT | SSL_HIGH,
2369 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2373 # endif /* OPENSSL_NO_CAMELLIA */
2374 #endif /* OPENSSL_NO_EC */
2376 #if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_PSK)
2379 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2380 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2386 SSL_NOT_DEFAULT | SSL_HIGH,
2387 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2393 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2394 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2400 SSL_NOT_DEFAULT | SSL_HIGH,
2401 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2407 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2408 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2414 SSL_NOT_DEFAULT | SSL_HIGH,
2415 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2421 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2422 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2428 SSL_NOT_DEFAULT | SSL_HIGH,
2429 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2435 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2436 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2442 SSL_NOT_DEFAULT | SSL_HIGH,
2443 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2449 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2450 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2456 SSL_NOT_DEFAULT | SSL_HIGH,
2457 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2463 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2464 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2470 SSL_NOT_DEFAULT | SSL_HIGH,
2471 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2477 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2478 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2484 SSL_NOT_DEFAULT | SSL_HIGH,
2485 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2493 TLS1_TXT_RSA_WITH_AES_128_CCM,
2494 TLS1_CK_RSA_WITH_AES_128_CCM,
2500 SSL_NOT_DEFAULT | SSL_HIGH,
2501 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2509 TLS1_TXT_RSA_WITH_AES_256_CCM,
2510 TLS1_CK_RSA_WITH_AES_256_CCM,
2516 SSL_NOT_DEFAULT | SSL_HIGH,
2517 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2525 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
2526 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
2532 SSL_NOT_DEFAULT | SSL_HIGH,
2533 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2541 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
2542 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
2548 SSL_NOT_DEFAULT | SSL_HIGH,
2549 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2557 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
2558 TLS1_CK_RSA_WITH_AES_128_CCM_8,
2564 SSL_NOT_DEFAULT | SSL_HIGH,
2565 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2573 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
2574 TLS1_CK_RSA_WITH_AES_256_CCM_8,
2580 SSL_NOT_DEFAULT | SSL_HIGH,
2581 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2589 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
2590 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
2596 SSL_NOT_DEFAULT | SSL_HIGH,
2597 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2605 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
2606 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
2612 SSL_NOT_DEFAULT | SSL_HIGH,
2613 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2621 TLS1_TXT_PSK_WITH_AES_128_CCM,
2622 TLS1_CK_PSK_WITH_AES_128_CCM,
2628 SSL_NOT_DEFAULT | SSL_HIGH,
2629 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2637 TLS1_TXT_PSK_WITH_AES_256_CCM,
2638 TLS1_CK_PSK_WITH_AES_256_CCM,
2644 SSL_NOT_DEFAULT | SSL_HIGH,
2645 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2653 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
2654 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
2660 SSL_NOT_DEFAULT | SSL_HIGH,
2661 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2669 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
2670 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
2676 SSL_NOT_DEFAULT | SSL_HIGH,
2677 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2685 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
2686 TLS1_CK_PSK_WITH_AES_128_CCM_8,
2692 SSL_NOT_DEFAULT | SSL_HIGH,
2693 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2701 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
2702 TLS1_CK_PSK_WITH_AES_256_CCM_8,
2708 SSL_NOT_DEFAULT | SSL_HIGH,
2709 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2717 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
2718 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
2724 SSL_NOT_DEFAULT | SSL_HIGH,
2725 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2733 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
2734 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
2740 SSL_NOT_DEFAULT | SSL_HIGH,
2741 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2749 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
2750 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
2756 SSL_NOT_DEFAULT | SSL_HIGH,
2757 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2765 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
2766 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
2772 SSL_NOT_DEFAULT | SSL_HIGH,
2773 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2781 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
2782 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
2788 SSL_NOT_DEFAULT | SSL_HIGH,
2789 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2797 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
2798 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
2804 SSL_NOT_DEFAULT | SSL_HIGH,
2805 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2809 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2810 # ifndef OPENSSL_NO_EC
2814 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2815 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2818 SSL_CHACHA20POLY1305,
2822 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2829 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2830 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2833 SSL_CHACHA20POLY1305,
2837 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2842 # ifndef OPENSSL_NO_RSA
2846 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2847 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2850 SSL_CHACHA20POLY1305,
2854 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2859 # ifndef OPENSSL_NO_PSK
2863 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2864 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2867 SSL_CHACHA20POLY1305,
2871 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2878 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2879 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2882 SSL_CHACHA20POLY1305,
2886 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2893 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2894 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2897 SSL_CHACHA20POLY1305,
2901 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2908 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2909 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2912 SSL_CHACHA20POLY1305,
2916 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2922 #ifndef OPENSSL_NO_GOST
2925 "GOST2012-GOST8912-GOST8912",
2928 SSL_aGOST12 | SSL_aGOST01,
2929 SSL_eGOST2814789CNT12,
2933 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2938 "GOST2012-NULL-GOST12",
2941 SSL_aGOST12 | SSL_aGOST01,
2946 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2954 const SSL3_ENC_METHOD SSLv3_enc_data = {
2957 ssl3_setup_key_block,
2958 ssl3_generate_master_secret,
2959 ssl3_change_cipher_state,
2960 ssl3_final_finish_mac,
2961 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2962 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2963 SSL3_MD_SERVER_FINISHED_CONST, 4,
2965 (int (*)(SSL *, unsigned char *, size_t, const char *,
2966 size_t, const unsigned char *, size_t,
2967 int use_context))ssl_undefined_function,
2969 SSL3_HM_HEADER_LENGTH,
2970 ssl3_set_handshake_header,
2971 ssl3_handshake_write
2974 long ssl3_default_timeout(void)
2977 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2978 * http, the cache would over fill
2980 return (60 * 60 * 2);
2983 int ssl3_num_ciphers(void)
2985 return (SSL3_NUM_CIPHERS);
2988 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2990 if (u < SSL3_NUM_CIPHERS)
2991 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2996 int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2998 unsigned char *p = (unsigned char *)s->init_buf->data;
3001 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
3007 int ssl3_handshake_write(SSL *s)
3009 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3012 int ssl3_new(SSL *s)
3016 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3020 #ifndef OPENSSL_NO_SRP
3021 if (!SSL_SRP_CTX_init(s))
3024 s->method->ssl_clear(s);
3030 void ssl3_free(SSL *s)
3032 if (s == NULL || s->s3 == NULL)
3035 ssl3_cleanup_key_block(s);
3037 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3038 EVP_PKEY_free(s->s3->peer_tmp);
3039 s->s3->peer_tmp = NULL;
3040 EVP_PKEY_free(s->s3->tmp.pkey);
3041 s->s3->tmp.pkey = NULL;
3044 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3045 OPENSSL_free(s->s3->tmp.ciphers_raw);
3046 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3047 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3048 ssl3_free_digest_list(s);
3049 OPENSSL_free(s->s3->alpn_selected);
3050 OPENSSL_free(s->s3->alpn_proposed);
3052 #ifndef OPENSSL_NO_SRP
3053 SSL_SRP_CTX_free(s);
3055 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3059 void ssl3_clear(SSL *s)
3061 ssl3_cleanup_key_block(s);
3062 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3063 OPENSSL_free(s->s3->tmp.ciphers_raw);
3064 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
3065 OPENSSL_free(s->s3->tmp.peer_sigalgs);
3067 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3068 EVP_PKEY_free(s->s3->tmp.pkey);
3069 EVP_PKEY_free(s->s3->peer_tmp);
3070 #endif /* !OPENSSL_NO_EC */
3072 ssl3_free_digest_list(s);
3074 OPENSSL_free(s->s3->alpn_selected);
3075 OPENSSL_free(s->s3->alpn_proposed);
3077 /* NULL/zero-out everything in the s3 struct */
3078 memset(s->s3, 0, sizeof(*s->s3));
3080 ssl_free_wbio_buffer(s);
3082 s->version = SSL3_VERSION;
3084 #if !defined(OPENSSL_NO_NEXTPROTONEG)
3085 OPENSSL_free(s->next_proto_negotiated);
3086 s->next_proto_negotiated = NULL;
3087 s->next_proto_negotiated_len = 0;
3091 #ifndef OPENSSL_NO_SRP
3092 static char *srp_password_from_info_cb(SSL *s, void *arg)
3094 return OPENSSL_strdup(s->srp_ctx.info);
3098 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
3101 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3106 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3108 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3109 ret = s->s3->num_renegotiations;
3111 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3112 ret = s->s3->num_renegotiations;
3113 s->s3->num_renegotiations = 0;
3115 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3116 ret = s->s3->total_renegotiations;
3118 case SSL_CTRL_GET_FLAGS:
3119 ret = (int)(s->s3->flags);
3121 #ifndef OPENSSL_NO_DH
3122 case SSL_CTRL_SET_TMP_DH:
3124 DH *dh = (DH *)parg;
3125 EVP_PKEY *pkdh = NULL;
3127 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3130 pkdh = ssl_dh_to_pkey(dh);
3132 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3135 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3136 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3137 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3138 EVP_PKEY_free(pkdh);
3141 EVP_PKEY_free(s->cert->dh_tmp);
3142 s->cert->dh_tmp = pkdh;
3146 case SSL_CTRL_SET_TMP_DH_CB:
3148 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3151 case SSL_CTRL_SET_DH_AUTO:
3152 s->cert->dh_tmp_auto = larg;
3155 #ifndef OPENSSL_NO_EC
3156 case SSL_CTRL_SET_TMP_ECDH:
3158 const EC_GROUP *group = NULL;
3162 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3165 group = EC_KEY_get0_group((const EC_KEY *)parg);
3166 if (group == NULL) {
3167 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3170 nid = EC_GROUP_get_curve_name(group);
3171 if (nid == NID_undef)
3173 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3174 &s->tlsext_ellipticcurvelist_length,
3178 #endif /* !OPENSSL_NO_EC */
3179 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3180 if (larg == TLSEXT_NAMETYPE_host_name) {
3183 OPENSSL_free(s->tlsext_hostname);
3184 s->tlsext_hostname = NULL;
3189 len = strlen((char *)parg);
3190 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3191 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3194 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3195 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3199 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3203 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3204 s->tlsext_debug_arg = parg;
3208 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3209 s->tlsext_status_type = larg;
3213 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3214 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3218 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3219 s->tlsext_ocsp_exts = parg;
3223 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3224 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3228 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3229 s->tlsext_ocsp_ids = parg;
3233 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3234 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3235 return s->tlsext_ocsp_resplen;
3237 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3238 OPENSSL_free(s->tlsext_ocsp_resp);
3239 s->tlsext_ocsp_resp = parg;
3240 s->tlsext_ocsp_resplen = larg;
3244 #ifndef OPENSSL_NO_HEARTBEATS
3245 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3247 ret = dtls1_heartbeat(s);
3250 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3252 ret = s->tlsext_hb_pending;
3255 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3256 if (SSL_IS_DTLS(s)) {
3258 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3260 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3266 case SSL_CTRL_CHAIN:
3268 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3270 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3272 case SSL_CTRL_CHAIN_CERT:
3274 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3276 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3278 case SSL_CTRL_GET_CHAIN_CERTS:
3279 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3282 case SSL_CTRL_SELECT_CURRENT_CERT:
3283 return ssl_cert_select_current(s->cert, (X509 *)parg);
3285 case SSL_CTRL_SET_CURRENT_CERT:
3286 if (larg == SSL_CERT_SET_SERVER) {
3288 const SSL_CIPHER *cipher;
3291 cipher = s->s3->tmp.new_cipher;
3295 * No certificate for unauthenticated ciphersuites or using SRP
3298 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3300 cpk = ssl_get_server_send_pkey(s);
3306 return ssl_cert_set_current(s->cert, larg);
3308 #ifndef OPENSSL_NO_EC
3309 case SSL_CTRL_GET_CURVES:
3311 unsigned char *clist;
3315 clist = s->session->tlsext_ellipticcurvelist;
3316 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3320 unsigned int cid, nid;
3321 for (i = 0; i < clistlen; i++) {
3323 nid = tls1_ec_curve_id2nid(cid);
3327 cptr[i] = TLSEXT_nid_unknown | cid;
3330 return (int)clistlen;
3333 case SSL_CTRL_SET_CURVES:
3334 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3335 &s->tlsext_ellipticcurvelist_length,
3338 case SSL_CTRL_SET_CURVES_LIST:
3339 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3340 &s->tlsext_ellipticcurvelist_length,
3343 case SSL_CTRL_GET_SHARED_CURVE:
3344 return tls1_shared_curve(s, larg);
3347 case SSL_CTRL_SET_SIGALGS:
3348 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3350 case SSL_CTRL_SET_SIGALGS_LIST:
3351 return tls1_set_sigalgs_list(s->cert, parg, 0);
3353 case SSL_CTRL_SET_CLIENT_SIGALGS:
3354 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3356 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3357 return tls1_set_sigalgs_list(s->cert, parg, 1);
3359 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3361 const unsigned char **pctype = parg;
3362 if (s->server || !s->s3->tmp.cert_req)
3364 if (s->cert->ctypes) {
3366 *pctype = s->cert->ctypes;
3367 return (int)s->cert->ctype_num;
3370 *pctype = (unsigned char *)s->s3->tmp.ctype;
3371 return s->s3->tmp.ctype_num;
3374 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3377 return ssl3_set_req_cert_type(s->cert, parg, larg);
3379 case SSL_CTRL_BUILD_CERT_CHAIN:
3380 return ssl_build_cert_chain(s, NULL, larg);
3382 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3383 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3385 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3386 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3388 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3389 if (SSL_USE_SIGALGS(s)) {
3392 sig = s->s3->tmp.peer_md;
3394 *(int *)parg = EVP_MD_type(sig);
3400 /* Might want to do something here for other versions */
3404 case SSL_CTRL_GET_SERVER_TMP_KEY:
3405 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3406 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3409 EVP_PKEY_up_ref(s->s3->peer_tmp);
3410 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3416 #ifndef OPENSSL_NO_EC
3417 case SSL_CTRL_GET_EC_POINT_FORMATS:
3419 SSL_SESSION *sess = s->session;
3420 const unsigned char **pformat = parg;
3421 if (!sess || !sess->tlsext_ecpointformatlist)
3423 *pformat = sess->tlsext_ecpointformatlist;
3424 return (int)sess->tlsext_ecpointformatlist_length;
3434 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3439 #ifndef OPENSSL_NO_DH
3440 case SSL_CTRL_SET_TMP_DH_CB:
3442 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3446 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3447 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3448 const unsigned char *, int, void *))fp;
3451 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3453 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3462 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3465 #ifndef OPENSSL_NO_DH
3466 case SSL_CTRL_SET_TMP_DH:
3468 DH *dh = (DH *)parg;
3469 EVP_PKEY *pkdh = NULL;
3471 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3474 pkdh = ssl_dh_to_pkey(dh);
3476 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3479 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3480 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3481 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3482 EVP_PKEY_free(pkdh);
3485 EVP_PKEY_free(ctx->cert->dh_tmp);
3486 ctx->cert->dh_tmp = pkdh;
3492 case SSL_CTRL_SET_TMP_DH_CB:
3494 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3497 case SSL_CTRL_SET_DH_AUTO:
3498 ctx->cert->dh_tmp_auto = larg;
3501 #ifndef OPENSSL_NO_EC
3502 case SSL_CTRL_SET_TMP_ECDH:
3504 const EC_GROUP *group = NULL;
3508 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3511 group = EC_KEY_get0_group((const EC_KEY *)parg);
3512 if (group == NULL) {
3513 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3516 nid = EC_GROUP_get_curve_name(group);
3517 if (nid == NID_undef)
3519 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3520 &ctx->tlsext_ellipticcurvelist_length,
3524 #endif /* !OPENSSL_NO_EC */
3525 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3526 ctx->tlsext_servername_arg = parg;
3528 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3529 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3531 unsigned char *keys = parg;
3535 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3538 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3539 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3540 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3541 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3543 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3544 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3545 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3550 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3551 ctx->tlsext_status_arg = parg;
3554 #ifndef OPENSSL_NO_SRP
3555 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3556 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3557 OPENSSL_free(ctx->srp_ctx.login);
3558 ctx->srp_ctx.login = NULL;
3561 if (strlen((const char *)parg) > 255
3562 || strlen((const char *)parg) < 1) {
3563 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3566 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3567 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3571 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3572 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3573 srp_password_from_info_cb;
3574 ctx->srp_ctx.info = parg;
3576 case SSL_CTRL_SET_SRP_ARG:
3577 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3578 ctx->srp_ctx.SRP_cb_arg = parg;
3581 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3582 ctx->srp_ctx.strength = larg;
3586 #ifndef OPENSSL_NO_EC
3587 case SSL_CTRL_SET_CURVES:
3588 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3589 &ctx->tlsext_ellipticcurvelist_length,
3592 case SSL_CTRL_SET_CURVES_LIST:
3593 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3594 &ctx->tlsext_ellipticcurvelist_length,
3597 case SSL_CTRL_SET_SIGALGS:
3598 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3600 case SSL_CTRL_SET_SIGALGS_LIST:
3601 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3603 case SSL_CTRL_SET_CLIENT_SIGALGS:
3604 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3606 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3607 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3609 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3610 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3612 case SSL_CTRL_BUILD_CERT_CHAIN:
3613 return ssl_build_cert_chain(NULL, ctx, larg);
3615 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3616 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3618 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3619 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3621 /* A Thawte special :-) */
3622 case SSL_CTRL_EXTRA_CHAIN_CERT:
3623 if (ctx->extra_certs == NULL) {
3624 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3627 sk_X509_push(ctx->extra_certs, (X509 *)parg);
3630 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3631 if (ctx->extra_certs == NULL && larg == 0)
3632 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3634 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3637 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3638 sk_X509_pop_free(ctx->extra_certs, X509_free);
3639 ctx->extra_certs = NULL;
3642 case SSL_CTRL_CHAIN:
3644 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3646 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3648 case SSL_CTRL_CHAIN_CERT:
3650 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3652 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3654 case SSL_CTRL_GET_CHAIN_CERTS:
3655 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3658 case SSL_CTRL_SELECT_CURRENT_CERT:
3659 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3661 case SSL_CTRL_SET_CURRENT_CERT:
3662 return ssl_cert_set_current(ctx->cert, larg);
3670 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3673 #ifndef OPENSSL_NO_DH
3674 case SSL_CTRL_SET_TMP_DH_CB:
3676 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3680 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3681 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3684 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3685 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3688 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3689 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3692 HMAC_CTX *, int))fp;
3695 #ifndef OPENSSL_NO_SRP
3696 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3697 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3698 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3700 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3701 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3702 ctx->srp_ctx.TLS_ext_srp_username_callback =
3703 (int (*)(SSL *, int *, void *))fp;
3705 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3706 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3707 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3708 (char *(*)(SSL *, void *))fp;
3711 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3713 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3723 * This function needs to check if the ciphers required are actually
3726 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3729 const SSL_CIPHER *cp;
3732 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
3734 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3738 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3744 if ((l & 0xff000000) != 0x03000000)
3746 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3747 p[1] = ((unsigned char)(l)) & 0xFF;
3752 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3753 STACK_OF(SSL_CIPHER) *srvr)
3755 const SSL_CIPHER *c, *ret = NULL;
3756 STACK_OF(SSL_CIPHER) *prio, *allow;
3758 unsigned long alg_k, alg_a, mask_k, mask_a;
3760 /* Let's see which ciphers we can support */
3764 * Do not set the compare functions, because this may lead to a
3765 * reordering by "id". We want to keep the original ordering. We may pay
3766 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3767 * pay with the price of sk_SSL_CIPHER_dup().
3769 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3770 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3774 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3776 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3777 c = sk_SSL_CIPHER_value(srvr, i);
3778 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3780 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3782 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3783 c = sk_SSL_CIPHER_value(clnt, i);
3784 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3788 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3796 tls1_set_cert_validity(s);
3799 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3800 c = sk_SSL_CIPHER_value(prio, i);
3802 /* Skip TLS v1.2 only ciphersuites if not supported */
3803 if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
3805 /* Skip TLS v1.0 ciphersuites if SSLv3 */
3806 if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION)
3809 mask_k = s->s3->tmp.mask_k;
3810 mask_a = s->s3->tmp.mask_a;
3811 #ifndef OPENSSL_NO_SRP
3812 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3818 alg_k = c->algorithm_mkey;
3819 alg_a = c->algorithm_auth;
3821 #ifndef OPENSSL_NO_PSK
3822 /* with PSK there must be server callback set */
3823 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3825 #endif /* OPENSSL_NO_PSK */
3827 ok = (alg_k & mask_k) && (alg_a & mask_a);
3829 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3830 alg_a, mask_k, mask_a, (void *)c, c->name);
3833 # ifndef OPENSSL_NO_EC
3835 * if we are considering an ECC cipher suite that uses an ephemeral
3838 if (alg_k & SSL_kECDHE)
3839 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3840 # endif /* OPENSSL_NO_EC */
3844 ii = sk_SSL_CIPHER_find(allow, c);
3846 /* Check security callback permits this cipher */
3847 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3848 c->strength_bits, 0, (void *)c))
3850 #if !defined(OPENSSL_NO_EC)
3851 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3852 && s->s3->is_probably_safari) {
3854 ret = sk_SSL_CIPHER_value(allow, ii);
3858 ret = sk_SSL_CIPHER_value(allow, ii);
3865 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3868 uint32_t alg_k, alg_a = 0;
3870 /* If we have custom certificate types set, use them */
3871 if (s->cert->ctypes) {
3872 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
3873 return (int)s->cert->ctype_num;
3875 /* Get mask of algorithms disabled by signature list */
3876 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3878 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3880 #ifndef OPENSSL_NO_GOST
3881 if (s->version >= TLS1_VERSION) {
3882 if (alg_k & SSL_kGOST) {
3883 p[ret++] = TLS_CT_GOST01_SIGN;
3884 p[ret++] = TLS_CT_GOST12_SIGN;
3885 p[ret++] = TLS_CT_GOST12_512_SIGN;
3891 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3892 #ifndef OPENSSL_NO_DH
3893 # ifndef OPENSSL_NO_RSA
3894 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3896 # ifndef OPENSSL_NO_DSA
3897 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3899 #endif /* !OPENSSL_NO_DH */
3901 #ifndef OPENSSL_NO_RSA
3902 if (!(alg_a & SSL_aRSA))
3903 p[ret++] = SSL3_CT_RSA_SIGN;
3905 #ifndef OPENSSL_NO_DSA
3906 if (!(alg_a & SSL_aDSS))
3907 p[ret++] = SSL3_CT_DSS_SIGN;
3909 #ifndef OPENSSL_NO_EC
3911 * ECDSA certs can be used with RSA cipher suites too so we don't
3912 * need to check for SSL_kECDH or SSL_kECDHE
3914 if (s->version >= TLS1_VERSION) {
3915 if (!(alg_a & SSL_aECDSA))
3916 p[ret++] = TLS_CT_ECDSA_SIGN;
3922 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3924 OPENSSL_free(c->ctypes);
3930 c->ctypes = OPENSSL_malloc(len);
3931 if (c->ctypes == NULL)
3933 memcpy(c->ctypes, p, len);
3938 int ssl3_shutdown(SSL *s)
3943 * Don't do anything much if we have not done the handshake or we don't
3944 * want to send messages :-)
3946 if (s->quiet_shutdown || SSL_in_before(s)) {
3947 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3951 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3952 s->shutdown |= SSL_SENT_SHUTDOWN;
3953 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3955 * our shutdown alert has been sent now, and if it still needs to be
3956 * written, s->s3->alert_dispatch will be true
3958 if (s->s3->alert_dispatch)
3959 return (-1); /* return WANT_WRITE */
3960 } else if (s->s3->alert_dispatch) {
3961 /* resend it if not sent */
3962 ret = s->method->ssl_dispatch_alert(s);
3965 * we only get to return -1 here the 2nd/Nth invocation, we must
3966 * have already signalled return 0 upon a previous invoation,
3971 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3973 * If we are waiting for a close from our peer, we are closed
3975 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
3976 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3977 return (-1); /* return WANT_READ */
3981 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3982 !s->s3->alert_dispatch)
3988 int ssl3_write(SSL *s, const void *buf, int len)
3991 if (s->s3->renegotiate)
3992 ssl3_renegotiate_check(s);
3994 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
3998 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4003 if (s->s3->renegotiate)
4004 ssl3_renegotiate_check(s);
4005 s->s3->in_read_app_data = 1;
4007 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4009 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4011 * ssl3_read_bytes decided to call s->handshake_func, which called
4012 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4013 * actually found application data and thinks that application data
4014 * makes sense here; so disable handshake processing and try to read
4015 * application data again.
4017 ossl_statem_set_in_handshake(s, 1);
4019 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4021 ossl_statem_set_in_handshake(s, 0);
4023 s->s3->in_read_app_data = 0;
4028 int ssl3_read(SSL *s, void *buf, int len)
4030 return ssl3_read_internal(s, buf, len, 0);
4033 int ssl3_peek(SSL *s, void *buf, int len)
4035 return ssl3_read_internal(s, buf, len, 1);
4038 int ssl3_renegotiate(SSL *s)
4040 if (s->handshake_func == NULL)
4043 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4046 s->s3->renegotiate = 1;
4050 int ssl3_renegotiate_check(SSL *s)
4054 if (s->s3->renegotiate) {
4055 if (!RECORD_LAYER_read_pending(&s->rlayer)
4056 && !RECORD_LAYER_write_pending(&s->rlayer)
4057 && !SSL_in_init(s)) {
4059 * if we are the server, and we have sent a 'RENEGOTIATE'
4060 * message, we need to set the state machine into the renegotiate
4063 ossl_statem_set_renegotiate(s);
4064 s->s3->renegotiate = 0;
4065 s->s3->num_renegotiations++;
4066 s->s3->total_renegotiations++;
4074 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4075 * handshake macs if required.
4077 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4079 long ssl_get_algorithm2(SSL *s)
4081 long alg2 = s->s3->tmp.new_cipher->algorithm2;
4082 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4083 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4084 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4085 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4086 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4087 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4093 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4094 * failure, 1 on success.
4096 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
4103 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4105 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4107 unsigned long Time = (unsigned long)time(NULL);
4108 unsigned char *p = result;
4110 return RAND_bytes(p, len - 4);
4112 return RAND_bytes(result, len);
4115 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4118 #ifndef OPENSSL_NO_PSK
4119 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4120 if (alg_k & SSL_PSK) {
4121 unsigned char *pskpms, *t;
4122 size_t psklen = s->s3->tmp.psklen;
4125 /* create PSK premaster_secret */
4127 /* For plain PSK "other_secret" is psklen zeroes */
4128 if (alg_k & SSL_kPSK)
4131 pskpmslen = 4 + pmslen + psklen;
4132 pskpms = OPENSSL_malloc(pskpmslen);
4133 if (pskpms == NULL) {
4134 s->session->master_key_length = 0;
4139 if (alg_k & SSL_kPSK)
4140 memset(t, 0, pmslen);
4142 memcpy(t, pms, pmslen);
4145 memcpy(t, s->s3->tmp.psk, psklen);
4147 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4148 s->s3->tmp.psk = NULL;
4149 s->session->master_key_length =
4150 s->method->ssl3_enc->generate_master_secret(s,
4151 s->session->master_key,
4153 OPENSSL_clear_free(pskpms, pskpmslen);
4156 s->session->master_key_length =
4157 s->method->ssl3_enc->generate_master_secret(s,
4158 s->session->master_key,
4160 #ifndef OPENSSL_NO_PSK
4165 OPENSSL_clear_free(pms, pmslen);
4167 OPENSSL_cleanse(pms, pmslen);
4170 s->s3->tmp.pms = NULL;
4171 return s->session->master_key_length >= 0;
4174 /* Generate a private key from parameters or a curve NID */
4175 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int nid)
4177 EVP_PKEY_CTX *pctx = NULL;
4178 EVP_PKEY *pkey = NULL;
4180 pctx = EVP_PKEY_CTX_new(pm, NULL);
4183 * Generate a new key for this curve.
4184 * Should not be called if EC is disabled: if it is it will
4185 * fail with an unknown algorithm error.
4187 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4191 if (EVP_PKEY_keygen_init(pctx) <= 0)
4193 #ifndef OPENSSL_NO_EC
4194 if (pm == NULL && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4198 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4199 EVP_PKEY_free(pkey);
4204 EVP_PKEY_CTX_free(pctx);
4207 /* Derive premaster or master secret for ECDH/DH */
4208 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4211 unsigned char *pms = NULL;
4215 if (privkey == NULL || pubkey == NULL)
4218 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4220 if (EVP_PKEY_derive_init(pctx) <= 0
4221 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4222 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4226 pms = OPENSSL_malloc(pmslen);
4230 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4234 /* For server generate master secret and discard premaster */
4235 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4238 /* For client just save premaster secret */
4239 s->s3->tmp.pms = pms;
4240 s->s3->tmp.pmslen = pmslen;
4246 OPENSSL_clear_free(pms, pmslen);
4247 EVP_PKEY_CTX_free(pctx);
4251 #ifndef OPENSSL_NO_DH
4252 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4257 ret = EVP_PKEY_new();
4258 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {