2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5 * Licensed under the OpenSSL license (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 /* ====================================================================
12 * Copyright 2005 Nokia. All rights reserved.
14 * The portions of the attached software ("Contribution") is developed by
15 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
18 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
19 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
20 * support (see RFC 4279) to OpenSSL.
22 * No patent licenses or other rights except those expressly stated in
23 * the OpenSSL open source license shall be deemed granted or received
24 * expressly, by implication, estoppel, or otherwise.
26 * No assurances are provided by Nokia that the Contribution does not
27 * infringe the patent or other intellectual property rights of any third
28 * party or that the license provides you with all the necessary rights
29 * to make use of the Contribution.
31 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
32 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
33 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
34 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
39 #include <openssl/objects.h>
41 #include <openssl/md5.h>
42 #include <openssl/dh.h>
43 #include <openssl/rand.h>
45 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
46 #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
48 /* TLSv1.3 downgrade protection sentinel values */
49 const unsigned char tls11downgrade[] = {
50 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
52 const unsigned char tls12downgrade[] = {
53 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
57 * The list of available ciphers, mostly organized into the following
62 * SRP (within that: RSA EC PSK)
63 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
66 static SSL_CIPHER ssl3_ciphers[] = {
69 SSL3_TXT_RSA_NULL_MD5,
75 SSL3_VERSION, TLS1_2_VERSION,
76 DTLS1_BAD_VER, DTLS1_2_VERSION,
78 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
84 SSL3_TXT_RSA_NULL_SHA,
90 SSL3_VERSION, TLS1_2_VERSION,
91 DTLS1_BAD_VER, DTLS1_2_VERSION,
92 SSL_STRONG_NONE | SSL_FIPS,
93 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
97 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
100 SSL3_TXT_RSA_DES_192_CBC3_SHA,
101 SSL3_CK_RSA_DES_192_CBC3_SHA,
106 SSL3_VERSION, TLS1_2_VERSION,
107 DTLS1_BAD_VER, DTLS1_2_VERSION,
108 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
109 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
115 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
116 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
121 SSL3_VERSION, TLS1_2_VERSION,
122 DTLS1_BAD_VER, DTLS1_2_VERSION,
123 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
124 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
130 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
131 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
136 SSL3_VERSION, TLS1_2_VERSION,
137 DTLS1_BAD_VER, DTLS1_2_VERSION,
138 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
139 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
145 SSL3_TXT_ADH_DES_192_CBC_SHA,
146 SSL3_CK_ADH_DES_192_CBC_SHA,
151 SSL3_VERSION, TLS1_2_VERSION,
152 DTLS1_BAD_VER, DTLS1_2_VERSION,
153 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
154 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
161 TLS1_TXT_RSA_WITH_AES_128_SHA,
162 TLS1_CK_RSA_WITH_AES_128_SHA,
167 SSL3_VERSION, TLS1_2_VERSION,
168 DTLS1_BAD_VER, DTLS1_2_VERSION,
170 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
176 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
177 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
182 SSL3_VERSION, TLS1_2_VERSION,
183 DTLS1_BAD_VER, DTLS1_2_VERSION,
184 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
191 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
192 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
197 SSL3_VERSION, TLS1_2_VERSION,
198 DTLS1_BAD_VER, DTLS1_2_VERSION,
200 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
206 TLS1_TXT_ADH_WITH_AES_128_SHA,
207 TLS1_CK_ADH_WITH_AES_128_SHA,
212 SSL3_VERSION, TLS1_2_VERSION,
213 DTLS1_BAD_VER, DTLS1_2_VERSION,
214 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
215 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
221 TLS1_TXT_RSA_WITH_AES_256_SHA,
222 TLS1_CK_RSA_WITH_AES_256_SHA,
227 SSL3_VERSION, TLS1_2_VERSION,
228 DTLS1_BAD_VER, DTLS1_2_VERSION,
230 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
236 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
237 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
242 SSL3_VERSION, TLS1_2_VERSION,
243 DTLS1_BAD_VER, DTLS1_2_VERSION,
244 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
245 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
251 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
252 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
257 SSL3_VERSION, TLS1_2_VERSION,
258 DTLS1_BAD_VER, DTLS1_2_VERSION,
260 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
266 TLS1_TXT_ADH_WITH_AES_256_SHA,
267 TLS1_CK_ADH_WITH_AES_256_SHA,
272 SSL3_VERSION, TLS1_2_VERSION,
273 DTLS1_BAD_VER, DTLS1_2_VERSION,
274 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
275 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
281 TLS1_TXT_RSA_WITH_NULL_SHA256,
282 TLS1_CK_RSA_WITH_NULL_SHA256,
287 TLS1_2_VERSION, TLS1_2_VERSION,
288 DTLS1_2_VERSION, DTLS1_2_VERSION,
289 SSL_STRONG_NONE | SSL_FIPS,
290 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
296 TLS1_TXT_RSA_WITH_AES_128_SHA256,
297 TLS1_CK_RSA_WITH_AES_128_SHA256,
302 TLS1_2_VERSION, TLS1_2_VERSION,
303 DTLS1_2_VERSION, DTLS1_2_VERSION,
305 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
311 TLS1_TXT_RSA_WITH_AES_256_SHA256,
312 TLS1_CK_RSA_WITH_AES_256_SHA256,
317 TLS1_2_VERSION, TLS1_2_VERSION,
318 DTLS1_2_VERSION, DTLS1_2_VERSION,
320 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
326 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
327 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
332 TLS1_2_VERSION, TLS1_2_VERSION,
333 DTLS1_2_VERSION, DTLS1_2_VERSION,
334 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
335 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
341 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
342 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
347 TLS1_2_VERSION, TLS1_2_VERSION,
348 DTLS1_2_VERSION, DTLS1_2_VERSION,
350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
356 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
357 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
362 TLS1_2_VERSION, TLS1_2_VERSION,
363 DTLS1_2_VERSION, DTLS1_2_VERSION,
364 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
365 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
371 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
372 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
377 TLS1_2_VERSION, TLS1_2_VERSION,
378 DTLS1_2_VERSION, DTLS1_2_VERSION,
380 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
386 TLS1_TXT_ADH_WITH_AES_128_SHA256,
387 TLS1_CK_ADH_WITH_AES_128_SHA256,
392 TLS1_2_VERSION, TLS1_2_VERSION,
393 DTLS1_2_VERSION, DTLS1_2_VERSION,
394 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
395 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
401 TLS1_TXT_ADH_WITH_AES_256_SHA256,
402 TLS1_CK_ADH_WITH_AES_256_SHA256,
407 TLS1_2_VERSION, TLS1_2_VERSION,
408 DTLS1_2_VERSION, DTLS1_2_VERSION,
409 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
410 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
416 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
417 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
422 TLS1_2_VERSION, TLS1_2_VERSION,
423 DTLS1_2_VERSION, DTLS1_2_VERSION,
425 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
431 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
437 TLS1_2_VERSION, TLS1_2_VERSION,
438 DTLS1_2_VERSION, DTLS1_2_VERSION,
440 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
446 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
447 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
452 TLS1_2_VERSION, TLS1_2_VERSION,
453 DTLS1_2_VERSION, DTLS1_2_VERSION,
455 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
461 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
462 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
467 TLS1_2_VERSION, TLS1_2_VERSION,
468 DTLS1_2_VERSION, DTLS1_2_VERSION,
470 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
476 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
477 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
482 TLS1_2_VERSION, TLS1_2_VERSION,
483 DTLS1_2_VERSION, DTLS1_2_VERSION,
484 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
485 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
491 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
492 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
497 TLS1_2_VERSION, TLS1_2_VERSION,
498 DTLS1_2_VERSION, DTLS1_2_VERSION,
499 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
500 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
506 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
507 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
512 TLS1_2_VERSION, TLS1_2_VERSION,
513 DTLS1_2_VERSION, DTLS1_2_VERSION,
514 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
515 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
521 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
522 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
527 TLS1_2_VERSION, TLS1_2_VERSION,
528 DTLS1_2_VERSION, DTLS1_2_VERSION,
529 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
536 TLS1_TXT_RSA_WITH_AES_128_CCM,
537 TLS1_CK_RSA_WITH_AES_128_CCM,
542 TLS1_2_VERSION, TLS1_2_VERSION,
543 DTLS1_2_VERSION, DTLS1_2_VERSION,
544 SSL_NOT_DEFAULT | SSL_HIGH,
545 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
551 TLS1_TXT_RSA_WITH_AES_256_CCM,
552 TLS1_CK_RSA_WITH_AES_256_CCM,
557 TLS1_2_VERSION, TLS1_2_VERSION,
558 DTLS1_2_VERSION, DTLS1_2_VERSION,
559 SSL_NOT_DEFAULT | SSL_HIGH,
560 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
566 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
567 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
572 TLS1_2_VERSION, TLS1_2_VERSION,
573 DTLS1_2_VERSION, DTLS1_2_VERSION,
574 SSL_NOT_DEFAULT | SSL_HIGH,
575 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
581 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
582 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
587 TLS1_2_VERSION, TLS1_2_VERSION,
588 DTLS1_2_VERSION, DTLS1_2_VERSION,
589 SSL_NOT_DEFAULT | SSL_HIGH,
590 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
596 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
597 TLS1_CK_RSA_WITH_AES_128_CCM_8,
602 TLS1_2_VERSION, TLS1_2_VERSION,
603 DTLS1_2_VERSION, DTLS1_2_VERSION,
604 SSL_NOT_DEFAULT | SSL_HIGH,
605 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
611 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
612 TLS1_CK_RSA_WITH_AES_256_CCM_8,
617 TLS1_2_VERSION, TLS1_2_VERSION,
618 DTLS1_2_VERSION, DTLS1_2_VERSION,
619 SSL_NOT_DEFAULT | SSL_HIGH,
620 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
626 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
627 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
632 TLS1_2_VERSION, TLS1_2_VERSION,
633 DTLS1_2_VERSION, DTLS1_2_VERSION,
634 SSL_NOT_DEFAULT | SSL_HIGH,
635 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
641 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
642 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
647 TLS1_2_VERSION, TLS1_2_VERSION,
648 DTLS1_2_VERSION, DTLS1_2_VERSION,
649 SSL_NOT_DEFAULT | SSL_HIGH,
650 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
656 TLS1_TXT_PSK_WITH_AES_128_CCM,
657 TLS1_CK_PSK_WITH_AES_128_CCM,
662 TLS1_2_VERSION, TLS1_2_VERSION,
663 DTLS1_2_VERSION, DTLS1_2_VERSION,
664 SSL_NOT_DEFAULT | SSL_HIGH,
665 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
671 TLS1_TXT_PSK_WITH_AES_256_CCM,
672 TLS1_CK_PSK_WITH_AES_256_CCM,
677 TLS1_2_VERSION, TLS1_2_VERSION,
678 DTLS1_2_VERSION, DTLS1_2_VERSION,
679 SSL_NOT_DEFAULT | SSL_HIGH,
680 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
686 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
687 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
692 TLS1_2_VERSION, TLS1_2_VERSION,
693 DTLS1_2_VERSION, DTLS1_2_VERSION,
694 SSL_NOT_DEFAULT | SSL_HIGH,
695 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
701 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
702 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
707 TLS1_2_VERSION, TLS1_2_VERSION,
708 DTLS1_2_VERSION, DTLS1_2_VERSION,
709 SSL_NOT_DEFAULT | SSL_HIGH,
710 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
716 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
717 TLS1_CK_PSK_WITH_AES_128_CCM_8,
722 TLS1_2_VERSION, TLS1_2_VERSION,
723 DTLS1_2_VERSION, DTLS1_2_VERSION,
724 SSL_NOT_DEFAULT | SSL_HIGH,
725 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
731 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
732 TLS1_CK_PSK_WITH_AES_256_CCM_8,
737 TLS1_2_VERSION, TLS1_2_VERSION,
738 DTLS1_2_VERSION, DTLS1_2_VERSION,
739 SSL_NOT_DEFAULT | SSL_HIGH,
740 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
746 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
747 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
752 TLS1_2_VERSION, TLS1_2_VERSION,
753 DTLS1_2_VERSION, DTLS1_2_VERSION,
754 SSL_NOT_DEFAULT | SSL_HIGH,
755 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
761 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
762 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
767 TLS1_2_VERSION, TLS1_2_VERSION,
768 DTLS1_2_VERSION, DTLS1_2_VERSION,
769 SSL_NOT_DEFAULT | SSL_HIGH,
770 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
776 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
777 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
782 TLS1_2_VERSION, TLS1_2_VERSION,
783 DTLS1_2_VERSION, DTLS1_2_VERSION,
784 SSL_NOT_DEFAULT | SSL_HIGH,
785 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
791 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
792 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
797 TLS1_2_VERSION, TLS1_2_VERSION,
798 DTLS1_2_VERSION, DTLS1_2_VERSION,
799 SSL_NOT_DEFAULT | SSL_HIGH,
800 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
806 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
807 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
812 TLS1_2_VERSION, TLS1_2_VERSION,
813 DTLS1_2_VERSION, DTLS1_2_VERSION,
814 SSL_NOT_DEFAULT | SSL_HIGH,
815 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
821 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
822 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
827 TLS1_2_VERSION, TLS1_2_VERSION,
828 DTLS1_2_VERSION, DTLS1_2_VERSION,
829 SSL_NOT_DEFAULT | SSL_HIGH,
830 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
836 TLS1_3_TXT_AES_128_GCM_SHA256,
837 TLS1_3_CK_AES_128_GCM_SHA256,
841 TLS1_3_VERSION, TLS1_3_VERSION,
845 SSL_HANDSHAKE_MAC_SHA256,
851 TLS1_3_TXT_AES_256_GCM_SHA384,
852 TLS1_3_CK_AES_256_GCM_SHA384,
857 TLS1_3_VERSION, TLS1_3_VERSION,
860 SSL_HANDSHAKE_MAC_SHA384,
864 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
867 TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
868 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
871 SSL_CHACHA20POLY1305,
873 TLS1_3_VERSION, TLS1_3_VERSION,
876 SSL_HANDSHAKE_MAC_SHA256,
883 TLS1_3_TXT_AES_128_CCM_SHA256,
884 TLS1_3_CK_AES_128_CCM_SHA256,
889 TLS1_3_VERSION, TLS1_3_VERSION,
891 SSL_NOT_DEFAULT | SSL_HIGH,
892 SSL_HANDSHAKE_MAC_SHA256,
898 TLS1_3_TXT_AES_128_CCM_8_SHA256,
899 TLS1_3_CK_AES_128_CCM_8_SHA256,
904 TLS1_3_VERSION, TLS1_3_VERSION,
906 SSL_NOT_DEFAULT | SSL_HIGH,
907 SSL_HANDSHAKE_MAC_SHA256,
912 #ifndef OPENSSL_NO_EC
915 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
916 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
921 TLS1_VERSION, TLS1_2_VERSION,
922 DTLS1_BAD_VER, DTLS1_2_VERSION,
923 SSL_STRONG_NONE | SSL_FIPS,
924 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
928 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
931 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
932 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
937 TLS1_VERSION, TLS1_2_VERSION,
938 DTLS1_BAD_VER, DTLS1_2_VERSION,
939 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
940 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
947 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
948 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
953 TLS1_VERSION, TLS1_2_VERSION,
954 DTLS1_BAD_VER, DTLS1_2_VERSION,
956 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
962 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
963 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
968 TLS1_VERSION, TLS1_2_VERSION,
969 DTLS1_BAD_VER, DTLS1_2_VERSION,
971 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
977 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
978 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
983 TLS1_VERSION, TLS1_2_VERSION,
984 DTLS1_BAD_VER, DTLS1_2_VERSION,
985 SSL_STRONG_NONE | SSL_FIPS,
986 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
990 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
993 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
994 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
999 TLS1_VERSION, TLS1_2_VERSION,
1000 DTLS1_BAD_VER, DTLS1_2_VERSION,
1001 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1002 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1009 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1010 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1015 TLS1_VERSION, TLS1_2_VERSION,
1016 DTLS1_BAD_VER, DTLS1_2_VERSION,
1017 SSL_HIGH | SSL_FIPS,
1018 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1024 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1025 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1030 TLS1_VERSION, TLS1_2_VERSION,
1031 DTLS1_BAD_VER, DTLS1_2_VERSION,
1032 SSL_HIGH | SSL_FIPS,
1033 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1039 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1040 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1045 TLS1_VERSION, TLS1_2_VERSION,
1046 DTLS1_BAD_VER, DTLS1_2_VERSION,
1047 SSL_STRONG_NONE | SSL_FIPS,
1048 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1052 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1055 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1056 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1061 TLS1_VERSION, TLS1_2_VERSION,
1062 DTLS1_BAD_VER, DTLS1_2_VERSION,
1063 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1064 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1071 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1072 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1077 TLS1_VERSION, TLS1_2_VERSION,
1078 DTLS1_BAD_VER, DTLS1_2_VERSION,
1079 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1080 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1086 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1087 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1092 TLS1_VERSION, TLS1_2_VERSION,
1093 DTLS1_BAD_VER, DTLS1_2_VERSION,
1094 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1095 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1101 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1102 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1107 TLS1_2_VERSION, TLS1_2_VERSION,
1108 DTLS1_2_VERSION, DTLS1_2_VERSION,
1109 SSL_HIGH | SSL_FIPS,
1110 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1116 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1117 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1122 TLS1_2_VERSION, TLS1_2_VERSION,
1123 DTLS1_2_VERSION, DTLS1_2_VERSION,
1124 SSL_HIGH | SSL_FIPS,
1125 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1131 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1132 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1137 TLS1_2_VERSION, TLS1_2_VERSION,
1138 DTLS1_2_VERSION, DTLS1_2_VERSION,
1139 SSL_HIGH | SSL_FIPS,
1140 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1146 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1147 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1152 TLS1_2_VERSION, TLS1_2_VERSION,
1153 DTLS1_2_VERSION, DTLS1_2_VERSION,
1154 SSL_HIGH | SSL_FIPS,
1155 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1161 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1162 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1167 TLS1_2_VERSION, TLS1_2_VERSION,
1168 DTLS1_2_VERSION, DTLS1_2_VERSION,
1169 SSL_HIGH | SSL_FIPS,
1170 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1176 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1177 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1182 TLS1_2_VERSION, TLS1_2_VERSION,
1183 DTLS1_2_VERSION, DTLS1_2_VERSION,
1184 SSL_HIGH | SSL_FIPS,
1185 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1191 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1192 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1197 TLS1_2_VERSION, TLS1_2_VERSION,
1198 DTLS1_2_VERSION, DTLS1_2_VERSION,
1199 SSL_HIGH | SSL_FIPS,
1200 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1206 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1207 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1212 TLS1_2_VERSION, TLS1_2_VERSION,
1213 DTLS1_2_VERSION, DTLS1_2_VERSION,
1214 SSL_HIGH | SSL_FIPS,
1215 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1219 #endif /* OPENSSL_NO_EC */
1221 #ifndef OPENSSL_NO_PSK
1224 TLS1_TXT_PSK_WITH_NULL_SHA,
1225 TLS1_CK_PSK_WITH_NULL_SHA,
1230 SSL3_VERSION, TLS1_2_VERSION,
1231 DTLS1_BAD_VER, DTLS1_2_VERSION,
1232 SSL_STRONG_NONE | SSL_FIPS,
1233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1239 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1240 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1245 SSL3_VERSION, TLS1_2_VERSION,
1246 DTLS1_BAD_VER, DTLS1_2_VERSION,
1247 SSL_STRONG_NONE | SSL_FIPS,
1248 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1254 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1255 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1260 SSL3_VERSION, TLS1_2_VERSION,
1261 DTLS1_BAD_VER, DTLS1_2_VERSION,
1262 SSL_STRONG_NONE | SSL_FIPS,
1263 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1267 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1270 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1271 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1276 SSL3_VERSION, TLS1_2_VERSION,
1277 DTLS1_BAD_VER, DTLS1_2_VERSION,
1278 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1279 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1286 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1287 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1292 SSL3_VERSION, TLS1_2_VERSION,
1293 DTLS1_BAD_VER, DTLS1_2_VERSION,
1294 SSL_HIGH | SSL_FIPS,
1295 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1301 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1302 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1307 SSL3_VERSION, TLS1_2_VERSION,
1308 DTLS1_BAD_VER, DTLS1_2_VERSION,
1309 SSL_HIGH | SSL_FIPS,
1310 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1314 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1317 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1318 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1323 SSL3_VERSION, TLS1_2_VERSION,
1324 DTLS1_BAD_VER, DTLS1_2_VERSION,
1325 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1326 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1333 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1334 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1339 SSL3_VERSION, TLS1_2_VERSION,
1340 DTLS1_BAD_VER, DTLS1_2_VERSION,
1341 SSL_HIGH | SSL_FIPS,
1342 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1348 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1349 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1354 SSL3_VERSION, TLS1_2_VERSION,
1355 DTLS1_BAD_VER, DTLS1_2_VERSION,
1356 SSL_HIGH | SSL_FIPS,
1357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1361 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1364 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1365 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1370 SSL3_VERSION, TLS1_2_VERSION,
1371 DTLS1_BAD_VER, DTLS1_2_VERSION,
1372 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1373 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1380 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1381 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1386 SSL3_VERSION, TLS1_2_VERSION,
1387 DTLS1_BAD_VER, DTLS1_2_VERSION,
1388 SSL_HIGH | SSL_FIPS,
1389 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1395 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1396 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1401 SSL3_VERSION, TLS1_2_VERSION,
1402 DTLS1_BAD_VER, DTLS1_2_VERSION,
1403 SSL_HIGH | SSL_FIPS,
1404 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1410 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1411 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1416 TLS1_2_VERSION, TLS1_2_VERSION,
1417 DTLS1_2_VERSION, DTLS1_2_VERSION,
1418 SSL_HIGH | SSL_FIPS,
1419 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1425 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1426 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1431 TLS1_2_VERSION, TLS1_2_VERSION,
1432 DTLS1_2_VERSION, DTLS1_2_VERSION,
1433 SSL_HIGH | SSL_FIPS,
1434 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1440 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1441 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1446 TLS1_2_VERSION, TLS1_2_VERSION,
1447 DTLS1_2_VERSION, DTLS1_2_VERSION,
1448 SSL_HIGH | SSL_FIPS,
1449 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1455 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1456 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1461 TLS1_2_VERSION, TLS1_2_VERSION,
1462 DTLS1_2_VERSION, DTLS1_2_VERSION,
1463 SSL_HIGH | SSL_FIPS,
1464 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1470 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1471 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1476 TLS1_2_VERSION, TLS1_2_VERSION,
1477 DTLS1_2_VERSION, DTLS1_2_VERSION,
1478 SSL_HIGH | SSL_FIPS,
1479 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1485 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1486 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1491 TLS1_2_VERSION, TLS1_2_VERSION,
1492 DTLS1_2_VERSION, DTLS1_2_VERSION,
1493 SSL_HIGH | SSL_FIPS,
1494 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1500 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1501 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1506 TLS1_VERSION, TLS1_2_VERSION,
1507 DTLS1_BAD_VER, DTLS1_2_VERSION,
1508 SSL_HIGH | SSL_FIPS,
1509 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1515 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1516 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1521 TLS1_VERSION, TLS1_2_VERSION,
1522 DTLS1_BAD_VER, DTLS1_2_VERSION,
1523 SSL_HIGH | SSL_FIPS,
1524 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1530 TLS1_TXT_PSK_WITH_NULL_SHA256,
1531 TLS1_CK_PSK_WITH_NULL_SHA256,
1536 TLS1_VERSION, TLS1_2_VERSION,
1537 DTLS1_BAD_VER, DTLS1_2_VERSION,
1538 SSL_STRONG_NONE | SSL_FIPS,
1539 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1545 TLS1_TXT_PSK_WITH_NULL_SHA384,
1546 TLS1_CK_PSK_WITH_NULL_SHA384,
1551 TLS1_VERSION, TLS1_2_VERSION,
1552 DTLS1_BAD_VER, DTLS1_2_VERSION,
1553 SSL_STRONG_NONE | SSL_FIPS,
1554 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1560 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1561 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1566 TLS1_VERSION, TLS1_2_VERSION,
1567 DTLS1_BAD_VER, DTLS1_2_VERSION,
1568 SSL_HIGH | SSL_FIPS,
1569 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1575 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1576 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1581 TLS1_VERSION, TLS1_2_VERSION,
1582 DTLS1_BAD_VER, DTLS1_2_VERSION,
1583 SSL_HIGH | SSL_FIPS,
1584 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1590 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1591 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1596 TLS1_VERSION, TLS1_2_VERSION,
1597 DTLS1_BAD_VER, DTLS1_2_VERSION,
1598 SSL_STRONG_NONE | SSL_FIPS,
1599 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1605 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1606 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1611 TLS1_VERSION, TLS1_2_VERSION,
1612 DTLS1_BAD_VER, DTLS1_2_VERSION,
1613 SSL_STRONG_NONE | SSL_FIPS,
1614 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1620 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1621 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1626 TLS1_VERSION, TLS1_2_VERSION,
1627 DTLS1_BAD_VER, DTLS1_2_VERSION,
1628 SSL_HIGH | SSL_FIPS,
1629 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1635 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1636 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1641 TLS1_VERSION, TLS1_2_VERSION,
1642 DTLS1_BAD_VER, DTLS1_2_VERSION,
1643 SSL_HIGH | SSL_FIPS,
1644 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1650 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1651 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1656 TLS1_VERSION, TLS1_2_VERSION,
1657 DTLS1_BAD_VER, DTLS1_2_VERSION,
1658 SSL_STRONG_NONE | SSL_FIPS,
1659 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1665 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1666 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1671 TLS1_VERSION, TLS1_2_VERSION,
1672 DTLS1_BAD_VER, DTLS1_2_VERSION,
1673 SSL_STRONG_NONE | SSL_FIPS,
1674 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1678 # ifndef OPENSSL_NO_EC
1679 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1682 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1683 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1688 TLS1_VERSION, TLS1_2_VERSION,
1689 DTLS1_BAD_VER, DTLS1_2_VERSION,
1690 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1691 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1698 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1699 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1704 TLS1_VERSION, TLS1_2_VERSION,
1705 DTLS1_BAD_VER, DTLS1_2_VERSION,
1706 SSL_HIGH | SSL_FIPS,
1707 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1713 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1714 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1719 TLS1_VERSION, TLS1_2_VERSION,
1720 DTLS1_BAD_VER, DTLS1_2_VERSION,
1721 SSL_HIGH | SSL_FIPS,
1722 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1728 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1729 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1734 TLS1_VERSION, TLS1_2_VERSION,
1735 DTLS1_BAD_VER, DTLS1_2_VERSION,
1736 SSL_HIGH | SSL_FIPS,
1737 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1743 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1744 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1749 TLS1_VERSION, TLS1_2_VERSION,
1750 DTLS1_BAD_VER, DTLS1_2_VERSION,
1751 SSL_HIGH | SSL_FIPS,
1752 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1758 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1759 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1764 TLS1_VERSION, TLS1_2_VERSION,
1765 DTLS1_BAD_VER, DTLS1_2_VERSION,
1766 SSL_STRONG_NONE | SSL_FIPS,
1767 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1773 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1774 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1779 TLS1_VERSION, TLS1_2_VERSION,
1780 DTLS1_BAD_VER, DTLS1_2_VERSION,
1781 SSL_STRONG_NONE | SSL_FIPS,
1782 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1788 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1789 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1794 TLS1_VERSION, TLS1_2_VERSION,
1795 DTLS1_BAD_VER, DTLS1_2_VERSION,
1796 SSL_STRONG_NONE | SSL_FIPS,
1797 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1801 # endif /* OPENSSL_NO_EC */
1802 #endif /* OPENSSL_NO_PSK */
1804 #ifndef OPENSSL_NO_SRP
1805 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1808 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1809 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1814 SSL3_VERSION, TLS1_2_VERSION,
1815 DTLS1_BAD_VER, DTLS1_2_VERSION,
1816 SSL_NOT_DEFAULT | SSL_MEDIUM,
1817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1823 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1824 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1829 SSL3_VERSION, TLS1_2_VERSION,
1830 DTLS1_BAD_VER, DTLS1_2_VERSION,
1831 SSL_NOT_DEFAULT | SSL_MEDIUM,
1832 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1838 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1839 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1844 SSL3_VERSION, TLS1_2_VERSION,
1845 DTLS1_BAD_VER, DTLS1_2_VERSION,
1846 SSL_NOT_DEFAULT | SSL_MEDIUM,
1847 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1854 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1855 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1860 SSL3_VERSION, TLS1_2_VERSION,
1861 DTLS1_BAD_VER, DTLS1_2_VERSION,
1863 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1869 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1870 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1875 SSL3_VERSION, TLS1_2_VERSION,
1876 DTLS1_BAD_VER, DTLS1_2_VERSION,
1878 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1884 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1885 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1890 SSL3_VERSION, TLS1_2_VERSION,
1891 DTLS1_BAD_VER, DTLS1_2_VERSION,
1892 SSL_NOT_DEFAULT | SSL_HIGH,
1893 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1899 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1900 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1905 SSL3_VERSION, TLS1_2_VERSION,
1906 DTLS1_BAD_VER, DTLS1_2_VERSION,
1908 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1914 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1915 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1920 SSL3_VERSION, TLS1_2_VERSION,
1921 DTLS1_BAD_VER, DTLS1_2_VERSION,
1923 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1929 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1930 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1935 SSL3_VERSION, TLS1_2_VERSION,
1936 DTLS1_BAD_VER, DTLS1_2_VERSION,
1937 SSL_NOT_DEFAULT | SSL_HIGH,
1938 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1942 #endif /* OPENSSL_NO_SRP */
1944 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1945 # ifndef OPENSSL_NO_RSA
1948 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1949 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1952 SSL_CHACHA20POLY1305,
1954 TLS1_2_VERSION, TLS1_2_VERSION,
1955 DTLS1_2_VERSION, DTLS1_2_VERSION,
1957 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1961 # endif /* OPENSSL_NO_RSA */
1963 # ifndef OPENSSL_NO_EC
1966 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1967 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1970 SSL_CHACHA20POLY1305,
1972 TLS1_2_VERSION, TLS1_2_VERSION,
1973 DTLS1_2_VERSION, DTLS1_2_VERSION,
1975 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1981 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1982 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1985 SSL_CHACHA20POLY1305,
1987 TLS1_2_VERSION, TLS1_2_VERSION,
1988 DTLS1_2_VERSION, DTLS1_2_VERSION,
1990 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1994 # endif /* OPENSSL_NO_EC */
1996 # ifndef OPENSSL_NO_PSK
1999 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2000 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2003 SSL_CHACHA20POLY1305,
2005 TLS1_2_VERSION, TLS1_2_VERSION,
2006 DTLS1_2_VERSION, DTLS1_2_VERSION,
2008 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2014 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2015 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2018 SSL_CHACHA20POLY1305,
2020 TLS1_2_VERSION, TLS1_2_VERSION,
2021 DTLS1_2_VERSION, DTLS1_2_VERSION,
2023 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2029 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2030 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2033 SSL_CHACHA20POLY1305,
2035 TLS1_2_VERSION, TLS1_2_VERSION,
2036 DTLS1_2_VERSION, DTLS1_2_VERSION,
2038 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2044 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2045 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2048 SSL_CHACHA20POLY1305,
2050 TLS1_2_VERSION, TLS1_2_VERSION,
2051 DTLS1_2_VERSION, DTLS1_2_VERSION,
2053 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2057 # endif /* OPENSSL_NO_PSK */
2058 #endif /* !defined(OPENSSL_NO_CHACHA) &&
2059 * !defined(OPENSSL_NO_POLY1305) */
2061 #ifndef OPENSSL_NO_CAMELLIA
2064 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2065 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2070 TLS1_2_VERSION, TLS1_2_VERSION,
2071 DTLS1_2_VERSION, DTLS1_2_VERSION,
2072 SSL_NOT_DEFAULT | SSL_HIGH,
2073 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2079 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2080 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2085 TLS1_2_VERSION, TLS1_2_VERSION,
2086 DTLS1_2_VERSION, DTLS1_2_VERSION,
2087 SSL_NOT_DEFAULT | SSL_HIGH,
2088 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2094 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2095 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2100 TLS1_2_VERSION, TLS1_2_VERSION,
2101 DTLS1_2_VERSION, DTLS1_2_VERSION,
2102 SSL_NOT_DEFAULT | SSL_HIGH,
2103 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2109 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2110 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2115 TLS1_2_VERSION, TLS1_2_VERSION,
2116 DTLS1_2_VERSION, DTLS1_2_VERSION,
2117 SSL_NOT_DEFAULT | SSL_HIGH,
2118 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2124 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2125 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2130 TLS1_2_VERSION, TLS1_2_VERSION,
2131 DTLS1_2_VERSION, DTLS1_2_VERSION,
2132 SSL_NOT_DEFAULT | SSL_HIGH,
2133 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2139 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2140 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2145 TLS1_2_VERSION, TLS1_2_VERSION,
2146 DTLS1_2_VERSION, DTLS1_2_VERSION,
2147 SSL_NOT_DEFAULT | SSL_HIGH,
2148 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2154 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2155 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2160 TLS1_2_VERSION, TLS1_2_VERSION,
2161 DTLS1_2_VERSION, DTLS1_2_VERSION,
2162 SSL_NOT_DEFAULT | SSL_HIGH,
2163 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2169 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2170 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2175 TLS1_2_VERSION, TLS1_2_VERSION,
2176 DTLS1_2_VERSION, DTLS1_2_VERSION,
2177 SSL_NOT_DEFAULT | SSL_HIGH,
2178 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2184 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2185 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2190 SSL3_VERSION, TLS1_2_VERSION,
2191 DTLS1_BAD_VER, DTLS1_2_VERSION,
2192 SSL_NOT_DEFAULT | SSL_HIGH,
2193 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2199 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2200 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2205 SSL3_VERSION, TLS1_2_VERSION,
2206 DTLS1_BAD_VER, DTLS1_2_VERSION,
2207 SSL_NOT_DEFAULT | SSL_HIGH,
2208 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2214 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2215 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2220 SSL3_VERSION, TLS1_2_VERSION,
2221 DTLS1_BAD_VER, DTLS1_2_VERSION,
2222 SSL_NOT_DEFAULT | SSL_HIGH,
2223 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2229 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2230 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2235 SSL3_VERSION, TLS1_2_VERSION,
2236 DTLS1_BAD_VER, DTLS1_2_VERSION,
2237 SSL_NOT_DEFAULT | SSL_HIGH,
2238 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2244 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2245 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2250 SSL3_VERSION, TLS1_2_VERSION,
2251 DTLS1_BAD_VER, DTLS1_2_VERSION,
2252 SSL_NOT_DEFAULT | SSL_HIGH,
2253 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2259 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2260 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2265 SSL3_VERSION, TLS1_2_VERSION,
2266 DTLS1_BAD_VER, DTLS1_2_VERSION,
2267 SSL_NOT_DEFAULT | SSL_HIGH,
2268 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2274 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2275 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2280 SSL3_VERSION, TLS1_2_VERSION,
2281 DTLS1_BAD_VER, DTLS1_2_VERSION,
2282 SSL_NOT_DEFAULT | SSL_HIGH,
2283 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2289 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2290 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2295 SSL3_VERSION, TLS1_2_VERSION,
2296 DTLS1_BAD_VER, DTLS1_2_VERSION,
2297 SSL_NOT_DEFAULT | SSL_HIGH,
2298 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2303 # ifndef OPENSSL_NO_EC
2306 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2307 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2312 TLS1_2_VERSION, TLS1_2_VERSION,
2313 DTLS1_2_VERSION, DTLS1_2_VERSION,
2314 SSL_NOT_DEFAULT | SSL_HIGH,
2315 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2321 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2322 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2327 TLS1_2_VERSION, TLS1_2_VERSION,
2328 DTLS1_2_VERSION, DTLS1_2_VERSION,
2329 SSL_NOT_DEFAULT | SSL_HIGH,
2330 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2336 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2337 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2342 TLS1_2_VERSION, TLS1_2_VERSION,
2343 DTLS1_2_VERSION, DTLS1_2_VERSION,
2344 SSL_NOT_DEFAULT | SSL_HIGH,
2345 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2351 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2352 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2357 TLS1_2_VERSION, TLS1_2_VERSION,
2358 DTLS1_2_VERSION, DTLS1_2_VERSION,
2359 SSL_NOT_DEFAULT | SSL_HIGH,
2360 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2364 # endif /* OPENSSL_NO_EC */
2366 # ifndef OPENSSL_NO_PSK
2369 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2370 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2375 TLS1_VERSION, TLS1_2_VERSION,
2376 DTLS1_BAD_VER, DTLS1_2_VERSION,
2377 SSL_NOT_DEFAULT | SSL_HIGH,
2378 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2384 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2385 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2390 TLS1_VERSION, TLS1_2_VERSION,
2391 DTLS1_BAD_VER, DTLS1_2_VERSION,
2392 SSL_NOT_DEFAULT | SSL_HIGH,
2393 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2399 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2400 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2405 TLS1_VERSION, TLS1_2_VERSION,
2406 DTLS1_BAD_VER, DTLS1_2_VERSION,
2407 SSL_NOT_DEFAULT | SSL_HIGH,
2408 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2414 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2415 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2420 TLS1_VERSION, TLS1_2_VERSION,
2421 DTLS1_BAD_VER, DTLS1_2_VERSION,
2422 SSL_NOT_DEFAULT | SSL_HIGH,
2423 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2429 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2430 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2435 TLS1_VERSION, TLS1_2_VERSION,
2436 DTLS1_BAD_VER, DTLS1_2_VERSION,
2437 SSL_NOT_DEFAULT | SSL_HIGH,
2438 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2444 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2445 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2450 TLS1_VERSION, TLS1_2_VERSION,
2451 DTLS1_BAD_VER, DTLS1_2_VERSION,
2452 SSL_NOT_DEFAULT | SSL_HIGH,
2453 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2459 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2460 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2465 TLS1_VERSION, TLS1_2_VERSION,
2466 DTLS1_BAD_VER, DTLS1_2_VERSION,
2467 SSL_NOT_DEFAULT | SSL_HIGH,
2468 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2474 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2475 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2480 TLS1_VERSION, TLS1_2_VERSION,
2481 DTLS1_BAD_VER, DTLS1_2_VERSION,
2482 SSL_NOT_DEFAULT | SSL_HIGH,
2483 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2487 # endif /* OPENSSL_NO_PSK */
2489 #endif /* OPENSSL_NO_CAMELLIA */
2491 #ifndef OPENSSL_NO_GOST
2494 "GOST2001-GOST89-GOST89",
2498 SSL_eGOST2814789CNT,
2500 TLS1_VERSION, TLS1_2_VERSION,
2503 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2509 "GOST2001-NULL-GOST94",
2515 TLS1_VERSION, TLS1_2_VERSION,
2518 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2524 "GOST2012-GOST8912-GOST8912",
2527 SSL_aGOST12 | SSL_aGOST01,
2528 SSL_eGOST2814789CNT12,
2530 TLS1_VERSION, TLS1_2_VERSION,
2533 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2539 "GOST2012-NULL-GOST12",
2542 SSL_aGOST12 | SSL_aGOST01,
2545 TLS1_VERSION, TLS1_2_VERSION,
2548 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2552 #endif /* OPENSSL_NO_GOST */
2554 #ifndef OPENSSL_NO_IDEA
2557 SSL3_TXT_RSA_IDEA_128_SHA,
2558 SSL3_CK_RSA_IDEA_128_SHA,
2563 SSL3_VERSION, TLS1_1_VERSION,
2564 DTLS1_BAD_VER, DTLS1_VERSION,
2565 SSL_NOT_DEFAULT | SSL_MEDIUM,
2566 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2572 #ifndef OPENSSL_NO_SEED
2575 TLS1_TXT_RSA_WITH_SEED_SHA,
2576 TLS1_CK_RSA_WITH_SEED_SHA,
2581 SSL3_VERSION, TLS1_2_VERSION,
2582 DTLS1_BAD_VER, DTLS1_2_VERSION,
2583 SSL_NOT_DEFAULT | SSL_MEDIUM,
2584 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2590 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2591 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2596 SSL3_VERSION, TLS1_2_VERSION,
2597 DTLS1_BAD_VER, DTLS1_2_VERSION,
2598 SSL_NOT_DEFAULT | SSL_MEDIUM,
2599 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2605 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2606 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2611 SSL3_VERSION, TLS1_2_VERSION,
2612 DTLS1_BAD_VER, DTLS1_2_VERSION,
2613 SSL_NOT_DEFAULT | SSL_MEDIUM,
2614 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2620 TLS1_TXT_ADH_WITH_SEED_SHA,
2621 TLS1_CK_ADH_WITH_SEED_SHA,
2626 SSL3_VERSION, TLS1_2_VERSION,
2627 DTLS1_BAD_VER, DTLS1_2_VERSION,
2628 SSL_NOT_DEFAULT | SSL_MEDIUM,
2629 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2633 #endif /* OPENSSL_NO_SEED */
2635 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2638 SSL3_TXT_RSA_RC4_128_MD5,
2639 SSL3_CK_RSA_RC4_128_MD5,
2644 SSL3_VERSION, TLS1_2_VERSION,
2646 SSL_NOT_DEFAULT | SSL_MEDIUM,
2647 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2653 SSL3_TXT_RSA_RC4_128_SHA,
2654 SSL3_CK_RSA_RC4_128_SHA,
2659 SSL3_VERSION, TLS1_2_VERSION,
2661 SSL_NOT_DEFAULT | SSL_MEDIUM,
2662 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2668 SSL3_TXT_ADH_RC4_128_MD5,
2669 SSL3_CK_ADH_RC4_128_MD5,
2674 SSL3_VERSION, TLS1_2_VERSION,
2676 SSL_NOT_DEFAULT | SSL_MEDIUM,
2677 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2682 # ifndef OPENSSL_NO_EC
2685 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2686 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2691 TLS1_VERSION, TLS1_2_VERSION,
2693 SSL_NOT_DEFAULT | SSL_MEDIUM,
2694 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2700 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2701 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2706 TLS1_VERSION, TLS1_2_VERSION,
2708 SSL_NOT_DEFAULT | SSL_MEDIUM,
2709 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2715 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2716 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2721 TLS1_VERSION, TLS1_2_VERSION,
2723 SSL_NOT_DEFAULT | SSL_MEDIUM,
2724 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2730 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2731 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2736 TLS1_VERSION, TLS1_2_VERSION,
2738 SSL_NOT_DEFAULT | SSL_MEDIUM,
2739 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2743 # endif /* OPENSSL_NO_EC */
2745 # ifndef OPENSSL_NO_PSK
2748 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2749 TLS1_CK_PSK_WITH_RC4_128_SHA,
2754 SSL3_VERSION, TLS1_2_VERSION,
2756 SSL_NOT_DEFAULT | SSL_MEDIUM,
2757 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2763 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2764 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2769 SSL3_VERSION, TLS1_2_VERSION,
2771 SSL_NOT_DEFAULT | SSL_MEDIUM,
2772 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2778 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2779 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2784 SSL3_VERSION, TLS1_2_VERSION,
2786 SSL_NOT_DEFAULT | SSL_MEDIUM,
2787 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2791 # endif /* OPENSSL_NO_PSK */
2793 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2798 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
2799 * values stuffed into the ciphers field of the wire protocol for signalling
2802 static SSL_CIPHER ssl3_scsvs[] = {
2805 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2807 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2811 "TLS_FALLBACK_SCSV",
2812 SSL3_CK_FALLBACK_SCSV,
2813 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2817 static int cipher_compare(const void *a, const void *b)
2819 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2820 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2822 return ap->id - bp->id;
2825 void ssl_sort_cipher_list(void)
2827 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
2829 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
2832 const SSL3_ENC_METHOD SSLv3_enc_data = {
2835 ssl3_setup_key_block,
2836 ssl3_generate_master_secret,
2837 ssl3_change_cipher_state,
2838 ssl3_final_finish_mac,
2839 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2840 SSL3_MD_SERVER_FINISHED_CONST, 4,
2842 (int (*)(SSL *, unsigned char *, size_t, const char *,
2843 size_t, const unsigned char *, size_t,
2844 int use_context))ssl_undefined_function,
2846 ssl3_set_handshake_header,
2847 tls_close_construct_packet,
2848 ssl3_handshake_write
2851 long ssl3_default_timeout(void)
2854 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2855 * http, the cache would over fill
2857 return (60 * 60 * 2);
2860 int ssl3_num_ciphers(void)
2862 return (SSL3_NUM_CIPHERS);
2865 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2867 if (u < SSL3_NUM_CIPHERS)
2868 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2873 int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
2875 /* No header in the event of a CCS */
2876 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
2879 /* Set the content type and 3 bytes for the message len */
2880 if (!WPACKET_put_bytes_u8(pkt, htype)
2881 || !WPACKET_start_sub_packet_u24(pkt))
2887 int ssl3_handshake_write(SSL *s)
2889 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2892 int ssl3_new(SSL *s)
2896 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2900 #ifndef OPENSSL_NO_SRP
2901 if (!SSL_SRP_CTX_init(s))
2905 if (!s->method->ssl_clear(s))
2913 void ssl3_free(SSL *s)
2915 if (s == NULL || s->s3 == NULL)
2918 ssl3_cleanup_key_block(s);
2920 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2921 EVP_PKEY_free(s->s3->peer_tmp);
2922 s->s3->peer_tmp = NULL;
2923 EVP_PKEY_free(s->s3->tmp.pkey);
2924 s->s3->tmp.pkey = NULL;
2927 OPENSSL_free(s->s3->tmp.ctype);
2928 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
2929 OPENSSL_free(s->s3->tmp.ciphers_raw);
2930 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2931 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2932 ssl3_free_digest_list(s);
2933 OPENSSL_free(s->s3->alpn_selected);
2934 OPENSSL_free(s->s3->alpn_proposed);
2936 #ifndef OPENSSL_NO_SRP
2937 SSL_SRP_CTX_free(s);
2939 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2943 int ssl3_clear(SSL *s)
2945 ssl3_cleanup_key_block(s);
2946 OPENSSL_free(s->s3->tmp.ctype);
2947 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
2948 OPENSSL_free(s->s3->tmp.ciphers_raw);
2949 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2950 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2952 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2953 EVP_PKEY_free(s->s3->tmp.pkey);
2954 EVP_PKEY_free(s->s3->peer_tmp);
2955 #endif /* !OPENSSL_NO_EC */
2957 ssl3_free_digest_list(s);
2959 OPENSSL_free(s->s3->alpn_selected);
2960 OPENSSL_free(s->s3->alpn_proposed);
2962 /* NULL/zero-out everything in the s3 struct */
2963 memset(s->s3, 0, sizeof(*s->s3));
2965 if (!ssl_free_wbio_buffer(s))
2968 s->version = SSL3_VERSION;
2970 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2971 OPENSSL_free(s->ext.npn);
2979 #ifndef OPENSSL_NO_SRP
2980 static char *srp_password_from_info_cb(SSL *s, void *arg)
2982 return OPENSSL_strdup(s->srp_ctx.info);
2986 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
2988 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2993 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2995 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2996 ret = s->s3->num_renegotiations;
2998 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2999 ret = s->s3->num_renegotiations;
3000 s->s3->num_renegotiations = 0;
3002 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3003 ret = s->s3->total_renegotiations;
3005 case SSL_CTRL_GET_FLAGS:
3006 ret = (int)(s->s3->flags);
3008 #ifndef OPENSSL_NO_DH
3009 case SSL_CTRL_SET_TMP_DH:
3011 DH *dh = (DH *)parg;
3012 EVP_PKEY *pkdh = NULL;
3014 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3017 pkdh = ssl_dh_to_pkey(dh);
3019 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3022 if (!ssl_security(s, SSL_SECOP_TMP_DH,
3023 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3024 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3025 EVP_PKEY_free(pkdh);
3028 EVP_PKEY_free(s->cert->dh_tmp);
3029 s->cert->dh_tmp = pkdh;
3033 case SSL_CTRL_SET_TMP_DH_CB:
3035 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3038 case SSL_CTRL_SET_DH_AUTO:
3039 s->cert->dh_tmp_auto = larg;
3042 #ifndef OPENSSL_NO_EC
3043 case SSL_CTRL_SET_TMP_ECDH:
3045 const EC_GROUP *group = NULL;
3049 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3052 group = EC_KEY_get0_group((const EC_KEY *)parg);
3053 if (group == NULL) {
3054 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
3057 nid = EC_GROUP_get_curve_name(group);
3058 if (nid == NID_undef)
3060 return tls1_set_groups(&s->ext.supportedgroups,
3061 &s->ext.supportedgroups_len,
3065 #endif /* !OPENSSL_NO_EC */
3066 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3067 if (larg == TLSEXT_NAMETYPE_host_name) {
3070 OPENSSL_free(s->ext.hostname);
3071 s->ext.hostname = NULL;
3076 len = strlen((char *)parg);
3077 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3078 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3081 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3082 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3086 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3090 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3091 s->ext.debug_arg = parg;
3095 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3096 ret = s->ext.status_type;
3099 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3100 s->ext.status_type = larg;
3104 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3105 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3109 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3110 s->ext.ocsp.exts = parg;
3114 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3115 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3119 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3120 s->ext.ocsp.ids = parg;
3124 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3125 *(unsigned char **)parg = s->ext.ocsp.resp;
3126 if (s->ext.ocsp.resp_len == 0
3127 || s->ext.ocsp.resp_len > LONG_MAX)
3129 return (long)s->ext.ocsp.resp_len;
3131 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3132 OPENSSL_free(s->ext.ocsp.resp);
3133 s->ext.ocsp.resp = parg;
3134 s->ext.ocsp.resp_len = larg;
3138 #ifndef OPENSSL_NO_HEARTBEATS
3139 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3140 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3141 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3145 case SSL_CTRL_CHAIN:
3147 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3149 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3151 case SSL_CTRL_CHAIN_CERT:
3153 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3155 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3157 case SSL_CTRL_GET_CHAIN_CERTS:
3158 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3161 case SSL_CTRL_SELECT_CURRENT_CERT:
3162 return ssl_cert_select_current(s->cert, (X509 *)parg);
3164 case SSL_CTRL_SET_CURRENT_CERT:
3165 if (larg == SSL_CERT_SET_SERVER) {
3166 const SSL_CIPHER *cipher;
3169 cipher = s->s3->tmp.new_cipher;
3173 * No certificate for unauthenticated ciphersuites or using SRP
3176 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3178 if (s->s3->tmp.cert == NULL)
3180 s->cert->key = s->s3->tmp.cert;
3183 return ssl_cert_set_current(s->cert, larg);
3185 #ifndef OPENSSL_NO_EC
3186 case SSL_CTRL_GET_GROUPS:
3188 unsigned char *clist;
3193 clist = s->session->ext.supportedgroups;
3194 clistlen = s->session->ext.supportedgroups_len / 2;
3198 unsigned int cid, nid;
3199 for (i = 0; i < clistlen; i++) {
3201 /* TODO(TLS1.3): Handle DH groups here */
3202 nid = tls1_ec_curve_id2nid(cid, NULL);
3206 cptr[i] = TLSEXT_nid_unknown | cid;
3209 return (int)clistlen;
3212 case SSL_CTRL_SET_GROUPS:
3213 return tls1_set_groups(&s->ext.supportedgroups,
3214 &s->ext.supportedgroups_len, parg, larg);
3216 case SSL_CTRL_SET_GROUPS_LIST:
3217 return tls1_set_groups_list(&s->ext.supportedgroups,
3218 &s->ext.supportedgroups_len, parg);
3220 case SSL_CTRL_GET_SHARED_GROUP:
3221 return tls1_shared_group(s, larg);
3224 case SSL_CTRL_SET_SIGALGS:
3225 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3227 case SSL_CTRL_SET_SIGALGS_LIST:
3228 return tls1_set_sigalgs_list(s->cert, parg, 0);
3230 case SSL_CTRL_SET_CLIENT_SIGALGS:
3231 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3233 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3234 return tls1_set_sigalgs_list(s->cert, parg, 1);
3236 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3238 const unsigned char **pctype = parg;
3239 if (s->server || !s->s3->tmp.cert_req)
3242 *pctype = s->s3->tmp.ctype;
3243 return s->s3->tmp.ctype_len;
3246 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3249 return ssl3_set_req_cert_type(s->cert, parg, larg);
3251 case SSL_CTRL_BUILD_CERT_CHAIN:
3252 return ssl_build_cert_chain(s, NULL, larg);
3254 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3255 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3257 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3258 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3260 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3261 if (s->s3->tmp.peer_sigalg == NULL)
3263 *(int *)parg = s->s3->tmp.peer_sigalg->hash;
3266 case SSL_CTRL_GET_SERVER_TMP_KEY:
3267 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3268 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3271 EVP_PKEY_up_ref(s->s3->peer_tmp);
3272 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3278 #ifndef OPENSSL_NO_EC
3279 case SSL_CTRL_GET_EC_POINT_FORMATS:
3281 SSL_SESSION *sess = s->session;
3282 const unsigned char **pformat = parg;
3284 if (sess == NULL || sess->ext.ecpointformats == NULL)
3286 *pformat = sess->ext.ecpointformats;
3287 return (int)sess->ext.ecpointformats_len;
3297 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3302 #ifndef OPENSSL_NO_DH
3303 case SSL_CTRL_SET_TMP_DH_CB:
3305 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3309 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3310 s->ext.debug_cb = (void (*)(SSL *, int, int,
3311 const unsigned char *, int, void *))fp;
3314 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3316 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3325 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3328 #ifndef OPENSSL_NO_DH
3329 case SSL_CTRL_SET_TMP_DH:
3331 DH *dh = (DH *)parg;
3332 EVP_PKEY *pkdh = NULL;
3334 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3337 pkdh = ssl_dh_to_pkey(dh);
3339 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3342 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3343 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3344 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3345 EVP_PKEY_free(pkdh);
3348 EVP_PKEY_free(ctx->cert->dh_tmp);
3349 ctx->cert->dh_tmp = pkdh;
3352 case SSL_CTRL_SET_TMP_DH_CB:
3354 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3357 case SSL_CTRL_SET_DH_AUTO:
3358 ctx->cert->dh_tmp_auto = larg;
3361 #ifndef OPENSSL_NO_EC
3362 case SSL_CTRL_SET_TMP_ECDH:
3364 const EC_GROUP *group = NULL;
3368 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3371 group = EC_KEY_get0_group((const EC_KEY *)parg);
3372 if (group == NULL) {
3373 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3376 nid = EC_GROUP_get_curve_name(group);
3377 if (nid == NID_undef)
3379 return tls1_set_groups(&ctx->ext.supportedgroups,
3380 &ctx->ext.supportedgroups_len,
3383 #endif /* !OPENSSL_NO_EC */
3384 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3385 ctx->ext.servername_arg = parg;
3387 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3388 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3390 unsigned char *keys = parg;
3391 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3392 sizeof(ctx->ext.tick_hmac_key) +
3393 sizeof(ctx->ext.tick_aes_key));
3396 if (larg != tick_keylen) {
3397 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3400 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3401 memcpy(ctx->ext.tick_key_name, keys,
3402 sizeof(ctx->ext.tick_key_name));
3403 memcpy(ctx->ext.tick_hmac_key,
3404 keys + sizeof(ctx->ext.tick_key_name),
3405 sizeof(ctx->ext.tick_hmac_key));
3406 memcpy(ctx->ext.tick_aes_key,
3407 keys + sizeof(ctx->ext.tick_key_name) +
3408 sizeof(ctx->ext.tick_hmac_key),
3409 sizeof(ctx->ext.tick_aes_key));
3411 memcpy(keys, ctx->ext.tick_key_name,
3412 sizeof(ctx->ext.tick_key_name));
3413 memcpy(keys + sizeof(ctx->ext.tick_key_name),
3414 ctx->ext.tick_hmac_key,
3415 sizeof(ctx->ext.tick_hmac_key));
3416 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
3417 sizeof(ctx->ext.tick_hmac_key),
3418 ctx->ext.tick_aes_key,
3419 sizeof(ctx->ext.tick_aes_key));
3424 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3425 return ctx->ext.status_type;
3427 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3428 ctx->ext.status_type = larg;
3431 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3432 ctx->ext.status_arg = parg;
3435 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3436 *(void**)parg = ctx->ext.status_arg;
3439 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3440 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3443 #ifndef OPENSSL_NO_SRP
3444 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3445 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3446 OPENSSL_free(ctx->srp_ctx.login);
3447 ctx->srp_ctx.login = NULL;
3450 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3451 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3454 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3455 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3459 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3460 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3461 srp_password_from_info_cb;
3462 if (ctx->srp_ctx.info != NULL)
3463 OPENSSL_free(ctx->srp_ctx.info);
3464 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
3465 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3469 case SSL_CTRL_SET_SRP_ARG:
3470 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3471 ctx->srp_ctx.SRP_cb_arg = parg;
3474 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3475 ctx->srp_ctx.strength = larg;
3479 #ifndef OPENSSL_NO_EC
3480 case SSL_CTRL_SET_GROUPS:
3481 return tls1_set_groups(&ctx->ext.supportedgroups,
3482 &ctx->ext.supportedgroups_len,
3485 case SSL_CTRL_SET_GROUPS_LIST:
3486 return tls1_set_groups_list(&ctx->ext.supportedgroups,
3487 &ctx->ext.supportedgroups_len,
3490 case SSL_CTRL_SET_SIGALGS:
3491 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3493 case SSL_CTRL_SET_SIGALGS_LIST:
3494 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3496 case SSL_CTRL_SET_CLIENT_SIGALGS:
3497 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3499 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3500 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3502 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3503 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3505 case SSL_CTRL_BUILD_CERT_CHAIN:
3506 return ssl_build_cert_chain(NULL, ctx, larg);
3508 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3509 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3511 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3512 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3514 /* A Thawte special :-) */
3515 case SSL_CTRL_EXTRA_CHAIN_CERT:
3516 if (ctx->extra_certs == NULL) {
3517 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3518 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3522 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3523 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3528 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3529 if (ctx->extra_certs == NULL && larg == 0)
3530 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3532 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3535 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3536 sk_X509_pop_free(ctx->extra_certs, X509_free);
3537 ctx->extra_certs = NULL;
3540 case SSL_CTRL_CHAIN:
3542 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3544 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3546 case SSL_CTRL_CHAIN_CERT:
3548 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3550 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3552 case SSL_CTRL_GET_CHAIN_CERTS:
3553 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3556 case SSL_CTRL_SELECT_CURRENT_CERT:
3557 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3559 case SSL_CTRL_SET_CURRENT_CERT:
3560 return ssl_cert_set_current(ctx->cert, larg);
3568 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3571 #ifndef OPENSSL_NO_DH
3572 case SSL_CTRL_SET_TMP_DH_CB:
3574 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3578 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3579 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3582 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3583 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3586 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3587 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3590 HMAC_CTX *, int))fp;
3593 #ifndef OPENSSL_NO_SRP
3594 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3595 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3596 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3598 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3599 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3600 ctx->srp_ctx.TLS_ext_srp_username_callback =
3601 (int (*)(SSL *, int *, void *))fp;
3603 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3604 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3605 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3606 (char *(*)(SSL *, void *))fp;
3609 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3611 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3620 const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
3623 const SSL_CIPHER *cp;
3626 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3629 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3633 * This function needs to check if the ciphers required are actually
3636 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3638 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3639 | ((uint32_t)p[0] << 8L)
3643 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3645 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3650 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3658 * ssl3_choose_cipher - choose a cipher from those offered by the client
3659 * @s: SSL connection
3660 * @clnt: ciphers offered by the client
3661 * @srvr: ciphers enabled on the server?
3663 * Returns the selected cipher or NULL when no common ciphers.
3665 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3666 STACK_OF(SSL_CIPHER) *srvr)
3668 const SSL_CIPHER *c, *ret = NULL;
3669 STACK_OF(SSL_CIPHER) *prio, *allow;
3671 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
3673 /* Let's see which ciphers we can support */
3676 * Do not set the compare functions, because this may lead to a
3677 * reordering by "id". We want to keep the original ordering. We may pay
3678 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3679 * pay with the price of sk_SSL_CIPHER_dup().
3683 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3685 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3686 c = sk_SSL_CIPHER_value(srvr, i);
3687 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3689 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3691 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3692 c = sk_SSL_CIPHER_value(clnt, i);
3693 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3697 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3705 if (!SSL_IS_TLS13(s)) {
3706 tls1_set_cert_validity(s);
3710 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3711 c = sk_SSL_CIPHER_value(prio, i);
3713 /* Skip ciphers not supported by the protocol version */
3714 if (!SSL_IS_DTLS(s) &&
3715 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3717 if (SSL_IS_DTLS(s) &&
3718 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3719 DTLS_VERSION_GT(s->version, c->max_dtls)))
3723 * Since TLS 1.3 ciphersuites can be used with any auth or
3724 * key exchange scheme skip tests.
3726 if (!SSL_IS_TLS13(s)) {
3727 mask_k = s->s3->tmp.mask_k;
3728 mask_a = s->s3->tmp.mask_a;
3729 #ifndef OPENSSL_NO_SRP
3730 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3736 alg_k = c->algorithm_mkey;
3737 alg_a = c->algorithm_auth;
3739 #ifndef OPENSSL_NO_PSK
3740 /* with PSK there must be server callback set */
3741 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3743 #endif /* OPENSSL_NO_PSK */
3745 ok = (alg_k & mask_k) && (alg_a & mask_a);
3747 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3748 alg_a, mask_k, mask_a, (void *)c, c->name);
3751 #ifndef OPENSSL_NO_EC
3753 * if we are considering an ECC cipher suite that uses an ephemeral
3756 if (alg_k & SSL_kECDHE)
3757 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3758 #endif /* OPENSSL_NO_EC */
3763 ii = sk_SSL_CIPHER_find(allow, c);
3765 /* Check security callback permits this cipher */
3766 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3767 c->strength_bits, 0, (void *)c))
3769 #if !defined(OPENSSL_NO_EC)
3770 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3771 && s->s3->is_probably_safari) {
3773 ret = sk_SSL_CIPHER_value(allow, ii);
3777 ret = sk_SSL_CIPHER_value(allow, ii);
3784 int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3786 uint32_t alg_k, alg_a = 0;
3788 /* If we have custom certificate types set, use them */
3790 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3791 /* Get mask of algorithms disabled by signature list */
3792 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3794 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3796 #ifndef OPENSSL_NO_GOST
3797 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
3798 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
3799 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
3800 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
3803 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3804 #ifndef OPENSSL_NO_DH
3805 # ifndef OPENSSL_NO_RSA
3806 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
3809 # ifndef OPENSSL_NO_DSA
3810 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
3813 #endif /* !OPENSSL_NO_DH */
3815 #ifndef OPENSSL_NO_RSA
3816 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
3819 #ifndef OPENSSL_NO_DSA
3820 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
3823 #ifndef OPENSSL_NO_EC
3825 * ECDSA certs can be used with RSA cipher suites too so we don't
3826 * need to check for SSL_kECDH or SSL_kECDHE
3828 if (s->version >= TLS1_VERSION
3829 && !(alg_a & SSL_aECDSA)
3830 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
3836 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3838 OPENSSL_free(c->ctype);
3841 if (p == NULL || len == 0)
3845 c->ctype = OPENSSL_memdup(p, len);
3846 if (c->ctype == NULL)
3852 int ssl3_shutdown(SSL *s)
3857 * Don't do anything much if we have not done the handshake or we don't
3858 * want to send messages :-)
3860 if (s->quiet_shutdown || SSL_in_before(s)) {
3861 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3865 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3866 s->shutdown |= SSL_SENT_SHUTDOWN;
3867 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3869 * our shutdown alert has been sent now, and if it still needs to be
3870 * written, s->s3->alert_dispatch will be true
3872 if (s->s3->alert_dispatch)
3873 return (-1); /* return WANT_WRITE */
3874 } else if (s->s3->alert_dispatch) {
3875 /* resend it if not sent */
3876 ret = s->method->ssl_dispatch_alert(s);
3879 * we only get to return -1 here the 2nd/Nth invocation, we must
3880 * have already signalled return 0 upon a previous invocation,
3885 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3888 * If we are waiting for a close from our peer, we are closed
3890 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
3891 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3892 return -1; /* return WANT_READ */
3896 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3897 !s->s3->alert_dispatch)
3903 int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
3906 if (s->s3->renegotiate)
3907 ssl3_renegotiate_check(s, 0);
3909 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
3913 static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
3919 if (s->s3->renegotiate)
3920 ssl3_renegotiate_check(s, 0);
3921 s->s3->in_read_app_data = 1;
3923 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3925 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3927 * ssl3_read_bytes decided to call s->handshake_func, which called
3928 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3929 * actually found application data and thinks that application data
3930 * makes sense here; so disable handshake processing and try to read
3931 * application data again.
3933 ossl_statem_set_in_handshake(s, 1);
3935 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3936 len, peek, readbytes);
3937 ossl_statem_set_in_handshake(s, 0);
3939 s->s3->in_read_app_data = 0;
3944 int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
3946 return ssl3_read_internal(s, buf, len, 0, readbytes);
3949 int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
3951 return ssl3_read_internal(s, buf, len, 1, readbytes);
3954 int ssl3_renegotiate(SSL *s)
3956 if (s->handshake_func == NULL)
3959 s->s3->renegotiate = 1;
3964 * Check if we are waiting to do a renegotiation and if so whether now is a
3965 * good time to do it. If |initok| is true then we are being called from inside
3966 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
3967 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
3968 * should do a renegotiation now and sets up the state machine for it. Otherwise
3971 int ssl3_renegotiate_check(SSL *s, int initok)
3975 if (s->s3->renegotiate) {
3976 if (!RECORD_LAYER_read_pending(&s->rlayer)
3977 && !RECORD_LAYER_write_pending(&s->rlayer)
3978 && (initok || !SSL_in_init(s))) {
3980 * if we are the server, and we have sent a 'RENEGOTIATE'
3981 * message, we need to set the state machine into the renegotiate
3984 ossl_statem_set_renegotiate(s);
3985 s->s3->renegotiate = 0;
3986 s->s3->num_renegotiations++;
3987 s->s3->total_renegotiations++;
3995 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3996 * handshake macs if required.
3998 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4000 long ssl_get_algorithm2(SSL *s)
4003 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4005 alg2 = s->s3->tmp.new_cipher->algorithm2;
4006 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4007 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4008 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4009 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4010 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4011 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4017 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4018 * failure, 1 on success.
4020 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
4023 int send_time = 0, ret;
4028 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4030 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4032 unsigned long Time = (unsigned long)time(NULL);
4033 unsigned char *p = result;
4035 /* TODO(size_t): Convert this */
4036 ret = RAND_bytes(p, (int)(len - 4));
4038 ret = RAND_bytes(result, (int)len);
4040 #ifndef OPENSSL_NO_TLS13DOWNGRADE
4042 if (!ossl_assert(sizeof(tls11downgrade) < len)
4043 || !ossl_assert(sizeof(tls12downgrade) < len))
4045 if (dgrd == DOWNGRADE_TO_1_2)
4046 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4047 sizeof(tls12downgrade));
4048 else if (dgrd == DOWNGRADE_TO_1_1)
4049 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4050 sizeof(tls11downgrade));
4056 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
4059 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4062 if (alg_k & SSL_PSK) {
4063 #ifndef OPENSSL_NO_PSK
4064 unsigned char *pskpms, *t;
4065 size_t psklen = s->s3->tmp.psklen;
4068 /* create PSK premaster_secret */
4070 /* For plain PSK "other_secret" is psklen zeroes */
4071 if (alg_k & SSL_kPSK)
4074 pskpmslen = 4 + pmslen + psklen;
4075 pskpms = OPENSSL_malloc(pskpmslen);
4080 if (alg_k & SSL_kPSK)
4081 memset(t, 0, pmslen);
4083 memcpy(t, pms, pmslen);
4086 memcpy(t, s->s3->tmp.psk, psklen);
4088 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4089 s->s3->tmp.psk = NULL;
4090 if (!s->method->ssl3_enc->generate_master_secret(s,
4091 s->session->master_key,pskpms, pskpmslen,
4092 &s->session->master_key_length))
4094 OPENSSL_clear_free(pskpms, pskpmslen);
4096 /* Should never happen */
4100 if (!s->method->ssl3_enc->generate_master_secret(s,
4101 s->session->master_key, pms, pmslen,
4102 &s->session->master_key_length))
4110 OPENSSL_clear_free(pms, pmslen);
4112 OPENSSL_cleanse(pms, pmslen);
4115 s->s3->tmp.pms = NULL;
4119 /* Generate a private key from parameters */
4120 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4122 EVP_PKEY_CTX *pctx = NULL;
4123 EVP_PKEY *pkey = NULL;
4127 pctx = EVP_PKEY_CTX_new(pm, NULL);
4130 if (EVP_PKEY_keygen_init(pctx) <= 0)
4132 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4133 EVP_PKEY_free(pkey);
4138 EVP_PKEY_CTX_free(pctx);
4141 #ifndef OPENSSL_NO_EC
4142 /* Generate a private key a curve ID */
4143 EVP_PKEY *ssl_generate_pkey_curve(int id)
4145 EVP_PKEY_CTX *pctx = NULL;
4146 EVP_PKEY *pkey = NULL;
4147 unsigned int curve_flags;
4148 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4152 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4153 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4156 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4160 if (EVP_PKEY_keygen_init(pctx) <= 0)
4162 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4164 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4165 EVP_PKEY_free(pkey);
4170 EVP_PKEY_CTX_free(pctx);
4175 /* Derive secrets for ECDH/DH */
4176 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4179 unsigned char *pms = NULL;
4183 if (privkey == NULL || pubkey == NULL)
4186 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4188 if (EVP_PKEY_derive_init(pctx) <= 0
4189 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4190 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4194 pms = OPENSSL_malloc(pmslen);
4198 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4202 if (SSL_IS_TLS13(s)) {
4204 * If we are resuming then we already generated the early secret
4205 * when we created the ClientHello, so don't recreate it.
4208 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4210 (unsigned char *)&s->early_secret);
4214 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4216 rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4219 /* Save premaster secret */
4220 s->s3->tmp.pms = pms;
4221 s->s3->tmp.pmslen = pmslen;
4227 OPENSSL_clear_free(pms, pmslen);
4228 EVP_PKEY_CTX_free(pctx);
4232 #ifndef OPENSSL_NO_DH
4233 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4238 ret = EVP_PKEY_new();
4239 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {