2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
13 * Portions of the attached software ("Contribution") are developed by
14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
19 * ECC cipher suite support in OpenSSL originally written by
20 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
23 /* ====================================================================
24 * Copyright 2005 Nokia. All rights reserved.
26 * The portions of the attached software ("Contribution") is developed by
27 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
30 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
31 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
32 * support (see RFC 4279) to OpenSSL.
34 * No patent licenses or other rights except those expressly stated in
35 * the OpenSSL open source license shall be deemed granted or received
36 * expressly, by implication, estoppel, or otherwise.
38 * No assurances are provided by Nokia that the Contribution does not
39 * infringe the patent or other intellectual property rights of any third
40 * party or that the license provides you with all the necessary rights
41 * to make use of the Contribution.
43 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
44 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
45 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
46 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
51 #include <openssl/objects.h>
53 #include <openssl/md5.h>
54 #include <openssl/dh.h>
55 #include <openssl/rand.h>
57 #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
60 * The list of available ciphers, mostly organized into the following
65 * SRP (within that: RSA EC PSK)
66 * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
69 static SSL_CIPHER ssl3_ciphers[] = {
72 SSL3_TXT_RSA_NULL_MD5,
78 SSL3_VERSION, TLS1_2_VERSION,
79 DTLS1_BAD_VER, DTLS1_2_VERSION,
81 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
87 SSL3_TXT_RSA_NULL_SHA,
93 SSL3_VERSION, TLS1_2_VERSION,
94 DTLS1_BAD_VER, DTLS1_2_VERSION,
95 SSL_STRONG_NONE | SSL_FIPS,
96 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
100 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
103 SSL3_TXT_RSA_DES_192_CBC3_SHA,
104 SSL3_CK_RSA_DES_192_CBC3_SHA,
109 SSL3_VERSION, TLS1_2_VERSION,
110 DTLS1_BAD_VER, DTLS1_2_VERSION,
111 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
112 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
118 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
119 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
124 SSL3_VERSION, TLS1_2_VERSION,
125 DTLS1_BAD_VER, DTLS1_2_VERSION,
126 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
127 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
133 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
134 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
139 SSL3_VERSION, TLS1_2_VERSION,
140 DTLS1_BAD_VER, DTLS1_2_VERSION,
141 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
142 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
148 SSL3_TXT_ADH_DES_192_CBC_SHA,
149 SSL3_CK_ADH_DES_192_CBC_SHA,
154 SSL3_VERSION, TLS1_2_VERSION,
155 DTLS1_BAD_VER, DTLS1_2_VERSION,
156 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
157 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
164 TLS1_TXT_RSA_WITH_AES_128_SHA,
165 TLS1_CK_RSA_WITH_AES_128_SHA,
170 SSL3_VERSION, TLS1_2_VERSION,
171 DTLS1_BAD_VER, DTLS1_2_VERSION,
173 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
179 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
180 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
185 SSL3_VERSION, TLS1_2_VERSION,
186 DTLS1_BAD_VER, DTLS1_2_VERSION,
187 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
188 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
194 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
195 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
200 SSL3_VERSION, TLS1_2_VERSION,
201 DTLS1_BAD_VER, DTLS1_2_VERSION,
203 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
209 TLS1_TXT_ADH_WITH_AES_128_SHA,
210 TLS1_CK_ADH_WITH_AES_128_SHA,
215 SSL3_VERSION, TLS1_2_VERSION,
216 DTLS1_BAD_VER, DTLS1_2_VERSION,
217 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
218 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
224 TLS1_TXT_RSA_WITH_AES_256_SHA,
225 TLS1_CK_RSA_WITH_AES_256_SHA,
230 SSL3_VERSION, TLS1_2_VERSION,
231 DTLS1_BAD_VER, DTLS1_2_VERSION,
233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
239 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
240 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
245 SSL3_VERSION, TLS1_2_VERSION,
246 DTLS1_BAD_VER, DTLS1_2_VERSION,
247 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
248 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
254 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
255 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
260 SSL3_VERSION, TLS1_2_VERSION,
261 DTLS1_BAD_VER, DTLS1_2_VERSION,
263 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
269 TLS1_TXT_ADH_WITH_AES_256_SHA,
270 TLS1_CK_ADH_WITH_AES_256_SHA,
275 SSL3_VERSION, TLS1_2_VERSION,
276 DTLS1_BAD_VER, DTLS1_2_VERSION,
277 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
278 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
284 TLS1_TXT_RSA_WITH_NULL_SHA256,
285 TLS1_CK_RSA_WITH_NULL_SHA256,
290 TLS1_2_VERSION, TLS1_2_VERSION,
291 DTLS1_2_VERSION, DTLS1_2_VERSION,
292 SSL_STRONG_NONE | SSL_FIPS,
293 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
299 TLS1_TXT_RSA_WITH_AES_128_SHA256,
300 TLS1_CK_RSA_WITH_AES_128_SHA256,
305 TLS1_2_VERSION, TLS1_2_VERSION,
306 DTLS1_2_VERSION, DTLS1_2_VERSION,
308 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
314 TLS1_TXT_RSA_WITH_AES_256_SHA256,
315 TLS1_CK_RSA_WITH_AES_256_SHA256,
320 TLS1_2_VERSION, TLS1_2_VERSION,
321 DTLS1_2_VERSION, DTLS1_2_VERSION,
323 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
329 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
330 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
335 TLS1_2_VERSION, TLS1_2_VERSION,
336 DTLS1_2_VERSION, DTLS1_2_VERSION,
337 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
338 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
344 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
345 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
350 TLS1_2_VERSION, TLS1_2_VERSION,
351 DTLS1_2_VERSION, DTLS1_2_VERSION,
353 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
359 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
360 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
365 TLS1_2_VERSION, TLS1_2_VERSION,
366 DTLS1_2_VERSION, DTLS1_2_VERSION,
367 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
368 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
374 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
375 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
380 TLS1_2_VERSION, TLS1_2_VERSION,
381 DTLS1_2_VERSION, DTLS1_2_VERSION,
383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
389 TLS1_TXT_ADH_WITH_AES_128_SHA256,
390 TLS1_CK_ADH_WITH_AES_128_SHA256,
395 TLS1_2_VERSION, TLS1_2_VERSION,
396 DTLS1_2_VERSION, DTLS1_2_VERSION,
397 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
398 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
404 TLS1_TXT_ADH_WITH_AES_256_SHA256,
405 TLS1_CK_ADH_WITH_AES_256_SHA256,
410 TLS1_2_VERSION, TLS1_2_VERSION,
411 DTLS1_2_VERSION, DTLS1_2_VERSION,
412 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
413 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
419 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
420 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
425 TLS1_2_VERSION, TLS1_2_VERSION,
426 DTLS1_2_VERSION, DTLS1_2_VERSION,
428 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
434 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
435 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
440 TLS1_2_VERSION, TLS1_2_VERSION,
441 DTLS1_2_VERSION, DTLS1_2_VERSION,
443 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
449 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
450 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
455 TLS1_2_VERSION, TLS1_2_VERSION,
456 DTLS1_2_VERSION, DTLS1_2_VERSION,
458 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
464 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
465 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
470 TLS1_2_VERSION, TLS1_2_VERSION,
471 DTLS1_2_VERSION, DTLS1_2_VERSION,
473 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
479 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
485 TLS1_2_VERSION, TLS1_2_VERSION,
486 DTLS1_2_VERSION, DTLS1_2_VERSION,
487 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
488 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
494 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
495 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
500 TLS1_2_VERSION, TLS1_2_VERSION,
501 DTLS1_2_VERSION, DTLS1_2_VERSION,
502 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
503 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
509 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
510 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
515 TLS1_2_VERSION, TLS1_2_VERSION,
516 DTLS1_2_VERSION, DTLS1_2_VERSION,
517 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
518 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
524 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
525 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
530 TLS1_2_VERSION, TLS1_2_VERSION,
531 DTLS1_2_VERSION, DTLS1_2_VERSION,
532 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
533 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
539 TLS1_TXT_RSA_WITH_AES_128_CCM,
540 TLS1_CK_RSA_WITH_AES_128_CCM,
545 TLS1_2_VERSION, TLS1_2_VERSION,
546 DTLS1_2_VERSION, DTLS1_2_VERSION,
547 SSL_NOT_DEFAULT | SSL_HIGH,
548 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
554 TLS1_TXT_RSA_WITH_AES_256_CCM,
555 TLS1_CK_RSA_WITH_AES_256_CCM,
560 TLS1_2_VERSION, TLS1_2_VERSION,
561 DTLS1_2_VERSION, DTLS1_2_VERSION,
562 SSL_NOT_DEFAULT | SSL_HIGH,
563 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
569 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
570 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
575 TLS1_2_VERSION, TLS1_2_VERSION,
576 DTLS1_2_VERSION, DTLS1_2_VERSION,
577 SSL_NOT_DEFAULT | SSL_HIGH,
578 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
584 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
585 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
590 TLS1_2_VERSION, TLS1_2_VERSION,
591 DTLS1_2_VERSION, DTLS1_2_VERSION,
592 SSL_NOT_DEFAULT | SSL_HIGH,
593 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
599 TLS1_TXT_RSA_WITH_AES_128_CCM_8,
600 TLS1_CK_RSA_WITH_AES_128_CCM_8,
605 TLS1_2_VERSION, TLS1_2_VERSION,
606 DTLS1_2_VERSION, DTLS1_2_VERSION,
607 SSL_NOT_DEFAULT | SSL_HIGH,
608 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
614 TLS1_TXT_RSA_WITH_AES_256_CCM_8,
615 TLS1_CK_RSA_WITH_AES_256_CCM_8,
620 TLS1_2_VERSION, TLS1_2_VERSION,
621 DTLS1_2_VERSION, DTLS1_2_VERSION,
622 SSL_NOT_DEFAULT | SSL_HIGH,
623 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
629 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
630 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
635 TLS1_2_VERSION, TLS1_2_VERSION,
636 DTLS1_2_VERSION, DTLS1_2_VERSION,
637 SSL_NOT_DEFAULT | SSL_HIGH,
638 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
644 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
645 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
650 TLS1_2_VERSION, TLS1_2_VERSION,
651 DTLS1_2_VERSION, DTLS1_2_VERSION,
652 SSL_NOT_DEFAULT | SSL_HIGH,
653 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
659 TLS1_TXT_PSK_WITH_AES_128_CCM,
660 TLS1_CK_PSK_WITH_AES_128_CCM,
665 TLS1_2_VERSION, TLS1_2_VERSION,
666 DTLS1_2_VERSION, DTLS1_2_VERSION,
667 SSL_NOT_DEFAULT | SSL_HIGH,
668 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
674 TLS1_TXT_PSK_WITH_AES_256_CCM,
675 TLS1_CK_PSK_WITH_AES_256_CCM,
680 TLS1_2_VERSION, TLS1_2_VERSION,
681 DTLS1_2_VERSION, DTLS1_2_VERSION,
682 SSL_NOT_DEFAULT | SSL_HIGH,
683 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
689 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
690 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
695 TLS1_2_VERSION, TLS1_2_VERSION,
696 DTLS1_2_VERSION, DTLS1_2_VERSION,
697 SSL_NOT_DEFAULT | SSL_HIGH,
698 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
704 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
705 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
710 TLS1_2_VERSION, TLS1_2_VERSION,
711 DTLS1_2_VERSION, DTLS1_2_VERSION,
712 SSL_NOT_DEFAULT | SSL_HIGH,
713 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
719 TLS1_TXT_PSK_WITH_AES_128_CCM_8,
720 TLS1_CK_PSK_WITH_AES_128_CCM_8,
725 TLS1_2_VERSION, TLS1_2_VERSION,
726 DTLS1_2_VERSION, DTLS1_2_VERSION,
727 SSL_NOT_DEFAULT | SSL_HIGH,
728 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
734 TLS1_TXT_PSK_WITH_AES_256_CCM_8,
735 TLS1_CK_PSK_WITH_AES_256_CCM_8,
740 TLS1_2_VERSION, TLS1_2_VERSION,
741 DTLS1_2_VERSION, DTLS1_2_VERSION,
742 SSL_NOT_DEFAULT | SSL_HIGH,
743 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
749 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
750 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
755 TLS1_2_VERSION, TLS1_2_VERSION,
756 DTLS1_2_VERSION, DTLS1_2_VERSION,
757 SSL_NOT_DEFAULT | SSL_HIGH,
758 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
764 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
765 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
770 TLS1_2_VERSION, TLS1_2_VERSION,
771 DTLS1_2_VERSION, DTLS1_2_VERSION,
772 SSL_NOT_DEFAULT | SSL_HIGH,
773 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
779 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
780 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
785 TLS1_2_VERSION, TLS1_2_VERSION,
786 DTLS1_2_VERSION, DTLS1_2_VERSION,
787 SSL_NOT_DEFAULT | SSL_HIGH,
788 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
794 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
795 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
800 TLS1_2_VERSION, TLS1_2_VERSION,
801 DTLS1_2_VERSION, DTLS1_2_VERSION,
802 SSL_NOT_DEFAULT | SSL_HIGH,
803 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
809 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
810 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
815 TLS1_2_VERSION, TLS1_2_VERSION,
816 DTLS1_2_VERSION, DTLS1_2_VERSION,
817 SSL_NOT_DEFAULT | SSL_HIGH,
818 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
824 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
825 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
830 TLS1_2_VERSION, TLS1_2_VERSION,
831 DTLS1_2_VERSION, DTLS1_2_VERSION,
832 SSL_NOT_DEFAULT | SSL_HIGH,
833 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
838 #ifndef OPENSSL_NO_EC
841 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
842 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
847 SSL3_VERSION, TLS1_2_VERSION,
848 DTLS1_BAD_VER, DTLS1_2_VERSION,
849 SSL_STRONG_NONE | SSL_FIPS,
850 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
854 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
857 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
858 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
863 SSL3_VERSION, TLS1_2_VERSION,
864 DTLS1_BAD_VER, DTLS1_2_VERSION,
865 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
866 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
873 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
874 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
879 SSL3_VERSION, TLS1_2_VERSION,
880 DTLS1_BAD_VER, DTLS1_2_VERSION,
882 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
888 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
889 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
894 SSL3_VERSION, TLS1_2_VERSION,
895 DTLS1_BAD_VER, DTLS1_2_VERSION,
897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
903 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
904 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
909 SSL3_VERSION, TLS1_2_VERSION,
910 DTLS1_BAD_VER, DTLS1_2_VERSION,
911 SSL_STRONG_NONE | SSL_FIPS,
912 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
916 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
919 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
920 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
925 SSL3_VERSION, TLS1_2_VERSION,
926 DTLS1_BAD_VER, DTLS1_2_VERSION,
927 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
928 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
935 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
936 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
941 SSL3_VERSION, TLS1_2_VERSION,
942 DTLS1_BAD_VER, DTLS1_2_VERSION,
944 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
950 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
951 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
956 SSL3_VERSION, TLS1_2_VERSION,
957 DTLS1_BAD_VER, DTLS1_2_VERSION,
959 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
965 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
966 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
971 SSL3_VERSION, TLS1_2_VERSION,
972 DTLS1_BAD_VER, DTLS1_2_VERSION,
973 SSL_STRONG_NONE | SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
978 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
981 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
982 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
987 SSL3_VERSION, TLS1_2_VERSION,
988 DTLS1_BAD_VER, DTLS1_2_VERSION,
989 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
990 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
997 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
998 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1003 SSL3_VERSION, TLS1_2_VERSION,
1004 DTLS1_BAD_VER, DTLS1_2_VERSION,
1005 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1006 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1012 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1013 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1018 SSL3_VERSION, TLS1_2_VERSION,
1019 DTLS1_BAD_VER, DTLS1_2_VERSION,
1020 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1027 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1028 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1033 TLS1_2_VERSION, TLS1_2_VERSION,
1034 DTLS1_2_VERSION, DTLS1_2_VERSION,
1035 SSL_HIGH | SSL_FIPS,
1036 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1042 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1043 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1048 TLS1_2_VERSION, TLS1_2_VERSION,
1049 DTLS1_2_VERSION, DTLS1_2_VERSION,
1050 SSL_HIGH | SSL_FIPS,
1051 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1057 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1058 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1063 TLS1_2_VERSION, TLS1_2_VERSION,
1064 DTLS1_2_VERSION, DTLS1_2_VERSION,
1065 SSL_HIGH | SSL_FIPS,
1066 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1072 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1073 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1078 TLS1_2_VERSION, TLS1_2_VERSION,
1079 DTLS1_2_VERSION, DTLS1_2_VERSION,
1080 SSL_HIGH | SSL_FIPS,
1081 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1087 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1088 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1093 TLS1_2_VERSION, TLS1_2_VERSION,
1094 DTLS1_2_VERSION, DTLS1_2_VERSION,
1095 SSL_HIGH | SSL_FIPS,
1096 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1102 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1103 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1108 TLS1_2_VERSION, TLS1_2_VERSION,
1109 DTLS1_2_VERSION, DTLS1_2_VERSION,
1110 SSL_HIGH | SSL_FIPS,
1111 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1117 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1118 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1123 TLS1_2_VERSION, TLS1_2_VERSION,
1124 DTLS1_2_VERSION, DTLS1_2_VERSION,
1125 SSL_HIGH | SSL_FIPS,
1126 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1132 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1133 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1138 TLS1_2_VERSION, TLS1_2_VERSION,
1139 DTLS1_2_VERSION, DTLS1_2_VERSION,
1140 SSL_HIGH | SSL_FIPS,
1141 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1145 #endif /* OPENSSL_NO_EC */
1147 #ifndef OPENSSL_NO_PSK
1150 TLS1_TXT_PSK_WITH_NULL_SHA,
1151 TLS1_CK_PSK_WITH_NULL_SHA,
1156 SSL3_VERSION, TLS1_2_VERSION,
1157 DTLS1_BAD_VER, DTLS1_2_VERSION,
1158 SSL_STRONG_NONE | SSL_FIPS,
1159 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1165 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1166 TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1171 SSL3_VERSION, TLS1_2_VERSION,
1172 DTLS1_BAD_VER, DTLS1_2_VERSION,
1173 SSL_STRONG_NONE | SSL_FIPS,
1174 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1180 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1181 TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1186 SSL3_VERSION, TLS1_2_VERSION,
1187 DTLS1_BAD_VER, DTLS1_2_VERSION,
1188 SSL_STRONG_NONE | SSL_FIPS,
1189 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1193 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1196 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1197 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1202 SSL3_VERSION, TLS1_2_VERSION,
1203 DTLS1_BAD_VER, DTLS1_2_VERSION,
1204 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1205 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1212 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1213 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1218 SSL3_VERSION, TLS1_2_VERSION,
1219 DTLS1_BAD_VER, DTLS1_2_VERSION,
1220 SSL_HIGH | SSL_FIPS,
1221 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1227 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1228 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1233 SSL3_VERSION, TLS1_2_VERSION,
1234 DTLS1_BAD_VER, DTLS1_2_VERSION,
1235 SSL_HIGH | SSL_FIPS,
1236 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1240 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1243 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1244 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1249 SSL3_VERSION, TLS1_2_VERSION,
1250 DTLS1_BAD_VER, DTLS1_2_VERSION,
1251 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1252 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1259 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1260 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1265 SSL3_VERSION, TLS1_2_VERSION,
1266 DTLS1_BAD_VER, DTLS1_2_VERSION,
1267 SSL_HIGH | SSL_FIPS,
1268 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1274 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1275 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1280 SSL3_VERSION, TLS1_2_VERSION,
1281 DTLS1_BAD_VER, DTLS1_2_VERSION,
1282 SSL_HIGH | SSL_FIPS,
1283 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1287 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1290 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1291 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1296 SSL3_VERSION, TLS1_2_VERSION,
1297 DTLS1_BAD_VER, DTLS1_2_VERSION,
1298 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1299 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1306 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1307 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1312 SSL3_VERSION, TLS1_2_VERSION,
1313 DTLS1_BAD_VER, DTLS1_2_VERSION,
1314 SSL_HIGH | SSL_FIPS,
1315 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1321 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1322 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1327 SSL3_VERSION, TLS1_2_VERSION,
1328 DTLS1_BAD_VER, DTLS1_2_VERSION,
1329 SSL_HIGH | SSL_FIPS,
1330 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1336 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1337 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1342 TLS1_2_VERSION, TLS1_2_VERSION,
1343 DTLS1_2_VERSION, DTLS1_2_VERSION,
1344 SSL_HIGH | SSL_FIPS,
1345 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1351 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1352 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1357 TLS1_2_VERSION, TLS1_2_VERSION,
1358 DTLS1_2_VERSION, DTLS1_2_VERSION,
1359 SSL_HIGH | SSL_FIPS,
1360 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1366 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1367 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1372 TLS1_2_VERSION, TLS1_2_VERSION,
1373 DTLS1_2_VERSION, DTLS1_2_VERSION,
1374 SSL_HIGH | SSL_FIPS,
1375 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1381 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1382 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1387 TLS1_2_VERSION, TLS1_2_VERSION,
1388 DTLS1_2_VERSION, DTLS1_2_VERSION,
1389 SSL_HIGH | SSL_FIPS,
1390 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1396 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1397 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1402 TLS1_2_VERSION, TLS1_2_VERSION,
1403 DTLS1_2_VERSION, DTLS1_2_VERSION,
1404 SSL_HIGH | SSL_FIPS,
1405 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1411 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1412 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1417 TLS1_2_VERSION, TLS1_2_VERSION,
1418 DTLS1_2_VERSION, DTLS1_2_VERSION,
1419 SSL_HIGH | SSL_FIPS,
1420 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1426 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1427 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1432 TLS1_VERSION, TLS1_2_VERSION,
1433 DTLS1_BAD_VER, DTLS1_2_VERSION,
1434 SSL_HIGH | SSL_FIPS,
1435 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1441 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1442 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1447 TLS1_VERSION, TLS1_2_VERSION,
1448 DTLS1_BAD_VER, DTLS1_2_VERSION,
1449 SSL_HIGH | SSL_FIPS,
1450 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1456 TLS1_TXT_PSK_WITH_NULL_SHA256,
1457 TLS1_CK_PSK_WITH_NULL_SHA256,
1462 TLS1_VERSION, TLS1_2_VERSION,
1463 DTLS1_BAD_VER, DTLS1_2_VERSION,
1464 SSL_STRONG_NONE | SSL_FIPS,
1465 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1471 TLS1_TXT_PSK_WITH_NULL_SHA384,
1472 TLS1_CK_PSK_WITH_NULL_SHA384,
1477 TLS1_VERSION, TLS1_2_VERSION,
1478 DTLS1_BAD_VER, DTLS1_2_VERSION,
1479 SSL_STRONG_NONE | SSL_FIPS,
1480 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1486 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1487 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1492 TLS1_VERSION, TLS1_2_VERSION,
1493 DTLS1_BAD_VER, DTLS1_2_VERSION,
1494 SSL_HIGH | SSL_FIPS,
1495 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1501 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1502 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1507 TLS1_VERSION, TLS1_2_VERSION,
1508 DTLS1_BAD_VER, DTLS1_2_VERSION,
1509 SSL_HIGH | SSL_FIPS,
1510 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1516 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1517 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1522 TLS1_VERSION, TLS1_2_VERSION,
1523 DTLS1_BAD_VER, DTLS1_2_VERSION,
1524 SSL_STRONG_NONE | SSL_FIPS,
1525 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1531 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1532 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1537 TLS1_VERSION, TLS1_2_VERSION,
1538 DTLS1_BAD_VER, DTLS1_2_VERSION,
1539 SSL_STRONG_NONE | SSL_FIPS,
1540 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1546 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1547 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1552 TLS1_VERSION, TLS1_2_VERSION,
1553 DTLS1_BAD_VER, DTLS1_2_VERSION,
1554 SSL_HIGH | SSL_FIPS,
1555 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1561 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1562 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1567 TLS1_VERSION, TLS1_2_VERSION,
1568 DTLS1_BAD_VER, DTLS1_2_VERSION,
1569 SSL_HIGH | SSL_FIPS,
1570 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1576 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1577 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1582 TLS1_VERSION, TLS1_2_VERSION,
1583 DTLS1_BAD_VER, DTLS1_2_VERSION,
1584 SSL_STRONG_NONE | SSL_FIPS,
1585 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1591 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1592 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1597 TLS1_VERSION, TLS1_2_VERSION,
1598 DTLS1_BAD_VER, DTLS1_2_VERSION,
1599 SSL_STRONG_NONE | SSL_FIPS,
1600 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1604 # ifndef OPENSSL_NO_EC
1605 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1608 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1609 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1614 SSL3_VERSION, TLS1_2_VERSION,
1615 DTLS1_BAD_VER, DTLS1_2_VERSION,
1616 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1617 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1624 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1625 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1630 SSL3_VERSION, TLS1_2_VERSION,
1631 DTLS1_BAD_VER, DTLS1_2_VERSION,
1632 SSL_HIGH | SSL_FIPS,
1633 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1639 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1640 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1645 SSL3_VERSION, TLS1_2_VERSION,
1646 DTLS1_BAD_VER, DTLS1_2_VERSION,
1647 SSL_HIGH | SSL_FIPS,
1648 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1654 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1655 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1660 TLS1_VERSION, TLS1_2_VERSION,
1661 DTLS1_BAD_VER, DTLS1_2_VERSION,
1662 SSL_HIGH | SSL_FIPS,
1663 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1669 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1670 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1675 TLS1_VERSION, TLS1_2_VERSION,
1676 DTLS1_BAD_VER, DTLS1_2_VERSION,
1677 SSL_HIGH | SSL_FIPS,
1678 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1684 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1685 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1690 SSL3_VERSION, TLS1_2_VERSION,
1691 DTLS1_BAD_VER, DTLS1_2_VERSION,
1692 SSL_STRONG_NONE | SSL_FIPS,
1693 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1699 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1700 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1705 TLS1_VERSION, TLS1_2_VERSION,
1706 DTLS1_BAD_VER, DTLS1_2_VERSION,
1707 SSL_STRONG_NONE | SSL_FIPS,
1708 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1714 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1715 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1720 TLS1_VERSION, TLS1_2_VERSION,
1721 DTLS1_BAD_VER, DTLS1_2_VERSION,
1722 SSL_STRONG_NONE | SSL_FIPS,
1723 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1727 # endif /* OPENSSL_NO_EC */
1728 #endif /* OPENSSL_NO_PSK */
1730 #ifndef OPENSSL_NO_SRP
1731 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1734 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1735 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1740 SSL3_VERSION, TLS1_2_VERSION,
1741 DTLS1_BAD_VER, DTLS1_2_VERSION,
1742 SSL_NOT_DEFAULT | SSL_MEDIUM,
1743 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1749 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1750 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1755 SSL3_VERSION, TLS1_2_VERSION,
1756 DTLS1_BAD_VER, DTLS1_2_VERSION,
1757 SSL_NOT_DEFAULT | SSL_MEDIUM,
1758 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1764 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1765 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1770 SSL3_VERSION, TLS1_2_VERSION,
1771 DTLS1_BAD_VER, DTLS1_2_VERSION,
1772 SSL_NOT_DEFAULT | SSL_MEDIUM,
1773 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1780 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1781 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1786 SSL3_VERSION, TLS1_2_VERSION,
1787 DTLS1_BAD_VER, DTLS1_2_VERSION,
1789 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1795 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1796 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1801 SSL3_VERSION, TLS1_2_VERSION,
1802 DTLS1_BAD_VER, DTLS1_2_VERSION,
1804 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1810 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1811 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1816 SSL3_VERSION, TLS1_2_VERSION,
1817 DTLS1_BAD_VER, DTLS1_2_VERSION,
1818 SSL_NOT_DEFAULT | SSL_HIGH,
1819 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1825 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1826 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
1831 SSL3_VERSION, TLS1_2_VERSION,
1832 DTLS1_BAD_VER, DTLS1_2_VERSION,
1834 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1840 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1841 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
1846 SSL3_VERSION, TLS1_2_VERSION,
1847 DTLS1_BAD_VER, DTLS1_2_VERSION,
1849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1855 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1856 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
1861 SSL3_VERSION, TLS1_2_VERSION,
1862 DTLS1_BAD_VER, DTLS1_2_VERSION,
1863 SSL_NOT_DEFAULT | SSL_HIGH,
1864 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1868 #endif /* OPENSSL_NO_SRP */
1870 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1871 # ifndef OPENSSL_NO_RSA
1874 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1875 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
1878 SSL_CHACHA20POLY1305,
1880 TLS1_2_VERSION, TLS1_2_VERSION,
1881 DTLS1_2_VERSION, DTLS1_2_VERSION,
1883 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1887 # endif /* OPENSSL_NO_RSA */
1889 # ifndef OPENSSL_NO_EC
1892 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1893 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1896 SSL_CHACHA20POLY1305,
1898 TLS1_2_VERSION, TLS1_2_VERSION,
1899 DTLS1_2_VERSION, DTLS1_2_VERSION,
1901 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1907 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1908 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1911 SSL_CHACHA20POLY1305,
1913 TLS1_2_VERSION, TLS1_2_VERSION,
1914 DTLS1_2_VERSION, DTLS1_2_VERSION,
1916 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1920 # endif /* OPENSSL_NO_EC */
1922 # ifndef OPENSSL_NO_PSK
1925 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
1926 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
1929 SSL_CHACHA20POLY1305,
1931 TLS1_2_VERSION, TLS1_2_VERSION,
1932 DTLS1_2_VERSION, DTLS1_2_VERSION,
1934 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1940 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1941 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
1944 SSL_CHACHA20POLY1305,
1946 TLS1_2_VERSION, TLS1_2_VERSION,
1947 DTLS1_2_VERSION, DTLS1_2_VERSION,
1949 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1955 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
1956 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
1959 SSL_CHACHA20POLY1305,
1961 TLS1_2_VERSION, TLS1_2_VERSION,
1962 DTLS1_2_VERSION, DTLS1_2_VERSION,
1964 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1970 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
1971 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
1974 SSL_CHACHA20POLY1305,
1976 TLS1_2_VERSION, TLS1_2_VERSION,
1977 DTLS1_2_VERSION, DTLS1_2_VERSION,
1979 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1983 # endif /* OPENSSL_NO_PSK */
1984 #endif /* !defined(OPENSSL_NO_CHACHA) &&
1985 * !defined(OPENSSL_NO_POLY1305) */
1987 #ifndef OPENSSL_NO_CAMELLIA
1990 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1991 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1996 TLS1_2_VERSION, TLS1_2_VERSION,
1997 DTLS1_2_VERSION, DTLS1_2_VERSION,
1998 SSL_NOT_DEFAULT | SSL_HIGH,
1999 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2005 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2006 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2011 TLS1_2_VERSION, TLS1_2_VERSION,
2012 DTLS1_2_VERSION, DTLS1_2_VERSION,
2013 SSL_NOT_DEFAULT | SSL_HIGH,
2014 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2020 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2021 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2026 TLS1_2_VERSION, TLS1_2_VERSION,
2027 DTLS1_2_VERSION, DTLS1_2_VERSION,
2028 SSL_NOT_DEFAULT | SSL_HIGH,
2029 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2035 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2036 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2041 TLS1_2_VERSION, TLS1_2_VERSION,
2042 DTLS1_2_VERSION, DTLS1_2_VERSION,
2043 SSL_NOT_DEFAULT | SSL_HIGH,
2044 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2050 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2051 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2056 TLS1_2_VERSION, TLS1_2_VERSION,
2057 DTLS1_2_VERSION, DTLS1_2_VERSION,
2058 SSL_NOT_DEFAULT | SSL_HIGH,
2059 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2065 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2066 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2071 TLS1_2_VERSION, TLS1_2_VERSION,
2072 DTLS1_2_VERSION, DTLS1_2_VERSION,
2073 SSL_NOT_DEFAULT | SSL_HIGH,
2074 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2080 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2081 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2086 TLS1_2_VERSION, TLS1_2_VERSION,
2087 DTLS1_2_VERSION, DTLS1_2_VERSION,
2088 SSL_NOT_DEFAULT | SSL_HIGH,
2089 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2095 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2096 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2101 TLS1_2_VERSION, TLS1_2_VERSION,
2102 DTLS1_2_VERSION, DTLS1_2_VERSION,
2103 SSL_NOT_DEFAULT | SSL_HIGH,
2104 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2110 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2111 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2116 SSL3_VERSION, TLS1_2_VERSION,
2117 DTLS1_BAD_VER, DTLS1_2_VERSION,
2118 SSL_NOT_DEFAULT | SSL_HIGH,
2119 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2125 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2126 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2131 SSL3_VERSION, TLS1_2_VERSION,
2132 DTLS1_BAD_VER, DTLS1_2_VERSION,
2133 SSL_NOT_DEFAULT | SSL_HIGH,
2134 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2140 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2141 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2146 SSL3_VERSION, TLS1_2_VERSION,
2147 DTLS1_BAD_VER, DTLS1_2_VERSION,
2148 SSL_NOT_DEFAULT | SSL_HIGH,
2149 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2155 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2156 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2161 SSL3_VERSION, TLS1_2_VERSION,
2162 DTLS1_BAD_VER, DTLS1_2_VERSION,
2163 SSL_NOT_DEFAULT | SSL_HIGH,
2164 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2170 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2171 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2176 SSL3_VERSION, TLS1_2_VERSION,
2177 DTLS1_BAD_VER, DTLS1_2_VERSION,
2178 SSL_NOT_DEFAULT | SSL_HIGH,
2179 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2185 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2186 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2191 SSL3_VERSION, TLS1_2_VERSION,
2192 DTLS1_BAD_VER, DTLS1_2_VERSION,
2193 SSL_NOT_DEFAULT | SSL_HIGH,
2194 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2200 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2201 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2206 SSL3_VERSION, TLS1_2_VERSION,
2207 DTLS1_BAD_VER, DTLS1_2_VERSION,
2208 SSL_NOT_DEFAULT | SSL_HIGH,
2209 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2215 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2216 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2221 SSL3_VERSION, TLS1_2_VERSION,
2222 DTLS1_BAD_VER, DTLS1_2_VERSION,
2223 SSL_NOT_DEFAULT | SSL_HIGH,
2224 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2229 # ifndef OPENSSL_NO_EC
2232 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2233 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2238 TLS1_2_VERSION, TLS1_2_VERSION,
2239 DTLS1_2_VERSION, DTLS1_2_VERSION,
2240 SSL_NOT_DEFAULT | SSL_HIGH,
2241 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2247 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2248 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2253 TLS1_2_VERSION, TLS1_2_VERSION,
2254 DTLS1_2_VERSION, DTLS1_2_VERSION,
2255 SSL_NOT_DEFAULT | SSL_HIGH,
2256 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2262 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2263 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2268 TLS1_2_VERSION, TLS1_2_VERSION,
2269 DTLS1_2_VERSION, DTLS1_2_VERSION,
2270 SSL_NOT_DEFAULT | SSL_HIGH,
2271 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2277 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2278 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2283 TLS1_2_VERSION, TLS1_2_VERSION,
2284 DTLS1_2_VERSION, DTLS1_2_VERSION,
2285 SSL_NOT_DEFAULT | SSL_HIGH,
2286 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2290 # endif /* OPENSSL_NO_EC */
2292 # ifndef OPENSSL_NO_PSK
2295 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2296 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2301 TLS1_VERSION, TLS1_2_VERSION,
2302 DTLS1_BAD_VER, DTLS1_2_VERSION,
2303 SSL_NOT_DEFAULT | SSL_HIGH,
2304 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2310 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2311 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2316 TLS1_VERSION, TLS1_2_VERSION,
2317 DTLS1_BAD_VER, DTLS1_2_VERSION,
2318 SSL_NOT_DEFAULT | SSL_HIGH,
2319 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2325 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2326 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2331 TLS1_VERSION, TLS1_2_VERSION,
2332 DTLS1_BAD_VER, DTLS1_2_VERSION,
2333 SSL_NOT_DEFAULT | SSL_HIGH,
2334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2340 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2341 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2346 TLS1_VERSION, TLS1_2_VERSION,
2347 DTLS1_BAD_VER, DTLS1_2_VERSION,
2348 SSL_NOT_DEFAULT | SSL_HIGH,
2349 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2355 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2356 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2361 TLS1_VERSION, TLS1_2_VERSION,
2362 DTLS1_BAD_VER, DTLS1_2_VERSION,
2363 SSL_NOT_DEFAULT | SSL_HIGH,
2364 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2370 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2371 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2376 TLS1_VERSION, TLS1_2_VERSION,
2377 DTLS1_BAD_VER, DTLS1_2_VERSION,
2378 SSL_NOT_DEFAULT | SSL_HIGH,
2379 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2385 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2386 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2391 TLS1_VERSION, TLS1_2_VERSION,
2392 DTLS1_BAD_VER, DTLS1_2_VERSION,
2393 SSL_NOT_DEFAULT | SSL_HIGH,
2394 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2400 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2401 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2406 TLS1_VERSION, TLS1_2_VERSION,
2407 DTLS1_BAD_VER, DTLS1_2_VERSION,
2408 SSL_NOT_DEFAULT | SSL_HIGH,
2409 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2413 # endif /* OPENSSL_NO_PSK */
2415 #endif /* OPENSSL_NO_CAMELLIA */
2417 #ifndef OPENSSL_NO_GOST
2420 "GOST2001-GOST89-GOST89",
2424 SSL_eGOST2814789CNT,
2426 TLS1_VERSION, TLS1_2_VERSION,
2429 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2435 "GOST2001-NULL-GOST94",
2441 TLS1_VERSION, TLS1_2_VERSION,
2444 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2450 "GOST2012-GOST8912-GOST8912",
2453 SSL_aGOST12 | SSL_aGOST01,
2454 SSL_eGOST2814789CNT12,
2456 TLS1_VERSION, TLS1_2_VERSION,
2459 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2465 "GOST2012-NULL-GOST12",
2468 SSL_aGOST12 | SSL_aGOST01,
2471 TLS1_VERSION, TLS1_2_VERSION,
2474 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2478 #endif /* OPENSSL_NO_GOST */
2480 #ifndef OPENSSL_NO_IDEA
2483 SSL3_TXT_RSA_IDEA_128_SHA,
2484 SSL3_CK_RSA_IDEA_128_SHA,
2489 SSL3_VERSION, TLS1_1_VERSION,
2490 DTLS1_BAD_VER, DTLS1_VERSION,
2491 SSL_NOT_DEFAULT | SSL_MEDIUM,
2492 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2498 #ifndef OPENSSL_NO_SEED
2501 TLS1_TXT_RSA_WITH_SEED_SHA,
2502 TLS1_CK_RSA_WITH_SEED_SHA,
2507 SSL3_VERSION, TLS1_2_VERSION,
2508 DTLS1_BAD_VER, DTLS1_2_VERSION,
2509 SSL_NOT_DEFAULT | SSL_MEDIUM,
2510 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2516 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2517 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2522 SSL3_VERSION, TLS1_2_VERSION,
2523 DTLS1_BAD_VER, DTLS1_2_VERSION,
2524 SSL_NOT_DEFAULT | SSL_MEDIUM,
2525 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2531 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2532 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2537 SSL3_VERSION, TLS1_2_VERSION,
2538 DTLS1_BAD_VER, DTLS1_2_VERSION,
2539 SSL_NOT_DEFAULT | SSL_MEDIUM,
2540 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2546 TLS1_TXT_ADH_WITH_SEED_SHA,
2547 TLS1_CK_ADH_WITH_SEED_SHA,
2552 SSL3_VERSION, TLS1_2_VERSION,
2553 DTLS1_BAD_VER, DTLS1_2_VERSION,
2554 SSL_NOT_DEFAULT | SSL_MEDIUM,
2555 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2559 #endif /* OPENSSL_NO_SEED */
2561 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2564 SSL3_TXT_RSA_RC4_128_MD5,
2565 SSL3_CK_RSA_RC4_128_MD5,
2570 SSL3_VERSION, TLS1_2_VERSION,
2572 SSL_NOT_DEFAULT | SSL_MEDIUM,
2573 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2579 SSL3_TXT_RSA_RC4_128_SHA,
2580 SSL3_CK_RSA_RC4_128_SHA,
2585 SSL3_VERSION, TLS1_2_VERSION,
2587 SSL_NOT_DEFAULT | SSL_MEDIUM,
2588 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2594 SSL3_TXT_ADH_RC4_128_MD5,
2595 SSL3_CK_ADH_RC4_128_MD5,
2600 SSL3_VERSION, TLS1_2_VERSION,
2602 SSL_NOT_DEFAULT | SSL_MEDIUM,
2603 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2608 # ifndef OPENSSL_NO_EC
2611 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2612 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2617 SSL3_VERSION, TLS1_2_VERSION,
2619 SSL_NOT_DEFAULT | SSL_MEDIUM,
2620 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2626 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2627 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2632 SSL3_VERSION, TLS1_2_VERSION,
2634 SSL_NOT_DEFAULT | SSL_MEDIUM,
2635 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2641 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2642 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2647 SSL3_VERSION, TLS1_2_VERSION,
2649 SSL_NOT_DEFAULT | SSL_MEDIUM,
2650 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2656 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2657 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2662 SSL3_VERSION, TLS1_2_VERSION,
2664 SSL_NOT_DEFAULT | SSL_MEDIUM,
2665 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2669 # endif /* OPENSSL_NO_EC */
2671 # ifndef OPENSSL_NO_PSK
2674 TLS1_TXT_PSK_WITH_RC4_128_SHA,
2675 TLS1_CK_PSK_WITH_RC4_128_SHA,
2680 SSL3_VERSION, TLS1_2_VERSION,
2682 SSL_NOT_DEFAULT | SSL_MEDIUM,
2683 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2689 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2690 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2695 SSL3_VERSION, TLS1_2_VERSION,
2697 SSL_NOT_DEFAULT | SSL_MEDIUM,
2698 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2704 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2705 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
2710 SSL3_VERSION, TLS1_2_VERSION,
2712 SSL_NOT_DEFAULT | SSL_MEDIUM,
2713 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2717 # endif /* OPENSSL_NO_PSK */
2719 #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2723 static int cipher_compare(const void *a, const void *b)
2725 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
2726 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
2728 return ap->id - bp->id;
2731 void ssl_sort_cipher_list(void)
2733 qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
2737 const SSL3_ENC_METHOD SSLv3_enc_data = {
2740 ssl3_setup_key_block,
2741 ssl3_generate_master_secret,
2742 ssl3_change_cipher_state,
2743 ssl3_final_finish_mac,
2744 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2745 SSL3_MD_CLIENT_FINISHED_CONST, 4,
2746 SSL3_MD_SERVER_FINISHED_CONST, 4,
2748 (int (*)(SSL *, unsigned char *, size_t, const char *,
2749 size_t, const unsigned char *, size_t,
2750 int use_context))ssl_undefined_function,
2752 SSL3_HM_HEADER_LENGTH,
2753 ssl3_set_handshake_header,
2754 ssl3_set_handshake_header2,
2755 tls_close_construct_packet,
2756 ssl3_handshake_write
2759 long ssl3_default_timeout(void)
2762 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2763 * http, the cache would over fill
2765 return (60 * 60 * 2);
2768 int ssl3_num_ciphers(void)
2770 return (SSL3_NUM_CIPHERS);
2773 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2775 if (u < SSL3_NUM_CIPHERS)
2776 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2781 int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2783 unsigned char *p = (unsigned char *)s->init_buf->data;
2786 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2793 * Temporary name. To be renamed ssl3_set_handshake_header() once all WPACKET
2794 * conversion is complete. The old ssl3_set_handshake_heder() can be deleted
2798 int ssl3_set_handshake_header2(SSL *s, WPACKET *pkt, int htype)
2800 /* Set the content type and 3 bytes for the message len */
2801 if (!WPACKET_put_bytes_u8(pkt, htype)
2802 || !WPACKET_start_sub_packet_u24(pkt))
2808 int ssl3_handshake_write(SSL *s)
2810 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2813 int ssl3_new(SSL *s)
2817 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2821 #ifndef OPENSSL_NO_SRP
2822 if (!SSL_SRP_CTX_init(s))
2825 s->method->ssl_clear(s);
2831 void ssl3_free(SSL *s)
2833 if (s == NULL || s->s3 == NULL)
2836 ssl3_cleanup_key_block(s);
2838 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2839 EVP_PKEY_free(s->s3->peer_tmp);
2840 s->s3->peer_tmp = NULL;
2841 EVP_PKEY_free(s->s3->tmp.pkey);
2842 s->s3->tmp.pkey = NULL;
2845 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2846 OPENSSL_free(s->s3->tmp.ciphers_raw);
2847 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2848 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2849 ssl3_free_digest_list(s);
2850 OPENSSL_free(s->s3->alpn_selected);
2851 OPENSSL_free(s->s3->alpn_proposed);
2853 #ifndef OPENSSL_NO_SRP
2854 SSL_SRP_CTX_free(s);
2856 OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2860 void ssl3_clear(SSL *s)
2862 ssl3_cleanup_key_block(s);
2863 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2864 OPENSSL_free(s->s3->tmp.ciphers_raw);
2865 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
2866 OPENSSL_free(s->s3->tmp.peer_sigalgs);
2868 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2869 EVP_PKEY_free(s->s3->tmp.pkey);
2870 EVP_PKEY_free(s->s3->peer_tmp);
2871 #endif /* !OPENSSL_NO_EC */
2873 ssl3_free_digest_list(s);
2875 OPENSSL_free(s->s3->alpn_selected);
2876 OPENSSL_free(s->s3->alpn_proposed);
2878 /* NULL/zero-out everything in the s3 struct */
2879 memset(s->s3, 0, sizeof(*s->s3));
2881 ssl_free_wbio_buffer(s);
2883 s->version = SSL3_VERSION;
2885 #if !defined(OPENSSL_NO_NEXTPROTONEG)
2886 OPENSSL_free(s->next_proto_negotiated);
2887 s->next_proto_negotiated = NULL;
2888 s->next_proto_negotiated_len = 0;
2892 #ifndef OPENSSL_NO_SRP
2893 static char *srp_password_from_info_cb(SSL *s, void *arg)
2895 return OPENSSL_strdup(s->srp_ctx.info);
2899 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
2901 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2906 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2908 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2909 ret = s->s3->num_renegotiations;
2911 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2912 ret = s->s3->num_renegotiations;
2913 s->s3->num_renegotiations = 0;
2915 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2916 ret = s->s3->total_renegotiations;
2918 case SSL_CTRL_GET_FLAGS:
2919 ret = (int)(s->s3->flags);
2921 #ifndef OPENSSL_NO_DH
2922 case SSL_CTRL_SET_TMP_DH:
2924 DH *dh = (DH *)parg;
2925 EVP_PKEY *pkdh = NULL;
2927 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2930 pkdh = ssl_dh_to_pkey(dh);
2932 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2935 if (!ssl_security(s, SSL_SECOP_TMP_DH,
2936 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
2937 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
2938 EVP_PKEY_free(pkdh);
2941 EVP_PKEY_free(s->cert->dh_tmp);
2942 s->cert->dh_tmp = pkdh;
2946 case SSL_CTRL_SET_TMP_DH_CB:
2948 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2951 case SSL_CTRL_SET_DH_AUTO:
2952 s->cert->dh_tmp_auto = larg;
2955 #ifndef OPENSSL_NO_EC
2956 case SSL_CTRL_SET_TMP_ECDH:
2958 const EC_GROUP *group = NULL;
2962 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2965 group = EC_KEY_get0_group((const EC_KEY *)parg);
2966 if (group == NULL) {
2967 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
2970 nid = EC_GROUP_get_curve_name(group);
2971 if (nid == NID_undef)
2973 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
2974 &s->tlsext_ellipticcurvelist_length,
2978 #endif /* !OPENSSL_NO_EC */
2979 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2980 if (larg == TLSEXT_NAMETYPE_host_name) {
2983 OPENSSL_free(s->tlsext_hostname);
2984 s->tlsext_hostname = NULL;
2989 len = strlen((char *)parg);
2990 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
2991 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2994 if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
2995 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2999 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3003 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3004 s->tlsext_debug_arg = parg;
3008 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3009 ret = s->tlsext_status_type;
3012 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3013 s->tlsext_status_type = larg;
3017 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3018 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3022 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3023 s->tlsext_ocsp_exts = parg;
3027 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3028 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3032 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3033 s->tlsext_ocsp_ids = parg;
3037 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3038 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3039 return s->tlsext_ocsp_resplen;
3041 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3042 OPENSSL_free(s->tlsext_ocsp_resp);
3043 s->tlsext_ocsp_resp = parg;
3044 s->tlsext_ocsp_resplen = larg;
3048 #ifndef OPENSSL_NO_HEARTBEATS
3049 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
3051 ret = dtls1_heartbeat(s);
3054 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
3056 ret = s->tlsext_hb_pending;
3059 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
3060 if (SSL_IS_DTLS(s)) {
3062 s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3064 s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
3070 case SSL_CTRL_CHAIN:
3072 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
3074 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
3076 case SSL_CTRL_CHAIN_CERT:
3078 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
3080 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
3082 case SSL_CTRL_GET_CHAIN_CERTS:
3083 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3086 case SSL_CTRL_SELECT_CURRENT_CERT:
3087 return ssl_cert_select_current(s->cert, (X509 *)parg);
3089 case SSL_CTRL_SET_CURRENT_CERT:
3090 if (larg == SSL_CERT_SET_SERVER) {
3092 const SSL_CIPHER *cipher;
3095 cipher = s->s3->tmp.new_cipher;
3099 * No certificate for unauthenticated ciphersuites or using SRP
3102 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3104 cpk = ssl_get_server_send_pkey(s);
3110 return ssl_cert_set_current(s->cert, larg);
3112 #ifndef OPENSSL_NO_EC
3113 case SSL_CTRL_GET_CURVES:
3115 unsigned char *clist;
3119 clist = s->session->tlsext_ellipticcurvelist;
3120 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3124 unsigned int cid, nid;
3125 for (i = 0; i < clistlen; i++) {
3127 nid = tls1_ec_curve_id2nid(cid, NULL);
3131 cptr[i] = TLSEXT_nid_unknown | cid;
3134 return (int)clistlen;
3137 case SSL_CTRL_SET_CURVES:
3138 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3139 &s->tlsext_ellipticcurvelist_length, parg, larg);
3141 case SSL_CTRL_SET_CURVES_LIST:
3142 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3143 &s->tlsext_ellipticcurvelist_length, parg);
3145 case SSL_CTRL_GET_SHARED_CURVE:
3146 return tls1_shared_curve(s, larg);
3149 case SSL_CTRL_SET_SIGALGS:
3150 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3152 case SSL_CTRL_SET_SIGALGS_LIST:
3153 return tls1_set_sigalgs_list(s->cert, parg, 0);
3155 case SSL_CTRL_SET_CLIENT_SIGALGS:
3156 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3158 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3159 return tls1_set_sigalgs_list(s->cert, parg, 1);
3161 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3163 const unsigned char **pctype = parg;
3164 if (s->server || !s->s3->tmp.cert_req)
3166 if (s->cert->ctypes) {
3168 *pctype = s->cert->ctypes;
3169 return (int)s->cert->ctype_num;
3172 *pctype = (unsigned char *)s->s3->tmp.ctype;
3173 return s->s3->tmp.ctype_num;
3176 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3179 return ssl3_set_req_cert_type(s->cert, parg, larg);
3181 case SSL_CTRL_BUILD_CERT_CHAIN:
3182 return ssl_build_cert_chain(s, NULL, larg);
3184 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3185 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3187 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3188 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3190 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3191 if (SSL_USE_SIGALGS(s)) {
3194 sig = s->s3->tmp.peer_md;
3196 *(int *)parg = EVP_MD_type(sig);
3202 /* Might want to do something here for other versions */
3206 case SSL_CTRL_GET_SERVER_TMP_KEY:
3207 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
3208 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3211 EVP_PKEY_up_ref(s->s3->peer_tmp);
3212 *(EVP_PKEY **)parg = s->s3->peer_tmp;
3218 #ifndef OPENSSL_NO_EC
3219 case SSL_CTRL_GET_EC_POINT_FORMATS:
3221 SSL_SESSION *sess = s->session;
3222 const unsigned char **pformat = parg;
3223 if (!sess || !sess->tlsext_ecpointformatlist)
3225 *pformat = sess->tlsext_ecpointformatlist;
3226 return (int)sess->tlsext_ecpointformatlist_length;
3236 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3241 #ifndef OPENSSL_NO_DH
3242 case SSL_CTRL_SET_TMP_DH_CB:
3244 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3248 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3249 s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3250 const unsigned char *, int, void *))fp;
3253 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3255 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3264 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3267 #ifndef OPENSSL_NO_DH
3268 case SSL_CTRL_SET_TMP_DH:
3270 DH *dh = (DH *)parg;
3271 EVP_PKEY *pkdh = NULL;
3273 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3276 pkdh = ssl_dh_to_pkey(dh);
3278 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3281 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
3282 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3283 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3284 EVP_PKEY_free(pkdh);
3287 EVP_PKEY_free(ctx->cert->dh_tmp);
3288 ctx->cert->dh_tmp = pkdh;
3294 case SSL_CTRL_SET_TMP_DH_CB:
3296 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3299 case SSL_CTRL_SET_DH_AUTO:
3300 ctx->cert->dh_tmp_auto = larg;
3303 #ifndef OPENSSL_NO_EC
3304 case SSL_CTRL_SET_TMP_ECDH:
3306 const EC_GROUP *group = NULL;
3310 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3313 group = EC_KEY_get0_group((const EC_KEY *)parg);
3314 if (group == NULL) {
3315 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3318 nid = EC_GROUP_get_curve_name(group);
3319 if (nid == NID_undef)
3321 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3322 &ctx->tlsext_ellipticcurvelist_length,
3326 #endif /* !OPENSSL_NO_EC */
3327 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3328 ctx->tlsext_servername_arg = parg;
3330 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3331 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3333 unsigned char *keys = parg;
3334 long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
3335 sizeof(ctx->tlsext_tick_hmac_key) +
3336 sizeof(ctx->tlsext_tick_aes_key));
3338 return tlsext_tick_keylen;
3339 if (larg != tlsext_tick_keylen) {
3340 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3343 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3344 memcpy(ctx->tlsext_tick_key_name, keys,
3345 sizeof(ctx->tlsext_tick_key_name));
3346 memcpy(ctx->tlsext_tick_hmac_key,
3347 keys + sizeof(ctx->tlsext_tick_key_name),
3348 sizeof(ctx->tlsext_tick_hmac_key));
3349 memcpy(ctx->tlsext_tick_aes_key,
3350 keys + sizeof(ctx->tlsext_tick_key_name) +
3351 sizeof(ctx->tlsext_tick_hmac_key),
3352 sizeof(ctx->tlsext_tick_aes_key));
3354 memcpy(keys, ctx->tlsext_tick_key_name,
3355 sizeof(ctx->tlsext_tick_key_name));
3356 memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
3357 ctx->tlsext_tick_hmac_key,
3358 sizeof(ctx->tlsext_tick_hmac_key));
3359 memcpy(keys + sizeof(ctx->tlsext_tick_key_name) +
3360 sizeof(ctx->tlsext_tick_hmac_key),
3361 ctx->tlsext_tick_aes_key,
3362 sizeof(ctx->tlsext_tick_aes_key));
3367 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3368 return ctx->tlsext_status_type;
3370 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3371 ctx->tlsext_status_type = larg;
3374 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3375 ctx->tlsext_status_arg = parg;
3378 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
3379 *(void**)parg = ctx->tlsext_status_arg;
3382 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
3383 *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb;
3386 #ifndef OPENSSL_NO_SRP
3387 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3388 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3389 OPENSSL_free(ctx->srp_ctx.login);
3390 ctx->srp_ctx.login = NULL;
3393 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3394 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3397 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3398 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3402 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3403 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3404 srp_password_from_info_cb;
3405 ctx->srp_ctx.info = parg;
3407 case SSL_CTRL_SET_SRP_ARG:
3408 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3409 ctx->srp_ctx.SRP_cb_arg = parg;
3412 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3413 ctx->srp_ctx.strength = larg;
3417 #ifndef OPENSSL_NO_EC
3418 case SSL_CTRL_SET_CURVES:
3419 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3420 &ctx->tlsext_ellipticcurvelist_length,
3423 case SSL_CTRL_SET_CURVES_LIST:
3424 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3425 &ctx->tlsext_ellipticcurvelist_length,
3428 case SSL_CTRL_SET_SIGALGS:
3429 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3431 case SSL_CTRL_SET_SIGALGS_LIST:
3432 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3434 case SSL_CTRL_SET_CLIENT_SIGALGS:
3435 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3437 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3438 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3440 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3441 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3443 case SSL_CTRL_BUILD_CERT_CHAIN:
3444 return ssl_build_cert_chain(NULL, ctx, larg);
3446 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3447 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3449 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3450 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3452 /* A Thawte special :-) */
3453 case SSL_CTRL_EXTRA_CHAIN_CERT:
3454 if (ctx->extra_certs == NULL) {
3455 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
3456 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3460 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
3461 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3466 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3467 if (ctx->extra_certs == NULL && larg == 0)
3468 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3470 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3473 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3474 sk_X509_pop_free(ctx->extra_certs, X509_free);
3475 ctx->extra_certs = NULL;
3478 case SSL_CTRL_CHAIN:
3480 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3482 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
3484 case SSL_CTRL_CHAIN_CERT:
3486 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
3488 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
3490 case SSL_CTRL_GET_CHAIN_CERTS:
3491 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3494 case SSL_CTRL_SELECT_CURRENT_CERT:
3495 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3497 case SSL_CTRL_SET_CURRENT_CERT:
3498 return ssl_cert_set_current(ctx->cert, larg);
3506 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3509 #ifndef OPENSSL_NO_DH
3510 case SSL_CTRL_SET_TMP_DH_CB:
3512 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3516 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3517 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3520 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3521 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3524 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3525 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3528 HMAC_CTX *, int))fp;
3531 #ifndef OPENSSL_NO_SRP
3532 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3533 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3534 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3536 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3537 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3538 ctx->srp_ctx.TLS_ext_srp_username_callback =
3539 (int (*)(SSL *, int *, void *))fp;
3541 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3542 ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3543 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3544 (char *(*)(SSL *, void *))fp;
3547 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3549 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3559 * This function needs to check if the ciphers required are actually
3562 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3565 const SSL_CIPHER *cp;
3568 id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
3570 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3575 * Old version of the ssl3_put_cipher_by_char function used by code that has not
3576 * yet been converted to WPACKET yet. It will be deleted once WPACKET conversion
3580 int ssl3_put_cipher_by_char_old(const SSL_CIPHER *c, unsigned char *p)
3586 if ((l & 0xff000000) != 0x03000000)
3588 p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3589 p[1] = ((unsigned char)(l)) & 0xFF;
3594 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3596 if ((c->id & 0xff000000) != 0x03000000) {
3601 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3609 * ssl3_choose_cipher - choose a cipher from those offered by the client
3610 * @s: SSL connection
3611 * @clnt: ciphers offered by the client
3612 * @srvr: ciphers enabled on the server?
3614 * Returns the selected cipher or NULL when no common ciphers.
3616 const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3617 STACK_OF(SSL_CIPHER) *srvr)
3619 const SSL_CIPHER *c, *ret = NULL;
3620 STACK_OF(SSL_CIPHER) *prio, *allow;
3622 unsigned long alg_k, alg_a, mask_k, mask_a;
3624 /* Let's see which ciphers we can support */
3628 * Do not set the compare functions, because this may lead to a
3629 * reordering by "id". We want to keep the original ordering. We may pay
3630 * a price in performance during sk_SSL_CIPHER_find(), but would have to
3631 * pay with the price of sk_SSL_CIPHER_dup().
3633 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3634 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3638 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3640 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3641 c = sk_SSL_CIPHER_value(srvr, i);
3642 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3644 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3646 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3647 c = sk_SSL_CIPHER_value(clnt, i);
3648 fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3652 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
3660 tls1_set_cert_validity(s);
3663 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3664 c = sk_SSL_CIPHER_value(prio, i);
3666 /* Skip ciphers not supported by the protocol version */
3667 if (!SSL_IS_DTLS(s) &&
3668 ((s->version < c->min_tls) || (s->version > c->max_tls)))
3670 if (SSL_IS_DTLS(s) &&
3671 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
3672 DTLS_VERSION_GT(s->version, c->max_dtls)))
3675 mask_k = s->s3->tmp.mask_k;
3676 mask_a = s->s3->tmp.mask_a;
3677 #ifndef OPENSSL_NO_SRP
3678 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3684 alg_k = c->algorithm_mkey;
3685 alg_a = c->algorithm_auth;
3687 #ifndef OPENSSL_NO_PSK
3688 /* with PSK there must be server callback set */
3689 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
3691 #endif /* OPENSSL_NO_PSK */
3693 ok = (alg_k & mask_k) && (alg_a & mask_a);
3695 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3696 alg_a, mask_k, mask_a, (void *)c, c->name);
3699 #ifndef OPENSSL_NO_EC
3701 * if we are considering an ECC cipher suite that uses an ephemeral
3704 if (alg_k & SSL_kECDHE)
3705 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3706 #endif /* OPENSSL_NO_EC */
3710 ii = sk_SSL_CIPHER_find(allow, c);
3712 /* Check security callback permits this cipher */
3713 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3714 c->strength_bits, 0, (void *)c))
3716 #if !defined(OPENSSL_NO_EC)
3717 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
3718 && s->s3->is_probably_safari) {
3720 ret = sk_SSL_CIPHER_value(allow, ii);
3724 ret = sk_SSL_CIPHER_value(allow, ii);
3731 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3734 uint32_t alg_k, alg_a = 0;
3736 /* If we have custom certificate types set, use them */
3737 if (s->cert->ctypes) {
3738 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
3739 return (int)s->cert->ctype_num;
3741 /* Get mask of algorithms disabled by signature list */
3742 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
3744 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3746 #ifndef OPENSSL_NO_GOST
3747 if (s->version >= TLS1_VERSION) {
3748 if (alg_k & SSL_kGOST) {
3749 p[ret++] = TLS_CT_GOST01_SIGN;
3750 p[ret++] = TLS_CT_GOST12_SIGN;
3751 p[ret++] = TLS_CT_GOST12_512_SIGN;
3757 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3758 #ifndef OPENSSL_NO_DH
3759 # ifndef OPENSSL_NO_RSA
3760 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3762 # ifndef OPENSSL_NO_DSA
3763 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3765 #endif /* !OPENSSL_NO_DH */
3767 #ifndef OPENSSL_NO_RSA
3768 if (!(alg_a & SSL_aRSA))
3769 p[ret++] = SSL3_CT_RSA_SIGN;
3771 #ifndef OPENSSL_NO_DSA
3772 if (!(alg_a & SSL_aDSS))
3773 p[ret++] = SSL3_CT_DSS_SIGN;
3775 #ifndef OPENSSL_NO_EC
3777 * ECDSA certs can be used with RSA cipher suites too so we don't
3778 * need to check for SSL_kECDH or SSL_kECDHE
3780 if (s->version >= TLS1_VERSION) {
3781 if (!(alg_a & SSL_aECDSA))
3782 p[ret++] = TLS_CT_ECDSA_SIGN;
3788 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3790 OPENSSL_free(c->ctypes);
3796 c->ctypes = OPENSSL_malloc(len);
3797 if (c->ctypes == NULL)
3799 memcpy(c->ctypes, p, len);
3804 int ssl3_shutdown(SSL *s)
3809 * Don't do anything much if we have not done the handshake or we don't
3810 * want to send messages :-)
3812 if (s->quiet_shutdown || SSL_in_before(s)) {
3813 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3817 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
3818 s->shutdown |= SSL_SENT_SHUTDOWN;
3819 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3821 * our shutdown alert has been sent now, and if it still needs to be
3822 * written, s->s3->alert_dispatch will be true
3824 if (s->s3->alert_dispatch)
3825 return (-1); /* return WANT_WRITE */
3826 } else if (s->s3->alert_dispatch) {
3827 /* resend it if not sent */
3828 ret = s->method->ssl_dispatch_alert(s);
3831 * we only get to return -1 here the 2nd/Nth invocation, we must
3832 * have already signalled return 0 upon a previous invocation,
3837 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3839 * If we are waiting for a close from our peer, we are closed
3841 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
3842 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3843 return (-1); /* return WANT_READ */
3847 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
3848 !s->s3->alert_dispatch)
3854 int ssl3_write(SSL *s, const void *buf, int len)
3857 if (s->s3->renegotiate)
3858 ssl3_renegotiate_check(s);
3860 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
3863 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3868 if (s->s3->renegotiate)
3869 ssl3_renegotiate_check(s);
3870 s->s3->in_read_app_data = 1;
3872 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3874 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3876 * ssl3_read_bytes decided to call s->handshake_func, which called
3877 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
3878 * actually found application data and thinks that application data
3879 * makes sense here; so disable handshake processing and try to read
3880 * application data again.
3882 ossl_statem_set_in_handshake(s, 1);
3884 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3886 ossl_statem_set_in_handshake(s, 0);
3888 s->s3->in_read_app_data = 0;
3893 int ssl3_read(SSL *s, void *buf, int len)
3895 return ssl3_read_internal(s, buf, len, 0);
3898 int ssl3_peek(SSL *s, void *buf, int len)
3900 return ssl3_read_internal(s, buf, len, 1);
3903 int ssl3_renegotiate(SSL *s)
3905 if (s->handshake_func == NULL)
3908 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3911 s->s3->renegotiate = 1;
3915 int ssl3_renegotiate_check(SSL *s)
3919 if (s->s3->renegotiate) {
3920 if (!RECORD_LAYER_read_pending(&s->rlayer)
3921 && !RECORD_LAYER_write_pending(&s->rlayer)
3922 && !SSL_in_init(s)) {
3924 * if we are the server, and we have sent a 'RENEGOTIATE'
3925 * message, we need to set the state machine into the renegotiate
3928 ossl_statem_set_renegotiate(s);
3929 s->s3->renegotiate = 0;
3930 s->s3->num_renegotiations++;
3931 s->s3->total_renegotiations++;
3939 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
3940 * handshake macs if required.
3942 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3944 long ssl_get_algorithm2(SSL *s)
3947 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
3949 alg2 = s->s3->tmp.new_cipher->algorithm2;
3950 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
3951 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
3952 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
3953 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
3954 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
3955 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
3961 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
3962 * failure, 1 on success.
3964 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
3971 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
3973 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
3975 unsigned long Time = (unsigned long)time(NULL);
3976 unsigned char *p = result;
3978 return RAND_bytes(p, len - 4);
3980 return RAND_bytes(result, len);
3983 int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
3986 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3987 if (alg_k & SSL_PSK) {
3988 #ifndef OPENSSL_NO_PSK
3989 unsigned char *pskpms, *t;
3990 size_t psklen = s->s3->tmp.psklen;
3993 /* create PSK premaster_secret */
3995 /* For plain PSK "other_secret" is psklen zeroes */
3996 if (alg_k & SSL_kPSK)
3999 pskpmslen = 4 + pmslen + psklen;
4000 pskpms = OPENSSL_malloc(pskpmslen);
4001 if (pskpms == NULL) {
4002 s->session->master_key_length = 0;
4007 if (alg_k & SSL_kPSK)
4008 memset(t, 0, pmslen);
4010 memcpy(t, pms, pmslen);
4013 memcpy(t, s->s3->tmp.psk, psklen);
4015 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
4016 s->s3->tmp.psk = NULL;
4017 s->session->master_key_length =
4018 s->method->ssl3_enc->generate_master_secret(s,
4019 s->session->master_key,
4021 OPENSSL_clear_free(pskpms, pskpmslen);
4023 /* Should never happen */
4024 s->session->master_key_length = 0;
4028 s->session->master_key_length =
4029 s->method->ssl3_enc->generate_master_secret(s,
4030 s->session->master_key,
4037 OPENSSL_clear_free(pms, pmslen);
4039 OPENSSL_cleanse(pms, pmslen);
4042 s->s3->tmp.pms = NULL;
4043 return s->session->master_key_length >= 0;
4046 /* Generate a private key from parameters */
4047 EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4049 EVP_PKEY_CTX *pctx = NULL;
4050 EVP_PKEY *pkey = NULL;
4054 pctx = EVP_PKEY_CTX_new(pm, NULL);
4057 if (EVP_PKEY_keygen_init(pctx) <= 0)
4059 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4060 EVP_PKEY_free(pkey);
4065 EVP_PKEY_CTX_free(pctx);
4068 #ifndef OPENSSL_NO_EC
4069 /* Generate a private key a curve ID */
4070 EVP_PKEY *ssl_generate_pkey_curve(int id)
4072 EVP_PKEY_CTX *pctx = NULL;
4073 EVP_PKEY *pkey = NULL;
4074 unsigned int curve_flags;
4075 int nid = tls1_ec_curve_id2nid(id, &curve_flags);
4079 if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
4080 pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4083 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4087 if (EVP_PKEY_keygen_init(pctx) <= 0)
4089 if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4091 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4092 EVP_PKEY_free(pkey);
4097 EVP_PKEY_CTX_free(pctx);
4102 /* Derive premaster or master secret for ECDH/DH */
4103 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
4106 unsigned char *pms = NULL;
4110 if (privkey == NULL || pubkey == NULL)
4113 pctx = EVP_PKEY_CTX_new(privkey, NULL);
4115 if (EVP_PKEY_derive_init(pctx) <= 0
4116 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
4117 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
4121 pms = OPENSSL_malloc(pmslen);
4125 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
4129 /* For server generate master secret and discard premaster */
4130 rv = ssl_generate_master_secret(s, pms, pmslen, 1);
4133 /* For client just save premaster secret */
4134 s->s3->tmp.pms = pms;
4135 s->s3->tmp.pmslen = pmslen;
4141 OPENSSL_clear_free(pms, pmslen);
4142 EVP_PKEY_CTX_free(pctx);
4146 #ifndef OPENSSL_NO_DH
4147 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
4152 ret = EVP_PKEY_new();
4153 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {