s3_lib.c 112.2 KB
Newer Older
R
Rich Salz 已提交
1
/*
P
Pauli 已提交
2
 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4
 * Copyright 2005 Nokia. All rights reserved.
B
Bodo Möller 已提交
5
 *
R
Rich Salz 已提交
6 7 8 9
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
B
Bodo Möller 已提交
10
 */
R
Rich Salz 已提交
11

12
#include <stdio.h>
13
#include <openssl/objects.h>
14
#include "internal/nelem.h"
15
#include "ssl_locl.h"
16
#include <openssl/md5.h>
R
Rich Salz 已提交
17
#include <openssl/dh.h>
18
#include <openssl/rand.h>
R
Rich Salz 已提交
19
#include "internal/cryptlib.h"
20

D
Dr. Stephen Henson 已提交
21
#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
22
#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
23

24 25 26 27 28 29 30 31
/* TLSv1.3 downgrade protection sentinel values */
const unsigned char tls11downgrade[] = {
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
};
const unsigned char tls12downgrade[] = {
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
};

R
Rich Salz 已提交
32
/*
R
Rich Salz 已提交
33
 * The list of available ciphers, mostly organized into the following
R
Rich Salz 已提交
34 35 36 37 38
 * groups:
 *      Always there
 *      EC
 *      PSK
 *      SRP (within that: RSA EC PSK)
P
Pauli 已提交
39
 *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
R
Rich Salz 已提交
40 41
 *      Weak ciphers
 */
E
Emilia Kasper 已提交
42
static SSL_CIPHER ssl3_ciphers[] = {
43 44 45
    {
     1,
     SSL3_TXT_RSA_NULL_MD5,
46
     SSL3_RFC_RSA_NULL_MD5,
47 48 49 50 51
     SSL3_CK_RSA_NULL_MD5,
     SSL_kRSA,
     SSL_aRSA,
     SSL_eNULL,
     SSL_MD5,
52
     SSL3_VERSION, TLS1_2_VERSION,
53
     DTLS1_BAD_VER, DTLS1_2_VERSION,
54
     SSL_STRONG_NONE,
55 56 57 58 59 60 61
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     SSL3_TXT_RSA_NULL_SHA,
62
     SSL3_RFC_RSA_NULL_SHA,
63 64 65 66 67
     SSL3_CK_RSA_NULL_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_eNULL,
     SSL_SHA1,
68
     SSL3_VERSION, TLS1_2_VERSION,
69
     DTLS1_BAD_VER, DTLS1_2_VERSION,
70
     SSL_STRONG_NONE | SSL_FIPS,
71 72 73 74
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
75
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
76 77 78
    {
     1,
     SSL3_TXT_RSA_DES_192_CBC3_SHA,
79
     SSL3_RFC_RSA_DES_192_CBC3_SHA,
80 81 82 83 84
     SSL3_CK_RSA_DES_192_CBC3_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
85
     SSL3_VERSION, TLS1_2_VERSION,
86
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
87
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
88 89 90 91 92 93 94
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
95
     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
96 97 98 99 100
     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_3DES,
     SSL_SHA1,
101
     SSL3_VERSION, TLS1_2_VERSION,
102
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
103
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
104 105 106 107 108 109 110
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
111
     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
112 113 114 115 116
     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
117
     SSL3_VERSION, TLS1_2_VERSION,
118
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
119
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
120 121 122 123 124 125 126
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     SSL3_TXT_ADH_DES_192_CBC_SHA,
127
     SSL3_RFC_ADH_DES_192_CBC_SHA,
128 129 130 131 132
     SSL3_CK_ADH_DES_192_CBC_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_3DES,
     SSL_SHA1,
133
     SSL3_VERSION, TLS1_2_VERSION,
134
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
135
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
136 137 138 139
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
140
#endif
141 142 143
    {
     1,
     TLS1_TXT_RSA_WITH_AES_128_SHA,
144
     TLS1_RFC_RSA_WITH_AES_128_SHA,
145 146 147 148 149
     TLS1_CK_RSA_WITH_AES_128_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
150
     SSL3_VERSION, TLS1_2_VERSION,
151
     DTLS1_BAD_VER, DTLS1_2_VERSION,
152
     SSL_HIGH | SSL_FIPS,
153 154 155 156 157 158 159
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
160
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
161 162 163 164 165
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES128,
     SSL_SHA1,
166
     SSL3_VERSION, TLS1_2_VERSION,
167
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
168
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
169 170 171 172 173 174 175
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
176
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
177 178 179 180 181
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
182
     SSL3_VERSION, TLS1_2_VERSION,
183
     DTLS1_BAD_VER, DTLS1_2_VERSION,
184
     SSL_HIGH | SSL_FIPS,
185 186 187 188 189 190 191
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_128_SHA,
192
     TLS1_RFC_ADH_WITH_AES_128_SHA,
193 194 195 196 197
     TLS1_CK_ADH_WITH_AES_128_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES128,
     SSL_SHA1,
198
     SSL3_VERSION, TLS1_2_VERSION,
199
     DTLS1_BAD_VER, DTLS1_2_VERSION,
200
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
201 202 203 204 205 206 207
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_AES_256_SHA,
208
     TLS1_RFC_RSA_WITH_AES_256_SHA,
209 210 211 212 213
     TLS1_CK_RSA_WITH_AES_256_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
214
     SSL3_VERSION, TLS1_2_VERSION,
215
     DTLS1_BAD_VER, DTLS1_2_VERSION,
216
     SSL_HIGH | SSL_FIPS,
217 218 219 220 221 222 223
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
224
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
225 226 227 228 229
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES256,
     SSL_SHA1,
230
     SSL3_VERSION, TLS1_2_VERSION,
231
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
232
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
233 234 235 236 237 238 239
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
240
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
241 242 243 244 245
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
246
     SSL3_VERSION, TLS1_2_VERSION,
247
     DTLS1_BAD_VER, DTLS1_2_VERSION,
248
     SSL_HIGH | SSL_FIPS,
249 250 251 252 253 254 255
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_256_SHA,
256
     TLS1_RFC_ADH_WITH_AES_256_SHA,
257 258 259 260 261
     TLS1_CK_ADH_WITH_AES_256_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES256,
     SSL_SHA1,
262
     SSL3_VERSION, TLS1_2_VERSION,
263
     DTLS1_BAD_VER, DTLS1_2_VERSION,
264
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
265 266 267 268 269 270 271
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_NULL_SHA256,
272
     TLS1_RFC_RSA_WITH_NULL_SHA256,
273 274 275 276 277
     TLS1_CK_RSA_WITH_NULL_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_eNULL,
     SSL_SHA256,
278 279
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
280
     SSL_STRONG_NONE | SSL_FIPS,
281 282 283 284 285 286 287
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_AES_128_SHA256,
288
     TLS1_RFC_RSA_WITH_AES_128_SHA256,
289 290 291 292 293
     TLS1_CK_RSA_WITH_AES_128_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA256,
294 295
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
296
     SSL_HIGH | SSL_FIPS,
297 298 299 300 301 302 303
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_AES_256_SHA256,
304
     TLS1_RFC_RSA_WITH_AES_256_SHA256,
305 306 307 308 309
     TLS1_CK_RSA_WITH_AES_256_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA256,
310 311
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
312
     SSL_HIGH | SSL_FIPS,
313 314 315 316 317 318 319
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
320
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
321 322 323 324 325
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES128,
     SSL_SHA256,
326 327
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
328
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
329 330 331 332 333 334 335
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
336
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
337 338 339 340 341
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA256,
342 343
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
344
     SSL_HIGH | SSL_FIPS,
345 346 347 348 349 350 351
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
352
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
353 354 355 356 357
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES256,
     SSL_SHA256,
358 359
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
360
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361 362 363 364 365 366 367
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
368
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
369 370 371 372 373
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA256,
374 375
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
376
     SSL_HIGH | SSL_FIPS,
377 378 379 380 381 382 383
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_128_SHA256,
384
     TLS1_RFC_ADH_WITH_AES_128_SHA256,
385 386 387 388 389
     TLS1_CK_ADH_WITH_AES_128_SHA256,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES128,
     SSL_SHA256,
390 391
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
392
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
393 394 395 396 397 398 399
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_256_SHA256,
400
     TLS1_RFC_ADH_WITH_AES_256_SHA256,
401 402 403 404 405
     TLS1_CK_ADH_WITH_AES_256_SHA256,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES256,
     SSL_SHA256,
406 407
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
408
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
409 410 411 412 413 414
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
415
     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
416
     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
417 418 419 420 421 422 423 424 425 426 427 428
     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
429 430
    {
     1,
R
Rich Salz 已提交
431
     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
432
     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
433
     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
434 435
     SSL_kRSA,
     SSL_aRSA,
R
Rich Salz 已提交
436 437 438 439 440 441
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
442 443 444 445 446
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
447
     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
448
     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
449
     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
450
     SSL_kDHE,
R
Rich Salz 已提交
451 452 453 454 455 456 457 458 459
     SSL_aRSA,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
460 461 462
     },
    {
     1,
R
Rich Salz 已提交
463
     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
464
     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
465
     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
466 467
     SSL_kDHE,
     SSL_aRSA,
R
Rich Salz 已提交
468 469 470 471 472 473
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
474 475 476 477 478
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
479
     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
480
     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
481
     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
482
     SSL_kDHE,
R
Rich Salz 已提交
483 484 485 486 487 488 489
     SSL_aDSS,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
490 491 492 493 494
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
495
     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
496
     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
497 498 499 500 501 502 503 504 505 506 507
     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
508 509 510
     },
    {
     1,
R
Rich Salz 已提交
511
     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
512
     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
513 514 515 516 517 518 519 520 521
     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
522 523 524 525 526
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
527
     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
528
     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
529 530 531 532 533 534 535 536 537
     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
538 539 540
     256,
     256,
     },
541 542
    {
     1,
R
Rich Salz 已提交
543
     TLS1_TXT_RSA_WITH_AES_128_CCM,
544
     TLS1_RFC_RSA_WITH_AES_128_CCM,
R
Rich Salz 已提交
545 546 547 548 549 550 551 552 553
     TLS1_CK_RSA_WITH_AES_128_CCM,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
554 555 556 557 558
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
559
     TLS1_TXT_RSA_WITH_AES_256_CCM,
560
     TLS1_RFC_RSA_WITH_AES_256_CCM,
R
Rich Salz 已提交
561 562 563 564 565 566 567 568 569 570 571
     TLS1_CK_RSA_WITH_AES_256_CCM,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES256CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
572 573 574
     },
    {
     1,
R
Rich Salz 已提交
575
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
576
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
R
Rich Salz 已提交
577 578 579 580 581 582 583 584 585
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES128CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
586 587 588 589 590
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
591
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
592
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
R
Rich Salz 已提交
593 594 595 596 597 598 599 600 601
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES256CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
602 603 604 605 606
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
607
     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
608
     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
609 610
     TLS1_CK_RSA_WITH_AES_128_CCM_8,
     SSL_kRSA,
611
     SSL_aRSA,
R
Rich Salz 已提交
612
     SSL_AES128CCM8,
613
     SSL_AEAD,
614 615
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
616
     SSL_NOT_DEFAULT | SSL_HIGH,
617 618 619 620 621 622
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
623
     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
624
     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
625
     TLS1_CK_RSA_WITH_AES_256_CCM_8,
626 627
     SSL_kRSA,
     SSL_aRSA,
R
Rich Salz 已提交
628
     SSL_AES256CCM8,
629
     SSL_AEAD,
630 631
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
632 633
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
634 635 636 637 638
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
639
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
640
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
641
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
642 643
     SSL_kDHE,
     SSL_aRSA,
R
Rich Salz 已提交
644
     SSL_AES128CCM8,
645
     SSL_AEAD,
646 647
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
648
     SSL_NOT_DEFAULT | SSL_HIGH,
649 650 651 652 653 654
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
655
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
656
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
657
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
658 659
     SSL_kDHE,
     SSL_aRSA,
R
Rich Salz 已提交
660
     SSL_AES256CCM8,
661
     SSL_AEAD,
662 663
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
664 665
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
666 667 668 669 670
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
671
     TLS1_TXT_PSK_WITH_AES_128_CCM,
672
     TLS1_RFC_PSK_WITH_AES_128_CCM,
R
Rich Salz 已提交
673 674 675 676
     TLS1_CK_PSK_WITH_AES_128_CCM,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES128CCM,
677
     SSL_AEAD,
678 679
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
680
     SSL_NOT_DEFAULT | SSL_HIGH,
681 682 683 684 685 686
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
687
     TLS1_TXT_PSK_WITH_AES_256_CCM,
688
     TLS1_RFC_PSK_WITH_AES_256_CCM,
R
Rich Salz 已提交
689 690 691 692
     TLS1_CK_PSK_WITH_AES_256_CCM,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES256CCM,
693
     SSL_AEAD,
694 695
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
696 697
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
698 699 700 701 702
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
703
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
704
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
R
Rich Salz 已提交
705 706 707 708
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128CCM,
709
     SSL_AEAD,
710 711
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
712
     SSL_NOT_DEFAULT | SSL_HIGH,
713 714 715 716 717 718
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
719
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
720
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
R
Rich Salz 已提交
721 722 723 724
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES256CCM,
725
     SSL_AEAD,
726 727
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
728 729
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
730 731 732
     256,
     256,
     },
733 734
    {
     1,
R
Rich Salz 已提交
735
     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
736
     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
737
     TLS1_CK_PSK_WITH_AES_128_CCM_8,
738 739
     SSL_kPSK,
     SSL_aPSK,
R
Rich Salz 已提交
740
     SSL_AES128CCM8,
741
     SSL_AEAD,
742 743
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
744
     SSL_NOT_DEFAULT | SSL_HIGH,
745 746 747 748 749 750
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
751
     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
752
     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
753
     TLS1_CK_PSK_WITH_AES_256_CCM_8,
754 755
     SSL_kPSK,
     SSL_aPSK,
R
Rich Salz 已提交
756
     SSL_AES256CCM8,
757
     SSL_AEAD,
758 759
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
760 761
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
762 763 764
     256,
     256,
     },
765 766
    {
     1,
R
Rich Salz 已提交
767
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
768
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
769
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
770 771
     SSL_kDHEPSK,
     SSL_aPSK,
R
Rich Salz 已提交
772
     SSL_AES128CCM8,
773
     SSL_AEAD,
774 775
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
776
     SSL_NOT_DEFAULT | SSL_HIGH,
777 778 779 780 781 782
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
783
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
784
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
785 786
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
     SSL_kDHEPSK,
787
     SSL_aPSK,
R
Rich Salz 已提交
788
     SSL_AES256CCM8,
789
     SSL_AEAD,
790 791
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
792 793
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
794 795 796 797 798
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
799
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
800
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
R
Rich Salz 已提交
801 802 803 804
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128CCM,
805
     SSL_AEAD,
806 807
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
808
     SSL_NOT_DEFAULT | SSL_HIGH,
809 810 811 812 813 814
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
815
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
816
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
R
Rich Salz 已提交
817 818 819 820
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256CCM,
821
     SSL_AEAD,
822 823
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
824 825
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
826 827 828 829 830
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
831
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
832
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
R
Rich Salz 已提交
833 834 835 836 837 838 839 840 841
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128CCM8,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
842 843 844 845 846
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
847
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
848
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
R
Rich Salz 已提交
849 850 851 852 853 854 855 856 857
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256CCM8,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
858 859 860
     256,
     256,
     },
861 862 863
    {
     1,
     TLS1_3_TXT_AES_128_GCM_SHA256,
864
     TLS1_3_RFC_AES_128_GCM_SHA256,
865
     TLS1_3_CK_AES_128_GCM_SHA256,
D
Dr. Stephen Henson 已提交
866
     0, 0,
867 868 869
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
870 871 872 873 874 875 876 877 878 879
     SSL_kANY,
     SSL_aANY,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_3_TXT_AES_256_GCM_SHA384,
880
     TLS1_3_RFC_AES_256_GCM_SHA384,
881 882 883 884 885 886
     TLS1_3_CK_AES_256_GCM_SHA384,
     SSL_kANY,
     SSL_aANY,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
887 888
     0, 0,
     SSL_HIGH,
889 890 891 892 893 894 895 896
     SSL_HANDSHAKE_MAC_SHA384,
     256,
     256,
     },
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
    {
     1,
     TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
897
     TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913
     TLS1_3_CK_CHACHA20_POLY1305_SHA256,
     SSL_kANY,
     SSL_aANY,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
     0, 0,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
     256,
     256,
     },
#endif
    {
     1,
     TLS1_3_TXT_AES_128_CCM_SHA256,
914
     TLS1_3_RFC_AES_128_CCM_SHA256,
915 916 917 918 919 920 921 922 923 924 925 926 927 928 929
     TLS1_3_CK_AES_128_CCM_SHA256,
     SSL_kANY,
     SSL_aANY,
     SSL_AES128CCM,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_3_TXT_AES_128_CCM_8_SHA256,
930
     TLS1_3_RFC_AES_128_CCM_8_SHA256,
931 932 933 934 935 936 937 938 939
     TLS1_3_CK_AES_128_CCM_8_SHA256,
     SSL_kANY,
     SSL_aANY,
     SSL_AES128CCM8,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
940 941 942
     128,
     128,
     },
943

R
Rich Salz 已提交
944
#ifndef OPENSSL_NO_EC
945 946
    {
     1,
R
Rich Salz 已提交
947
     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
948
     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
R
Rich Salz 已提交
949 950 951
     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
952
     SSL_eNULL,
R
Rich Salz 已提交
953
     SSL_SHA1,
T
Todd Short 已提交
954
     TLS1_VERSION, TLS1_2_VERSION,
955
     DTLS1_BAD_VER, DTLS1_2_VERSION,
956
     SSL_STRONG_NONE | SSL_FIPS,
957 958 959 960
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
961
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
962 963
    {
     1,
R
Rich Salz 已提交
964
     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
965
     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
R
Rich Salz 已提交
966 967 968 969 970
     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_3DES,
     SSL_SHA1,
T
Todd Short 已提交
971
     TLS1_VERSION, TLS1_2_VERSION,
972
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
973
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
R
Rich Salz 已提交
974 975 976
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
977
     },
978
# endif
979 980
    {
     1,
R
Rich Salz 已提交
981
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
982
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
983 984 985
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
986
     SSL_AES128,
R
Rich Salz 已提交
987
     SSL_SHA1,
T
Todd Short 已提交
988
     TLS1_VERSION, TLS1_2_VERSION,
989
     DTLS1_BAD_VER, DTLS1_2_VERSION,
990
     SSL_HIGH | SSL_FIPS,
991 992 993 994 995 996
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
997
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
998
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
999 1000 1001
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
1002
     SSL_AES256,
R
Rich Salz 已提交
1003
     SSL_SHA1,
T
Todd Short 已提交
1004
     TLS1_VERSION, TLS1_2_VERSION,
1005
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1006
     SSL_HIGH | SSL_FIPS,
R
Rich Salz 已提交
1007
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1008 1009 1010 1011 1012
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1013
     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1014
     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
R
Rich Salz 已提交
1015 1016 1017
     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
     SSL_kECDHE,
     SSL_aRSA,
1018
     SSL_eNULL,
R
Rich Salz 已提交
1019
     SSL_SHA1,
T
Todd Short 已提交
1020
     TLS1_VERSION, TLS1_2_VERSION,
1021
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1022
     SSL_STRONG_NONE | SSL_FIPS,
1023 1024 1025 1026
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
1027
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1028 1029
    {
     1,
R
Rich Salz 已提交
1030
     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1031
     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
R
Rich Salz 已提交
1032 1033 1034 1035 1036
     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
T
Todd Short 已提交
1037
     TLS1_VERSION, TLS1_2_VERSION,
1038
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1039
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
R
Rich Salz 已提交
1040 1041 1042
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
1043
     },
1044
# endif
1045 1046
    {
     1,
R
Rich Salz 已提交
1047
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1048
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1049 1050
     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     SSL_kECDHE,
1051 1052
     SSL_aRSA,
     SSL_AES128,
R
Rich Salz 已提交
1053
     SSL_SHA1,
T
Todd Short 已提交
1054
     TLS1_VERSION, TLS1_2_VERSION,
1055
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1056
     SSL_HIGH | SSL_FIPS,
1057 1058 1059 1060 1061 1062
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1063
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1064
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1065 1066
     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
     SSL_kECDHE,
1067 1068
     SSL_aRSA,
     SSL_AES256,
R
Rich Salz 已提交
1069
     SSL_SHA1,
T
Todd Short 已提交
1070
     TLS1_VERSION, TLS1_2_VERSION,
1071
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1072
     SSL_HIGH | SSL_FIPS,
R
Rich Salz 已提交
1073
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1074 1075 1076 1077 1078
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1079
     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1080
     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
R
Rich Salz 已提交
1081 1082 1083
     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
     SSL_kECDHE,
     SSL_aNULL,
1084
     SSL_eNULL,
R
Rich Salz 已提交
1085
     SSL_SHA1,
T
Todd Short 已提交
1086
     TLS1_VERSION, TLS1_2_VERSION,
1087
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1088
     SSL_STRONG_NONE | SSL_FIPS,
1089 1090 1091 1092
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
1093
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1094 1095
    {
     1,
R
Rich Salz 已提交
1096
     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1097
     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
R
Rich Salz 已提交
1098 1099 1100 1101 1102
     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
     SSL_kECDHE,
     SSL_aNULL,
     SSL_3DES,
     SSL_SHA1,
T
Todd Short 已提交
1103
     TLS1_VERSION, TLS1_2_VERSION,
1104
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1105
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
R
Rich Salz 已提交
1106 1107 1108
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
1109
     },
1110
# endif
1111 1112
    {
     1,
R
Rich Salz 已提交
1113
     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1114
     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1115 1116 1117 1118 1119
     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
     SSL_kECDHE,
     SSL_aNULL,
     SSL_AES128,
     SSL_SHA1,
T
Todd Short 已提交
1120
     TLS1_VERSION, TLS1_2_VERSION,
1121
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1122 1123 1124 1125 1126
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
1127 1128
    {
     1,
R
Rich Salz 已提交
1129
     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1130
     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1131 1132 1133 1134 1135
     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
     SSL_kECDHE,
     SSL_aNULL,
     SSL_AES256,
     SSL_SHA1,
T
Todd Short 已提交
1136
     TLS1_VERSION, TLS1_2_VERSION,
1137
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1138 1139 1140 1141 1142 1143 1144 1145
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1146
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
R
Rich Salz 已提交
1147 1148 1149 1150
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128,
1151
     SSL_SHA256,
1152 1153
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1154
     SSL_HIGH | SSL_FIPS,
1155 1156 1157 1158 1159 1160
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1161
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1162
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
R
Rich Salz 已提交
1163 1164 1165 1166 1167
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256,
     SSL_SHA384,
1168 1169
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1170 1171 1172 1173
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1174 1175 1176
     },
    {
     1,
R
Rich Salz 已提交
1177
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1178
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
R
Rich Salz 已提交
1179 1180 1181 1182
     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_AES128,
1183
     SSL_SHA256,
1184 1185
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1186
     SSL_HIGH | SSL_FIPS,
1187 1188 1189 1190 1191 1192
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1193
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1194
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
R
Rich Salz 已提交
1195 1196
     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
     SSL_kECDHE,
1197
     SSL_aRSA,
R
Rich Salz 已提交
1198 1199
     SSL_AES256,
     SSL_SHA384,
1200 1201
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1202 1203
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1204 1205 1206 1207 1208
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1209
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1210
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1211 1212 1213 1214 1215
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128GCM,
     SSL_AEAD,
1216 1217
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1218
     SSL_HIGH | SSL_FIPS,
1219
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
R
Rich Salz 已提交
1220 1221 1222 1223 1224 1225
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1226
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1227 1228 1229 1230 1231 1232 1233 1234 1235
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1236 1237 1238 1239 1240
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1241
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1242
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1243 1244
     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     SSL_kECDHE,
1245
     SSL_aRSA,
R
Rich Salz 已提交
1246 1247
     SSL_AES128GCM,
     SSL_AEAD,
1248 1249
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1250
     SSL_HIGH | SSL_FIPS,
1251
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
R
Rich Salz 已提交
1252 1253
     128,
     128,
1254 1255 1256
     },
    {
     1,
R
Rich Salz 已提交
1257
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1258
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1259 1260 1261 1262 1263
     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_AES256GCM,
     SSL_AEAD,
1264 1265
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1266 1267
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1268 1269 1270
     256,
     256,
     },
E
Emilia Kasper 已提交
1271
#endif                          /* OPENSSL_NO_EC */
1272

R
Rich Salz 已提交
1273
#ifndef OPENSSL_NO_PSK
1274 1275
    {
     1,
R
Rich Salz 已提交
1276
     TLS1_TXT_PSK_WITH_NULL_SHA,
1277
     TLS1_RFC_PSK_WITH_NULL_SHA,
R
Rich Salz 已提交
1278 1279 1280
     TLS1_CK_PSK_WITH_NULL_SHA,
     SSL_kPSK,
     SSL_aPSK,
1281 1282
     SSL_eNULL,
     SSL_SHA1,
1283
     SSL3_VERSION, TLS1_2_VERSION,
1284
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1285
     SSL_STRONG_NONE | SSL_FIPS,
1286 1287 1288 1289 1290 1291
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
R
Rich Salz 已提交
1292
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1293
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
R
Rich Salz 已提交
1294 1295 1296 1297
     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
1298
     SSL_SHA1,
1299
     SSL3_VERSION, TLS1_2_VERSION,
1300
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1301
     SSL_STRONG_NONE | SSL_FIPS,
1302
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1303 1304
     0,
     0,
1305 1306 1307
     },
    {
     1,
R
Rich Salz 已提交
1308
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1309
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
R
Rich Salz 已提交
1310 1311 1312 1313 1314 1315
     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_eNULL,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1316
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1317 1318 1319 1320 1321
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
1322
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
R
Rich Salz 已提交
1323 1324 1325
    {
     1,
     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1326
     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1327 1328 1329
     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kPSK,
     SSL_aPSK,
1330 1331
     SSL_3DES,
     SSL_SHA1,
1332
     SSL3_VERSION, TLS1_2_VERSION,
1333
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1334
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1335 1336 1337 1338
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1339
# endif
1340 1341
    {
     1,
R
Rich Salz 已提交
1342
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1343
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1344 1345 1346
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
     SSL_kPSK,
     SSL_aPSK,
1347 1348
     SSL_AES128,
     SSL_SHA1,
1349
     SSL3_VERSION, TLS1_2_VERSION,
1350
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1351
     SSL_HIGH | SSL_FIPS,
1352 1353 1354 1355 1356 1357
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1358
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1359
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1360 1361 1362
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
     SSL_kPSK,
     SSL_aPSK,
1363 1364
     SSL_AES256,
     SSL_SHA1,
1365
     SSL3_VERSION, TLS1_2_VERSION,
1366
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1367
     SSL_HIGH | SSL_FIPS,
1368 1369 1370 1371
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
1372
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1373 1374
    {
     1,
R
Rich Salz 已提交
1375
     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1376
     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1377 1378 1379 1380
     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_3DES,
1381
     SSL_SHA1,
1382
     SSL3_VERSION, TLS1_2_VERSION,
1383
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1384
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1385
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1386 1387
     112,
     168,
1388
     },
1389
# endif
1390 1391
    {
     1,
R
Rich Salz 已提交
1392
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1393
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1394 1395 1396 1397 1398 1399
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1400
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1401
     SSL_HIGH | SSL_FIPS,
1402 1403 1404 1405 1406 1407
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1408
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1409
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1410 1411 1412 1413 1414 1415
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1416
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1417 1418 1419 1420 1421
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
1422
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
R
Rich Salz 已提交
1423 1424 1425
    {
     1,
     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1426
     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1427 1428
     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kRSAPSK,
1429 1430 1431
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
1432
     SSL3_VERSION, TLS1_2_VERSION,
1433
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1434
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1435 1436 1437 1438
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1439
# endif
1440 1441
    {
     1,
R
Rich Salz 已提交
1442
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1443
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1444 1445
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
     SSL_kRSAPSK,
1446 1447 1448
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
1449
     SSL3_VERSION, TLS1_2_VERSION,
1450
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1451
     SSL_HIGH | SSL_FIPS,
1452 1453 1454 1455 1456 1457
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1458
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1459
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1460 1461
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
     SSL_kRSAPSK,
1462 1463 1464
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
1465
     SSL3_VERSION, TLS1_2_VERSION,
1466
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1467
     SSL_HIGH | SSL_FIPS,
1468 1469 1470 1471 1472 1473
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1474
     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1475
     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1476 1477 1478 1479 1480 1481 1482 1483 1484
     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1485 1486 1487 1488 1489
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1490
     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1491
     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502
     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1503 1504 1505
     },
    {
     1,
R
Rich Salz 已提交
1506
     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1507
     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1508 1509 1510 1511 1512 1513 1514 1515 1516
     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1517 1518 1519 1520 1521
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1522
     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1523
     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1524 1525 1526 1527 1528 1529 1530 1531 1532
     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1533 1534 1535 1536 1537
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1538
     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1539
     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
R
Rich Salz 已提交
1540 1541
     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
     SSL_kRSAPSK,
1542
     SSL_aRSA,
R
Rich Salz 已提交
1543 1544 1545 1546 1547 1548 1549 1550
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
1551 1552 1553
     },
    {
     1,
R
Rich Salz 已提交
1554
     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1555
     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
R
Rich Salz 已提交
1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566
     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1567 1568 1569
     },
    {
     1,
R
Rich Salz 已提交
1570
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1571
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
R
Rich Salz 已提交
1572 1573 1574
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kPSK,
     SSL_aPSK,
1575
     SSL_AES128,
R
Rich Salz 已提交
1576 1577
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1578
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1579
     SSL_HIGH | SSL_FIPS,
1580 1581 1582 1583 1584 1585
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1586
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1587
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
R
Rich Salz 已提交
1588 1589 1590 1591 1592 1593
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1594
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1595 1596 1597 1598
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1599 1600 1601
     },
    {
     1,
R
Rich Salz 已提交
1602
     TLS1_TXT_PSK_WITH_NULL_SHA256,
1603
     TLS1_RFC_PSK_WITH_NULL_SHA256,
R
Rich Salz 已提交
1604 1605 1606 1607 1608 1609
     TLS1_CK_PSK_WITH_NULL_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1610
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1611
     SSL_STRONG_NONE | SSL_FIPS,
1612
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1613 1614
     0,
     0,
1615 1616 1617
     },
    {
     1,
R
Rich Salz 已提交
1618
     TLS1_TXT_PSK_WITH_NULL_SHA384,
1619
     TLS1_RFC_PSK_WITH_NULL_SHA384,
R
Rich Salz 已提交
1620 1621 1622 1623 1624 1625
     TLS1_CK_PSK_WITH_NULL_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1626
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1627 1628 1629 1630
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     0,
     0,
1631 1632 1633
     },
    {
     1,
R
Rich Salz 已提交
1634
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1635
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
R
Rich Salz 已提交
1636 1637 1638 1639 1640 1641
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1642
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1643
     SSL_HIGH | SSL_FIPS,
1644
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1645 1646
     128,
     128,
1647 1648 1649
     },
    {
     1,
R
Rich Salz 已提交
1650
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1651
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
R
Rich Salz 已提交
1652 1653 1654
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
1655
     SSL_AES256,
R
Rich Salz 已提交
1656 1657
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1658
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1659 1660
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1661 1662 1663 1664 1665
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1666
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1667
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
R
Rich Salz 已提交
1668 1669 1670 1671
     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
1672
     SSL_SHA256,
R
Rich Salz 已提交
1673
     TLS1_VERSION, TLS1_2_VERSION,
1674
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1675 1676 1677 1678
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
1679 1680 1681
     },
    {
     1,
R
Rich Salz 已提交
1682
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1683
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
R
Rich Salz 已提交
1684 1685 1686 1687
     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
1688
     SSL_SHA384,
R
Rich Salz 已提交
1689
     TLS1_VERSION, TLS1_2_VERSION,
1690
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1691
     SSL_STRONG_NONE | SSL_FIPS,
1692
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
R
Rich Salz 已提交
1693 1694
     0,
     0,
1695 1696 1697
     },
    {
     1,
R
Rich Salz 已提交
1698
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1699
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
R
Rich Salz 已提交
1700 1701
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kRSAPSK,
1702 1703 1704
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA256,
R
Rich Salz 已提交
1705
     TLS1_VERSION, TLS1_2_VERSION,
1706
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1707
     SSL_HIGH | SSL_FIPS,
R
Rich Salz 已提交
1708
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1709 1710 1711 1712 1713
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1714
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1715
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
R
Rich Salz 已提交
1716 1717
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kRSAPSK,
1718 1719 1720
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA384,
R
Rich Salz 已提交
1721
     TLS1_VERSION, TLS1_2_VERSION,
1722
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1723
     SSL_HIGH | SSL_FIPS,
1724 1725 1726 1727 1728 1729
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1730
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1731
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
R
Rich Salz 已提交
1732 1733
     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
     SSL_kRSAPSK,
1734
     SSL_aRSA,
R
Rich Salz 已提交
1735 1736 1737
     SSL_eNULL,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1738
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1739 1740 1741 1742
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
1743 1744 1745
     },
    {
     1,
R
Rich Salz 已提交
1746
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1747
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
R
Rich Salz 已提交
1748 1749
     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
     SSL_kRSAPSK,
1750
     SSL_aRSA,
R
Rich Salz 已提交
1751 1752 1753
     SSL_eNULL,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1754
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1755
     SSL_STRONG_NONE | SSL_FIPS,
1756
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
R
Rich Salz 已提交
1757 1758
     0,
     0,
1759
     },
R
Rich Salz 已提交
1760
# ifndef OPENSSL_NO_EC
1761
#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1762 1763 1764
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1765
     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1766 1767 1768 1769 1770
     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_3DES,
     SSL_SHA1,
T
Todd Short 已提交
1771
     TLS1_VERSION, TLS1_2_VERSION,
1772
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1773
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1774 1775 1776 1777
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1778
#  endif
1779 1780 1781
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1782
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1783 1784 1785 1786 1787
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA1,
T
Todd Short 已提交
1788
     TLS1_VERSION, TLS1_2_VERSION,
1789
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1790
     SSL_HIGH | SSL_FIPS,
1791 1792 1793 1794 1795 1796 1797
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1798
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1799 1800 1801 1802 1803
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA1,
T
Todd Short 已提交
1804
     TLS1_VERSION, TLS1_2_VERSION,
1805
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1806
     SSL_HIGH | SSL_FIPS,
1807 1808 1809 1810 1811 1812 1813
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1814
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1815 1816 1817 1818 1819
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA256,
1820
     TLS1_VERSION, TLS1_2_VERSION,
1821
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1822
     SSL_HIGH | SSL_FIPS,
1823 1824 1825 1826 1827 1828 1829
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1830
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1831 1832 1833 1834 1835
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA384,
1836
     TLS1_VERSION, TLS1_2_VERSION,
1837
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1838
     SSL_HIGH | SSL_FIPS,
1839 1840 1841 1842 1843 1844 1845
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1846
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1847 1848 1849 1850 1851
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA1,
T
Todd Short 已提交
1852
     TLS1_VERSION, TLS1_2_VERSION,
1853
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1854
     SSL_STRONG_NONE | SSL_FIPS,
1855 1856 1857 1858 1859 1860 1861
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1862
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1863 1864 1865 1866 1867
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA256,
1868
     TLS1_VERSION, TLS1_2_VERSION,
1869
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1870
     SSL_STRONG_NONE | SSL_FIPS,
1871 1872 1873 1874 1875 1876 1877
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1878
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1879 1880 1881 1882 1883
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA384,
1884
     TLS1_VERSION, TLS1_2_VERSION,
1885
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1886
     SSL_STRONG_NONE | SSL_FIPS,
1887 1888 1889 1890
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     0,
     0,
     },
E
Emilia Kasper 已提交
1891 1892
# endif                         /* OPENSSL_NO_EC */
#endif                          /* OPENSSL_NO_PSK */
1893

R
Rich Salz 已提交
1894
#ifndef OPENSSL_NO_SRP
1895
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
R
Rich Salz 已提交
1896 1897 1898
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1899
     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1900 1901 1902 1903 1904 1905
     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
     SSL_kSRP,
     SSL_aSRP,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1906
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1907
     SSL_NOT_DEFAULT | SSL_MEDIUM,
R
Rich Salz 已提交
1908 1909 1910 1911 1912 1913 1914
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1915
     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1916 1917 1918 1919 1920 1921
     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
     SSL_kSRP,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1922
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1923
     SSL_NOT_DEFAULT | SSL_MEDIUM,
R
Rich Salz 已提交
1924 1925 1926 1927 1928 1929 1930
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1931
     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
R
Rich Salz 已提交
1932 1933 1934 1935 1936 1937
     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
     SSL_kSRP,
     SSL_aDSS,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1938
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1939
     SSL_NOT_DEFAULT | SSL_MEDIUM,
R
Rich Salz 已提交
1940 1941 1942 1943
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1944
# endif
R
Rich Salz 已提交
1945 1946 1947
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1948
     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1949 1950 1951 1952 1953 1954
     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
     SSL_kSRP,
     SSL_aSRP,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1955
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1956 1957 1958 1959 1960 1961 1962 1963
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
1964
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1965 1966 1967 1968 1969 1970
     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
     SSL_kSRP,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1971
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1972 1973 1974 1975 1976 1977 1978 1979
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
1980
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
R
Rich Salz 已提交
1981 1982 1983 1984 1985 1986
     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
     SSL_kSRP,
     SSL_aDSS,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1987
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1988 1989 1990 1991 1992 1993 1994 1995
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
1996
     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
1997 1998 1999 2000 2001 2002
     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
     SSL_kSRP,
     SSL_aSRP,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2003
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2004 2005 2006 2007 2008 2009 2010 2011
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2012
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
2013 2014 2015 2016 2017 2018
     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
     SSL_kSRP,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2019
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2020 2021 2022 2023 2024 2025 2026 2027
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2028
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
R
Rich Salz 已提交
2029 2030 2031 2032 2033 2034
     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
     SSL_kSRP,
     SSL_aDSS,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2035
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2036 2037 2038 2039 2040
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
E
Emilia Kasper 已提交
2041
#endif                          /* OPENSSL_NO_SRP */
R
Rich Salz 已提交
2042 2043 2044 2045 2046 2047

#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
# ifndef OPENSSL_NO_RSA
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2048
     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060
     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
     SSL_kDHE,
     SSL_aRSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
E
Emilia Kasper 已提交
2061
# endif                         /* OPENSSL_NO_RSA */
R
Rich Salz 已提交
2062 2063 2064 2065 2066

# ifndef OPENSSL_NO_EC
    {
     1,
     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2067
     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082
     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2083
     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095
     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
E
Emilia Kasper 已提交
2096
# endif                         /* OPENSSL_NO_EC */
R
Rich Salz 已提交
2097 2098 2099 2100 2101

# ifndef OPENSSL_NO_PSK
    {
     1,
     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2102
     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117
     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
     SSL_kPSK,
     SSL_aPSK,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2118
     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133
     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2134
     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149
     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2150
     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
R
Rich Salz 已提交
2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162
     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
E
Emilia Kasper 已提交
2163 2164 2165
# endif                         /* OPENSSL_NO_PSK */
#endif                          /* !defined(OPENSSL_NO_CHACHA) &&
                                 * !defined(OPENSSL_NO_POLY1305) */
R
Rich Salz 已提交
2166 2167 2168 2169 2170

#ifndef OPENSSL_NO_CAMELLIA
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2171
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2187
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kEDH,
     SSL_aDSS,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2203
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kEDH,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2219
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kEDH,
     SSL_aNULL,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2235
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
R
Rich Salz 已提交
2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2251
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
R
Rich Salz 已提交
2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kEDH,
     SSL_aDSS,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2267
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
R
Rich Salz 已提交
2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kEDH,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2283
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
R
Rich Salz 已提交
2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kEDH,
     SSL_aNULL,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2299
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
R
Rich Salz 已提交
2300 2301 2302 2303 2304 2305
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2306
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2307 2308 2309 2310 2311 2312 2313 2314
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2315
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
R
Rich Salz 已提交
2316 2317 2318 2319 2320 2321
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2322
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2323 2324 2325 2326 2327 2328 2329 2330
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2331
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
R
Rich Salz 已提交
2332 2333 2334 2335 2336 2337
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2338
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2339 2340 2341 2342 2343 2344 2345 2346
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2347
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
R
Rich Salz 已提交
2348 2349 2350 2351 2352 2353
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2354
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2355 2356 2357 2358 2359 2360 2361 2362
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2363
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
R
Rich Salz 已提交
2364 2365 2366 2367 2368 2369
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2370
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2371 2372 2373 2374 2375 2376 2377 2378
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2379
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
R
Rich Salz 已提交
2380 2381 2382 2383 2384 2385
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2386
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2387 2388 2389 2390 2391 2392 2393 2394
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2395
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
R
Rich Salz 已提交
2396 2397 2398 2399 2400 2401
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2402
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2403 2404 2405 2406 2407 2408 2409 2410
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2411
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
R
Rich Salz 已提交
2412 2413 2414 2415 2416 2417
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2418
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2419 2420 2421 2422 2423 2424 2425 2426
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },

# ifndef OPENSSL_NO_EC
    {
2427 2428
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2429
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2430 2431 2432 2433 2434
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
2435 2436
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2437
     SSL_NOT_DEFAULT | SSL_HIGH,
2438 2439
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
E
Emilia Kasper 已提交
2440 2441
     128,
     },
R
Rich Salz 已提交
2442
    {
2443 2444
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2445
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2446 2447 2448 2449 2450
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_CAMELLIA256,
     SSL_SHA384,
2451 2452
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2453
     SSL_NOT_DEFAULT | SSL_HIGH,
2454 2455
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2456 2457
     256,
     },
R
Rich Salz 已提交
2458
    {
2459 2460
     1,
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2461
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2462 2463 2464 2465 2466
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
2467 2468
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2469
     SSL_NOT_DEFAULT | SSL_HIGH,
2470 2471
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
E
Emilia Kasper 已提交
2472 2473
     128,
     },
R
Rich Salz 已提交
2474
    {
2475 2476
     1,
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2477
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2478 2479 2480 2481 2482
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA384,
2483 2484
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2485
     SSL_NOT_DEFAULT | SSL_HIGH,
2486 2487
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2488 2489 2490
     256,
     },
# endif                         /* OPENSSL_NO_EC */
B
Ben Laurie 已提交
2491

R
Rich Salz 已提交
2492 2493
# ifndef OPENSSL_NO_PSK
    {
2494 2495
     1,
     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2496
     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2497 2498 2499 2500 2501
     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_CAMELLIA128,
     SSL_SHA256,
2502
     TLS1_VERSION, TLS1_2_VERSION,
2503
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2504
     SSL_NOT_DEFAULT | SSL_HIGH,
2505 2506
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
E
Emilia Kasper 已提交
2507 2508
     128,
     },
R
Rich Salz 已提交
2509
    {
2510 2511
     1,
     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2512
     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2513 2514 2515 2516 2517
     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_CAMELLIA256,
     SSL_SHA384,
2518
     TLS1_VERSION, TLS1_2_VERSION,
2519
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2520
     SSL_NOT_DEFAULT | SSL_HIGH,
2521 2522
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2523 2524
     256,
     },
R
Rich Salz 已提交
2525
    {
2526 2527
     1,
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529 2530 2531 2532 2533
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_CAMELLIA128,
     SSL_SHA256,
2534
     TLS1_VERSION, TLS1_2_VERSION,
2535
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2536
     SSL_NOT_DEFAULT | SSL_HIGH,
2537 2538
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
E
Emilia Kasper 已提交
2539 2540
     128,
     },
R
Rich Salz 已提交
2541
    {
2542 2543
     1,
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545 2546 2547 2548 2549
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_CAMELLIA256,
     SSL_SHA384,
2550
     TLS1_VERSION, TLS1_2_VERSION,
2551
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2552
     SSL_NOT_DEFAULT | SSL_HIGH,
2553 2554
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2555 2556
     256,
     },
R
Rich Salz 已提交
2557
    {
2558 2559
     1,
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561 2562 2563 2564 2565
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
2566
     TLS1_VERSION, TLS1_2_VERSION,
2567
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2568
     SSL_NOT_DEFAULT | SSL_HIGH,
2569 2570
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
E
Emilia Kasper 已提交
2571 2572
     128,
     },
R
Rich Salz 已提交
2573
    {
2574 2575
     1,
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577 2578 2579 2580 2581
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA384,
2582
     TLS1_VERSION, TLS1_2_VERSION,
2583
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2584
     SSL_NOT_DEFAULT | SSL_HIGH,
2585 2586
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2587 2588
     256,
     },
2589 2590
    {
     1,
R
Rich Salz 已提交
2591
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
R
Rich Salz 已提交
2593 2594
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kECDHEPSK,
2595
     SSL_aPSK,
R
Rich Salz 已提交
2596 2597 2598
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
2599
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2600
     SSL_NOT_DEFAULT | SSL_HIGH,
R
Rich Salz 已提交
2601
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2602
     128,
E
Emilia Kasper 已提交
2603 2604
     128,
     },
2605 2606
    {
     1,
R
Rich Salz 已提交
2607
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
R
Rich Salz 已提交
2609 2610
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kECDHEPSK,
2611
     SSL_aPSK,
R
Rich Salz 已提交
2612 2613 2614
     SSL_CAMELLIA256,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
2615
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2616
     SSL_NOT_DEFAULT | SSL_HIGH,
R
Rich Salz 已提交
2617
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2618
     256,
E
Emilia Kasper 已提交
2619 2620 2621
     256,
     },
# endif                         /* OPENSSL_NO_PSK */
2622

E
Emilia Kasper 已提交
2623
#endif                          /* OPENSSL_NO_CAMELLIA */
2624

P
Pauli 已提交
2625
#ifndef OPENSSL_NO_GOST
2626 2627
    {
     1,
R
Rich Salz 已提交
2628
     "GOST2001-GOST89-GOST89",
2629
     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
R
Rich Salz 已提交
2630 2631 2632 2633 2634 2635
     0x3000081,
     SSL_kGOST,
     SSL_aGOST01,
     SSL_eGOST2814789CNT,
     SSL_GOST89MAC,
     TLS1_VERSION, TLS1_2_VERSION,
2636
     0, 0,
R
Rich Salz 已提交
2637 2638
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2639
     256,
E
Emilia Kasper 已提交
2640 2641
     256,
     },
R
Rich Salz 已提交
2642 2643 2644
    {
     1,
     "GOST2001-NULL-GOST94",
2645
     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
R
Rich Salz 已提交
2646 2647 2648 2649 2650 2651
     0x3000083,
     SSL_kGOST,
     SSL_aGOST01,
     SSL_eNULL,
     SSL_GOST94,
     TLS1_VERSION, TLS1_2_VERSION,
2652
     0, 0,
R
Rich Salz 已提交
2653 2654 2655
     SSL_STRONG_NONE,
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
     0,
E
Emilia Kasper 已提交
2656 2657
     0,
     },
R
Rich Salz 已提交
2658 2659 2660
    {
     1,
     "GOST2012-GOST8912-GOST8912",
2661
     NULL,
R
Rich Salz 已提交
2662 2663 2664 2665 2666 2667
     0x0300ff85,
     SSL_kGOST,
     SSL_aGOST12 | SSL_aGOST01,
     SSL_eGOST2814789CNT12,
     SSL_GOST89MAC12,
     TLS1_VERSION, TLS1_2_VERSION,
2668
     0, 0,
R
Rich Salz 已提交
2669 2670
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2671
     256,
E
Emilia Kasper 已提交
2672 2673
     256,
     },
R
Rich Salz 已提交
2674 2675 2676
    {
     1,
     "GOST2012-NULL-GOST12",
2677
     NULL,
R
Rich Salz 已提交
2678 2679 2680 2681 2682 2683
     0x0300ff87,
     SSL_kGOST,
     SSL_aGOST12 | SSL_aGOST01,
     SSL_eNULL,
     SSL_GOST12_256,
     TLS1_VERSION, TLS1_2_VERSION,
2684
     0, 0,
R
Rich Salz 已提交
2685 2686 2687
     SSL_STRONG_NONE,
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
     0,
E
Emilia Kasper 已提交
2688 2689 2690
     0,
     },
#endif                          /* OPENSSL_NO_GOST */
2691

R
Rich Salz 已提交
2692
#ifndef OPENSSL_NO_IDEA
2693 2694
    {
     1,
R
Rich Salz 已提交
2695
     SSL3_TXT_RSA_IDEA_128_SHA,
2696
     SSL3_RFC_RSA_IDEA_128_SHA,
R
Rich Salz 已提交
2697 2698 2699 2700 2701 2702
     SSL3_CK_RSA_IDEA_128_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_IDEA,
     SSL_SHA1,
     SSL3_VERSION, TLS1_1_VERSION,
2703
     DTLS1_BAD_VER, DTLS1_VERSION,
R
Rich Salz 已提交
2704 2705
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2706 2707 2708
     128,
     128,
     },
R
Rich Salz 已提交
2709
#endif
2710

R
Rich Salz 已提交
2711
#ifndef OPENSSL_NO_SEED
2712 2713
    {
     1,
R
Rich Salz 已提交
2714
     TLS1_TXT_RSA_WITH_SEED_SHA,
2715
     TLS1_RFC_RSA_WITH_SEED_SHA,
R
Rich Salz 已提交
2716 2717 2718 2719 2720 2721
     TLS1_CK_RSA_WITH_SEED_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2722
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2723 2724 2725 2726
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2727 2728 2729
     },
    {
     1,
R
Rich Salz 已提交
2730
     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2731
     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
R
Rich Salz 已提交
2732 2733 2734 2735 2736 2737
     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2738
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2739 2740
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2741 2742 2743 2744 2745
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
2746
     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2747
     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
R
Rich Salz 已提交
2748 2749 2750 2751 2752 2753
     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2754
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2755 2756 2757 2758
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2759 2760 2761
     },
    {
     1,
R
Rich Salz 已提交
2762
     TLS1_TXT_ADH_WITH_SEED_SHA,
2763
     TLS1_RFC_ADH_WITH_SEED_SHA,
R
Rich Salz 已提交
2764 2765 2766 2767 2768 2769
     TLS1_CK_ADH_WITH_SEED_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2770
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2771 2772
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2773 2774 2775
     128,
     128,
     },
E
Emilia Kasper 已提交
2776
#endif                          /* OPENSSL_NO_SEED */
2777

R
Rich Salz 已提交
2778 2779 2780 2781
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_RC4_128_MD5,
2782
     SSL3_RFC_RSA_RC4_128_MD5,
R
Rich Salz 已提交
2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794
     SSL3_CK_RSA_RC4_128_MD5,
     SSL_kRSA,
     SSL_aRSA,
     SSL_RC4,
     SSL_MD5,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
2795 2796
    {
     1,
R
Rich Salz 已提交
2797
     SSL3_TXT_RSA_RC4_128_SHA,
2798
     SSL3_RFC_RSA_RC4_128_SHA,
R
Rich Salz 已提交
2799 2800 2801 2802 2803 2804 2805 2806 2807 2808 2809
     SSL3_CK_RSA_RC4_128_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2810 2811 2812
     },
    {
     1,
R
Rich Salz 已提交
2813
     SSL3_TXT_ADH_RC4_128_MD5,
2814
     SSL3_RFC_ADH_RC4_128_MD5,
R
Rich Salz 已提交
2815 2816 2817 2818 2819 2820 2821 2822 2823
     SSL3_CK_ADH_RC4_128_MD5,
     SSL_kDHE,
     SSL_aNULL,
     SSL_RC4,
     SSL_MD5,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2824 2825 2826 2827
     128,
     128,
     },

R
Rich Salz 已提交
2828
# ifndef OPENSSL_NO_EC
2829 2830
    {
     1,
R
Rich Salz 已提交
2831
     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2832
     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2833 2834 2835 2836 2837
     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_RC4,
     SSL_SHA1,
T
Todd Short 已提交
2838
     TLS1_VERSION, TLS1_2_VERSION,
R
Rich Salz 已提交
2839 2840 2841 2842 2843
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2844
     },
A
Andy Polyakov 已提交
2845 2846
    {
     1,
R
Rich Salz 已提交
2847
     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2848
     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2849
     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2850
     SSL_kECDHE,
R
Rich Salz 已提交
2851 2852 2853
     SSL_aNULL,
     SSL_RC4,
     SSL_SHA1,
T
Todd Short 已提交
2854
     TLS1_VERSION, TLS1_2_VERSION,
R
Rich Salz 已提交
2855 2856 2857 2858 2859
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2860 2861 2862
     },
    {
     1,
R
Rich Salz 已提交
2863
     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2864
     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2865
     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2866 2867
     SSL_kECDHE,
     SSL_aECDSA,
R
Rich Salz 已提交
2868 2869
     SSL_RC4,
     SSL_SHA1,
T
Todd Short 已提交
2870
     TLS1_VERSION, TLS1_2_VERSION,
R
Rich Salz 已提交
2871 2872 2873 2874 2875
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2876 2877 2878
     },
    {
     1,
R
Rich Salz 已提交
2879
     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2880
     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2881 2882
     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
     SSL_kECDHE,
A
Andy Polyakov 已提交
2883
     SSL_aRSA,
R
Rich Salz 已提交
2884 2885
     SSL_RC4,
     SSL_SHA1,
T
Todd Short 已提交
2886
     TLS1_VERSION, TLS1_2_VERSION,
R
Rich Salz 已提交
2887 2888 2889 2890 2891
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2892
     },
E
Emilia Kasper 已提交
2893
# endif                         /* OPENSSL_NO_EC */
R
Rich Salz 已提交
2894

A
Andy Polyakov 已提交
2895 2896 2897
# ifndef OPENSSL_NO_PSK
    {
     1,
R
Rich Salz 已提交
2898
     TLS1_TXT_PSK_WITH_RC4_128_SHA,
2899
     TLS1_RFC_PSK_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2900
     TLS1_CK_PSK_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2901 2902
     SSL_kPSK,
     SSL_aPSK,
R
Rich Salz 已提交
2903 2904 2905 2906 2907 2908 2909 2910
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2911 2912 2913
     },
    {
     1,
R
Rich Salz 已提交
2914
     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2915
     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926
     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2927 2928 2929
     },
    {
     1,
R
Rich Salz 已提交
2930
     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
2931
     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
R
Rich Salz 已提交
2932
     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2933 2934
     SSL_kDHEPSK,
     SSL_aPSK,
R
Rich Salz 已提交
2935 2936 2937 2938 2939 2940 2941 2942
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2943
     },
E
Emilia Kasper 已提交
2944
# endif                         /* OPENSSL_NO_PSK */
R
Rich Salz 已提交
2945

E
Emilia Kasper 已提交
2946
#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2947

2948 2949
};

2950 2951 2952 2953 2954 2955 2956 2957 2958
/*
 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
 * values stuffed into the ciphers field of the wire protocol for signalling
 * purposes.
 */
static SSL_CIPHER ssl3_scsvs[] = {
    {
     0,
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2959
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
2960 2961 2962 2963 2964 2965
     SSL3_CK_SCSV,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    },
    {
     0,
     "TLS_FALLBACK_SCSV",
2966
     "TLS_FALLBACK_SCSV",
2967 2968 2969 2970 2971
     SSL3_CK_FALLBACK_SCSV,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    },
};

R
Rich Salz 已提交
2972 2973 2974 2975 2976
static int cipher_compare(const void *a, const void *b)
{
    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;

R
Richard Levitte 已提交
2977 2978 2979
    if (ap->id == bp->id)
        return 0;
    return ap->id < bp->id ? -1 : 1;
R
Rich Salz 已提交
2980 2981 2982 2983
}

void ssl_sort_cipher_list(void)
{
2984
    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
R
Rich Salz 已提交
2985
          cipher_compare);
2986
    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
R
Rich Salz 已提交
2987 2988
}

2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002
const SSL3_ENC_METHOD SSLv3_enc_data = {
    ssl3_enc,
    n_ssl3_mac,
    ssl3_setup_key_block,
    ssl3_generate_master_secret,
    ssl3_change_cipher_state,
    ssl3_final_finish_mac,
    SSL3_MD_CLIENT_FINISHED_CONST, 4,
    SSL3_MD_SERVER_FINISHED_CONST, 4,
    ssl3_alert_code,
    (int (*)(SSL *, unsigned char *, size_t, const char *,
             size_t, const unsigned char *, size_t,
             int use_context))ssl_undefined_function,
    0,
M
Matt Caswell 已提交
3003
    ssl3_set_handshake_header,
3004
    tls_close_construct_packet,
3005 3006
    ssl3_handshake_write
};
3007

3008
long ssl3_default_timeout(void)
3009 3010 3011 3012 3013 3014 3015
{
    /*
     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
     * http, the cache would over fill
     */
    return (60 * 60 * 2);
}
3016

U
Ulf Möller 已提交
3017
int ssl3_num_ciphers(void)
3018 3019 3020
{
    return (SSL3_NUM_CIPHERS);
}
3021

3022
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3023 3024 3025 3026 3027 3028
{
    if (u < SSL3_NUM_CIPHERS)
        return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
    else
        return (NULL);
}
3029

M
Matt Caswell 已提交
3030
int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
3031
{
3032 3033 3034 3035
    /* No header in the event of a CCS */
    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
        return 1;

3036
    /* Set the content type and 3 bytes for the message len */
3037
    if (!WPACKET_put_bytes_u8(pkt, htype)
M
Matt Caswell 已提交
3038
            || !WPACKET_start_sub_packet_u24(pkt))
3039 3040 3041 3042 3043
        return 0;

    return 1;
}

D
Dr. Stephen Henson 已提交
3044
int ssl3_handshake_write(SSL *s)
3045 3046 3047
{
    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
}
D
Dr. Stephen Henson 已提交
3048

U
Ulf Möller 已提交
3049
int ssl3_new(SSL *s)
3050 3051
{
    SSL3_STATE *s3;
3052

R
Rich Salz 已提交
3053
    if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
3054 3055
        goto err;
    s->s3 = s3;
B
Ben Laurie 已提交
3056

B
Ben Laurie 已提交
3057
#ifndef OPENSSL_NO_SRP
V
Viktor Dukhovni 已提交
3058
    if (!SSL_SRP_CTX_init(s))
E
Emilia Kasper 已提交
3059
        goto err;
B
Ben Laurie 已提交
3060
#endif
3061 3062 3063 3064

    if (!s->method->ssl_clear(s))
        return 0;

M
Matt Caswell 已提交
3065
    return 1;
3066
 err:
M
Matt Caswell 已提交
3067
    return 0;
3068
}
3069

U
Ulf Möller 已提交
3070
void ssl3_free(SSL *s)
3071
{
3072
    if (s == NULL || s->s3 == NULL)
3073
        return;
B
Ben Laurie 已提交
3074

3075
    ssl3_cleanup_key_block(s);
3076

D
Dr. Stephen Henson 已提交
3077
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
3078 3079
    EVP_PKEY_free(s->s3->peer_tmp);
    s->s3->peer_tmp = NULL;
D
Dr. Stephen Henson 已提交
3080 3081
    EVP_PKEY_free(s->s3->tmp.pkey);
    s->s3->tmp.pkey = NULL;
B
Bodo Möller 已提交
3082 3083
#endif

3084
    OPENSSL_free(s->s3->tmp.ctype);
3085
    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
D
Dr. Stephen Henson 已提交
3086 3087 3088
    OPENSSL_free(s->s3->tmp.ciphers_raw);
    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
    OPENSSL_free(s->s3->tmp.peer_sigalgs);
3089
    ssl3_free_digest_list(s);
R
Rich Salz 已提交
3090
    OPENSSL_free(s->s3->alpn_selected);
T
Todd Short 已提交
3091
    OPENSSL_free(s->s3->alpn_proposed);
A
Adam Langley 已提交
3092

B
Ben Laurie 已提交
3093
#ifndef OPENSSL_NO_SRP
3094
    SSL_SRP_CTX_free(s);
B
Ben Laurie 已提交
3095
#endif
R
Rich Salz 已提交
3096
    OPENSSL_clear_free(s->s3, sizeof(*s->s3));
3097 3098
    s->s3 = NULL;
}
3099

3100
int ssl3_clear(SSL *s)
3101 3102
{
    ssl3_cleanup_key_block(s);
3103
    OPENSSL_free(s->s3->tmp.ctype);
3104
    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
D
Dr. Stephen Henson 已提交
3105 3106 3107
    OPENSSL_free(s->s3->tmp.ciphers_raw);
    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
    OPENSSL_free(s->s3->tmp.peer_sigalgs);
3108

D
Dr. Stephen Henson 已提交
3109
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
D
Dr. Stephen Henson 已提交
3110
    EVP_PKEY_free(s->s3->tmp.pkey);
3111
    EVP_PKEY_free(s->s3->peer_tmp);
E
Emilia Kasper 已提交
3112
#endif                          /* !OPENSSL_NO_EC */
3113

3114
    ssl3_free_digest_list(s);
3115

T
Todd Short 已提交
3116 3117
    OPENSSL_free(s->s3->alpn_selected);
    OPENSSL_free(s->s3->alpn_proposed);
3118

T
Todd Short 已提交
3119
    /* NULL/zero-out everything in the s3 struct */
R
Rich Salz 已提交
3120
    memset(s->s3, 0, sizeof(*s->s3));
3121

3122 3123
    if (!ssl_free_wbio_buffer(s))
        return 0;
3124 3125

    s->version = SSL3_VERSION;
B
Ben Laurie 已提交
3126

3127
#if !defined(OPENSSL_NO_NEXTPROTONEG)
R
Rich Salz 已提交
3128 3129 3130
    OPENSSL_free(s->ext.npn);
    s->ext.npn = NULL;
    s->ext.npn_len = 0;
B
Ben Laurie 已提交
3131
#endif
3132 3133

    return 1;
3134
}
3135

B
Ben Laurie 已提交
3136
#ifndef OPENSSL_NO_SRP
3137 3138
static char *srp_password_from_info_cb(SSL *s, void *arg)
{
R
Rich Salz 已提交
3139
    return OPENSSL_strdup(s->srp_ctx.info);
3140
}
B
Ben Laurie 已提交
3141 3142
#endif

E
Emilia Kasper 已提交
3143
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3144

3145
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3146 3147
{
    int ret = 0;
3148

3149 3150 3151 3152 3153 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164
    switch (cmd) {
    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
        break;
    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
        ret = s->s3->num_renegotiations;
        break;
    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
        ret = s->s3->num_renegotiations;
        s->s3->num_renegotiations = 0;
        break;
    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
        ret = s->s3->total_renegotiations;
        break;
    case SSL_CTRL_GET_FLAGS:
        ret = (int)(s->s3->flags);
        break;
3165
#ifndef OPENSSL_NO_DH
3166 3167 3168
    case SSL_CTRL_SET_TMP_DH:
        {
            DH *dh = (DH *)parg;
3169
            EVP_PKEY *pkdh = NULL;
3170 3171 3172 3173
            if (dh == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
                return (ret);
            }
3174 3175 3176 3177 3178
            pkdh = ssl_dh_to_pkey(dh);
            if (pkdh == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
                return 0;
            }
3179
            if (!ssl_security(s, SSL_SECOP_TMP_DH,
3180
                              EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3181
                SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3182 3183
                EVP_PKEY_free(pkdh);
                return ret;
3184
            }
3185 3186
            EVP_PKEY_free(s->cert->dh_tmp);
            s->cert->dh_tmp = pkdh;
3187 3188 3189 3190 3191 3192 3193 3194 3195 3196 3197
            ret = 1;
        }
        break;
    case SSL_CTRL_SET_TMP_DH_CB:
        {
            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
            return (ret);
        }
    case SSL_CTRL_SET_DH_AUTO:
        s->cert->dh_tmp_auto = larg;
        return 1;
3198
#endif
3199
#ifndef OPENSSL_NO_EC
3200 3201
    case SSL_CTRL_SET_TMP_ECDH:
        {
3202 3203
            const EC_GROUP *group = NULL;
            int nid;
3204 3205 3206

            if (parg == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3207
                return 0;
3208
            }
3209 3210 3211 3212
            group = EC_KEY_get0_group((const EC_KEY *)parg);
            if (group == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
                return 0;
3213
            }
3214 3215 3216
            nid = EC_GROUP_get_curve_name(group);
            if (nid == NID_undef)
                return 0;
R
Rich Salz 已提交
3217 3218
            return tls1_set_groups(&s->ext.supportedgroups,
                                   &s->ext.supportedgroups_len,
3219
                                   &nid, 1);
3220 3221
        }
        break;
3222
#endif                          /* !OPENSSL_NO_EC */
3223 3224
    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
        if (larg == TLSEXT_NAMETYPE_host_name) {
V
Viktor Dukhovni 已提交
3225 3226
            size_t len;

R
Rich Salz 已提交
3227 3228
            OPENSSL_free(s->ext.hostname);
            s->ext.hostname = NULL;
3229 3230 3231 3232

            ret = 1;
            if (parg == NULL)
                break;
V
Viktor Dukhovni 已提交
3233 3234
            len = strlen((char *)parg);
            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3235 3236 3237
                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                return 0;
            }
R
Rich Salz 已提交
3238
            if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3239 3240 3241 3242 3243 3244 3245 3246 3247
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
                return 0;
            }
        } else {
            SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
            return 0;
        }
        break;
    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
R
Rich Salz 已提交
3248
        s->ext.debug_arg = parg;
3249 3250 3251
        ret = 1;
        break;

3252
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3253
        ret = s->ext.status_type;
3254 3255
        break;

3256
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3257
        s->ext.status_type = larg;
3258 3259 3260 3261
        ret = 1;
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
R
Rich Salz 已提交
3262
        *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3263 3264 3265 3266
        ret = 1;
        break;

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
R
Rich Salz 已提交
3267
        s->ext.ocsp.exts = parg;
3268 3269 3270 3271
        ret = 1;
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
R
Rich Salz 已提交
3272
        *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3273 3274 3275 3276
        ret = 1;
        break;

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
R
Rich Salz 已提交
3277
        s->ext.ocsp.ids = parg;
3278 3279 3280 3281
        ret = 1;
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
R
Rich Salz 已提交
3282 3283 3284
        *(unsigned char **)parg = s->ext.ocsp.resp;
        if (s->ext.ocsp.resp_len == 0
                || s->ext.ocsp.resp_len > LONG_MAX)
M
Matt Caswell 已提交
3285
            return -1;
R
Rich Salz 已提交
3286
        return (long)s->ext.ocsp.resp_len;
3287 3288

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
R
Rich Salz 已提交
3289 3290 3291
        OPENSSL_free(s->ext.ocsp.resp);
        s->ext.ocsp.resp = parg;
        s->ext.ocsp.resp_len = larg;
3292 3293 3294
        ret = 1;
        break;

3295 3296 3297 3298 3299 3300 3301
#ifndef OPENSSL_NO_HEARTBEATS
    case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
    case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
    case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
        break;
#endif

3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326
    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);

    case SSL_CTRL_CHAIN_CERT:
        if (larg)
            return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
        else
            return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);

    case SSL_CTRL_GET_CHAIN_CERTS:
        *(STACK_OF(X509) **)parg = s->cert->key->chain;
        break;

    case SSL_CTRL_SELECT_CURRENT_CERT:
        return ssl_cert_select_current(s->cert, (X509 *)parg);

    case SSL_CTRL_SET_CURRENT_CERT:
        if (larg == SSL_CERT_SET_SERVER) {
            const SSL_CIPHER *cipher;
            if (!s->server)
                return 0;
            cipher = s->s3->tmp.new_cipher;
D
Dr. Stephen Henson 已提交
3327
            if (cipher == NULL)
3328 3329 3330 3331 3332 3333 3334
                return 0;
            /*
             * No certificate for unauthenticated ciphersuites or using SRP
             * authentication
             */
            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
                return 2;
3335
            if (s->s3->tmp.cert == NULL)
3336
                return 0;
3337
            s->cert->key = s->s3->tmp.cert;
3338 3339 3340
            return 1;
        }
        return ssl_cert_set_current(s->cert, larg);
3341

3342
#ifndef OPENSSL_NO_EC
3343
    case SSL_CTRL_GET_GROUPS:
3344 3345 3346
        {
            unsigned char *clist;
            size_t clistlen;
R
Rich Salz 已提交
3347

3348 3349
            if (!s->session)
                return 0;
R
Rich Salz 已提交
3350 3351
            clist = s->session->ext.supportedgroups;
            clistlen = s->session->ext.supportedgroups_len / 2;
3352 3353 3354 3355 3356 3357
            if (parg) {
                size_t i;
                int *cptr = parg;
                unsigned int cid, nid;
                for (i = 0; i < clistlen; i++) {
                    n2s(clist, cid);
3358
                    /* TODO(TLS1.3): Handle DH groups here */
3359
                    nid = tls1_ec_curve_id2nid(cid, NULL);
3360 3361 3362 3363 3364 3365 3366 3367 3368
                    if (nid != 0)
                        cptr[i] = nid;
                    else
                        cptr[i] = TLSEXT_nid_unknown | cid;
                }
            }
            return (int)clistlen;
        }

3369
    case SSL_CTRL_SET_GROUPS:
R
Rich Salz 已提交
3370 3371
        return tls1_set_groups(&s->ext.supportedgroups,
                               &s->ext.supportedgroups_len, parg, larg);
3372

3373
    case SSL_CTRL_SET_GROUPS_LIST:
R
Rich Salz 已提交
3374 3375
        return tls1_set_groups_list(&s->ext.supportedgroups,
                                    &s->ext.supportedgroups_len, parg);
3376

3377 3378
    case SSL_CTRL_GET_SHARED_GROUP:
        return tls1_shared_group(s, larg);
3379

3380
#endif
3381 3382 3383 3384 3385 3386 3387 3388 3389 3390 3391 3392 3393 3394 3395 3396 3397 3398
    case SSL_CTRL_SET_SIGALGS:
        return tls1_set_sigalgs(s->cert, parg, larg, 0);

    case SSL_CTRL_SET_SIGALGS_LIST:
        return tls1_set_sigalgs_list(s->cert, parg, 0);

    case SSL_CTRL_SET_CLIENT_SIGALGS:
        return tls1_set_sigalgs(s->cert, parg, larg, 1);

    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
        return tls1_set_sigalgs_list(s->cert, parg, 1);

    case SSL_CTRL_GET_CLIENT_CERT_TYPES:
        {
            const unsigned char **pctype = parg;
            if (s->server || !s->s3->tmp.cert_req)
                return 0;
            if (pctype)
3399 3400
                *pctype = s->s3->tmp.ctype;
            return s->s3->tmp.ctype_len;
3401 3402 3403 3404 3405 3406 3407 3408 3409 3410 3411 3412 3413 3414 3415 3416 3417
        }

    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
        if (!s->server)
            return 0;
        return ssl3_set_req_cert_type(s->cert, parg, larg);

    case SSL_CTRL_BUILD_CERT_CHAIN:
        return ssl_build_cert_chain(s, NULL, larg);

    case SSL_CTRL_SET_VERIFY_CERT_STORE:
        return ssl_cert_set_cert_store(s->cert, parg, 0, larg);

    case SSL_CTRL_SET_CHAIN_CERT_STORE:
        return ssl_cert_set_cert_store(s->cert, parg, 1, larg);

    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3418
        if (s->s3->tmp.peer_sigalg == NULL)
3419
            return 0;
3420 3421
        *(int *)parg = s->s3->tmp.peer_sigalg->hash;
        return 1;
3422 3423

    case SSL_CTRL_GET_SERVER_TMP_KEY:
D
Dr. Stephen Henson 已提交
3424 3425
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
        if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3426
            return 0;
D
Dr. Stephen Henson 已提交
3427 3428 3429 3430
        } else {
            EVP_PKEY_up_ref(s->s3->peer_tmp);
            *(EVP_PKEY **)parg = s->s3->peer_tmp;
            return 1;
3431
        }
D
Dr. Stephen Henson 已提交
3432 3433 3434
#else
        return 0;
#endif
3435
#ifndef OPENSSL_NO_EC
3436 3437 3438 3439
    case SSL_CTRL_GET_EC_POINT_FORMATS:
        {
            SSL_SESSION *sess = s->session;
            const unsigned char **pformat = parg;
R
Rich Salz 已提交
3440 3441

            if (sess == NULL || sess->ext.ecpointformats == NULL)
3442
                return 0;
R
Rich Salz 已提交
3443 3444
            *pformat = sess->ext.ecpointformats;
            return (int)sess->ext.ecpointformats_len;
3445
        }
3446
#endif
B
Bodo Moeller 已提交
3447

3448 3449 3450 3451 3452 3453 3454 3455 3456
    default:
        break;
    }
    return (ret);
}

long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
{
    int ret = 0;
3457

3458
    switch (cmd) {
3459
#ifndef OPENSSL_NO_DH
3460 3461 3462 3463 3464
    case SSL_CTRL_SET_TMP_DH_CB:
        {
            s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
        }
        break;
3465
#endif
3466
    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
R
Rich Salz 已提交
3467
        s->ext.debug_cb = (void (*)(SSL *, int, int,
R
Rich Salz 已提交
3468
                                    const unsigned char *, int, void *))fp;
3469
        break;
3470

3471 3472 3473 3474 3475 3476 3477 3478 3479 3480
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
        {
            s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
        }
        break;
    default:
        break;
    }
    return (ret);
}
3481

3482
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3483 3484
{
    switch (cmd) {
3485
#ifndef OPENSSL_NO_DH
3486 3487
    case SSL_CTRL_SET_TMP_DH:
        {
3488 3489 3490 3491
            DH *dh = (DH *)parg;
            EVP_PKEY *pkdh = NULL;
            if (dh == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3492 3493
                return 0;
            }
3494 3495 3496
            pkdh = ssl_dh_to_pkey(dh);
            if (pkdh == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3497 3498
                return 0;
            }
3499 3500 3501 3502 3503
            if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
                                  EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
                EVP_PKEY_free(pkdh);
                return 1;
3504
            }
3505 3506
            EVP_PKEY_free(ctx->cert->dh_tmp);
            ctx->cert->dh_tmp = pkdh;
3507 3508 3509 3510 3511 3512 3513 3514 3515 3516
            return 1;
        }
    case SSL_CTRL_SET_TMP_DH_CB:
        {
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
            return (0);
        }
    case SSL_CTRL_SET_DH_AUTO:
        ctx->cert->dh_tmp_auto = larg;
        return 1;
3517
#endif
3518
#ifndef OPENSSL_NO_EC
3519 3520
    case SSL_CTRL_SET_TMP_ECDH:
        {
3521 3522
            const EC_GROUP *group = NULL;
            int nid;
3523 3524

            if (parg == NULL) {
3525
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3526 3527
                return 0;
            }
3528 3529 3530
            group = EC_KEY_get0_group((const EC_KEY *)parg);
            if (group == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3531 3532
                return 0;
            }
3533 3534 3535
            nid = EC_GROUP_get_curve_name(group);
            if (nid == NID_undef)
                return 0;
R
Rich Salz 已提交
3536 3537
            return tls1_set_groups(&ctx->ext.supportedgroups,
                                   &ctx->ext.supportedgroups_len,
3538
                                   &nid, 1);
3539
        }
3540
#endif                          /* !OPENSSL_NO_EC */
3541
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
R
Rich Salz 已提交
3542
        ctx->ext.servername_arg = parg;
3543 3544 3545 3546 3547
        break;
    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
        {
            unsigned char *keys = parg;
R
Rich Salz 已提交
3548 3549 3550
            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
                                sizeof(ctx->ext.tick_hmac_key) +
                                sizeof(ctx->ext.tick_aes_key));
K
Kurt Roeckx 已提交
3551
            if (keys == NULL)
R
Rich Salz 已提交
3552 3553
                return tick_keylen;
            if (larg != tick_keylen) {
3554 3555 3556 3557
                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
                return 0;
            }
            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
R
Rich Salz 已提交
3558 3559 3560 3561 3562 3563 3564 3565 3566
                memcpy(ctx->ext.tick_key_name, keys,
                       sizeof(ctx->ext.tick_key_name));
                memcpy(ctx->ext.tick_hmac_key,
                       keys + sizeof(ctx->ext.tick_key_name),
                       sizeof(ctx->ext.tick_hmac_key));
                memcpy(ctx->ext.tick_aes_key,
                       keys + sizeof(ctx->ext.tick_key_name) +
                       sizeof(ctx->ext.tick_hmac_key),
                       sizeof(ctx->ext.tick_aes_key));
3567
            } else {
R
Rich Salz 已提交
3568 3569 3570 3571 3572 3573 3574 3575 3576
                memcpy(keys, ctx->ext.tick_key_name,
                       sizeof(ctx->ext.tick_key_name));
                memcpy(keys + sizeof(ctx->ext.tick_key_name),
                       ctx->ext.tick_hmac_key,
                       sizeof(ctx->ext.tick_hmac_key));
                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
                       sizeof(ctx->ext.tick_hmac_key),
                       ctx->ext.tick_aes_key,
                       sizeof(ctx->ext.tick_aes_key));
3577 3578 3579 3580
            }
            return 1;
        }

3581
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3582
        return ctx->ext.status_type;
3583

3584
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3585
        ctx->ext.status_type = larg;
3586 3587
        break;

3588
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
R
Rich Salz 已提交
3589
        ctx->ext.status_arg = parg;
3590 3591
        return 1;

3592
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
R
Rich Salz 已提交
3593
        *(void**)parg = ctx->ext.status_arg;
3594 3595 3596
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
R
Rich Salz 已提交
3597
        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3598 3599
        break;

3600
#ifndef OPENSSL_NO_SRP
3601 3602
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
R
Rich Salz 已提交
3603
        OPENSSL_free(ctx->srp_ctx.login);
3604 3605 3606
        ctx->srp_ctx.login = NULL;
        if (parg == NULL)
            break;
E
Emilia Kasper 已提交
3607
        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3608 3609 3610
            SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
            return 0;
        }
R
Rich Salz 已提交
3611
        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3612 3613 3614 3615 3616 3617 3618
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
            return 0;
        }
        break;
    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
            srp_password_from_info_cb;
3619 3620 3621 3622 3623 3624
        if (ctx->srp_ctx.info != NULL)
            OPENSSL_free(ctx->srp_ctx.info);
        if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
            return 0;
        }
3625 3626 3627 3628 3629 3630 3631 3632 3633
        break;
    case SSL_CTRL_SET_SRP_ARG:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.SRP_cb_arg = parg;
        break;

    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
        ctx->srp_ctx.strength = larg;
        break;
3634
#endif
3635

3636
#ifndef OPENSSL_NO_EC
3637
    case SSL_CTRL_SET_GROUPS:
R
Rich Salz 已提交
3638 3639
        return tls1_set_groups(&ctx->ext.supportedgroups,
                               &ctx->ext.supportedgroups_len,
3640 3641
                               parg, larg);

3642
    case SSL_CTRL_SET_GROUPS_LIST:
R
Rich Salz 已提交
3643 3644
        return tls1_set_groups_list(&ctx->ext.supportedgroups,
                                    &ctx->ext.supportedgroups_len,
3645
                                    parg);
3646
#endif
3647 3648 3649 3650 3651 3652 3653 3654 3655 3656 3657 3658 3659 3660 3661 3662 3663 3664 3665 3666 3667 3668 3669 3670 3671 3672 3673
    case SSL_CTRL_SET_SIGALGS:
        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);

    case SSL_CTRL_SET_SIGALGS_LIST:
        return tls1_set_sigalgs_list(ctx->cert, parg, 0);

    case SSL_CTRL_SET_CLIENT_SIGALGS:
        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);

    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
        return tls1_set_sigalgs_list(ctx->cert, parg, 1);

    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
        return ssl3_set_req_cert_type(ctx->cert, parg, larg);

    case SSL_CTRL_BUILD_CERT_CHAIN:
        return ssl_build_cert_chain(NULL, ctx, larg);

    case SSL_CTRL_SET_VERIFY_CERT_STORE:
        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);

    case SSL_CTRL_SET_CHAIN_CERT_STORE:
        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);

        /* A Thawte special :-) */
    case SSL_CTRL_EXTRA_CHAIN_CERT:
        if (ctx->extra_certs == NULL) {
3674 3675 3676 3677 3678 3679 3680 3681
            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
                return 0;
            }
        }
        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
            return 0;
3682 3683 3684 3685 3686 3687 3688 3689 3690 3691 3692
        }
        break;

    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
        if (ctx->extra_certs == NULL && larg == 0)
            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
        else
            *(STACK_OF(X509) **)parg = ctx->extra_certs;
        break;

    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
R
Rich Salz 已提交
3693 3694
        sk_X509_pop_free(ctx->extra_certs, X509_free);
        ctx->extra_certs = NULL;
3695 3696 3697 3698 3699 3700 3701 3702 3703 3704 3705 3706 3707 3708 3709 3710 3711 3712 3713 3714 3715 3716 3717 3718 3719 3720 3721 3722 3723 3724 3725 3726 3727
        break;

    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);

    case SSL_CTRL_CHAIN_CERT:
        if (larg)
            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
        else
            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);

    case SSL_CTRL_GET_CHAIN_CERTS:
        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
        break;

    case SSL_CTRL_SELECT_CURRENT_CERT:
        return ssl_cert_select_current(ctx->cert, (X509 *)parg);

    case SSL_CTRL_SET_CURRENT_CERT:
        return ssl_cert_set_current(ctx->cert, larg);

    default:
        return (0);
    }
    return (1);
}

long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
    switch (cmd) {
3728
#ifndef OPENSSL_NO_DH
3729 3730
    case SSL_CTRL_SET_TMP_DH_CB:
        {
M
Matt Caswell 已提交
3731
            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3732 3733
        }
        break;
3734
#endif
3735
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
R
Rich Salz 已提交
3736
        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3737 3738 3739
        break;

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
R
Rich Salz 已提交
3740
        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3741 3742 3743
        break;

    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
R
Rich Salz 已提交
3744
        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3745 3746 3747 3748 3749
                                             unsigned char *,
                                             EVP_CIPHER_CTX *,
                                             HMAC_CTX *, int))fp;
        break;

3750
#ifndef OPENSSL_NO_SRP
3751 3752 3753 3754 3755 3756 3757 3758 3759 3760 3761 3762 3763 3764
    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
        break;
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.TLS_ext_srp_username_callback =
            (int (*)(SSL *, int *, void *))fp;
        break;
    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
            (char *(*)(SSL *, void *))fp;
        break;
3765
#endif
3766 3767 3768 3769 3770 3771 3772 3773 3774 3775
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
        {
            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
        }
        break;
    default:
        return (0);
    }
    return (1);
}
3776

3777 3778 3779
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
{
    SSL_CIPHER c;
3780
    const SSL_CIPHER *cp;
3781 3782

    c.id = id;
3783 3784 3785 3786
    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
    if (cp != NULL)
        return cp;
    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3787 3788
}

3789 3790 3791 3792 3793 3794
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
{
    SSL_CIPHER *c = NULL;
    SSL_CIPHER *tbl = ssl3_ciphers;
    size_t i;

3795
    /* this is not efficient, necessary to optimize this? */
3796 3797 3798 3799 3800 3801 3802 3803 3804 3805 3806 3807 3808 3809 3810 3811 3812 3813 3814 3815
    for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
        if (tbl->stdname == NULL)
            continue;
        if (strcmp(stdname, tbl->stdname) == 0) {
            c = tbl;
            break;
        }
    }
    if (c == NULL) {
        tbl = ssl3_scsvs;
        for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
            if (strcmp(stdname, tbl->stdname) == 0) {
                c = tbl;
                break;
            }
        }
    }
    return c;
}

3816 3817 3818 3819
/*
 * This function needs to check if the ciphers required are actually
 * available
 */
3820
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3821
{
3822
    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3823 3824
                                 | ((uint32_t)p[0] << 8L)
                                 | (uint32_t)p[1]);
3825
}
3826

M
Matt Caswell 已提交
3827
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3828
{
3829
    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3830 3831 3832 3833
        *len = 0;
        return 1;
    }

3834
    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3835 3836 3837 3838 3839 3840
        return 0;

    *len = 2;
    return 1;
}

3841 3842 3843 3844 3845 3846 3847 3848
/*
 * ssl3_choose_cipher - choose a cipher from those offered by the client
 * @s: SSL connection
 * @clnt: ciphers offered by the client
 * @srvr: ciphers enabled on the server?
 *
 * Returns the selected cipher or NULL when no common ciphers.
 */
3849
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
E
Emilia Kasper 已提交
3850
                                     STACK_OF(SSL_CIPHER) *srvr)
3851
{
3852
    const SSL_CIPHER *c, *ret = NULL;
3853 3854
    STACK_OF(SSL_CIPHER) *prio, *allow;
    int i, ii, ok;
3855
    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
3856

3857
    /* Let's see which ciphers we can support */
3858

3859 3860 3861 3862 3863 3864
    /*
     * Do not set the compare functions, because this may lead to a
     * reordering by "id". We want to keep the original ordering. We may pay
     * a price in performance during sk_SSL_CIPHER_find(), but would have to
     * pay with the price of sk_SSL_CIPHER_dup().
     */
3865

B
Ben Laurie 已提交
3866
#ifdef CIPHER_DEBUG
3867 3868 3869 3870 3871 3872 3873 3874 3875 3876 3877 3878
    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
            (void *)srvr);
    for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
        c = sk_SSL_CIPHER_value(srvr, i);
        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
    }
    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
            (void *)clnt);
    for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
        c = sk_SSL_CIPHER_value(clnt, i);
        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
    }
B
Ben Laurie 已提交
3879 3880
#endif

3881 3882 3883 3884 3885 3886 3887 3888
    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
        prio = srvr;
        allow = clnt;
    } else {
        prio = clnt;
        allow = srvr;
    }

3889 3890 3891 3892
    if (!SSL_IS_TLS13(s)) {
        tls1_set_cert_validity(s);
        ssl_set_masks(s);
    }
3893 3894 3895 3896

    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
        c = sk_SSL_CIPHER_value(prio, i);

3897 3898
        /* Skip ciphers not supported by the protocol version */
        if (!SSL_IS_DTLS(s) &&
E
Emilia Kasper 已提交
3899
            ((s->version < c->min_tls) || (s->version > c->max_tls)))
3900
            continue;
3901
        if (SSL_IS_DTLS(s) &&
E
Emilia Kasper 已提交
3902 3903
            (DTLS_VERSION_LT(s->version, c->min_dtls) ||
             DTLS_VERSION_GT(s->version, c->max_dtls)))
3904
            continue;
3905

3906 3907 3908 3909 3910
        /*
         * Since TLS 1.3 ciphersuites can be used with any auth or
         * key exchange scheme skip tests.
         */
        if (!SSL_IS_TLS13(s)) {
3911 3912
            mask_k = s->s3->tmp.mask_k;
            mask_a = s->s3->tmp.mask_a;
B
Ben Laurie 已提交
3913
#ifndef OPENSSL_NO_SRP
3914 3915 3916 3917
            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
                mask_k |= SSL_kSRP;
                mask_a |= SSL_aSRP;
            }
B
Ben Laurie 已提交
3918
#endif
3919

3920 3921
            alg_k = c->algorithm_mkey;
            alg_a = c->algorithm_auth;
3922

3923
#ifndef OPENSSL_NO_PSK
3924 3925 3926
            /* with PSK there must be server callback set */
            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
                continue;
3927 3928
#endif                          /* OPENSSL_NO_PSK */

3929
            ok = (alg_k & mask_k) && (alg_a & mask_a);
3930
#ifdef CIPHER_DEBUG
3931 3932
            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
                    alg_a, mask_k, mask_a, (void *)c, c->name);
3933 3934
#endif

E
Emilia Kasper 已提交
3935
#ifndef OPENSSL_NO_EC
3936 3937 3938 3939 3940 3941
            /*
             * if we are considering an ECC cipher suite that uses an ephemeral
             * EC key check it
             */
            if (alg_k & SSL_kECDHE)
                ok = ok && tls1_check_ec_tmp_key(s, c->id);
E
Emilia Kasper 已提交
3942
#endif                          /* OPENSSL_NO_EC */
3943

3944 3945 3946
            if (!ok)
                continue;
        }
3947 3948 3949 3950
        ii = sk_SSL_CIPHER_find(allow, c);
        if (ii >= 0) {
            /* Check security callback permits this cipher */
            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3951
                              c->strength_bits, 0, (void *)c))
3952
                continue;
3953
#if !defined(OPENSSL_NO_EC)
3954 3955 3956 3957 3958 3959
            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
                && s->s3->is_probably_safari) {
                if (!ret)
                    ret = sk_SSL_CIPHER_value(allow, ii);
                continue;
            }
3960
#endif
3961 3962 3963 3964 3965 3966
            ret = sk_SSL_CIPHER_value(allow, ii);
            break;
        }
    }
    return (ret);
}
3967

3968
int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3969
{
3970
    uint32_t alg_k, alg_a = 0;
3971 3972

    /* If we have custom certificate types set, use them */
3973 3974
    if (s->cert->ctype)
        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3975 3976 3977 3978
    /* Get mask of algorithms disabled by signature list */
    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);

    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3979

D
Dr. Stephen Henson 已提交
3980
#ifndef OPENSSL_NO_GOST
3981 3982 3983 3984
    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
            return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
D
Dr. Stephen Henson 已提交
3985 3986
#endif

D
Dr. Stephen Henson 已提交
3987
    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3988
#ifndef OPENSSL_NO_DH
3989
# ifndef OPENSSL_NO_RSA
3990 3991
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
            return 0;
3992 3993
# endif
# ifndef OPENSSL_NO_DSA
3994 3995
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
            return 0;
3996 3997
# endif
#endif                          /* !OPENSSL_NO_DH */
B
Ben Laurie 已提交
3998
    }
3999
#ifndef OPENSSL_NO_RSA
4000 4001
    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
        return 0;
4002
#endif
4003
#ifndef OPENSSL_NO_DSA
4004 4005
    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
        return 0;
4006
#endif
4007
#ifndef OPENSSL_NO_EC
4008
    /*
D
Dr. Stephen Henson 已提交
4009
     * ECDSA certs can be used with RSA cipher suites too so we don't
4010 4011
     * need to check for SSL_kECDH or SSL_kECDHE
     */
4012 4013 4014 4015
    if (s->version >= TLS1_VERSION
            && !(alg_a & SSL_aECDSA)
            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
        return 0;
4016
#endif
4017
    return 1;
4018
}
4019

4020
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4021
{
4022 4023 4024 4025
    OPENSSL_free(c->ctype);
    c->ctype = NULL;
    c->ctype_len = 0;
    if (p == NULL || len == 0)
4026 4027 4028
        return 1;
    if (len > 0xff)
        return 0;
4029 4030
    c->ctype = OPENSSL_memdup(p, len);
    if (c->ctype == NULL)
4031
        return 0;
4032
    c->ctype_len = len;
4033 4034
    return 1;
}
4035

U
Ulf Möller 已提交
4036
int ssl3_shutdown(SSL *s)
4037 4038 4039 4040 4041 4042 4043
{
    int ret;

    /*
     * Don't do anything much if we have not done the handshake or we don't
     * want to send messages :-)
     */
M
Matt Caswell 已提交
4044
    if (s->quiet_shutdown || SSL_in_before(s)) {
4045 4046 4047 4048 4049 4050 4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063
        s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
        return (1);
    }

    if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
        s->shutdown |= SSL_SENT_SHUTDOWN;
        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
        /*
         * our shutdown alert has been sent now, and if it still needs to be
         * written, s->s3->alert_dispatch will be true
         */
        if (s->s3->alert_dispatch)
            return (-1);        /* return WANT_WRITE */
    } else if (s->s3->alert_dispatch) {
        /* resend it if not sent */
        ret = s->method->ssl_dispatch_alert(s);
        if (ret == -1) {
            /*
             * we only get to return -1 here the 2nd/Nth invocation, we must
F
FdaSilvaYY 已提交
4064
             * have already signalled return 0 upon a previous invocation,
4065 4066 4067 4068 4069
             * return WANT_WRITE
             */
            return (ret);
        }
    } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4070
        size_t readbytes;
4071 4072 4073
        /*
         * If we are waiting for a close from our peer, we are closed
         */
4074
        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4075
        if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4076
            return -1;        /* return WANT_READ */
4077 4078 4079 4080 4081 4082 4083 4084 4085
        }
    }

    if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
        !s->s3->alert_dispatch)
        return (1);
    else
        return (0);
}
4086

M
Matt Caswell 已提交
4087
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4088 4089 4090
{
    clear_sys_error();
    if (s->s3->renegotiate)
4091
        ssl3_renegotiate_check(s, 0);
4092

M
Matt Caswell 已提交
4093 4094
    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
                                      written);
4095
}
4096

4097
static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4098
                              size_t *readbytes)
4099 4100 4101 4102 4103
{
    int ret;

    clear_sys_error();
    if (s->s3->renegotiate)
4104
        ssl3_renegotiate_check(s, 0);
4105 4106
    s->s3->in_read_app_data = 1;
    ret =
4107
        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4108
                                  peek, readbytes);
4109 4110 4111 4112 4113 4114 4115 4116
    if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
        /*
         * ssl3_read_bytes decided to call s->handshake_func, which called
         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
         * actually found application data and thinks that application data
         * makes sense here; so disable handshake processing and try to read
         * application data again.
         */
M
Matt Caswell 已提交
4117
        ossl_statem_set_in_handshake(s, 1);
4118
        ret =
4119
            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4120
                                      len, peek, readbytes);
M
Matt Caswell 已提交
4121
        ossl_statem_set_in_handshake(s, 0);
4122 4123 4124
    } else
        s->s3->in_read_app_data = 0;

4125
    return ret;
4126
}
4127

4128
int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4129
{
4130
    return ssl3_read_internal(s, buf, len, 0, readbytes);
4131
}
4132

4133
int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4134
{
4135
    return ssl3_read_internal(s, buf, len, 1, readbytes);
4136
}
4137

U
Ulf Möller 已提交
4138
int ssl3_renegotiate(SSL *s)
4139 4140 4141
{
    if (s->handshake_func == NULL)
        return (1);
4142

4143 4144 4145
    s->s3->renegotiate = 1;
    return (1);
}
4146

4147 4148 4149 4150 4151 4152 4153 4154 4155
/*
 * Check if we are waiting to do a renegotiation and if so whether now is a
 * good time to do it. If |initok| is true then we are being called from inside
 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
 * should do a renegotiation now and sets up the state machine for it. Otherwise
 * returns 0.
 */
int ssl3_renegotiate_check(SSL *s, int initok)
4156 4157 4158 4159
{
    int ret = 0;

    if (s->s3->renegotiate) {
4160 4161
        if (!RECORD_LAYER_read_pending(&s->rlayer)
            && !RECORD_LAYER_write_pending(&s->rlayer)
4162
            && (initok || !SSL_in_init(s))) {
4163 4164
            /*
             * if we are the server, and we have sent a 'RENEGOTIATE'
M
Matt Caswell 已提交
4165 4166
             * message, we need to set the state machine into the renegotiate
             * state.
4167
             */
M
Matt Caswell 已提交
4168
            ossl_statem_set_renegotiate(s);
4169 4170 4171 4172 4173 4174
            s->s3->renegotiate = 0;
            s->s3->num_renegotiations++;
            s->s3->total_renegotiations++;
            ret = 1;
        }
    }
4175
    return ret;
4176 4177
}

4178
/*
4179 4180
 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
 * handshake macs if required.
D
Dr. Stephen Henson 已提交
4181 4182
 *
 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4183 4184
 */
long ssl_get_algorithm2(SSL *s)
4185
{
4186 4187 4188 4189
    long alg2;
    if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
        return -1;
    alg2 = s->s3->tmp.new_cipher->algorithm2;
D
Dr. Stephen Henson 已提交
4190 4191 4192 4193 4194 4195 4196
    if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
    } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
    }
4197 4198
    return alg2;
}
4199 4200 4201 4202 4203

/*
 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
 * failure, 1 on success.
 */
4204 4205
int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
                          DOWNGRADE dgrd)
4206
{
4207
    int send_time = 0, ret;
4208 4209 4210 4211 4212 4213 4214 4215 4216 4217

    if (len < 4)
        return 0;
    if (server)
        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
    else
        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
    if (send_time) {
        unsigned long Time = (unsigned long)time(NULL);
        unsigned char *p = result;
R
Rich Salz 已提交
4218

4219
        l2n(Time, p);
R
Rich Salz 已提交
4220
        ret = ssl_randbytes(s, p, len - 4);
4221
    } else {
R
Rich Salz 已提交
4222
        ret = ssl_randbytes(s, result, len);
4223 4224 4225
    }
#ifndef OPENSSL_NO_TLS13DOWNGRADE
    if (ret) {
4226 4227 4228
        if (!ossl_assert(sizeof(tls11downgrade) < len)
                || !ossl_assert(sizeof(tls12downgrade) < len))
             return 0;
4229 4230 4231 4232 4233 4234 4235 4236 4237
        if (dgrd == DOWNGRADE_TO_1_2)
            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
                   sizeof(tls12downgrade));
        else if (dgrd == DOWNGRADE_TO_1_1)
            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
                   sizeof(tls11downgrade));
    }
#endif
    return ret;
4238
}
4239 4240 4241 4242

int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
                               int free_pms)
{
4243
    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4244 4245
    int ret = 0;

4246
    if (alg_k & SSL_PSK) {
4247
#ifndef OPENSSL_NO_PSK
4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259
        unsigned char *pskpms, *t;
        size_t psklen = s->s3->tmp.psklen;
        size_t pskpmslen;

        /* create PSK premaster_secret */

        /* For plain PSK "other_secret" is psklen zeroes */
        if (alg_k & SSL_kPSK)
            pmslen = psklen;

        pskpmslen = 4 + pmslen + psklen;
        pskpms = OPENSSL_malloc(pskpmslen);
4260
        if (pskpms == NULL)
4261
            goto err;
4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273
        t = pskpms;
        s2n(pmslen, t);
        if (alg_k & SSL_kPSK)
            memset(t, 0, pmslen);
        else
            memcpy(t, pms, pmslen);
        t += pmslen;
        s2n(psklen, t);
        memcpy(t, s->s3->tmp.psk, psklen);

        OPENSSL_clear_free(s->s3->tmp.psk, psklen);
        s->s3->tmp.psk = NULL;
4274 4275 4276 4277
        if (!s->method->ssl3_enc->generate_master_secret(s,
                    s->session->master_key,pskpms, pskpmslen,
                    &s->session->master_key_length))
            goto err;
4278
        OPENSSL_clear_free(pskpms, pskpmslen);
4279 4280 4281
#else
        /* Should never happen */
        goto err;
4282
#endif
4283
    } else {
4284 4285 4286 4287
        if (!s->method->ssl3_enc->generate_master_secret(s,
                s->session->master_key, pms, pmslen,
                &s->session->master_key_length))
            goto err;
4288 4289
    }

4290
    ret = 1;
4291
 err:
4292 4293 4294 4295 4296 4297
    if (pms) {
        if (free_pms)
            OPENSSL_clear_free(pms, pmslen);
        else
            OPENSSL_cleanse(pms, pmslen);
    }
4298 4299
    if (s->server == 0)
        s->s3->tmp.pms = NULL;
4300
    return ret;
4301
}
4302

D
Dr. Stephen Henson 已提交
4303 4304
/* Generate a private key from parameters */
EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4305 4306 4307
{
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
D
Dr. Stephen Henson 已提交
4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337

    if (pm == NULL)
        return NULL;
    pctx = EVP_PKEY_CTX_new(pm, NULL);
    if (pctx == NULL)
        goto err;
    if (EVP_PKEY_keygen_init(pctx) <= 0)
        goto err;
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
        EVP_PKEY_free(pkey);
        pkey = NULL;
    }

    err:
    EVP_PKEY_CTX_free(pctx);
    return pkey;
}
#ifndef OPENSSL_NO_EC
/* Generate a private key a curve ID */
EVP_PKEY *ssl_generate_pkey_curve(int id)
{
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
    unsigned int curve_flags;
    int nid = tls1_ec_curve_id2nid(id, &curve_flags);

    if (nid == 0)
        goto err;
    if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
        pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4338
        nid = 0;
4339
    } else {
D
Dr. Stephen Henson 已提交
4340
        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4341 4342 4343 4344 4345
    }
    if (pctx == NULL)
        goto err;
    if (EVP_PKEY_keygen_init(pctx) <= 0)
        goto err;
4346
    if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4347 4348 4349 4350 4351 4352
        goto err;
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
        EVP_PKEY_free(pkey);
        pkey = NULL;
    }

E
Emilia Kasper 已提交
4353
 err:
4354 4355 4356
    EVP_PKEY_CTX_free(pctx);
    return pkey;
}
D
Dr. Stephen Henson 已提交
4357
#endif
E
Emilia Kasper 已提交
4358

4359 4360
/* Derive secrets for ECDH/DH */
int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383 4384
{
    int rv = 0;
    unsigned char *pms = NULL;
    size_t pmslen = 0;
    EVP_PKEY_CTX *pctx;

    if (privkey == NULL || pubkey == NULL)
        return 0;

    pctx = EVP_PKEY_CTX_new(privkey, NULL);

    if (EVP_PKEY_derive_init(pctx) <= 0
        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
        goto err;
    }

    pms = OPENSSL_malloc(pmslen);
    if (pms == NULL)
        goto err;

    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
        goto err;

4385 4386 4387
    if (gensecret) {
        if (SSL_IS_TLS13(s)) {
            /*
4388 4389
             * If we are resuming then we already generated the early secret
             * when we created the ClientHello, so don't recreate it.
4390
             */
4391 4392 4393 4394
            if (!s->hit)
                rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
                                           0,
                                           (unsigned char *)&s->early_secret);
4395 4396 4397
            else
                rv = 1;

4398
            rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4399
        } else {
4400
            rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4401
        }
4402
    } else {
4403
        /* Save premaster secret */
4404 4405 4406 4407 4408 4409
        s->s3->tmp.pms = pms;
        s->s3->tmp.pmslen = pmslen;
        pms = NULL;
        rv = 1;
    }

E
Emilia Kasper 已提交
4410
 err:
4411 4412 4413 4414
    OPENSSL_clear_free(pms, pmslen);
    EVP_PKEY_CTX_free(pctx);
    return rv;
}
D
Dr. Stephen Henson 已提交
4415

B
Ben Laurie 已提交
4416
#ifndef OPENSSL_NO_DH
D
Dr. Stephen Henson 已提交
4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428
EVP_PKEY *ssl_dh_to_pkey(DH *dh)
{
    EVP_PKEY *ret;
    if (dh == NULL)
        return NULL;
    ret = EVP_PKEY_new();
    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
        EVP_PKEY_free(ret);
        return NULL;
    }
    return ret;
}
B
Ben Laurie 已提交
4429
#endif