s3_lib.c 105.2 KB
Newer Older
R
Rich Salz 已提交
1
/*
P
Pauli 已提交
2
 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
B
Bodo Möller 已提交
3
 *
R
Rich Salz 已提交
4 5 6 7
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
B
Bodo Möller 已提交
8
 */
R
Rich Salz 已提交
9

B
Bodo Möller 已提交
10 11 12
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
13
 * Portions of the attached software ("Contribution") are developed by
B
Bodo Möller 已提交
14 15 16 17 18 19 20 21 22
 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
 *
 * The Contribution is licensed pursuant to the OpenSSL open source
 * license provided above.
 *
 * ECC cipher suite support in OpenSSL originally written by
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */
49 50

#include <stdio.h>
51
#include <assert.h>
52
#include <openssl/objects.h>
53
#include "ssl_locl.h"
54
#include <openssl/md5.h>
R
Rich Salz 已提交
55
#include <openssl/dh.h>
56
#include <openssl/rand.h>
57

D
Dr. Stephen Henson 已提交
58
#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
59
#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
60

61 62 63 64 65 66 67 68
/* TLSv1.3 downgrade protection sentinel values */
const unsigned char tls11downgrade[] = {
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
};
const unsigned char tls12downgrade[] = {
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
};

R
Rich Salz 已提交
69
/*
R
Rich Salz 已提交
70
 * The list of available ciphers, mostly organized into the following
R
Rich Salz 已提交
71 72 73 74 75
 * groups:
 *      Always there
 *      EC
 *      PSK
 *      SRP (within that: RSA EC PSK)
P
Pauli 已提交
76
 *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
R
Rich Salz 已提交
77 78
 *      Weak ciphers
 */
E
Emilia Kasper 已提交
79
static SSL_CIPHER ssl3_ciphers[] = {
80 81 82 83 84 85 86 87
    {
     1,
     SSL3_TXT_RSA_NULL_MD5,
     SSL3_CK_RSA_NULL_MD5,
     SSL_kRSA,
     SSL_aRSA,
     SSL_eNULL,
     SSL_MD5,
88
     SSL3_VERSION, TLS1_2_VERSION,
89
     DTLS1_BAD_VER, DTLS1_2_VERSION,
90
     SSL_STRONG_NONE,
91 92 93 94 95 96 97 98 99 100 101 102
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     SSL3_TXT_RSA_NULL_SHA,
     SSL3_CK_RSA_NULL_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_eNULL,
     SSL_SHA1,
103
     SSL3_VERSION, TLS1_2_VERSION,
104
     DTLS1_BAD_VER, DTLS1_2_VERSION,
105
     SSL_STRONG_NONE | SSL_FIPS,
106 107 108 109
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
110
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
111 112 113 114 115 116 117 118
    {
     1,
     SSL3_TXT_RSA_DES_192_CBC3_SHA,
     SSL3_CK_RSA_DES_192_CBC3_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
119
     SSL3_VERSION, TLS1_2_VERSION,
120
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
121
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
122 123 124 125 126 127 128 129 130 131 132 133
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_3DES,
     SSL_SHA1,
134
     SSL3_VERSION, TLS1_2_VERSION,
135
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
136
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
137 138 139 140 141 142 143 144 145 146 147 148
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
149
     SSL3_VERSION, TLS1_2_VERSION,
150
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
151
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
152 153 154 155 156 157 158 159 160 161 162 163
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     SSL3_TXT_ADH_DES_192_CBC_SHA,
     SSL3_CK_ADH_DES_192_CBC_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_3DES,
     SSL_SHA1,
164
     SSL3_VERSION, TLS1_2_VERSION,
165
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
166
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
167 168 169 170
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
171
#endif
172 173 174 175 176 177 178 179
    {
     1,
     TLS1_TXT_RSA_WITH_AES_128_SHA,
     TLS1_CK_RSA_WITH_AES_128_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
180
     SSL3_VERSION, TLS1_2_VERSION,
181
     DTLS1_BAD_VER, DTLS1_2_VERSION,
182
     SSL_HIGH | SSL_FIPS,
183 184 185 186 187 188 189 190 191 192 193 194
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES128,
     SSL_SHA1,
195
     SSL3_VERSION, TLS1_2_VERSION,
196
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
197
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
198 199 200 201 202 203 204 205 206 207 208 209
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
210
     SSL3_VERSION, TLS1_2_VERSION,
211
     DTLS1_BAD_VER, DTLS1_2_VERSION,
212
     SSL_HIGH | SSL_FIPS,
213 214 215 216 217 218 219 220 221 222 223 224
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_128_SHA,
     TLS1_CK_ADH_WITH_AES_128_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES128,
     SSL_SHA1,
225
     SSL3_VERSION, TLS1_2_VERSION,
226
     DTLS1_BAD_VER, DTLS1_2_VERSION,
227
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
228 229 230 231 232 233 234 235 236 237 238 239
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_AES_256_SHA,
     TLS1_CK_RSA_WITH_AES_256_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
240
     SSL3_VERSION, TLS1_2_VERSION,
241
     DTLS1_BAD_VER, DTLS1_2_VERSION,
242
     SSL_HIGH | SSL_FIPS,
243 244 245 246 247 248 249 250 251 252 253 254
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES256,
     SSL_SHA1,
255
     SSL3_VERSION, TLS1_2_VERSION,
256
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
257
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
258 259 260 261 262 263 264 265 266 267 268 269
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
270
     SSL3_VERSION, TLS1_2_VERSION,
271
     DTLS1_BAD_VER, DTLS1_2_VERSION,
272
     SSL_HIGH | SSL_FIPS,
273 274 275 276 277 278 279 280 281 282 283 284
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_256_SHA,
     TLS1_CK_ADH_WITH_AES_256_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES256,
     SSL_SHA1,
285
     SSL3_VERSION, TLS1_2_VERSION,
286
     DTLS1_BAD_VER, DTLS1_2_VERSION,
287
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
288 289 290 291 292 293 294 295 296 297 298 299
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_NULL_SHA256,
     TLS1_CK_RSA_WITH_NULL_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_eNULL,
     SSL_SHA256,
300 301
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
302
     SSL_STRONG_NONE | SSL_FIPS,
303 304 305 306 307 308 309 310 311 312 313 314
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_AES_128_SHA256,
     TLS1_CK_RSA_WITH_AES_128_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA256,
315 316
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
317
     SSL_HIGH | SSL_FIPS,
318 319 320 321 322 323 324 325 326 327 328 329
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_AES_256_SHA256,
     TLS1_CK_RSA_WITH_AES_256_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA256,
330 331
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
332
     SSL_HIGH | SSL_FIPS,
333 334 335 336 337 338 339 340 341 342 343 344
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES128,
     SSL_SHA256,
345 346
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
347
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
348 349 350 351 352 353 354 355 356 357 358 359
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA256,
360 361
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
362
     SSL_HIGH | SSL_FIPS,
363 364 365 366 367 368 369 370 371 372 373 374
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES256,
     SSL_SHA256,
375 376
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
377
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
378 379 380 381 382 383 384 385 386 387 388 389
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA256,
390 391
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
392
     SSL_HIGH | SSL_FIPS,
393 394 395 396 397 398 399 400 401 402 403 404
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_128_SHA256,
     TLS1_CK_ADH_WITH_AES_128_SHA256,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES128,
     SSL_SHA256,
405 406
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
407
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
408 409 410 411 412 413 414 415 416 417 418 419
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_AES_256_SHA256,
     TLS1_CK_ADH_WITH_AES_256_SHA256,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES256,
     SSL_SHA256,
420 421
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
422
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
423 424 425 426 427 428
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
429 430 431 432 433 434 435 436 437 438 439 440 441
     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
442 443
    {
     1,
R
Rich Salz 已提交
444 445
     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
446 447
     SSL_kRSA,
     SSL_aRSA,
R
Rich Salz 已提交
448 449 450 451 452 453
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
454 455 456 457 458
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
459 460
     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
461
     SSL_kDHE,
R
Rich Salz 已提交
462 463 464 465 466 467 468 469 470
     SSL_aRSA,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
471 472 473
     },
    {
     1,
R
Rich Salz 已提交
474 475
     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
476 477
     SSL_kDHE,
     SSL_aRSA,
R
Rich Salz 已提交
478 479 480 481 482 483
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
484 485 486 487 488
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
489 490
     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
491
     SSL_kDHE,
R
Rich Salz 已提交
492 493 494 495 496 497 498
     SSL_aDSS,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
499 500 501 502 503
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
504 505 506 507 508 509 510 511 512 513 514 515
     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
     SSL_kDHE,
     SSL_aDSS,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
516 517 518
     },
    {
     1,
R
Rich Salz 已提交
519 520 521 522 523 524 525 526 527 528
     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
529 530 531 532 533
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
534 535 536 537 538 539 540 541 542 543
     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
     SSL_kDHE,
     SSL_aNULL,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
544 545 546
     256,
     256,
     },
547 548
    {
     1,
R
Rich Salz 已提交
549 550 551 552 553 554 555 556 557 558
     TLS1_TXT_RSA_WITH_AES_128_CCM,
     TLS1_CK_RSA_WITH_AES_128_CCM,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES128CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
559 560 561 562 563
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
564 565 566 567 568 569 570 571 572 573 574 575
     TLS1_TXT_RSA_WITH_AES_256_CCM,
     TLS1_CK_RSA_WITH_AES_256_CCM,
     SSL_kRSA,
     SSL_aRSA,
     SSL_AES256CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
576 577 578
     },
    {
     1,
R
Rich Salz 已提交
579 580 581 582 583 584 585 586 587 588
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES128CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
589 590 591 592 593
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
594 595 596 597 598 599 600 601 602 603
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
     SSL_kDHE,
     SSL_aRSA,
     SSL_AES256CCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
604 605 606 607 608
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
609 610 611
     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
     TLS1_CK_RSA_WITH_AES_128_CCM_8,
     SSL_kRSA,
612
     SSL_aRSA,
R
Rich Salz 已提交
613
     SSL_AES128CCM8,
614
     SSL_AEAD,
615 616
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
617
     SSL_NOT_DEFAULT | SSL_HIGH,
618 619 620 621 622 623
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
624 625
     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
     TLS1_CK_RSA_WITH_AES_256_CCM_8,
626 627
     SSL_kRSA,
     SSL_aRSA,
R
Rich Salz 已提交
628
     SSL_AES256CCM8,
629
     SSL_AEAD,
630 631
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
632 633
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
634 635 636 637 638
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
639 640
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
641 642
     SSL_kDHE,
     SSL_aRSA,
R
Rich Salz 已提交
643
     SSL_AES128CCM8,
644
     SSL_AEAD,
645 646
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
647
     SSL_NOT_DEFAULT | SSL_HIGH,
648 649 650 651 652 653
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
654 655
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
656 657
     SSL_kDHE,
     SSL_aRSA,
R
Rich Salz 已提交
658
     SSL_AES256CCM8,
659
     SSL_AEAD,
660 661
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
662 663
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
664 665 666 667 668
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
669 670 671 672 673
     TLS1_TXT_PSK_WITH_AES_128_CCM,
     TLS1_CK_PSK_WITH_AES_128_CCM,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES128CCM,
674
     SSL_AEAD,
675 676
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
677
     SSL_NOT_DEFAULT | SSL_HIGH,
678 679 680 681 682 683
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
684 685 686 687 688
     TLS1_TXT_PSK_WITH_AES_256_CCM,
     TLS1_CK_PSK_WITH_AES_256_CCM,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES256CCM,
689
     SSL_AEAD,
690 691
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
692 693
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
694 695 696 697 698
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
699 700 701 702 703
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128CCM,
704
     SSL_AEAD,
705 706
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
707
     SSL_NOT_DEFAULT | SSL_HIGH,
708 709 710 711 712 713
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
714 715 716 717 718
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES256CCM,
719
     SSL_AEAD,
720 721
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
722 723
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
724 725 726
     256,
     256,
     },
727 728
    {
     1,
R
Rich Salz 已提交
729 730
     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
     TLS1_CK_PSK_WITH_AES_128_CCM_8,
731 732
     SSL_kPSK,
     SSL_aPSK,
R
Rich Salz 已提交
733
     SSL_AES128CCM8,
734
     SSL_AEAD,
735 736
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
737
     SSL_NOT_DEFAULT | SSL_HIGH,
738 739 740 741 742 743
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
744 745
     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
     TLS1_CK_PSK_WITH_AES_256_CCM_8,
746 747
     SSL_kPSK,
     SSL_aPSK,
R
Rich Salz 已提交
748
     SSL_AES256CCM8,
749
     SSL_AEAD,
750 751
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
752 753
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
754 755 756
     256,
     256,
     },
757 758
    {
     1,
R
Rich Salz 已提交
759 760
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
761 762
     SSL_kDHEPSK,
     SSL_aPSK,
R
Rich Salz 已提交
763
     SSL_AES128CCM8,
764
     SSL_AEAD,
765 766
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
767
     SSL_NOT_DEFAULT | SSL_HIGH,
768 769 770 771 772 773
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
774 775 776
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
     SSL_kDHEPSK,
777
     SSL_aPSK,
R
Rich Salz 已提交
778
     SSL_AES256CCM8,
779
     SSL_AEAD,
780 781
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
782 783
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
784 785 786 787 788
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
789 790 791 792 793
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128CCM,
794
     SSL_AEAD,
795 796
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
797
     SSL_NOT_DEFAULT | SSL_HIGH,
798 799 800 801 802 803
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
804 805 806 807 808
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256CCM,
809
     SSL_AEAD,
810 811
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
812 813
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
814 815 816 817 818
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
819 820 821 822 823 824 825 826 827 828
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128CCM8,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
829 830 831 832 833
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
834 835 836 837 838 839 840 841 842 843
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256CCM8,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
844 845 846
     256,
     256,
     },
847 848 849 850
    {
     1,
     TLS1_3_TXT_AES_128_GCM_SHA256,
     TLS1_3_CK_AES_128_GCM_SHA256,
D
Dr. Stephen Henson 已提交
851
     0, 0,
852 853 854
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870
     SSL_kANY,
     SSL_aANY,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_3_TXT_AES_256_GCM_SHA384,
     TLS1_3_CK_AES_256_GCM_SHA384,
     SSL_kANY,
     SSL_aANY,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
871 872
     0, 0,
     SSL_HIGH,
873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920
     SSL_HANDSHAKE_MAC_SHA384,
     256,
     256,
     },
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
    {
     1,
     TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
     TLS1_3_CK_CHACHA20_POLY1305_SHA256,
     SSL_kANY,
     SSL_aANY,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
     0, 0,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
     256,
     256,
     },
#endif
    {
     1,
     TLS1_3_TXT_AES_128_CCM_SHA256,
     TLS1_3_CK_AES_128_CCM_SHA256,
     SSL_kANY,
     SSL_aANY,
     SSL_AES128CCM,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_3_TXT_AES_128_CCM_8_SHA256,
     TLS1_3_CK_AES_128_CCM_8_SHA256,
     SSL_kANY,
     SSL_aANY,
     SSL_AES128CCM8,
     SSL_AEAD,
     TLS1_3_VERSION, TLS1_3_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256,
921 922 923
     128,
     128,
     },
924

R
Rich Salz 已提交
925
#ifndef OPENSSL_NO_EC
926 927
    {
     1,
R
Rich Salz 已提交
928 929 930 931
     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
932
     SSL_eNULL,
R
Rich Salz 已提交
933 934
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
935
     DTLS1_BAD_VER, DTLS1_2_VERSION,
936
     SSL_STRONG_NONE | SSL_FIPS,
937 938 939 940
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
941
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
942 943
    {
     1,
R
Rich Salz 已提交
944 945 946 947 948 949 950
     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
951
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
952
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
R
Rich Salz 已提交
953 954 955
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
956
     },
957
# endif
958 959
    {
     1,
R
Rich Salz 已提交
960 961 962 963
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
964
     SSL_AES128,
R
Rich Salz 已提交
965 966
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
967
     DTLS1_BAD_VER, DTLS1_2_VERSION,
968
     SSL_HIGH | SSL_FIPS,
969 970 971 972 973 974
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
975 976 977 978
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
     SSL_kECDHE,
     SSL_aECDSA,
979
     SSL_AES256,
R
Rich Salz 已提交
980 981
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
982
     DTLS1_BAD_VER, DTLS1_2_VERSION,
983
     SSL_HIGH | SSL_FIPS,
R
Rich Salz 已提交
984
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
985 986 987 988 989
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
990 991 992 993
     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
     SSL_kECDHE,
     SSL_aRSA,
994
     SSL_eNULL,
R
Rich Salz 已提交
995 996
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
997
     DTLS1_BAD_VER, DTLS1_2_VERSION,
998
     SSL_STRONG_NONE | SSL_FIPS,
999 1000 1001 1002
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
1003
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1004 1005
    {
     1,
R
Rich Salz 已提交
1006 1007 1008 1009 1010 1011 1012
     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1013
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1014
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
R
Rich Salz 已提交
1015 1016 1017
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
1018
     },
1019
# endif
1020 1021
    {
     1,
R
Rich Salz 已提交
1022 1023 1024
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     SSL_kECDHE,
1025 1026
     SSL_aRSA,
     SSL_AES128,
R
Rich Salz 已提交
1027 1028
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1029
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1030
     SSL_HIGH | SSL_FIPS,
1031 1032 1033 1034 1035 1036
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1037 1038 1039
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
     SSL_kECDHE,
1040 1041
     SSL_aRSA,
     SSL_AES256,
R
Rich Salz 已提交
1042 1043
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1044
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1045
     SSL_HIGH | SSL_FIPS,
R
Rich Salz 已提交
1046
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1047 1048 1049 1050 1051
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1052 1053 1054 1055
     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
     SSL_kECDHE,
     SSL_aNULL,
1056
     SSL_eNULL,
R
Rich Salz 已提交
1057 1058
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1059
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1060
     SSL_STRONG_NONE | SSL_FIPS,
1061 1062 1063 1064
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
1065
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1066 1067
    {
     1,
R
Rich Salz 已提交
1068 1069 1070 1071 1072 1073 1074
     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
     SSL_kECDHE,
     SSL_aNULL,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1075
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1076
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
R
Rich Salz 已提交
1077 1078 1079
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
1080
     },
1081
# endif
1082 1083
    {
     1,
R
Rich Salz 已提交
1084 1085 1086 1087 1088 1089 1090
     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
     SSL_kECDHE,
     SSL_aNULL,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1091
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1092 1093 1094 1095 1096
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
1097 1098
    {
     1,
R
Rich Salz 已提交
1099 1100 1101 1102 1103 1104 1105
     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
     SSL_kECDHE,
     SSL_aNULL,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1106
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128,
1119
     SSL_SHA256,
1120 1121
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1122
     SSL_HIGH | SSL_FIPS,
1123 1124 1125 1126 1127 1128
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1129 1130 1131 1132 1133 1134
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256,
     SSL_SHA384,
1135 1136
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1137 1138 1139 1140
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1141 1142 1143
     },
    {
     1,
R
Rich Salz 已提交
1144 1145 1146 1147 1148
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_AES128,
1149
     SSL_SHA256,
1150 1151
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1152
     SSL_HIGH | SSL_FIPS,
1153 1154 1155 1156 1157 1158
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1159 1160 1161
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
     SSL_kECDHE,
1162
     SSL_aRSA,
R
Rich Salz 已提交
1163 1164
     SSL_AES256,
     SSL_SHA384,
1165 1166
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1167 1168
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1169 1170 1171 1172 1173
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1174 1175 1176 1177 1178 1179
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES128GCM,
     SSL_AEAD,
1180 1181
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1182
     SSL_HIGH | SSL_FIPS,
1183
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
R
Rich Salz 已提交
1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1199 1200 1201 1202 1203
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1204 1205 1206
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     SSL_kECDHE,
1207
     SSL_aRSA,
R
Rich Salz 已提交
1208 1209
     SSL_AES128GCM,
     SSL_AEAD,
1210 1211
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1212
     SSL_HIGH | SSL_FIPS,
1213
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
R
Rich Salz 已提交
1214 1215
     128,
     128,
1216 1217 1218
     },
    {
     1,
R
Rich Salz 已提交
1219 1220 1221 1222 1223 1224
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_AES256GCM,
     SSL_AEAD,
1225 1226
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
R
Rich Salz 已提交
1227 1228
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1229 1230 1231
     256,
     256,
     },
E
Emilia Kasper 已提交
1232
#endif                          /* OPENSSL_NO_EC */
1233

R
Rich Salz 已提交
1234
#ifndef OPENSSL_NO_PSK
1235 1236
    {
     1,
R
Rich Salz 已提交
1237 1238 1239 1240
     TLS1_TXT_PSK_WITH_NULL_SHA,
     TLS1_CK_PSK_WITH_NULL_SHA,
     SSL_kPSK,
     SSL_aPSK,
1241 1242
     SSL_eNULL,
     SSL_SHA1,
1243
     SSL3_VERSION, TLS1_2_VERSION,
1244
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1245
     SSL_STRONG_NONE | SSL_FIPS,
1246 1247 1248 1249 1250 1251
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
R
Rich Salz 已提交
1252 1253 1254 1255 1256
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
1257
     SSL_SHA1,
1258
     SSL3_VERSION, TLS1_2_VERSION,
1259
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1260
     SSL_STRONG_NONE | SSL_FIPS,
1261
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1262 1263
     0,
     0,
1264 1265 1266
     },
    {
     1,
R
Rich Salz 已提交
1267 1268 1269 1270 1271 1272 1273
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_eNULL,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1274
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1275 1276 1277 1278 1279
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
1280
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
R
Rich Salz 已提交
1281 1282 1283 1284 1285 1286
    {
     1,
     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kPSK,
     SSL_aPSK,
1287 1288
     SSL_3DES,
     SSL_SHA1,
1289
     SSL3_VERSION, TLS1_2_VERSION,
1290
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1291
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1292 1293 1294 1295
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1296
# endif
1297 1298
    {
     1,
R
Rich Salz 已提交
1299 1300 1301 1302
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
     SSL_kPSK,
     SSL_aPSK,
1303 1304
     SSL_AES128,
     SSL_SHA1,
1305
     SSL3_VERSION, TLS1_2_VERSION,
1306
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1307
     SSL_HIGH | SSL_FIPS,
1308 1309 1310 1311 1312 1313
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1314 1315 1316 1317
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
     SSL_kPSK,
     SSL_aPSK,
1318 1319
     SSL_AES256,
     SSL_SHA1,
1320
     SSL3_VERSION, TLS1_2_VERSION,
1321
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1322
     SSL_HIGH | SSL_FIPS,
1323 1324 1325 1326
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
1327
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1328 1329
    {
     1,
R
Rich Salz 已提交
1330 1331 1332 1333 1334
     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_3DES,
1335
     SSL_SHA1,
1336
     SSL3_VERSION, TLS1_2_VERSION,
1337
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1338
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1339
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1340 1341
     112,
     168,
1342
     },
1343
# endif
1344 1345
    {
     1,
R
Rich Salz 已提交
1346 1347 1348 1349 1350 1351 1352
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1353
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1354
     SSL_HIGH | SSL_FIPS,
1355 1356 1357 1358 1359 1360
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1361 1362 1363 1364 1365 1366 1367
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1368
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1369 1370 1371 1372 1373
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
1374
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
R
Rich Salz 已提交
1375 1376 1377 1378 1379
    {
     1,
     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kRSAPSK,
1380 1381 1382
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
1383
     SSL3_VERSION, TLS1_2_VERSION,
1384
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1385
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1386 1387 1388 1389
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1390
# endif
1391 1392
    {
     1,
R
Rich Salz 已提交
1393 1394 1395
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
     SSL_kRSAPSK,
1396 1397 1398
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
1399
     SSL3_VERSION, TLS1_2_VERSION,
1400
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1401
     SSL_HIGH | SSL_FIPS,
1402 1403 1404 1405 1406 1407
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1408 1409 1410
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
     SSL_kRSAPSK,
1411 1412 1413
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
1414
     SSL3_VERSION, TLS1_2_VERSION,
1415
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1416
     SSL_HIGH | SSL_FIPS,
1417 1418 1419 1420 1421 1422
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1423 1424 1425 1426 1427 1428 1429 1430 1431 1432
     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1433 1434 1435 1436 1437
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449
     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1450 1451 1452
     },
    {
     1,
R
Rich Salz 已提交
1453 1454 1455 1456 1457 1458 1459 1460 1461 1462
     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1463 1464 1465 1466 1467
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1468 1469 1470 1471 1472 1473 1474 1475 1476 1477
     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1478 1479 1480 1481 1482
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1483 1484 1485
     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
     SSL_kRSAPSK,
1486
     SSL_aRSA,
R
Rich Salz 已提交
1487 1488 1489 1490 1491 1492 1493 1494
     SSL_AES128GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
1495 1496 1497
     },
    {
     1,
R
Rich Salz 已提交
1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509
     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_AES256GCM,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1510 1511 1512
     },
    {
     1,
R
Rich Salz 已提交
1513 1514 1515 1516
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kPSK,
     SSL_aPSK,
1517
     SSL_AES128,
R
Rich Salz 已提交
1518 1519
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1520
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1521
     SSL_HIGH | SSL_FIPS,
1522 1523 1524 1525 1526 1527
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1528 1529 1530 1531 1532 1533 1534
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1535
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1536 1537 1538 1539
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
1540 1541 1542
     },
    {
     1,
R
Rich Salz 已提交
1543 1544 1545 1546 1547 1548 1549
     TLS1_TXT_PSK_WITH_NULL_SHA256,
     TLS1_CK_PSK_WITH_NULL_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1550
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1551
     SSL_STRONG_NONE | SSL_FIPS,
1552
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1553 1554
     0,
     0,
1555 1556 1557
     },
    {
     1,
R
Rich Salz 已提交
1558 1559 1560 1561 1562 1563 1564
     TLS1_TXT_PSK_WITH_NULL_SHA384,
     TLS1_CK_PSK_WITH_NULL_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1565
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1566 1567 1568 1569
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     0,
     0,
1570 1571 1572
     },
    {
     1,
R
Rich Salz 已提交
1573 1574 1575 1576 1577 1578 1579
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1580
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1581
     SSL_HIGH | SSL_FIPS,
1582
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
R
Rich Salz 已提交
1583 1584
     128,
     128,
1585 1586 1587
     },
    {
     1,
R
Rich Salz 已提交
1588 1589 1590 1591
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
1592
     SSL_AES256,
R
Rich Salz 已提交
1593 1594
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1595
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1596 1597
     SSL_HIGH | SSL_FIPS,
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1598 1599 1600 1601 1602
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1603 1604 1605 1606 1607
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
1608
     SSL_SHA256,
R
Rich Salz 已提交
1609
     TLS1_VERSION, TLS1_2_VERSION,
1610
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1611 1612 1613 1614
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
1615 1616 1617
     },
    {
     1,
R
Rich Salz 已提交
1618 1619 1620 1621 1622
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
1623
     SSL_SHA384,
R
Rich Salz 已提交
1624
     TLS1_VERSION, TLS1_2_VERSION,
1625
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1626
     SSL_STRONG_NONE | SSL_FIPS,
1627
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
R
Rich Salz 已提交
1628 1629
     0,
     0,
1630 1631 1632
     },
    {
     1,
R
Rich Salz 已提交
1633 1634 1635
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kRSAPSK,
1636 1637 1638
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA256,
R
Rich Salz 已提交
1639
     TLS1_VERSION, TLS1_2_VERSION,
1640
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1641
     SSL_HIGH | SSL_FIPS,
R
Rich Salz 已提交
1642
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1643 1644 1645 1646 1647
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
1648 1649 1650
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kRSAPSK,
1651 1652 1653
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA384,
R
Rich Salz 已提交
1654
     TLS1_VERSION, TLS1_2_VERSION,
1655
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1656
     SSL_HIGH | SSL_FIPS,
1657 1658 1659 1660 1661 1662
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
R
Rich Salz 已提交
1663 1664 1665
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
     SSL_kRSAPSK,
1666
     SSL_aRSA,
R
Rich Salz 已提交
1667 1668 1669
     SSL_eNULL,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
1670
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1671 1672 1673 1674
     SSL_STRONG_NONE | SSL_FIPS,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
1675 1676 1677
     },
    {
     1,
R
Rich Salz 已提交
1678 1679 1680
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
     SSL_kRSAPSK,
1681
     SSL_aRSA,
R
Rich Salz 已提交
1682 1683 1684
     SSL_eNULL,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
1685
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1686
     SSL_STRONG_NONE | SSL_FIPS,
1687
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
R
Rich Salz 已提交
1688 1689
     0,
     0,
1690
     },
R
Rich Salz 已提交
1691
# ifndef OPENSSL_NO_EC
1692
#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1693 1694 1695 1696 1697 1698 1699 1700
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_3DES,
     SSL_SHA1,
1701
     SSL3_VERSION, TLS1_2_VERSION,
1702
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1703
     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
1704 1705 1706 1707
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1708
#  endif
1709 1710 1711 1712 1713 1714 1715 1716
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA1,
1717
     SSL3_VERSION, TLS1_2_VERSION,
1718
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1719
     SSL_HIGH | SSL_FIPS,
1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA1,
1732
     SSL3_VERSION, TLS1_2_VERSION,
1733
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1734
     SSL_HIGH | SSL_FIPS,
1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES128,
     SSL_SHA256,
1747
     TLS1_VERSION, TLS1_2_VERSION,
1748
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1749
     SSL_HIGH | SSL_FIPS,
1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_AES256,
     SSL_SHA384,
1762
     TLS1_VERSION, TLS1_2_VERSION,
1763
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1764
     SSL_HIGH | SSL_FIPS,
1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA1,
1777
     SSL3_VERSION, TLS1_2_VERSION,
1778
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1779
     SSL_STRONG_NONE | SSL_FIPS,
1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA256,
1792
     TLS1_VERSION, TLS1_2_VERSION,
1793
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1794
     SSL_STRONG_NONE | SSL_FIPS,
1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     0,
     0,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_eNULL,
     SSL_SHA384,
1807
     TLS1_VERSION, TLS1_2_VERSION,
1808
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1809
     SSL_STRONG_NONE | SSL_FIPS,
1810 1811 1812 1813
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     0,
     0,
     },
E
Emilia Kasper 已提交
1814 1815
# endif                         /* OPENSSL_NO_EC */
#endif                          /* OPENSSL_NO_PSK */
1816

R
Rich Salz 已提交
1817
#ifndef OPENSSL_NO_SRP
1818
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
R
Rich Salz 已提交
1819 1820 1821 1822 1823 1824 1825 1826 1827
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
     SSL_kSRP,
     SSL_aSRP,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1828
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1829
     SSL_NOT_DEFAULT | SSL_MEDIUM,
R
Rich Salz 已提交
1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
     SSL_kSRP,
     SSL_aRSA,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1843
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1844
     SSL_NOT_DEFAULT | SSL_MEDIUM,
R
Rich Salz 已提交
1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
     SSL_kSRP,
     SSL_aDSS,
     SSL_3DES,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1858
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1859
     SSL_NOT_DEFAULT | SSL_MEDIUM,
R
Rich Salz 已提交
1860 1861 1862 1863
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     112,
     168,
     },
1864
# endif
R
Rich Salz 已提交
1865 1866 1867 1868 1869 1870 1871 1872 1873
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
     SSL_kSRP,
     SSL_aSRP,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1874
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
     SSL_kSRP,
     SSL_aRSA,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1889
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
     SSL_kSRP,
     SSL_aDSS,
     SSL_AES128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1904
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
     SSL_kSRP,
     SSL_aSRP,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1919
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
     SSL_kSRP,
     SSL_aRSA,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1934
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
     SSL_kSRP,
     SSL_aDSS,
     SSL_AES256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
1949
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
1950 1951 1952 1953 1954
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
E
Emilia Kasper 已提交
1955
#endif                          /* OPENSSL_NO_SRP */
R
Rich Salz 已提交
1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973

#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
# ifndef OPENSSL_NO_RSA
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
     SSL_kDHE,
     SSL_aRSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
E
Emilia Kasper 已提交
1974
# endif                         /* OPENSSL_NO_RSA */
R
Rich Salz 已提交
1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006

# ifndef OPENSSL_NO_EC
    {
     1,
     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
E
Emilia Kasper 已提交
2007
# endif                         /* OPENSSL_NO_EC */
R
Rich Salz 已提交
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069

# ifndef OPENSSL_NO_PSK
    {
     1,
     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
     SSL_kPSK,
     SSL_aPSK,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_CHACHA20POLY1305,
     SSL_AEAD,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
E
Emilia Kasper 已提交
2070 2071 2072
# endif                         /* OPENSSL_NO_PSK */
#endif                          /* !defined(OPENSSL_NO_CHACHA) &&
                                 * !defined(OPENSSL_NO_POLY1305) */
R
Rich Salz 已提交
2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203

#ifndef OPENSSL_NO_CAMELLIA
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kEDH,
     SSL_aDSS,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kEDH,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kEDH,
     SSL_aNULL,
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kEDH,
     SSL_aDSS,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kEDH,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
     SSL_kEDH,
     SSL_aNULL,
     SSL_CAMELLIA256,
     SSL_SHA256,
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2204
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2219
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2234
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_CAMELLIA256,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2249
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     256,
     256,
     },
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2264
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2279
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2294
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
    {
     1,
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_CAMELLIA128,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2309
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2310 2311 2312 2313 2314 2315 2316 2317
     SSL_NOT_DEFAULT | SSL_HIGH,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },

# ifndef OPENSSL_NO_EC
    {
2318 2319 2320 2321 2322 2323 2324
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
2325 2326
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2327
     SSL_NOT_DEFAULT | SSL_HIGH,
2328 2329
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
E
Emilia Kasper 已提交
2330 2331
     128,
     },
R
Rich Salz 已提交
2332
    {
2333 2334 2335 2336 2337 2338 2339
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kECDHE,
     SSL_aECDSA,
     SSL_CAMELLIA256,
     SSL_SHA384,
2340 2341
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2342
     SSL_NOT_DEFAULT | SSL_HIGH,
2343 2344
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2345 2346
     256,
     },
R
Rich Salz 已提交
2347
    {
2348 2349 2350 2351 2352 2353 2354
     1,
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
2355 2356
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2357
     SSL_NOT_DEFAULT | SSL_HIGH,
2358 2359
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
     128,
E
Emilia Kasper 已提交
2360 2361
     128,
     },
R
Rich Salz 已提交
2362
    {
2363 2364 2365 2366 2367 2368 2369
     1,
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kECDHE,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA384,
2370 2371
     TLS1_2_VERSION, TLS1_2_VERSION,
     DTLS1_2_VERSION, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2372
     SSL_NOT_DEFAULT | SSL_HIGH,
2373 2374
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2375 2376 2377
     256,
     },
# endif                         /* OPENSSL_NO_EC */
B
Ben Laurie 已提交
2378

R
Rich Salz 已提交
2379 2380
# ifndef OPENSSL_NO_PSK
    {
2381 2382 2383 2384 2385 2386 2387
     1,
     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kPSK,
     SSL_aPSK,
     SSL_CAMELLIA128,
     SSL_SHA256,
2388
     TLS1_VERSION, TLS1_2_VERSION,
2389
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2390
     SSL_NOT_DEFAULT | SSL_HIGH,
2391 2392
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
E
Emilia Kasper 已提交
2393 2394
     128,
     },
R
Rich Salz 已提交
2395
    {
2396 2397 2398 2399 2400 2401 2402
     1,
     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kPSK,
     SSL_aPSK,
     SSL_CAMELLIA256,
     SSL_SHA384,
2403
     TLS1_VERSION, TLS1_2_VERSION,
2404
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2405
     SSL_NOT_DEFAULT | SSL_HIGH,
2406 2407
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2408 2409
     256,
     },
R
Rich Salz 已提交
2410
    {
2411 2412 2413 2414 2415 2416 2417
     1,
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_CAMELLIA128,
     SSL_SHA256,
2418
     TLS1_VERSION, TLS1_2_VERSION,
2419
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2420
     SSL_NOT_DEFAULT | SSL_HIGH,
2421 2422
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
E
Emilia Kasper 已提交
2423 2424
     128,
     },
R
Rich Salz 已提交
2425
    {
2426 2427 2428 2429 2430 2431 2432
     1,
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kDHEPSK,
     SSL_aPSK,
     SSL_CAMELLIA256,
     SSL_SHA384,
2433
     TLS1_VERSION, TLS1_2_VERSION,
2434
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2435
     SSL_NOT_DEFAULT | SSL_HIGH,
2436 2437
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2438 2439
     256,
     },
R
Rich Salz 已提交
2440
    {
2441 2442 2443 2444 2445 2446 2447
     1,
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_CAMELLIA128,
     SSL_SHA256,
2448
     TLS1_VERSION, TLS1_2_VERSION,
2449
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2450
     SSL_NOT_DEFAULT | SSL_HIGH,
2451 2452
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
E
Emilia Kasper 已提交
2453 2454
     128,
     },
R
Rich Salz 已提交
2455
    {
2456 2457 2458 2459 2460 2461 2462
     1,
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_CAMELLIA256,
     SSL_SHA384,
2463
     TLS1_VERSION, TLS1_2_VERSION,
2464
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2465
     SSL_NOT_DEFAULT | SSL_HIGH,
2466 2467
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
     256,
E
Emilia Kasper 已提交
2468 2469
     256,
     },
2470 2471
    {
     1,
R
Rich Salz 已提交
2472 2473 2474
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     SSL_kECDHEPSK,
2475
     SSL_aPSK,
R
Rich Salz 已提交
2476 2477 2478
     SSL_CAMELLIA128,
     SSL_SHA256,
     TLS1_VERSION, TLS1_2_VERSION,
2479
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2480
     SSL_NOT_DEFAULT | SSL_HIGH,
R
Rich Salz 已提交
2481
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2482
     128,
E
Emilia Kasper 已提交
2483 2484
     128,
     },
2485 2486
    {
     1,
R
Rich Salz 已提交
2487 2488 2489
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     SSL_kECDHEPSK,
2490
     SSL_aPSK,
R
Rich Salz 已提交
2491 2492 2493
     SSL_CAMELLIA256,
     SSL_SHA384,
     TLS1_VERSION, TLS1_2_VERSION,
2494
     DTLS1_BAD_VER, DTLS1_2_VERSION,
E
Emilia Kasper 已提交
2495
     SSL_NOT_DEFAULT | SSL_HIGH,
R
Rich Salz 已提交
2496
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2497
     256,
E
Emilia Kasper 已提交
2498 2499 2500
     256,
     },
# endif                         /* OPENSSL_NO_PSK */
2501

E
Emilia Kasper 已提交
2502
#endif                          /* OPENSSL_NO_CAMELLIA */
2503

P
Pauli 已提交
2504
#ifndef OPENSSL_NO_GOST
2505 2506
    {
     1,
R
Rich Salz 已提交
2507 2508 2509 2510 2511 2512 2513
     "GOST2001-GOST89-GOST89",
     0x3000081,
     SSL_kGOST,
     SSL_aGOST01,
     SSL_eGOST2814789CNT,
     SSL_GOST89MAC,
     TLS1_VERSION, TLS1_2_VERSION,
2514
     0, 0,
R
Rich Salz 已提交
2515 2516
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2517
     256,
E
Emilia Kasper 已提交
2518 2519
     256,
     },
R
Rich Salz 已提交
2520 2521 2522 2523 2524 2525 2526 2527 2528
    {
     1,
     "GOST2001-NULL-GOST94",
     0x3000083,
     SSL_kGOST,
     SSL_aGOST01,
     SSL_eNULL,
     SSL_GOST94,
     TLS1_VERSION, TLS1_2_VERSION,
2529
     0, 0,
R
Rich Salz 已提交
2530 2531 2532
     SSL_STRONG_NONE,
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
     0,
E
Emilia Kasper 已提交
2533 2534
     0,
     },
R
Rich Salz 已提交
2535 2536 2537 2538 2539 2540 2541 2542 2543
    {
     1,
     "GOST2012-GOST8912-GOST8912",
     0x0300ff85,
     SSL_kGOST,
     SSL_aGOST12 | SSL_aGOST01,
     SSL_eGOST2814789CNT12,
     SSL_GOST89MAC12,
     TLS1_VERSION, TLS1_2_VERSION,
2544
     0, 0,
R
Rich Salz 已提交
2545 2546
     SSL_HIGH,
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2547
     256,
E
Emilia Kasper 已提交
2548 2549
     256,
     },
R
Rich Salz 已提交
2550 2551 2552 2553 2554 2555 2556 2557 2558
    {
     1,
     "GOST2012-NULL-GOST12",
     0x0300ff87,
     SSL_kGOST,
     SSL_aGOST12 | SSL_aGOST01,
     SSL_eNULL,
     SSL_GOST12_256,
     TLS1_VERSION, TLS1_2_VERSION,
2559
     0, 0,
R
Rich Salz 已提交
2560 2561 2562
     SSL_STRONG_NONE,
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
     0,
E
Emilia Kasper 已提交
2563 2564 2565
     0,
     },
#endif                          /* OPENSSL_NO_GOST */
2566

R
Rich Salz 已提交
2567
#ifndef OPENSSL_NO_IDEA
2568 2569
    {
     1,
R
Rich Salz 已提交
2570 2571 2572 2573 2574 2575 2576
     SSL3_TXT_RSA_IDEA_128_SHA,
     SSL3_CK_RSA_IDEA_128_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_IDEA,
     SSL_SHA1,
     SSL3_VERSION, TLS1_1_VERSION,
2577
     DTLS1_BAD_VER, DTLS1_VERSION,
R
Rich Salz 已提交
2578 2579
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2580 2581 2582
     128,
     128,
     },
R
Rich Salz 已提交
2583
#endif
2584

R
Rich Salz 已提交
2585
#ifndef OPENSSL_NO_SEED
2586 2587
    {
     1,
R
Rich Salz 已提交
2588 2589 2590 2591 2592 2593 2594
     TLS1_TXT_RSA_WITH_SEED_SHA,
     TLS1_CK_RSA_WITH_SEED_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2595
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2596 2597 2598 2599
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2600 2601 2602
     },
    {
     1,
R
Rich Salz 已提交
2603 2604 2605 2606 2607 2608 2609
     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
     SSL_kDHE,
     SSL_aDSS,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2610
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2611 2612
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2613 2614 2615 2616 2617
     128,
     128,
     },
    {
     1,
R
Rich Salz 已提交
2618 2619 2620 2621 2622 2623 2624
     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
     SSL_kDHE,
     SSL_aRSA,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2625
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2626 2627 2628 2629
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2630 2631 2632
     },
    {
     1,
R
Rich Salz 已提交
2633 2634 2635 2636 2637 2638 2639
     TLS1_TXT_ADH_WITH_SEED_SHA,
     TLS1_CK_ADH_WITH_SEED_SHA,
     SSL_kDHE,
     SSL_aNULL,
     SSL_SEED,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
2640
     DTLS1_BAD_VER, DTLS1_2_VERSION,
R
Rich Salz 已提交
2641 2642
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2643 2644 2645
     128,
     128,
     },
E
Emilia Kasper 已提交
2646
#endif                          /* OPENSSL_NO_SEED */
2647

R
Rich Salz 已提交
2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_RC4_128_MD5,
     SSL3_CK_RSA_RC4_128_MD5,
     SSL_kRSA,
     SSL_aRSA,
     SSL_RC4,
     SSL_MD5,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
     },
2664 2665
    {
     1,
R
Rich Salz 已提交
2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677
     SSL3_TXT_RSA_RC4_128_SHA,
     SSL3_CK_RSA_RC4_128_SHA,
     SSL_kRSA,
     SSL_aRSA,
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2678 2679 2680
     },
    {
     1,
R
Rich Salz 已提交
2681 2682 2683 2684 2685 2686 2687 2688 2689 2690
     SSL3_TXT_ADH_RC4_128_MD5,
     SSL3_CK_ADH_RC4_128_MD5,
     SSL_kDHE,
     SSL_aNULL,
     SSL_RC4,
     SSL_MD5,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2691 2692 2693 2694
     128,
     128,
     },

R
Rich Salz 已提交
2695
# ifndef OPENSSL_NO_EC
2696 2697
    {
     1,
R
Rich Salz 已提交
2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709
     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
     SSL_kECDHEPSK,
     SSL_aPSK,
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
2710
     },
A
Andy Polyakov 已提交
2711 2712
    {
     1,
R
Rich Salz 已提交
2713 2714
     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2715
     SSL_kECDHE,
R
Rich Salz 已提交
2716 2717 2718 2719 2720 2721 2722 2723 2724
     SSL_aNULL,
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2725 2726 2727
     },
    {
     1,
R
Rich Salz 已提交
2728 2729
     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2730 2731
     SSL_kECDHE,
     SSL_aECDSA,
R
Rich Salz 已提交
2732 2733 2734 2735 2736 2737 2738 2739
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2740 2741 2742
     },
    {
     1,
R
Rich Salz 已提交
2743 2744 2745
     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
     SSL_kECDHE,
A
Andy Polyakov 已提交
2746
     SSL_aRSA,
R
Rich Salz 已提交
2747 2748 2749 2750 2751 2752 2753 2754
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2755
     },
E
Emilia Kasper 已提交
2756
# endif                         /* OPENSSL_NO_EC */
R
Rich Salz 已提交
2757

A
Andy Polyakov 已提交
2758 2759 2760
# ifndef OPENSSL_NO_PSK
    {
     1,
R
Rich Salz 已提交
2761 2762
     TLS1_TXT_PSK_WITH_RC4_128_SHA,
     TLS1_CK_PSK_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2763 2764
     SSL_kPSK,
     SSL_aPSK,
R
Rich Salz 已提交
2765 2766 2767 2768 2769 2770 2771 2772
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2773 2774 2775
     },
    {
     1,
R
Rich Salz 已提交
2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787
     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
     SSL_kRSAPSK,
     SSL_aRSA,
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2788 2789 2790
     },
    {
     1,
R
Rich Salz 已提交
2791 2792
     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
A
Andy Polyakov 已提交
2793 2794
     SSL_kDHEPSK,
     SSL_aPSK,
R
Rich Salz 已提交
2795 2796 2797 2798 2799 2800 2801 2802
     SSL_RC4,
     SSL_SHA1,
     SSL3_VERSION, TLS1_2_VERSION,
     0, 0,
     SSL_NOT_DEFAULT | SSL_MEDIUM,
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
     128,
     128,
A
Andy Polyakov 已提交
2803
     },
E
Emilia Kasper 已提交
2804
# endif                         /* OPENSSL_NO_PSK */
R
Rich Salz 已提交
2805

E
Emilia Kasper 已提交
2806
#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
2807

2808 2809
};

2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829
/*
 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
 * values stuffed into the ciphers field of the wire protocol for signalling
 * purposes.
 */
static SSL_CIPHER ssl3_scsvs[] = {
    {
     0,
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
     SSL3_CK_SCSV,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    },
    {
     0,
     "TLS_FALLBACK_SCSV",
     SSL3_CK_FALLBACK_SCSV,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    },
};

R
Rich Salz 已提交
2830 2831 2832 2833 2834 2835 2836 2837 2838 2839
static int cipher_compare(const void *a, const void *b)
{
    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;

    return ap->id - bp->id;
}

void ssl_sort_cipher_list(void)
{
2840
    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
R
Rich Salz 已提交
2841
          cipher_compare);
2842
    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
R
Rich Salz 已提交
2843 2844
}

2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858
const SSL3_ENC_METHOD SSLv3_enc_data = {
    ssl3_enc,
    n_ssl3_mac,
    ssl3_setup_key_block,
    ssl3_generate_master_secret,
    ssl3_change_cipher_state,
    ssl3_final_finish_mac,
    SSL3_MD_CLIENT_FINISHED_CONST, 4,
    SSL3_MD_SERVER_FINISHED_CONST, 4,
    ssl3_alert_code,
    (int (*)(SSL *, unsigned char *, size_t, const char *,
             size_t, const unsigned char *, size_t,
             int use_context))ssl_undefined_function,
    0,
M
Matt Caswell 已提交
2859
    ssl3_set_handshake_header,
2860
    tls_close_construct_packet,
2861 2862
    ssl3_handshake_write
};
2863

2864
long ssl3_default_timeout(void)
2865 2866 2867 2868 2869 2870 2871
{
    /*
     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
     * http, the cache would over fill
     */
    return (60 * 60 * 2);
}
2872

U
Ulf Möller 已提交
2873
int ssl3_num_ciphers(void)
2874 2875 2876
{
    return (SSL3_NUM_CIPHERS);
}
2877

2878
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2879 2880 2881 2882 2883 2884
{
    if (u < SSL3_NUM_CIPHERS)
        return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
    else
        return (NULL);
}
2885

M
Matt Caswell 已提交
2886
int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
2887
{
2888 2889 2890 2891
    /* No header in the event of a CCS */
    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
        return 1;

2892
    /* Set the content type and 3 bytes for the message len */
2893
    if (!WPACKET_put_bytes_u8(pkt, htype)
M
Matt Caswell 已提交
2894
            || !WPACKET_start_sub_packet_u24(pkt))
2895 2896 2897 2898 2899
        return 0;

    return 1;
}

D
Dr. Stephen Henson 已提交
2900
int ssl3_handshake_write(SSL *s)
2901 2902 2903
{
    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
}
D
Dr. Stephen Henson 已提交
2904

U
Ulf Möller 已提交
2905
int ssl3_new(SSL *s)
2906 2907
{
    SSL3_STATE *s3;
2908

R
Rich Salz 已提交
2909
    if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
2910 2911
        goto err;
    s->s3 = s3;
B
Ben Laurie 已提交
2912

B
Ben Laurie 已提交
2913
#ifndef OPENSSL_NO_SRP
V
Viktor Dukhovni 已提交
2914
    if (!SSL_SRP_CTX_init(s))
E
Emilia Kasper 已提交
2915
        goto err;
B
Ben Laurie 已提交
2916
#endif
2917 2918 2919 2920 2921
    s->method->ssl_clear(s);
    return (1);
 err:
    return (0);
}
2922

U
Ulf Möller 已提交
2923
void ssl3_free(SSL *s)
2924
{
2925
    if (s == NULL || s->s3 == NULL)
2926
        return;
B
Ben Laurie 已提交
2927

2928
    ssl3_cleanup_key_block(s);
2929

D
Dr. Stephen Henson 已提交
2930
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
2931 2932
    EVP_PKEY_free(s->s3->peer_tmp);
    s->s3->peer_tmp = NULL;
D
Dr. Stephen Henson 已提交
2933 2934
    EVP_PKEY_free(s->s3->tmp.pkey);
    s->s3->tmp.pkey = NULL;
B
Bodo Möller 已提交
2935 2936
#endif

2937
    OPENSSL_free(s->s3->tmp.ctype);
2938
    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
D
Dr. Stephen Henson 已提交
2939 2940 2941
    OPENSSL_free(s->s3->tmp.ciphers_raw);
    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
    OPENSSL_free(s->s3->tmp.peer_sigalgs);
2942
    ssl3_free_digest_list(s);
R
Rich Salz 已提交
2943
    OPENSSL_free(s->s3->alpn_selected);
T
Todd Short 已提交
2944
    OPENSSL_free(s->s3->alpn_proposed);
A
Adam Langley 已提交
2945

B
Ben Laurie 已提交
2946
#ifndef OPENSSL_NO_SRP
2947
    SSL_SRP_CTX_free(s);
B
Ben Laurie 已提交
2948
#endif
R
Rich Salz 已提交
2949
    OPENSSL_clear_free(s->s3, sizeof(*s->s3));
2950 2951
    s->s3 = NULL;
}
2952

U
Ulf Möller 已提交
2953
void ssl3_clear(SSL *s)
2954 2955
{
    ssl3_cleanup_key_block(s);
2956
    OPENSSL_free(s->s3->tmp.ctype);
2957
    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
D
Dr. Stephen Henson 已提交
2958 2959 2960
    OPENSSL_free(s->s3->tmp.ciphers_raw);
    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
    OPENSSL_free(s->s3->tmp.peer_sigalgs);
2961

D
Dr. Stephen Henson 已提交
2962
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
D
Dr. Stephen Henson 已提交
2963
    EVP_PKEY_free(s->s3->tmp.pkey);
2964
    EVP_PKEY_free(s->s3->peer_tmp);
E
Emilia Kasper 已提交
2965
#endif                          /* !OPENSSL_NO_EC */
2966

2967
    ssl3_free_digest_list(s);
2968

T
Todd Short 已提交
2969 2970
    OPENSSL_free(s->s3->alpn_selected);
    OPENSSL_free(s->s3->alpn_proposed);
2971

T
Todd Short 已提交
2972
    /* NULL/zero-out everything in the s3 struct */
R
Rich Salz 已提交
2973
    memset(s->s3, 0, sizeof(*s->s3));
2974 2975 2976 2977

    ssl_free_wbio_buffer(s);

    s->version = SSL3_VERSION;
B
Ben Laurie 已提交
2978

2979
#if !defined(OPENSSL_NO_NEXTPROTONEG)
R
Rich Salz 已提交
2980 2981 2982
    OPENSSL_free(s->ext.npn);
    s->ext.npn = NULL;
    s->ext.npn_len = 0;
B
Ben Laurie 已提交
2983
#endif
2984
}
2985

B
Ben Laurie 已提交
2986
#ifndef OPENSSL_NO_SRP
2987 2988
static char *srp_password_from_info_cb(SSL *s, void *arg)
{
R
Rich Salz 已提交
2989
    return OPENSSL_strdup(s->srp_ctx.info);
2990
}
B
Ben Laurie 已提交
2991 2992
#endif

E
Emilia Kasper 已提交
2993
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
2994

2995
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2996 2997
{
    int ret = 0;
2998

2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014
    switch (cmd) {
    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
        break;
    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
        ret = s->s3->num_renegotiations;
        break;
    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
        ret = s->s3->num_renegotiations;
        s->s3->num_renegotiations = 0;
        break;
    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
        ret = s->s3->total_renegotiations;
        break;
    case SSL_CTRL_GET_FLAGS:
        ret = (int)(s->s3->flags);
        break;
3015
#ifndef OPENSSL_NO_DH
3016 3017 3018
    case SSL_CTRL_SET_TMP_DH:
        {
            DH *dh = (DH *)parg;
3019
            EVP_PKEY *pkdh = NULL;
3020 3021 3022 3023
            if (dh == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
                return (ret);
            }
3024 3025 3026 3027 3028
            pkdh = ssl_dh_to_pkey(dh);
            if (pkdh == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
                return 0;
            }
3029
            if (!ssl_security(s, SSL_SECOP_TMP_DH,
3030
                              EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
3031
                SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
3032 3033
                EVP_PKEY_free(pkdh);
                return ret;
3034
            }
3035 3036
            EVP_PKEY_free(s->cert->dh_tmp);
            s->cert->dh_tmp = pkdh;
3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047
            ret = 1;
        }
        break;
    case SSL_CTRL_SET_TMP_DH_CB:
        {
            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
            return (ret);
        }
    case SSL_CTRL_SET_DH_AUTO:
        s->cert->dh_tmp_auto = larg;
        return 1;
3048
#endif
3049
#ifndef OPENSSL_NO_EC
3050 3051
    case SSL_CTRL_SET_TMP_ECDH:
        {
3052 3053
            const EC_GROUP *group = NULL;
            int nid;
3054 3055 3056

            if (parg == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3057
                return 0;
3058
            }
3059 3060 3061 3062
            group = EC_KEY_get0_group((const EC_KEY *)parg);
            if (group == NULL) {
                SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
                return 0;
3063
            }
3064 3065 3066
            nid = EC_GROUP_get_curve_name(group);
            if (nid == NID_undef)
                return 0;
R
Rich Salz 已提交
3067 3068
            return tls1_set_groups(&s->ext.supportedgroups,
                                   &s->ext.supportedgroups_len,
3069
                                   &nid, 1);
3070 3071
        }
        break;
3072
#endif                          /* !OPENSSL_NO_EC */
3073 3074
    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
        if (larg == TLSEXT_NAMETYPE_host_name) {
V
Viktor Dukhovni 已提交
3075 3076
            size_t len;

R
Rich Salz 已提交
3077 3078
            OPENSSL_free(s->ext.hostname);
            s->ext.hostname = NULL;
3079 3080 3081 3082

            ret = 1;
            if (parg == NULL)
                break;
V
Viktor Dukhovni 已提交
3083 3084
            len = strlen((char *)parg);
            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3085 3086 3087
                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                return 0;
            }
R
Rich Salz 已提交
3088
            if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3089 3090 3091 3092 3093 3094 3095 3096 3097
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
                return 0;
            }
        } else {
            SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
            return 0;
        }
        break;
    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
R
Rich Salz 已提交
3098
        s->ext.debug_arg = parg;
3099 3100 3101
        ret = 1;
        break;

3102
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3103
        ret = s->ext.status_type;
3104 3105
        break;

3106
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3107
        s->ext.status_type = larg;
3108 3109 3110 3111
        ret = 1;
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
R
Rich Salz 已提交
3112
        *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
3113 3114 3115 3116
        ret = 1;
        break;

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
R
Rich Salz 已提交
3117
        s->ext.ocsp.exts = parg;
3118 3119 3120 3121
        ret = 1;
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
R
Rich Salz 已提交
3122
        *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
3123 3124 3125 3126
        ret = 1;
        break;

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
R
Rich Salz 已提交
3127
        s->ext.ocsp.ids = parg;
3128 3129 3130 3131
        ret = 1;
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
R
Rich Salz 已提交
3132 3133 3134
        *(unsigned char **)parg = s->ext.ocsp.resp;
        if (s->ext.ocsp.resp_len == 0
                || s->ext.ocsp.resp_len > LONG_MAX)
M
Matt Caswell 已提交
3135
            return -1;
R
Rich Salz 已提交
3136
        return (long)s->ext.ocsp.resp_len;
3137 3138

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
R
Rich Salz 已提交
3139 3140 3141
        OPENSSL_free(s->ext.ocsp.resp);
        s->ext.ocsp.resp = parg;
        s->ext.ocsp.resp_len = larg;
3142 3143 3144
        ret = 1;
        break;

3145 3146 3147 3148 3149 3150 3151
#ifndef OPENSSL_NO_HEARTBEATS
    case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
    case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
    case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
        break;
#endif

3152 3153 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176
    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);

    case SSL_CTRL_CHAIN_CERT:
        if (larg)
            return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
        else
            return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);

    case SSL_CTRL_GET_CHAIN_CERTS:
        *(STACK_OF(X509) **)parg = s->cert->key->chain;
        break;

    case SSL_CTRL_SELECT_CURRENT_CERT:
        return ssl_cert_select_current(s->cert, (X509 *)parg);

    case SSL_CTRL_SET_CURRENT_CERT:
        if (larg == SSL_CERT_SET_SERVER) {
            const SSL_CIPHER *cipher;
            if (!s->server)
                return 0;
            cipher = s->s3->tmp.new_cipher;
D
Dr. Stephen Henson 已提交
3177
            if (cipher == NULL)
3178 3179 3180 3181 3182 3183 3184
                return 0;
            /*
             * No certificate for unauthenticated ciphersuites or using SRP
             * authentication
             */
            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
                return 2;
3185
            if (s->s3->tmp.cert == NULL)
3186
                return 0;
3187
            s->cert->key = s->s3->tmp.cert;
3188 3189 3190
            return 1;
        }
        return ssl_cert_set_current(s->cert, larg);
3191

3192
#ifndef OPENSSL_NO_EC
3193
    case SSL_CTRL_GET_GROUPS:
3194 3195 3196
        {
            unsigned char *clist;
            size_t clistlen;
R
Rich Salz 已提交
3197

3198 3199
            if (!s->session)
                return 0;
R
Rich Salz 已提交
3200 3201
            clist = s->session->ext.supportedgroups;
            clistlen = s->session->ext.supportedgroups_len / 2;
3202 3203 3204 3205 3206 3207
            if (parg) {
                size_t i;
                int *cptr = parg;
                unsigned int cid, nid;
                for (i = 0; i < clistlen; i++) {
                    n2s(clist, cid);
3208
                    /* TODO(TLS1.3): Handle DH groups here */
3209
                    nid = tls1_ec_curve_id2nid(cid, NULL);
3210 3211 3212 3213 3214 3215 3216 3217 3218
                    if (nid != 0)
                        cptr[i] = nid;
                    else
                        cptr[i] = TLSEXT_nid_unknown | cid;
                }
            }
            return (int)clistlen;
        }

3219
    case SSL_CTRL_SET_GROUPS:
R
Rich Salz 已提交
3220 3221
        return tls1_set_groups(&s->ext.supportedgroups,
                               &s->ext.supportedgroups_len, parg, larg);
3222

3223
    case SSL_CTRL_SET_GROUPS_LIST:
R
Rich Salz 已提交
3224 3225
        return tls1_set_groups_list(&s->ext.supportedgroups,
                                    &s->ext.supportedgroups_len, parg);
3226

3227 3228
    case SSL_CTRL_GET_SHARED_GROUP:
        return tls1_shared_group(s, larg);
3229

3230
#endif
3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248
    case SSL_CTRL_SET_SIGALGS:
        return tls1_set_sigalgs(s->cert, parg, larg, 0);

    case SSL_CTRL_SET_SIGALGS_LIST:
        return tls1_set_sigalgs_list(s->cert, parg, 0);

    case SSL_CTRL_SET_CLIENT_SIGALGS:
        return tls1_set_sigalgs(s->cert, parg, larg, 1);

    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
        return tls1_set_sigalgs_list(s->cert, parg, 1);

    case SSL_CTRL_GET_CLIENT_CERT_TYPES:
        {
            const unsigned char **pctype = parg;
            if (s->server || !s->s3->tmp.cert_req)
                return 0;
            if (pctype)
3249 3250
                *pctype = s->s3->tmp.ctype;
            return s->s3->tmp.ctype_len;
3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266 3267
        }

    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
        if (!s->server)
            return 0;
        return ssl3_set_req_cert_type(s->cert, parg, larg);

    case SSL_CTRL_BUILD_CERT_CHAIN:
        return ssl_build_cert_chain(s, NULL, larg);

    case SSL_CTRL_SET_VERIFY_CERT_STORE:
        return ssl_cert_set_cert_store(s->cert, parg, 0, larg);

    case SSL_CTRL_SET_CHAIN_CERT_STORE:
        return ssl_cert_set_cert_store(s->cert, parg, 1, larg);

    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3268
        if (s->s3->tmp.peer_sigalg == NULL)
3269
            return 0;
3270 3271
        *(int *)parg = s->s3->tmp.peer_sigalg->hash;
        return 1;
3272 3273

    case SSL_CTRL_GET_SERVER_TMP_KEY:
D
Dr. Stephen Henson 已提交
3274 3275
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
        if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
3276
            return 0;
D
Dr. Stephen Henson 已提交
3277 3278 3279 3280
        } else {
            EVP_PKEY_up_ref(s->s3->peer_tmp);
            *(EVP_PKEY **)parg = s->s3->peer_tmp;
            return 1;
3281
        }
D
Dr. Stephen Henson 已提交
3282 3283 3284
#else
        return 0;
#endif
3285
#ifndef OPENSSL_NO_EC
3286 3287 3288 3289
    case SSL_CTRL_GET_EC_POINT_FORMATS:
        {
            SSL_SESSION *sess = s->session;
            const unsigned char **pformat = parg;
R
Rich Salz 已提交
3290 3291

            if (sess == NULL || sess->ext.ecpointformats == NULL)
3292
                return 0;
R
Rich Salz 已提交
3293 3294
            *pformat = sess->ext.ecpointformats;
            return (int)sess->ext.ecpointformats_len;
3295
        }
3296
#endif
B
Bodo Moeller 已提交
3297

3298 3299 3300 3301 3302 3303 3304 3305 3306
    default:
        break;
    }
    return (ret);
}

long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
{
    int ret = 0;
3307

3308
    switch (cmd) {
3309
#ifndef OPENSSL_NO_DH
3310 3311 3312 3313 3314
    case SSL_CTRL_SET_TMP_DH_CB:
        {
            s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
        }
        break;
3315
#endif
3316
    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
R
Rich Salz 已提交
3317
        s->ext.debug_cb = (void (*)(SSL *, int, int,
R
Rich Salz 已提交
3318
                                    const unsigned char *, int, void *))fp;
3319
        break;
3320

3321 3322 3323 3324 3325 3326 3327 3328 3329 3330
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
        {
            s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
        }
        break;
    default:
        break;
    }
    return (ret);
}
3331

3332
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3333 3334
{
    switch (cmd) {
3335
#ifndef OPENSSL_NO_DH
3336 3337
    case SSL_CTRL_SET_TMP_DH:
        {
3338 3339 3340 3341
            DH *dh = (DH *)parg;
            EVP_PKEY *pkdh = NULL;
            if (dh == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3342 3343
                return 0;
            }
3344 3345 3346
            pkdh = ssl_dh_to_pkey(dh);
            if (pkdh == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
3347 3348
                return 0;
            }
3349 3350 3351 3352 3353
            if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
                                  EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
                EVP_PKEY_free(pkdh);
                return 1;
3354
            }
3355 3356
            EVP_PKEY_free(ctx->cert->dh_tmp);
            ctx->cert->dh_tmp = pkdh;
3357 3358 3359 3360 3361 3362 3363 3364 3365 3366
            return 1;
        }
    case SSL_CTRL_SET_TMP_DH_CB:
        {
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
            return (0);
        }
    case SSL_CTRL_SET_DH_AUTO:
        ctx->cert->dh_tmp_auto = larg;
        return 1;
3367
#endif
3368
#ifndef OPENSSL_NO_EC
3369 3370
    case SSL_CTRL_SET_TMP_ECDH:
        {
3371 3372
            const EC_GROUP *group = NULL;
            int nid;
3373 3374

            if (parg == NULL) {
3375
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3376 3377
                return 0;
            }
3378 3379 3380
            group = EC_KEY_get0_group((const EC_KEY *)parg);
            if (group == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
3381 3382
                return 0;
            }
3383 3384 3385
            nid = EC_GROUP_get_curve_name(group);
            if (nid == NID_undef)
                return 0;
R
Rich Salz 已提交
3386 3387
            return tls1_set_groups(&ctx->ext.supportedgroups,
                                   &ctx->ext.supportedgroups_len,
3388
                                   &nid, 1);
3389
        }
3390
#endif                          /* !OPENSSL_NO_EC */
3391
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
R
Rich Salz 已提交
3392
        ctx->ext.servername_arg = parg;
3393 3394 3395 3396 3397
        break;
    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
        {
            unsigned char *keys = parg;
R
Rich Salz 已提交
3398 3399 3400
            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
                                sizeof(ctx->ext.tick_hmac_key) +
                                sizeof(ctx->ext.tick_aes_key));
K
Kurt Roeckx 已提交
3401
            if (keys == NULL)
R
Rich Salz 已提交
3402 3403
                return tick_keylen;
            if (larg != tick_keylen) {
3404 3405 3406 3407
                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
                return 0;
            }
            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
R
Rich Salz 已提交
3408 3409 3410 3411 3412 3413 3414 3415 3416
                memcpy(ctx->ext.tick_key_name, keys,
                       sizeof(ctx->ext.tick_key_name));
                memcpy(ctx->ext.tick_hmac_key,
                       keys + sizeof(ctx->ext.tick_key_name),
                       sizeof(ctx->ext.tick_hmac_key));
                memcpy(ctx->ext.tick_aes_key,
                       keys + sizeof(ctx->ext.tick_key_name) +
                       sizeof(ctx->ext.tick_hmac_key),
                       sizeof(ctx->ext.tick_aes_key));
3417
            } else {
R
Rich Salz 已提交
3418 3419 3420 3421 3422 3423 3424 3425 3426
                memcpy(keys, ctx->ext.tick_key_name,
                       sizeof(ctx->ext.tick_key_name));
                memcpy(keys + sizeof(ctx->ext.tick_key_name),
                       ctx->ext.tick_hmac_key,
                       sizeof(ctx->ext.tick_hmac_key));
                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
                       sizeof(ctx->ext.tick_hmac_key),
                       ctx->ext.tick_aes_key,
                       sizeof(ctx->ext.tick_aes_key));
3427 3428 3429 3430
            }
            return 1;
        }

3431
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3432
        return ctx->ext.status_type;
3433

3434
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
R
Rich Salz 已提交
3435
        ctx->ext.status_type = larg;
3436 3437
        break;

3438
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
R
Rich Salz 已提交
3439
        ctx->ext.status_arg = parg;
3440 3441
        return 1;

3442
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
R
Rich Salz 已提交
3443
        *(void**)parg = ctx->ext.status_arg;
3444 3445 3446
        break;

    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
R
Rich Salz 已提交
3447
        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
3448 3449
        break;

3450
#ifndef OPENSSL_NO_SRP
3451 3452
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
R
Rich Salz 已提交
3453
        OPENSSL_free(ctx->srp_ctx.login);
3454 3455 3456
        ctx->srp_ctx.login = NULL;
        if (parg == NULL)
            break;
E
Emilia Kasper 已提交
3457
        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3458 3459 3460
            SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
            return 0;
        }
R
Rich Salz 已提交
3461
        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
3462 3463 3464 3465 3466 3467 3468 3469 3470 3471 3472 3473 3474 3475 3476 3477 3478
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
            return 0;
        }
        break;
    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
            srp_password_from_info_cb;
        ctx->srp_ctx.info = parg;
        break;
    case SSL_CTRL_SET_SRP_ARG:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.SRP_cb_arg = parg;
        break;

    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
        ctx->srp_ctx.strength = larg;
        break;
3479
#endif
3480

3481
#ifndef OPENSSL_NO_EC
3482
    case SSL_CTRL_SET_GROUPS:
R
Rich Salz 已提交
3483 3484
        return tls1_set_groups(&ctx->ext.supportedgroups,
                               &ctx->ext.supportedgroups_len,
3485 3486
                               parg, larg);

3487
    case SSL_CTRL_SET_GROUPS_LIST:
R
Rich Salz 已提交
3488 3489
        return tls1_set_groups_list(&ctx->ext.supportedgroups,
                                    &ctx->ext.supportedgroups_len,
3490
                                    parg);
3491
#endif
3492 3493 3494 3495 3496 3497 3498 3499 3500 3501 3502 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 3518
    case SSL_CTRL_SET_SIGALGS:
        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);

    case SSL_CTRL_SET_SIGALGS_LIST:
        return tls1_set_sigalgs_list(ctx->cert, parg, 0);

    case SSL_CTRL_SET_CLIENT_SIGALGS:
        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);

    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
        return tls1_set_sigalgs_list(ctx->cert, parg, 1);

    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
        return ssl3_set_req_cert_type(ctx->cert, parg, larg);

    case SSL_CTRL_BUILD_CERT_CHAIN:
        return ssl_build_cert_chain(NULL, ctx, larg);

    case SSL_CTRL_SET_VERIFY_CERT_STORE:
        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);

    case SSL_CTRL_SET_CHAIN_CERT_STORE:
        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);

        /* A Thawte special :-) */
    case SSL_CTRL_EXTRA_CHAIN_CERT:
        if (ctx->extra_certs == NULL) {
3519 3520 3521 3522 3523 3524 3525 3526
            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
                return 0;
            }
        }
        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
            return 0;
3527 3528 3529 3530 3531 3532 3533 3534 3535 3536 3537
        }
        break;

    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
        if (ctx->extra_certs == NULL && larg == 0)
            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
        else
            *(STACK_OF(X509) **)parg = ctx->extra_certs;
        break;

    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
R
Rich Salz 已提交
3538 3539
        sk_X509_pop_free(ctx->extra_certs, X509_free);
        ctx->extra_certs = NULL;
3540 3541 3542 3543 3544 3545 3546 3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572
        break;

    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);

    case SSL_CTRL_CHAIN_CERT:
        if (larg)
            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
        else
            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);

    case SSL_CTRL_GET_CHAIN_CERTS:
        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
        break;

    case SSL_CTRL_SELECT_CURRENT_CERT:
        return ssl_cert_select_current(ctx->cert, (X509 *)parg);

    case SSL_CTRL_SET_CURRENT_CERT:
        return ssl_cert_set_current(ctx->cert, larg);

    default:
        return (0);
    }
    return (1);
}

long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
    switch (cmd) {
3573
#ifndef OPENSSL_NO_DH
3574 3575
    case SSL_CTRL_SET_TMP_DH_CB:
        {
M
Matt Caswell 已提交
3576
            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3577 3578
        }
        break;
3579
#endif
3580
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
R
Rich Salz 已提交
3581
        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
3582 3583 3584
        break;

    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
R
Rich Salz 已提交
3585
        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
3586 3587 3588
        break;

    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
R
Rich Salz 已提交
3589
        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
3590 3591 3592 3593 3594
                                             unsigned char *,
                                             EVP_CIPHER_CTX *,
                                             HMAC_CTX *, int))fp;
        break;

3595
#ifndef OPENSSL_NO_SRP
3596 3597 3598 3599 3600 3601 3602 3603 3604 3605 3606 3607 3608 3609
    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
        break;
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.TLS_ext_srp_username_callback =
            (int (*)(SSL *, int *, void *))fp;
        break;
    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
            (char *(*)(SSL *, void *))fp;
        break;
3610
#endif
3611 3612 3613 3614 3615 3616 3617 3618 3619 3620
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
        {
            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
        }
        break;
    default:
        return (0);
    }
    return (1);
}
3621

3622 3623 3624
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
{
    SSL_CIPHER c;
3625
    const SSL_CIPHER *cp;
3626 3627

    c.id = id;
3628 3629 3630 3631
    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
    if (cp != NULL)
        return cp;
    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
3632 3633
}

3634 3635 3636 3637
/*
 * This function needs to check if the ciphers required are actually
 * available
 */
3638
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3639
{
3640
    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
3641 3642
                                 | ((uint32_t)p[0] << 8L)
                                 | (uint32_t)p[1]);
3643
}
3644

M
Matt Caswell 已提交
3645
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
3646
{
3647
    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
3648 3649 3650 3651
        *len = 0;
        return 1;
    }

3652
    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
3653 3654 3655 3656 3657 3658
        return 0;

    *len = 2;
    return 1;
}

3659 3660 3661 3662 3663 3664 3665 3666
/*
 * ssl3_choose_cipher - choose a cipher from those offered by the client
 * @s: SSL connection
 * @clnt: ciphers offered by the client
 * @srvr: ciphers enabled on the server?
 *
 * Returns the selected cipher or NULL when no common ciphers.
 */
3667
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
E
Emilia Kasper 已提交
3668
                                     STACK_OF(SSL_CIPHER) *srvr)
3669
{
3670
    const SSL_CIPHER *c, *ret = NULL;
3671 3672
    STACK_OF(SSL_CIPHER) *prio, *allow;
    int i, ii, ok;
R
Richard Levitte 已提交
3673
    unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a;
3674

3675
    /* Let's see which ciphers we can support */
3676

3677 3678 3679 3680 3681 3682
    /*
     * Do not set the compare functions, because this may lead to a
     * reordering by "id". We want to keep the original ordering. We may pay
     * a price in performance during sk_SSL_CIPHER_find(), but would have to
     * pay with the price of sk_SSL_CIPHER_dup().
     */
3683

B
Ben Laurie 已提交
3684
#ifdef CIPHER_DEBUG
3685 3686 3687 3688 3689 3690 3691 3692 3693 3694 3695 3696
    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
            (void *)srvr);
    for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
        c = sk_SSL_CIPHER_value(srvr, i);
        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
    }
    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
            (void *)clnt);
    for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
        c = sk_SSL_CIPHER_value(clnt, i);
        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
    }
B
Ben Laurie 已提交
3697 3698
#endif

3699 3700 3701 3702 3703 3704 3705 3706 3707
    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
        prio = srvr;
        allow = clnt;
    } else {
        prio = clnt;
        allow = srvr;
    }

    tls1_set_cert_validity(s);
3708
    ssl_set_masks(s);
3709 3710 3711 3712

    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
        c = sk_SSL_CIPHER_value(prio, i);

3713 3714
        /* Skip ciphers not supported by the protocol version */
        if (!SSL_IS_DTLS(s) &&
E
Emilia Kasper 已提交
3715
            ((s->version < c->min_tls) || (s->version > c->max_tls)))
3716
            continue;
3717
        if (SSL_IS_DTLS(s) &&
E
Emilia Kasper 已提交
3718 3719
            (DTLS_VERSION_LT(s->version, c->min_dtls) ||
             DTLS_VERSION_GT(s->version, c->max_dtls)))
3720
            continue;
3721 3722 3723 3724 3725 3726 3727
        /*
         * Since TLS 1.3 ciphersuites can be used with any auth or
         * key exchange scheme skip tests.
         */
        if (!SSL_IS_TLS13(s)) {
            mask_k = s->s3->tmp.mask_k;
            mask_a = s->s3->tmp.mask_a;
B
Ben Laurie 已提交
3728
#ifndef OPENSSL_NO_SRP
3729 3730 3731 3732
            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
                mask_k |= SSL_kSRP;
                mask_a |= SSL_aSRP;
            }
B
Ben Laurie 已提交
3733
#endif
3734

3735 3736
            alg_k = c->algorithm_mkey;
            alg_a = c->algorithm_auth;
3737

3738
#ifndef OPENSSL_NO_PSK
3739 3740 3741
            /* with PSK there must be server callback set */
            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
                continue;
3742 3743
#endif                          /* OPENSSL_NO_PSK */

3744
            ok = (alg_k & mask_k) && (alg_a & mask_a);
3745
#ifdef CIPHER_DEBUG
3746 3747
            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
                    alg_a, mask_k, mask_a, (void *)c, c->name);
3748 3749
#endif

E
Emilia Kasper 已提交
3750
#ifndef OPENSSL_NO_EC
3751 3752 3753 3754 3755 3756
            /*
             * if we are considering an ECC cipher suite that uses an ephemeral
             * EC key check it
             */
            if (alg_k & SSL_kECDHE)
                ok = ok && tls1_check_ec_tmp_key(s, c->id);
E
Emilia Kasper 已提交
3757
#endif                          /* OPENSSL_NO_EC */
3758

3759 3760 3761
            if (!ok)
                continue;
        }
3762 3763 3764 3765
        ii = sk_SSL_CIPHER_find(allow, c);
        if (ii >= 0) {
            /* Check security callback permits this cipher */
            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
3766
                              c->strength_bits, 0, (void *)c))
3767
                continue;
3768
#if !defined(OPENSSL_NO_EC)
3769 3770 3771 3772 3773 3774
            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
                && s->s3->is_probably_safari) {
                if (!ret)
                    ret = sk_SSL_CIPHER_value(allow, ii);
                continue;
            }
3775
#endif
3776 3777 3778 3779 3780 3781
            ret = sk_SSL_CIPHER_value(allow, ii);
            break;
        }
    }
    return (ret);
}
3782

3783
int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
3784
{
3785
    uint32_t alg_k, alg_a = 0;
3786 3787

    /* If we have custom certificate types set, use them */
3788 3789
    if (s->cert->ctype)
        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
3790 3791 3792 3793
    /* Get mask of algorithms disabled by signature list */
    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);

    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3794

D
Dr. Stephen Henson 已提交
3795
#ifndef OPENSSL_NO_GOST
3796 3797 3798 3799
    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
            return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
D
Dr. Stephen Henson 已提交
3800 3801
#endif

D
Dr. Stephen Henson 已提交
3802
    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
3803
#ifndef OPENSSL_NO_DH
3804
# ifndef OPENSSL_NO_RSA
3805 3806
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
            return 0;
3807 3808
# endif
# ifndef OPENSSL_NO_DSA
3809 3810
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
            return 0;
3811 3812
# endif
#endif                          /* !OPENSSL_NO_DH */
B
Ben Laurie 已提交
3813
    }
3814
#ifndef OPENSSL_NO_RSA
3815 3816
    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
        return 0;
3817
#endif
3818
#ifndef OPENSSL_NO_DSA
3819 3820
    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
        return 0;
3821
#endif
3822
#ifndef OPENSSL_NO_EC
3823
    /*
D
Dr. Stephen Henson 已提交
3824
     * ECDSA certs can be used with RSA cipher suites too so we don't
3825 3826
     * need to check for SSL_kECDH or SSL_kECDHE
     */
3827 3828 3829 3830
    if (s->version >= TLS1_VERSION
            && !(alg_a & SSL_aECDSA)
            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
        return 0;
3831
#endif
3832
    return 1;
3833
}
3834

3835
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3836
{
3837 3838 3839 3840
    OPENSSL_free(c->ctype);
    c->ctype = NULL;
    c->ctype_len = 0;
    if (p == NULL || len == 0)
3841 3842 3843
        return 1;
    if (len > 0xff)
        return 0;
3844 3845
    c->ctype = OPENSSL_memdup(p, len);
    if (c->ctype == NULL)
3846
        return 0;
3847
    c->ctype_len = len;
3848 3849
    return 1;
}
3850

U
Ulf Möller 已提交
3851
int ssl3_shutdown(SSL *s)
3852 3853 3854 3855 3856 3857 3858
{
    int ret;

    /*
     * Don't do anything much if we have not done the handshake or we don't
     * want to send messages :-)
     */
M
Matt Caswell 已提交
3859
    if (s->quiet_shutdown || SSL_in_before(s)) {
3860 3861 3862 3863 3864 3865 3866 3867 3868 3869 3870 3871 3872 3873 3874 3875 3876 3877 3878
        s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
        return (1);
    }

    if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
        s->shutdown |= SSL_SENT_SHUTDOWN;
        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
        /*
         * our shutdown alert has been sent now, and if it still needs to be
         * written, s->s3->alert_dispatch will be true
         */
        if (s->s3->alert_dispatch)
            return (-1);        /* return WANT_WRITE */
    } else if (s->s3->alert_dispatch) {
        /* resend it if not sent */
        ret = s->method->ssl_dispatch_alert(s);
        if (ret == -1) {
            /*
             * we only get to return -1 here the 2nd/Nth invocation, we must
F
FdaSilvaYY 已提交
3879
             * have already signalled return 0 upon a previous invocation,
3880 3881 3882 3883 3884
             * return WANT_WRITE
             */
            return (ret);
        }
    } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3885
        size_t readbytes;
3886 3887 3888
        /*
         * If we are waiting for a close from our peer, we are closed
         */
3889
        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
3890
        if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
3891
            return -1;        /* return WANT_READ */
3892 3893 3894 3895 3896 3897 3898 3899 3900
        }
    }

    if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
        !s->s3->alert_dispatch)
        return (1);
    else
        return (0);
}
3901

M
Matt Caswell 已提交
3902
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
3903 3904 3905
{
    clear_sys_error();
    if (s->s3->renegotiate)
3906
        ssl3_renegotiate_check(s, 0);
3907

M
Matt Caswell 已提交
3908 3909
    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
                                      written);
3910
}
3911

3912
static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
3913
                              size_t *readbytes)
3914 3915 3916 3917 3918
{
    int ret;

    clear_sys_error();
    if (s->s3->renegotiate)
3919
        ssl3_renegotiate_check(s, 0);
3920 3921
    s->s3->in_read_app_data = 1;
    ret =
3922
        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
3923
                                  peek, readbytes);
3924 3925 3926 3927 3928 3929 3930 3931
    if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
        /*
         * ssl3_read_bytes decided to call s->handshake_func, which called
         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
         * actually found application data and thinks that application data
         * makes sense here; so disable handshake processing and try to read
         * application data again.
         */
M
Matt Caswell 已提交
3932
        ossl_statem_set_in_handshake(s, 1);
3933
        ret =
3934
            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
3935
                                      len, peek, readbytes);
M
Matt Caswell 已提交
3936
        ossl_statem_set_in_handshake(s, 0);
3937 3938 3939
    } else
        s->s3->in_read_app_data = 0;

3940
    return ret;
3941
}
3942

3943
int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
3944
{
3945
    return ssl3_read_internal(s, buf, len, 0, readbytes);
3946
}
3947

3948
int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
3949
{
3950
    return ssl3_read_internal(s, buf, len, 1, readbytes);
3951
}
3952

U
Ulf Möller 已提交
3953
int ssl3_renegotiate(SSL *s)
3954 3955 3956
{
    if (s->handshake_func == NULL)
        return (1);
3957

3958 3959 3960
    s->s3->renegotiate = 1;
    return (1);
}
3961

3962 3963 3964 3965 3966 3967 3968 3969 3970
/*
 * Check if we are waiting to do a renegotiation and if so whether now is a
 * good time to do it. If |initok| is true then we are being called from inside
 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
 * should do a renegotiation now and sets up the state machine for it. Otherwise
 * returns 0.
 */
int ssl3_renegotiate_check(SSL *s, int initok)
3971 3972 3973 3974
{
    int ret = 0;

    if (s->s3->renegotiate) {
3975 3976
        if (!RECORD_LAYER_read_pending(&s->rlayer)
            && !RECORD_LAYER_write_pending(&s->rlayer)
3977
            && (initok || !SSL_in_init(s))) {
3978 3979
            /*
             * if we are the server, and we have sent a 'RENEGOTIATE'
M
Matt Caswell 已提交
3980 3981
             * message, we need to set the state machine into the renegotiate
             * state.
3982
             */
M
Matt Caswell 已提交
3983
            ossl_statem_set_renegotiate(s);
3984 3985 3986 3987 3988 3989
            s->s3->renegotiate = 0;
            s->s3->num_renegotiations++;
            s->s3->total_renegotiations++;
            ret = 1;
        }
    }
3990
    return ret;
3991 3992
}

3993
/*
3994 3995
 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
 * handshake macs if required.
D
Dr. Stephen Henson 已提交
3996 3997
 *
 * If PSK and using SHA384 for TLS < 1.2 switch to default.
3998 3999
 */
long ssl_get_algorithm2(SSL *s)
4000
{
4001 4002 4003 4004
    long alg2;
    if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
        return -1;
    alg2 = s->s3->tmp.new_cipher->algorithm2;
D
Dr. Stephen Henson 已提交
4005 4006 4007 4008 4009 4010 4011
    if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
    } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
    }
4012 4013
    return alg2;
}
4014 4015 4016 4017 4018

/*
 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
 * failure, 1 on success.
 */
4019 4020
int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
                          DOWNGRADE dgrd)
4021
{
4022
    int send_time = 0, ret;
4023 4024 4025 4026 4027 4028 4029 4030 4031 4032 4033

    if (len < 4)
        return 0;
    if (server)
        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
    else
        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
    if (send_time) {
        unsigned long Time = (unsigned long)time(NULL);
        unsigned char *p = result;
        l2n(Time, p);
4034
        /* TODO(size_t): Convert this */
4035 4036 4037 4038 4039 4040 4041 4042 4043 4044 4045 4046 4047 4048 4049 4050
        ret = RAND_bytes(p, (int)(len - 4));
    } else {
        ret = RAND_bytes(result, (int)len);
    }
#ifndef OPENSSL_NO_TLS13DOWNGRADE
    if (ret) {
        assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
        if (dgrd == DOWNGRADE_TO_1_2)
            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
                   sizeof(tls12downgrade));
        else if (dgrd == DOWNGRADE_TO_1_1)
            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
                   sizeof(tls11downgrade));
    }
#endif
    return ret;
4051
}
4052 4053 4054 4055

int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
                               int free_pms)
{
4056
    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4057 4058
    int ret = 0;

4059
    if (alg_k & SSL_PSK) {
4060
#ifndef OPENSSL_NO_PSK
4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 4071 4072
        unsigned char *pskpms, *t;
        size_t psklen = s->s3->tmp.psklen;
        size_t pskpmslen;

        /* create PSK premaster_secret */

        /* For plain PSK "other_secret" is psklen zeroes */
        if (alg_k & SSL_kPSK)
            pmslen = psklen;

        pskpmslen = 4 + pmslen + psklen;
        pskpms = OPENSSL_malloc(pskpmslen);
4073
        if (pskpms == NULL)
4074
            goto err;
4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086
        t = pskpms;
        s2n(pmslen, t);
        if (alg_k & SSL_kPSK)
            memset(t, 0, pmslen);
        else
            memcpy(t, pms, pmslen);
        t += pmslen;
        s2n(psklen, t);
        memcpy(t, s->s3->tmp.psk, psklen);

        OPENSSL_clear_free(s->s3->tmp.psk, psklen);
        s->s3->tmp.psk = NULL;
4087 4088 4089 4090
        if (!s->method->ssl3_enc->generate_master_secret(s,
                    s->session->master_key,pskpms, pskpmslen,
                    &s->session->master_key_length))
            goto err;
4091
        OPENSSL_clear_free(pskpms, pskpmslen);
4092 4093 4094
#else
        /* Should never happen */
        goto err;
4095
#endif
4096
    } else {
4097 4098 4099 4100
        if (!s->method->ssl3_enc->generate_master_secret(s,
                s->session->master_key, pms, pmslen,
                &s->session->master_key_length))
            goto err;
4101 4102
    }

4103
    ret = 1;
4104
 err:
4105 4106 4107 4108 4109 4110
    if (pms) {
        if (free_pms)
            OPENSSL_clear_free(pms, pmslen);
        else
            OPENSSL_cleanse(pms, pmslen);
    }
4111 4112
    if (s->server == 0)
        s->s3->tmp.pms = NULL;
4113
    return ret;
4114
}
4115

D
Dr. Stephen Henson 已提交
4116 4117
/* Generate a private key from parameters */
EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
4118 4119 4120
{
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
D
Dr. Stephen Henson 已提交
4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150

    if (pm == NULL)
        return NULL;
    pctx = EVP_PKEY_CTX_new(pm, NULL);
    if (pctx == NULL)
        goto err;
    if (EVP_PKEY_keygen_init(pctx) <= 0)
        goto err;
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
        EVP_PKEY_free(pkey);
        pkey = NULL;
    }

    err:
    EVP_PKEY_CTX_free(pctx);
    return pkey;
}
#ifndef OPENSSL_NO_EC
/* Generate a private key a curve ID */
EVP_PKEY *ssl_generate_pkey_curve(int id)
{
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
    unsigned int curve_flags;
    int nid = tls1_ec_curve_id2nid(id, &curve_flags);

    if (nid == 0)
        goto err;
    if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
        pctx = EVP_PKEY_CTX_new_id(nid, NULL);
4151
        nid = 0;
4152
    } else {
D
Dr. Stephen Henson 已提交
4153
        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
4154 4155 4156 4157 4158
    }
    if (pctx == NULL)
        goto err;
    if (EVP_PKEY_keygen_init(pctx) <= 0)
        goto err;
4159
    if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
4160 4161 4162 4163 4164 4165
        goto err;
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
        EVP_PKEY_free(pkey);
        pkey = NULL;
    }

E
Emilia Kasper 已提交
4166
 err:
4167 4168 4169
    EVP_PKEY_CTX_free(pctx);
    return pkey;
}
D
Dr. Stephen Henson 已提交
4170
#endif
E
Emilia Kasper 已提交
4171

4172 4173
/* Derive secrets for ECDH/DH */
int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196 4197
{
    int rv = 0;
    unsigned char *pms = NULL;
    size_t pmslen = 0;
    EVP_PKEY_CTX *pctx;

    if (privkey == NULL || pubkey == NULL)
        return 0;

    pctx = EVP_PKEY_CTX_new(privkey, NULL);

    if (EVP_PKEY_derive_init(pctx) <= 0
        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
        goto err;
    }

    pms = OPENSSL_malloc(pmslen);
    if (pms == NULL)
        goto err;

    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
        goto err;

4198 4199 4200
    if (gensecret) {
        if (SSL_IS_TLS13(s)) {
            /*
4201 4202
             * If we are resuming then we already generated the early secret
             * when we created the ClientHello, so don't recreate it.
4203
             */
4204 4205 4206 4207
            if (!s->hit)
                rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
                                           0,
                                           (unsigned char *)&s->early_secret);
4208 4209 4210
            else
                rv = 1;

4211
            rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4212
        } else {
4213
            rv = ssl_generate_master_secret(s, pms, pmslen, 0);
4214
        }
4215
    } else {
4216
        /* Save premaster secret */
4217 4218 4219 4220 4221 4222
        s->s3->tmp.pms = pms;
        s->s3->tmp.pmslen = pmslen;
        pms = NULL;
        rv = 1;
    }

E
Emilia Kasper 已提交
4223
 err:
4224 4225 4226 4227
    OPENSSL_clear_free(pms, pmslen);
    EVP_PKEY_CTX_free(pctx);
    return rv;
}
D
Dr. Stephen Henson 已提交
4228

B
Ben Laurie 已提交
4229
#ifndef OPENSSL_NO_DH
D
Dr. Stephen Henson 已提交
4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241
EVP_PKEY *ssl_dh_to_pkey(DH *dh)
{
    EVP_PKEY *ret;
    if (dh == NULL)
        return NULL;
    ret = EVP_PKEY_new();
    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
        EVP_PKEY_free(ret);
        return NULL;
    }
    return ret;
}
B
Ben Laurie 已提交
4242
#endif