Coverage Report

Created: 2025-07-11 06:57

/src/openssl/ssl/s3_lib.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4
 * Copyright 2005 Nokia. All rights reserved.
5
 *
6
 * Licensed under the Apache License 2.0 (the "License").  You may not use
7
 * this file except in compliance with the License.  You can obtain a copy
8
 * in the file LICENSE in the source distribution or at
9
 * https://www.openssl.org/source/license.html
10
 */
11
12
#include "internal/e_os.h"
13
14
#include <openssl/objects.h>
15
#include "internal/nelem.h"
16
#include "ssl_local.h"
17
#include <openssl/md5.h>
18
#include <openssl/dh.h>
19
#include <openssl/rand.h>
20
#include <openssl/trace.h>
21
#include <openssl/x509v3.h>
22
#include <openssl/core_names.h>
23
#include "internal/cryptlib.h"
24
#include "internal/ssl_unwrap.h"
25
26
16
#define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
27
16
#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
28
16
#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
29
30
/* TLSv1.3 downgrade protection sentinel values */
31
const unsigned char tls11downgrade[] = {
32
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
33
};
34
const unsigned char tls12downgrade[] = {
35
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
36
};
37
38
/* The list of available TLSv1.3 ciphers */
39
static SSL_CIPHER tls13_ciphers[] = {
40
    {
41
        1,
42
        TLS1_3_RFC_AES_128_GCM_SHA256,
43
        TLS1_3_RFC_AES_128_GCM_SHA256,
44
        TLS1_3_CK_AES_128_GCM_SHA256,
45
        SSL_kANY,
46
        SSL_aANY,
47
        SSL_AES128GCM,
48
        SSL_AEAD,
49
        TLS1_3_VERSION, TLS1_3_VERSION,
50
        0, 0,
51
        SSL_HIGH,
52
        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
53
        128,
54
        128,
55
    }, {
56
        1,
57
        TLS1_3_RFC_AES_256_GCM_SHA384,
58
        TLS1_3_RFC_AES_256_GCM_SHA384,
59
        TLS1_3_CK_AES_256_GCM_SHA384,
60
        SSL_kANY,
61
        SSL_aANY,
62
        SSL_AES256GCM,
63
        SSL_AEAD,
64
        TLS1_3_VERSION, TLS1_3_VERSION,
65
        0, 0,
66
        SSL_HIGH,
67
        SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
68
        256,
69
        256,
70
    },
71
    {
72
        1,
73
        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
74
        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
75
        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
76
        SSL_kANY,
77
        SSL_aANY,
78
        SSL_CHACHA20POLY1305,
79
        SSL_AEAD,
80
        TLS1_3_VERSION, TLS1_3_VERSION,
81
        0, 0,
82
        SSL_HIGH,
83
        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
84
        256,
85
        256,
86
    },
87
    {
88
        1,
89
        TLS1_3_RFC_AES_128_CCM_SHA256,
90
        TLS1_3_RFC_AES_128_CCM_SHA256,
91
        TLS1_3_CK_AES_128_CCM_SHA256,
92
        SSL_kANY,
93
        SSL_aANY,
94
        SSL_AES128CCM,
95
        SSL_AEAD,
96
        TLS1_3_VERSION, TLS1_3_VERSION,
97
        0, 0,
98
        SSL_NOT_DEFAULT | SSL_HIGH,
99
        SSL_HANDSHAKE_MAC_SHA256,
100
        128,
101
        128,
102
    }, {
103
        1,
104
        TLS1_3_RFC_AES_128_CCM_8_SHA256,
105
        TLS1_3_RFC_AES_128_CCM_8_SHA256,
106
        TLS1_3_CK_AES_128_CCM_8_SHA256,
107
        SSL_kANY,
108
        SSL_aANY,
109
        SSL_AES128CCM8,
110
        SSL_AEAD,
111
        TLS1_3_VERSION, TLS1_3_VERSION,
112
        0, 0,
113
        SSL_NOT_DEFAULT | SSL_MEDIUM,
114
        SSL_HANDSHAKE_MAC_SHA256,
115
        64, /* CCM8 uses a short tag, so we have a low security strength */
116
        128,
117
    },
118
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
119
    {
120
        1,
121
        TLS1_3_RFC_SHA256_SHA256,
122
        TLS1_3_RFC_SHA256_SHA256,
123
        TLS1_3_CK_SHA256_SHA256,
124
        SSL_kANY,
125
        SSL_aANY,
126
        SSL_eNULL,
127
        SSL_SHA256,
128
        TLS1_3_VERSION, TLS1_3_VERSION,
129
        0, 0,
130
        SSL_NOT_DEFAULT | SSL_STRONG_NONE,
131
        SSL_HANDSHAKE_MAC_SHA256,
132
        0,
133
        256,
134
    }, {
135
        1,
136
        TLS1_3_RFC_SHA384_SHA384,
137
        TLS1_3_RFC_SHA384_SHA384,
138
        TLS1_3_CK_SHA384_SHA384,
139
        SSL_kANY,
140
        SSL_aANY,
141
        SSL_eNULL,
142
        SSL_SHA384,
143
        TLS1_3_VERSION, TLS1_3_VERSION,
144
        0, 0,
145
        SSL_NOT_DEFAULT | SSL_STRONG_NONE,
146
        SSL_HANDSHAKE_MAC_SHA384,
147
        0,
148
        384,
149
    },
150
#endif
151
};
152
153
/*
154
 * The list of available ciphers, mostly organized into the following
155
 * groups:
156
 *      Always there
157
 *      EC
158
 *      PSK
159
 *      SRP (within that: RSA EC PSK)
160
 *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
161
 *      Weak ciphers
162
 */
163
static SSL_CIPHER ssl3_ciphers[] = {
164
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
165
    {
166
     1,
167
     SSL3_TXT_RSA_NULL_MD5,
168
     SSL3_RFC_RSA_NULL_MD5,
169
     SSL3_CK_RSA_NULL_MD5,
170
     SSL_kRSA,
171
     SSL_aRSA,
172
     SSL_eNULL,
173
     SSL_MD5,
174
     SSL3_VERSION, TLS1_2_VERSION,
175
     DTLS1_BAD_VER, DTLS1_2_VERSION,
176
     SSL_STRONG_NONE,
177
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
178
     0,
179
     0,
180
     },
181
    {
182
     1,
183
     SSL3_TXT_RSA_NULL_SHA,
184
     SSL3_RFC_RSA_NULL_SHA,
185
     SSL3_CK_RSA_NULL_SHA,
186
     SSL_kRSA,
187
     SSL_aRSA,
188
     SSL_eNULL,
189
     SSL_SHA1,
190
     SSL3_VERSION, TLS1_2_VERSION,
191
     DTLS1_BAD_VER, DTLS1_2_VERSION,
192
     SSL_STRONG_NONE | SSL_FIPS,
193
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
194
     0,
195
     0,
196
     },
197
#endif
198
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
199
    {
200
     1,
201
     SSL3_TXT_RSA_DES_192_CBC3_SHA,
202
     SSL3_RFC_RSA_DES_192_CBC3_SHA,
203
     SSL3_CK_RSA_DES_192_CBC3_SHA,
204
     SSL_kRSA,
205
     SSL_aRSA,
206
     SSL_3DES,
207
     SSL_SHA1,
208
     SSL3_VERSION, TLS1_2_VERSION,
209
     DTLS1_BAD_VER, DTLS1_2_VERSION,
210
     SSL_NOT_DEFAULT | SSL_MEDIUM,
211
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
212
     112,
213
     168,
214
     },
215
    {
216
     1,
217
     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
218
     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
219
     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
220
     SSL_kDHE,
221
     SSL_aDSS,
222
     SSL_3DES,
223
     SSL_SHA1,
224
     SSL3_VERSION, TLS1_2_VERSION,
225
     DTLS1_BAD_VER, DTLS1_2_VERSION,
226
     SSL_NOT_DEFAULT | SSL_MEDIUM,
227
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228
     112,
229
     168,
230
     },
231
    {
232
     1,
233
     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
234
     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
235
     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
236
     SSL_kDHE,
237
     SSL_aRSA,
238
     SSL_3DES,
239
     SSL_SHA1,
240
     SSL3_VERSION, TLS1_2_VERSION,
241
     DTLS1_BAD_VER, DTLS1_2_VERSION,
242
     SSL_NOT_DEFAULT | SSL_MEDIUM,
243
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
244
     112,
245
     168,
246
     },
247
    {
248
     1,
249
     SSL3_TXT_ADH_DES_192_CBC_SHA,
250
     SSL3_RFC_ADH_DES_192_CBC_SHA,
251
     SSL3_CK_ADH_DES_192_CBC_SHA,
252
     SSL_kDHE,
253
     SSL_aNULL,
254
     SSL_3DES,
255
     SSL_SHA1,
256
     SSL3_VERSION, TLS1_2_VERSION,
257
     DTLS1_BAD_VER, DTLS1_2_VERSION,
258
     SSL_NOT_DEFAULT | SSL_MEDIUM,
259
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
260
     112,
261
     168,
262
     },
263
#endif
264
    {
265
     1,
266
     TLS1_TXT_RSA_WITH_AES_128_SHA,
267
     TLS1_RFC_RSA_WITH_AES_128_SHA,
268
     TLS1_CK_RSA_WITH_AES_128_SHA,
269
     SSL_kRSA,
270
     SSL_aRSA,
271
     SSL_AES128,
272
     SSL_SHA1,
273
     SSL3_VERSION, TLS1_2_VERSION,
274
     DTLS1_BAD_VER, DTLS1_2_VERSION,
275
     SSL_HIGH | SSL_FIPS,
276
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
277
     128,
278
     128,
279
     },
280
    {
281
     1,
282
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
283
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
284
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
285
     SSL_kDHE,
286
     SSL_aDSS,
287
     SSL_AES128,
288
     SSL_SHA1,
289
     SSL3_VERSION, TLS1_2_VERSION,
290
     DTLS1_BAD_VER, DTLS1_2_VERSION,
291
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
292
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293
     128,
294
     128,
295
     },
296
    {
297
     1,
298
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
299
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
300
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
301
     SSL_kDHE,
302
     SSL_aRSA,
303
     SSL_AES128,
304
     SSL_SHA1,
305
     SSL3_VERSION, TLS1_2_VERSION,
306
     DTLS1_BAD_VER, DTLS1_2_VERSION,
307
     SSL_HIGH | SSL_FIPS,
308
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
309
     128,
310
     128,
311
     },
312
    {
313
     1,
314
     TLS1_TXT_ADH_WITH_AES_128_SHA,
315
     TLS1_RFC_ADH_WITH_AES_128_SHA,
316
     TLS1_CK_ADH_WITH_AES_128_SHA,
317
     SSL_kDHE,
318
     SSL_aNULL,
319
     SSL_AES128,
320
     SSL_SHA1,
321
     SSL3_VERSION, TLS1_2_VERSION,
322
     DTLS1_BAD_VER, DTLS1_2_VERSION,
323
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
324
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
325
     128,
326
     128,
327
     },
328
    {
329
     1,
330
     TLS1_TXT_RSA_WITH_AES_256_SHA,
331
     TLS1_RFC_RSA_WITH_AES_256_SHA,
332
     TLS1_CK_RSA_WITH_AES_256_SHA,
333
     SSL_kRSA,
334
     SSL_aRSA,
335
     SSL_AES256,
336
     SSL_SHA1,
337
     SSL3_VERSION, TLS1_2_VERSION,
338
     DTLS1_BAD_VER, DTLS1_2_VERSION,
339
     SSL_HIGH | SSL_FIPS,
340
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
341
     256,
342
     256,
343
     },
344
    {
345
     1,
346
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
347
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
348
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
349
     SSL_kDHE,
350
     SSL_aDSS,
351
     SSL_AES256,
352
     SSL_SHA1,
353
     SSL3_VERSION, TLS1_2_VERSION,
354
     DTLS1_BAD_VER, DTLS1_2_VERSION,
355
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
356
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
357
     256,
358
     256,
359
     },
360
    {
361
     1,
362
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
363
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
364
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
365
     SSL_kDHE,
366
     SSL_aRSA,
367
     SSL_AES256,
368
     SSL_SHA1,
369
     SSL3_VERSION, TLS1_2_VERSION,
370
     DTLS1_BAD_VER, DTLS1_2_VERSION,
371
     SSL_HIGH | SSL_FIPS,
372
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
373
     256,
374
     256,
375
     },
376
    {
377
     1,
378
     TLS1_TXT_ADH_WITH_AES_256_SHA,
379
     TLS1_RFC_ADH_WITH_AES_256_SHA,
380
     TLS1_CK_ADH_WITH_AES_256_SHA,
381
     SSL_kDHE,
382
     SSL_aNULL,
383
     SSL_AES256,
384
     SSL_SHA1,
385
     SSL3_VERSION, TLS1_2_VERSION,
386
     DTLS1_BAD_VER, DTLS1_2_VERSION,
387
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
388
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
389
     256,
390
     256,
391
     },
392
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
393
    {
394
     1,
395
     TLS1_TXT_RSA_WITH_NULL_SHA256,
396
     TLS1_RFC_RSA_WITH_NULL_SHA256,
397
     TLS1_CK_RSA_WITH_NULL_SHA256,
398
     SSL_kRSA,
399
     SSL_aRSA,
400
     SSL_eNULL,
401
     SSL_SHA256,
402
     TLS1_2_VERSION, TLS1_2_VERSION,
403
     DTLS1_2_VERSION, DTLS1_2_VERSION,
404
     SSL_STRONG_NONE | SSL_FIPS,
405
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
406
     0,
407
     0,
408
     },
409
#endif
410
    {
411
     1,
412
     TLS1_TXT_RSA_WITH_AES_128_SHA256,
413
     TLS1_RFC_RSA_WITH_AES_128_SHA256,
414
     TLS1_CK_RSA_WITH_AES_128_SHA256,
415
     SSL_kRSA,
416
     SSL_aRSA,
417
     SSL_AES128,
418
     SSL_SHA256,
419
     TLS1_2_VERSION, TLS1_2_VERSION,
420
     DTLS1_2_VERSION, DTLS1_2_VERSION,
421
     SSL_HIGH | SSL_FIPS,
422
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
423
     128,
424
     128,
425
     },
426
    {
427
     1,
428
     TLS1_TXT_RSA_WITH_AES_256_SHA256,
429
     TLS1_RFC_RSA_WITH_AES_256_SHA256,
430
     TLS1_CK_RSA_WITH_AES_256_SHA256,
431
     SSL_kRSA,
432
     SSL_aRSA,
433
     SSL_AES256,
434
     SSL_SHA256,
435
     TLS1_2_VERSION, TLS1_2_VERSION,
436
     DTLS1_2_VERSION, DTLS1_2_VERSION,
437
     SSL_HIGH | SSL_FIPS,
438
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
439
     256,
440
     256,
441
     },
442
    {
443
     1,
444
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
445
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
446
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
447
     SSL_kDHE,
448
     SSL_aDSS,
449
     SSL_AES128,
450
     SSL_SHA256,
451
     TLS1_2_VERSION, TLS1_2_VERSION,
452
     DTLS1_2_VERSION, DTLS1_2_VERSION,
453
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
454
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
455
     128,
456
     128,
457
     },
458
    {
459
     1,
460
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
461
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
462
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
463
     SSL_kDHE,
464
     SSL_aRSA,
465
     SSL_AES128,
466
     SSL_SHA256,
467
     TLS1_2_VERSION, TLS1_2_VERSION,
468
     DTLS1_2_VERSION, DTLS1_2_VERSION,
469
     SSL_HIGH | SSL_FIPS,
470
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
471
     128,
472
     128,
473
     },
474
    {
475
     1,
476
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
477
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
478
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
479
     SSL_kDHE,
480
     SSL_aDSS,
481
     SSL_AES256,
482
     SSL_SHA256,
483
     TLS1_2_VERSION, TLS1_2_VERSION,
484
     DTLS1_2_VERSION, DTLS1_2_VERSION,
485
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
486
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
487
     256,
488
     256,
489
     },
490
    {
491
     1,
492
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
493
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
494
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
495
     SSL_kDHE,
496
     SSL_aRSA,
497
     SSL_AES256,
498
     SSL_SHA256,
499
     TLS1_2_VERSION, TLS1_2_VERSION,
500
     DTLS1_2_VERSION, DTLS1_2_VERSION,
501
     SSL_HIGH | SSL_FIPS,
502
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
503
     256,
504
     256,
505
     },
506
    {
507
     1,
508
     TLS1_TXT_ADH_WITH_AES_128_SHA256,
509
     TLS1_RFC_ADH_WITH_AES_128_SHA256,
510
     TLS1_CK_ADH_WITH_AES_128_SHA256,
511
     SSL_kDHE,
512
     SSL_aNULL,
513
     SSL_AES128,
514
     SSL_SHA256,
515
     TLS1_2_VERSION, TLS1_2_VERSION,
516
     DTLS1_2_VERSION, DTLS1_2_VERSION,
517
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
518
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
519
     128,
520
     128,
521
     },
522
    {
523
     1,
524
     TLS1_TXT_ADH_WITH_AES_256_SHA256,
525
     TLS1_RFC_ADH_WITH_AES_256_SHA256,
526
     TLS1_CK_ADH_WITH_AES_256_SHA256,
527
     SSL_kDHE,
528
     SSL_aNULL,
529
     SSL_AES256,
530
     SSL_SHA256,
531
     TLS1_2_VERSION, TLS1_2_VERSION,
532
     DTLS1_2_VERSION, DTLS1_2_VERSION,
533
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
534
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
535
     256,
536
     256,
537
     },
538
    {
539
     1,
540
     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
541
     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
542
     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
543
     SSL_kRSA,
544
     SSL_aRSA,
545
     SSL_AES128GCM,
546
     SSL_AEAD,
547
     TLS1_2_VERSION, TLS1_2_VERSION,
548
     DTLS1_2_VERSION, DTLS1_2_VERSION,
549
     SSL_HIGH | SSL_FIPS,
550
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
551
     128,
552
     128,
553
     },
554
    {
555
     1,
556
     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
557
     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
558
     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
559
     SSL_kRSA,
560
     SSL_aRSA,
561
     SSL_AES256GCM,
562
     SSL_AEAD,
563
     TLS1_2_VERSION, TLS1_2_VERSION,
564
     DTLS1_2_VERSION, DTLS1_2_VERSION,
565
     SSL_HIGH | SSL_FIPS,
566
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
567
     256,
568
     256,
569
     },
570
    {
571
     1,
572
     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
573
     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
574
     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
575
     SSL_kDHE,
576
     SSL_aRSA,
577
     SSL_AES128GCM,
578
     SSL_AEAD,
579
     TLS1_2_VERSION, TLS1_2_VERSION,
580
     DTLS1_2_VERSION, DTLS1_2_VERSION,
581
     SSL_HIGH | SSL_FIPS,
582
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
583
     128,
584
     128,
585
     },
586
    {
587
     1,
588
     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
589
     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
590
     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
591
     SSL_kDHE,
592
     SSL_aRSA,
593
     SSL_AES256GCM,
594
     SSL_AEAD,
595
     TLS1_2_VERSION, TLS1_2_VERSION,
596
     DTLS1_2_VERSION, DTLS1_2_VERSION,
597
     SSL_HIGH | SSL_FIPS,
598
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
599
     256,
600
     256,
601
     },
602
    {
603
     1,
604
     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
605
     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
606
     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
607
     SSL_kDHE,
608
     SSL_aDSS,
609
     SSL_AES128GCM,
610
     SSL_AEAD,
611
     TLS1_2_VERSION, TLS1_2_VERSION,
612
     DTLS1_2_VERSION, DTLS1_2_VERSION,
613
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
614
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
615
     128,
616
     128,
617
     },
618
    {
619
     1,
620
     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
621
     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
622
     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
623
     SSL_kDHE,
624
     SSL_aDSS,
625
     SSL_AES256GCM,
626
     SSL_AEAD,
627
     TLS1_2_VERSION, TLS1_2_VERSION,
628
     DTLS1_2_VERSION, DTLS1_2_VERSION,
629
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
630
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
631
     256,
632
     256,
633
     },
634
    {
635
     1,
636
     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
637
     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
638
     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
639
     SSL_kDHE,
640
     SSL_aNULL,
641
     SSL_AES128GCM,
642
     SSL_AEAD,
643
     TLS1_2_VERSION, TLS1_2_VERSION,
644
     DTLS1_2_VERSION, DTLS1_2_VERSION,
645
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
646
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
647
     128,
648
     128,
649
     },
650
    {
651
     1,
652
     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
653
     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
654
     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
655
     SSL_kDHE,
656
     SSL_aNULL,
657
     SSL_AES256GCM,
658
     SSL_AEAD,
659
     TLS1_2_VERSION, TLS1_2_VERSION,
660
     DTLS1_2_VERSION, DTLS1_2_VERSION,
661
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
662
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
663
     256,
664
     256,
665
     },
666
    {
667
     1,
668
     TLS1_TXT_RSA_WITH_AES_128_CCM,
669
     TLS1_RFC_RSA_WITH_AES_128_CCM,
670
     TLS1_CK_RSA_WITH_AES_128_CCM,
671
     SSL_kRSA,
672
     SSL_aRSA,
673
     SSL_AES128CCM,
674
     SSL_AEAD,
675
     TLS1_2_VERSION, TLS1_2_VERSION,
676
     DTLS1_2_VERSION, DTLS1_2_VERSION,
677
     SSL_NOT_DEFAULT | SSL_HIGH,
678
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
679
     128,
680
     128,
681
     },
682
    {
683
     1,
684
     TLS1_TXT_RSA_WITH_AES_256_CCM,
685
     TLS1_RFC_RSA_WITH_AES_256_CCM,
686
     TLS1_CK_RSA_WITH_AES_256_CCM,
687
     SSL_kRSA,
688
     SSL_aRSA,
689
     SSL_AES256CCM,
690
     SSL_AEAD,
691
     TLS1_2_VERSION, TLS1_2_VERSION,
692
     DTLS1_2_VERSION, DTLS1_2_VERSION,
693
     SSL_NOT_DEFAULT | SSL_HIGH,
694
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
695
     256,
696
     256,
697
     },
698
    {
699
     1,
700
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
701
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
702
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
703
     SSL_kDHE,
704
     SSL_aRSA,
705
     SSL_AES128CCM,
706
     SSL_AEAD,
707
     TLS1_2_VERSION, TLS1_2_VERSION,
708
     DTLS1_2_VERSION, DTLS1_2_VERSION,
709
     SSL_NOT_DEFAULT | SSL_HIGH,
710
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
711
     128,
712
     128,
713
     },
714
    {
715
     1,
716
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
717
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
718
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
719
     SSL_kDHE,
720
     SSL_aRSA,
721
     SSL_AES256CCM,
722
     SSL_AEAD,
723
     TLS1_2_VERSION, TLS1_2_VERSION,
724
     DTLS1_2_VERSION, DTLS1_2_VERSION,
725
     SSL_NOT_DEFAULT | SSL_HIGH,
726
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
727
     256,
728
     256,
729
     },
730
    {
731
     1,
732
     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
733
     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
734
     TLS1_CK_RSA_WITH_AES_128_CCM_8,
735
     SSL_kRSA,
736
     SSL_aRSA,
737
     SSL_AES128CCM8,
738
     SSL_AEAD,
739
     TLS1_2_VERSION, TLS1_2_VERSION,
740
     DTLS1_2_VERSION, DTLS1_2_VERSION,
741
     SSL_NOT_DEFAULT | SSL_MEDIUM,
742
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
743
     64, /* CCM8 uses a short tag, so we have a low security strength */
744
     128,
745
     },
746
    {
747
     1,
748
     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
749
     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
750
     TLS1_CK_RSA_WITH_AES_256_CCM_8,
751
     SSL_kRSA,
752
     SSL_aRSA,
753
     SSL_AES256CCM8,
754
     SSL_AEAD,
755
     TLS1_2_VERSION, TLS1_2_VERSION,
756
     DTLS1_2_VERSION, DTLS1_2_VERSION,
757
     SSL_NOT_DEFAULT | SSL_MEDIUM,
758
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
759
     64, /* CCM8 uses a short tag, so we have a low security strength */
760
     256,
761
     },
762
    {
763
     1,
764
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
765
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
766
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
767
     SSL_kDHE,
768
     SSL_aRSA,
769
     SSL_AES128CCM8,
770
     SSL_AEAD,
771
     TLS1_2_VERSION, TLS1_2_VERSION,
772
     DTLS1_2_VERSION, DTLS1_2_VERSION,
773
     SSL_NOT_DEFAULT | SSL_MEDIUM,
774
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
775
     64, /* CCM8 uses a short tag, so we have a low security strength */
776
     128,
777
     },
778
    {
779
     1,
780
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
781
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
782
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
783
     SSL_kDHE,
784
     SSL_aRSA,
785
     SSL_AES256CCM8,
786
     SSL_AEAD,
787
     TLS1_2_VERSION, TLS1_2_VERSION,
788
     DTLS1_2_VERSION, DTLS1_2_VERSION,
789
     SSL_NOT_DEFAULT | SSL_MEDIUM,
790
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
791
     64, /* CCM8 uses a short tag, so we have a low security strength */
792
     256,
793
     },
794
    {
795
     1,
796
     TLS1_TXT_PSK_WITH_AES_128_CCM,
797
     TLS1_RFC_PSK_WITH_AES_128_CCM,
798
     TLS1_CK_PSK_WITH_AES_128_CCM,
799
     SSL_kPSK,
800
     SSL_aPSK,
801
     SSL_AES128CCM,
802
     SSL_AEAD,
803
     TLS1_2_VERSION, TLS1_2_VERSION,
804
     DTLS1_2_VERSION, DTLS1_2_VERSION,
805
     SSL_NOT_DEFAULT | SSL_HIGH,
806
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
807
     128,
808
     128,
809
     },
810
    {
811
     1,
812
     TLS1_TXT_PSK_WITH_AES_256_CCM,
813
     TLS1_RFC_PSK_WITH_AES_256_CCM,
814
     TLS1_CK_PSK_WITH_AES_256_CCM,
815
     SSL_kPSK,
816
     SSL_aPSK,
817
     SSL_AES256CCM,
818
     SSL_AEAD,
819
     TLS1_2_VERSION, TLS1_2_VERSION,
820
     DTLS1_2_VERSION, DTLS1_2_VERSION,
821
     SSL_NOT_DEFAULT | SSL_HIGH,
822
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
823
     256,
824
     256,
825
     },
826
    {
827
     1,
828
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
829
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
830
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
831
     SSL_kDHEPSK,
832
     SSL_aPSK,
833
     SSL_AES128CCM,
834
     SSL_AEAD,
835
     TLS1_2_VERSION, TLS1_2_VERSION,
836
     DTLS1_2_VERSION, DTLS1_2_VERSION,
837
     SSL_NOT_DEFAULT | SSL_HIGH,
838
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
839
     128,
840
     128,
841
     },
842
    {
843
     1,
844
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
845
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
846
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
847
     SSL_kDHEPSK,
848
     SSL_aPSK,
849
     SSL_AES256CCM,
850
     SSL_AEAD,
851
     TLS1_2_VERSION, TLS1_2_VERSION,
852
     DTLS1_2_VERSION, DTLS1_2_VERSION,
853
     SSL_NOT_DEFAULT | SSL_HIGH,
854
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
855
     256,
856
     256,
857
     },
858
    {
859
     1,
860
     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
861
     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
862
     TLS1_CK_PSK_WITH_AES_128_CCM_8,
863
     SSL_kPSK,
864
     SSL_aPSK,
865
     SSL_AES128CCM8,
866
     SSL_AEAD,
867
     TLS1_2_VERSION, TLS1_2_VERSION,
868
     DTLS1_2_VERSION, DTLS1_2_VERSION,
869
     SSL_NOT_DEFAULT | SSL_MEDIUM,
870
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
871
     64, /* CCM8 uses a short tag, so we have a low security strength */
872
     128,
873
     },
874
    {
875
     1,
876
     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
877
     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
878
     TLS1_CK_PSK_WITH_AES_256_CCM_8,
879
     SSL_kPSK,
880
     SSL_aPSK,
881
     SSL_AES256CCM8,
882
     SSL_AEAD,
883
     TLS1_2_VERSION, TLS1_2_VERSION,
884
     DTLS1_2_VERSION, DTLS1_2_VERSION,
885
     SSL_NOT_DEFAULT | SSL_MEDIUM,
886
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
887
     64, /* CCM8 uses a short tag, so we have a low security strength */
888
     256,
889
     },
890
    {
891
     1,
892
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
893
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
894
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
895
     SSL_kDHEPSK,
896
     SSL_aPSK,
897
     SSL_AES128CCM8,
898
     SSL_AEAD,
899
     TLS1_2_VERSION, TLS1_2_VERSION,
900
     DTLS1_2_VERSION, DTLS1_2_VERSION,
901
     SSL_NOT_DEFAULT | SSL_MEDIUM,
902
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
903
     64, /* CCM8 uses a short tag, so we have a low security strength */
904
     128,
905
     },
906
    {
907
     1,
908
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
909
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
910
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
911
     SSL_kDHEPSK,
912
     SSL_aPSK,
913
     SSL_AES256CCM8,
914
     SSL_AEAD,
915
     TLS1_2_VERSION, TLS1_2_VERSION,
916
     DTLS1_2_VERSION, DTLS1_2_VERSION,
917
     SSL_NOT_DEFAULT | SSL_MEDIUM,
918
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
919
     64, /* CCM8 uses a short tag, so we have a low security strength */
920
     256,
921
     },
922
    {
923
     1,
924
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
925
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
926
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
927
     SSL_kECDHE,
928
     SSL_aECDSA,
929
     SSL_AES128CCM,
930
     SSL_AEAD,
931
     TLS1_2_VERSION, TLS1_2_VERSION,
932
     DTLS1_2_VERSION, DTLS1_2_VERSION,
933
     SSL_NOT_DEFAULT | SSL_HIGH,
934
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
935
     128,
936
     128,
937
     },
938
    {
939
     1,
940
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
941
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
942
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
943
     SSL_kECDHE,
944
     SSL_aECDSA,
945
     SSL_AES256CCM,
946
     SSL_AEAD,
947
     TLS1_2_VERSION, TLS1_2_VERSION,
948
     DTLS1_2_VERSION, DTLS1_2_VERSION,
949
     SSL_NOT_DEFAULT | SSL_HIGH,
950
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
951
     256,
952
     256,
953
     },
954
    {
955
     1,
956
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
957
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
958
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
959
     SSL_kECDHE,
960
     SSL_aECDSA,
961
     SSL_AES128CCM8,
962
     SSL_AEAD,
963
     TLS1_2_VERSION, TLS1_2_VERSION,
964
     DTLS1_2_VERSION, DTLS1_2_VERSION,
965
     SSL_NOT_DEFAULT | SSL_MEDIUM,
966
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
967
     64, /* CCM8 uses a short tag, so we have a low security strength */
968
     128,
969
     },
970
    {
971
     1,
972
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
973
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
974
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
975
     SSL_kECDHE,
976
     SSL_aECDSA,
977
     SSL_AES256CCM8,
978
     SSL_AEAD,
979
     TLS1_2_VERSION, TLS1_2_VERSION,
980
     DTLS1_2_VERSION, DTLS1_2_VERSION,
981
     SSL_NOT_DEFAULT | SSL_MEDIUM,
982
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
983
     64, /* CCM8 uses a short tag, so we have a low security strength */
984
     256,
985
     },
986
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
987
    {
988
     1,
989
     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
990
     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
991
     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
992
     SSL_kECDHE,
993
     SSL_aECDSA,
994
     SSL_eNULL,
995
     SSL_SHA1,
996
     TLS1_VERSION, TLS1_2_VERSION,
997
     DTLS1_BAD_VER, DTLS1_2_VERSION,
998
     SSL_STRONG_NONE | SSL_FIPS,
999
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1000
     0,
1001
     0,
1002
     },
1003
#endif
1004
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1005
    {
1006
     1,
1007
     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1008
     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1009
     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1010
     SSL_kECDHE,
1011
     SSL_aECDSA,
1012
     SSL_3DES,
1013
     SSL_SHA1,
1014
     TLS1_VERSION, TLS1_2_VERSION,
1015
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1016
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1017
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1018
     112,
1019
     168,
1020
     },
1021
# endif
1022
    {
1023
     1,
1024
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1025
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1026
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1027
     SSL_kECDHE,
1028
     SSL_aECDSA,
1029
     SSL_AES128,
1030
     SSL_SHA1,
1031
     TLS1_VERSION, TLS1_2_VERSION,
1032
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1033
     SSL_HIGH | SSL_FIPS,
1034
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1035
     128,
1036
     128,
1037
     },
1038
    {
1039
     1,
1040
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1041
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1042
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1043
     SSL_kECDHE,
1044
     SSL_aECDSA,
1045
     SSL_AES256,
1046
     SSL_SHA1,
1047
     TLS1_VERSION, TLS1_2_VERSION,
1048
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1049
     SSL_HIGH | SSL_FIPS,
1050
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1051
     256,
1052
     256,
1053
     },
1054
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1055
    {
1056
     1,
1057
     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1058
     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1059
     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1060
     SSL_kECDHE,
1061
     SSL_aRSA,
1062
     SSL_eNULL,
1063
     SSL_SHA1,
1064
     TLS1_VERSION, TLS1_2_VERSION,
1065
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1066
     SSL_STRONG_NONE | SSL_FIPS,
1067
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1068
     0,
1069
     0,
1070
     },
1071
#endif
1072
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1073
    {
1074
     1,
1075
     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1076
     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1077
     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1078
     SSL_kECDHE,
1079
     SSL_aRSA,
1080
     SSL_3DES,
1081
     SSL_SHA1,
1082
     TLS1_VERSION, TLS1_2_VERSION,
1083
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1084
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1085
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1086
     112,
1087
     168,
1088
     },
1089
# endif
1090
    {
1091
     1,
1092
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1093
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1094
     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1095
     SSL_kECDHE,
1096
     SSL_aRSA,
1097
     SSL_AES128,
1098
     SSL_SHA1,
1099
     TLS1_VERSION, TLS1_2_VERSION,
1100
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1101
     SSL_HIGH | SSL_FIPS,
1102
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1103
     128,
1104
     128,
1105
     },
1106
    {
1107
     1,
1108
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1109
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1110
     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1111
     SSL_kECDHE,
1112
     SSL_aRSA,
1113
     SSL_AES256,
1114
     SSL_SHA1,
1115
     TLS1_VERSION, TLS1_2_VERSION,
1116
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1117
     SSL_HIGH | SSL_FIPS,
1118
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1119
     256,
1120
     256,
1121
     },
1122
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1123
    {
1124
     1,
1125
     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1126
     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1127
     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1128
     SSL_kECDHE,
1129
     SSL_aNULL,
1130
     SSL_eNULL,
1131
     SSL_SHA1,
1132
     TLS1_VERSION, TLS1_2_VERSION,
1133
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1134
     SSL_STRONG_NONE | SSL_FIPS,
1135
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1136
     0,
1137
     0,
1138
     },
1139
#endif
1140
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1141
    {
1142
     1,
1143
     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1144
     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1145
     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1146
     SSL_kECDHE,
1147
     SSL_aNULL,
1148
     SSL_3DES,
1149
     SSL_SHA1,
1150
     TLS1_VERSION, TLS1_2_VERSION,
1151
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1152
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1153
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1154
     112,
1155
     168,
1156
     },
1157
# endif
1158
    {
1159
     1,
1160
     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1161
     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1162
     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1163
     SSL_kECDHE,
1164
     SSL_aNULL,
1165
     SSL_AES128,
1166
     SSL_SHA1,
1167
     TLS1_VERSION, TLS1_2_VERSION,
1168
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1169
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1170
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1171
     128,
1172
     128,
1173
     },
1174
    {
1175
     1,
1176
     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1177
     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1178
     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1179
     SSL_kECDHE,
1180
     SSL_aNULL,
1181
     SSL_AES256,
1182
     SSL_SHA1,
1183
     TLS1_VERSION, TLS1_2_VERSION,
1184
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1185
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1186
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1187
     256,
1188
     256,
1189
     },
1190
    {
1191
     1,
1192
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1193
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1194
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1195
     SSL_kECDHE,
1196
     SSL_aECDSA,
1197
     SSL_AES128,
1198
     SSL_SHA256,
1199
     TLS1_2_VERSION, TLS1_2_VERSION,
1200
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1201
     SSL_HIGH | SSL_FIPS,
1202
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1203
     128,
1204
     128,
1205
     },
1206
    {
1207
     1,
1208
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1209
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1210
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1211
     SSL_kECDHE,
1212
     SSL_aECDSA,
1213
     SSL_AES256,
1214
     SSL_SHA384,
1215
     TLS1_2_VERSION, TLS1_2_VERSION,
1216
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1217
     SSL_HIGH | SSL_FIPS,
1218
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1219
     256,
1220
     256,
1221
     },
1222
    {
1223
     1,
1224
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1225
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1226
     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1227
     SSL_kECDHE,
1228
     SSL_aRSA,
1229
     SSL_AES128,
1230
     SSL_SHA256,
1231
     TLS1_2_VERSION, TLS1_2_VERSION,
1232
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1233
     SSL_HIGH | SSL_FIPS,
1234
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1235
     128,
1236
     128,
1237
     },
1238
    {
1239
     1,
1240
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1241
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1242
     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1243
     SSL_kECDHE,
1244
     SSL_aRSA,
1245
     SSL_AES256,
1246
     SSL_SHA384,
1247
     TLS1_2_VERSION, TLS1_2_VERSION,
1248
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1249
     SSL_HIGH | SSL_FIPS,
1250
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1251
     256,
1252
     256,
1253
     },
1254
    {
1255
     1,
1256
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1257
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1258
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1259
     SSL_kECDHE,
1260
     SSL_aECDSA,
1261
     SSL_AES128GCM,
1262
     SSL_AEAD,
1263
     TLS1_2_VERSION, TLS1_2_VERSION,
1264
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1265
     SSL_HIGH | SSL_FIPS,
1266
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1267
     128,
1268
     128,
1269
     },
1270
    {
1271
     1,
1272
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1273
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1274
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1275
     SSL_kECDHE,
1276
     SSL_aECDSA,
1277
     SSL_AES256GCM,
1278
     SSL_AEAD,
1279
     TLS1_2_VERSION, TLS1_2_VERSION,
1280
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1281
     SSL_HIGH | SSL_FIPS,
1282
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1283
     256,
1284
     256,
1285
     },
1286
    {
1287
     1,
1288
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1289
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1290
     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1291
     SSL_kECDHE,
1292
     SSL_aRSA,
1293
     SSL_AES128GCM,
1294
     SSL_AEAD,
1295
     TLS1_2_VERSION, TLS1_2_VERSION,
1296
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1297
     SSL_HIGH | SSL_FIPS,
1298
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1299
     128,
1300
     128,
1301
     },
1302
    {
1303
     1,
1304
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1305
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1306
     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1307
     SSL_kECDHE,
1308
     SSL_aRSA,
1309
     SSL_AES256GCM,
1310
     SSL_AEAD,
1311
     TLS1_2_VERSION, TLS1_2_VERSION,
1312
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1313
     SSL_HIGH | SSL_FIPS,
1314
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1315
     256,
1316
     256,
1317
     },
1318
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1319
    {
1320
     1,
1321
     TLS1_TXT_PSK_WITH_NULL_SHA,
1322
     TLS1_RFC_PSK_WITH_NULL_SHA,
1323
     TLS1_CK_PSK_WITH_NULL_SHA,
1324
     SSL_kPSK,
1325
     SSL_aPSK,
1326
     SSL_eNULL,
1327
     SSL_SHA1,
1328
     SSL3_VERSION, TLS1_2_VERSION,
1329
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1330
     SSL_STRONG_NONE | SSL_FIPS,
1331
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1332
     0,
1333
     0,
1334
     },
1335
    {
1336
     1,
1337
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1338
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1339
     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1340
     SSL_kDHEPSK,
1341
     SSL_aPSK,
1342
     SSL_eNULL,
1343
     SSL_SHA1,
1344
     SSL3_VERSION, TLS1_2_VERSION,
1345
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1346
     SSL_STRONG_NONE | SSL_FIPS,
1347
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1348
     0,
1349
     0,
1350
     },
1351
    {
1352
     1,
1353
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1354
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1355
     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1356
     SSL_kRSAPSK,
1357
     SSL_aRSA,
1358
     SSL_eNULL,
1359
     SSL_SHA1,
1360
     SSL3_VERSION, TLS1_2_VERSION,
1361
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1362
     SSL_STRONG_NONE | SSL_FIPS,
1363
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1364
     0,
1365
     0,
1366
     },
1367
#endif
1368
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1369
    {
1370
     1,
1371
     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1372
     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1373
     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1374
     SSL_kPSK,
1375
     SSL_aPSK,
1376
     SSL_3DES,
1377
     SSL_SHA1,
1378
     SSL3_VERSION, TLS1_2_VERSION,
1379
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1380
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1381
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1382
     112,
1383
     168,
1384
     },
1385
# endif
1386
    {
1387
     1,
1388
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1389
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1390
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1391
     SSL_kPSK,
1392
     SSL_aPSK,
1393
     SSL_AES128,
1394
     SSL_SHA1,
1395
     SSL3_VERSION, TLS1_2_VERSION,
1396
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1397
     SSL_HIGH | SSL_FIPS,
1398
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1399
     128,
1400
     128,
1401
     },
1402
    {
1403
     1,
1404
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1405
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1406
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1407
     SSL_kPSK,
1408
     SSL_aPSK,
1409
     SSL_AES256,
1410
     SSL_SHA1,
1411
     SSL3_VERSION, TLS1_2_VERSION,
1412
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1413
     SSL_HIGH | SSL_FIPS,
1414
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1415
     256,
1416
     256,
1417
     },
1418
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1419
    {
1420
     1,
1421
     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1422
     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1423
     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1424
     SSL_kDHEPSK,
1425
     SSL_aPSK,
1426
     SSL_3DES,
1427
     SSL_SHA1,
1428
     SSL3_VERSION, TLS1_2_VERSION,
1429
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1430
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1431
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1432
     112,
1433
     168,
1434
     },
1435
# endif
1436
    {
1437
     1,
1438
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1439
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1440
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1441
     SSL_kDHEPSK,
1442
     SSL_aPSK,
1443
     SSL_AES128,
1444
     SSL_SHA1,
1445
     SSL3_VERSION, TLS1_2_VERSION,
1446
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1447
     SSL_HIGH | SSL_FIPS,
1448
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1449
     128,
1450
     128,
1451
     },
1452
    {
1453
     1,
1454
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1455
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1456
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1457
     SSL_kDHEPSK,
1458
     SSL_aPSK,
1459
     SSL_AES256,
1460
     SSL_SHA1,
1461
     SSL3_VERSION, TLS1_2_VERSION,
1462
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1463
     SSL_HIGH | SSL_FIPS,
1464
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1465
     256,
1466
     256,
1467
     },
1468
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1469
    {
1470
     1,
1471
     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1472
     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1473
     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1474
     SSL_kRSAPSK,
1475
     SSL_aRSA,
1476
     SSL_3DES,
1477
     SSL_SHA1,
1478
     SSL3_VERSION, TLS1_2_VERSION,
1479
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1480
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1481
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1482
     112,
1483
     168,
1484
     },
1485
# endif
1486
    {
1487
     1,
1488
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1489
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1490
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1491
     SSL_kRSAPSK,
1492
     SSL_aRSA,
1493
     SSL_AES128,
1494
     SSL_SHA1,
1495
     SSL3_VERSION, TLS1_2_VERSION,
1496
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1497
     SSL_HIGH | SSL_FIPS,
1498
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1499
     128,
1500
     128,
1501
     },
1502
    {
1503
     1,
1504
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1505
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1506
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1507
     SSL_kRSAPSK,
1508
     SSL_aRSA,
1509
     SSL_AES256,
1510
     SSL_SHA1,
1511
     SSL3_VERSION, TLS1_2_VERSION,
1512
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1513
     SSL_HIGH | SSL_FIPS,
1514
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1515
     256,
1516
     256,
1517
     },
1518
    {
1519
     1,
1520
     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1521
     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1522
     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1523
     SSL_kPSK,
1524
     SSL_aPSK,
1525
     SSL_AES128GCM,
1526
     SSL_AEAD,
1527
     TLS1_2_VERSION, TLS1_2_VERSION,
1528
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1529
     SSL_HIGH | SSL_FIPS,
1530
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1531
     128,
1532
     128,
1533
     },
1534
    {
1535
     1,
1536
     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1537
     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1538
     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1539
     SSL_kPSK,
1540
     SSL_aPSK,
1541
     SSL_AES256GCM,
1542
     SSL_AEAD,
1543
     TLS1_2_VERSION, TLS1_2_VERSION,
1544
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1545
     SSL_HIGH | SSL_FIPS,
1546
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1547
     256,
1548
     256,
1549
     },
1550
    {
1551
     1,
1552
     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1553
     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1554
     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1555
     SSL_kDHEPSK,
1556
     SSL_aPSK,
1557
     SSL_AES128GCM,
1558
     SSL_AEAD,
1559
     TLS1_2_VERSION, TLS1_2_VERSION,
1560
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1561
     SSL_HIGH | SSL_FIPS,
1562
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1563
     128,
1564
     128,
1565
     },
1566
    {
1567
     1,
1568
     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1569
     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1570
     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1571
     SSL_kDHEPSK,
1572
     SSL_aPSK,
1573
     SSL_AES256GCM,
1574
     SSL_AEAD,
1575
     TLS1_2_VERSION, TLS1_2_VERSION,
1576
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1577
     SSL_HIGH | SSL_FIPS,
1578
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1579
     256,
1580
     256,
1581
     },
1582
    {
1583
     1,
1584
     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1585
     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1586
     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1587
     SSL_kRSAPSK,
1588
     SSL_aRSA,
1589
     SSL_AES128GCM,
1590
     SSL_AEAD,
1591
     TLS1_2_VERSION, TLS1_2_VERSION,
1592
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1593
     SSL_HIGH | SSL_FIPS,
1594
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1595
     128,
1596
     128,
1597
     },
1598
    {
1599
     1,
1600
     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1601
     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1602
     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1603
     SSL_kRSAPSK,
1604
     SSL_aRSA,
1605
     SSL_AES256GCM,
1606
     SSL_AEAD,
1607
     TLS1_2_VERSION, TLS1_2_VERSION,
1608
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1609
     SSL_HIGH | SSL_FIPS,
1610
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1611
     256,
1612
     256,
1613
     },
1614
    {
1615
     1,
1616
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1617
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1618
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1619
     SSL_kPSK,
1620
     SSL_aPSK,
1621
     SSL_AES128,
1622
     SSL_SHA256,
1623
     TLS1_VERSION, TLS1_2_VERSION,
1624
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1625
     SSL_HIGH | SSL_FIPS,
1626
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1627
     128,
1628
     128,
1629
     },
1630
    {
1631
     1,
1632
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1633
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1634
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1635
     SSL_kPSK,
1636
     SSL_aPSK,
1637
     SSL_AES256,
1638
     SSL_SHA384,
1639
     TLS1_VERSION, TLS1_2_VERSION,
1640
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1641
     SSL_HIGH | SSL_FIPS,
1642
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1643
     256,
1644
     256,
1645
     },
1646
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1647
    {
1648
     1,
1649
     TLS1_TXT_PSK_WITH_NULL_SHA256,
1650
     TLS1_RFC_PSK_WITH_NULL_SHA256,
1651
     TLS1_CK_PSK_WITH_NULL_SHA256,
1652
     SSL_kPSK,
1653
     SSL_aPSK,
1654
     SSL_eNULL,
1655
     SSL_SHA256,
1656
     TLS1_VERSION, TLS1_2_VERSION,
1657
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1658
     SSL_STRONG_NONE | SSL_FIPS,
1659
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1660
     0,
1661
     0,
1662
     },
1663
    {
1664
     1,
1665
     TLS1_TXT_PSK_WITH_NULL_SHA384,
1666
     TLS1_RFC_PSK_WITH_NULL_SHA384,
1667
     TLS1_CK_PSK_WITH_NULL_SHA384,
1668
     SSL_kPSK,
1669
     SSL_aPSK,
1670
     SSL_eNULL,
1671
     SSL_SHA384,
1672
     TLS1_VERSION, TLS1_2_VERSION,
1673
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1674
     SSL_STRONG_NONE | SSL_FIPS,
1675
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1676
     0,
1677
     0,
1678
     },
1679
#endif
1680
    {
1681
     1,
1682
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1683
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1684
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1685
     SSL_kDHEPSK,
1686
     SSL_aPSK,
1687
     SSL_AES128,
1688
     SSL_SHA256,
1689
     TLS1_VERSION, TLS1_2_VERSION,
1690
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1691
     SSL_HIGH | SSL_FIPS,
1692
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1693
     128,
1694
     128,
1695
     },
1696
    {
1697
     1,
1698
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1699
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1700
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1701
     SSL_kDHEPSK,
1702
     SSL_aPSK,
1703
     SSL_AES256,
1704
     SSL_SHA384,
1705
     TLS1_VERSION, TLS1_2_VERSION,
1706
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1707
     SSL_HIGH | SSL_FIPS,
1708
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1709
     256,
1710
     256,
1711
     },
1712
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1713
    {
1714
     1,
1715
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1716
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1717
     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1718
     SSL_kDHEPSK,
1719
     SSL_aPSK,
1720
     SSL_eNULL,
1721
     SSL_SHA256,
1722
     TLS1_VERSION, TLS1_2_VERSION,
1723
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1724
     SSL_STRONG_NONE | SSL_FIPS,
1725
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1726
     0,
1727
     0,
1728
     },
1729
    {
1730
     1,
1731
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1732
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1733
     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1734
     SSL_kDHEPSK,
1735
     SSL_aPSK,
1736
     SSL_eNULL,
1737
     SSL_SHA384,
1738
     TLS1_VERSION, TLS1_2_VERSION,
1739
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1740
     SSL_STRONG_NONE | SSL_FIPS,
1741
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1742
     0,
1743
     0,
1744
     },
1745
#endif
1746
    {
1747
     1,
1748
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1749
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1750
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1751
     SSL_kRSAPSK,
1752
     SSL_aRSA,
1753
     SSL_AES128,
1754
     SSL_SHA256,
1755
     TLS1_VERSION, TLS1_2_VERSION,
1756
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1757
     SSL_HIGH | SSL_FIPS,
1758
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1759
     128,
1760
     128,
1761
     },
1762
    {
1763
     1,
1764
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1765
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1766
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1767
     SSL_kRSAPSK,
1768
     SSL_aRSA,
1769
     SSL_AES256,
1770
     SSL_SHA384,
1771
     TLS1_VERSION, TLS1_2_VERSION,
1772
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1773
     SSL_HIGH | SSL_FIPS,
1774
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1775
     256,
1776
     256,
1777
     },
1778
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1779
    {
1780
     1,
1781
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1782
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1783
     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1784
     SSL_kRSAPSK,
1785
     SSL_aRSA,
1786
     SSL_eNULL,
1787
     SSL_SHA256,
1788
     TLS1_VERSION, TLS1_2_VERSION,
1789
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1790
     SSL_STRONG_NONE | SSL_FIPS,
1791
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1792
     0,
1793
     0,
1794
     },
1795
    {
1796
     1,
1797
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1798
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1799
     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1800
     SSL_kRSAPSK,
1801
     SSL_aRSA,
1802
     SSL_eNULL,
1803
     SSL_SHA384,
1804
     TLS1_VERSION, TLS1_2_VERSION,
1805
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1806
     SSL_STRONG_NONE | SSL_FIPS,
1807
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1808
     0,
1809
     0,
1810
     },
1811
#endif
1812
#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1813
    {
1814
     1,
1815
     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1816
     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1817
     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1818
     SSL_kECDHEPSK,
1819
     SSL_aPSK,
1820
     SSL_3DES,
1821
     SSL_SHA1,
1822
     TLS1_VERSION, TLS1_2_VERSION,
1823
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1824
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1825
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1826
     112,
1827
     168,
1828
     },
1829
#  endif
1830
    {
1831
     1,
1832
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1833
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1834
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1835
     SSL_kECDHEPSK,
1836
     SSL_aPSK,
1837
     SSL_AES128,
1838
     SSL_SHA1,
1839
     TLS1_VERSION, TLS1_2_VERSION,
1840
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1841
     SSL_HIGH | SSL_FIPS,
1842
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1843
     128,
1844
     128,
1845
     },
1846
    {
1847
     1,
1848
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1849
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1850
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1851
     SSL_kECDHEPSK,
1852
     SSL_aPSK,
1853
     SSL_AES256,
1854
     SSL_SHA1,
1855
     TLS1_VERSION, TLS1_2_VERSION,
1856
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1857
     SSL_HIGH | SSL_FIPS,
1858
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859
     256,
1860
     256,
1861
     },
1862
    {
1863
     1,
1864
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1865
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1866
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1867
     SSL_kECDHEPSK,
1868
     SSL_aPSK,
1869
     SSL_AES128,
1870
     SSL_SHA256,
1871
     TLS1_VERSION, TLS1_2_VERSION,
1872
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1873
     SSL_HIGH | SSL_FIPS,
1874
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875
     128,
1876
     128,
1877
     },
1878
    {
1879
     1,
1880
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1881
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1882
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1883
     SSL_kECDHEPSK,
1884
     SSL_aPSK,
1885
     SSL_AES256,
1886
     SSL_SHA384,
1887
     TLS1_VERSION, TLS1_2_VERSION,
1888
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1889
     SSL_HIGH | SSL_FIPS,
1890
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1891
     256,
1892
     256,
1893
     },
1894
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1895
    {
1896
     1,
1897
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1898
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1899
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1900
     SSL_kECDHEPSK,
1901
     SSL_aPSK,
1902
     SSL_eNULL,
1903
     SSL_SHA1,
1904
     TLS1_VERSION, TLS1_2_VERSION,
1905
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1906
     SSL_STRONG_NONE | SSL_FIPS,
1907
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1908
     0,
1909
     0,
1910
     },
1911
    {
1912
     1,
1913
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1914
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1915
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1916
     SSL_kECDHEPSK,
1917
     SSL_aPSK,
1918
     SSL_eNULL,
1919
     SSL_SHA256,
1920
     TLS1_VERSION, TLS1_2_VERSION,
1921
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1922
     SSL_STRONG_NONE | SSL_FIPS,
1923
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1924
     0,
1925
     0,
1926
     },
1927
    {
1928
     1,
1929
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1930
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1931
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1932
     SSL_kECDHEPSK,
1933
     SSL_aPSK,
1934
     SSL_eNULL,
1935
     SSL_SHA384,
1936
     TLS1_VERSION, TLS1_2_VERSION,
1937
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1938
     SSL_STRONG_NONE | SSL_FIPS,
1939
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1940
     0,
1941
     0,
1942
     },
1943
#endif
1944
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1945
    {
1946
     1,
1947
     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1948
     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1949
     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1950
     SSL_kSRP,
1951
     SSL_aSRP,
1952
     SSL_3DES,
1953
     SSL_SHA1,
1954
     SSL3_VERSION, TLS1_2_VERSION,
1955
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1956
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1957
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1958
     112,
1959
     168,
1960
     },
1961
    {
1962
     1,
1963
     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1964
     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1965
     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1966
     SSL_kSRP,
1967
     SSL_aRSA,
1968
     SSL_3DES,
1969
     SSL_SHA1,
1970
     SSL3_VERSION, TLS1_2_VERSION,
1971
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1972
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1973
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1974
     112,
1975
     168,
1976
     },
1977
    {
1978
     1,
1979
     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1980
     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1981
     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1982
     SSL_kSRP,
1983
     SSL_aDSS,
1984
     SSL_3DES,
1985
     SSL_SHA1,
1986
     SSL3_VERSION, TLS1_2_VERSION,
1987
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1988
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1989
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1990
     112,
1991
     168,
1992
     },
1993
# endif
1994
    {
1995
     1,
1996
     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1997
     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1998
     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1999
     SSL_kSRP,
2000
     SSL_aSRP,
2001
     SSL_AES128,
2002
     SSL_SHA1,
2003
     SSL3_VERSION, TLS1_2_VERSION,
2004
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2005
     SSL_HIGH,
2006
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2007
     128,
2008
     128,
2009
     },
2010
    {
2011
     1,
2012
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2013
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2014
     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2015
     SSL_kSRP,
2016
     SSL_aRSA,
2017
     SSL_AES128,
2018
     SSL_SHA1,
2019
     SSL3_VERSION, TLS1_2_VERSION,
2020
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2021
     SSL_HIGH,
2022
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2023
     128,
2024
     128,
2025
     },
2026
    {
2027
     1,
2028
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2029
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2030
     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2031
     SSL_kSRP,
2032
     SSL_aDSS,
2033
     SSL_AES128,
2034
     SSL_SHA1,
2035
     SSL3_VERSION, TLS1_2_VERSION,
2036
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2037
     SSL_NOT_DEFAULT | SSL_HIGH,
2038
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2039
     128,
2040
     128,
2041
     },
2042
    {
2043
     1,
2044
     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2045
     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2046
     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2047
     SSL_kSRP,
2048
     SSL_aSRP,
2049
     SSL_AES256,
2050
     SSL_SHA1,
2051
     SSL3_VERSION, TLS1_2_VERSION,
2052
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2053
     SSL_HIGH,
2054
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2055
     256,
2056
     256,
2057
     },
2058
    {
2059
     1,
2060
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2061
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2062
     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2063
     SSL_kSRP,
2064
     SSL_aRSA,
2065
     SSL_AES256,
2066
     SSL_SHA1,
2067
     SSL3_VERSION, TLS1_2_VERSION,
2068
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2069
     SSL_HIGH,
2070
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2071
     256,
2072
     256,
2073
     },
2074
    {
2075
     1,
2076
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2077
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2078
     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2079
     SSL_kSRP,
2080
     SSL_aDSS,
2081
     SSL_AES256,
2082
     SSL_SHA1,
2083
     SSL3_VERSION, TLS1_2_VERSION,
2084
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2085
     SSL_NOT_DEFAULT | SSL_HIGH,
2086
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2087
     256,
2088
     256,
2089
     },
2090
2091
    {
2092
     1,
2093
     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2094
     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2095
     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2096
     SSL_kDHE,
2097
     SSL_aRSA,
2098
     SSL_CHACHA20POLY1305,
2099
     SSL_AEAD,
2100
     TLS1_2_VERSION, TLS1_2_VERSION,
2101
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2102
     SSL_HIGH,
2103
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2104
     256,
2105
     256,
2106
     },
2107
    {
2108
     1,
2109
     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2110
     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2111
     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2112
     SSL_kECDHE,
2113
     SSL_aRSA,
2114
     SSL_CHACHA20POLY1305,
2115
     SSL_AEAD,
2116
     TLS1_2_VERSION, TLS1_2_VERSION,
2117
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2118
     SSL_HIGH,
2119
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2120
     256,
2121
     256,
2122
     },
2123
    {
2124
     1,
2125
     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2126
     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2127
     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2128
     SSL_kECDHE,
2129
     SSL_aECDSA,
2130
     SSL_CHACHA20POLY1305,
2131
     SSL_AEAD,
2132
     TLS1_2_VERSION, TLS1_2_VERSION,
2133
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2134
     SSL_HIGH,
2135
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2136
     256,
2137
     256,
2138
     },
2139
    {
2140
     1,
2141
     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2142
     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2143
     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2144
     SSL_kPSK,
2145
     SSL_aPSK,
2146
     SSL_CHACHA20POLY1305,
2147
     SSL_AEAD,
2148
     TLS1_2_VERSION, TLS1_2_VERSION,
2149
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2150
     SSL_HIGH,
2151
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2152
     256,
2153
     256,
2154
     },
2155
    {
2156
     1,
2157
     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2158
     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2159
     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2160
     SSL_kECDHEPSK,
2161
     SSL_aPSK,
2162
     SSL_CHACHA20POLY1305,
2163
     SSL_AEAD,
2164
     TLS1_2_VERSION, TLS1_2_VERSION,
2165
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2166
     SSL_HIGH,
2167
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2168
     256,
2169
     256,
2170
     },
2171
    {
2172
     1,
2173
     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2174
     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2175
     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2176
     SSL_kDHEPSK,
2177
     SSL_aPSK,
2178
     SSL_CHACHA20POLY1305,
2179
     SSL_AEAD,
2180
     TLS1_2_VERSION, TLS1_2_VERSION,
2181
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2182
     SSL_HIGH,
2183
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2184
     256,
2185
     256,
2186
     },
2187
    {
2188
     1,
2189
     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2190
     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2191
     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2192
     SSL_kRSAPSK,
2193
     SSL_aRSA,
2194
     SSL_CHACHA20POLY1305,
2195
     SSL_AEAD,
2196
     TLS1_2_VERSION, TLS1_2_VERSION,
2197
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2198
     SSL_HIGH,
2199
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2200
     256,
2201
     256,
2202
     },
2203
2204
    {
2205
     1,
2206
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2207
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2208
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2209
     SSL_kRSA,
2210
     SSL_aRSA,
2211
     SSL_CAMELLIA128,
2212
     SSL_SHA256,
2213
     TLS1_2_VERSION, TLS1_2_VERSION,
2214
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2215
     SSL_NOT_DEFAULT | SSL_HIGH,
2216
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2217
     128,
2218
     128,
2219
     },
2220
    {
2221
     1,
2222
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2223
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2224
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2225
     SSL_kDHE,
2226
     SSL_aDSS,
2227
     SSL_CAMELLIA128,
2228
     SSL_SHA256,
2229
     TLS1_2_VERSION, TLS1_2_VERSION,
2230
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2231
     SSL_NOT_DEFAULT | SSL_HIGH,
2232
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2233
     128,
2234
     128,
2235
     },
2236
    {
2237
     1,
2238
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2239
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2240
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2241
     SSL_kDHE,
2242
     SSL_aRSA,
2243
     SSL_CAMELLIA128,
2244
     SSL_SHA256,
2245
     TLS1_2_VERSION, TLS1_2_VERSION,
2246
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2247
     SSL_NOT_DEFAULT | SSL_HIGH,
2248
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2249
     128,
2250
     128,
2251
     },
2252
    {
2253
     1,
2254
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2255
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2256
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2257
     SSL_kDHE,
2258
     SSL_aNULL,
2259
     SSL_CAMELLIA128,
2260
     SSL_SHA256,
2261
     TLS1_2_VERSION, TLS1_2_VERSION,
2262
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2263
     SSL_NOT_DEFAULT | SSL_HIGH,
2264
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2265
     128,
2266
     128,
2267
     },
2268
    {
2269
     1,
2270
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2271
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2272
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2273
     SSL_kRSA,
2274
     SSL_aRSA,
2275
     SSL_CAMELLIA256,
2276
     SSL_SHA256,
2277
     TLS1_2_VERSION, TLS1_2_VERSION,
2278
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2279
     SSL_NOT_DEFAULT | SSL_HIGH,
2280
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2281
     256,
2282
     256,
2283
     },
2284
    {
2285
     1,
2286
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2287
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2288
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2289
     SSL_kDHE,
2290
     SSL_aDSS,
2291
     SSL_CAMELLIA256,
2292
     SSL_SHA256,
2293
     TLS1_2_VERSION, TLS1_2_VERSION,
2294
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2295
     SSL_NOT_DEFAULT | SSL_HIGH,
2296
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2297
     256,
2298
     256,
2299
     },
2300
    {
2301
     1,
2302
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2303
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2304
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2305
     SSL_kDHE,
2306
     SSL_aRSA,
2307
     SSL_CAMELLIA256,
2308
     SSL_SHA256,
2309
     TLS1_2_VERSION, TLS1_2_VERSION,
2310
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2311
     SSL_NOT_DEFAULT | SSL_HIGH,
2312
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2313
     256,
2314
     256,
2315
     },
2316
    {
2317
     1,
2318
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2319
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2320
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2321
     SSL_kDHE,
2322
     SSL_aNULL,
2323
     SSL_CAMELLIA256,
2324
     SSL_SHA256,
2325
     TLS1_2_VERSION, TLS1_2_VERSION,
2326
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2327
     SSL_NOT_DEFAULT | SSL_HIGH,
2328
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2329
     256,
2330
     256,
2331
     },
2332
    {
2333
     1,
2334
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2335
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2336
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2337
     SSL_kRSA,
2338
     SSL_aRSA,
2339
     SSL_CAMELLIA256,
2340
     SSL_SHA1,
2341
     SSL3_VERSION, TLS1_2_VERSION,
2342
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2343
     SSL_NOT_DEFAULT | SSL_HIGH,
2344
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2345
     256,
2346
     256,
2347
     },
2348
    {
2349
     1,
2350
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2351
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2352
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2353
     SSL_kDHE,
2354
     SSL_aDSS,
2355
     SSL_CAMELLIA256,
2356
     SSL_SHA1,
2357
     SSL3_VERSION, TLS1_2_VERSION,
2358
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2359
     SSL_NOT_DEFAULT | SSL_HIGH,
2360
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2361
     256,
2362
     256,
2363
     },
2364
    {
2365
     1,
2366
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2367
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2368
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2369
     SSL_kDHE,
2370
     SSL_aRSA,
2371
     SSL_CAMELLIA256,
2372
     SSL_SHA1,
2373
     SSL3_VERSION, TLS1_2_VERSION,
2374
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2375
     SSL_NOT_DEFAULT | SSL_HIGH,
2376
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2377
     256,
2378
     256,
2379
     },
2380
    {
2381
     1,
2382
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2383
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2384
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2385
     SSL_kDHE,
2386
     SSL_aNULL,
2387
     SSL_CAMELLIA256,
2388
     SSL_SHA1,
2389
     SSL3_VERSION, TLS1_2_VERSION,
2390
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2391
     SSL_NOT_DEFAULT | SSL_HIGH,
2392
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2393
     256,
2394
     256,
2395
     },
2396
    {
2397
     1,
2398
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2399
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2400
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2401
     SSL_kRSA,
2402
     SSL_aRSA,
2403
     SSL_CAMELLIA128,
2404
     SSL_SHA1,
2405
     SSL3_VERSION, TLS1_2_VERSION,
2406
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2407
     SSL_NOT_DEFAULT | SSL_HIGH,
2408
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2409
     128,
2410
     128,
2411
     },
2412
    {
2413
     1,
2414
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2415
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2416
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2417
     SSL_kDHE,
2418
     SSL_aDSS,
2419
     SSL_CAMELLIA128,
2420
     SSL_SHA1,
2421
     SSL3_VERSION, TLS1_2_VERSION,
2422
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2423
     SSL_NOT_DEFAULT | SSL_HIGH,
2424
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2425
     128,
2426
     128,
2427
     },
2428
    {
2429
     1,
2430
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2431
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2432
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2433
     SSL_kDHE,
2434
     SSL_aRSA,
2435
     SSL_CAMELLIA128,
2436
     SSL_SHA1,
2437
     SSL3_VERSION, TLS1_2_VERSION,
2438
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2439
     SSL_NOT_DEFAULT | SSL_HIGH,
2440
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2441
     128,
2442
     128,
2443
     },
2444
    {
2445
     1,
2446
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2447
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2448
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2449
     SSL_kDHE,
2450
     SSL_aNULL,
2451
     SSL_CAMELLIA128,
2452
     SSL_SHA1,
2453
     SSL3_VERSION, TLS1_2_VERSION,
2454
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2455
     SSL_NOT_DEFAULT | SSL_HIGH,
2456
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2457
     128,
2458
     128,
2459
     },
2460
    {
2461
     1,
2462
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2463
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2464
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2465
     SSL_kECDHE,
2466
     SSL_aECDSA,
2467
     SSL_CAMELLIA128,
2468
     SSL_SHA256,
2469
     TLS1_2_VERSION, TLS1_2_VERSION,
2470
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2471
     SSL_NOT_DEFAULT | SSL_HIGH,
2472
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2473
     128,
2474
     128,
2475
     },
2476
    {
2477
     1,
2478
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2479
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2480
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2481
     SSL_kECDHE,
2482
     SSL_aECDSA,
2483
     SSL_CAMELLIA256,
2484
     SSL_SHA384,
2485
     TLS1_2_VERSION, TLS1_2_VERSION,
2486
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2487
     SSL_NOT_DEFAULT | SSL_HIGH,
2488
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2489
     256,
2490
     256,
2491
     },
2492
    {
2493
     1,
2494
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2495
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2496
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2497
     SSL_kECDHE,
2498
     SSL_aRSA,
2499
     SSL_CAMELLIA128,
2500
     SSL_SHA256,
2501
     TLS1_2_VERSION, TLS1_2_VERSION,
2502
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2503
     SSL_NOT_DEFAULT | SSL_HIGH,
2504
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2505
     128,
2506
     128,
2507
     },
2508
    {
2509
     1,
2510
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2511
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2512
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2513
     SSL_kECDHE,
2514
     SSL_aRSA,
2515
     SSL_CAMELLIA256,
2516
     SSL_SHA384,
2517
     TLS1_2_VERSION, TLS1_2_VERSION,
2518
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2519
     SSL_NOT_DEFAULT | SSL_HIGH,
2520
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2521
     256,
2522
     256,
2523
     },
2524
    {
2525
     1,
2526
     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2527
     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528
     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529
     SSL_kPSK,
2530
     SSL_aPSK,
2531
     SSL_CAMELLIA128,
2532
     SSL_SHA256,
2533
     TLS1_VERSION, TLS1_2_VERSION,
2534
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2535
     SSL_NOT_DEFAULT | SSL_HIGH,
2536
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2537
     128,
2538
     128,
2539
     },
2540
    {
2541
     1,
2542
     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2543
     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544
     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545
     SSL_kPSK,
2546
     SSL_aPSK,
2547
     SSL_CAMELLIA256,
2548
     SSL_SHA384,
2549
     TLS1_VERSION, TLS1_2_VERSION,
2550
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2551
     SSL_NOT_DEFAULT | SSL_HIGH,
2552
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2553
     256,
2554
     256,
2555
     },
2556
    {
2557
     1,
2558
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2559
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561
     SSL_kDHEPSK,
2562
     SSL_aPSK,
2563
     SSL_CAMELLIA128,
2564
     SSL_SHA256,
2565
     TLS1_VERSION, TLS1_2_VERSION,
2566
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2567
     SSL_NOT_DEFAULT | SSL_HIGH,
2568
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2569
     128,
2570
     128,
2571
     },
2572
    {
2573
     1,
2574
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2575
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577
     SSL_kDHEPSK,
2578
     SSL_aPSK,
2579
     SSL_CAMELLIA256,
2580
     SSL_SHA384,
2581
     TLS1_VERSION, TLS1_2_VERSION,
2582
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2583
     SSL_NOT_DEFAULT | SSL_HIGH,
2584
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2585
     256,
2586
     256,
2587
     },
2588
    {
2589
     1,
2590
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2591
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593
     SSL_kRSAPSK,
2594
     SSL_aRSA,
2595
     SSL_CAMELLIA128,
2596
     SSL_SHA256,
2597
     TLS1_VERSION, TLS1_2_VERSION,
2598
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2599
     SSL_NOT_DEFAULT | SSL_HIGH,
2600
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2601
     128,
2602
     128,
2603
     },
2604
    {
2605
     1,
2606
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2607
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609
     SSL_kRSAPSK,
2610
     SSL_aRSA,
2611
     SSL_CAMELLIA256,
2612
     SSL_SHA384,
2613
     TLS1_VERSION, TLS1_2_VERSION,
2614
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2615
     SSL_NOT_DEFAULT | SSL_HIGH,
2616
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2617
     256,
2618
     256,
2619
     },
2620
    {
2621
     1,
2622
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2623
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2624
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2625
     SSL_kECDHEPSK,
2626
     SSL_aPSK,
2627
     SSL_CAMELLIA128,
2628
     SSL_SHA256,
2629
     TLS1_VERSION, TLS1_2_VERSION,
2630
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2631
     SSL_NOT_DEFAULT | SSL_HIGH,
2632
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2633
     128,
2634
     128,
2635
     },
2636
    {
2637
     1,
2638
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2639
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2640
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2641
     SSL_kECDHEPSK,
2642
     SSL_aPSK,
2643
     SSL_CAMELLIA256,
2644
     SSL_SHA384,
2645
     TLS1_VERSION, TLS1_2_VERSION,
2646
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2647
     SSL_NOT_DEFAULT | SSL_HIGH,
2648
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2649
     256,
2650
     256,
2651
     },
2652
2653
#ifndef OPENSSL_NO_GOST
2654
    {
2655
     1,
2656
     "GOST2001-GOST89-GOST89",
2657
     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2658
     0x3000081,
2659
     SSL_kGOST,
2660
     SSL_aGOST01,
2661
     SSL_eGOST2814789CNT,
2662
     SSL_GOST89MAC,
2663
     TLS1_VERSION, TLS1_2_VERSION,
2664
     0, 0,
2665
     SSL_HIGH,
2666
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2667
     256,
2668
     256,
2669
     },
2670
# ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2671
    {
2672
     1,
2673
     "GOST2001-NULL-GOST94",
2674
     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2675
     0x3000083,
2676
     SSL_kGOST,
2677
     SSL_aGOST01,
2678
     SSL_eNULL,
2679
     SSL_GOST94,
2680
     TLS1_VERSION, TLS1_2_VERSION,
2681
     0, 0,
2682
     SSL_STRONG_NONE,
2683
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2684
     0,
2685
     0,
2686
     },
2687
# endif
2688
    {
2689
     1,
2690
     "IANA-GOST2012-GOST8912-GOST8912",
2691
     NULL,
2692
     0x0300c102,
2693
     SSL_kGOST,
2694
     SSL_aGOST12 | SSL_aGOST01,
2695
     SSL_eGOST2814789CNT12,
2696
     SSL_GOST89MAC12,
2697
     TLS1_VERSION, TLS1_2_VERSION,
2698
     0, 0,
2699
     SSL_HIGH,
2700
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2701
     256,
2702
     256,
2703
     },
2704
    {
2705
     1,
2706
     "LEGACY-GOST2012-GOST8912-GOST8912",
2707
     NULL,
2708
     0x0300ff85,
2709
     SSL_kGOST,
2710
     SSL_aGOST12 | SSL_aGOST01,
2711
     SSL_eGOST2814789CNT12,
2712
     SSL_GOST89MAC12,
2713
     TLS1_VERSION, TLS1_2_VERSION,
2714
     0, 0,
2715
     SSL_HIGH,
2716
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2717
     256,
2718
     256,
2719
     },
2720
# ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2721
    {
2722
     1,
2723
     "GOST2012-NULL-GOST12",
2724
     NULL,
2725
     0x0300ff87,
2726
     SSL_kGOST,
2727
     SSL_aGOST12 | SSL_aGOST01,
2728
     SSL_eNULL,
2729
     SSL_GOST12_256,
2730
     TLS1_VERSION, TLS1_2_VERSION,
2731
     0, 0,
2732
     SSL_STRONG_NONE,
2733
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2734
     0,
2735
     0,
2736
     },
2737
# endif
2738
    {
2739
     1,
2740
     "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2741
     NULL,
2742
     0x0300C100,
2743
     SSL_kGOST18,
2744
     SSL_aGOST12,
2745
     SSL_KUZNYECHIK,
2746
     SSL_KUZNYECHIKOMAC,
2747
     TLS1_2_VERSION, TLS1_2_VERSION,
2748
     0, 0,
2749
     SSL_HIGH,
2750
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2751
     256,
2752
     256,
2753
     },
2754
    {
2755
     1,
2756
     "GOST2012-MAGMA-MAGMAOMAC",
2757
     NULL,
2758
     0x0300C101,
2759
     SSL_kGOST18,
2760
     SSL_aGOST12,
2761
     SSL_MAGMA,
2762
     SSL_MAGMAOMAC,
2763
     TLS1_2_VERSION, TLS1_2_VERSION,
2764
     0, 0,
2765
     SSL_HIGH,
2766
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2767
     256,
2768
     256,
2769
     },
2770
#endif                          /* OPENSSL_NO_GOST */
2771
2772
    {
2773
     1,
2774
     SSL3_TXT_RSA_IDEA_128_SHA,
2775
     SSL3_RFC_RSA_IDEA_128_SHA,
2776
     SSL3_CK_RSA_IDEA_128_SHA,
2777
     SSL_kRSA,
2778
     SSL_aRSA,
2779
     SSL_IDEA,
2780
     SSL_SHA1,
2781
     SSL3_VERSION, TLS1_1_VERSION,
2782
     DTLS1_BAD_VER, DTLS1_VERSION,
2783
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2784
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2785
     128,
2786
     128,
2787
     },
2788
2789
    {
2790
     1,
2791
     TLS1_TXT_RSA_WITH_SEED_SHA,
2792
     TLS1_RFC_RSA_WITH_SEED_SHA,
2793
     TLS1_CK_RSA_WITH_SEED_SHA,
2794
     SSL_kRSA,
2795
     SSL_aRSA,
2796
     SSL_SEED,
2797
     SSL_SHA1,
2798
     SSL3_VERSION, TLS1_2_VERSION,
2799
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2800
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2801
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2802
     128,
2803
     128,
2804
     },
2805
    {
2806
     1,
2807
     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2808
     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2809
     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2810
     SSL_kDHE,
2811
     SSL_aDSS,
2812
     SSL_SEED,
2813
     SSL_SHA1,
2814
     SSL3_VERSION, TLS1_2_VERSION,
2815
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2816
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2817
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2818
     128,
2819
     128,
2820
     },
2821
    {
2822
     1,
2823
     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2824
     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2825
     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2826
     SSL_kDHE,
2827
     SSL_aRSA,
2828
     SSL_SEED,
2829
     SSL_SHA1,
2830
     SSL3_VERSION, TLS1_2_VERSION,
2831
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2832
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2833
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2834
     128,
2835
     128,
2836
     },
2837
    {
2838
     1,
2839
     TLS1_TXT_ADH_WITH_SEED_SHA,
2840
     TLS1_RFC_ADH_WITH_SEED_SHA,
2841
     TLS1_CK_ADH_WITH_SEED_SHA,
2842
     SSL_kDHE,
2843
     SSL_aNULL,
2844
     SSL_SEED,
2845
     SSL_SHA1,
2846
     SSL3_VERSION, TLS1_2_VERSION,
2847
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2848
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2849
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2850
     128,
2851
     128,
2852
     },
2853
2854
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2855
    {
2856
     1,
2857
     SSL3_TXT_RSA_RC4_128_MD5,
2858
     SSL3_RFC_RSA_RC4_128_MD5,
2859
     SSL3_CK_RSA_RC4_128_MD5,
2860
     SSL_kRSA,
2861
     SSL_aRSA,
2862
     SSL_RC4,
2863
     SSL_MD5,
2864
     SSL3_VERSION, TLS1_2_VERSION,
2865
     0, 0,
2866
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2867
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2868
     80,
2869
     128,
2870
     },
2871
    {
2872
     1,
2873
     SSL3_TXT_RSA_RC4_128_SHA,
2874
     SSL3_RFC_RSA_RC4_128_SHA,
2875
     SSL3_CK_RSA_RC4_128_SHA,
2876
     SSL_kRSA,
2877
     SSL_aRSA,
2878
     SSL_RC4,
2879
     SSL_SHA1,
2880
     SSL3_VERSION, TLS1_2_VERSION,
2881
     0, 0,
2882
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2883
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2884
     80,
2885
     128,
2886
     },
2887
    {
2888
     1,
2889
     SSL3_TXT_ADH_RC4_128_MD5,
2890
     SSL3_RFC_ADH_RC4_128_MD5,
2891
     SSL3_CK_ADH_RC4_128_MD5,
2892
     SSL_kDHE,
2893
     SSL_aNULL,
2894
     SSL_RC4,
2895
     SSL_MD5,
2896
     SSL3_VERSION, TLS1_2_VERSION,
2897
     0, 0,
2898
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2899
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2900
     80,
2901
     128,
2902
     },
2903
    {
2904
     1,
2905
     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2906
     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2907
     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2908
     SSL_kECDHEPSK,
2909
     SSL_aPSK,
2910
     SSL_RC4,
2911
     SSL_SHA1,
2912
     TLS1_VERSION, TLS1_2_VERSION,
2913
     0, 0,
2914
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2915
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2916
     80,
2917
     128,
2918
     },
2919
    {
2920
     1,
2921
     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2922
     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2923
     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2924
     SSL_kECDHE,
2925
     SSL_aNULL,
2926
     SSL_RC4,
2927
     SSL_SHA1,
2928
     TLS1_VERSION, TLS1_2_VERSION,
2929
     0, 0,
2930
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2931
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2932
     80,
2933
     128,
2934
     },
2935
    {
2936
     1,
2937
     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2938
     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2939
     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2940
     SSL_kECDHE,
2941
     SSL_aECDSA,
2942
     SSL_RC4,
2943
     SSL_SHA1,
2944
     TLS1_VERSION, TLS1_2_VERSION,
2945
     0, 0,
2946
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2947
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2948
     80,
2949
     128,
2950
     },
2951
    {
2952
     1,
2953
     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2954
     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2955
     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2956
     SSL_kECDHE,
2957
     SSL_aRSA,
2958
     SSL_RC4,
2959
     SSL_SHA1,
2960
     TLS1_VERSION, TLS1_2_VERSION,
2961
     0, 0,
2962
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2963
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2964
     80,
2965
     128,
2966
     },
2967
    {
2968
     1,
2969
     TLS1_TXT_PSK_WITH_RC4_128_SHA,
2970
     TLS1_RFC_PSK_WITH_RC4_128_SHA,
2971
     TLS1_CK_PSK_WITH_RC4_128_SHA,
2972
     SSL_kPSK,
2973
     SSL_aPSK,
2974
     SSL_RC4,
2975
     SSL_SHA1,
2976
     SSL3_VERSION, TLS1_2_VERSION,
2977
     0, 0,
2978
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2979
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2980
     80,
2981
     128,
2982
     },
2983
    {
2984
     1,
2985
     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2986
     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2987
     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2988
     SSL_kRSAPSK,
2989
     SSL_aRSA,
2990
     SSL_RC4,
2991
     SSL_SHA1,
2992
     SSL3_VERSION, TLS1_2_VERSION,
2993
     0, 0,
2994
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2995
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2996
     80,
2997
     128,
2998
     },
2999
    {
3000
     1,
3001
     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3002
     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3003
     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3004
     SSL_kDHEPSK,
3005
     SSL_aPSK,
3006
     SSL_RC4,
3007
     SSL_SHA1,
3008
     SSL3_VERSION, TLS1_2_VERSION,
3009
     0, 0,
3010
     SSL_NOT_DEFAULT | SSL_MEDIUM,
3011
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3012
     80,
3013
     128,
3014
     },
3015
#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3016
3017
    {
3018
     1,
3019
     TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3020
     TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3021
     TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3022
     SSL_kRSA,
3023
     SSL_aRSA,
3024
     SSL_ARIA128GCM,
3025
     SSL_AEAD,
3026
     TLS1_2_VERSION, TLS1_2_VERSION,
3027
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3028
     SSL_NOT_DEFAULT | SSL_HIGH,
3029
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3030
     128,
3031
     128,
3032
     },
3033
    {
3034
     1,
3035
     TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3036
     TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3037
     TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3038
     SSL_kRSA,
3039
     SSL_aRSA,
3040
     SSL_ARIA256GCM,
3041
     SSL_AEAD,
3042
     TLS1_2_VERSION, TLS1_2_VERSION,
3043
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3044
     SSL_NOT_DEFAULT | SSL_HIGH,
3045
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3046
     256,
3047
     256,
3048
     },
3049
    {
3050
     1,
3051
     TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052
     TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053
     TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3054
     SSL_kDHE,
3055
     SSL_aRSA,
3056
     SSL_ARIA128GCM,
3057
     SSL_AEAD,
3058
     TLS1_2_VERSION, TLS1_2_VERSION,
3059
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3060
     SSL_NOT_DEFAULT | SSL_HIGH,
3061
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3062
     128,
3063
     128,
3064
     },
3065
    {
3066
     1,
3067
     TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068
     TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069
     TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3070
     SSL_kDHE,
3071
     SSL_aRSA,
3072
     SSL_ARIA256GCM,
3073
     SSL_AEAD,
3074
     TLS1_2_VERSION, TLS1_2_VERSION,
3075
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3076
     SSL_NOT_DEFAULT | SSL_HIGH,
3077
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3078
     256,
3079
     256,
3080
     },
3081
    {
3082
     1,
3083
     TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3084
     TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3085
     TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3086
     SSL_kDHE,
3087
     SSL_aDSS,
3088
     SSL_ARIA128GCM,
3089
     SSL_AEAD,
3090
     TLS1_2_VERSION, TLS1_2_VERSION,
3091
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3092
     SSL_NOT_DEFAULT | SSL_HIGH,
3093
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3094
     128,
3095
     128,
3096
     },
3097
    {
3098
     1,
3099
     TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3100
     TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3101
     TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3102
     SSL_kDHE,
3103
     SSL_aDSS,
3104
     SSL_ARIA256GCM,
3105
     SSL_AEAD,
3106
     TLS1_2_VERSION, TLS1_2_VERSION,
3107
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3108
     SSL_NOT_DEFAULT | SSL_HIGH,
3109
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3110
     256,
3111
     256,
3112
     },
3113
    {
3114
     1,
3115
     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3116
     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3117
     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3118
     SSL_kECDHE,
3119
     SSL_aECDSA,
3120
     SSL_ARIA128GCM,
3121
     SSL_AEAD,
3122
     TLS1_2_VERSION, TLS1_2_VERSION,
3123
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3124
     SSL_NOT_DEFAULT | SSL_HIGH,
3125
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3126
     128,
3127
     128,
3128
     },
3129
    {
3130
     1,
3131
     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3132
     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3133
     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3134
     SSL_kECDHE,
3135
     SSL_aECDSA,
3136
     SSL_ARIA256GCM,
3137
     SSL_AEAD,
3138
     TLS1_2_VERSION, TLS1_2_VERSION,
3139
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3140
     SSL_NOT_DEFAULT | SSL_HIGH,
3141
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3142
     256,
3143
     256,
3144
     },
3145
    {
3146
     1,
3147
     TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3148
     TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3149
     TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3150
     SSL_kECDHE,
3151
     SSL_aRSA,
3152
     SSL_ARIA128GCM,
3153
     SSL_AEAD,
3154
     TLS1_2_VERSION, TLS1_2_VERSION,
3155
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3156
     SSL_NOT_DEFAULT | SSL_HIGH,
3157
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3158
     128,
3159
     128,
3160
     },
3161
    {
3162
     1,
3163
     TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3164
     TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3165
     TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3166
     SSL_kECDHE,
3167
     SSL_aRSA,
3168
     SSL_ARIA256GCM,
3169
     SSL_AEAD,
3170
     TLS1_2_VERSION, TLS1_2_VERSION,
3171
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3172
     SSL_NOT_DEFAULT | SSL_HIGH,
3173
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3174
     256,
3175
     256,
3176
     },
3177
    {
3178
     1,
3179
     TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3180
     TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3181
     TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3182
     SSL_kPSK,
3183
     SSL_aPSK,
3184
     SSL_ARIA128GCM,
3185
     SSL_AEAD,
3186
     TLS1_2_VERSION, TLS1_2_VERSION,
3187
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3188
     SSL_NOT_DEFAULT | SSL_HIGH,
3189
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3190
     128,
3191
     128,
3192
     },
3193
    {
3194
     1,
3195
     TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3196
     TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3197
     TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3198
     SSL_kPSK,
3199
     SSL_aPSK,
3200
     SSL_ARIA256GCM,
3201
     SSL_AEAD,
3202
     TLS1_2_VERSION, TLS1_2_VERSION,
3203
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3204
     SSL_NOT_DEFAULT | SSL_HIGH,
3205
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3206
     256,
3207
     256,
3208
     },
3209
    {
3210
     1,
3211
     TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3212
     TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3213
     TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3214
     SSL_kDHEPSK,
3215
     SSL_aPSK,
3216
     SSL_ARIA128GCM,
3217
     SSL_AEAD,
3218
     TLS1_2_VERSION, TLS1_2_VERSION,
3219
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3220
     SSL_NOT_DEFAULT | SSL_HIGH,
3221
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3222
     128,
3223
     128,
3224
     },
3225
    {
3226
     1,
3227
     TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3228
     TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3229
     TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3230
     SSL_kDHEPSK,
3231
     SSL_aPSK,
3232
     SSL_ARIA256GCM,
3233
     SSL_AEAD,
3234
     TLS1_2_VERSION, TLS1_2_VERSION,
3235
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3236
     SSL_NOT_DEFAULT | SSL_HIGH,
3237
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3238
     256,
3239
     256,
3240
     },
3241
    {
3242
     1,
3243
     TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3244
     TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3245
     TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3246
     SSL_kRSAPSK,
3247
     SSL_aRSA,
3248
     SSL_ARIA128GCM,
3249
     SSL_AEAD,
3250
     TLS1_2_VERSION, TLS1_2_VERSION,
3251
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3252
     SSL_NOT_DEFAULT | SSL_HIGH,
3253
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3254
     128,
3255
     128,
3256
     },
3257
    {
3258
     1,
3259
     TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3260
     TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3261
     TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3262
     SSL_kRSAPSK,
3263
     SSL_aRSA,
3264
     SSL_ARIA256GCM,
3265
     SSL_AEAD,
3266
     TLS1_2_VERSION, TLS1_2_VERSION,
3267
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3268
     SSL_NOT_DEFAULT | SSL_HIGH,
3269
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3270
     256,
3271
     256,
3272
     },
3273
};
3274
3275
/*
3276
 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3277
 * values stuffed into the ciphers field of the wire protocol for signalling
3278
 * purposes.
3279
 */
3280
static SSL_CIPHER ssl3_scsvs[] = {
3281
    {
3282
     0,
3283
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3284
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3285
     SSL3_CK_SCSV,
3286
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3287
    },
3288
    {
3289
     0,
3290
     "TLS_FALLBACK_SCSV",
3291
     "TLS_FALLBACK_SCSV",
3292
     SSL3_CK_FALLBACK_SCSV,
3293
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3294
    },
3295
};
3296
3297
static int cipher_compare(const void *a, const void *b)
3298
15.5k
{
3299
15.5k
    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3300
15.5k
    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3301
3302
15.5k
    if (ap->id == bp->id)
3303
0
        return 0;
3304
15.5k
    return ap->id < bp->id ? -1 : 1;
3305
15.5k
}
3306
3307
void ssl_sort_cipher_list(void)
3308
16
{
3309
16
    qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3310
16
          cipher_compare);
3311
16
    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3312
16
          cipher_compare);
3313
16
    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3314
16
}
3315
3316
static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3317
                                       size_t s, const char *t, size_t u,
3318
                                       const unsigned char *v, size_t w, int x)
3319
0
{
3320
0
    (void)r;
3321
0
    (void)s;
3322
0
    (void)t;
3323
0
    (void)u;
3324
0
    (void)v;
3325
0
    (void)w;
3326
0
    (void)x;
3327
0
    return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3328
0
}
3329
3330
const SSL3_ENC_METHOD SSLv3_enc_data = {
3331
    ssl3_setup_key_block,
3332
    ssl3_generate_master_secret,
3333
    ssl3_change_cipher_state,
3334
    ssl3_final_finish_mac,
3335
    SSL3_MD_CLIENT_FINISHED_CONST, 4,
3336
    SSL3_MD_SERVER_FINISHED_CONST, 4,
3337
    ssl3_alert_code,
3338
    sslcon_undefined_function_1,
3339
    0,
3340
    ssl3_set_handshake_header,
3341
    tls_close_construct_packet,
3342
    ssl3_handshake_write
3343
};
3344
3345
OSSL_TIME ssl3_default_timeout(void)
3346
0
{
3347
    /*
3348
     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3349
     * http, the cache would over fill
3350
     */
3351
0
    return ossl_seconds2time(60 * 60 * 2);
3352
0
}
3353
3354
int ssl3_num_ciphers(void)
3355
0
{
3356
0
    return SSL3_NUM_CIPHERS;
3357
0
}
3358
3359
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3360
0
{
3361
0
    if (u < SSL3_NUM_CIPHERS)
3362
0
        return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3363
0
    else
3364
0
        return NULL;
3365
0
}
3366
3367
int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3368
0
{
3369
    /* No header in the event of a CCS */
3370
0
    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3371
0
        return 1;
3372
3373
    /* Set the content type and 3 bytes for the message len */
3374
0
    if (!WPACKET_put_bytes_u8(pkt, htype)
3375
0
            || !WPACKET_start_sub_packet_u24(pkt))
3376
0
        return 0;
3377
3378
0
    return 1;
3379
0
}
3380
3381
int ssl3_handshake_write(SSL_CONNECTION *s)
3382
0
{
3383
0
    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3384
0
}
3385
3386
int ssl3_new(SSL *s)
3387
0
{
3388
0
#ifndef OPENSSL_NO_SRP
3389
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3390
3391
0
    if (sc == NULL)
3392
0
        return 0;
3393
3394
0
    if (!ssl_srp_ctx_init_intern(sc))
3395
0
        return 0;
3396
0
#endif
3397
3398
0
    if (!s->method->ssl_clear(s))
3399
0
        return 0;
3400
3401
0
    return 1;
3402
0
}
3403
3404
void ssl3_free(SSL *s)
3405
0
{
3406
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3407
0
    size_t i;
3408
3409
0
    if (sc == NULL)
3410
0
        return;
3411
3412
0
    ssl3_cleanup_key_block(sc);
3413
3414
0
    EVP_PKEY_free(sc->s3.peer_tmp);
3415
0
    sc->s3.peer_tmp = NULL;
3416
3417
0
    for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3418
0
        if (sc->s3.tmp.ks_pkey[i] != NULL) {
3419
0
            if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3420
0
                sc->s3.tmp.pkey = NULL;
3421
3422
0
            EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3423
0
            sc->s3.tmp.ks_pkey[i] = NULL;
3424
0
        }
3425
0
    sc->s3.tmp.num_ks_pkey = 0;
3426
3427
0
    if (sc->s3.tmp.pkey != NULL) {
3428
0
        EVP_PKEY_free(sc->s3.tmp.pkey);
3429
0
        sc->s3.tmp.pkey = NULL;
3430
0
    }
3431
3432
0
    ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3433
0
    ssl_evp_md_free(sc->s3.tmp.new_hash);
3434
3435
0
    OPENSSL_free(sc->s3.tmp.ctype);
3436
0
    sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3437
0
    OPENSSL_free(sc->s3.tmp.ciphers_raw);
3438
0
    OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3439
0
    OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3440
0
    OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3441
0
    OPENSSL_free(sc->s3.tmp.valid_flags);
3442
0
    ssl3_free_digest_list(sc);
3443
0
    OPENSSL_free(sc->s3.alpn_selected);
3444
0
    OPENSSL_free(sc->s3.alpn_proposed);
3445
0
    ossl_quic_tls_free(sc->qtls);
3446
3447
0
#ifndef OPENSSL_NO_PSK
3448
0
    OPENSSL_free(sc->s3.tmp.psk);
3449
0
#endif
3450
3451
0
#ifndef OPENSSL_NO_SRP
3452
0
    ssl_srp_ctx_free_intern(sc);
3453
0
#endif
3454
0
    memset(&sc->s3, 0, sizeof(sc->s3));
3455
0
}
3456
3457
int ssl3_clear(SSL *s)
3458
0
{
3459
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3460
0
    int flags;
3461
0
    size_t i;
3462
3463
0
    if (sc == NULL)
3464
0
        return 0;
3465
3466
0
    ssl3_cleanup_key_block(sc);
3467
0
    OPENSSL_free(sc->s3.tmp.ctype);
3468
0
    sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3469
0
    OPENSSL_free(sc->s3.tmp.ciphers_raw);
3470
0
    OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3471
0
    OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3472
0
    OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3473
0
    OPENSSL_free(sc->s3.tmp.valid_flags);
3474
3475
0
    EVP_PKEY_free(sc->s3.peer_tmp);
3476
3477
0
    for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3478
0
        if (sc->s3.tmp.ks_pkey[i] != NULL) {
3479
0
            if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3480
0
                sc->s3.tmp.pkey = NULL;
3481
3482
0
            EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3483
0
            sc->s3.tmp.ks_pkey[i] = NULL;
3484
0
        }
3485
0
    sc->s3.tmp.num_ks_pkey = 0;
3486
3487
0
    if (sc->s3.tmp.pkey != NULL) {
3488
0
        EVP_PKEY_free(sc->s3.tmp.pkey);
3489
0
        sc->s3.tmp.pkey = NULL;
3490
0
    }
3491
3492
0
    ssl3_free_digest_list(sc);
3493
3494
0
    OPENSSL_free(sc->s3.alpn_selected);
3495
0
    OPENSSL_free(sc->s3.alpn_proposed);
3496
3497
    /*
3498
     * NULL/zero-out everything in the s3 struct, but remember if we are doing
3499
     * QUIC.
3500
     */
3501
0
    flags = sc->s3.flags & (TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL);
3502
0
    memset(&sc->s3, 0, sizeof(sc->s3));
3503
0
    sc->s3.flags |= flags;
3504
3505
0
    if (!ssl_free_wbio_buffer(sc))
3506
0
        return 0;
3507
3508
0
    sc->version = SSL3_VERSION;
3509
3510
0
#if !defined(OPENSSL_NO_NEXTPROTONEG)
3511
0
    OPENSSL_free(sc->ext.npn);
3512
0
    sc->ext.npn = NULL;
3513
0
    sc->ext.npn_len = 0;
3514
0
#endif
3515
3516
0
    return 1;
3517
0
}
3518
3519
#ifndef OPENSSL_NO_SRP
3520
static char *srp_password_from_info_cb(SSL *s, void *arg)
3521
0
{
3522
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3523
3524
0
    if (sc == NULL)
3525
0
        return NULL;
3526
3527
0
    return OPENSSL_strdup(sc->srp_ctx.info);
3528
0
}
3529
#endif
3530
3531
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3532
3533
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3534
0
{
3535
0
    int ret = 0;
3536
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3537
3538
0
    if (sc == NULL)
3539
0
        return ret;
3540
3541
0
    switch (cmd) {
3542
0
    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3543
0
        break;
3544
0
    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3545
0
        ret = sc->s3.num_renegotiations;
3546
0
        break;
3547
0
    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3548
0
        ret = sc->s3.num_renegotiations;
3549
0
        sc->s3.num_renegotiations = 0;
3550
0
        break;
3551
0
    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3552
0
        ret = sc->s3.total_renegotiations;
3553
0
        break;
3554
0
    case SSL_CTRL_GET_FLAGS:
3555
0
        ret = (int)(sc->s3.flags);
3556
0
        break;
3557
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3558
0
    case SSL_CTRL_SET_TMP_DH:
3559
0
        {
3560
0
            EVP_PKEY *pkdh = NULL;
3561
0
            if (parg == NULL) {
3562
0
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3563
0
                return 0;
3564
0
            }
3565
0
            pkdh = ssl_dh_to_pkey(parg);
3566
0
            if (pkdh == NULL) {
3567
0
                ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3568
0
                return 0;
3569
0
            }
3570
0
            if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3571
0
                EVP_PKEY_free(pkdh);
3572
0
                return 0;
3573
0
            }
3574
0
            return 1;
3575
0
        }
3576
0
        break;
3577
0
    case SSL_CTRL_SET_TMP_DH_CB:
3578
0
        {
3579
0
            ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3580
0
            return ret;
3581
0
        }
3582
0
#endif
3583
0
    case SSL_CTRL_SET_DH_AUTO:
3584
0
        sc->cert->dh_tmp_auto = larg;
3585
0
        return 1;
3586
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3587
0
    case SSL_CTRL_SET_TMP_ECDH:
3588
0
        {
3589
0
            if (parg == NULL) {
3590
0
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3591
0
                return 0;
3592
0
            }
3593
0
            return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
3594
0
                                           &sc->ext.supportedgroups_len,
3595
0
                                           &sc->ext.keyshares,
3596
0
                                           &sc->ext.keyshares_len,
3597
0
                                           &sc->ext.tuples,
3598
0
                                           &sc->ext.tuples_len,
3599
0
                                           parg);
3600
0
        }
3601
0
#endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
3602
0
    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3603
        /*
3604
         * This API is only used for a client to set what SNI it will request
3605
         * from the server, but we currently allow it to be used on servers
3606
         * as well, which is a programming error.  Currently we just clear
3607
         * the field in SSL_do_handshake() for server SSLs, but when we can
3608
         * make ABI-breaking changes, we may want to make use of this API
3609
         * an error on server SSLs.
3610
         */
3611
0
        if (larg == TLSEXT_NAMETYPE_host_name) {
3612
0
            size_t len;
3613
3614
0
            OPENSSL_free(sc->ext.hostname);
3615
0
            sc->ext.hostname = NULL;
3616
3617
0
            ret = 1;
3618
0
            if (parg == NULL)
3619
0
                break;
3620
0
            len = strlen((char *)parg);
3621
0
            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3622
0
                ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3623
0
                return 0;
3624
0
            }
3625
0
            if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3626
0
                ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3627
0
                return 0;
3628
0
            }
3629
0
        } else {
3630
0
            ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3631
0
            return 0;
3632
0
        }
3633
0
        break;
3634
0
    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3635
0
        sc->ext.debug_arg = parg;
3636
0
        ret = 1;
3637
0
        break;
3638
3639
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3640
0
        ret = sc->ext.status_type;
3641
0
        break;
3642
3643
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3644
0
        sc->ext.status_type = larg;
3645
0
        ret = 1;
3646
0
        break;
3647
3648
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3649
0
        *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
3650
0
        ret = 1;
3651
0
        break;
3652
3653
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3654
0
        sc->ext.ocsp.exts = parg;
3655
0
        ret = 1;
3656
0
        break;
3657
3658
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3659
0
        *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
3660
0
        ret = 1;
3661
0
        break;
3662
3663
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3664
0
        sc->ext.ocsp.ids = parg;
3665
0
        ret = 1;
3666
0
        break;
3667
3668
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3669
0
        *(unsigned char **)parg = sc->ext.ocsp.resp;
3670
0
        if (sc->ext.ocsp.resp_len == 0
3671
0
                || sc->ext.ocsp.resp_len > LONG_MAX)
3672
0
            return -1;
3673
0
        return (long)sc->ext.ocsp.resp_len;
3674
3675
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3676
0
        OPENSSL_free(sc->ext.ocsp.resp);
3677
0
        sc->ext.ocsp.resp = parg;
3678
0
        sc->ext.ocsp.resp_len = larg;
3679
0
        ret = 1;
3680
0
        break;
3681
3682
0
    case SSL_CTRL_CHAIN:
3683
0
        if (larg)
3684
0
            return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
3685
0
        else
3686
0
            return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
3687
3688
0
    case SSL_CTRL_CHAIN_CERT:
3689
0
        if (larg)
3690
0
            return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
3691
0
        else
3692
0
            return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
3693
3694
0
    case SSL_CTRL_GET_CHAIN_CERTS:
3695
0
        *(STACK_OF(X509) **)parg = sc->cert->key->chain;
3696
0
        ret = 1;
3697
0
        break;
3698
3699
0
    case SSL_CTRL_SELECT_CURRENT_CERT:
3700
0
        return ssl_cert_select_current(sc->cert, (X509 *)parg);
3701
3702
0
    case SSL_CTRL_SET_CURRENT_CERT:
3703
0
        if (larg == SSL_CERT_SET_SERVER) {
3704
0
            const SSL_CIPHER *cipher;
3705
0
            if (!sc->server)
3706
0
                return 0;
3707
0
            cipher = sc->s3.tmp.new_cipher;
3708
0
            if (cipher == NULL)
3709
0
                return 0;
3710
            /*
3711
             * No certificate for unauthenticated ciphersuites or using SRP
3712
             * authentication
3713
             */
3714
0
            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3715
0
                return 2;
3716
0
            if (sc->s3.tmp.cert == NULL)
3717
0
                return 0;
3718
0
            sc->cert->key = sc->s3.tmp.cert;
3719
0
            return 1;
3720
0
        }
3721
0
        return ssl_cert_set_current(sc->cert, larg);
3722
3723
0
    case SSL_CTRL_GET_GROUPS:
3724
0
        {
3725
0
            uint16_t *clist;
3726
0
            size_t clistlen;
3727
3728
0
            if (!sc->session)
3729
0
                return 0;
3730
0
            clist = sc->ext.peer_supportedgroups;
3731
0
            clistlen = sc->ext.peer_supportedgroups_len;
3732
0
            if (parg) {
3733
0
                size_t i;
3734
0
                int *cptr = parg;
3735
3736
0
                for (i = 0; i < clistlen; i++) {
3737
0
                    const TLS_GROUP_INFO *cinf
3738
0
                        = tls1_group_id_lookup(s->ctx, clist[i]);
3739
3740
0
                    if (cinf != NULL)
3741
0
                        cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3742
0
                    else
3743
0
                        cptr[i] = TLSEXT_nid_unknown | clist[i];
3744
0
                }
3745
0
            }
3746
0
            return (int)clistlen;
3747
0
        }
3748
3749
0
    case SSL_CTRL_SET_GROUPS:
3750
0
        return tls1_set_groups(&sc->ext.supportedgroups,
3751
0
                               &sc->ext.supportedgroups_len,
3752
0
                               &sc->ext.keyshares,
3753
0
                               &sc->ext.keyshares_len,
3754
0
                               &sc->ext.tuples,
3755
0
                               &sc->ext.tuples_len,
3756
0
                               parg, larg);
3757
3758
0
    case SSL_CTRL_SET_GROUPS_LIST:
3759
0
        return tls1_set_groups_list(s->ctx,
3760
0
                                    &sc->ext.supportedgroups,
3761
0
                                    &sc->ext.supportedgroups_len,
3762
0
                                    &sc->ext.keyshares,
3763
0
                                    &sc->ext.keyshares_len,
3764
0
                                    &sc->ext.tuples,
3765
0
                                    &sc->ext.tuples_len,
3766
0
                                    parg);
3767
3768
0
    case SSL_CTRL_GET_SHARED_GROUP:
3769
0
        {
3770
0
            uint16_t id = tls1_shared_group(sc, larg);
3771
3772
0
            if (larg != -1)
3773
0
                return tls1_group_id2nid(id, 1);
3774
0
            return id;
3775
0
        }
3776
0
    case SSL_CTRL_GET_NEGOTIATED_GROUP:
3777
0
        {
3778
0
            unsigned int id;
3779
3780
0
            if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
3781
0
                id = sc->s3.group_id;
3782
0
            else
3783
0
                id = (sc->session != NULL) ? sc->session->kex_group : NID_undef;
3784
0
            ret = tls1_group_id2nid(id, 1);
3785
0
            break;
3786
0
        }
3787
0
    case SSL_CTRL_SET_SIGALGS:
3788
0
        return tls1_set_sigalgs(sc->cert, parg, larg, 0);
3789
3790
0
    case SSL_CTRL_SET_SIGALGS_LIST:
3791
0
        return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
3792
3793
0
    case SSL_CTRL_SET_CLIENT_SIGALGS:
3794
0
        return tls1_set_sigalgs(sc->cert, parg, larg, 1);
3795
3796
0
    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3797
0
        return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
3798
3799
0
    case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3800
0
        {
3801
0
            const unsigned char **pctype = parg;
3802
0
            if (sc->server || !sc->s3.tmp.cert_req)
3803
0
                return 0;
3804
0
            if (pctype)
3805
0
                *pctype = sc->s3.tmp.ctype;
3806
0
            return (long)sc->s3.tmp.ctype_len;
3807
0
        }
3808
3809
0
    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3810
0
        if (!sc->server)
3811
0
            return 0;
3812
0
        return ssl3_set_req_cert_type(sc->cert, parg, larg);
3813
3814
0
    case SSL_CTRL_BUILD_CERT_CHAIN:
3815
0
        return ssl_build_cert_chain(sc, NULL, larg);
3816
3817
0
    case SSL_CTRL_SET_VERIFY_CERT_STORE:
3818
0
        return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
3819
3820
0
    case SSL_CTRL_SET_CHAIN_CERT_STORE:
3821
0
        return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
3822
3823
0
    case SSL_CTRL_GET_VERIFY_CERT_STORE:
3824
0
        return ssl_cert_get_cert_store(sc->cert, parg, 0);
3825
3826
0
    case SSL_CTRL_GET_CHAIN_CERT_STORE:
3827
0
        return ssl_cert_get_cert_store(sc->cert, parg, 1);
3828
3829
0
    case SSL_CTRL_GET_PEER_SIGNATURE_NAME:
3830
0
        if (parg == NULL || sc->s3.tmp.peer_sigalg == NULL)
3831
0
            return 0;
3832
0
        *(const char **)parg = sc->s3.tmp.peer_sigalg->name;
3833
0
        return 1;
3834
3835
0
    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3836
0
        if (sc->s3.tmp.peer_sigalg == NULL)
3837
0
            return 0;
3838
0
        *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
3839
0
        return 1;
3840
3841
0
    case SSL_CTRL_GET_SIGNATURE_NAME:
3842
0
        if (parg == NULL || sc->s3.tmp.sigalg == NULL)
3843
0
            return 0;
3844
0
        *(const char **)parg = sc->s3.tmp.sigalg->name;
3845
0
        return 1;
3846
3847
0
    case SSL_CTRL_GET_SIGNATURE_NID:
3848
0
        if (sc->s3.tmp.sigalg == NULL)
3849
0
            return 0;
3850
0
        *(int *)parg = sc->s3.tmp.sigalg->hash;
3851
0
        return 1;
3852
3853
0
    case SSL_CTRL_GET_PEER_TMP_KEY:
3854
0
        if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
3855
0
            return 0;
3856
0
        } else {
3857
0
            if (!EVP_PKEY_up_ref(sc->s3.peer_tmp))
3858
0
                return 0;
3859
3860
0
            *(EVP_PKEY **)parg = sc->s3.peer_tmp;
3861
0
            return 1;
3862
0
        }
3863
3864
0
    case SSL_CTRL_GET_TMP_KEY:
3865
0
        if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
3866
0
            return 0;
3867
0
        } else {
3868
0
            if (!EVP_PKEY_up_ref(sc->s3.tmp.pkey))
3869
0
                return 0;
3870
3871
0
            *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
3872
0
            return 1;
3873
0
        }
3874
3875
0
    case SSL_CTRL_GET_EC_POINT_FORMATS:
3876
0
        {
3877
0
            const unsigned char **pformat = parg;
3878
3879
0
            if (sc->ext.peer_ecpointformats == NULL)
3880
0
                return 0;
3881
0
            *pformat = sc->ext.peer_ecpointformats;
3882
0
            return (int)sc->ext.peer_ecpointformats_len;
3883
0
        }
3884
3885
0
    case SSL_CTRL_GET_IANA_GROUPS:
3886
0
        {
3887
0
            if (parg != NULL) {
3888
0
                *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
3889
0
            }
3890
0
            return (int)sc->ext.peer_supportedgroups_len;
3891
0
        }
3892
3893
0
    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
3894
0
        sc->msg_callback_arg = parg;
3895
0
        return 1;
3896
3897
0
    default:
3898
0
        break;
3899
0
    }
3900
0
    return ret;
3901
0
}
3902
3903
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3904
0
{
3905
0
    int ret = 0;
3906
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3907
3908
0
    if (sc == NULL)
3909
0
        return ret;
3910
3911
0
    switch (cmd) {
3912
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3913
0
    case SSL_CTRL_SET_TMP_DH_CB:
3914
0
        sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3915
0
        ret = 1;
3916
0
        break;
3917
0
#endif
3918
0
    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3919
0
        sc->ext.debug_cb = (void (*)(SSL *, int, int,
3920
0
                                     const unsigned char *, int, void *))fp;
3921
0
        ret = 1;
3922
0
        break;
3923
3924
0
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3925
0
        sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3926
0
        ret = 1;
3927
0
        break;
3928
3929
0
    case SSL_CTRL_SET_MSG_CALLBACK:
3930
0
        sc->msg_callback = (ossl_msg_cb)fp;
3931
0
        return 1;
3932
0
    default:
3933
0
        break;
3934
0
    }
3935
0
    return ret;
3936
0
}
3937
3938
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3939
0
{
3940
0
    switch (cmd) {
3941
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3942
0
    case SSL_CTRL_SET_TMP_DH:
3943
0
        {
3944
0
            EVP_PKEY *pkdh = NULL;
3945
0
            if (parg == NULL) {
3946
0
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3947
0
                return 0;
3948
0
            }
3949
0
            pkdh = ssl_dh_to_pkey(parg);
3950
0
            if (pkdh == NULL) {
3951
0
                ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3952
0
                return 0;
3953
0
            }
3954
0
            if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
3955
0
                EVP_PKEY_free(pkdh);
3956
0
                return 0;
3957
0
            }
3958
0
            return 1;
3959
0
        }
3960
0
    case SSL_CTRL_SET_TMP_DH_CB:
3961
0
        {
3962
0
            ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3963
0
            return 0;
3964
0
        }
3965
0
#endif
3966
0
    case SSL_CTRL_SET_DH_AUTO:
3967
0
        ctx->cert->dh_tmp_auto = larg;
3968
0
        return 1;
3969
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3970
0
    case SSL_CTRL_SET_TMP_ECDH:
3971
0
        {
3972
0
            if (parg == NULL) {
3973
0
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3974
0
                return 0;
3975
0
            }
3976
0
            return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3977
0
                                           &ctx->ext.supportedgroups_len,
3978
0
                                           &ctx->ext.keyshares,
3979
0
                                           &ctx->ext.keyshares_len,
3980
0
                                           &ctx->ext.tuples,
3981
0
                                           &ctx->ext.tuples_len,
3982
0
                                           parg);
3983
0
        }
3984
0
#endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
3985
0
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3986
0
        ctx->ext.servername_arg = parg;
3987
0
        break;
3988
0
    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3989
0
    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3990
0
        {
3991
0
            unsigned char *keys = parg;
3992
0
            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3993
0
                                sizeof(ctx->ext.secure->tick_hmac_key) +
3994
0
                                sizeof(ctx->ext.secure->tick_aes_key));
3995
0
            if (keys == NULL)
3996
0
                return tick_keylen;
3997
0
            if (larg != tick_keylen) {
3998
0
                ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3999
0
                return 0;
4000
0
            }
4001
0
            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
4002
0
                memcpy(ctx->ext.tick_key_name, keys,
4003
0
                       sizeof(ctx->ext.tick_key_name));
4004
0
                memcpy(ctx->ext.secure->tick_hmac_key,
4005
0
                       keys + sizeof(ctx->ext.tick_key_name),
4006
0
                       sizeof(ctx->ext.secure->tick_hmac_key));
4007
0
                memcpy(ctx->ext.secure->tick_aes_key,
4008
0
                       keys + sizeof(ctx->ext.tick_key_name) +
4009
0
                       sizeof(ctx->ext.secure->tick_hmac_key),
4010
0
                       sizeof(ctx->ext.secure->tick_aes_key));
4011
0
            } else {
4012
0
                memcpy(keys, ctx->ext.tick_key_name,
4013
0
                       sizeof(ctx->ext.tick_key_name));
4014
0
                memcpy(keys + sizeof(ctx->ext.tick_key_name),
4015
0
                       ctx->ext.secure->tick_hmac_key,
4016
0
                       sizeof(ctx->ext.secure->tick_hmac_key));
4017
0
                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
4018
0
                       sizeof(ctx->ext.secure->tick_hmac_key),
4019
0
                       ctx->ext.secure->tick_aes_key,
4020
0
                       sizeof(ctx->ext.secure->tick_aes_key));
4021
0
            }
4022
0
            return 1;
4023
0
        }
4024
4025
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
4026
0
        return ctx->ext.status_type;
4027
4028
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
4029
0
        ctx->ext.status_type = larg;
4030
0
        break;
4031
4032
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
4033
0
        ctx->ext.status_arg = parg;
4034
0
        return 1;
4035
4036
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
4037
0
        *(void**)parg = ctx->ext.status_arg;
4038
0
        break;
4039
4040
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
4041
0
        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
4042
0
        break;
4043
4044
0
#ifndef OPENSSL_NO_SRP
4045
0
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
4046
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4047
0
        OPENSSL_free(ctx->srp_ctx.login);
4048
0
        ctx->srp_ctx.login = NULL;
4049
0
        if (parg == NULL)
4050
0
            break;
4051
0
        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
4052
0
            ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
4053
0
            return 0;
4054
0
        }
4055
0
        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
4056
0
            ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4057
0
            return 0;
4058
0
        }
4059
0
        break;
4060
0
    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
4061
0
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4062
0
            srp_password_from_info_cb;
4063
0
        if (ctx->srp_ctx.info != NULL)
4064
0
            OPENSSL_free(ctx->srp_ctx.info);
4065
0
        if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
4066
0
            ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4067
0
            return 0;
4068
0
        }
4069
0
        break;
4070
0
    case SSL_CTRL_SET_SRP_ARG:
4071
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4072
0
        ctx->srp_ctx.SRP_cb_arg = parg;
4073
0
        break;
4074
4075
0
    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4076
0
        ctx->srp_ctx.strength = larg;
4077
0
        break;
4078
0
#endif
4079
4080
0
    case SSL_CTRL_SET_GROUPS:
4081
0
        return tls1_set_groups(&ctx->ext.supportedgroups,
4082
0
                               &ctx->ext.supportedgroups_len,
4083
0
                               &ctx->ext.keyshares,
4084
0
                               &ctx->ext.keyshares_len,
4085
0
                               &ctx->ext.tuples,
4086
0
                               &ctx->ext.tuples_len,
4087
0
                               parg, larg);
4088
4089
0
    case SSL_CTRL_SET_GROUPS_LIST:
4090
0
        return tls1_set_groups_list(ctx,
4091
0
                                    &ctx->ext.supportedgroups,
4092
0
                                    &ctx->ext.supportedgroups_len,
4093
0
                                    &ctx->ext.keyshares,
4094
0
                                    &ctx->ext.keyshares_len,
4095
0
                                    &ctx->ext.tuples,
4096
0
                                    &ctx->ext.tuples_len,
4097
0
                                    parg);
4098
4099
0
    case SSL_CTRL_GET0_IMPLEMENTED_GROUPS:
4100
0
        return tls1_get0_implemented_groups(ctx->min_proto_version,
4101
0
                                            ctx->max_proto_version,
4102
0
                                            ctx->group_list,
4103
0
                                            ctx->group_list_len, larg, parg);
4104
4105
0
    case SSL_CTRL_SET_SIGALGS:
4106
0
        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4107
4108
0
    case SSL_CTRL_SET_SIGALGS_LIST:
4109
0
        return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4110
4111
0
    case SSL_CTRL_SET_CLIENT_SIGALGS:
4112
0
        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4113
4114
0
    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4115
0
        return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4116
4117
0
    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4118
0
        return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4119
4120
0
    case SSL_CTRL_BUILD_CERT_CHAIN:
4121
0
        return ssl_build_cert_chain(NULL, ctx, larg);
4122
4123
0
    case SSL_CTRL_SET_VERIFY_CERT_STORE:
4124
0
        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4125
4126
0
    case SSL_CTRL_SET_CHAIN_CERT_STORE:
4127
0
        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4128
4129
0
    case SSL_CTRL_GET_VERIFY_CERT_STORE:
4130
0
        return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4131
4132
0
    case SSL_CTRL_GET_CHAIN_CERT_STORE:
4133
0
        return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4134
4135
        /* A Thawte special :-) */
4136
0
    case SSL_CTRL_EXTRA_CHAIN_CERT:
4137
0
        if (ctx->extra_certs == NULL) {
4138
0
            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4139
0
                ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4140
0
                return 0;
4141
0
            }
4142
0
        }
4143
0
        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4144
0
            ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4145
0
            return 0;
4146
0
        }
4147
0
        break;
4148
4149
0
    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4150
0
        if (ctx->extra_certs == NULL && larg == 0)
4151
0
            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4152
0
        else
4153
0
            *(STACK_OF(X509) **)parg = ctx->extra_certs;
4154
0
        break;
4155
4156
0
    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4157
0
        OSSL_STACK_OF_X509_free(ctx->extra_certs);
4158
0
        ctx->extra_certs = NULL;
4159
0
        break;
4160
4161
0
    case SSL_CTRL_CHAIN:
4162
0
        if (larg)
4163
0
            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4164
0
        else
4165
0
            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4166
4167
0
    case SSL_CTRL_CHAIN_CERT:
4168
0
        if (larg)
4169
0
            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4170
0
        else
4171
0
            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4172
4173
0
    case SSL_CTRL_GET_CHAIN_CERTS:
4174
0
        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4175
0
        break;
4176
4177
0
    case SSL_CTRL_SELECT_CURRENT_CERT:
4178
0
        return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4179
4180
0
    case SSL_CTRL_SET_CURRENT_CERT:
4181
0
        return ssl_cert_set_current(ctx->cert, larg);
4182
4183
0
    default:
4184
0
        return 0;
4185
0
    }
4186
0
    return 1;
4187
0
}
4188
4189
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4190
0
{
4191
0
    switch (cmd) {
4192
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4193
0
    case SSL_CTRL_SET_TMP_DH_CB:
4194
0
        {
4195
0
            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4196
0
        }
4197
0
        break;
4198
0
#endif
4199
0
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4200
0
        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4201
0
        break;
4202
4203
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4204
0
        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4205
0
        break;
4206
4207
0
# ifndef OPENSSL_NO_DEPRECATED_3_0
4208
0
    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4209
0
        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4210
0
                                          unsigned char *,
4211
0
                                          EVP_CIPHER_CTX *,
4212
0
                                          HMAC_CTX *, int))fp;
4213
0
        break;
4214
0
#endif
4215
4216
0
#ifndef OPENSSL_NO_SRP
4217
0
    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4218
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4219
0
        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4220
0
        break;
4221
0
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4222
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4223
0
        ctx->srp_ctx.TLS_ext_srp_username_callback =
4224
0
            (int (*)(SSL *, int *, void *))fp;
4225
0
        break;
4226
0
    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4227
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4228
0
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4229
0
            (char *(*)(SSL *, void *))fp;
4230
0
        break;
4231
0
#endif
4232
0
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4233
0
        {
4234
0
            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4235
0
        }
4236
0
        break;
4237
0
    default:
4238
0
        return 0;
4239
0
    }
4240
0
    return 1;
4241
0
}
4242
4243
int SSL_CTX_set_tlsext_ticket_key_evp_cb
4244
    (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4245
                             EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4246
0
{
4247
0
    ctx->ext.ticket_key_evp_cb = fp;
4248
0
    return 1;
4249
0
}
4250
4251
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4252
0
{
4253
0
    SSL_CIPHER c;
4254
0
    const SSL_CIPHER *cp;
4255
4256
0
    c.id = id;
4257
0
    cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4258
0
    if (cp != NULL)
4259
0
        return cp;
4260
0
    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4261
0
    if (cp != NULL)
4262
0
        return cp;
4263
0
    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4264
0
}
4265
4266
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4267
0
{
4268
0
    SSL_CIPHER *tbl;
4269
0
    SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4270
0
    size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4271
0
                              SSL3_NUM_SCSVS};
4272
4273
    /* this is not efficient, necessary to optimize this? */
4274
0
    for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4275
0
        for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4276
0
            if (tbl->stdname == NULL)
4277
0
                continue;
4278
0
            if (strcmp(stdname, tbl->stdname) == 0) {
4279
0
                return tbl;
4280
0
            }
4281
0
        }
4282
0
    }
4283
0
    return NULL;
4284
0
}
4285
4286
/*
4287
 * This function needs to check if the ciphers required are actually
4288
 * available
4289
 */
4290
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4291
0
{
4292
0
    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4293
0
                                 | ((uint32_t)p[0] << 8L)
4294
0
                                 | (uint32_t)p[1]);
4295
0
}
4296
4297
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4298
0
{
4299
0
    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4300
0
        *len = 0;
4301
0
        return 1;
4302
0
    }
4303
4304
0
    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4305
0
        return 0;
4306
4307
0
    *len = 2;
4308
0
    return 1;
4309
0
}
4310
4311
/*
4312
 * ssl3_choose_cipher - choose a cipher from those offered by the client
4313
 * @s: SSL connection
4314
 * @clnt: ciphers offered by the client
4315
 * @srvr: ciphers enabled on the server?
4316
 *
4317
 * Returns the selected cipher or NULL when no common ciphers.
4318
 */
4319
const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4320
                                     STACK_OF(SSL_CIPHER) *srvr)
4321
0
{
4322
0
    const SSL_CIPHER *c, *ret = NULL;
4323
0
    STACK_OF(SSL_CIPHER) *prio, *allow;
4324
0
    int i, ii, ok, prefer_sha256 = 0;
4325
0
    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4326
0
    STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4327
4328
    /* Let's see which ciphers we can support */
4329
4330
    /*
4331
     * Do not set the compare functions, because this may lead to a
4332
     * reordering by "id". We want to keep the original ordering. We may pay
4333
     * a price in performance during sk_SSL_CIPHER_find(), but would have to
4334
     * pay with the price of sk_SSL_CIPHER_dup().
4335
     */
4336
4337
0
    OSSL_TRACE_BEGIN(TLS_CIPHER) {
4338
0
        BIO_printf(trc_out, "Server has %d from %p:\n",
4339
0
                   sk_SSL_CIPHER_num(srvr), (void *)srvr);
4340
0
        for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4341
0
            c = sk_SSL_CIPHER_value(srvr, i);
4342
0
            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4343
0
        }
4344
0
        BIO_printf(trc_out, "Client sent %d from %p:\n",
4345
0
                   sk_SSL_CIPHER_num(clnt), (void *)clnt);
4346
0
        for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4347
0
            c = sk_SSL_CIPHER_value(clnt, i);
4348
0
            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4349
0
        }
4350
0
    } OSSL_TRACE_END(TLS_CIPHER);
4351
4352
    /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4353
0
    if (tls1_suiteb(s)) {
4354
0
        prio = srvr;
4355
0
        allow = clnt;
4356
0
    } else if (s->options & SSL_OP_SERVER_PREFERENCE) {
4357
0
        prio = srvr;
4358
0
        allow = clnt;
4359
4360
        /* If ChaCha20 is at the top of the client preference list,
4361
           and there are ChaCha20 ciphers in the server list, then
4362
           temporarily prioritize all ChaCha20 ciphers in the servers list. */
4363
0
        if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4364
0
            c = sk_SSL_CIPHER_value(clnt, 0);
4365
0
            if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4366
                /* ChaCha20 is client preferred, check server... */
4367
0
                int num = sk_SSL_CIPHER_num(srvr);
4368
0
                int found = 0;
4369
0
                for (i = 0; i < num; i++) {
4370
0
                    c = sk_SSL_CIPHER_value(srvr, i);
4371
0
                    if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4372
0
                        found = 1;
4373
0
                        break;
4374
0
                    }
4375
0
                }
4376
0
                if (found) {
4377
0
                    prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4378
                    /* if reserve fails, then there's likely a memory issue */
4379
0
                    if (prio_chacha != NULL) {
4380
                        /* Put all ChaCha20 at the top, starting with the one we just found */
4381
0
                        sk_SSL_CIPHER_push(prio_chacha, c);
4382
0
                        for (i++; i < num; i++) {
4383
0
                            c = sk_SSL_CIPHER_value(srvr, i);
4384
0
                            if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4385
0
                                sk_SSL_CIPHER_push(prio_chacha, c);
4386
0
                        }
4387
                        /* Pull in the rest */
4388
0
                        for (i = 0; i < num; i++) {
4389
0
                            c = sk_SSL_CIPHER_value(srvr, i);
4390
0
                            if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4391
0
                                sk_SSL_CIPHER_push(prio_chacha, c);
4392
0
                        }
4393
0
                        prio = prio_chacha;
4394
0
                    }
4395
0
                }
4396
0
            }
4397
0
        }
4398
0
    } else {
4399
0
        prio = clnt;
4400
0
        allow = srvr;
4401
0
    }
4402
4403
0
    if (SSL_CONNECTION_IS_TLS13(s)) {
4404
0
#ifndef OPENSSL_NO_PSK
4405
0
        size_t j;
4406
4407
        /*
4408
         * If we allow "old" style PSK callbacks, and we have no certificate (so
4409
         * we're not going to succeed without a PSK anyway), and we're in
4410
         * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4411
         * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4412
         * that.
4413
         */
4414
0
        if (s->psk_server_callback != NULL) {
4415
0
            for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, (int)j); j++);
4416
0
            if (j == s->ssl_pkey_num) {
4417
                /* There are no certificates */
4418
0
                prefer_sha256 = 1;
4419
0
            }
4420
0
        }
4421
0
#endif
4422
0
    } else {
4423
0
        tls1_set_cert_validity(s);
4424
0
        ssl_set_masks(s);
4425
0
    }
4426
4427
0
    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4428
0
        int minversion, maxversion;
4429
4430
0
        c = sk_SSL_CIPHER_value(prio, i);
4431
0
        minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4432
0
        maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4433
4434
        /* Skip ciphers not supported by the protocol version */
4435
0
        if (ssl_version_cmp(s, s->version, minversion) < 0
4436
0
            || ssl_version_cmp(s, s->version, maxversion) > 0)
4437
0
            continue;
4438
4439
        /*
4440
         * Since TLS 1.3 ciphersuites can be used with any auth or
4441
         * key exchange scheme skip tests.
4442
         */
4443
0
        if (!SSL_CONNECTION_IS_TLS13(s)) {
4444
0
            mask_k = s->s3.tmp.mask_k;
4445
0
            mask_a = s->s3.tmp.mask_a;
4446
0
#ifndef OPENSSL_NO_SRP
4447
0
            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4448
0
                mask_k |= SSL_kSRP;
4449
0
                mask_a |= SSL_aSRP;
4450
0
            }
4451
0
#endif
4452
4453
0
            alg_k = c->algorithm_mkey;
4454
0
            alg_a = c->algorithm_auth;
4455
4456
0
#ifndef OPENSSL_NO_PSK
4457
            /* with PSK there must be server callback set */
4458
0
            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4459
0
                continue;
4460
0
#endif                          /* OPENSSL_NO_PSK */
4461
4462
0
            ok = (alg_k & mask_k) && (alg_a & mask_a);
4463
0
            OSSL_TRACE7(TLS_CIPHER,
4464
0
                        "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4465
0
                        ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4466
4467
            /*
4468
             * if we are considering an ECC cipher suite that uses an ephemeral
4469
             * EC key check it
4470
             */
4471
0
            if (alg_k & SSL_kECDHE)
4472
0
                ok = ok && tls1_check_ec_tmp_key(s, c->id);
4473
4474
0
            if (!ok)
4475
0
                continue;
4476
0
        }
4477
0
        ii = sk_SSL_CIPHER_find(allow, c);
4478
0
        if (ii >= 0) {
4479
            /* Check security callback permits this cipher */
4480
0
            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4481
0
                              c->strength_bits, 0, (void *)c))
4482
0
                continue;
4483
4484
0
            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4485
0
                && s->s3.is_probably_safari) {
4486
0
                if (!ret)
4487
0
                    ret = sk_SSL_CIPHER_value(allow, ii);
4488
0
                continue;
4489
0
            }
4490
4491
0
            if (prefer_sha256) {
4492
0
                const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4493
0
                const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4494
0
                                          tmp->algorithm2);
4495
4496
0
                if (md != NULL
4497
0
                        && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4498
0
                    ret = tmp;
4499
0
                    break;
4500
0
                }
4501
0
                if (ret == NULL)
4502
0
                    ret = tmp;
4503
0
                continue;
4504
0
            }
4505
0
            ret = sk_SSL_CIPHER_value(allow, ii);
4506
0
            break;
4507
0
        }
4508
0
    }
4509
4510
0
    sk_SSL_CIPHER_free(prio_chacha);
4511
4512
0
    return ret;
4513
0
}
4514
4515
int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4516
0
{
4517
0
    uint32_t alg_k, alg_a = 0;
4518
4519
    /* If we have custom certificate types set, use them */
4520
0
    if (s->cert->ctype)
4521
0
        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4522
    /* Get mask of algorithms disabled by signature list */
4523
0
    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4524
4525
0
    alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4526
4527
0
#ifndef OPENSSL_NO_GOST
4528
0
    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4529
0
        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4530
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4531
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4532
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4533
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4534
0
            return 0;
4535
4536
0
    if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4537
0
        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4538
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4539
0
            return 0;
4540
0
#endif
4541
4542
0
    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4543
0
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4544
0
            return 0;
4545
0
        if (!(alg_a & SSL_aDSS)
4546
0
                && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4547
0
            return 0;
4548
0
    }
4549
0
    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4550
0
        return 0;
4551
0
    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4552
0
        return 0;
4553
4554
    /*
4555
     * ECDSA certs can be used with RSA cipher suites too so we don't
4556
     * need to check for SSL_kECDH or SSL_kECDHE
4557
     */
4558
0
    if (s->version >= TLS1_VERSION
4559
0
            && !(alg_a & SSL_aECDSA)
4560
0
            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4561
0
        return 0;
4562
4563
0
    return 1;
4564
0
}
4565
4566
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4567
0
{
4568
0
    OPENSSL_free(c->ctype);
4569
0
    c->ctype = NULL;
4570
0
    c->ctype_len = 0;
4571
0
    if (p == NULL || len == 0)
4572
0
        return 1;
4573
0
    if (len > 0xff)
4574
0
        return 0;
4575
0
    c->ctype = OPENSSL_memdup(p, len);
4576
0
    if (c->ctype == NULL)
4577
0
        return 0;
4578
0
    c->ctype_len = len;
4579
0
    return 1;
4580
0
}
4581
4582
int ssl3_shutdown(SSL *s)
4583
0
{
4584
0
    int ret;
4585
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4586
4587
0
    if (sc == NULL)
4588
0
        return 0;
4589
4590
    /*
4591
     * Don't do anything much if we have not done the handshake or we don't
4592
     * want to send messages :-)
4593
     */
4594
0
    if (sc->quiet_shutdown || SSL_in_before(s)) {
4595
0
        sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4596
0
        return 1;
4597
0
    }
4598
4599
0
    if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4600
0
        sc->shutdown |= SSL_SENT_SHUTDOWN;
4601
0
        ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4602
        /*
4603
         * our shutdown alert has been sent now, and if it still needs to be
4604
         * written, s->s3.alert_dispatch will be > 0
4605
         */
4606
0
        if (sc->s3.alert_dispatch > 0)
4607
0
            return -1;        /* return WANT_WRITE */
4608
0
    } else if (sc->s3.alert_dispatch > 0) {
4609
        /* resend it if not sent */
4610
0
        ret = s->method->ssl_dispatch_alert(s);
4611
0
        if (ret == -1) {
4612
            /*
4613
             * we only get to return -1 here the 2nd/Nth invocation, we must
4614
             * have already signalled return 0 upon a previous invocation,
4615
             * return WANT_WRITE
4616
             */
4617
0
            return ret;
4618
0
        }
4619
0
    } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4620
0
        size_t readbytes;
4621
        /*
4622
         * If we are waiting for a close from our peer, we are closed
4623
         */
4624
0
        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4625
0
        if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4626
0
            return -1;        /* return WANT_READ */
4627
0
        }
4628
0
    }
4629
4630
0
    if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
4631
0
            && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
4632
0
        return 1;
4633
0
    else
4634
0
        return 0;
4635
0
}
4636
4637
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4638
0
{
4639
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4640
4641
0
    if (sc == NULL)
4642
0
        return 0;
4643
4644
0
    clear_sys_error();
4645
0
    if (sc->s3.renegotiate)
4646
0
        ssl3_renegotiate_check(s, 0);
4647
4648
0
    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4649
0
                                      written);
4650
0
}
4651
4652
static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4653
                              size_t *readbytes)
4654
0
{
4655
0
    int ret;
4656
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4657
4658
0
    if (sc == NULL)
4659
0
        return 0;
4660
4661
0
    clear_sys_error();
4662
0
    if (sc->s3.renegotiate)
4663
0
        ssl3_renegotiate_check(s, 0);
4664
0
    sc->s3.in_read_app_data = 1;
4665
0
    ret =
4666
0
        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4667
0
                                  peek, readbytes);
4668
0
    if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
4669
        /*
4670
         * ssl3_read_bytes decided to call s->handshake_func, which called
4671
         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4672
         * actually found application data and thinks that application data
4673
         * makes sense here; so disable handshake processing and try to read
4674
         * application data again.
4675
         */
4676
0
        ossl_statem_set_in_handshake(sc, 1);
4677
0
        ret =
4678
0
            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4679
0
                                      len, peek, readbytes);
4680
0
        ossl_statem_set_in_handshake(sc, 0);
4681
0
    } else
4682
0
        sc->s3.in_read_app_data = 0;
4683
4684
0
    return ret;
4685
0
}
4686
4687
int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4688
0
{
4689
0
    return ssl3_read_internal(s, buf, len, 0, readbytes);
4690
0
}
4691
4692
int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4693
0
{
4694
0
    return ssl3_read_internal(s, buf, len, 1, readbytes);
4695
0
}
4696
4697
int ssl3_renegotiate(SSL *s)
4698
0
{
4699
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4700
4701
0
    if (sc == NULL)
4702
0
        return 0;
4703
4704
0
    if (sc->handshake_func == NULL)
4705
0
        return 1;
4706
4707
0
    sc->s3.renegotiate = 1;
4708
0
    return 1;
4709
0
}
4710
4711
/*
4712
 * Check if we are waiting to do a renegotiation and if so whether now is a
4713
 * good time to do it. If |initok| is true then we are being called from inside
4714
 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4715
 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4716
 * should do a renegotiation now and sets up the state machine for it. Otherwise
4717
 * returns 0.
4718
 */
4719
int ssl3_renegotiate_check(SSL *s, int initok)
4720
0
{
4721
0
    int ret = 0;
4722
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4723
4724
0
    if (sc == NULL)
4725
0
        return 0;
4726
4727
0
    if (sc->s3.renegotiate) {
4728
0
        if (!RECORD_LAYER_read_pending(&sc->rlayer)
4729
0
            && !RECORD_LAYER_write_pending(&sc->rlayer)
4730
0
            && (initok || !SSL_in_init(s))) {
4731
            /*
4732
             * if we are the server, and we have sent a 'RENEGOTIATE'
4733
             * message, we need to set the state machine into the renegotiate
4734
             * state.
4735
             */
4736
0
            ossl_statem_set_renegotiate(sc);
4737
0
            sc->s3.renegotiate = 0;
4738
0
            sc->s3.num_renegotiations++;
4739
0
            sc->s3.total_renegotiations++;
4740
0
            ret = 1;
4741
0
        }
4742
0
    }
4743
0
    return ret;
4744
0
}
4745
4746
/*
4747
 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4748
 * handshake macs if required.
4749
 *
4750
 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4751
 */
4752
long ssl_get_algorithm2(SSL_CONNECTION *s)
4753
0
{
4754
0
    long alg2;
4755
0
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4756
4757
0
    if (s->s3.tmp.new_cipher == NULL)
4758
0
        return -1;
4759
0
    alg2 = s->s3.tmp.new_cipher->algorithm2;
4760
0
    if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4761
0
        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4762
0
            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4763
0
    } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4764
0
        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4765
0
            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4766
0
    }
4767
0
    return alg2;
4768
0
}
4769
4770
/*
4771
 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4772
 * failure, 1 on success.
4773
 */
4774
int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
4775
                          unsigned char *result, size_t len,
4776
                          DOWNGRADE dgrd)
4777
0
{
4778
0
    int send_time = 0, ret;
4779
4780
0
    if (len < 4)
4781
0
        return 0;
4782
0
    if (server)
4783
0
        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4784
0
    else
4785
0
        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4786
0
    if (send_time) {
4787
0
        unsigned long Time = (unsigned long)time(NULL);
4788
0
        unsigned char *p = result;
4789
4790
0
        l2n(Time, p);
4791
0
        ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
4792
0
    } else {
4793
0
        ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
4794
0
    }
4795
4796
0
    if (ret > 0) {
4797
0
        if (!ossl_assert(sizeof(tls11downgrade) < len)
4798
0
                || !ossl_assert(sizeof(tls12downgrade) < len))
4799
0
             return 0;
4800
0
        if (dgrd == DOWNGRADE_TO_1_2)
4801
0
            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4802
0
                   sizeof(tls12downgrade));
4803
0
        else if (dgrd == DOWNGRADE_TO_1_1)
4804
0
            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4805
0
                   sizeof(tls11downgrade));
4806
0
    }
4807
4808
0
    return ret;
4809
0
}
4810
4811
int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
4812
                               size_t pmslen, int free_pms)
4813
0
{
4814
0
    unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4815
0
    int ret = 0;
4816
0
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4817
4818
0
    if (alg_k & SSL_PSK) {
4819
0
#ifndef OPENSSL_NO_PSK
4820
0
        unsigned char *pskpms, *t;
4821
0
        size_t psklen = s->s3.tmp.psklen;
4822
0
        size_t pskpmslen;
4823
4824
        /* create PSK premaster_secret */
4825
4826
        /* For plain PSK "other_secret" is psklen zeroes */
4827
0
        if (alg_k & SSL_kPSK)
4828
0
            pmslen = psklen;
4829
4830
0
        pskpmslen = 4 + pmslen + psklen;
4831
0
        pskpms = OPENSSL_malloc(pskpmslen);
4832
0
        if (pskpms == NULL)
4833
0
            goto err;
4834
0
        t = pskpms;
4835
0
        s2n(pmslen, t);
4836
0
        if (alg_k & SSL_kPSK)
4837
0
            memset(t, 0, pmslen);
4838
0
        else
4839
0
            memcpy(t, pms, pmslen);
4840
0
        t += pmslen;
4841
0
        s2n(psklen, t);
4842
0
        memcpy(t, s->s3.tmp.psk, psklen);
4843
4844
0
        OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4845
0
        s->s3.tmp.psk = NULL;
4846
0
        s->s3.tmp.psklen = 0;
4847
0
        if (!ssl->method->ssl3_enc->generate_master_secret(s,
4848
0
                    s->session->master_key, pskpms, pskpmslen,
4849
0
                    &s->session->master_key_length)) {
4850
0
            OPENSSL_clear_free(pskpms, pskpmslen);
4851
            /* SSLfatal() already called */
4852
0
            goto err;
4853
0
        }
4854
0
        OPENSSL_clear_free(pskpms, pskpmslen);
4855
#else
4856
        /* Should never happen */
4857
        goto err;
4858
#endif
4859
0
    } else {
4860
0
        if (!ssl->method->ssl3_enc->generate_master_secret(s,
4861
0
                s->session->master_key, pms, pmslen,
4862
0
                &s->session->master_key_length)) {
4863
            /* SSLfatal() already called */
4864
0
            goto err;
4865
0
        }
4866
0
    }
4867
4868
0
    ret = 1;
4869
0
 err:
4870
0
    if (pms) {
4871
0
        if (free_pms)
4872
0
            OPENSSL_clear_free(pms, pmslen);
4873
0
        else
4874
0
            OPENSSL_cleanse(pms, pmslen);
4875
0
    }
4876
0
    if (s->server == 0) {
4877
0
        s->s3.tmp.pms = NULL;
4878
0
        s->s3.tmp.pmslen = 0;
4879
0
    }
4880
0
    return ret;
4881
0
}
4882
4883
/* Generate a private key from parameters */
4884
EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
4885
0
{
4886
0
    EVP_PKEY_CTX *pctx = NULL;
4887
0
    EVP_PKEY *pkey = NULL;
4888
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4889
4890
0
    if (pm == NULL)
4891
0
        return NULL;
4892
0
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
4893
0
    if (pctx == NULL)
4894
0
        goto err;
4895
0
    if (EVP_PKEY_keygen_init(pctx) <= 0)
4896
0
        goto err;
4897
0
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4898
0
        EVP_PKEY_free(pkey);
4899
0
        pkey = NULL;
4900
0
    }
4901
4902
0
    err:
4903
0
    EVP_PKEY_CTX_free(pctx);
4904
0
    return pkey;
4905
0
}
4906
4907
/* Generate a private key from a group ID */
4908
EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
4909
0
{
4910
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4911
0
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4912
0
    EVP_PKEY_CTX *pctx = NULL;
4913
0
    EVP_PKEY *pkey = NULL;
4914
4915
0
    if (ginf == NULL) {
4916
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4917
0
        goto err;
4918
0
    }
4919
4920
0
    pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4921
0
                                      sctx->propq);
4922
4923
0
    if (pctx == NULL) {
4924
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4925
0
        goto err;
4926
0
    }
4927
0
    if (EVP_PKEY_keygen_init(pctx) <= 0) {
4928
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4929
0
        goto err;
4930
0
    }
4931
0
    if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4932
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4933
0
        goto err;
4934
0
    }
4935
0
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4936
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4937
0
        EVP_PKEY_free(pkey);
4938
0
        pkey = NULL;
4939
0
    }
4940
4941
0
 err:
4942
0
    EVP_PKEY_CTX_free(pctx);
4943
0
    return pkey;
4944
0
}
4945
4946
/*
4947
 * Generate parameters from a group ID
4948
 */
4949
EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
4950
0
{
4951
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4952
0
    EVP_PKEY_CTX *pctx = NULL;
4953
0
    EVP_PKEY *pkey = NULL;
4954
0
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4955
4956
0
    if (ginf == NULL)
4957
0
        goto err;
4958
4959
0
    pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4960
0
                                      sctx->propq);
4961
4962
0
    if (pctx == NULL)
4963
0
        goto err;
4964
0
    if (EVP_PKEY_paramgen_init(pctx) <= 0)
4965
0
        goto err;
4966
0
    if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4967
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4968
0
        goto err;
4969
0
    }
4970
0
    if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4971
0
        EVP_PKEY_free(pkey);
4972
0
        pkey = NULL;
4973
0
    }
4974
4975
0
 err:
4976
0
    EVP_PKEY_CTX_free(pctx);
4977
0
    return pkey;
4978
0
}
4979
4980
/* Generate secrets from pms */
4981
int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
4982
0
{
4983
0
    int rv = 0;
4984
4985
    /* SSLfatal() called as appropriate in the below functions */
4986
0
    if (SSL_CONNECTION_IS_TLS13(s)) {
4987
        /*
4988
         * If we are resuming then we already generated the early secret
4989
         * when we created the ClientHello, so don't recreate it.
4990
         */
4991
0
        if (!s->hit)
4992
0
            rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4993
0
                    0,
4994
0
                    (unsigned char *)&s->early_secret);
4995
0
        else
4996
0
            rv = 1;
4997
4998
0
        rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4999
0
    } else {
5000
0
        rv = ssl_generate_master_secret(s, pms, pmslen, 0);
5001
0
    }
5002
5003
0
    return rv;
5004
0
}
5005
5006
/* Derive secrets for ECDH/DH */
5007
int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
5008
0
{
5009
0
    int rv = 0;
5010
0
    unsigned char *pms = NULL;
5011
0
    size_t pmslen = 0;
5012
0
    EVP_PKEY_CTX *pctx;
5013
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5014
5015
0
    if (privkey == NULL || pubkey == NULL) {
5016
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5017
0
        return 0;
5018
0
    }
5019
5020
0
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5021
5022
0
    if (EVP_PKEY_derive_init(pctx) <= 0
5023
0
        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
5024
0
        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
5025
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5026
0
        goto err;
5027
0
    }
5028
5029
0
    if (SSL_CONNECTION_IS_TLS13(s) &&  EVP_PKEY_is_a(privkey, "DH"))
5030
0
        EVP_PKEY_CTX_set_dh_pad(pctx, 1);
5031
5032
0
    pms = OPENSSL_malloc(pmslen);
5033
0
    if (pms == NULL) {
5034
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5035
0
        goto err;
5036
0
    }
5037
5038
0
    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
5039
        /*
5040
         * the public key was probably a weak key
5041
         */
5042
0
        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5043
0
        goto err;
5044
0
    }
5045
5046
0
    if (gensecret) {
5047
        /* SSLfatal() called as appropriate in the below functions */
5048
0
        rv = ssl_gensecret(s, pms, pmslen);
5049
0
    } else {
5050
        /* Save premaster secret */
5051
0
        s->s3.tmp.pms = pms;
5052
0
        s->s3.tmp.pmslen = pmslen;
5053
0
        pms = NULL;
5054
0
        rv = 1;
5055
0
    }
5056
5057
0
 err:
5058
0
    OPENSSL_clear_free(pms, pmslen);
5059
0
    EVP_PKEY_CTX_free(pctx);
5060
0
    return rv;
5061
0
}
5062
5063
/* Decapsulate secrets for KEM */
5064
int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
5065
                    const unsigned char *ct, size_t ctlen,
5066
                    int gensecret)
5067
0
{
5068
0
    int rv = 0;
5069
0
    unsigned char *pms = NULL;
5070
0
    size_t pmslen = 0;
5071
0
    EVP_PKEY_CTX *pctx;
5072
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5073
5074
0
    if (privkey == NULL) {
5075
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5076
0
        return 0;
5077
0
    }
5078
5079
0
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5080
5081
0
    if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
5082
0
            || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
5083
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5084
0
        goto err;
5085
0
    }
5086
5087
0
    pms = OPENSSL_malloc(pmslen);
5088
0
    if (pms == NULL) {
5089
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5090
0
        goto err;
5091
0
    }
5092
5093
0
    if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5094
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5095
0
        goto err;
5096
0
    }
5097
5098
0
    if (gensecret) {
5099
        /* SSLfatal() called as appropriate in the below functions */
5100
0
        rv = ssl_gensecret(s, pms, pmslen);
5101
0
    } else {
5102
        /* Save premaster secret */
5103
0
        s->s3.tmp.pms = pms;
5104
0
        s->s3.tmp.pmslen = pmslen;
5105
0
        pms = NULL;
5106
0
        rv = 1;
5107
0
    }
5108
5109
0
 err:
5110
0
    OPENSSL_clear_free(pms, pmslen);
5111
0
    EVP_PKEY_CTX_free(pctx);
5112
0
    return rv;
5113
0
}
5114
5115
int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5116
                    unsigned char **ctp, size_t *ctlenp,
5117
                    int gensecret)
5118
0
{
5119
0
    int rv = 0;
5120
0
    unsigned char *pms = NULL, *ct = NULL;
5121
0
    size_t pmslen = 0, ctlen = 0;
5122
0
    EVP_PKEY_CTX *pctx;
5123
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5124
5125
0
    if (pubkey == NULL) {
5126
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5127
0
        return 0;
5128
0
    }
5129
5130
0
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5131
5132
0
    if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5133
0
            || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5134
0
            || pmslen == 0 || ctlen == 0) {
5135
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5136
0
        goto err;
5137
0
    }
5138
5139
0
    pms = OPENSSL_malloc(pmslen);
5140
0
    ct = OPENSSL_malloc(ctlen);
5141
0
    if (pms == NULL || ct == NULL) {
5142
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5143
0
        goto err;
5144
0
    }
5145
5146
0
    if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5147
0
        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5148
0
        goto err;
5149
0
    }
5150
5151
0
    if (gensecret) {
5152
        /* SSLfatal() called as appropriate in the below functions */
5153
0
        rv = ssl_gensecret(s, pms, pmslen);
5154
0
    } else {
5155
        /* Save premaster secret */
5156
0
        s->s3.tmp.pms = pms;
5157
0
        s->s3.tmp.pmslen = pmslen;
5158
0
        pms = NULL;
5159
0
        rv = 1;
5160
0
    }
5161
5162
0
    if (rv > 0) {
5163
        /* Pass ownership of ct to caller */
5164
0
        *ctp = ct;
5165
0
        *ctlenp = ctlen;
5166
0
        ct = NULL;
5167
0
    }
5168
5169
0
 err:
5170
0
    OPENSSL_clear_free(pms, pmslen);
5171
0
    OPENSSL_free(ct);
5172
0
    EVP_PKEY_CTX_free(pctx);
5173
0
    return rv;
5174
0
}
5175
5176
const char *SSL_get0_group_name(SSL *s)
5177
0
{
5178
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5179
0
    unsigned int id;
5180
5181
0
    if (sc == NULL)
5182
0
        return NULL;
5183
5184
0
    if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5185
0
        id = sc->s3.group_id;
5186
0
    else
5187
0
        id = sc->session->kex_group;
5188
5189
0
    return tls1_group_id2name(s->ctx, id);
5190
0
}
5191
5192
0
const char *SSL_group_to_name(SSL *s, int nid) {
5193
0
    int group_id = 0;
5194
0
    const TLS_GROUP_INFO *cinf = NULL;
5195
5196
    /* first convert to real group id for internal and external IDs */
5197
0
    if (nid & TLSEXT_nid_unknown)
5198
0
        group_id = nid & 0xFFFF;
5199
0
    else
5200
0
        group_id = tls1_nid2group_id(nid);
5201
5202
    /* then look up */
5203
0
    cinf = tls1_group_id_lookup(s->ctx, group_id);
5204
5205
0
    if (cinf != NULL)
5206
0
        return cinf->tlsname;
5207
0
    return NULL;
5208
0
}