Coverage Report

Created: 2025-08-25 06:30

/src/openssl/ssl/s3_lib.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4
 * Copyright 2005 Nokia. All rights reserved.
5
 *
6
 * Licensed under the Apache License 2.0 (the "License").  You may not use
7
 * this file except in compliance with the License.  You can obtain a copy
8
 * in the file LICENSE in the source distribution or at
9
 * https://www.openssl.org/source/license.html
10
 */
11
12
#include "internal/e_os.h"
13
14
#include <openssl/objects.h>
15
#include "internal/nelem.h"
16
#include "ssl_local.h"
17
#include <openssl/md5.h>
18
#include <openssl/dh.h>
19
#include <openssl/rand.h>
20
#include <openssl/trace.h>
21
#include <openssl/x509v3.h>
22
#include <openssl/core_names.h>
23
#include "internal/cryptlib.h"
24
#include "internal/ssl_unwrap.h"
25
#include <openssl/ocsp.h>
26
27
16
#define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
28
16
#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
29
16
#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
30
31
/* TLSv1.3 downgrade protection sentinel values */
32
const unsigned char tls11downgrade[] = {
33
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
34
};
35
const unsigned char tls12downgrade[] = {
36
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
37
};
38
39
/* The list of available TLSv1.3 ciphers */
40
static SSL_CIPHER tls13_ciphers[] = {
41
    {
42
        1,
43
        TLS1_3_RFC_AES_128_GCM_SHA256,
44
        TLS1_3_RFC_AES_128_GCM_SHA256,
45
        TLS1_3_CK_AES_128_GCM_SHA256,
46
        SSL_kANY,
47
        SSL_aANY,
48
        SSL_AES128GCM,
49
        SSL_AEAD,
50
        TLS1_3_VERSION, TLS1_3_VERSION,
51
        0, 0,
52
        SSL_HIGH,
53
        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
54
        128,
55
        128,
56
    }, {
57
        1,
58
        TLS1_3_RFC_AES_256_GCM_SHA384,
59
        TLS1_3_RFC_AES_256_GCM_SHA384,
60
        TLS1_3_CK_AES_256_GCM_SHA384,
61
        SSL_kANY,
62
        SSL_aANY,
63
        SSL_AES256GCM,
64
        SSL_AEAD,
65
        TLS1_3_VERSION, TLS1_3_VERSION,
66
        0, 0,
67
        SSL_HIGH,
68
        SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
69
        256,
70
        256,
71
    },
72
    {
73
        1,
74
        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
75
        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
76
        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
77
        SSL_kANY,
78
        SSL_aANY,
79
        SSL_CHACHA20POLY1305,
80
        SSL_AEAD,
81
        TLS1_3_VERSION, TLS1_3_VERSION,
82
        0, 0,
83
        SSL_HIGH,
84
        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
85
        256,
86
        256,
87
    },
88
    {
89
        1,
90
        TLS1_3_RFC_AES_128_CCM_SHA256,
91
        TLS1_3_RFC_AES_128_CCM_SHA256,
92
        TLS1_3_CK_AES_128_CCM_SHA256,
93
        SSL_kANY,
94
        SSL_aANY,
95
        SSL_AES128CCM,
96
        SSL_AEAD,
97
        TLS1_3_VERSION, TLS1_3_VERSION,
98
        0, 0,
99
        SSL_NOT_DEFAULT | SSL_HIGH,
100
        SSL_HANDSHAKE_MAC_SHA256,
101
        128,
102
        128,
103
    }, {
104
        1,
105
        TLS1_3_RFC_AES_128_CCM_8_SHA256,
106
        TLS1_3_RFC_AES_128_CCM_8_SHA256,
107
        TLS1_3_CK_AES_128_CCM_8_SHA256,
108
        SSL_kANY,
109
        SSL_aANY,
110
        SSL_AES128CCM8,
111
        SSL_AEAD,
112
        TLS1_3_VERSION, TLS1_3_VERSION,
113
        0, 0,
114
        SSL_NOT_DEFAULT | SSL_MEDIUM,
115
        SSL_HANDSHAKE_MAC_SHA256,
116
        64, /* CCM8 uses a short tag, so we have a low security strength */
117
        128,
118
    },
119
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
120
    {
121
        1,
122
        TLS1_3_RFC_SHA256_SHA256,
123
        TLS1_3_RFC_SHA256_SHA256,
124
        TLS1_3_CK_SHA256_SHA256,
125
        SSL_kANY,
126
        SSL_aANY,
127
        SSL_eNULL,
128
        SSL_SHA256,
129
        TLS1_3_VERSION, TLS1_3_VERSION,
130
        0, 0,
131
        SSL_NOT_DEFAULT | SSL_STRONG_NONE,
132
        SSL_HANDSHAKE_MAC_SHA256,
133
        0,
134
        256,
135
    }, {
136
        1,
137
        TLS1_3_RFC_SHA384_SHA384,
138
        TLS1_3_RFC_SHA384_SHA384,
139
        TLS1_3_CK_SHA384_SHA384,
140
        SSL_kANY,
141
        SSL_aANY,
142
        SSL_eNULL,
143
        SSL_SHA384,
144
        TLS1_3_VERSION, TLS1_3_VERSION,
145
        0, 0,
146
        SSL_NOT_DEFAULT | SSL_STRONG_NONE,
147
        SSL_HANDSHAKE_MAC_SHA384,
148
        0,
149
        384,
150
    },
151
#endif
152
};
153
154
/*
155
 * The list of available ciphers, mostly organized into the following
156
 * groups:
157
 *      Always there
158
 *      EC
159
 *      PSK
160
 *      SRP (within that: RSA EC PSK)
161
 *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
162
 *      Weak ciphers
163
 */
164
static SSL_CIPHER ssl3_ciphers[] = {
165
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
166
    {
167
     1,
168
     SSL3_TXT_RSA_NULL_MD5,
169
     SSL3_RFC_RSA_NULL_MD5,
170
     SSL3_CK_RSA_NULL_MD5,
171
     SSL_kRSA,
172
     SSL_aRSA,
173
     SSL_eNULL,
174
     SSL_MD5,
175
     SSL3_VERSION, TLS1_2_VERSION,
176
     DTLS1_BAD_VER, DTLS1_2_VERSION,
177
     SSL_STRONG_NONE,
178
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
179
     0,
180
     0,
181
     },
182
    {
183
     1,
184
     SSL3_TXT_RSA_NULL_SHA,
185
     SSL3_RFC_RSA_NULL_SHA,
186
     SSL3_CK_RSA_NULL_SHA,
187
     SSL_kRSA,
188
     SSL_aRSA,
189
     SSL_eNULL,
190
     SSL_SHA1,
191
     SSL3_VERSION, TLS1_2_VERSION,
192
     DTLS1_BAD_VER, DTLS1_2_VERSION,
193
     SSL_STRONG_NONE | SSL_FIPS,
194
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
195
     0,
196
     0,
197
     },
198
#endif
199
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
200
    {
201
     1,
202
     SSL3_TXT_RSA_DES_192_CBC3_SHA,
203
     SSL3_RFC_RSA_DES_192_CBC3_SHA,
204
     SSL3_CK_RSA_DES_192_CBC3_SHA,
205
     SSL_kRSA,
206
     SSL_aRSA,
207
     SSL_3DES,
208
     SSL_SHA1,
209
     SSL3_VERSION, TLS1_2_VERSION,
210
     DTLS1_BAD_VER, DTLS1_2_VERSION,
211
     SSL_NOT_DEFAULT | SSL_MEDIUM,
212
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
213
     112,
214
     168,
215
     },
216
    {
217
     1,
218
     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
219
     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
220
     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
221
     SSL_kDHE,
222
     SSL_aDSS,
223
     SSL_3DES,
224
     SSL_SHA1,
225
     SSL3_VERSION, TLS1_2_VERSION,
226
     DTLS1_BAD_VER, DTLS1_2_VERSION,
227
     SSL_NOT_DEFAULT | SSL_MEDIUM,
228
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
229
     112,
230
     168,
231
     },
232
    {
233
     1,
234
     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
235
     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
236
     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
237
     SSL_kDHE,
238
     SSL_aRSA,
239
     SSL_3DES,
240
     SSL_SHA1,
241
     SSL3_VERSION, TLS1_2_VERSION,
242
     DTLS1_BAD_VER, DTLS1_2_VERSION,
243
     SSL_NOT_DEFAULT | SSL_MEDIUM,
244
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
245
     112,
246
     168,
247
     },
248
    {
249
     1,
250
     SSL3_TXT_ADH_DES_192_CBC_SHA,
251
     SSL3_RFC_ADH_DES_192_CBC_SHA,
252
     SSL3_CK_ADH_DES_192_CBC_SHA,
253
     SSL_kDHE,
254
     SSL_aNULL,
255
     SSL_3DES,
256
     SSL_SHA1,
257
     SSL3_VERSION, TLS1_2_VERSION,
258
     DTLS1_BAD_VER, DTLS1_2_VERSION,
259
     SSL_NOT_DEFAULT | SSL_MEDIUM,
260
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
261
     112,
262
     168,
263
     },
264
#endif
265
    {
266
     1,
267
     TLS1_TXT_RSA_WITH_AES_128_SHA,
268
     TLS1_RFC_RSA_WITH_AES_128_SHA,
269
     TLS1_CK_RSA_WITH_AES_128_SHA,
270
     SSL_kRSA,
271
     SSL_aRSA,
272
     SSL_AES128,
273
     SSL_SHA1,
274
     SSL3_VERSION, TLS1_2_VERSION,
275
     DTLS1_BAD_VER, DTLS1_2_VERSION,
276
     SSL_HIGH | SSL_FIPS,
277
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
278
     128,
279
     128,
280
     },
281
    {
282
     1,
283
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
284
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
285
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
286
     SSL_kDHE,
287
     SSL_aDSS,
288
     SSL_AES128,
289
     SSL_SHA1,
290
     SSL3_VERSION, TLS1_2_VERSION,
291
     DTLS1_BAD_VER, DTLS1_2_VERSION,
292
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
293
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
294
     128,
295
     128,
296
     },
297
    {
298
     1,
299
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
300
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
301
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
302
     SSL_kDHE,
303
     SSL_aRSA,
304
     SSL_AES128,
305
     SSL_SHA1,
306
     SSL3_VERSION, TLS1_2_VERSION,
307
     DTLS1_BAD_VER, DTLS1_2_VERSION,
308
     SSL_HIGH | SSL_FIPS,
309
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
310
     128,
311
     128,
312
     },
313
    {
314
     1,
315
     TLS1_TXT_ADH_WITH_AES_128_SHA,
316
     TLS1_RFC_ADH_WITH_AES_128_SHA,
317
     TLS1_CK_ADH_WITH_AES_128_SHA,
318
     SSL_kDHE,
319
     SSL_aNULL,
320
     SSL_AES128,
321
     SSL_SHA1,
322
     SSL3_VERSION, TLS1_2_VERSION,
323
     DTLS1_BAD_VER, DTLS1_2_VERSION,
324
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
325
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
326
     128,
327
     128,
328
     },
329
    {
330
     1,
331
     TLS1_TXT_RSA_WITH_AES_256_SHA,
332
     TLS1_RFC_RSA_WITH_AES_256_SHA,
333
     TLS1_CK_RSA_WITH_AES_256_SHA,
334
     SSL_kRSA,
335
     SSL_aRSA,
336
     SSL_AES256,
337
     SSL_SHA1,
338
     SSL3_VERSION, TLS1_2_VERSION,
339
     DTLS1_BAD_VER, DTLS1_2_VERSION,
340
     SSL_HIGH | SSL_FIPS,
341
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
342
     256,
343
     256,
344
     },
345
    {
346
     1,
347
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
348
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
349
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
350
     SSL_kDHE,
351
     SSL_aDSS,
352
     SSL_AES256,
353
     SSL_SHA1,
354
     SSL3_VERSION, TLS1_2_VERSION,
355
     DTLS1_BAD_VER, DTLS1_2_VERSION,
356
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
357
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
358
     256,
359
     256,
360
     },
361
    {
362
     1,
363
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
364
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
365
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
366
     SSL_kDHE,
367
     SSL_aRSA,
368
     SSL_AES256,
369
     SSL_SHA1,
370
     SSL3_VERSION, TLS1_2_VERSION,
371
     DTLS1_BAD_VER, DTLS1_2_VERSION,
372
     SSL_HIGH | SSL_FIPS,
373
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
374
     256,
375
     256,
376
     },
377
    {
378
     1,
379
     TLS1_TXT_ADH_WITH_AES_256_SHA,
380
     TLS1_RFC_ADH_WITH_AES_256_SHA,
381
     TLS1_CK_ADH_WITH_AES_256_SHA,
382
     SSL_kDHE,
383
     SSL_aNULL,
384
     SSL_AES256,
385
     SSL_SHA1,
386
     SSL3_VERSION, TLS1_2_VERSION,
387
     DTLS1_BAD_VER, DTLS1_2_VERSION,
388
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
389
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
390
     256,
391
     256,
392
     },
393
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
394
    {
395
     1,
396
     TLS1_TXT_RSA_WITH_NULL_SHA256,
397
     TLS1_RFC_RSA_WITH_NULL_SHA256,
398
     TLS1_CK_RSA_WITH_NULL_SHA256,
399
     SSL_kRSA,
400
     SSL_aRSA,
401
     SSL_eNULL,
402
     SSL_SHA256,
403
     TLS1_2_VERSION, TLS1_2_VERSION,
404
     DTLS1_2_VERSION, DTLS1_2_VERSION,
405
     SSL_STRONG_NONE | SSL_FIPS,
406
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
407
     0,
408
     0,
409
     },
410
#endif
411
    {
412
     1,
413
     TLS1_TXT_RSA_WITH_AES_128_SHA256,
414
     TLS1_RFC_RSA_WITH_AES_128_SHA256,
415
     TLS1_CK_RSA_WITH_AES_128_SHA256,
416
     SSL_kRSA,
417
     SSL_aRSA,
418
     SSL_AES128,
419
     SSL_SHA256,
420
     TLS1_2_VERSION, TLS1_2_VERSION,
421
     DTLS1_2_VERSION, DTLS1_2_VERSION,
422
     SSL_HIGH | SSL_FIPS,
423
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
424
     128,
425
     128,
426
     },
427
    {
428
     1,
429
     TLS1_TXT_RSA_WITH_AES_256_SHA256,
430
     TLS1_RFC_RSA_WITH_AES_256_SHA256,
431
     TLS1_CK_RSA_WITH_AES_256_SHA256,
432
     SSL_kRSA,
433
     SSL_aRSA,
434
     SSL_AES256,
435
     SSL_SHA256,
436
     TLS1_2_VERSION, TLS1_2_VERSION,
437
     DTLS1_2_VERSION, DTLS1_2_VERSION,
438
     SSL_HIGH | SSL_FIPS,
439
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
440
     256,
441
     256,
442
     },
443
    {
444
     1,
445
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
446
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
447
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
448
     SSL_kDHE,
449
     SSL_aDSS,
450
     SSL_AES128,
451
     SSL_SHA256,
452
     TLS1_2_VERSION, TLS1_2_VERSION,
453
     DTLS1_2_VERSION, DTLS1_2_VERSION,
454
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
455
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
456
     128,
457
     128,
458
     },
459
    {
460
     1,
461
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
462
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
463
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
464
     SSL_kDHE,
465
     SSL_aRSA,
466
     SSL_AES128,
467
     SSL_SHA256,
468
     TLS1_2_VERSION, TLS1_2_VERSION,
469
     DTLS1_2_VERSION, DTLS1_2_VERSION,
470
     SSL_HIGH | SSL_FIPS,
471
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
472
     128,
473
     128,
474
     },
475
    {
476
     1,
477
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
478
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
479
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
480
     SSL_kDHE,
481
     SSL_aDSS,
482
     SSL_AES256,
483
     SSL_SHA256,
484
     TLS1_2_VERSION, TLS1_2_VERSION,
485
     DTLS1_2_VERSION, DTLS1_2_VERSION,
486
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
487
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
488
     256,
489
     256,
490
     },
491
    {
492
     1,
493
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
494
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
495
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
496
     SSL_kDHE,
497
     SSL_aRSA,
498
     SSL_AES256,
499
     SSL_SHA256,
500
     TLS1_2_VERSION, TLS1_2_VERSION,
501
     DTLS1_2_VERSION, DTLS1_2_VERSION,
502
     SSL_HIGH | SSL_FIPS,
503
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
504
     256,
505
     256,
506
     },
507
    {
508
     1,
509
     TLS1_TXT_ADH_WITH_AES_128_SHA256,
510
     TLS1_RFC_ADH_WITH_AES_128_SHA256,
511
     TLS1_CK_ADH_WITH_AES_128_SHA256,
512
     SSL_kDHE,
513
     SSL_aNULL,
514
     SSL_AES128,
515
     SSL_SHA256,
516
     TLS1_2_VERSION, TLS1_2_VERSION,
517
     DTLS1_2_VERSION, DTLS1_2_VERSION,
518
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
519
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
520
     128,
521
     128,
522
     },
523
    {
524
     1,
525
     TLS1_TXT_ADH_WITH_AES_256_SHA256,
526
     TLS1_RFC_ADH_WITH_AES_256_SHA256,
527
     TLS1_CK_ADH_WITH_AES_256_SHA256,
528
     SSL_kDHE,
529
     SSL_aNULL,
530
     SSL_AES256,
531
     SSL_SHA256,
532
     TLS1_2_VERSION, TLS1_2_VERSION,
533
     DTLS1_2_VERSION, DTLS1_2_VERSION,
534
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
535
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
536
     256,
537
     256,
538
     },
539
    {
540
     1,
541
     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
542
     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
543
     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
544
     SSL_kRSA,
545
     SSL_aRSA,
546
     SSL_AES128GCM,
547
     SSL_AEAD,
548
     TLS1_2_VERSION, TLS1_2_VERSION,
549
     DTLS1_2_VERSION, DTLS1_2_VERSION,
550
     SSL_HIGH | SSL_FIPS,
551
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
552
     128,
553
     128,
554
     },
555
    {
556
     1,
557
     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
558
     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
559
     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
560
     SSL_kRSA,
561
     SSL_aRSA,
562
     SSL_AES256GCM,
563
     SSL_AEAD,
564
     TLS1_2_VERSION, TLS1_2_VERSION,
565
     DTLS1_2_VERSION, DTLS1_2_VERSION,
566
     SSL_HIGH | SSL_FIPS,
567
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
568
     256,
569
     256,
570
     },
571
    {
572
     1,
573
     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
574
     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
575
     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
576
     SSL_kDHE,
577
     SSL_aRSA,
578
     SSL_AES128GCM,
579
     SSL_AEAD,
580
     TLS1_2_VERSION, TLS1_2_VERSION,
581
     DTLS1_2_VERSION, DTLS1_2_VERSION,
582
     SSL_HIGH | SSL_FIPS,
583
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
584
     128,
585
     128,
586
     },
587
    {
588
     1,
589
     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
590
     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
591
     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
592
     SSL_kDHE,
593
     SSL_aRSA,
594
     SSL_AES256GCM,
595
     SSL_AEAD,
596
     TLS1_2_VERSION, TLS1_2_VERSION,
597
     DTLS1_2_VERSION, DTLS1_2_VERSION,
598
     SSL_HIGH | SSL_FIPS,
599
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
600
     256,
601
     256,
602
     },
603
    {
604
     1,
605
     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
606
     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
607
     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
608
     SSL_kDHE,
609
     SSL_aDSS,
610
     SSL_AES128GCM,
611
     SSL_AEAD,
612
     TLS1_2_VERSION, TLS1_2_VERSION,
613
     DTLS1_2_VERSION, DTLS1_2_VERSION,
614
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
615
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
616
     128,
617
     128,
618
     },
619
    {
620
     1,
621
     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
622
     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
623
     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
624
     SSL_kDHE,
625
     SSL_aDSS,
626
     SSL_AES256GCM,
627
     SSL_AEAD,
628
     TLS1_2_VERSION, TLS1_2_VERSION,
629
     DTLS1_2_VERSION, DTLS1_2_VERSION,
630
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
631
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
632
     256,
633
     256,
634
     },
635
    {
636
     1,
637
     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
638
     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
639
     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
640
     SSL_kDHE,
641
     SSL_aNULL,
642
     SSL_AES128GCM,
643
     SSL_AEAD,
644
     TLS1_2_VERSION, TLS1_2_VERSION,
645
     DTLS1_2_VERSION, DTLS1_2_VERSION,
646
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
647
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
648
     128,
649
     128,
650
     },
651
    {
652
     1,
653
     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
654
     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
655
     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
656
     SSL_kDHE,
657
     SSL_aNULL,
658
     SSL_AES256GCM,
659
     SSL_AEAD,
660
     TLS1_2_VERSION, TLS1_2_VERSION,
661
     DTLS1_2_VERSION, DTLS1_2_VERSION,
662
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
663
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
664
     256,
665
     256,
666
     },
667
    {
668
     1,
669
     TLS1_TXT_RSA_WITH_AES_128_CCM,
670
     TLS1_RFC_RSA_WITH_AES_128_CCM,
671
     TLS1_CK_RSA_WITH_AES_128_CCM,
672
     SSL_kRSA,
673
     SSL_aRSA,
674
     SSL_AES128CCM,
675
     SSL_AEAD,
676
     TLS1_2_VERSION, TLS1_2_VERSION,
677
     DTLS1_2_VERSION, DTLS1_2_VERSION,
678
     SSL_NOT_DEFAULT | SSL_HIGH,
679
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
680
     128,
681
     128,
682
     },
683
    {
684
     1,
685
     TLS1_TXT_RSA_WITH_AES_256_CCM,
686
     TLS1_RFC_RSA_WITH_AES_256_CCM,
687
     TLS1_CK_RSA_WITH_AES_256_CCM,
688
     SSL_kRSA,
689
     SSL_aRSA,
690
     SSL_AES256CCM,
691
     SSL_AEAD,
692
     TLS1_2_VERSION, TLS1_2_VERSION,
693
     DTLS1_2_VERSION, DTLS1_2_VERSION,
694
     SSL_NOT_DEFAULT | SSL_HIGH,
695
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
696
     256,
697
     256,
698
     },
699
    {
700
     1,
701
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
702
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
703
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
704
     SSL_kDHE,
705
     SSL_aRSA,
706
     SSL_AES128CCM,
707
     SSL_AEAD,
708
     TLS1_2_VERSION, TLS1_2_VERSION,
709
     DTLS1_2_VERSION, DTLS1_2_VERSION,
710
     SSL_NOT_DEFAULT | SSL_HIGH,
711
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
712
     128,
713
     128,
714
     },
715
    {
716
     1,
717
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
718
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
719
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
720
     SSL_kDHE,
721
     SSL_aRSA,
722
     SSL_AES256CCM,
723
     SSL_AEAD,
724
     TLS1_2_VERSION, TLS1_2_VERSION,
725
     DTLS1_2_VERSION, DTLS1_2_VERSION,
726
     SSL_NOT_DEFAULT | SSL_HIGH,
727
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
728
     256,
729
     256,
730
     },
731
    {
732
     1,
733
     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
734
     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
735
     TLS1_CK_RSA_WITH_AES_128_CCM_8,
736
     SSL_kRSA,
737
     SSL_aRSA,
738
     SSL_AES128CCM8,
739
     SSL_AEAD,
740
     TLS1_2_VERSION, TLS1_2_VERSION,
741
     DTLS1_2_VERSION, DTLS1_2_VERSION,
742
     SSL_NOT_DEFAULT | SSL_MEDIUM,
743
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
744
     64, /* CCM8 uses a short tag, so we have a low security strength */
745
     128,
746
     },
747
    {
748
     1,
749
     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
750
     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
751
     TLS1_CK_RSA_WITH_AES_256_CCM_8,
752
     SSL_kRSA,
753
     SSL_aRSA,
754
     SSL_AES256CCM8,
755
     SSL_AEAD,
756
     TLS1_2_VERSION, TLS1_2_VERSION,
757
     DTLS1_2_VERSION, DTLS1_2_VERSION,
758
     SSL_NOT_DEFAULT | SSL_MEDIUM,
759
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
760
     64, /* CCM8 uses a short tag, so we have a low security strength */
761
     256,
762
     },
763
    {
764
     1,
765
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
766
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
767
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
768
     SSL_kDHE,
769
     SSL_aRSA,
770
     SSL_AES128CCM8,
771
     SSL_AEAD,
772
     TLS1_2_VERSION, TLS1_2_VERSION,
773
     DTLS1_2_VERSION, DTLS1_2_VERSION,
774
     SSL_NOT_DEFAULT | SSL_MEDIUM,
775
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
776
     64, /* CCM8 uses a short tag, so we have a low security strength */
777
     128,
778
     },
779
    {
780
     1,
781
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
782
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
783
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
784
     SSL_kDHE,
785
     SSL_aRSA,
786
     SSL_AES256CCM8,
787
     SSL_AEAD,
788
     TLS1_2_VERSION, TLS1_2_VERSION,
789
     DTLS1_2_VERSION, DTLS1_2_VERSION,
790
     SSL_NOT_DEFAULT | SSL_MEDIUM,
791
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
792
     64, /* CCM8 uses a short tag, so we have a low security strength */
793
     256,
794
     },
795
    {
796
     1,
797
     TLS1_TXT_PSK_WITH_AES_128_CCM,
798
     TLS1_RFC_PSK_WITH_AES_128_CCM,
799
     TLS1_CK_PSK_WITH_AES_128_CCM,
800
     SSL_kPSK,
801
     SSL_aPSK,
802
     SSL_AES128CCM,
803
     SSL_AEAD,
804
     TLS1_2_VERSION, TLS1_2_VERSION,
805
     DTLS1_2_VERSION, DTLS1_2_VERSION,
806
     SSL_NOT_DEFAULT | SSL_HIGH,
807
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
808
     128,
809
     128,
810
     },
811
    {
812
     1,
813
     TLS1_TXT_PSK_WITH_AES_256_CCM,
814
     TLS1_RFC_PSK_WITH_AES_256_CCM,
815
     TLS1_CK_PSK_WITH_AES_256_CCM,
816
     SSL_kPSK,
817
     SSL_aPSK,
818
     SSL_AES256CCM,
819
     SSL_AEAD,
820
     TLS1_2_VERSION, TLS1_2_VERSION,
821
     DTLS1_2_VERSION, DTLS1_2_VERSION,
822
     SSL_NOT_DEFAULT | SSL_HIGH,
823
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
824
     256,
825
     256,
826
     },
827
    {
828
     1,
829
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
830
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
831
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
832
     SSL_kDHEPSK,
833
     SSL_aPSK,
834
     SSL_AES128CCM,
835
     SSL_AEAD,
836
     TLS1_2_VERSION, TLS1_2_VERSION,
837
     DTLS1_2_VERSION, DTLS1_2_VERSION,
838
     SSL_NOT_DEFAULT | SSL_HIGH,
839
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
840
     128,
841
     128,
842
     },
843
    {
844
     1,
845
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
846
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
847
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
848
     SSL_kDHEPSK,
849
     SSL_aPSK,
850
     SSL_AES256CCM,
851
     SSL_AEAD,
852
     TLS1_2_VERSION, TLS1_2_VERSION,
853
     DTLS1_2_VERSION, DTLS1_2_VERSION,
854
     SSL_NOT_DEFAULT | SSL_HIGH,
855
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
856
     256,
857
     256,
858
     },
859
    {
860
     1,
861
     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
862
     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
863
     TLS1_CK_PSK_WITH_AES_128_CCM_8,
864
     SSL_kPSK,
865
     SSL_aPSK,
866
     SSL_AES128CCM8,
867
     SSL_AEAD,
868
     TLS1_2_VERSION, TLS1_2_VERSION,
869
     DTLS1_2_VERSION, DTLS1_2_VERSION,
870
     SSL_NOT_DEFAULT | SSL_MEDIUM,
871
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
872
     64, /* CCM8 uses a short tag, so we have a low security strength */
873
     128,
874
     },
875
    {
876
     1,
877
     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
878
     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
879
     TLS1_CK_PSK_WITH_AES_256_CCM_8,
880
     SSL_kPSK,
881
     SSL_aPSK,
882
     SSL_AES256CCM8,
883
     SSL_AEAD,
884
     TLS1_2_VERSION, TLS1_2_VERSION,
885
     DTLS1_2_VERSION, DTLS1_2_VERSION,
886
     SSL_NOT_DEFAULT | SSL_MEDIUM,
887
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
888
     64, /* CCM8 uses a short tag, so we have a low security strength */
889
     256,
890
     },
891
    {
892
     1,
893
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
894
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
895
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
896
     SSL_kDHEPSK,
897
     SSL_aPSK,
898
     SSL_AES128CCM8,
899
     SSL_AEAD,
900
     TLS1_2_VERSION, TLS1_2_VERSION,
901
     DTLS1_2_VERSION, DTLS1_2_VERSION,
902
     SSL_NOT_DEFAULT | SSL_MEDIUM,
903
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
904
     64, /* CCM8 uses a short tag, so we have a low security strength */
905
     128,
906
     },
907
    {
908
     1,
909
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
910
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
911
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
912
     SSL_kDHEPSK,
913
     SSL_aPSK,
914
     SSL_AES256CCM8,
915
     SSL_AEAD,
916
     TLS1_2_VERSION, TLS1_2_VERSION,
917
     DTLS1_2_VERSION, DTLS1_2_VERSION,
918
     SSL_NOT_DEFAULT | SSL_MEDIUM,
919
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
920
     64, /* CCM8 uses a short tag, so we have a low security strength */
921
     256,
922
     },
923
    {
924
     1,
925
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
926
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
927
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
928
     SSL_kECDHE,
929
     SSL_aECDSA,
930
     SSL_AES128CCM,
931
     SSL_AEAD,
932
     TLS1_2_VERSION, TLS1_2_VERSION,
933
     DTLS1_2_VERSION, DTLS1_2_VERSION,
934
     SSL_NOT_DEFAULT | SSL_HIGH,
935
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
936
     128,
937
     128,
938
     },
939
    {
940
     1,
941
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
942
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
943
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
944
     SSL_kECDHE,
945
     SSL_aECDSA,
946
     SSL_AES256CCM,
947
     SSL_AEAD,
948
     TLS1_2_VERSION, TLS1_2_VERSION,
949
     DTLS1_2_VERSION, DTLS1_2_VERSION,
950
     SSL_NOT_DEFAULT | SSL_HIGH,
951
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
952
     256,
953
     256,
954
     },
955
    {
956
     1,
957
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
958
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
959
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
960
     SSL_kECDHE,
961
     SSL_aECDSA,
962
     SSL_AES128CCM8,
963
     SSL_AEAD,
964
     TLS1_2_VERSION, TLS1_2_VERSION,
965
     DTLS1_2_VERSION, DTLS1_2_VERSION,
966
     SSL_NOT_DEFAULT | SSL_MEDIUM,
967
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
968
     64, /* CCM8 uses a short tag, so we have a low security strength */
969
     128,
970
     },
971
    {
972
     1,
973
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
974
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
975
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
976
     SSL_kECDHE,
977
     SSL_aECDSA,
978
     SSL_AES256CCM8,
979
     SSL_AEAD,
980
     TLS1_2_VERSION, TLS1_2_VERSION,
981
     DTLS1_2_VERSION, DTLS1_2_VERSION,
982
     SSL_NOT_DEFAULT | SSL_MEDIUM,
983
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
984
     64, /* CCM8 uses a short tag, so we have a low security strength */
985
     256,
986
     },
987
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
988
    {
989
     1,
990
     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
991
     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
992
     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
993
     SSL_kECDHE,
994
     SSL_aECDSA,
995
     SSL_eNULL,
996
     SSL_SHA1,
997
     TLS1_VERSION, TLS1_2_VERSION,
998
     DTLS1_BAD_VER, DTLS1_2_VERSION,
999
     SSL_STRONG_NONE | SSL_FIPS,
1000
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1001
     0,
1002
     0,
1003
     },
1004
#endif
1005
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1006
    {
1007
     1,
1008
     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1009
     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1010
     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1011
     SSL_kECDHE,
1012
     SSL_aECDSA,
1013
     SSL_3DES,
1014
     SSL_SHA1,
1015
     TLS1_VERSION, TLS1_2_VERSION,
1016
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1017
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1018
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1019
     112,
1020
     168,
1021
     },
1022
# endif
1023
    {
1024
     1,
1025
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1026
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1027
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1028
     SSL_kECDHE,
1029
     SSL_aECDSA,
1030
     SSL_AES128,
1031
     SSL_SHA1,
1032
     TLS1_VERSION, TLS1_2_VERSION,
1033
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1034
     SSL_HIGH | SSL_FIPS,
1035
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1036
     128,
1037
     128,
1038
     },
1039
    {
1040
     1,
1041
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1042
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1043
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1044
     SSL_kECDHE,
1045
     SSL_aECDSA,
1046
     SSL_AES256,
1047
     SSL_SHA1,
1048
     TLS1_VERSION, TLS1_2_VERSION,
1049
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1050
     SSL_HIGH | SSL_FIPS,
1051
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1052
     256,
1053
     256,
1054
     },
1055
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1056
    {
1057
     1,
1058
     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1059
     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1060
     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1061
     SSL_kECDHE,
1062
     SSL_aRSA,
1063
     SSL_eNULL,
1064
     SSL_SHA1,
1065
     TLS1_VERSION, TLS1_2_VERSION,
1066
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1067
     SSL_STRONG_NONE | SSL_FIPS,
1068
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1069
     0,
1070
     0,
1071
     },
1072
#endif
1073
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1074
    {
1075
     1,
1076
     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1077
     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1078
     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1079
     SSL_kECDHE,
1080
     SSL_aRSA,
1081
     SSL_3DES,
1082
     SSL_SHA1,
1083
     TLS1_VERSION, TLS1_2_VERSION,
1084
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1085
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1086
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1087
     112,
1088
     168,
1089
     },
1090
# endif
1091
    {
1092
     1,
1093
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1094
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1095
     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1096
     SSL_kECDHE,
1097
     SSL_aRSA,
1098
     SSL_AES128,
1099
     SSL_SHA1,
1100
     TLS1_VERSION, TLS1_2_VERSION,
1101
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1102
     SSL_HIGH | SSL_FIPS,
1103
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1104
     128,
1105
     128,
1106
     },
1107
    {
1108
     1,
1109
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1110
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1111
     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1112
     SSL_kECDHE,
1113
     SSL_aRSA,
1114
     SSL_AES256,
1115
     SSL_SHA1,
1116
     TLS1_VERSION, TLS1_2_VERSION,
1117
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1118
     SSL_HIGH | SSL_FIPS,
1119
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1120
     256,
1121
     256,
1122
     },
1123
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1124
    {
1125
     1,
1126
     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1127
     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1128
     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1129
     SSL_kECDHE,
1130
     SSL_aNULL,
1131
     SSL_eNULL,
1132
     SSL_SHA1,
1133
     TLS1_VERSION, TLS1_2_VERSION,
1134
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1135
     SSL_STRONG_NONE | SSL_FIPS,
1136
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1137
     0,
1138
     0,
1139
     },
1140
#endif
1141
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1142
    {
1143
     1,
1144
     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1145
     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1146
     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1147
     SSL_kECDHE,
1148
     SSL_aNULL,
1149
     SSL_3DES,
1150
     SSL_SHA1,
1151
     TLS1_VERSION, TLS1_2_VERSION,
1152
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1153
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1154
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1155
     112,
1156
     168,
1157
     },
1158
# endif
1159
    {
1160
     1,
1161
     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1162
     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1163
     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1164
     SSL_kECDHE,
1165
     SSL_aNULL,
1166
     SSL_AES128,
1167
     SSL_SHA1,
1168
     TLS1_VERSION, TLS1_2_VERSION,
1169
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1170
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1171
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1172
     128,
1173
     128,
1174
     },
1175
    {
1176
     1,
1177
     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1178
     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1179
     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1180
     SSL_kECDHE,
1181
     SSL_aNULL,
1182
     SSL_AES256,
1183
     SSL_SHA1,
1184
     TLS1_VERSION, TLS1_2_VERSION,
1185
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1186
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1187
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1188
     256,
1189
     256,
1190
     },
1191
    {
1192
     1,
1193
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1194
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1195
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1196
     SSL_kECDHE,
1197
     SSL_aECDSA,
1198
     SSL_AES128,
1199
     SSL_SHA256,
1200
     TLS1_2_VERSION, TLS1_2_VERSION,
1201
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1202
     SSL_HIGH | SSL_FIPS,
1203
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1204
     128,
1205
     128,
1206
     },
1207
    {
1208
     1,
1209
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1210
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1211
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1212
     SSL_kECDHE,
1213
     SSL_aECDSA,
1214
     SSL_AES256,
1215
     SSL_SHA384,
1216
     TLS1_2_VERSION, TLS1_2_VERSION,
1217
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1218
     SSL_HIGH | SSL_FIPS,
1219
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1220
     256,
1221
     256,
1222
     },
1223
    {
1224
     1,
1225
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1226
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1227
     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1228
     SSL_kECDHE,
1229
     SSL_aRSA,
1230
     SSL_AES128,
1231
     SSL_SHA256,
1232
     TLS1_2_VERSION, TLS1_2_VERSION,
1233
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1234
     SSL_HIGH | SSL_FIPS,
1235
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1236
     128,
1237
     128,
1238
     },
1239
    {
1240
     1,
1241
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1242
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1243
     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1244
     SSL_kECDHE,
1245
     SSL_aRSA,
1246
     SSL_AES256,
1247
     SSL_SHA384,
1248
     TLS1_2_VERSION, TLS1_2_VERSION,
1249
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1250
     SSL_HIGH | SSL_FIPS,
1251
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1252
     256,
1253
     256,
1254
     },
1255
    {
1256
     1,
1257
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1258
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1259
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1260
     SSL_kECDHE,
1261
     SSL_aECDSA,
1262
     SSL_AES128GCM,
1263
     SSL_AEAD,
1264
     TLS1_2_VERSION, TLS1_2_VERSION,
1265
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1266
     SSL_HIGH | SSL_FIPS,
1267
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1268
     128,
1269
     128,
1270
     },
1271
    {
1272
     1,
1273
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1274
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1275
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1276
     SSL_kECDHE,
1277
     SSL_aECDSA,
1278
     SSL_AES256GCM,
1279
     SSL_AEAD,
1280
     TLS1_2_VERSION, TLS1_2_VERSION,
1281
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1282
     SSL_HIGH | SSL_FIPS,
1283
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1284
     256,
1285
     256,
1286
     },
1287
    {
1288
     1,
1289
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1290
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1291
     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1292
     SSL_kECDHE,
1293
     SSL_aRSA,
1294
     SSL_AES128GCM,
1295
     SSL_AEAD,
1296
     TLS1_2_VERSION, TLS1_2_VERSION,
1297
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1298
     SSL_HIGH | SSL_FIPS,
1299
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1300
     128,
1301
     128,
1302
     },
1303
    {
1304
     1,
1305
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1306
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1307
     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1308
     SSL_kECDHE,
1309
     SSL_aRSA,
1310
     SSL_AES256GCM,
1311
     SSL_AEAD,
1312
     TLS1_2_VERSION, TLS1_2_VERSION,
1313
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1314
     SSL_HIGH | SSL_FIPS,
1315
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1316
     256,
1317
     256,
1318
     },
1319
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1320
    {
1321
     1,
1322
     TLS1_TXT_PSK_WITH_NULL_SHA,
1323
     TLS1_RFC_PSK_WITH_NULL_SHA,
1324
     TLS1_CK_PSK_WITH_NULL_SHA,
1325
     SSL_kPSK,
1326
     SSL_aPSK,
1327
     SSL_eNULL,
1328
     SSL_SHA1,
1329
     SSL3_VERSION, TLS1_2_VERSION,
1330
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1331
     SSL_STRONG_NONE | SSL_FIPS,
1332
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1333
     0,
1334
     0,
1335
     },
1336
    {
1337
     1,
1338
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1339
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1340
     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1341
     SSL_kDHEPSK,
1342
     SSL_aPSK,
1343
     SSL_eNULL,
1344
     SSL_SHA1,
1345
     SSL3_VERSION, TLS1_2_VERSION,
1346
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1347
     SSL_STRONG_NONE | SSL_FIPS,
1348
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1349
     0,
1350
     0,
1351
     },
1352
    {
1353
     1,
1354
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1355
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1356
     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1357
     SSL_kRSAPSK,
1358
     SSL_aRSA,
1359
     SSL_eNULL,
1360
     SSL_SHA1,
1361
     SSL3_VERSION, TLS1_2_VERSION,
1362
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1363
     SSL_STRONG_NONE | SSL_FIPS,
1364
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1365
     0,
1366
     0,
1367
     },
1368
#endif
1369
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1370
    {
1371
     1,
1372
     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1373
     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1374
     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1375
     SSL_kPSK,
1376
     SSL_aPSK,
1377
     SSL_3DES,
1378
     SSL_SHA1,
1379
     SSL3_VERSION, TLS1_2_VERSION,
1380
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1381
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1382
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1383
     112,
1384
     168,
1385
     },
1386
# endif
1387
    {
1388
     1,
1389
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1390
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1391
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1392
     SSL_kPSK,
1393
     SSL_aPSK,
1394
     SSL_AES128,
1395
     SSL_SHA1,
1396
     SSL3_VERSION, TLS1_2_VERSION,
1397
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1398
     SSL_HIGH | SSL_FIPS,
1399
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1400
     128,
1401
     128,
1402
     },
1403
    {
1404
     1,
1405
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1406
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1407
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1408
     SSL_kPSK,
1409
     SSL_aPSK,
1410
     SSL_AES256,
1411
     SSL_SHA1,
1412
     SSL3_VERSION, TLS1_2_VERSION,
1413
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1414
     SSL_HIGH | SSL_FIPS,
1415
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1416
     256,
1417
     256,
1418
     },
1419
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1420
    {
1421
     1,
1422
     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1423
     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1424
     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1425
     SSL_kDHEPSK,
1426
     SSL_aPSK,
1427
     SSL_3DES,
1428
     SSL_SHA1,
1429
     SSL3_VERSION, TLS1_2_VERSION,
1430
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1431
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1432
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1433
     112,
1434
     168,
1435
     },
1436
# endif
1437
    {
1438
     1,
1439
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1440
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1441
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1442
     SSL_kDHEPSK,
1443
     SSL_aPSK,
1444
     SSL_AES128,
1445
     SSL_SHA1,
1446
     SSL3_VERSION, TLS1_2_VERSION,
1447
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1448
     SSL_HIGH | SSL_FIPS,
1449
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1450
     128,
1451
     128,
1452
     },
1453
    {
1454
     1,
1455
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1456
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1457
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1458
     SSL_kDHEPSK,
1459
     SSL_aPSK,
1460
     SSL_AES256,
1461
     SSL_SHA1,
1462
     SSL3_VERSION, TLS1_2_VERSION,
1463
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1464
     SSL_HIGH | SSL_FIPS,
1465
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1466
     256,
1467
     256,
1468
     },
1469
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1470
    {
1471
     1,
1472
     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1473
     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1474
     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1475
     SSL_kRSAPSK,
1476
     SSL_aRSA,
1477
     SSL_3DES,
1478
     SSL_SHA1,
1479
     SSL3_VERSION, TLS1_2_VERSION,
1480
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1481
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1482
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1483
     112,
1484
     168,
1485
     },
1486
# endif
1487
    {
1488
     1,
1489
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1490
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1491
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1492
     SSL_kRSAPSK,
1493
     SSL_aRSA,
1494
     SSL_AES128,
1495
     SSL_SHA1,
1496
     SSL3_VERSION, TLS1_2_VERSION,
1497
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1498
     SSL_HIGH | SSL_FIPS,
1499
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1500
     128,
1501
     128,
1502
     },
1503
    {
1504
     1,
1505
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1506
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1507
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1508
     SSL_kRSAPSK,
1509
     SSL_aRSA,
1510
     SSL_AES256,
1511
     SSL_SHA1,
1512
     SSL3_VERSION, TLS1_2_VERSION,
1513
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1514
     SSL_HIGH | SSL_FIPS,
1515
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1516
     256,
1517
     256,
1518
     },
1519
    {
1520
     1,
1521
     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1522
     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1523
     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1524
     SSL_kPSK,
1525
     SSL_aPSK,
1526
     SSL_AES128GCM,
1527
     SSL_AEAD,
1528
     TLS1_2_VERSION, TLS1_2_VERSION,
1529
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1530
     SSL_HIGH | SSL_FIPS,
1531
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1532
     128,
1533
     128,
1534
     },
1535
    {
1536
     1,
1537
     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1538
     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1539
     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1540
     SSL_kPSK,
1541
     SSL_aPSK,
1542
     SSL_AES256GCM,
1543
     SSL_AEAD,
1544
     TLS1_2_VERSION, TLS1_2_VERSION,
1545
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1546
     SSL_HIGH | SSL_FIPS,
1547
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1548
     256,
1549
     256,
1550
     },
1551
    {
1552
     1,
1553
     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1554
     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1555
     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1556
     SSL_kDHEPSK,
1557
     SSL_aPSK,
1558
     SSL_AES128GCM,
1559
     SSL_AEAD,
1560
     TLS1_2_VERSION, TLS1_2_VERSION,
1561
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1562
     SSL_HIGH | SSL_FIPS,
1563
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1564
     128,
1565
     128,
1566
     },
1567
    {
1568
     1,
1569
     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1570
     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1571
     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1572
     SSL_kDHEPSK,
1573
     SSL_aPSK,
1574
     SSL_AES256GCM,
1575
     SSL_AEAD,
1576
     TLS1_2_VERSION, TLS1_2_VERSION,
1577
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1578
     SSL_HIGH | SSL_FIPS,
1579
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1580
     256,
1581
     256,
1582
     },
1583
    {
1584
     1,
1585
     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1586
     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1587
     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1588
     SSL_kRSAPSK,
1589
     SSL_aRSA,
1590
     SSL_AES128GCM,
1591
     SSL_AEAD,
1592
     TLS1_2_VERSION, TLS1_2_VERSION,
1593
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1594
     SSL_HIGH | SSL_FIPS,
1595
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1596
     128,
1597
     128,
1598
     },
1599
    {
1600
     1,
1601
     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1602
     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1603
     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1604
     SSL_kRSAPSK,
1605
     SSL_aRSA,
1606
     SSL_AES256GCM,
1607
     SSL_AEAD,
1608
     TLS1_2_VERSION, TLS1_2_VERSION,
1609
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1610
     SSL_HIGH | SSL_FIPS,
1611
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1612
     256,
1613
     256,
1614
     },
1615
    {
1616
     1,
1617
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1618
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1619
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1620
     SSL_kPSK,
1621
     SSL_aPSK,
1622
     SSL_AES128,
1623
     SSL_SHA256,
1624
     TLS1_VERSION, TLS1_2_VERSION,
1625
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1626
     SSL_HIGH | SSL_FIPS,
1627
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1628
     128,
1629
     128,
1630
     },
1631
    {
1632
     1,
1633
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1634
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1635
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1636
     SSL_kPSK,
1637
     SSL_aPSK,
1638
     SSL_AES256,
1639
     SSL_SHA384,
1640
     TLS1_VERSION, TLS1_2_VERSION,
1641
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1642
     SSL_HIGH | SSL_FIPS,
1643
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1644
     256,
1645
     256,
1646
     },
1647
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1648
    {
1649
     1,
1650
     TLS1_TXT_PSK_WITH_NULL_SHA256,
1651
     TLS1_RFC_PSK_WITH_NULL_SHA256,
1652
     TLS1_CK_PSK_WITH_NULL_SHA256,
1653
     SSL_kPSK,
1654
     SSL_aPSK,
1655
     SSL_eNULL,
1656
     SSL_SHA256,
1657
     TLS1_VERSION, TLS1_2_VERSION,
1658
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1659
     SSL_STRONG_NONE | SSL_FIPS,
1660
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1661
     0,
1662
     0,
1663
     },
1664
    {
1665
     1,
1666
     TLS1_TXT_PSK_WITH_NULL_SHA384,
1667
     TLS1_RFC_PSK_WITH_NULL_SHA384,
1668
     TLS1_CK_PSK_WITH_NULL_SHA384,
1669
     SSL_kPSK,
1670
     SSL_aPSK,
1671
     SSL_eNULL,
1672
     SSL_SHA384,
1673
     TLS1_VERSION, TLS1_2_VERSION,
1674
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1675
     SSL_STRONG_NONE | SSL_FIPS,
1676
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1677
     0,
1678
     0,
1679
     },
1680
#endif
1681
    {
1682
     1,
1683
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1684
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1685
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1686
     SSL_kDHEPSK,
1687
     SSL_aPSK,
1688
     SSL_AES128,
1689
     SSL_SHA256,
1690
     TLS1_VERSION, TLS1_2_VERSION,
1691
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1692
     SSL_HIGH | SSL_FIPS,
1693
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1694
     128,
1695
     128,
1696
     },
1697
    {
1698
     1,
1699
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1700
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1701
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1702
     SSL_kDHEPSK,
1703
     SSL_aPSK,
1704
     SSL_AES256,
1705
     SSL_SHA384,
1706
     TLS1_VERSION, TLS1_2_VERSION,
1707
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1708
     SSL_HIGH | SSL_FIPS,
1709
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1710
     256,
1711
     256,
1712
     },
1713
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1714
    {
1715
     1,
1716
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1717
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1718
     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1719
     SSL_kDHEPSK,
1720
     SSL_aPSK,
1721
     SSL_eNULL,
1722
     SSL_SHA256,
1723
     TLS1_VERSION, TLS1_2_VERSION,
1724
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1725
     SSL_STRONG_NONE | SSL_FIPS,
1726
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1727
     0,
1728
     0,
1729
     },
1730
    {
1731
     1,
1732
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1733
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1734
     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1735
     SSL_kDHEPSK,
1736
     SSL_aPSK,
1737
     SSL_eNULL,
1738
     SSL_SHA384,
1739
     TLS1_VERSION, TLS1_2_VERSION,
1740
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1741
     SSL_STRONG_NONE | SSL_FIPS,
1742
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1743
     0,
1744
     0,
1745
     },
1746
#endif
1747
    {
1748
     1,
1749
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1750
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1751
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1752
     SSL_kRSAPSK,
1753
     SSL_aRSA,
1754
     SSL_AES128,
1755
     SSL_SHA256,
1756
     TLS1_VERSION, TLS1_2_VERSION,
1757
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1758
     SSL_HIGH | SSL_FIPS,
1759
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1760
     128,
1761
     128,
1762
     },
1763
    {
1764
     1,
1765
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1766
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1767
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1768
     SSL_kRSAPSK,
1769
     SSL_aRSA,
1770
     SSL_AES256,
1771
     SSL_SHA384,
1772
     TLS1_VERSION, TLS1_2_VERSION,
1773
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1774
     SSL_HIGH | SSL_FIPS,
1775
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1776
     256,
1777
     256,
1778
     },
1779
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1780
    {
1781
     1,
1782
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1783
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1784
     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1785
     SSL_kRSAPSK,
1786
     SSL_aRSA,
1787
     SSL_eNULL,
1788
     SSL_SHA256,
1789
     TLS1_VERSION, TLS1_2_VERSION,
1790
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1791
     SSL_STRONG_NONE | SSL_FIPS,
1792
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1793
     0,
1794
     0,
1795
     },
1796
    {
1797
     1,
1798
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1799
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1800
     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1801
     SSL_kRSAPSK,
1802
     SSL_aRSA,
1803
     SSL_eNULL,
1804
     SSL_SHA384,
1805
     TLS1_VERSION, TLS1_2_VERSION,
1806
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1807
     SSL_STRONG_NONE | SSL_FIPS,
1808
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1809
     0,
1810
     0,
1811
     },
1812
#endif
1813
#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1814
    {
1815
     1,
1816
     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1817
     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1818
     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1819
     SSL_kECDHEPSK,
1820
     SSL_aPSK,
1821
     SSL_3DES,
1822
     SSL_SHA1,
1823
     TLS1_VERSION, TLS1_2_VERSION,
1824
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1825
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1826
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1827
     112,
1828
     168,
1829
     },
1830
#  endif
1831
    {
1832
     1,
1833
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1834
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1835
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1836
     SSL_kECDHEPSK,
1837
     SSL_aPSK,
1838
     SSL_AES128,
1839
     SSL_SHA1,
1840
     TLS1_VERSION, TLS1_2_VERSION,
1841
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1842
     SSL_HIGH | SSL_FIPS,
1843
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1844
     128,
1845
     128,
1846
     },
1847
    {
1848
     1,
1849
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1850
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1851
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1852
     SSL_kECDHEPSK,
1853
     SSL_aPSK,
1854
     SSL_AES256,
1855
     SSL_SHA1,
1856
     TLS1_VERSION, TLS1_2_VERSION,
1857
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1858
     SSL_HIGH | SSL_FIPS,
1859
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1860
     256,
1861
     256,
1862
     },
1863
    {
1864
     1,
1865
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1866
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1867
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1868
     SSL_kECDHEPSK,
1869
     SSL_aPSK,
1870
     SSL_AES128,
1871
     SSL_SHA256,
1872
     TLS1_VERSION, TLS1_2_VERSION,
1873
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1874
     SSL_HIGH | SSL_FIPS,
1875
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1876
     128,
1877
     128,
1878
     },
1879
    {
1880
     1,
1881
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1882
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1883
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1884
     SSL_kECDHEPSK,
1885
     SSL_aPSK,
1886
     SSL_AES256,
1887
     SSL_SHA384,
1888
     TLS1_VERSION, TLS1_2_VERSION,
1889
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1890
     SSL_HIGH | SSL_FIPS,
1891
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1892
     256,
1893
     256,
1894
     },
1895
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1896
    {
1897
     1,
1898
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1899
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1900
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1901
     SSL_kECDHEPSK,
1902
     SSL_aPSK,
1903
     SSL_eNULL,
1904
     SSL_SHA1,
1905
     TLS1_VERSION, TLS1_2_VERSION,
1906
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1907
     SSL_STRONG_NONE | SSL_FIPS,
1908
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1909
     0,
1910
     0,
1911
     },
1912
    {
1913
     1,
1914
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1915
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1916
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1917
     SSL_kECDHEPSK,
1918
     SSL_aPSK,
1919
     SSL_eNULL,
1920
     SSL_SHA256,
1921
     TLS1_VERSION, TLS1_2_VERSION,
1922
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1923
     SSL_STRONG_NONE | SSL_FIPS,
1924
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1925
     0,
1926
     0,
1927
     },
1928
    {
1929
     1,
1930
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1931
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1932
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1933
     SSL_kECDHEPSK,
1934
     SSL_aPSK,
1935
     SSL_eNULL,
1936
     SSL_SHA384,
1937
     TLS1_VERSION, TLS1_2_VERSION,
1938
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1939
     SSL_STRONG_NONE | SSL_FIPS,
1940
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1941
     0,
1942
     0,
1943
     },
1944
#endif
1945
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1946
    {
1947
     1,
1948
     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1949
     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1950
     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1951
     SSL_kSRP,
1952
     SSL_aSRP,
1953
     SSL_3DES,
1954
     SSL_SHA1,
1955
     SSL3_VERSION, TLS1_2_VERSION,
1956
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1957
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1958
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1959
     112,
1960
     168,
1961
     },
1962
    {
1963
     1,
1964
     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1965
     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1966
     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1967
     SSL_kSRP,
1968
     SSL_aRSA,
1969
     SSL_3DES,
1970
     SSL_SHA1,
1971
     SSL3_VERSION, TLS1_2_VERSION,
1972
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1973
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1974
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1975
     112,
1976
     168,
1977
     },
1978
    {
1979
     1,
1980
     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1981
     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1982
     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1983
     SSL_kSRP,
1984
     SSL_aDSS,
1985
     SSL_3DES,
1986
     SSL_SHA1,
1987
     SSL3_VERSION, TLS1_2_VERSION,
1988
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1989
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1990
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1991
     112,
1992
     168,
1993
     },
1994
# endif
1995
    {
1996
     1,
1997
     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1998
     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1999
     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2000
     SSL_kSRP,
2001
     SSL_aSRP,
2002
     SSL_AES128,
2003
     SSL_SHA1,
2004
     SSL3_VERSION, TLS1_2_VERSION,
2005
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2006
     SSL_HIGH,
2007
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2008
     128,
2009
     128,
2010
     },
2011
    {
2012
     1,
2013
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2014
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2015
     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2016
     SSL_kSRP,
2017
     SSL_aRSA,
2018
     SSL_AES128,
2019
     SSL_SHA1,
2020
     SSL3_VERSION, TLS1_2_VERSION,
2021
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2022
     SSL_HIGH,
2023
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2024
     128,
2025
     128,
2026
     },
2027
    {
2028
     1,
2029
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2030
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2031
     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2032
     SSL_kSRP,
2033
     SSL_aDSS,
2034
     SSL_AES128,
2035
     SSL_SHA1,
2036
     SSL3_VERSION, TLS1_2_VERSION,
2037
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2038
     SSL_NOT_DEFAULT | SSL_HIGH,
2039
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2040
     128,
2041
     128,
2042
     },
2043
    {
2044
     1,
2045
     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2046
     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2047
     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2048
     SSL_kSRP,
2049
     SSL_aSRP,
2050
     SSL_AES256,
2051
     SSL_SHA1,
2052
     SSL3_VERSION, TLS1_2_VERSION,
2053
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2054
     SSL_HIGH,
2055
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2056
     256,
2057
     256,
2058
     },
2059
    {
2060
     1,
2061
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2062
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2063
     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2064
     SSL_kSRP,
2065
     SSL_aRSA,
2066
     SSL_AES256,
2067
     SSL_SHA1,
2068
     SSL3_VERSION, TLS1_2_VERSION,
2069
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2070
     SSL_HIGH,
2071
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2072
     256,
2073
     256,
2074
     },
2075
    {
2076
     1,
2077
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2078
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2079
     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2080
     SSL_kSRP,
2081
     SSL_aDSS,
2082
     SSL_AES256,
2083
     SSL_SHA1,
2084
     SSL3_VERSION, TLS1_2_VERSION,
2085
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2086
     SSL_NOT_DEFAULT | SSL_HIGH,
2087
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2088
     256,
2089
     256,
2090
     },
2091
2092
    {
2093
     1,
2094
     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2095
     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2096
     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2097
     SSL_kDHE,
2098
     SSL_aRSA,
2099
     SSL_CHACHA20POLY1305,
2100
     SSL_AEAD,
2101
     TLS1_2_VERSION, TLS1_2_VERSION,
2102
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2103
     SSL_HIGH,
2104
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2105
     256,
2106
     256,
2107
     },
2108
    {
2109
     1,
2110
     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2111
     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2112
     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2113
     SSL_kECDHE,
2114
     SSL_aRSA,
2115
     SSL_CHACHA20POLY1305,
2116
     SSL_AEAD,
2117
     TLS1_2_VERSION, TLS1_2_VERSION,
2118
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2119
     SSL_HIGH,
2120
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2121
     256,
2122
     256,
2123
     },
2124
    {
2125
     1,
2126
     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2127
     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2128
     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2129
     SSL_kECDHE,
2130
     SSL_aECDSA,
2131
     SSL_CHACHA20POLY1305,
2132
     SSL_AEAD,
2133
     TLS1_2_VERSION, TLS1_2_VERSION,
2134
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2135
     SSL_HIGH,
2136
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2137
     256,
2138
     256,
2139
     },
2140
    {
2141
     1,
2142
     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2143
     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2144
     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2145
     SSL_kPSK,
2146
     SSL_aPSK,
2147
     SSL_CHACHA20POLY1305,
2148
     SSL_AEAD,
2149
     TLS1_2_VERSION, TLS1_2_VERSION,
2150
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2151
     SSL_HIGH,
2152
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2153
     256,
2154
     256,
2155
     },
2156
    {
2157
     1,
2158
     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2159
     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2160
     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2161
     SSL_kECDHEPSK,
2162
     SSL_aPSK,
2163
     SSL_CHACHA20POLY1305,
2164
     SSL_AEAD,
2165
     TLS1_2_VERSION, TLS1_2_VERSION,
2166
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2167
     SSL_HIGH,
2168
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2169
     256,
2170
     256,
2171
     },
2172
    {
2173
     1,
2174
     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2175
     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2176
     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2177
     SSL_kDHEPSK,
2178
     SSL_aPSK,
2179
     SSL_CHACHA20POLY1305,
2180
     SSL_AEAD,
2181
     TLS1_2_VERSION, TLS1_2_VERSION,
2182
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2183
     SSL_HIGH,
2184
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2185
     256,
2186
     256,
2187
     },
2188
    {
2189
     1,
2190
     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2191
     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2192
     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2193
     SSL_kRSAPSK,
2194
     SSL_aRSA,
2195
     SSL_CHACHA20POLY1305,
2196
     SSL_AEAD,
2197
     TLS1_2_VERSION, TLS1_2_VERSION,
2198
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2199
     SSL_HIGH,
2200
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2201
     256,
2202
     256,
2203
     },
2204
2205
    {
2206
     1,
2207
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2208
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2209
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2210
     SSL_kRSA,
2211
     SSL_aRSA,
2212
     SSL_CAMELLIA128,
2213
     SSL_SHA256,
2214
     TLS1_2_VERSION, TLS1_2_VERSION,
2215
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2216
     SSL_NOT_DEFAULT | SSL_HIGH,
2217
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2218
     128,
2219
     128,
2220
     },
2221
    {
2222
     1,
2223
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2224
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2225
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2226
     SSL_kDHE,
2227
     SSL_aDSS,
2228
     SSL_CAMELLIA128,
2229
     SSL_SHA256,
2230
     TLS1_2_VERSION, TLS1_2_VERSION,
2231
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2232
     SSL_NOT_DEFAULT | SSL_HIGH,
2233
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2234
     128,
2235
     128,
2236
     },
2237
    {
2238
     1,
2239
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2240
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2241
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2242
     SSL_kDHE,
2243
     SSL_aRSA,
2244
     SSL_CAMELLIA128,
2245
     SSL_SHA256,
2246
     TLS1_2_VERSION, TLS1_2_VERSION,
2247
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2248
     SSL_NOT_DEFAULT | SSL_HIGH,
2249
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2250
     128,
2251
     128,
2252
     },
2253
    {
2254
     1,
2255
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2256
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2257
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2258
     SSL_kDHE,
2259
     SSL_aNULL,
2260
     SSL_CAMELLIA128,
2261
     SSL_SHA256,
2262
     TLS1_2_VERSION, TLS1_2_VERSION,
2263
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2264
     SSL_NOT_DEFAULT | SSL_HIGH,
2265
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2266
     128,
2267
     128,
2268
     },
2269
    {
2270
     1,
2271
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2272
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2273
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2274
     SSL_kRSA,
2275
     SSL_aRSA,
2276
     SSL_CAMELLIA256,
2277
     SSL_SHA256,
2278
     TLS1_2_VERSION, TLS1_2_VERSION,
2279
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2280
     SSL_NOT_DEFAULT | SSL_HIGH,
2281
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2282
     256,
2283
     256,
2284
     },
2285
    {
2286
     1,
2287
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2288
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2289
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2290
     SSL_kDHE,
2291
     SSL_aDSS,
2292
     SSL_CAMELLIA256,
2293
     SSL_SHA256,
2294
     TLS1_2_VERSION, TLS1_2_VERSION,
2295
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2296
     SSL_NOT_DEFAULT | SSL_HIGH,
2297
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2298
     256,
2299
     256,
2300
     },
2301
    {
2302
     1,
2303
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2304
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2305
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2306
     SSL_kDHE,
2307
     SSL_aRSA,
2308
     SSL_CAMELLIA256,
2309
     SSL_SHA256,
2310
     TLS1_2_VERSION, TLS1_2_VERSION,
2311
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2312
     SSL_NOT_DEFAULT | SSL_HIGH,
2313
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2314
     256,
2315
     256,
2316
     },
2317
    {
2318
     1,
2319
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2320
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2321
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2322
     SSL_kDHE,
2323
     SSL_aNULL,
2324
     SSL_CAMELLIA256,
2325
     SSL_SHA256,
2326
     TLS1_2_VERSION, TLS1_2_VERSION,
2327
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2328
     SSL_NOT_DEFAULT | SSL_HIGH,
2329
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2330
     256,
2331
     256,
2332
     },
2333
    {
2334
     1,
2335
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2336
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2337
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2338
     SSL_kRSA,
2339
     SSL_aRSA,
2340
     SSL_CAMELLIA256,
2341
     SSL_SHA1,
2342
     SSL3_VERSION, TLS1_2_VERSION,
2343
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2344
     SSL_NOT_DEFAULT | SSL_HIGH,
2345
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2346
     256,
2347
     256,
2348
     },
2349
    {
2350
     1,
2351
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2352
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2353
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2354
     SSL_kDHE,
2355
     SSL_aDSS,
2356
     SSL_CAMELLIA256,
2357
     SSL_SHA1,
2358
     SSL3_VERSION, TLS1_2_VERSION,
2359
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2360
     SSL_NOT_DEFAULT | SSL_HIGH,
2361
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2362
     256,
2363
     256,
2364
     },
2365
    {
2366
     1,
2367
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2368
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2369
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2370
     SSL_kDHE,
2371
     SSL_aRSA,
2372
     SSL_CAMELLIA256,
2373
     SSL_SHA1,
2374
     SSL3_VERSION, TLS1_2_VERSION,
2375
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2376
     SSL_NOT_DEFAULT | SSL_HIGH,
2377
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2378
     256,
2379
     256,
2380
     },
2381
    {
2382
     1,
2383
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2384
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2385
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2386
     SSL_kDHE,
2387
     SSL_aNULL,
2388
     SSL_CAMELLIA256,
2389
     SSL_SHA1,
2390
     SSL3_VERSION, TLS1_2_VERSION,
2391
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2392
     SSL_NOT_DEFAULT | SSL_HIGH,
2393
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2394
     256,
2395
     256,
2396
     },
2397
    {
2398
     1,
2399
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2400
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2401
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2402
     SSL_kRSA,
2403
     SSL_aRSA,
2404
     SSL_CAMELLIA128,
2405
     SSL_SHA1,
2406
     SSL3_VERSION, TLS1_2_VERSION,
2407
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2408
     SSL_NOT_DEFAULT | SSL_HIGH,
2409
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2410
     128,
2411
     128,
2412
     },
2413
    {
2414
     1,
2415
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2416
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2417
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2418
     SSL_kDHE,
2419
     SSL_aDSS,
2420
     SSL_CAMELLIA128,
2421
     SSL_SHA1,
2422
     SSL3_VERSION, TLS1_2_VERSION,
2423
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2424
     SSL_NOT_DEFAULT | SSL_HIGH,
2425
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2426
     128,
2427
     128,
2428
     },
2429
    {
2430
     1,
2431
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2432
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2433
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2434
     SSL_kDHE,
2435
     SSL_aRSA,
2436
     SSL_CAMELLIA128,
2437
     SSL_SHA1,
2438
     SSL3_VERSION, TLS1_2_VERSION,
2439
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2440
     SSL_NOT_DEFAULT | SSL_HIGH,
2441
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2442
     128,
2443
     128,
2444
     },
2445
    {
2446
     1,
2447
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2448
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2449
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2450
     SSL_kDHE,
2451
     SSL_aNULL,
2452
     SSL_CAMELLIA128,
2453
     SSL_SHA1,
2454
     SSL3_VERSION, TLS1_2_VERSION,
2455
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2456
     SSL_NOT_DEFAULT | SSL_HIGH,
2457
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2458
     128,
2459
     128,
2460
     },
2461
    {
2462
     1,
2463
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2464
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2465
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2466
     SSL_kECDHE,
2467
     SSL_aECDSA,
2468
     SSL_CAMELLIA128,
2469
     SSL_SHA256,
2470
     TLS1_2_VERSION, TLS1_2_VERSION,
2471
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2472
     SSL_NOT_DEFAULT | SSL_HIGH,
2473
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2474
     128,
2475
     128,
2476
     },
2477
    {
2478
     1,
2479
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2480
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2481
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2482
     SSL_kECDHE,
2483
     SSL_aECDSA,
2484
     SSL_CAMELLIA256,
2485
     SSL_SHA384,
2486
     TLS1_2_VERSION, TLS1_2_VERSION,
2487
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2488
     SSL_NOT_DEFAULT | SSL_HIGH,
2489
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2490
     256,
2491
     256,
2492
     },
2493
    {
2494
     1,
2495
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2496
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2497
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2498
     SSL_kECDHE,
2499
     SSL_aRSA,
2500
     SSL_CAMELLIA128,
2501
     SSL_SHA256,
2502
     TLS1_2_VERSION, TLS1_2_VERSION,
2503
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2504
     SSL_NOT_DEFAULT | SSL_HIGH,
2505
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2506
     128,
2507
     128,
2508
     },
2509
    {
2510
     1,
2511
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2512
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2513
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2514
     SSL_kECDHE,
2515
     SSL_aRSA,
2516
     SSL_CAMELLIA256,
2517
     SSL_SHA384,
2518
     TLS1_2_VERSION, TLS1_2_VERSION,
2519
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2520
     SSL_NOT_DEFAULT | SSL_HIGH,
2521
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2522
     256,
2523
     256,
2524
     },
2525
    {
2526
     1,
2527
     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528
     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529
     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2530
     SSL_kPSK,
2531
     SSL_aPSK,
2532
     SSL_CAMELLIA128,
2533
     SSL_SHA256,
2534
     TLS1_VERSION, TLS1_2_VERSION,
2535
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2536
     SSL_NOT_DEFAULT | SSL_HIGH,
2537
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2538
     128,
2539
     128,
2540
     },
2541
    {
2542
     1,
2543
     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544
     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545
     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2546
     SSL_kPSK,
2547
     SSL_aPSK,
2548
     SSL_CAMELLIA256,
2549
     SSL_SHA384,
2550
     TLS1_VERSION, TLS1_2_VERSION,
2551
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2552
     SSL_NOT_DEFAULT | SSL_HIGH,
2553
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2554
     256,
2555
     256,
2556
     },
2557
    {
2558
     1,
2559
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2562
     SSL_kDHEPSK,
2563
     SSL_aPSK,
2564
     SSL_CAMELLIA128,
2565
     SSL_SHA256,
2566
     TLS1_VERSION, TLS1_2_VERSION,
2567
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2568
     SSL_NOT_DEFAULT | SSL_HIGH,
2569
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2570
     128,
2571
     128,
2572
     },
2573
    {
2574
     1,
2575
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2578
     SSL_kDHEPSK,
2579
     SSL_aPSK,
2580
     SSL_CAMELLIA256,
2581
     SSL_SHA384,
2582
     TLS1_VERSION, TLS1_2_VERSION,
2583
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2584
     SSL_NOT_DEFAULT | SSL_HIGH,
2585
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2586
     256,
2587
     256,
2588
     },
2589
    {
2590
     1,
2591
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2594
     SSL_kRSAPSK,
2595
     SSL_aRSA,
2596
     SSL_CAMELLIA128,
2597
     SSL_SHA256,
2598
     TLS1_VERSION, TLS1_2_VERSION,
2599
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2600
     SSL_NOT_DEFAULT | SSL_HIGH,
2601
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2602
     128,
2603
     128,
2604
     },
2605
    {
2606
     1,
2607
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2610
     SSL_kRSAPSK,
2611
     SSL_aRSA,
2612
     SSL_CAMELLIA256,
2613
     SSL_SHA384,
2614
     TLS1_VERSION, TLS1_2_VERSION,
2615
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2616
     SSL_NOT_DEFAULT | SSL_HIGH,
2617
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2618
     256,
2619
     256,
2620
     },
2621
    {
2622
     1,
2623
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2624
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2625
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2626
     SSL_kECDHEPSK,
2627
     SSL_aPSK,
2628
     SSL_CAMELLIA128,
2629
     SSL_SHA256,
2630
     TLS1_VERSION, TLS1_2_VERSION,
2631
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2632
     SSL_NOT_DEFAULT | SSL_HIGH,
2633
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2634
     128,
2635
     128,
2636
     },
2637
    {
2638
     1,
2639
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2640
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2641
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2642
     SSL_kECDHEPSK,
2643
     SSL_aPSK,
2644
     SSL_CAMELLIA256,
2645
     SSL_SHA384,
2646
     TLS1_VERSION, TLS1_2_VERSION,
2647
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2648
     SSL_NOT_DEFAULT | SSL_HIGH,
2649
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2650
     256,
2651
     256,
2652
     },
2653
2654
#ifndef OPENSSL_NO_GOST
2655
    {
2656
     1,
2657
     "GOST2001-GOST89-GOST89",
2658
     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2659
     0x3000081,
2660
     SSL_kGOST,
2661
     SSL_aGOST01,
2662
     SSL_eGOST2814789CNT,
2663
     SSL_GOST89MAC,
2664
     TLS1_VERSION, TLS1_2_VERSION,
2665
     0, 0,
2666
     SSL_HIGH,
2667
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2668
     256,
2669
     256,
2670
     },
2671
# ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2672
    {
2673
     1,
2674
     "GOST2001-NULL-GOST94",
2675
     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2676
     0x3000083,
2677
     SSL_kGOST,
2678
     SSL_aGOST01,
2679
     SSL_eNULL,
2680
     SSL_GOST94,
2681
     TLS1_VERSION, TLS1_2_VERSION,
2682
     0, 0,
2683
     SSL_STRONG_NONE,
2684
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2685
     0,
2686
     0,
2687
     },
2688
# endif
2689
    {
2690
     1,
2691
     "IANA-GOST2012-GOST8912-GOST8912",
2692
     NULL,
2693
     0x0300c102,
2694
     SSL_kGOST,
2695
     SSL_aGOST12 | SSL_aGOST01,
2696
     SSL_eGOST2814789CNT12,
2697
     SSL_GOST89MAC12,
2698
     TLS1_VERSION, TLS1_2_VERSION,
2699
     0, 0,
2700
     SSL_HIGH,
2701
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2702
     256,
2703
     256,
2704
     },
2705
    {
2706
     1,
2707
     "LEGACY-GOST2012-GOST8912-GOST8912",
2708
     NULL,
2709
     0x0300ff85,
2710
     SSL_kGOST,
2711
     SSL_aGOST12 | SSL_aGOST01,
2712
     SSL_eGOST2814789CNT12,
2713
     SSL_GOST89MAC12,
2714
     TLS1_VERSION, TLS1_2_VERSION,
2715
     0, 0,
2716
     SSL_HIGH,
2717
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2718
     256,
2719
     256,
2720
     },
2721
# ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2722
    {
2723
     1,
2724
     "GOST2012-NULL-GOST12",
2725
     NULL,
2726
     0x0300ff87,
2727
     SSL_kGOST,
2728
     SSL_aGOST12 | SSL_aGOST01,
2729
     SSL_eNULL,
2730
     SSL_GOST12_256,
2731
     TLS1_VERSION, TLS1_2_VERSION,
2732
     0, 0,
2733
     SSL_STRONG_NONE,
2734
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2735
     0,
2736
     0,
2737
     },
2738
# endif
2739
    {
2740
     1,
2741
     "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2742
     NULL,
2743
     0x0300C100,
2744
     SSL_kGOST18,
2745
     SSL_aGOST12,
2746
     SSL_KUZNYECHIK,
2747
     SSL_KUZNYECHIKOMAC,
2748
     TLS1_2_VERSION, TLS1_2_VERSION,
2749
     0, 0,
2750
     SSL_HIGH,
2751
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2752
     256,
2753
     256,
2754
     },
2755
    {
2756
     1,
2757
     "GOST2012-MAGMA-MAGMAOMAC",
2758
     NULL,
2759
     0x0300C101,
2760
     SSL_kGOST18,
2761
     SSL_aGOST12,
2762
     SSL_MAGMA,
2763
     SSL_MAGMAOMAC,
2764
     TLS1_2_VERSION, TLS1_2_VERSION,
2765
     0, 0,
2766
     SSL_HIGH,
2767
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2768
     256,
2769
     256,
2770
     },
2771
#endif                          /* OPENSSL_NO_GOST */
2772
2773
    {
2774
     1,
2775
     SSL3_TXT_RSA_IDEA_128_SHA,
2776
     SSL3_RFC_RSA_IDEA_128_SHA,
2777
     SSL3_CK_RSA_IDEA_128_SHA,
2778
     SSL_kRSA,
2779
     SSL_aRSA,
2780
     SSL_IDEA,
2781
     SSL_SHA1,
2782
     SSL3_VERSION, TLS1_1_VERSION,
2783
     DTLS1_BAD_VER, DTLS1_VERSION,
2784
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2785
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2786
     128,
2787
     128,
2788
     },
2789
2790
    {
2791
     1,
2792
     TLS1_TXT_RSA_WITH_SEED_SHA,
2793
     TLS1_RFC_RSA_WITH_SEED_SHA,
2794
     TLS1_CK_RSA_WITH_SEED_SHA,
2795
     SSL_kRSA,
2796
     SSL_aRSA,
2797
     SSL_SEED,
2798
     SSL_SHA1,
2799
     SSL3_VERSION, TLS1_2_VERSION,
2800
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2801
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2802
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2803
     128,
2804
     128,
2805
     },
2806
    {
2807
     1,
2808
     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2809
     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2810
     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2811
     SSL_kDHE,
2812
     SSL_aDSS,
2813
     SSL_SEED,
2814
     SSL_SHA1,
2815
     SSL3_VERSION, TLS1_2_VERSION,
2816
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2817
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2818
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2819
     128,
2820
     128,
2821
     },
2822
    {
2823
     1,
2824
     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2825
     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2826
     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2827
     SSL_kDHE,
2828
     SSL_aRSA,
2829
     SSL_SEED,
2830
     SSL_SHA1,
2831
     SSL3_VERSION, TLS1_2_VERSION,
2832
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2833
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2834
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2835
     128,
2836
     128,
2837
     },
2838
    {
2839
     1,
2840
     TLS1_TXT_ADH_WITH_SEED_SHA,
2841
     TLS1_RFC_ADH_WITH_SEED_SHA,
2842
     TLS1_CK_ADH_WITH_SEED_SHA,
2843
     SSL_kDHE,
2844
     SSL_aNULL,
2845
     SSL_SEED,
2846
     SSL_SHA1,
2847
     SSL3_VERSION, TLS1_2_VERSION,
2848
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2849
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2850
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2851
     128,
2852
     128,
2853
     },
2854
2855
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2856
    {
2857
     1,
2858
     SSL3_TXT_RSA_RC4_128_MD5,
2859
     SSL3_RFC_RSA_RC4_128_MD5,
2860
     SSL3_CK_RSA_RC4_128_MD5,
2861
     SSL_kRSA,
2862
     SSL_aRSA,
2863
     SSL_RC4,
2864
     SSL_MD5,
2865
     SSL3_VERSION, TLS1_2_VERSION,
2866
     0, 0,
2867
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2868
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2869
     80,
2870
     128,
2871
     },
2872
    {
2873
     1,
2874
     SSL3_TXT_RSA_RC4_128_SHA,
2875
     SSL3_RFC_RSA_RC4_128_SHA,
2876
     SSL3_CK_RSA_RC4_128_SHA,
2877
     SSL_kRSA,
2878
     SSL_aRSA,
2879
     SSL_RC4,
2880
     SSL_SHA1,
2881
     SSL3_VERSION, TLS1_2_VERSION,
2882
     0, 0,
2883
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2884
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2885
     80,
2886
     128,
2887
     },
2888
    {
2889
     1,
2890
     SSL3_TXT_ADH_RC4_128_MD5,
2891
     SSL3_RFC_ADH_RC4_128_MD5,
2892
     SSL3_CK_ADH_RC4_128_MD5,
2893
     SSL_kDHE,
2894
     SSL_aNULL,
2895
     SSL_RC4,
2896
     SSL_MD5,
2897
     SSL3_VERSION, TLS1_2_VERSION,
2898
     0, 0,
2899
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2900
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2901
     80,
2902
     128,
2903
     },
2904
    {
2905
     1,
2906
     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2907
     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2908
     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2909
     SSL_kECDHEPSK,
2910
     SSL_aPSK,
2911
     SSL_RC4,
2912
     SSL_SHA1,
2913
     TLS1_VERSION, TLS1_2_VERSION,
2914
     0, 0,
2915
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2916
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2917
     80,
2918
     128,
2919
     },
2920
    {
2921
     1,
2922
     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2923
     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2924
     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2925
     SSL_kECDHE,
2926
     SSL_aNULL,
2927
     SSL_RC4,
2928
     SSL_SHA1,
2929
     TLS1_VERSION, TLS1_2_VERSION,
2930
     0, 0,
2931
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2932
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2933
     80,
2934
     128,
2935
     },
2936
    {
2937
     1,
2938
     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2939
     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2940
     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2941
     SSL_kECDHE,
2942
     SSL_aECDSA,
2943
     SSL_RC4,
2944
     SSL_SHA1,
2945
     TLS1_VERSION, TLS1_2_VERSION,
2946
     0, 0,
2947
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2948
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2949
     80,
2950
     128,
2951
     },
2952
    {
2953
     1,
2954
     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2955
     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2956
     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2957
     SSL_kECDHE,
2958
     SSL_aRSA,
2959
     SSL_RC4,
2960
     SSL_SHA1,
2961
     TLS1_VERSION, TLS1_2_VERSION,
2962
     0, 0,
2963
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2964
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2965
     80,
2966
     128,
2967
     },
2968
    {
2969
     1,
2970
     TLS1_TXT_PSK_WITH_RC4_128_SHA,
2971
     TLS1_RFC_PSK_WITH_RC4_128_SHA,
2972
     TLS1_CK_PSK_WITH_RC4_128_SHA,
2973
     SSL_kPSK,
2974
     SSL_aPSK,
2975
     SSL_RC4,
2976
     SSL_SHA1,
2977
     SSL3_VERSION, TLS1_2_VERSION,
2978
     0, 0,
2979
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2980
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2981
     80,
2982
     128,
2983
     },
2984
    {
2985
     1,
2986
     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2987
     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2988
     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2989
     SSL_kRSAPSK,
2990
     SSL_aRSA,
2991
     SSL_RC4,
2992
     SSL_SHA1,
2993
     SSL3_VERSION, TLS1_2_VERSION,
2994
     0, 0,
2995
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2996
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2997
     80,
2998
     128,
2999
     },
3000
    {
3001
     1,
3002
     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3003
     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3004
     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3005
     SSL_kDHEPSK,
3006
     SSL_aPSK,
3007
     SSL_RC4,
3008
     SSL_SHA1,
3009
     SSL3_VERSION, TLS1_2_VERSION,
3010
     0, 0,
3011
     SSL_NOT_DEFAULT | SSL_MEDIUM,
3012
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3013
     80,
3014
     128,
3015
     },
3016
#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3017
3018
    {
3019
     1,
3020
     TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3021
     TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3022
     TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3023
     SSL_kRSA,
3024
     SSL_aRSA,
3025
     SSL_ARIA128GCM,
3026
     SSL_AEAD,
3027
     TLS1_2_VERSION, TLS1_2_VERSION,
3028
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3029
     SSL_NOT_DEFAULT | SSL_HIGH,
3030
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3031
     128,
3032
     128,
3033
     },
3034
    {
3035
     1,
3036
     TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3037
     TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3038
     TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3039
     SSL_kRSA,
3040
     SSL_aRSA,
3041
     SSL_ARIA256GCM,
3042
     SSL_AEAD,
3043
     TLS1_2_VERSION, TLS1_2_VERSION,
3044
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3045
     SSL_NOT_DEFAULT | SSL_HIGH,
3046
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3047
     256,
3048
     256,
3049
     },
3050
    {
3051
     1,
3052
     TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053
     TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3054
     TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3055
     SSL_kDHE,
3056
     SSL_aRSA,
3057
     SSL_ARIA128GCM,
3058
     SSL_AEAD,
3059
     TLS1_2_VERSION, TLS1_2_VERSION,
3060
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3061
     SSL_NOT_DEFAULT | SSL_HIGH,
3062
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3063
     128,
3064
     128,
3065
     },
3066
    {
3067
     1,
3068
     TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069
     TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3070
     TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3071
     SSL_kDHE,
3072
     SSL_aRSA,
3073
     SSL_ARIA256GCM,
3074
     SSL_AEAD,
3075
     TLS1_2_VERSION, TLS1_2_VERSION,
3076
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3077
     SSL_NOT_DEFAULT | SSL_HIGH,
3078
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3079
     256,
3080
     256,
3081
     },
3082
    {
3083
     1,
3084
     TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3085
     TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3086
     TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3087
     SSL_kDHE,
3088
     SSL_aDSS,
3089
     SSL_ARIA128GCM,
3090
     SSL_AEAD,
3091
     TLS1_2_VERSION, TLS1_2_VERSION,
3092
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3093
     SSL_NOT_DEFAULT | SSL_HIGH,
3094
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3095
     128,
3096
     128,
3097
     },
3098
    {
3099
     1,
3100
     TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3101
     TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3102
     TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3103
     SSL_kDHE,
3104
     SSL_aDSS,
3105
     SSL_ARIA256GCM,
3106
     SSL_AEAD,
3107
     TLS1_2_VERSION, TLS1_2_VERSION,
3108
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3109
     SSL_NOT_DEFAULT | SSL_HIGH,
3110
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3111
     256,
3112
     256,
3113
     },
3114
    {
3115
     1,
3116
     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3117
     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3118
     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3119
     SSL_kECDHE,
3120
     SSL_aECDSA,
3121
     SSL_ARIA128GCM,
3122
     SSL_AEAD,
3123
     TLS1_2_VERSION, TLS1_2_VERSION,
3124
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3125
     SSL_NOT_DEFAULT | SSL_HIGH,
3126
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3127
     128,
3128
     128,
3129
     },
3130
    {
3131
     1,
3132
     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3133
     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3134
     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3135
     SSL_kECDHE,
3136
     SSL_aECDSA,
3137
     SSL_ARIA256GCM,
3138
     SSL_AEAD,
3139
     TLS1_2_VERSION, TLS1_2_VERSION,
3140
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3141
     SSL_NOT_DEFAULT | SSL_HIGH,
3142
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3143
     256,
3144
     256,
3145
     },
3146
    {
3147
     1,
3148
     TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3149
     TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3150
     TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3151
     SSL_kECDHE,
3152
     SSL_aRSA,
3153
     SSL_ARIA128GCM,
3154
     SSL_AEAD,
3155
     TLS1_2_VERSION, TLS1_2_VERSION,
3156
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3157
     SSL_NOT_DEFAULT | SSL_HIGH,
3158
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3159
     128,
3160
     128,
3161
     },
3162
    {
3163
     1,
3164
     TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3165
     TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3166
     TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3167
     SSL_kECDHE,
3168
     SSL_aRSA,
3169
     SSL_ARIA256GCM,
3170
     SSL_AEAD,
3171
     TLS1_2_VERSION, TLS1_2_VERSION,
3172
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3173
     SSL_NOT_DEFAULT | SSL_HIGH,
3174
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3175
     256,
3176
     256,
3177
     },
3178
    {
3179
     1,
3180
     TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3181
     TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3182
     TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3183
     SSL_kPSK,
3184
     SSL_aPSK,
3185
     SSL_ARIA128GCM,
3186
     SSL_AEAD,
3187
     TLS1_2_VERSION, TLS1_2_VERSION,
3188
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3189
     SSL_NOT_DEFAULT | SSL_HIGH,
3190
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3191
     128,
3192
     128,
3193
     },
3194
    {
3195
     1,
3196
     TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3197
     TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3198
     TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3199
     SSL_kPSK,
3200
     SSL_aPSK,
3201
     SSL_ARIA256GCM,
3202
     SSL_AEAD,
3203
     TLS1_2_VERSION, TLS1_2_VERSION,
3204
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3205
     SSL_NOT_DEFAULT | SSL_HIGH,
3206
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3207
     256,
3208
     256,
3209
     },
3210
    {
3211
     1,
3212
     TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3213
     TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3214
     TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3215
     SSL_kDHEPSK,
3216
     SSL_aPSK,
3217
     SSL_ARIA128GCM,
3218
     SSL_AEAD,
3219
     TLS1_2_VERSION, TLS1_2_VERSION,
3220
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3221
     SSL_NOT_DEFAULT | SSL_HIGH,
3222
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3223
     128,
3224
     128,
3225
     },
3226
    {
3227
     1,
3228
     TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3229
     TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3230
     TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3231
     SSL_kDHEPSK,
3232
     SSL_aPSK,
3233
     SSL_ARIA256GCM,
3234
     SSL_AEAD,
3235
     TLS1_2_VERSION, TLS1_2_VERSION,
3236
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3237
     SSL_NOT_DEFAULT | SSL_HIGH,
3238
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3239
     256,
3240
     256,
3241
     },
3242
    {
3243
     1,
3244
     TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3245
     TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3246
     TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3247
     SSL_kRSAPSK,
3248
     SSL_aRSA,
3249
     SSL_ARIA128GCM,
3250
     SSL_AEAD,
3251
     TLS1_2_VERSION, TLS1_2_VERSION,
3252
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3253
     SSL_NOT_DEFAULT | SSL_HIGH,
3254
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3255
     128,
3256
     128,
3257
     },
3258
    {
3259
     1,
3260
     TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3261
     TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3262
     TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3263
     SSL_kRSAPSK,
3264
     SSL_aRSA,
3265
     SSL_ARIA256GCM,
3266
     SSL_AEAD,
3267
     TLS1_2_VERSION, TLS1_2_VERSION,
3268
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3269
     SSL_NOT_DEFAULT | SSL_HIGH,
3270
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3271
     256,
3272
     256,
3273
     },
3274
};
3275
3276
/*
3277
 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3278
 * values stuffed into the ciphers field of the wire protocol for signalling
3279
 * purposes.
3280
 */
3281
static SSL_CIPHER ssl3_scsvs[] = {
3282
    {
3283
     0,
3284
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3285
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3286
     SSL3_CK_SCSV,
3287
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3288
    },
3289
    {
3290
     0,
3291
     "TLS_FALLBACK_SCSV",
3292
     "TLS_FALLBACK_SCSV",
3293
     SSL3_CK_FALLBACK_SCSV,
3294
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3295
    },
3296
};
3297
3298
static int cipher_compare(const void *a, const void *b)
3299
15.5k
{
3300
15.5k
    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3301
15.5k
    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3302
3303
15.5k
    if (ap->id == bp->id)
3304
0
        return 0;
3305
15.5k
    return ap->id < bp->id ? -1 : 1;
3306
15.5k
}
3307
3308
void ssl_sort_cipher_list(void)
3309
16
{
3310
16
    qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3311
16
          cipher_compare);
3312
16
    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3313
16
          cipher_compare);
3314
16
    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3315
16
}
3316
3317
static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3318
                                       size_t s, const char *t, size_t u,
3319
                                       const unsigned char *v, size_t w, int x)
3320
0
{
3321
0
    (void)r;
3322
0
    (void)s;
3323
0
    (void)t;
3324
0
    (void)u;
3325
0
    (void)v;
3326
0
    (void)w;
3327
0
    (void)x;
3328
0
    return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3329
0
}
3330
3331
const SSL3_ENC_METHOD SSLv3_enc_data = {
3332
    ssl3_setup_key_block,
3333
    ssl3_generate_master_secret,
3334
    ssl3_change_cipher_state,
3335
    ssl3_final_finish_mac,
3336
    SSL3_MD_CLIENT_FINISHED_CONST, 4,
3337
    SSL3_MD_SERVER_FINISHED_CONST, 4,
3338
    ssl3_alert_code,
3339
    sslcon_undefined_function_1,
3340
    0,
3341
    ssl3_set_handshake_header,
3342
    tls_close_construct_packet,
3343
    ssl3_handshake_write
3344
};
3345
3346
OSSL_TIME ssl3_default_timeout(void)
3347
0
{
3348
    /*
3349
     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3350
     * http, the cache would over fill
3351
     */
3352
0
    return ossl_seconds2time(60 * 60 * 2);
3353
0
}
3354
3355
int ssl3_num_ciphers(void)
3356
0
{
3357
0
    return SSL3_NUM_CIPHERS;
3358
0
}
3359
3360
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3361
0
{
3362
0
    if (u < SSL3_NUM_CIPHERS)
3363
0
        return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3364
0
    else
3365
0
        return NULL;
3366
0
}
3367
3368
int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3369
0
{
3370
    /* No header in the event of a CCS */
3371
0
    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3372
0
        return 1;
3373
3374
    /* Set the content type and 3 bytes for the message len */
3375
0
    if (!WPACKET_put_bytes_u8(pkt, htype)
3376
0
            || !WPACKET_start_sub_packet_u24(pkt))
3377
0
        return 0;
3378
3379
0
    return 1;
3380
0
}
3381
3382
int ssl3_handshake_write(SSL_CONNECTION *s)
3383
0
{
3384
0
    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3385
0
}
3386
3387
int ssl3_new(SSL *s)
3388
0
{
3389
0
#ifndef OPENSSL_NO_SRP
3390
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3391
3392
0
    if (sc == NULL)
3393
0
        return 0;
3394
3395
0
    if (!ssl_srp_ctx_init_intern(sc))
3396
0
        return 0;
3397
0
#endif
3398
3399
0
    if (!s->method->ssl_clear(s))
3400
0
        return 0;
3401
3402
0
    return 1;
3403
0
}
3404
3405
void ssl3_free(SSL *s)
3406
0
{
3407
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3408
0
    size_t i;
3409
3410
0
    if (sc == NULL)
3411
0
        return;
3412
3413
0
    ssl3_cleanup_key_block(sc);
3414
3415
0
    EVP_PKEY_free(sc->s3.peer_tmp);
3416
0
    sc->s3.peer_tmp = NULL;
3417
3418
0
    for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3419
0
        if (sc->s3.tmp.ks_pkey[i] != NULL) {
3420
0
            if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3421
0
                sc->s3.tmp.pkey = NULL;
3422
3423
0
            EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3424
0
            sc->s3.tmp.ks_pkey[i] = NULL;
3425
0
        }
3426
0
    sc->s3.tmp.num_ks_pkey = 0;
3427
3428
0
    if (sc->s3.tmp.pkey != NULL) {
3429
0
        EVP_PKEY_free(sc->s3.tmp.pkey);
3430
0
        sc->s3.tmp.pkey = NULL;
3431
0
    }
3432
3433
0
    ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3434
0
    ssl_evp_md_free(sc->s3.tmp.new_hash);
3435
3436
0
    OPENSSL_free(sc->s3.tmp.ctype);
3437
0
    sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3438
0
    OPENSSL_free(sc->s3.tmp.ciphers_raw);
3439
0
    OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3440
0
    OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3441
0
    OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3442
0
    OPENSSL_free(sc->s3.tmp.valid_flags);
3443
0
    ssl3_free_digest_list(sc);
3444
0
    OPENSSL_free(sc->s3.alpn_selected);
3445
0
    OPENSSL_free(sc->s3.alpn_proposed);
3446
0
    ossl_quic_tls_free(sc->qtls);
3447
3448
0
#ifndef OPENSSL_NO_PSK
3449
0
    OPENSSL_free(sc->s3.tmp.psk);
3450
0
#endif
3451
3452
0
#ifndef OPENSSL_NO_SRP
3453
0
    ssl_srp_ctx_free_intern(sc);
3454
0
#endif
3455
0
    memset(&sc->s3, 0, sizeof(sc->s3));
3456
0
}
3457
3458
int ssl3_clear(SSL *s)
3459
0
{
3460
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3461
0
    int flags;
3462
0
    size_t i;
3463
3464
0
    if (sc == NULL)
3465
0
        return 0;
3466
3467
0
    ssl3_cleanup_key_block(sc);
3468
0
    OPENSSL_free(sc->s3.tmp.ctype);
3469
0
    sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3470
0
    OPENSSL_free(sc->s3.tmp.ciphers_raw);
3471
0
    OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3472
0
    OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3473
0
    OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3474
0
    OPENSSL_free(sc->s3.tmp.valid_flags);
3475
3476
0
    EVP_PKEY_free(sc->s3.peer_tmp);
3477
3478
0
    for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3479
0
        if (sc->s3.tmp.ks_pkey[i] != NULL) {
3480
0
            if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3481
0
                sc->s3.tmp.pkey = NULL;
3482
3483
0
            EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3484
0
            sc->s3.tmp.ks_pkey[i] = NULL;
3485
0
        }
3486
0
    sc->s3.tmp.num_ks_pkey = 0;
3487
3488
0
    if (sc->s3.tmp.pkey != NULL) {
3489
0
        EVP_PKEY_free(sc->s3.tmp.pkey);
3490
0
        sc->s3.tmp.pkey = NULL;
3491
0
    }
3492
3493
0
    ssl3_free_digest_list(sc);
3494
3495
0
    OPENSSL_free(sc->s3.alpn_selected);
3496
0
    OPENSSL_free(sc->s3.alpn_proposed);
3497
3498
    /*
3499
     * NULL/zero-out everything in the s3 struct, but remember if we are doing
3500
     * QUIC.
3501
     */
3502
0
    flags = sc->s3.flags & (TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL);
3503
0
    memset(&sc->s3, 0, sizeof(sc->s3));
3504
0
    sc->s3.flags |= flags;
3505
3506
0
    if (!ssl_free_wbio_buffer(sc))
3507
0
        return 0;
3508
3509
0
    sc->version = SSL3_VERSION;
3510
3511
0
#if !defined(OPENSSL_NO_NEXTPROTONEG)
3512
0
    OPENSSL_free(sc->ext.npn);
3513
0
    sc->ext.npn = NULL;
3514
0
    sc->ext.npn_len = 0;
3515
0
#endif
3516
3517
0
    return 1;
3518
0
}
3519
3520
#ifndef OPENSSL_NO_SRP
3521
static char *srp_password_from_info_cb(SSL *s, void *arg)
3522
0
{
3523
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3524
3525
0
    if (sc == NULL)
3526
0
        return NULL;
3527
3528
0
    return OPENSSL_strdup(sc->srp_ctx.info);
3529
0
}
3530
#endif
3531
3532
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3533
3534
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3535
0
{
3536
0
    int ret = 0;
3537
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3538
0
#ifndef OPENSSL_NO_OCSP
3539
0
    unsigned char *p = NULL;
3540
0
    OCSP_RESPONSE *resp = NULL;
3541
0
#endif
3542
3543
0
    if (sc == NULL)
3544
0
        return ret;
3545
3546
0
    switch (cmd) {
3547
0
    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3548
0
        break;
3549
0
    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3550
0
        ret = sc->s3.num_renegotiations;
3551
0
        break;
3552
0
    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3553
0
        ret = sc->s3.num_renegotiations;
3554
0
        sc->s3.num_renegotiations = 0;
3555
0
        break;
3556
0
    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3557
0
        ret = sc->s3.total_renegotiations;
3558
0
        break;
3559
0
    case SSL_CTRL_GET_FLAGS:
3560
0
        ret = (int)(sc->s3.flags);
3561
0
        break;
3562
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3563
0
    case SSL_CTRL_SET_TMP_DH:
3564
0
        {
3565
0
            EVP_PKEY *pkdh = NULL;
3566
0
            if (parg == NULL) {
3567
0
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3568
0
                return 0;
3569
0
            }
3570
0
            pkdh = ssl_dh_to_pkey(parg);
3571
0
            if (pkdh == NULL) {
3572
0
                ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3573
0
                return 0;
3574
0
            }
3575
0
            if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3576
0
                EVP_PKEY_free(pkdh);
3577
0
                return 0;
3578
0
            }
3579
0
            return 1;
3580
0
        }
3581
0
        break;
3582
0
    case SSL_CTRL_SET_TMP_DH_CB:
3583
0
        {
3584
0
            ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3585
0
            return ret;
3586
0
        }
3587
0
#endif
3588
0
    case SSL_CTRL_SET_DH_AUTO:
3589
0
        sc->cert->dh_tmp_auto = larg;
3590
0
        return 1;
3591
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3592
0
    case SSL_CTRL_SET_TMP_ECDH:
3593
0
        {
3594
0
            if (parg == NULL) {
3595
0
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3596
0
                return 0;
3597
0
            }
3598
0
            return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
3599
0
                                           &sc->ext.supportedgroups_len,
3600
0
                                           &sc->ext.keyshares,
3601
0
                                           &sc->ext.keyshares_len,
3602
0
                                           &sc->ext.tuples,
3603
0
                                           &sc->ext.tuples_len,
3604
0
                                           parg);
3605
0
        }
3606
0
#endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
3607
0
    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3608
        /*
3609
         * This API is only used for a client to set what SNI it will request
3610
         * from the server, but we currently allow it to be used on servers
3611
         * as well, which is a programming error.  Currently we just clear
3612
         * the field in SSL_do_handshake() for server SSLs, but when we can
3613
         * make ABI-breaking changes, we may want to make use of this API
3614
         * an error on server SSLs.
3615
         */
3616
0
        if (larg == TLSEXT_NAMETYPE_host_name) {
3617
0
            size_t len;
3618
3619
0
            OPENSSL_free(sc->ext.hostname);
3620
0
            sc->ext.hostname = NULL;
3621
3622
0
            ret = 1;
3623
0
            if (parg == NULL)
3624
0
                break;
3625
0
            len = strlen((char *)parg);
3626
0
            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3627
0
                ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3628
0
                return 0;
3629
0
            }
3630
0
            if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3631
0
                ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3632
0
                return 0;
3633
0
            }
3634
0
        } else {
3635
0
            ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3636
0
            return 0;
3637
0
        }
3638
0
        break;
3639
0
    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3640
0
        sc->ext.debug_arg = parg;
3641
0
        ret = 1;
3642
0
        break;
3643
3644
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3645
0
        ret = sc->ext.status_type;
3646
0
        break;
3647
3648
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3649
0
        sc->ext.status_type = larg;
3650
0
        ret = 1;
3651
0
        break;
3652
3653
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3654
0
        *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
3655
0
        ret = 1;
3656
0
        break;
3657
3658
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3659
0
        sc->ext.ocsp.exts = parg;
3660
0
        ret = 1;
3661
0
        break;
3662
3663
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3664
0
        *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
3665
0
        ret = 1;
3666
0
        break;
3667
3668
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3669
0
        sc->ext.ocsp.ids = parg;
3670
0
        ret = 1;
3671
0
        break;
3672
3673
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3674
0
        *(unsigned char **)parg = NULL;
3675
0
        ret = -1;
3676
3677
0
#ifndef OPENSSL_NO_OCSP
3678
0
        resp = sk_OCSP_RESPONSE_value(sc->ext.ocsp.resp_ex, 0);
3679
3680
0
        if (resp != NULL) {
3681
0
            int resp_len = i2d_OCSP_RESPONSE(resp, &p);
3682
3683
0
            if (resp_len > 0) {
3684
0
                OPENSSL_free(sc->ext.ocsp.resp);
3685
0
                *(unsigned char **)parg = sc->ext.ocsp.resp = p;
3686
0
                sc->ext.ocsp.resp_len = (size_t)resp_len;
3687
0
                ret = resp_len;
3688
0
            }
3689
0
        }
3690
0
#endif
3691
0
        break;
3692
3693
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3694
0
        ret = 1;
3695
0
#ifndef OPENSSL_NO_OCSP
3696
        /*
3697
         * cleanup single values, which might be set somewhere else
3698
         * we only use the extended values
3699
         */
3700
0
        if (sc->ext.ocsp.resp != NULL) {
3701
0
            OPENSSL_free(sc->ext.ocsp.resp);
3702
0
            sc->ext.ocsp.resp = NULL;
3703
0
            sc->ext.ocsp.resp_len = 0;
3704
0
        }
3705
3706
0
        sk_OCSP_RESPONSE_pop_free(sc->ext.ocsp.resp_ex, OCSP_RESPONSE_free);
3707
0
        sc->ext.ocsp.resp_ex = NULL;
3708
3709
0
        if (parg != NULL) {
3710
0
            sc->ext.ocsp.resp_ex = sk_OCSP_RESPONSE_new_reserve(NULL, 1);
3711
0
            if (sc->ext.ocsp.resp_ex == NULL)
3712
0
                return 0;
3713
3714
0
            p = parg;
3715
0
            resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p, larg);
3716
0
            if (resp != NULL)
3717
0
                sk_OCSP_RESPONSE_push(sc->ext.ocsp.resp_ex, resp);
3718
0
        }
3719
0
#endif
3720
0
        break;
3721
3722
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP_EX:
3723
0
#ifndef OPENSSL_NO_OCSP
3724
0
        *(STACK_OF(OCSP_RESPONSE) **)parg = sc->ext.ocsp.resp_ex;
3725
0
        ret = sk_OCSP_RESPONSE_num(sc->ext.ocsp.resp_ex);
3726
#else
3727
        *(unsigned char **)parg = NULL;
3728
        ret = -1;
3729
#endif
3730
0
        break;
3731
3732
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP_EX:
3733
0
#ifndef OPENSSL_NO_OCSP
3734
        /*
3735
         * cleanup single values, which might be set somewhere else
3736
         * we only use the extended values
3737
         */
3738
0
        if (sc->ext.ocsp.resp != NULL) {
3739
0
            OPENSSL_free(sc->ext.ocsp.resp);
3740
0
            sc->ext.ocsp.resp = NULL;
3741
0
            sc->ext.ocsp.resp_len = 0;
3742
0
        }
3743
3744
0
        sk_OCSP_RESPONSE_pop_free(sc->ext.ocsp.resp_ex, OCSP_RESPONSE_free);
3745
0
        sc->ext.ocsp.resp_ex = (STACK_OF(OCSP_RESPONSE) *)parg;
3746
0
#endif
3747
0
        ret = 1;
3748
0
        break;
3749
3750
0
    case SSL_CTRL_CHAIN:
3751
0
        if (larg)
3752
0
            return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
3753
0
        else
3754
0
            return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
3755
3756
0
    case SSL_CTRL_CHAIN_CERT:
3757
0
        if (larg)
3758
0
            return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
3759
0
        else
3760
0
            return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
3761
3762
0
    case SSL_CTRL_GET_CHAIN_CERTS:
3763
0
        *(STACK_OF(X509) **)parg = sc->cert->key->chain;
3764
0
        ret = 1;
3765
0
        break;
3766
3767
0
    case SSL_CTRL_SELECT_CURRENT_CERT:
3768
0
        return ssl_cert_select_current(sc->cert, (X509 *)parg);
3769
3770
0
    case SSL_CTRL_SET_CURRENT_CERT:
3771
0
        if (larg == SSL_CERT_SET_SERVER) {
3772
0
            const SSL_CIPHER *cipher;
3773
0
            if (!sc->server)
3774
0
                return 0;
3775
0
            cipher = sc->s3.tmp.new_cipher;
3776
0
            if (cipher == NULL)
3777
0
                return 0;
3778
            /*
3779
             * No certificate for unauthenticated ciphersuites or using SRP
3780
             * authentication
3781
             */
3782
0
            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3783
0
                return 2;
3784
0
            if (sc->s3.tmp.cert == NULL)
3785
0
                return 0;
3786
0
            sc->cert->key = sc->s3.tmp.cert;
3787
0
            return 1;
3788
0
        }
3789
0
        return ssl_cert_set_current(sc->cert, larg);
3790
3791
0
    case SSL_CTRL_GET_GROUPS:
3792
0
        {
3793
0
            uint16_t *clist;
3794
0
            size_t clistlen;
3795
3796
0
            if (!sc->session)
3797
0
                return 0;
3798
0
            clist = sc->ext.peer_supportedgroups;
3799
0
            clistlen = sc->ext.peer_supportedgroups_len;
3800
0
            if (parg) {
3801
0
                size_t i;
3802
0
                int *cptr = parg;
3803
3804
0
                for (i = 0; i < clistlen; i++) {
3805
0
                    const TLS_GROUP_INFO *cinf
3806
0
                        = tls1_group_id_lookup(s->ctx, clist[i]);
3807
3808
0
                    if (cinf != NULL)
3809
0
                        cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3810
0
                    else
3811
0
                        cptr[i] = TLSEXT_nid_unknown | clist[i];
3812
0
                }
3813
0
            }
3814
0
            return (int)clistlen;
3815
0
        }
3816
3817
0
    case SSL_CTRL_SET_GROUPS:
3818
0
        return tls1_set_groups(&sc->ext.supportedgroups,
3819
0
                               &sc->ext.supportedgroups_len,
3820
0
                               &sc->ext.keyshares,
3821
0
                               &sc->ext.keyshares_len,
3822
0
                               &sc->ext.tuples,
3823
0
                               &sc->ext.tuples_len,
3824
0
                               parg, larg);
3825
3826
0
    case SSL_CTRL_SET_GROUPS_LIST:
3827
0
        return tls1_set_groups_list(s->ctx,
3828
0
                                    &sc->ext.supportedgroups,
3829
0
                                    &sc->ext.supportedgroups_len,
3830
0
                                    &sc->ext.keyshares,
3831
0
                                    &sc->ext.keyshares_len,
3832
0
                                    &sc->ext.tuples,
3833
0
                                    &sc->ext.tuples_len,
3834
0
                                    parg);
3835
3836
0
    case SSL_CTRL_GET_SHARED_GROUP:
3837
0
        {
3838
0
            uint16_t id = tls1_shared_group(sc, larg);
3839
3840
0
            if (larg != -1)
3841
0
                return tls1_group_id2nid(id, 1);
3842
0
            return id;
3843
0
        }
3844
0
    case SSL_CTRL_GET_NEGOTIATED_GROUP:
3845
0
        {
3846
0
            unsigned int id;
3847
3848
0
            if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
3849
0
                id = sc->s3.group_id;
3850
0
            else
3851
0
                id = (sc->session != NULL) ? sc->session->kex_group : NID_undef;
3852
0
            ret = tls1_group_id2nid(id, 1);
3853
0
            break;
3854
0
        }
3855
0
    case SSL_CTRL_SET_SIGALGS:
3856
0
        return tls1_set_sigalgs(sc->cert, parg, larg, 0);
3857
3858
0
    case SSL_CTRL_SET_SIGALGS_LIST:
3859
0
        return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
3860
3861
0
    case SSL_CTRL_SET_CLIENT_SIGALGS:
3862
0
        return tls1_set_sigalgs(sc->cert, parg, larg, 1);
3863
3864
0
    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3865
0
        return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
3866
3867
0
    case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3868
0
        {
3869
0
            const unsigned char **pctype = parg;
3870
0
            if (sc->server || !sc->s3.tmp.cert_req)
3871
0
                return 0;
3872
0
            if (pctype)
3873
0
                *pctype = sc->s3.tmp.ctype;
3874
0
            return (long)sc->s3.tmp.ctype_len;
3875
0
        }
3876
3877
0
    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3878
0
        if (!sc->server)
3879
0
            return 0;
3880
0
        return ssl3_set_req_cert_type(sc->cert, parg, larg);
3881
3882
0
    case SSL_CTRL_BUILD_CERT_CHAIN:
3883
0
        return ssl_build_cert_chain(sc, NULL, larg);
3884
3885
0
    case SSL_CTRL_SET_VERIFY_CERT_STORE:
3886
0
        return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
3887
3888
0
    case SSL_CTRL_SET_CHAIN_CERT_STORE:
3889
0
        return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
3890
3891
0
    case SSL_CTRL_GET_VERIFY_CERT_STORE:
3892
0
        return ssl_cert_get_cert_store(sc->cert, parg, 0);
3893
3894
0
    case SSL_CTRL_GET_CHAIN_CERT_STORE:
3895
0
        return ssl_cert_get_cert_store(sc->cert, parg, 1);
3896
3897
0
    case SSL_CTRL_GET_PEER_SIGNATURE_NAME:
3898
0
        if (parg == NULL || sc->s3.tmp.peer_sigalg == NULL)
3899
0
            return 0;
3900
0
        *(const char **)parg = sc->s3.tmp.peer_sigalg->name;
3901
0
        return 1;
3902
3903
0
    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3904
0
        if (sc->s3.tmp.peer_sigalg == NULL)
3905
0
            return 0;
3906
0
        *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
3907
0
        return 1;
3908
3909
0
    case SSL_CTRL_GET_SIGNATURE_NAME:
3910
0
        if (parg == NULL || sc->s3.tmp.sigalg == NULL)
3911
0
            return 0;
3912
0
        *(const char **)parg = sc->s3.tmp.sigalg->name;
3913
0
        return 1;
3914
3915
0
    case SSL_CTRL_GET_SIGNATURE_NID:
3916
0
        if (sc->s3.tmp.sigalg == NULL)
3917
0
            return 0;
3918
0
        *(int *)parg = sc->s3.tmp.sigalg->hash;
3919
0
        return 1;
3920
3921
0
    case SSL_CTRL_GET_PEER_TMP_KEY:
3922
0
        if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
3923
0
            return 0;
3924
0
        } else {
3925
0
            if (!EVP_PKEY_up_ref(sc->s3.peer_tmp))
3926
0
                return 0;
3927
3928
0
            *(EVP_PKEY **)parg = sc->s3.peer_tmp;
3929
0
            return 1;
3930
0
        }
3931
3932
0
    case SSL_CTRL_GET_TMP_KEY:
3933
0
        if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
3934
0
            return 0;
3935
0
        } else {
3936
0
            if (!EVP_PKEY_up_ref(sc->s3.tmp.pkey))
3937
0
                return 0;
3938
3939
0
            *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
3940
0
            return 1;
3941
0
        }
3942
3943
0
    case SSL_CTRL_GET_EC_POINT_FORMATS:
3944
0
        {
3945
0
            const unsigned char **pformat = parg;
3946
3947
0
            if (sc->ext.peer_ecpointformats == NULL)
3948
0
                return 0;
3949
0
            *pformat = sc->ext.peer_ecpointformats;
3950
0
            return (int)sc->ext.peer_ecpointformats_len;
3951
0
        }
3952
3953
0
    case SSL_CTRL_GET_IANA_GROUPS:
3954
0
        {
3955
0
            if (parg != NULL) {
3956
0
                *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
3957
0
            }
3958
0
            return (int)sc->ext.peer_supportedgroups_len;
3959
0
        }
3960
3961
0
    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
3962
0
        sc->msg_callback_arg = parg;
3963
0
        return 1;
3964
3965
0
    default:
3966
0
        break;
3967
0
    }
3968
0
    return ret;
3969
0
}
3970
3971
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3972
0
{
3973
0
    int ret = 0;
3974
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3975
3976
0
    if (sc == NULL)
3977
0
        return ret;
3978
3979
0
    switch (cmd) {
3980
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3981
0
    case SSL_CTRL_SET_TMP_DH_CB:
3982
0
        sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3983
0
        ret = 1;
3984
0
        break;
3985
0
#endif
3986
0
    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3987
0
        sc->ext.debug_cb = (void (*)(SSL *, int, int,
3988
0
                                     const unsigned char *, int, void *))fp;
3989
0
        ret = 1;
3990
0
        break;
3991
3992
0
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3993
0
        sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3994
0
        ret = 1;
3995
0
        break;
3996
3997
0
    case SSL_CTRL_SET_MSG_CALLBACK:
3998
0
        sc->msg_callback = (ossl_msg_cb)fp;
3999
0
        return 1;
4000
0
    default:
4001
0
        break;
4002
0
    }
4003
0
    return ret;
4004
0
}
4005
4006
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
4007
0
{
4008
0
    switch (cmd) {
4009
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4010
0
    case SSL_CTRL_SET_TMP_DH:
4011
0
        {
4012
0
            EVP_PKEY *pkdh = NULL;
4013
0
            if (parg == NULL) {
4014
0
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
4015
0
                return 0;
4016
0
            }
4017
0
            pkdh = ssl_dh_to_pkey(parg);
4018
0
            if (pkdh == NULL) {
4019
0
                ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
4020
0
                return 0;
4021
0
            }
4022
0
            if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
4023
0
                EVP_PKEY_free(pkdh);
4024
0
                return 0;
4025
0
            }
4026
0
            return 1;
4027
0
        }
4028
0
    case SSL_CTRL_SET_TMP_DH_CB:
4029
0
        {
4030
0
            ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
4031
0
            return 0;
4032
0
        }
4033
0
#endif
4034
0
    case SSL_CTRL_SET_DH_AUTO:
4035
0
        ctx->cert->dh_tmp_auto = larg;
4036
0
        return 1;
4037
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4038
0
    case SSL_CTRL_SET_TMP_ECDH:
4039
0
        {
4040
0
            if (parg == NULL) {
4041
0
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
4042
0
                return 0;
4043
0
            }
4044
0
            return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
4045
0
                                           &ctx->ext.supportedgroups_len,
4046
0
                                           &ctx->ext.keyshares,
4047
0
                                           &ctx->ext.keyshares_len,
4048
0
                                           &ctx->ext.tuples,
4049
0
                                           &ctx->ext.tuples_len,
4050
0
                                           parg);
4051
0
        }
4052
0
#endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
4053
0
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
4054
0
        ctx->ext.servername_arg = parg;
4055
0
        break;
4056
0
    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
4057
0
    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
4058
0
        {
4059
0
            unsigned char *keys = parg;
4060
0
            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
4061
0
                                sizeof(ctx->ext.secure->tick_hmac_key) +
4062
0
                                sizeof(ctx->ext.secure->tick_aes_key));
4063
0
            if (keys == NULL)
4064
0
                return tick_keylen;
4065
0
            if (larg != tick_keylen) {
4066
0
                ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
4067
0
                return 0;
4068
0
            }
4069
0
            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
4070
0
                memcpy(ctx->ext.tick_key_name, keys,
4071
0
                       sizeof(ctx->ext.tick_key_name));
4072
0
                memcpy(ctx->ext.secure->tick_hmac_key,
4073
0
                       keys + sizeof(ctx->ext.tick_key_name),
4074
0
                       sizeof(ctx->ext.secure->tick_hmac_key));
4075
0
                memcpy(ctx->ext.secure->tick_aes_key,
4076
0
                       keys + sizeof(ctx->ext.tick_key_name) +
4077
0
                       sizeof(ctx->ext.secure->tick_hmac_key),
4078
0
                       sizeof(ctx->ext.secure->tick_aes_key));
4079
0
            } else {
4080
0
                memcpy(keys, ctx->ext.tick_key_name,
4081
0
                       sizeof(ctx->ext.tick_key_name));
4082
0
                memcpy(keys + sizeof(ctx->ext.tick_key_name),
4083
0
                       ctx->ext.secure->tick_hmac_key,
4084
0
                       sizeof(ctx->ext.secure->tick_hmac_key));
4085
0
                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
4086
0
                       sizeof(ctx->ext.secure->tick_hmac_key),
4087
0
                       ctx->ext.secure->tick_aes_key,
4088
0
                       sizeof(ctx->ext.secure->tick_aes_key));
4089
0
            }
4090
0
            return 1;
4091
0
        }
4092
4093
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
4094
0
        return ctx->ext.status_type;
4095
4096
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
4097
0
        ctx->ext.status_type = larg;
4098
0
        break;
4099
4100
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
4101
0
        ctx->ext.status_arg = parg;
4102
0
        return 1;
4103
4104
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
4105
0
        *(void**)parg = ctx->ext.status_arg;
4106
0
        break;
4107
4108
0
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
4109
0
        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
4110
0
        break;
4111
4112
0
#ifndef OPENSSL_NO_SRP
4113
0
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
4114
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4115
0
        OPENSSL_free(ctx->srp_ctx.login);
4116
0
        ctx->srp_ctx.login = NULL;
4117
0
        if (parg == NULL)
4118
0
            break;
4119
0
        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
4120
0
            ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
4121
0
            return 0;
4122
0
        }
4123
0
        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
4124
0
            ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4125
0
            return 0;
4126
0
        }
4127
0
        break;
4128
0
    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
4129
0
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4130
0
            srp_password_from_info_cb;
4131
0
        if (ctx->srp_ctx.info != NULL)
4132
0
            OPENSSL_free(ctx->srp_ctx.info);
4133
0
        if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
4134
0
            ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4135
0
            return 0;
4136
0
        }
4137
0
        break;
4138
0
    case SSL_CTRL_SET_SRP_ARG:
4139
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4140
0
        ctx->srp_ctx.SRP_cb_arg = parg;
4141
0
        break;
4142
4143
0
    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4144
0
        ctx->srp_ctx.strength = larg;
4145
0
        break;
4146
0
#endif
4147
4148
0
    case SSL_CTRL_SET_GROUPS:
4149
0
        return tls1_set_groups(&ctx->ext.supportedgroups,
4150
0
                               &ctx->ext.supportedgroups_len,
4151
0
                               &ctx->ext.keyshares,
4152
0
                               &ctx->ext.keyshares_len,
4153
0
                               &ctx->ext.tuples,
4154
0
                               &ctx->ext.tuples_len,
4155
0
                               parg, larg);
4156
4157
0
    case SSL_CTRL_SET_GROUPS_LIST:
4158
0
        return tls1_set_groups_list(ctx,
4159
0
                                    &ctx->ext.supportedgroups,
4160
0
                                    &ctx->ext.supportedgroups_len,
4161
0
                                    &ctx->ext.keyshares,
4162
0
                                    &ctx->ext.keyshares_len,
4163
0
                                    &ctx->ext.tuples,
4164
0
                                    &ctx->ext.tuples_len,
4165
0
                                    parg);
4166
4167
0
    case SSL_CTRL_GET0_IMPLEMENTED_GROUPS:
4168
0
        return tls1_get0_implemented_groups(ctx->min_proto_version,
4169
0
                                            ctx->max_proto_version,
4170
0
                                            ctx->group_list,
4171
0
                                            ctx->group_list_len, larg, parg);
4172
4173
0
    case SSL_CTRL_SET_SIGALGS:
4174
0
        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4175
4176
0
    case SSL_CTRL_SET_SIGALGS_LIST:
4177
0
        return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4178
4179
0
    case SSL_CTRL_SET_CLIENT_SIGALGS:
4180
0
        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4181
4182
0
    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4183
0
        return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4184
4185
0
    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4186
0
        return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4187
4188
0
    case SSL_CTRL_BUILD_CERT_CHAIN:
4189
0
        return ssl_build_cert_chain(NULL, ctx, larg);
4190
4191
0
    case SSL_CTRL_SET_VERIFY_CERT_STORE:
4192
0
        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4193
4194
0
    case SSL_CTRL_SET_CHAIN_CERT_STORE:
4195
0
        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4196
4197
0
    case SSL_CTRL_GET_VERIFY_CERT_STORE:
4198
0
        return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4199
4200
0
    case SSL_CTRL_GET_CHAIN_CERT_STORE:
4201
0
        return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4202
4203
        /* A Thawte special :-) */
4204
0
    case SSL_CTRL_EXTRA_CHAIN_CERT:
4205
0
        if (ctx->extra_certs == NULL) {
4206
0
            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4207
0
                ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4208
0
                return 0;
4209
0
            }
4210
0
        }
4211
0
        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4212
0
            ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4213
0
            return 0;
4214
0
        }
4215
0
        break;
4216
4217
0
    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4218
0
        if (ctx->extra_certs == NULL && larg == 0)
4219
0
            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4220
0
        else
4221
0
            *(STACK_OF(X509) **)parg = ctx->extra_certs;
4222
0
        break;
4223
4224
0
    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4225
0
        OSSL_STACK_OF_X509_free(ctx->extra_certs);
4226
0
        ctx->extra_certs = NULL;
4227
0
        break;
4228
4229
0
    case SSL_CTRL_CHAIN:
4230
0
        if (larg)
4231
0
            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4232
0
        else
4233
0
            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4234
4235
0
    case SSL_CTRL_CHAIN_CERT:
4236
0
        if (larg)
4237
0
            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4238
0
        else
4239
0
            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4240
4241
0
    case SSL_CTRL_GET_CHAIN_CERTS:
4242
0
        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4243
0
        break;
4244
4245
0
    case SSL_CTRL_SELECT_CURRENT_CERT:
4246
0
        return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4247
4248
0
    case SSL_CTRL_SET_CURRENT_CERT:
4249
0
        return ssl_cert_set_current(ctx->cert, larg);
4250
4251
0
    default:
4252
0
        return 0;
4253
0
    }
4254
0
    return 1;
4255
0
}
4256
4257
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4258
0
{
4259
0
    switch (cmd) {
4260
0
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4261
0
    case SSL_CTRL_SET_TMP_DH_CB:
4262
0
        {
4263
0
            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4264
0
        }
4265
0
        break;
4266
0
#endif
4267
0
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4268
0
        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4269
0
        break;
4270
4271
0
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4272
0
        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4273
0
        break;
4274
4275
0
# ifndef OPENSSL_NO_DEPRECATED_3_0
4276
0
    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4277
0
        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4278
0
                                          unsigned char *,
4279
0
                                          EVP_CIPHER_CTX *,
4280
0
                                          HMAC_CTX *, int))fp;
4281
0
        break;
4282
0
#endif
4283
4284
0
#ifndef OPENSSL_NO_SRP
4285
0
    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4286
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4287
0
        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4288
0
        break;
4289
0
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4290
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4291
0
        ctx->srp_ctx.TLS_ext_srp_username_callback =
4292
0
            (int (*)(SSL *, int *, void *))fp;
4293
0
        break;
4294
0
    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4295
0
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4296
0
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4297
0
            (char *(*)(SSL *, void *))fp;
4298
0
        break;
4299
0
#endif
4300
0
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4301
0
        {
4302
0
            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4303
0
        }
4304
0
        break;
4305
0
    default:
4306
0
        return 0;
4307
0
    }
4308
0
    return 1;
4309
0
}
4310
4311
int SSL_CTX_set_tlsext_ticket_key_evp_cb
4312
    (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4313
                             EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4314
0
{
4315
0
    ctx->ext.ticket_key_evp_cb = fp;
4316
0
    return 1;
4317
0
}
4318
4319
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4320
0
{
4321
0
    SSL_CIPHER c;
4322
0
    const SSL_CIPHER *cp;
4323
4324
0
    c.id = id;
4325
0
    cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4326
0
    if (cp != NULL)
4327
0
        return cp;
4328
0
    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4329
0
    if (cp != NULL)
4330
0
        return cp;
4331
0
    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4332
0
}
4333
4334
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4335
0
{
4336
0
    SSL_CIPHER *tbl;
4337
0
    SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4338
0
    size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4339
0
                              SSL3_NUM_SCSVS};
4340
4341
    /* this is not efficient, necessary to optimize this? */
4342
0
    for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4343
0
        for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4344
0
            if (tbl->stdname == NULL)
4345
0
                continue;
4346
0
            if (strcmp(stdname, tbl->stdname) == 0) {
4347
0
                return tbl;
4348
0
            }
4349
0
        }
4350
0
    }
4351
0
    return NULL;
4352
0
}
4353
4354
/*
4355
 * This function needs to check if the ciphers required are actually
4356
 * available
4357
 */
4358
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4359
0
{
4360
0
    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4361
0
                                 | ((uint32_t)p[0] << 8L)
4362
0
                                 | (uint32_t)p[1]);
4363
0
}
4364
4365
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4366
0
{
4367
0
    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4368
0
        *len = 0;
4369
0
        return 1;
4370
0
    }
4371
4372
0
    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4373
0
        return 0;
4374
4375
0
    *len = 2;
4376
0
    return 1;
4377
0
}
4378
4379
/*
4380
 * ssl3_choose_cipher - choose a cipher from those offered by the client
4381
 * @s: SSL connection
4382
 * @clnt: ciphers offered by the client
4383
 * @srvr: ciphers enabled on the server?
4384
 *
4385
 * Returns the selected cipher or NULL when no common ciphers.
4386
 */
4387
const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4388
                                     STACK_OF(SSL_CIPHER) *srvr)
4389
0
{
4390
0
    const SSL_CIPHER *c, *ret = NULL;
4391
0
    STACK_OF(SSL_CIPHER) *prio, *allow;
4392
0
    int i, ii, ok, prefer_sha256 = 0;
4393
0
    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4394
0
    STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4395
4396
    /* Let's see which ciphers we can support */
4397
4398
    /*
4399
     * Do not set the compare functions, because this may lead to a
4400
     * reordering by "id". We want to keep the original ordering. We may pay
4401
     * a price in performance during sk_SSL_CIPHER_find(), but would have to
4402
     * pay with the price of sk_SSL_CIPHER_dup().
4403
     */
4404
4405
0
    OSSL_TRACE_BEGIN(TLS_CIPHER) {
4406
0
        BIO_printf(trc_out, "Server has %d from %p:\n",
4407
0
                   sk_SSL_CIPHER_num(srvr), (void *)srvr);
4408
0
        for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4409
0
            c = sk_SSL_CIPHER_value(srvr, i);
4410
0
            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4411
0
        }
4412
0
        BIO_printf(trc_out, "Client sent %d from %p:\n",
4413
0
                   sk_SSL_CIPHER_num(clnt), (void *)clnt);
4414
0
        for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4415
0
            c = sk_SSL_CIPHER_value(clnt, i);
4416
0
            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4417
0
        }
4418
0
    } OSSL_TRACE_END(TLS_CIPHER);
4419
4420
    /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4421
0
    if (tls1_suiteb(s)) {
4422
0
        prio = srvr;
4423
0
        allow = clnt;
4424
0
    } else if (s->options & SSL_OP_SERVER_PREFERENCE) {
4425
0
        prio = srvr;
4426
0
        allow = clnt;
4427
4428
        /* If ChaCha20 is at the top of the client preference list,
4429
           and there are ChaCha20 ciphers in the server list, then
4430
           temporarily prioritize all ChaCha20 ciphers in the servers list. */
4431
0
        if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4432
0
            c = sk_SSL_CIPHER_value(clnt, 0);
4433
0
            if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4434
                /* ChaCha20 is client preferred, check server... */
4435
0
                int num = sk_SSL_CIPHER_num(srvr);
4436
0
                int found = 0;
4437
0
                for (i = 0; i < num; i++) {
4438
0
                    c = sk_SSL_CIPHER_value(srvr, i);
4439
0
                    if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4440
0
                        found = 1;
4441
0
                        break;
4442
0
                    }
4443
0
                }
4444
0
                if (found) {
4445
0
                    prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4446
                    /* if reserve fails, then there's likely a memory issue */
4447
0
                    if (prio_chacha != NULL) {
4448
                        /* Put all ChaCha20 at the top, starting with the one we just found */
4449
0
                        sk_SSL_CIPHER_push(prio_chacha, c);
4450
0
                        for (i++; i < num; i++) {
4451
0
                            c = sk_SSL_CIPHER_value(srvr, i);
4452
0
                            if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4453
0
                                sk_SSL_CIPHER_push(prio_chacha, c);
4454
0
                        }
4455
                        /* Pull in the rest */
4456
0
                        for (i = 0; i < num; i++) {
4457
0
                            c = sk_SSL_CIPHER_value(srvr, i);
4458
0
                            if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4459
0
                                sk_SSL_CIPHER_push(prio_chacha, c);
4460
0
                        }
4461
0
                        prio = prio_chacha;
4462
0
                    }
4463
0
                }
4464
0
            }
4465
0
        }
4466
0
    } else {
4467
0
        prio = clnt;
4468
0
        allow = srvr;
4469
0
    }
4470
4471
0
    if (SSL_CONNECTION_IS_TLS13(s)) {
4472
0
#ifndef OPENSSL_NO_PSK
4473
0
        size_t j;
4474
4475
        /*
4476
         * If we allow "old" style PSK callbacks, and we have no certificate (so
4477
         * we're not going to succeed without a PSK anyway), and we're in
4478
         * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4479
         * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4480
         * that.
4481
         */
4482
0
        if (s->psk_server_callback != NULL) {
4483
0
            for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, (int)j); j++);
4484
0
            if (j == s->ssl_pkey_num) {
4485
                /* There are no certificates */
4486
0
                prefer_sha256 = 1;
4487
0
            }
4488
0
        }
4489
0
#endif
4490
0
    } else {
4491
0
        tls1_set_cert_validity(s);
4492
0
        ssl_set_masks(s);
4493
0
    }
4494
4495
0
    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4496
0
        int minversion, maxversion;
4497
4498
0
        c = sk_SSL_CIPHER_value(prio, i);
4499
0
        minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4500
0
        maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4501
4502
        /* Skip ciphers not supported by the protocol version */
4503
0
        if (ssl_version_cmp(s, s->version, minversion) < 0
4504
0
            || ssl_version_cmp(s, s->version, maxversion) > 0)
4505
0
            continue;
4506
4507
        /*
4508
         * Since TLS 1.3 ciphersuites can be used with any auth or
4509
         * key exchange scheme skip tests.
4510
         */
4511
0
        if (!SSL_CONNECTION_IS_TLS13(s)) {
4512
0
            mask_k = s->s3.tmp.mask_k;
4513
0
            mask_a = s->s3.tmp.mask_a;
4514
0
#ifndef OPENSSL_NO_SRP
4515
0
            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4516
0
                mask_k |= SSL_kSRP;
4517
0
                mask_a |= SSL_aSRP;
4518
0
            }
4519
0
#endif
4520
4521
0
            alg_k = c->algorithm_mkey;
4522
0
            alg_a = c->algorithm_auth;
4523
4524
0
#ifndef OPENSSL_NO_PSK
4525
            /* with PSK there must be server callback set */
4526
0
            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4527
0
                continue;
4528
0
#endif                          /* OPENSSL_NO_PSK */
4529
4530
0
            ok = (alg_k & mask_k) && (alg_a & mask_a);
4531
0
            OSSL_TRACE7(TLS_CIPHER,
4532
0
                        "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4533
0
                        ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4534
4535
            /*
4536
             * if we are considering an ECC cipher suite that uses an ephemeral
4537
             * EC key check it
4538
             */
4539
0
            if (alg_k & SSL_kECDHE)
4540
0
                ok = ok && tls1_check_ec_tmp_key(s, c->id);
4541
4542
0
            if (!ok)
4543
0
                continue;
4544
0
        }
4545
0
        ii = sk_SSL_CIPHER_find(allow, c);
4546
0
        if (ii >= 0) {
4547
            /* Check security callback permits this cipher */
4548
0
            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4549
0
                              c->strength_bits, 0, (void *)c))
4550
0
                continue;
4551
4552
0
            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4553
0
                && s->s3.is_probably_safari) {
4554
0
                if (!ret)
4555
0
                    ret = sk_SSL_CIPHER_value(allow, ii);
4556
0
                continue;
4557
0
            }
4558
4559
0
            if (prefer_sha256) {
4560
0
                const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4561
0
                const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4562
0
                                          tmp->algorithm2);
4563
4564
0
                if (md != NULL
4565
0
                        && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4566
0
                    ret = tmp;
4567
0
                    break;
4568
0
                }
4569
0
                if (ret == NULL)
4570
0
                    ret = tmp;
4571
0
                continue;
4572
0
            }
4573
0
            ret = sk_SSL_CIPHER_value(allow, ii);
4574
0
            break;
4575
0
        }
4576
0
    }
4577
4578
0
    sk_SSL_CIPHER_free(prio_chacha);
4579
4580
0
    return ret;
4581
0
}
4582
4583
int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4584
0
{
4585
0
    uint32_t alg_k, alg_a = 0;
4586
4587
    /* If we have custom certificate types set, use them */
4588
0
    if (s->cert->ctype)
4589
0
        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4590
    /* Get mask of algorithms disabled by signature list */
4591
0
    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4592
4593
0
    alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4594
4595
0
#ifndef OPENSSL_NO_GOST
4596
0
    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4597
0
        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4598
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4599
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4600
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4601
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4602
0
            return 0;
4603
4604
0
    if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4605
0
        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4606
0
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4607
0
            return 0;
4608
0
#endif
4609
4610
0
    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4611
0
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4612
0
            return 0;
4613
0
        if (!(alg_a & SSL_aDSS)
4614
0
                && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4615
0
            return 0;
4616
0
    }
4617
0
    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4618
0
        return 0;
4619
0
    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4620
0
        return 0;
4621
4622
    /*
4623
     * ECDSA certs can be used with RSA cipher suites too so we don't
4624
     * need to check for SSL_kECDH or SSL_kECDHE
4625
     */
4626
0
    if (s->version >= TLS1_VERSION
4627
0
            && !(alg_a & SSL_aECDSA)
4628
0
            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4629
0
        return 0;
4630
4631
0
    return 1;
4632
0
}
4633
4634
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4635
0
{
4636
0
    OPENSSL_free(c->ctype);
4637
0
    c->ctype = NULL;
4638
0
    c->ctype_len = 0;
4639
0
    if (p == NULL || len == 0)
4640
0
        return 1;
4641
0
    if (len > 0xff)
4642
0
        return 0;
4643
0
    c->ctype = OPENSSL_memdup(p, len);
4644
0
    if (c->ctype == NULL)
4645
0
        return 0;
4646
0
    c->ctype_len = len;
4647
0
    return 1;
4648
0
}
4649
4650
int ssl3_shutdown(SSL *s)
4651
0
{
4652
0
    int ret;
4653
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4654
4655
0
    if (sc == NULL)
4656
0
        return 0;
4657
4658
    /*
4659
     * Don't do anything much if we have not done the handshake or we don't
4660
     * want to send messages :-)
4661
     */
4662
0
    if (sc->quiet_shutdown || SSL_in_before(s)) {
4663
0
        sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4664
0
        return 1;
4665
0
    }
4666
4667
0
    if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4668
0
        sc->shutdown |= SSL_SENT_SHUTDOWN;
4669
0
        ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4670
        /*
4671
         * our shutdown alert has been sent now, and if it still needs to be
4672
         * written, s->s3.alert_dispatch will be > 0
4673
         */
4674
0
        if (sc->s3.alert_dispatch > 0)
4675
0
            return -1;        /* return WANT_WRITE */
4676
0
    } else if (sc->s3.alert_dispatch > 0) {
4677
        /* resend it if not sent */
4678
0
        ret = s->method->ssl_dispatch_alert(s);
4679
0
        if (ret == -1) {
4680
            /*
4681
             * we only get to return -1 here the 2nd/Nth invocation, we must
4682
             * have already signalled return 0 upon a previous invocation,
4683
             * return WANT_WRITE
4684
             */
4685
0
            return ret;
4686
0
        }
4687
0
    } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4688
0
        size_t readbytes;
4689
        /*
4690
         * If we are waiting for a close from our peer, we are closed
4691
         */
4692
0
        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4693
0
        if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4694
0
            return -1;        /* return WANT_READ */
4695
0
        }
4696
0
    }
4697
4698
0
    if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
4699
0
            && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
4700
0
        return 1;
4701
0
    else
4702
0
        return 0;
4703
0
}
4704
4705
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4706
0
{
4707
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4708
4709
0
    if (sc == NULL)
4710
0
        return 0;
4711
4712
0
    clear_sys_error();
4713
0
    if (sc->s3.renegotiate)
4714
0
        ssl3_renegotiate_check(s, 0);
4715
4716
0
    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4717
0
                                      written);
4718
0
}
4719
4720
static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4721
                              size_t *readbytes)
4722
0
{
4723
0
    int ret;
4724
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4725
4726
0
    if (sc == NULL)
4727
0
        return 0;
4728
4729
0
    clear_sys_error();
4730
0
    if (sc->s3.renegotiate)
4731
0
        ssl3_renegotiate_check(s, 0);
4732
0
    sc->s3.in_read_app_data = 1;
4733
0
    ret =
4734
0
        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4735
0
                                  peek, readbytes);
4736
0
    if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
4737
        /*
4738
         * ssl3_read_bytes decided to call s->handshake_func, which called
4739
         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4740
         * actually found application data and thinks that application data
4741
         * makes sense here; so disable handshake processing and try to read
4742
         * application data again.
4743
         */
4744
0
        ossl_statem_set_in_handshake(sc, 1);
4745
0
        ret =
4746
0
            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4747
0
                                      len, peek, readbytes);
4748
0
        ossl_statem_set_in_handshake(sc, 0);
4749
0
    } else
4750
0
        sc->s3.in_read_app_data = 0;
4751
4752
0
    return ret;
4753
0
}
4754
4755
int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4756
0
{
4757
0
    return ssl3_read_internal(s, buf, len, 0, readbytes);
4758
0
}
4759
4760
int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4761
0
{
4762
0
    return ssl3_read_internal(s, buf, len, 1, readbytes);
4763
0
}
4764
4765
int ssl3_renegotiate(SSL *s)
4766
0
{
4767
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4768
4769
0
    if (sc == NULL)
4770
0
        return 0;
4771
4772
0
    if (sc->handshake_func == NULL)
4773
0
        return 1;
4774
4775
0
    sc->s3.renegotiate = 1;
4776
0
    return 1;
4777
0
}
4778
4779
/*
4780
 * Check if we are waiting to do a renegotiation and if so whether now is a
4781
 * good time to do it. If |initok| is true then we are being called from inside
4782
 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4783
 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4784
 * should do a renegotiation now and sets up the state machine for it. Otherwise
4785
 * returns 0.
4786
 */
4787
int ssl3_renegotiate_check(SSL *s, int initok)
4788
0
{
4789
0
    int ret = 0;
4790
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4791
4792
0
    if (sc == NULL)
4793
0
        return 0;
4794
4795
0
    if (sc->s3.renegotiate) {
4796
0
        if (!RECORD_LAYER_read_pending(&sc->rlayer)
4797
0
            && !RECORD_LAYER_write_pending(&sc->rlayer)
4798
0
            && (initok || !SSL_in_init(s))) {
4799
            /*
4800
             * if we are the server, and we have sent a 'RENEGOTIATE'
4801
             * message, we need to set the state machine into the renegotiate
4802
             * state.
4803
             */
4804
0
            ossl_statem_set_renegotiate(sc);
4805
0
            sc->s3.renegotiate = 0;
4806
0
            sc->s3.num_renegotiations++;
4807
0
            sc->s3.total_renegotiations++;
4808
0
            ret = 1;
4809
0
        }
4810
0
    }
4811
0
    return ret;
4812
0
}
4813
4814
/*
4815
 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4816
 * handshake macs if required.
4817
 *
4818
 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4819
 */
4820
long ssl_get_algorithm2(SSL_CONNECTION *s)
4821
0
{
4822
0
    long alg2;
4823
0
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4824
4825
0
    if (s->s3.tmp.new_cipher == NULL)
4826
0
        return -1;
4827
0
    alg2 = s->s3.tmp.new_cipher->algorithm2;
4828
0
    if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4829
0
        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4830
0
            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4831
0
    } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4832
0
        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4833
0
            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4834
0
    }
4835
0
    return alg2;
4836
0
}
4837
4838
/*
4839
 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4840
 * failure, 1 on success.
4841
 */
4842
int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
4843
                          unsigned char *result, size_t len,
4844
                          DOWNGRADE dgrd)
4845
0
{
4846
0
    int send_time = 0, ret;
4847
4848
0
    if (len < 4)
4849
0
        return 0;
4850
0
    if (server)
4851
0
        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4852
0
    else
4853
0
        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4854
0
    if (send_time) {
4855
0
        unsigned long Time = (unsigned long)time(NULL);
4856
0
        unsigned char *p = result;
4857
4858
0
        l2n(Time, p);
4859
0
        ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
4860
0
    } else {
4861
0
        ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
4862
0
    }
4863
4864
0
    if (ret > 0) {
4865
0
        if (!ossl_assert(sizeof(tls11downgrade) < len)
4866
0
                || !ossl_assert(sizeof(tls12downgrade) < len))
4867
0
             return 0;
4868
0
        if (dgrd == DOWNGRADE_TO_1_2)
4869
0
            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4870
0
                   sizeof(tls12downgrade));
4871
0
        else if (dgrd == DOWNGRADE_TO_1_1)
4872
0
            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4873
0
                   sizeof(tls11downgrade));
4874
0
    }
4875
4876
0
    return ret;
4877
0
}
4878
4879
int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
4880
                               size_t pmslen, int free_pms)
4881
0
{
4882
0
    unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4883
0
    int ret = 0;
4884
0
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4885
4886
0
    if (alg_k & SSL_PSK) {
4887
0
#ifndef OPENSSL_NO_PSK
4888
0
        unsigned char *pskpms, *t;
4889
0
        size_t psklen = s->s3.tmp.psklen;
4890
0
        size_t pskpmslen;
4891
4892
        /* create PSK premaster_secret */
4893
4894
        /* For plain PSK "other_secret" is psklen zeroes */
4895
0
        if (alg_k & SSL_kPSK)
4896
0
            pmslen = psklen;
4897
4898
0
        pskpmslen = 4 + pmslen + psklen;
4899
0
        pskpms = OPENSSL_malloc(pskpmslen);
4900
0
        if (pskpms == NULL)
4901
0
            goto err;
4902
0
        t = pskpms;
4903
0
        s2n(pmslen, t);
4904
0
        if (alg_k & SSL_kPSK)
4905
0
            memset(t, 0, pmslen);
4906
0
        else
4907
0
            memcpy(t, pms, pmslen);
4908
0
        t += pmslen;
4909
0
        s2n(psklen, t);
4910
0
        memcpy(t, s->s3.tmp.psk, psklen);
4911
4912
0
        OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4913
0
        s->s3.tmp.psk = NULL;
4914
0
        s->s3.tmp.psklen = 0;
4915
0
        if (!ssl->method->ssl3_enc->generate_master_secret(s,
4916
0
                    s->session->master_key, pskpms, pskpmslen,
4917
0
                    &s->session->master_key_length)) {
4918
0
            OPENSSL_clear_free(pskpms, pskpmslen);
4919
            /* SSLfatal() already called */
4920
0
            goto err;
4921
0
        }
4922
0
        OPENSSL_clear_free(pskpms, pskpmslen);
4923
#else
4924
        /* Should never happen */
4925
        goto err;
4926
#endif
4927
0
    } else {
4928
0
        if (!ssl->method->ssl3_enc->generate_master_secret(s,
4929
0
                s->session->master_key, pms, pmslen,
4930
0
                &s->session->master_key_length)) {
4931
            /* SSLfatal() already called */
4932
0
            goto err;
4933
0
        }
4934
0
    }
4935
4936
0
    ret = 1;
4937
0
 err:
4938
0
    if (pms) {
4939
0
        if (free_pms)
4940
0
            OPENSSL_clear_free(pms, pmslen);
4941
0
        else
4942
0
            OPENSSL_cleanse(pms, pmslen);
4943
0
    }
4944
0
    if (s->server == 0) {
4945
0
        s->s3.tmp.pms = NULL;
4946
0
        s->s3.tmp.pmslen = 0;
4947
0
    }
4948
0
    return ret;
4949
0
}
4950
4951
/* Generate a private key from parameters */
4952
EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
4953
0
{
4954
0
    EVP_PKEY_CTX *pctx = NULL;
4955
0
    EVP_PKEY *pkey = NULL;
4956
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4957
4958
0
    if (pm == NULL)
4959
0
        return NULL;
4960
0
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
4961
0
    if (pctx == NULL)
4962
0
        goto err;
4963
0
    if (EVP_PKEY_keygen_init(pctx) <= 0)
4964
0
        goto err;
4965
0
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4966
0
        EVP_PKEY_free(pkey);
4967
0
        pkey = NULL;
4968
0
    }
4969
4970
0
    err:
4971
0
    EVP_PKEY_CTX_free(pctx);
4972
0
    return pkey;
4973
0
}
4974
4975
/* Generate a private key from a group ID */
4976
EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
4977
0
{
4978
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4979
0
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4980
0
    EVP_PKEY_CTX *pctx = NULL;
4981
0
    EVP_PKEY *pkey = NULL;
4982
4983
0
    if (ginf == NULL) {
4984
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4985
0
        goto err;
4986
0
    }
4987
4988
0
    pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4989
0
                                      sctx->propq);
4990
4991
0
    if (pctx == NULL) {
4992
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4993
0
        goto err;
4994
0
    }
4995
0
    if (EVP_PKEY_keygen_init(pctx) <= 0) {
4996
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4997
0
        goto err;
4998
0
    }
4999
0
    if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
5000
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5001
0
        goto err;
5002
0
    }
5003
0
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
5004
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5005
0
        EVP_PKEY_free(pkey);
5006
0
        pkey = NULL;
5007
0
    }
5008
5009
0
 err:
5010
0
    EVP_PKEY_CTX_free(pctx);
5011
0
    return pkey;
5012
0
}
5013
5014
/*
5015
 * Generate parameters from a group ID
5016
 */
5017
EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
5018
0
{
5019
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5020
0
    EVP_PKEY_CTX *pctx = NULL;
5021
0
    EVP_PKEY *pkey = NULL;
5022
0
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
5023
5024
0
    if (ginf == NULL)
5025
0
        goto err;
5026
5027
0
    pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
5028
0
                                      sctx->propq);
5029
5030
0
    if (pctx == NULL)
5031
0
        goto err;
5032
0
    if (EVP_PKEY_paramgen_init(pctx) <= 0)
5033
0
        goto err;
5034
0
    if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
5035
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5036
0
        goto err;
5037
0
    }
5038
0
    if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
5039
0
        EVP_PKEY_free(pkey);
5040
0
        pkey = NULL;
5041
0
    }
5042
5043
0
 err:
5044
0
    EVP_PKEY_CTX_free(pctx);
5045
0
    return pkey;
5046
0
}
5047
5048
/* Generate secrets from pms */
5049
int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
5050
0
{
5051
0
    int rv = 0;
5052
5053
    /* SSLfatal() called as appropriate in the below functions */
5054
0
    if (SSL_CONNECTION_IS_TLS13(s)) {
5055
        /*
5056
         * If we are resuming then we already generated the early secret
5057
         * when we created the ClientHello, so don't recreate it.
5058
         */
5059
0
        if (!s->hit)
5060
0
            rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
5061
0
                    0,
5062
0
                    (unsigned char *)&s->early_secret);
5063
0
        else
5064
0
            rv = 1;
5065
5066
0
        rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
5067
0
    } else {
5068
0
        rv = ssl_generate_master_secret(s, pms, pmslen, 0);
5069
0
    }
5070
5071
0
    return rv;
5072
0
}
5073
5074
/* Derive secrets for ECDH/DH */
5075
int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
5076
0
{
5077
0
    int rv = 0;
5078
0
    unsigned char *pms = NULL;
5079
0
    size_t pmslen = 0;
5080
0
    EVP_PKEY_CTX *pctx;
5081
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5082
5083
0
    if (privkey == NULL || pubkey == NULL) {
5084
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5085
0
        return 0;
5086
0
    }
5087
5088
0
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5089
5090
0
    if (EVP_PKEY_derive_init(pctx) <= 0
5091
0
        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
5092
0
        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
5093
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5094
0
        goto err;
5095
0
    }
5096
5097
0
    if (SSL_CONNECTION_IS_TLS13(s) &&  EVP_PKEY_is_a(privkey, "DH"))
5098
0
        EVP_PKEY_CTX_set_dh_pad(pctx, 1);
5099
5100
0
    pms = OPENSSL_malloc(pmslen);
5101
0
    if (pms == NULL) {
5102
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5103
0
        goto err;
5104
0
    }
5105
5106
0
    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
5107
        /*
5108
         * the public key was probably a weak key
5109
         */
5110
0
        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5111
0
        goto err;
5112
0
    }
5113
5114
0
    if (gensecret) {
5115
        /* SSLfatal() called as appropriate in the below functions */
5116
0
        rv = ssl_gensecret(s, pms, pmslen);
5117
0
    } else {
5118
        /* Save premaster secret */
5119
0
        s->s3.tmp.pms = pms;
5120
0
        s->s3.tmp.pmslen = pmslen;
5121
0
        pms = NULL;
5122
0
        rv = 1;
5123
0
    }
5124
5125
0
 err:
5126
0
    OPENSSL_clear_free(pms, pmslen);
5127
0
    EVP_PKEY_CTX_free(pctx);
5128
0
    return rv;
5129
0
}
5130
5131
/* Decapsulate secrets for KEM */
5132
int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
5133
                    const unsigned char *ct, size_t ctlen,
5134
                    int gensecret)
5135
0
{
5136
0
    int rv = 0;
5137
0
    unsigned char *pms = NULL;
5138
0
    size_t pmslen = 0;
5139
0
    EVP_PKEY_CTX *pctx;
5140
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5141
5142
0
    if (privkey == NULL) {
5143
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5144
0
        return 0;
5145
0
    }
5146
5147
0
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5148
5149
0
    if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
5150
0
            || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
5151
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5152
0
        goto err;
5153
0
    }
5154
5155
0
    pms = OPENSSL_malloc(pmslen);
5156
0
    if (pms == NULL) {
5157
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5158
0
        goto err;
5159
0
    }
5160
5161
0
    if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5162
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5163
0
        goto err;
5164
0
    }
5165
5166
0
    if (gensecret) {
5167
        /* SSLfatal() called as appropriate in the below functions */
5168
0
        rv = ssl_gensecret(s, pms, pmslen);
5169
0
    } else {
5170
        /* Save premaster secret */
5171
0
        s->s3.tmp.pms = pms;
5172
0
        s->s3.tmp.pmslen = pmslen;
5173
0
        pms = NULL;
5174
0
        rv = 1;
5175
0
    }
5176
5177
0
 err:
5178
0
    OPENSSL_clear_free(pms, pmslen);
5179
0
    EVP_PKEY_CTX_free(pctx);
5180
0
    return rv;
5181
0
}
5182
5183
int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5184
                    unsigned char **ctp, size_t *ctlenp,
5185
                    int gensecret)
5186
0
{
5187
0
    int rv = 0;
5188
0
    unsigned char *pms = NULL, *ct = NULL;
5189
0
    size_t pmslen = 0, ctlen = 0;
5190
0
    EVP_PKEY_CTX *pctx;
5191
0
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5192
5193
0
    if (pubkey == NULL) {
5194
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5195
0
        return 0;
5196
0
    }
5197
5198
0
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5199
5200
0
    if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5201
0
            || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5202
0
            || pmslen == 0 || ctlen == 0) {
5203
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5204
0
        goto err;
5205
0
    }
5206
5207
0
    pms = OPENSSL_malloc(pmslen);
5208
0
    ct = OPENSSL_malloc(ctlen);
5209
0
    if (pms == NULL || ct == NULL) {
5210
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5211
0
        goto err;
5212
0
    }
5213
5214
0
    if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5215
0
        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5216
0
        goto err;
5217
0
    }
5218
5219
0
    if (gensecret) {
5220
        /* SSLfatal() called as appropriate in the below functions */
5221
0
        rv = ssl_gensecret(s, pms, pmslen);
5222
0
    } else {
5223
        /* Save premaster secret */
5224
0
        s->s3.tmp.pms = pms;
5225
0
        s->s3.tmp.pmslen = pmslen;
5226
0
        pms = NULL;
5227
0
        rv = 1;
5228
0
    }
5229
5230
0
    if (rv > 0) {
5231
        /* Pass ownership of ct to caller */
5232
0
        *ctp = ct;
5233
0
        *ctlenp = ctlen;
5234
0
        ct = NULL;
5235
0
    }
5236
5237
0
 err:
5238
0
    OPENSSL_clear_free(pms, pmslen);
5239
0
    OPENSSL_free(ct);
5240
0
    EVP_PKEY_CTX_free(pctx);
5241
0
    return rv;
5242
0
}
5243
5244
const char *SSL_get0_group_name(SSL *s)
5245
0
{
5246
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5247
0
    unsigned int id;
5248
5249
0
    if (sc == NULL)
5250
0
        return NULL;
5251
5252
0
    if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5253
0
        id = sc->s3.group_id;
5254
0
    else
5255
0
        id = sc->session->kex_group;
5256
5257
0
    return tls1_group_id2name(s->ctx, id);
5258
0
}
5259
5260
0
const char *SSL_group_to_name(SSL *s, int nid) {
5261
0
    int group_id = 0;
5262
0
    const TLS_GROUP_INFO *cinf = NULL;
5263
5264
    /* first convert to real group id for internal and external IDs */
5265
0
    if (nid & TLSEXT_nid_unknown)
5266
0
        group_id = nid & 0xFFFF;
5267
0
    else
5268
0
        group_id = tls1_nid2group_id(nid);
5269
5270
    /* then look up */
5271
0
    cinf = tls1_group_id_lookup(s->ctx, group_id);
5272
5273
0
    if (cinf != NULL)
5274
0
        return cinf->tlsname;
5275
0
    return NULL;
5276
0
}