s3_lib.c revision 1.11 1 1.1 christos /* ssl/s3_lib.c */
2 1.1 christos /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
3 1.1 christos * All rights reserved.
4 1.1 christos *
5 1.1 christos * This package is an SSL implementation written
6 1.1 christos * by Eric Young (eay (at) cryptsoft.com).
7 1.1 christos * The implementation was written so as to conform with Netscapes SSL.
8 1.1 christos *
9 1.1 christos * This library is free for commercial and non-commercial use as long as
10 1.1 christos * the following conditions are aheared to. The following conditions
11 1.1 christos * apply to all code found in this distribution, be it the RC4, RSA,
12 1.1 christos * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 1.1 christos * included with this distribution is covered by the same copyright terms
14 1.1 christos * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
15 1.1 christos *
16 1.1 christos * Copyright remains Eric Young's, and as such any Copyright notices in
17 1.1 christos * the code are not to be removed.
18 1.1 christos * If this package is used in a product, Eric Young should be given attribution
19 1.1 christos * as the author of the parts of the library used.
20 1.1 christos * This can be in the form of a textual message at program startup or
21 1.1 christos * in documentation (online or textual) provided with the package.
22 1.1 christos *
23 1.1 christos * Redistribution and use in source and binary forms, with or without
24 1.1 christos * modification, are permitted provided that the following conditions
25 1.1 christos * are met:
26 1.1 christos * 1. Redistributions of source code must retain the copyright
27 1.1 christos * notice, this list of conditions and the following disclaimer.
28 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright
29 1.1 christos * notice, this list of conditions and the following disclaimer in the
30 1.1 christos * documentation and/or other materials provided with the distribution.
31 1.1 christos * 3. All advertising materials mentioning features or use of this software
32 1.1 christos * must display the following acknowledgement:
33 1.1 christos * "This product includes cryptographic software written by
34 1.1 christos * Eric Young (eay (at) cryptsoft.com)"
35 1.1 christos * The word 'cryptographic' can be left out if the rouines from the library
36 1.1 christos * being used are not cryptographic related :-).
37 1.1 christos * 4. If you include any Windows specific code (or a derivative thereof) from
38 1.1 christos * the apps directory (application code) you must include an acknowledgement:
39 1.1 christos * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
40 1.1 christos *
41 1.1 christos * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 1.1 christos * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 1.1 christos * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 1.1 christos * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 1.1 christos * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 1.1 christos * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 1.1 christos * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 1.1 christos * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 1.1 christos * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 1.1 christos * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 1.1 christos * SUCH DAMAGE.
52 1.1 christos *
53 1.1 christos * The licence and distribution terms for any publically available version or
54 1.1 christos * derivative of this code cannot be changed. i.e. this code cannot simply be
55 1.1 christos * copied and put under another distribution licence
56 1.1 christos * [including the GNU Public Licence.]
57 1.1 christos */
58 1.1 christos /* ====================================================================
59 1.1 christos * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 1.1 christos *
61 1.1 christos * Redistribution and use in source and binary forms, with or without
62 1.1 christos * modification, are permitted provided that the following conditions
63 1.1 christos * are met:
64 1.1 christos *
65 1.1 christos * 1. Redistributions of source code must retain the above copyright
66 1.1 christos * notice, this list of conditions and the following disclaimer.
67 1.1 christos *
68 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright
69 1.1 christos * notice, this list of conditions and the following disclaimer in
70 1.1 christos * the documentation and/or other materials provided with the
71 1.1 christos * distribution.
72 1.1 christos *
73 1.1 christos * 3. All advertising materials mentioning features or use of this
74 1.1 christos * software must display the following acknowledgment:
75 1.1 christos * "This product includes software developed by the OpenSSL Project
76 1.1 christos * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 1.1 christos *
78 1.1 christos * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 1.1 christos * endorse or promote products derived from this software without
80 1.1 christos * prior written permission. For written permission, please contact
81 1.1 christos * openssl-core (at) openssl.org.
82 1.1 christos *
83 1.1 christos * 5. Products derived from this software may not be called "OpenSSL"
84 1.1 christos * nor may "OpenSSL" appear in their names without prior written
85 1.1 christos * permission of the OpenSSL Project.
86 1.1 christos *
87 1.1 christos * 6. Redistributions of any form whatsoever must retain the following
88 1.1 christos * acknowledgment:
89 1.1 christos * "This product includes software developed by the OpenSSL Project
90 1.1 christos * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 1.1 christos *
92 1.1 christos * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 1.1 christos * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 1.1 christos * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 1.1 christos * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 1.1 christos * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 1.1 christos * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 1.1 christos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 1.1 christos * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 1.1 christos * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 1.1 christos * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 1.1 christos * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 1.1 christos * OF THE POSSIBILITY OF SUCH DAMAGE.
104 1.1 christos * ====================================================================
105 1.1 christos *
106 1.1 christos * This product includes cryptographic software written by Eric Young
107 1.1 christos * (eay (at) cryptsoft.com). This product includes software written by Tim
108 1.1 christos * Hudson (tjh (at) cryptsoft.com).
109 1.1 christos *
110 1.1 christos */
111 1.1 christos /* ====================================================================
112 1.1 christos * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 1.1 christos *
114 1.1 christos * Portions of the attached software ("Contribution") are developed by
115 1.1 christos * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 1.1 christos *
117 1.1 christos * The Contribution is licensed pursuant to the OpenSSL open source
118 1.1 christos * license provided above.
119 1.1 christos *
120 1.1 christos * ECC cipher suite support in OpenSSL originally written by
121 1.1 christos * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 1.1 christos *
123 1.1 christos */
124 1.1 christos /* ====================================================================
125 1.1 christos * Copyright 2005 Nokia. All rights reserved.
126 1.1 christos *
127 1.1 christos * The portions of the attached software ("Contribution") is developed by
128 1.1 christos * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 1.1 christos * license.
130 1.1 christos *
131 1.1 christos * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 1.1 christos * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 1.1 christos * support (see RFC 4279) to OpenSSL.
134 1.1 christos *
135 1.1 christos * No patent licenses or other rights except those expressly stated in
136 1.1 christos * the OpenSSL open source license shall be deemed granted or received
137 1.1 christos * expressly, by implication, estoppel, or otherwise.
138 1.1 christos *
139 1.1 christos * No assurances are provided by Nokia that the Contribution does not
140 1.1 christos * infringe the patent or other intellectual property rights of any third
141 1.1 christos * party or that the license provides you with all the necessary rights
142 1.1 christos * to make use of the Contribution.
143 1.1 christos *
144 1.1 christos * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 1.1 christos * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 1.1 christos * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 1.1 christos * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 1.1 christos * OTHERWISE.
149 1.1 christos */
150 1.1 christos
151 1.1 christos #include <stdio.h>
152 1.1 christos #include <openssl/objects.h>
153 1.1 christos #include "ssl_locl.h"
154 1.1 christos #include "kssl_lcl.h"
155 1.1 christos #ifndef OPENSSL_NO_TLSEXT
156 1.1 christos #ifndef OPENSSL_NO_EC
157 1.1 christos #include "../crypto/ec/ec_lcl.h"
158 1.1 christos #endif /* OPENSSL_NO_EC */
159 1.1 christos #endif /* OPENSSL_NO_TLSEXT */
160 1.1 christos #include <openssl/md5.h>
161 1.1 christos #ifndef OPENSSL_NO_DH
162 1.1 christos #include <openssl/dh.h>
163 1.1 christos #endif
164 1.1 christos
165 1.1 christos const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166 1.1 christos
167 1.1 christos #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168 1.1 christos
169 1.1 christos /* list of available SSLv3 ciphers (sorted by id) */
170 1.1 christos OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171 1.1 christos
172 1.1 christos /* The RSA ciphers */
173 1.1 christos /* Cipher 01 */
174 1.1 christos {
175 1.1 christos 1,
176 1.1 christos SSL3_TXT_RSA_NULL_MD5,
177 1.1 christos SSL3_CK_RSA_NULL_MD5,
178 1.1 christos SSL_kRSA,
179 1.1 christos SSL_aRSA,
180 1.1 christos SSL_eNULL,
181 1.1 christos SSL_MD5,
182 1.1 christos SSL_SSLV3,
183 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE,
184 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 1.1 christos 0,
186 1.1 christos 0,
187 1.1 christos },
188 1.1 christos
189 1.1 christos /* Cipher 02 */
190 1.1 christos {
191 1.1 christos 1,
192 1.1 christos SSL3_TXT_RSA_NULL_SHA,
193 1.1 christos SSL3_CK_RSA_NULL_SHA,
194 1.1 christos SSL_kRSA,
195 1.1 christos SSL_aRSA,
196 1.1 christos SSL_eNULL,
197 1.1 christos SSL_SHA1,
198 1.1 christos SSL_SSLV3,
199 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 1.1 christos 0,
202 1.1 christos 0,
203 1.1 christos },
204 1.1 christos
205 1.1 christos /* Cipher 03 */
206 1.1 christos {
207 1.1 christos 1,
208 1.1 christos SSL3_TXT_RSA_RC4_40_MD5,
209 1.1 christos SSL3_CK_RSA_RC4_40_MD5,
210 1.1 christos SSL_kRSA,
211 1.1 christos SSL_aRSA,
212 1.1 christos SSL_RC4,
213 1.1 christos SSL_MD5,
214 1.1 christos SSL_SSLV3,
215 1.1 christos SSL_EXPORT|SSL_EXP40,
216 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 1.1 christos 40,
218 1.1 christos 128,
219 1.1 christos },
220 1.1 christos
221 1.1 christos /* Cipher 04 */
222 1.1 christos {
223 1.1 christos 1,
224 1.1 christos SSL3_TXT_RSA_RC4_128_MD5,
225 1.1 christos SSL3_CK_RSA_RC4_128_MD5,
226 1.1 christos SSL_kRSA,
227 1.1 christos SSL_aRSA,
228 1.1 christos SSL_RC4,
229 1.1 christos SSL_MD5,
230 1.1 christos SSL_SSLV3,
231 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
232 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 1.1 christos 128,
234 1.1 christos 128,
235 1.1 christos },
236 1.1 christos
237 1.1 christos /* Cipher 05 */
238 1.1 christos {
239 1.1 christos 1,
240 1.1 christos SSL3_TXT_RSA_RC4_128_SHA,
241 1.1 christos SSL3_CK_RSA_RC4_128_SHA,
242 1.1 christos SSL_kRSA,
243 1.1 christos SSL_aRSA,
244 1.1 christos SSL_RC4,
245 1.1 christos SSL_SHA1,
246 1.1 christos SSL_SSLV3,
247 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
248 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 1.1 christos 128,
250 1.1 christos 128,
251 1.1 christos },
252 1.1 christos
253 1.1 christos /* Cipher 06 */
254 1.1 christos {
255 1.1 christos 1,
256 1.1 christos SSL3_TXT_RSA_RC2_40_MD5,
257 1.1 christos SSL3_CK_RSA_RC2_40_MD5,
258 1.1 christos SSL_kRSA,
259 1.1 christos SSL_aRSA,
260 1.1 christos SSL_RC2,
261 1.1 christos SSL_MD5,
262 1.1 christos SSL_SSLV3,
263 1.1 christos SSL_EXPORT|SSL_EXP40,
264 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265 1.1 christos 40,
266 1.1 christos 128,
267 1.1 christos },
268 1.1 christos
269 1.1 christos /* Cipher 07 */
270 1.1 christos #ifndef OPENSSL_NO_IDEA
271 1.1 christos {
272 1.1 christos 1,
273 1.1 christos SSL3_TXT_RSA_IDEA_128_SHA,
274 1.1 christos SSL3_CK_RSA_IDEA_128_SHA,
275 1.1 christos SSL_kRSA,
276 1.1 christos SSL_aRSA,
277 1.1 christos SSL_IDEA,
278 1.1 christos SSL_SHA1,
279 1.1 christos SSL_SSLV3,
280 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
281 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 1.1 christos 128,
283 1.1 christos 128,
284 1.1 christos },
285 1.1 christos #endif
286 1.1 christos
287 1.1 christos /* Cipher 08 */
288 1.1 christos {
289 1.1 christos 1,
290 1.1 christos SSL3_TXT_RSA_DES_40_CBC_SHA,
291 1.1 christos SSL3_CK_RSA_DES_40_CBC_SHA,
292 1.1 christos SSL_kRSA,
293 1.1 christos SSL_aRSA,
294 1.1 christos SSL_DES,
295 1.1 christos SSL_SHA1,
296 1.1 christos SSL_SSLV3,
297 1.1 christos SSL_EXPORT|SSL_EXP40,
298 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299 1.1 christos 40,
300 1.1 christos 56,
301 1.1 christos },
302 1.1 christos
303 1.1 christos /* Cipher 09 */
304 1.1 christos {
305 1.1 christos 1,
306 1.1 christos SSL3_TXT_RSA_DES_64_CBC_SHA,
307 1.1 christos SSL3_CK_RSA_DES_64_CBC_SHA,
308 1.1 christos SSL_kRSA,
309 1.1 christos SSL_aRSA,
310 1.1 christos SSL_DES,
311 1.1 christos SSL_SHA1,
312 1.1 christos SSL_SSLV3,
313 1.1 christos SSL_NOT_EXP|SSL_LOW,
314 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315 1.1 christos 56,
316 1.1 christos 56,
317 1.1 christos },
318 1.1 christos
319 1.1 christos /* Cipher 0A */
320 1.1 christos {
321 1.1 christos 1,
322 1.1 christos SSL3_TXT_RSA_DES_192_CBC3_SHA,
323 1.1 christos SSL3_CK_RSA_DES_192_CBC3_SHA,
324 1.1 christos SSL_kRSA,
325 1.1 christos SSL_aRSA,
326 1.1 christos SSL_3DES,
327 1.1 christos SSL_SHA1,
328 1.1 christos SSL_SSLV3,
329 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331 1.11 spz 112,
332 1.1 christos 168,
333 1.1 christos },
334 1.1 christos
335 1.1 christos /* The DH ciphers */
336 1.1 christos /* Cipher 0B */
337 1.1 christos {
338 1.1 christos 0,
339 1.1 christos SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340 1.1 christos SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341 1.1 christos SSL_kDHd,
342 1.1 christos SSL_aDH,
343 1.1 christos SSL_DES,
344 1.1 christos SSL_SHA1,
345 1.1 christos SSL_SSLV3,
346 1.1 christos SSL_EXPORT|SSL_EXP40,
347 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 1.1 christos 40,
349 1.1 christos 56,
350 1.1 christos },
351 1.1 christos
352 1.1 christos /* Cipher 0C */
353 1.1 christos {
354 1.1 christos 0, /* not implemented (non-ephemeral DH) */
355 1.1 christos SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356 1.1 christos SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357 1.1 christos SSL_kDHd,
358 1.1 christos SSL_aDH,
359 1.1 christos SSL_DES,
360 1.1 christos SSL_SHA1,
361 1.1 christos SSL_SSLV3,
362 1.1 christos SSL_NOT_EXP|SSL_LOW,
363 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364 1.1 christos 56,
365 1.1 christos 56,
366 1.1 christos },
367 1.1 christos
368 1.1 christos /* Cipher 0D */
369 1.1 christos {
370 1.1 christos 0, /* not implemented (non-ephemeral DH) */
371 1.1 christos SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372 1.1 christos SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373 1.1 christos SSL_kDHd,
374 1.1 christos SSL_aDH,
375 1.1 christos SSL_3DES,
376 1.1 christos SSL_SHA1,
377 1.1 christos SSL_SSLV3,
378 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380 1.11 spz 112,
381 1.1 christos 168,
382 1.1 christos },
383 1.1 christos
384 1.1 christos /* Cipher 0E */
385 1.1 christos {
386 1.1 christos 0, /* not implemented (non-ephemeral DH) */
387 1.1 christos SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388 1.1 christos SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389 1.1 christos SSL_kDHr,
390 1.1 christos SSL_aDH,
391 1.1 christos SSL_DES,
392 1.1 christos SSL_SHA1,
393 1.1 christos SSL_SSLV3,
394 1.1 christos SSL_EXPORT|SSL_EXP40,
395 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396 1.1 christos 40,
397 1.1 christos 56,
398 1.1 christos },
399 1.1 christos
400 1.1 christos /* Cipher 0F */
401 1.1 christos {
402 1.1 christos 0, /* not implemented (non-ephemeral DH) */
403 1.1 christos SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404 1.1 christos SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405 1.1 christos SSL_kDHr,
406 1.1 christos SSL_aDH,
407 1.1 christos SSL_DES,
408 1.1 christos SSL_SHA1,
409 1.1 christos SSL_SSLV3,
410 1.1 christos SSL_NOT_EXP|SSL_LOW,
411 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412 1.1 christos 56,
413 1.1 christos 56,
414 1.1 christos },
415 1.1 christos
416 1.1 christos /* Cipher 10 */
417 1.1 christos {
418 1.1 christos 0, /* not implemented (non-ephemeral DH) */
419 1.1 christos SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420 1.1 christos SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421 1.1 christos SSL_kDHr,
422 1.1 christos SSL_aDH,
423 1.1 christos SSL_3DES,
424 1.1 christos SSL_SHA1,
425 1.1 christos SSL_SSLV3,
426 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 1.11 spz 112,
429 1.1 christos 168,
430 1.1 christos },
431 1.1 christos
432 1.1 christos /* The Ephemeral DH ciphers */
433 1.1 christos /* Cipher 11 */
434 1.1 christos {
435 1.1 christos 1,
436 1.1 christos SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437 1.1 christos SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438 1.1 christos SSL_kEDH,
439 1.1 christos SSL_aDSS,
440 1.1 christos SSL_DES,
441 1.1 christos SSL_SHA1,
442 1.1 christos SSL_SSLV3,
443 1.1 christos SSL_EXPORT|SSL_EXP40,
444 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445 1.1 christos 40,
446 1.1 christos 56,
447 1.1 christos },
448 1.1 christos
449 1.1 christos /* Cipher 12 */
450 1.1 christos {
451 1.1 christos 1,
452 1.1 christos SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453 1.1 christos SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454 1.1 christos SSL_kEDH,
455 1.1 christos SSL_aDSS,
456 1.1 christos SSL_DES,
457 1.1 christos SSL_SHA1,
458 1.1 christos SSL_SSLV3,
459 1.1 christos SSL_NOT_EXP|SSL_LOW,
460 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461 1.1 christos 56,
462 1.1 christos 56,
463 1.1 christos },
464 1.1 christos
465 1.1 christos /* Cipher 13 */
466 1.1 christos {
467 1.1 christos 1,
468 1.1 christos SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469 1.1 christos SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470 1.1 christos SSL_kEDH,
471 1.1 christos SSL_aDSS,
472 1.1 christos SSL_3DES,
473 1.1 christos SSL_SHA1,
474 1.1 christos SSL_SSLV3,
475 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477 1.11 spz 112,
478 1.1 christos 168,
479 1.1 christos },
480 1.1 christos
481 1.1 christos /* Cipher 14 */
482 1.1 christos {
483 1.1 christos 1,
484 1.1 christos SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485 1.1 christos SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486 1.1 christos SSL_kEDH,
487 1.1 christos SSL_aRSA,
488 1.1 christos SSL_DES,
489 1.1 christos SSL_SHA1,
490 1.1 christos SSL_SSLV3,
491 1.1 christos SSL_EXPORT|SSL_EXP40,
492 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 1.1 christos 40,
494 1.1 christos 56,
495 1.1 christos },
496 1.1 christos
497 1.1 christos /* Cipher 15 */
498 1.1 christos {
499 1.1 christos 1,
500 1.1 christos SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501 1.1 christos SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502 1.1 christos SSL_kEDH,
503 1.1 christos SSL_aRSA,
504 1.1 christos SSL_DES,
505 1.1 christos SSL_SHA1,
506 1.1 christos SSL_SSLV3,
507 1.1 christos SSL_NOT_EXP|SSL_LOW,
508 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509 1.1 christos 56,
510 1.1 christos 56,
511 1.1 christos },
512 1.1 christos
513 1.1 christos /* Cipher 16 */
514 1.1 christos {
515 1.1 christos 1,
516 1.1 christos SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517 1.1 christos SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518 1.1 christos SSL_kEDH,
519 1.1 christos SSL_aRSA,
520 1.1 christos SSL_3DES,
521 1.1 christos SSL_SHA1,
522 1.1 christos SSL_SSLV3,
523 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525 1.11 spz 112,
526 1.1 christos 168,
527 1.1 christos },
528 1.1 christos
529 1.1 christos /* Cipher 17 */
530 1.1 christos {
531 1.1 christos 1,
532 1.1 christos SSL3_TXT_ADH_RC4_40_MD5,
533 1.1 christos SSL3_CK_ADH_RC4_40_MD5,
534 1.1 christos SSL_kEDH,
535 1.1 christos SSL_aNULL,
536 1.1 christos SSL_RC4,
537 1.1 christos SSL_MD5,
538 1.1 christos SSL_SSLV3,
539 1.1 christos SSL_EXPORT|SSL_EXP40,
540 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541 1.1 christos 40,
542 1.1 christos 128,
543 1.1 christos },
544 1.1 christos
545 1.1 christos /* Cipher 18 */
546 1.1 christos {
547 1.1 christos 1,
548 1.1 christos SSL3_TXT_ADH_RC4_128_MD5,
549 1.1 christos SSL3_CK_ADH_RC4_128_MD5,
550 1.1 christos SSL_kEDH,
551 1.1 christos SSL_aNULL,
552 1.1 christos SSL_RC4,
553 1.1 christos SSL_MD5,
554 1.1 christos SSL_SSLV3,
555 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
556 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557 1.1 christos 128,
558 1.1 christos 128,
559 1.1 christos },
560 1.1 christos
561 1.1 christos /* Cipher 19 */
562 1.1 christos {
563 1.1 christos 1,
564 1.1 christos SSL3_TXT_ADH_DES_40_CBC_SHA,
565 1.1 christos SSL3_CK_ADH_DES_40_CBC_SHA,
566 1.1 christos SSL_kEDH,
567 1.1 christos SSL_aNULL,
568 1.1 christos SSL_DES,
569 1.1 christos SSL_SHA1,
570 1.1 christos SSL_SSLV3,
571 1.1 christos SSL_EXPORT|SSL_EXP40,
572 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573 1.1 christos 40,
574 1.1 christos 128,
575 1.1 christos },
576 1.1 christos
577 1.1 christos /* Cipher 1A */
578 1.1 christos {
579 1.1 christos 1,
580 1.1 christos SSL3_TXT_ADH_DES_64_CBC_SHA,
581 1.1 christos SSL3_CK_ADH_DES_64_CBC_SHA,
582 1.1 christos SSL_kEDH,
583 1.1 christos SSL_aNULL,
584 1.1 christos SSL_DES,
585 1.1 christos SSL_SHA1,
586 1.1 christos SSL_SSLV3,
587 1.1 christos SSL_NOT_EXP|SSL_LOW,
588 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589 1.1 christos 56,
590 1.1 christos 56,
591 1.1 christos },
592 1.1 christos
593 1.1 christos /* Cipher 1B */
594 1.1 christos {
595 1.1 christos 1,
596 1.1 christos SSL3_TXT_ADH_DES_192_CBC_SHA,
597 1.1 christos SSL3_CK_ADH_DES_192_CBC_SHA,
598 1.1 christos SSL_kEDH,
599 1.1 christos SSL_aNULL,
600 1.1 christos SSL_3DES,
601 1.1 christos SSL_SHA1,
602 1.1 christos SSL_SSLV3,
603 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605 1.11 spz 112,
606 1.1 christos 168,
607 1.1 christos },
608 1.1 christos
609 1.1 christos /* Fortezza ciphersuite from SSL 3.0 spec */
610 1.1 christos #if 0
611 1.1 christos /* Cipher 1C */
612 1.1 christos {
613 1.1 christos 0,
614 1.1 christos SSL3_TXT_FZA_DMS_NULL_SHA,
615 1.1 christos SSL3_CK_FZA_DMS_NULL_SHA,
616 1.1 christos SSL_kFZA,
617 1.1 christos SSL_aFZA,
618 1.1 christos SSL_eNULL,
619 1.1 christos SSL_SHA1,
620 1.1 christos SSL_SSLV3,
621 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE,
622 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623 1.1 christos 0,
624 1.1 christos 0,
625 1.1 christos },
626 1.1 christos
627 1.1 christos /* Cipher 1D */
628 1.1 christos {
629 1.1 christos 0,
630 1.1 christos SSL3_TXT_FZA_DMS_FZA_SHA,
631 1.1 christos SSL3_CK_FZA_DMS_FZA_SHA,
632 1.1 christos SSL_kFZA,
633 1.1 christos SSL_aFZA,
634 1.1 christos SSL_eFZA,
635 1.1 christos SSL_SHA1,
636 1.1 christos SSL_SSLV3,
637 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE,
638 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639 1.1 christos 0,
640 1.1 christos 0,
641 1.1 christos },
642 1.1 christos
643 1.1 christos /* Cipher 1E */
644 1.1 christos {
645 1.1 christos 0,
646 1.1 christos SSL3_TXT_FZA_DMS_RC4_SHA,
647 1.1 christos SSL3_CK_FZA_DMS_RC4_SHA,
648 1.1 christos SSL_kFZA,
649 1.1 christos SSL_aFZA,
650 1.1 christos SSL_RC4,
651 1.1 christos SSL_SHA1,
652 1.1 christos SSL_SSLV3,
653 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
654 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655 1.1 christos 128,
656 1.1 christos 128,
657 1.1 christos },
658 1.1 christos #endif
659 1.1 christos
660 1.1 christos #ifndef OPENSSL_NO_KRB5
661 1.1 christos /* The Kerberos ciphers*/
662 1.1 christos /* Cipher 1E */
663 1.1 christos {
664 1.1 christos 1,
665 1.1 christos SSL3_TXT_KRB5_DES_64_CBC_SHA,
666 1.1 christos SSL3_CK_KRB5_DES_64_CBC_SHA,
667 1.1 christos SSL_kKRB5,
668 1.1 christos SSL_aKRB5,
669 1.1 christos SSL_DES,
670 1.1 christos SSL_SHA1,
671 1.1 christos SSL_SSLV3,
672 1.1 christos SSL_NOT_EXP|SSL_LOW,
673 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674 1.1 christos 56,
675 1.1 christos 56,
676 1.1 christos },
677 1.1 christos
678 1.1 christos /* Cipher 1F */
679 1.1 christos {
680 1.1 christos 1,
681 1.1 christos SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682 1.1 christos SSL3_CK_KRB5_DES_192_CBC3_SHA,
683 1.1 christos SSL_kKRB5,
684 1.1 christos SSL_aKRB5,
685 1.1 christos SSL_3DES,
686 1.1 christos SSL_SHA1,
687 1.1 christos SSL_SSLV3,
688 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690 1.11 spz 112,
691 1.1 christos 168,
692 1.1 christos },
693 1.1 christos
694 1.1 christos /* Cipher 20 */
695 1.1 christos {
696 1.1 christos 1,
697 1.1 christos SSL3_TXT_KRB5_RC4_128_SHA,
698 1.1 christos SSL3_CK_KRB5_RC4_128_SHA,
699 1.1 christos SSL_kKRB5,
700 1.1 christos SSL_aKRB5,
701 1.1 christos SSL_RC4,
702 1.1 christos SSL_SHA1,
703 1.1 christos SSL_SSLV3,
704 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
705 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706 1.1 christos 128,
707 1.1 christos 128,
708 1.1 christos },
709 1.1 christos
710 1.1 christos /* Cipher 21 */
711 1.1 christos {
712 1.1 christos 1,
713 1.1 christos SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714 1.1 christos SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715 1.1 christos SSL_kKRB5,
716 1.1 christos SSL_aKRB5,
717 1.1 christos SSL_IDEA,
718 1.1 christos SSL_SHA1,
719 1.1 christos SSL_SSLV3,
720 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
721 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 1.1 christos 128,
723 1.1 christos 128,
724 1.1 christos },
725 1.1 christos
726 1.1 christos /* Cipher 22 */
727 1.1 christos {
728 1.1 christos 1,
729 1.1 christos SSL3_TXT_KRB5_DES_64_CBC_MD5,
730 1.1 christos SSL3_CK_KRB5_DES_64_CBC_MD5,
731 1.1 christos SSL_kKRB5,
732 1.1 christos SSL_aKRB5,
733 1.1 christos SSL_DES,
734 1.1 christos SSL_MD5,
735 1.1 christos SSL_SSLV3,
736 1.1 christos SSL_NOT_EXP|SSL_LOW,
737 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738 1.1 christos 56,
739 1.1 christos 56,
740 1.1 christos },
741 1.1 christos
742 1.1 christos /* Cipher 23 */
743 1.1 christos {
744 1.1 christos 1,
745 1.1 christos SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746 1.1 christos SSL3_CK_KRB5_DES_192_CBC3_MD5,
747 1.1 christos SSL_kKRB5,
748 1.1 christos SSL_aKRB5,
749 1.1 christos SSL_3DES,
750 1.1 christos SSL_MD5,
751 1.1 christos SSL_SSLV3,
752 1.1 christos SSL_NOT_EXP|SSL_HIGH,
753 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754 1.11 spz 112,
755 1.1 christos 168,
756 1.1 christos },
757 1.1 christos
758 1.1 christos /* Cipher 24 */
759 1.1 christos {
760 1.1 christos 1,
761 1.1 christos SSL3_TXT_KRB5_RC4_128_MD5,
762 1.1 christos SSL3_CK_KRB5_RC4_128_MD5,
763 1.1 christos SSL_kKRB5,
764 1.1 christos SSL_aKRB5,
765 1.1 christos SSL_RC4,
766 1.1 christos SSL_MD5,
767 1.1 christos SSL_SSLV3,
768 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
769 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770 1.1 christos 128,
771 1.1 christos 128,
772 1.1 christos },
773 1.1 christos
774 1.1 christos /* Cipher 25 */
775 1.1 christos {
776 1.1 christos 1,
777 1.1 christos SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778 1.1 christos SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779 1.1 christos SSL_kKRB5,
780 1.1 christos SSL_aKRB5,
781 1.1 christos SSL_IDEA,
782 1.1 christos SSL_MD5,
783 1.1 christos SSL_SSLV3,
784 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
785 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786 1.1 christos 128,
787 1.1 christos 128,
788 1.1 christos },
789 1.1 christos
790 1.1 christos /* Cipher 26 */
791 1.1 christos {
792 1.1 christos 1,
793 1.1 christos SSL3_TXT_KRB5_DES_40_CBC_SHA,
794 1.1 christos SSL3_CK_KRB5_DES_40_CBC_SHA,
795 1.1 christos SSL_kKRB5,
796 1.1 christos SSL_aKRB5,
797 1.1 christos SSL_DES,
798 1.1 christos SSL_SHA1,
799 1.1 christos SSL_SSLV3,
800 1.1 christos SSL_EXPORT|SSL_EXP40,
801 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802 1.1 christos 40,
803 1.1 christos 56,
804 1.1 christos },
805 1.1 christos
806 1.1 christos /* Cipher 27 */
807 1.1 christos {
808 1.1 christos 1,
809 1.1 christos SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810 1.1 christos SSL3_CK_KRB5_RC2_40_CBC_SHA,
811 1.1 christos SSL_kKRB5,
812 1.1 christos SSL_aKRB5,
813 1.1 christos SSL_RC2,
814 1.1 christos SSL_SHA1,
815 1.1 christos SSL_SSLV3,
816 1.1 christos SSL_EXPORT|SSL_EXP40,
817 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818 1.1 christos 40,
819 1.1 christos 128,
820 1.1 christos },
821 1.1 christos
822 1.1 christos /* Cipher 28 */
823 1.1 christos {
824 1.1 christos 1,
825 1.1 christos SSL3_TXT_KRB5_RC4_40_SHA,
826 1.1 christos SSL3_CK_KRB5_RC4_40_SHA,
827 1.1 christos SSL_kKRB5,
828 1.1 christos SSL_aKRB5,
829 1.1 christos SSL_RC4,
830 1.1 christos SSL_SHA1,
831 1.1 christos SSL_SSLV3,
832 1.1 christos SSL_EXPORT|SSL_EXP40,
833 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834 1.1 christos 40,
835 1.1 christos 128,
836 1.1 christos },
837 1.1 christos
838 1.1 christos /* Cipher 29 */
839 1.1 christos {
840 1.1 christos 1,
841 1.1 christos SSL3_TXT_KRB5_DES_40_CBC_MD5,
842 1.1 christos SSL3_CK_KRB5_DES_40_CBC_MD5,
843 1.1 christos SSL_kKRB5,
844 1.1 christos SSL_aKRB5,
845 1.1 christos SSL_DES,
846 1.1 christos SSL_MD5,
847 1.1 christos SSL_SSLV3,
848 1.1 christos SSL_EXPORT|SSL_EXP40,
849 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850 1.1 christos 40,
851 1.1 christos 56,
852 1.1 christos },
853 1.1 christos
854 1.1 christos /* Cipher 2A */
855 1.1 christos {
856 1.1 christos 1,
857 1.1 christos SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858 1.1 christos SSL3_CK_KRB5_RC2_40_CBC_MD5,
859 1.1 christos SSL_kKRB5,
860 1.1 christos SSL_aKRB5,
861 1.1 christos SSL_RC2,
862 1.1 christos SSL_MD5,
863 1.1 christos SSL_SSLV3,
864 1.1 christos SSL_EXPORT|SSL_EXP40,
865 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866 1.1 christos 40,
867 1.1 christos 128,
868 1.1 christos },
869 1.1 christos
870 1.1 christos /* Cipher 2B */
871 1.1 christos {
872 1.1 christos 1,
873 1.1 christos SSL3_TXT_KRB5_RC4_40_MD5,
874 1.1 christos SSL3_CK_KRB5_RC4_40_MD5,
875 1.1 christos SSL_kKRB5,
876 1.1 christos SSL_aKRB5,
877 1.1 christos SSL_RC4,
878 1.1 christos SSL_MD5,
879 1.1 christos SSL_SSLV3,
880 1.1 christos SSL_EXPORT|SSL_EXP40,
881 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882 1.1 christos 40,
883 1.1 christos 128,
884 1.1 christos },
885 1.1 christos #endif /* OPENSSL_NO_KRB5 */
886 1.1 christos
887 1.1 christos /* New AES ciphersuites */
888 1.1 christos /* Cipher 2F */
889 1.1 christos {
890 1.1 christos 1,
891 1.1 christos TLS1_TXT_RSA_WITH_AES_128_SHA,
892 1.1 christos TLS1_CK_RSA_WITH_AES_128_SHA,
893 1.1 christos SSL_kRSA,
894 1.1 christos SSL_aRSA,
895 1.1 christos SSL_AES128,
896 1.1 christos SSL_SHA1,
897 1.1 christos SSL_TLSV1,
898 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900 1.1 christos 128,
901 1.1 christos 128,
902 1.1 christos },
903 1.1 christos /* Cipher 30 */
904 1.1 christos {
905 1.1 christos 0,
906 1.1 christos TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907 1.1 christos TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908 1.1 christos SSL_kDHd,
909 1.1 christos SSL_aDH,
910 1.1 christos SSL_AES128,
911 1.1 christos SSL_SHA1,
912 1.1 christos SSL_TLSV1,
913 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915 1.1 christos 128,
916 1.1 christos 128,
917 1.1 christos },
918 1.1 christos /* Cipher 31 */
919 1.1 christos {
920 1.1 christos 0,
921 1.1 christos TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922 1.1 christos TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923 1.1 christos SSL_kDHr,
924 1.1 christos SSL_aDH,
925 1.1 christos SSL_AES128,
926 1.1 christos SSL_SHA1,
927 1.1 christos SSL_TLSV1,
928 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930 1.1 christos 128,
931 1.1 christos 128,
932 1.1 christos },
933 1.1 christos /* Cipher 32 */
934 1.1 christos {
935 1.1 christos 1,
936 1.1 christos TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937 1.1 christos TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938 1.1 christos SSL_kEDH,
939 1.1 christos SSL_aDSS,
940 1.1 christos SSL_AES128,
941 1.1 christos SSL_SHA1,
942 1.1 christos SSL_TLSV1,
943 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945 1.1 christos 128,
946 1.1 christos 128,
947 1.1 christos },
948 1.1 christos /* Cipher 33 */
949 1.1 christos {
950 1.1 christos 1,
951 1.1 christos TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952 1.1 christos TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953 1.1 christos SSL_kEDH,
954 1.1 christos SSL_aRSA,
955 1.1 christos SSL_AES128,
956 1.1 christos SSL_SHA1,
957 1.1 christos SSL_TLSV1,
958 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960 1.1 christos 128,
961 1.1 christos 128,
962 1.1 christos },
963 1.1 christos /* Cipher 34 */
964 1.1 christos {
965 1.1 christos 1,
966 1.1 christos TLS1_TXT_ADH_WITH_AES_128_SHA,
967 1.1 christos TLS1_CK_ADH_WITH_AES_128_SHA,
968 1.1 christos SSL_kEDH,
969 1.1 christos SSL_aNULL,
970 1.1 christos SSL_AES128,
971 1.1 christos SSL_SHA1,
972 1.1 christos SSL_TLSV1,
973 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975 1.1 christos 128,
976 1.1 christos 128,
977 1.1 christos },
978 1.1 christos
979 1.1 christos /* Cipher 35 */
980 1.1 christos {
981 1.1 christos 1,
982 1.1 christos TLS1_TXT_RSA_WITH_AES_256_SHA,
983 1.1 christos TLS1_CK_RSA_WITH_AES_256_SHA,
984 1.1 christos SSL_kRSA,
985 1.1 christos SSL_aRSA,
986 1.1 christos SSL_AES256,
987 1.1 christos SSL_SHA1,
988 1.1 christos SSL_TLSV1,
989 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991 1.1 christos 256,
992 1.1 christos 256,
993 1.1 christos },
994 1.1 christos /* Cipher 36 */
995 1.1 christos {
996 1.1 christos 0,
997 1.1 christos TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998 1.1 christos TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999 1.1 christos SSL_kDHd,
1000 1.1 christos SSL_aDH,
1001 1.1 christos SSL_AES256,
1002 1.1 christos SSL_SHA1,
1003 1.1 christos SSL_TLSV1,
1004 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006 1.1 christos 256,
1007 1.1 christos 256,
1008 1.1 christos },
1009 1.1 christos
1010 1.1 christos /* Cipher 37 */
1011 1.1 christos {
1012 1.1 christos 0, /* not implemented (non-ephemeral DH) */
1013 1.1 christos TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014 1.1 christos TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015 1.1 christos SSL_kDHr,
1016 1.1 christos SSL_aDH,
1017 1.1 christos SSL_AES256,
1018 1.1 christos SSL_SHA1,
1019 1.1 christos SSL_TLSV1,
1020 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022 1.1 christos 256,
1023 1.1 christos 256,
1024 1.1 christos },
1025 1.1 christos
1026 1.1 christos /* Cipher 38 */
1027 1.1 christos {
1028 1.1 christos 1,
1029 1.1 christos TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030 1.1 christos TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031 1.1 christos SSL_kEDH,
1032 1.1 christos SSL_aDSS,
1033 1.1 christos SSL_AES256,
1034 1.1 christos SSL_SHA1,
1035 1.1 christos SSL_TLSV1,
1036 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038 1.1 christos 256,
1039 1.1 christos 256,
1040 1.1 christos },
1041 1.1 christos
1042 1.1 christos /* Cipher 39 */
1043 1.1 christos {
1044 1.1 christos 1,
1045 1.1 christos TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046 1.1 christos TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047 1.1 christos SSL_kEDH,
1048 1.1 christos SSL_aRSA,
1049 1.1 christos SSL_AES256,
1050 1.1 christos SSL_SHA1,
1051 1.1 christos SSL_TLSV1,
1052 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054 1.1 christos 256,
1055 1.1 christos 256,
1056 1.1 christos },
1057 1.1 christos
1058 1.1 christos /* Cipher 3A */
1059 1.1 christos {
1060 1.1 christos 1,
1061 1.1 christos TLS1_TXT_ADH_WITH_AES_256_SHA,
1062 1.1 christos TLS1_CK_ADH_WITH_AES_256_SHA,
1063 1.1 christos SSL_kEDH,
1064 1.1 christos SSL_aNULL,
1065 1.1 christos SSL_AES256,
1066 1.1 christos SSL_SHA1,
1067 1.1 christos SSL_TLSV1,
1068 1.1 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070 1.1 christos 256,
1071 1.1 christos 256,
1072 1.1 christos },
1073 1.1 christos
1074 1.5 spz /* TLS v1.2 ciphersuites */
1075 1.5 spz /* Cipher 3B */
1076 1.5 spz {
1077 1.5 spz 1,
1078 1.5 spz TLS1_TXT_RSA_WITH_NULL_SHA256,
1079 1.5 spz TLS1_CK_RSA_WITH_NULL_SHA256,
1080 1.5 spz SSL_kRSA,
1081 1.5 spz SSL_aRSA,
1082 1.5 spz SSL_eNULL,
1083 1.5 spz SSL_SHA256,
1084 1.8 christos SSL_TLSV1_2,
1085 1.5 spz SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087 1.5 spz 0,
1088 1.5 spz 0,
1089 1.5 spz },
1090 1.5 spz
1091 1.5 spz /* Cipher 3C */
1092 1.5 spz {
1093 1.5 spz 1,
1094 1.5 spz TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095 1.5 spz TLS1_CK_RSA_WITH_AES_128_SHA256,
1096 1.5 spz SSL_kRSA,
1097 1.5 spz SSL_aRSA,
1098 1.5 spz SSL_AES128,
1099 1.5 spz SSL_SHA256,
1100 1.8 christos SSL_TLSV1_2,
1101 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103 1.5 spz 128,
1104 1.5 spz 128,
1105 1.5 spz },
1106 1.5 spz
1107 1.5 spz /* Cipher 3D */
1108 1.5 spz {
1109 1.5 spz 1,
1110 1.5 spz TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111 1.5 spz TLS1_CK_RSA_WITH_AES_256_SHA256,
1112 1.5 spz SSL_kRSA,
1113 1.5 spz SSL_aRSA,
1114 1.5 spz SSL_AES256,
1115 1.5 spz SSL_SHA256,
1116 1.8 christos SSL_TLSV1_2,
1117 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 1.5 spz 256,
1120 1.5 spz 256,
1121 1.5 spz },
1122 1.5 spz
1123 1.5 spz /* Cipher 3E */
1124 1.5 spz {
1125 1.5 spz 0, /* not implemented (non-ephemeral DH) */
1126 1.5 spz TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127 1.5 spz TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128 1.9 christos SSL_kDHd,
1129 1.5 spz SSL_aDH,
1130 1.5 spz SSL_AES128,
1131 1.5 spz SSL_SHA256,
1132 1.8 christos SSL_TLSV1_2,
1133 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135 1.5 spz 128,
1136 1.5 spz 128,
1137 1.5 spz },
1138 1.5 spz
1139 1.5 spz /* Cipher 3F */
1140 1.5 spz {
1141 1.5 spz 0, /* not implemented (non-ephemeral DH) */
1142 1.5 spz TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143 1.5 spz TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144 1.5 spz SSL_kDHr,
1145 1.5 spz SSL_aDH,
1146 1.5 spz SSL_AES128,
1147 1.5 spz SSL_SHA256,
1148 1.8 christos SSL_TLSV1_2,
1149 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151 1.5 spz 128,
1152 1.5 spz 128,
1153 1.5 spz },
1154 1.5 spz
1155 1.5 spz /* Cipher 40 */
1156 1.5 spz {
1157 1.5 spz 1,
1158 1.5 spz TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159 1.5 spz TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160 1.5 spz SSL_kEDH,
1161 1.5 spz SSL_aDSS,
1162 1.5 spz SSL_AES128,
1163 1.5 spz SSL_SHA256,
1164 1.8 christos SSL_TLSV1_2,
1165 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167 1.5 spz 128,
1168 1.5 spz 128,
1169 1.5 spz },
1170 1.5 spz
1171 1.1 christos #ifndef OPENSSL_NO_CAMELLIA
1172 1.1 christos /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1173 1.1 christos
1174 1.1 christos /* Cipher 41 */
1175 1.1 christos {
1176 1.1 christos 1,
1177 1.1 christos TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178 1.1 christos TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179 1.1 christos SSL_kRSA,
1180 1.1 christos SSL_aRSA,
1181 1.1 christos SSL_CAMELLIA128,
1182 1.1 christos SSL_SHA1,
1183 1.1 christos SSL_TLSV1,
1184 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1185 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1186 1.1 christos 128,
1187 1.1 christos 128,
1188 1.1 christos },
1189 1.1 christos
1190 1.1 christos /* Cipher 42 */
1191 1.1 christos {
1192 1.1 christos 0, /* not implemented (non-ephemeral DH) */
1193 1.1 christos TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194 1.1 christos TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195 1.1 christos SSL_kDHd,
1196 1.1 christos SSL_aDH,
1197 1.1 christos SSL_CAMELLIA128,
1198 1.1 christos SSL_SHA1,
1199 1.1 christos SSL_TLSV1,
1200 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1201 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1202 1.1 christos 128,
1203 1.1 christos 128,
1204 1.1 christos },
1205 1.1 christos
1206 1.1 christos /* Cipher 43 */
1207 1.1 christos {
1208 1.1 christos 0, /* not implemented (non-ephemeral DH) */
1209 1.1 christos TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210 1.1 christos TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211 1.1 christos SSL_kDHr,
1212 1.1 christos SSL_aDH,
1213 1.1 christos SSL_CAMELLIA128,
1214 1.1 christos SSL_SHA1,
1215 1.1 christos SSL_TLSV1,
1216 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1217 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218 1.1 christos 128,
1219 1.1 christos 128,
1220 1.1 christos },
1221 1.1 christos
1222 1.1 christos /* Cipher 44 */
1223 1.1 christos {
1224 1.1 christos 1,
1225 1.1 christos TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226 1.1 christos TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227 1.1 christos SSL_kEDH,
1228 1.1 christos SSL_aDSS,
1229 1.1 christos SSL_CAMELLIA128,
1230 1.1 christos SSL_SHA1,
1231 1.1 christos SSL_TLSV1,
1232 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1233 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1234 1.1 christos 128,
1235 1.1 christos 128,
1236 1.1 christos },
1237 1.1 christos
1238 1.1 christos /* Cipher 45 */
1239 1.1 christos {
1240 1.1 christos 1,
1241 1.1 christos TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242 1.1 christos TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243 1.1 christos SSL_kEDH,
1244 1.1 christos SSL_aRSA,
1245 1.1 christos SSL_CAMELLIA128,
1246 1.1 christos SSL_SHA1,
1247 1.1 christos SSL_TLSV1,
1248 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1249 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1250 1.1 christos 128,
1251 1.1 christos 128,
1252 1.1 christos },
1253 1.1 christos
1254 1.1 christos /* Cipher 46 */
1255 1.1 christos {
1256 1.1 christos 1,
1257 1.1 christos TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258 1.1 christos TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259 1.1 christos SSL_kEDH,
1260 1.1 christos SSL_aNULL,
1261 1.1 christos SSL_CAMELLIA128,
1262 1.1 christos SSL_SHA1,
1263 1.1 christos SSL_TLSV1,
1264 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1265 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1266 1.1 christos 128,
1267 1.1 christos 128,
1268 1.1 christos },
1269 1.1 christos #endif /* OPENSSL_NO_CAMELLIA */
1270 1.1 christos
1271 1.1 christos #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1272 1.1 christos /* New TLS Export CipherSuites from expired ID */
1273 1.1 christos #if 0
1274 1.1 christos /* Cipher 60 */
1275 1.1 christos {
1276 1.1 christos 1,
1277 1.1 christos TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278 1.1 christos TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279 1.1 christos SSL_kRSA,
1280 1.1 christos SSL_aRSA,
1281 1.1 christos SSL_RC4,
1282 1.1 christos SSL_MD5,
1283 1.1 christos SSL_TLSV1,
1284 1.1 christos SSL_EXPORT|SSL_EXP56,
1285 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286 1.1 christos 56,
1287 1.1 christos 128,
1288 1.1 christos },
1289 1.1 christos
1290 1.1 christos /* Cipher 61 */
1291 1.1 christos {
1292 1.1 christos 1,
1293 1.1 christos TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294 1.1 christos TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295 1.1 christos SSL_kRSA,
1296 1.1 christos SSL_aRSA,
1297 1.1 christos SSL_RC2,
1298 1.1 christos SSL_MD5,
1299 1.1 christos SSL_TLSV1,
1300 1.1 christos SSL_EXPORT|SSL_EXP56,
1301 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1302 1.1 christos 56,
1303 1.1 christos 128,
1304 1.1 christos },
1305 1.1 christos #endif
1306 1.1 christos
1307 1.1 christos /* Cipher 62 */
1308 1.1 christos {
1309 1.1 christos 1,
1310 1.1 christos TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311 1.1 christos TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312 1.1 christos SSL_kRSA,
1313 1.1 christos SSL_aRSA,
1314 1.1 christos SSL_DES,
1315 1.1 christos SSL_SHA1,
1316 1.1 christos SSL_TLSV1,
1317 1.1 christos SSL_EXPORT|SSL_EXP56,
1318 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1319 1.1 christos 56,
1320 1.1 christos 56,
1321 1.1 christos },
1322 1.1 christos
1323 1.1 christos /* Cipher 63 */
1324 1.1 christos {
1325 1.1 christos 1,
1326 1.1 christos TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327 1.1 christos TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328 1.1 christos SSL_kEDH,
1329 1.1 christos SSL_aDSS,
1330 1.1 christos SSL_DES,
1331 1.1 christos SSL_SHA1,
1332 1.1 christos SSL_TLSV1,
1333 1.1 christos SSL_EXPORT|SSL_EXP56,
1334 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1335 1.1 christos 56,
1336 1.1 christos 56,
1337 1.1 christos },
1338 1.1 christos
1339 1.1 christos /* Cipher 64 */
1340 1.1 christos {
1341 1.1 christos 1,
1342 1.1 christos TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343 1.1 christos TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344 1.1 christos SSL_kRSA,
1345 1.1 christos SSL_aRSA,
1346 1.1 christos SSL_RC4,
1347 1.1 christos SSL_SHA1,
1348 1.1 christos SSL_TLSV1,
1349 1.1 christos SSL_EXPORT|SSL_EXP56,
1350 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351 1.1 christos 56,
1352 1.1 christos 128,
1353 1.1 christos },
1354 1.1 christos
1355 1.1 christos /* Cipher 65 */
1356 1.1 christos {
1357 1.1 christos 1,
1358 1.1 christos TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359 1.1 christos TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360 1.1 christos SSL_kEDH,
1361 1.1 christos SSL_aDSS,
1362 1.1 christos SSL_RC4,
1363 1.1 christos SSL_SHA1,
1364 1.1 christos SSL_TLSV1,
1365 1.1 christos SSL_EXPORT|SSL_EXP56,
1366 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1367 1.1 christos 56,
1368 1.1 christos 128,
1369 1.1 christos },
1370 1.1 christos
1371 1.1 christos /* Cipher 66 */
1372 1.1 christos {
1373 1.1 christos 1,
1374 1.1 christos TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375 1.1 christos TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376 1.1 christos SSL_kEDH,
1377 1.1 christos SSL_aDSS,
1378 1.1 christos SSL_RC4,
1379 1.1 christos SSL_SHA1,
1380 1.1 christos SSL_TLSV1,
1381 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
1382 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1383 1.1 christos 128,
1384 1.1 christos 128,
1385 1.1 christos },
1386 1.1 christos #endif
1387 1.5 spz
1388 1.5 spz /* TLS v1.2 ciphersuites */
1389 1.5 spz /* Cipher 67 */
1390 1.5 spz {
1391 1.5 spz 1,
1392 1.5 spz TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393 1.5 spz TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394 1.5 spz SSL_kEDH,
1395 1.5 spz SSL_aRSA,
1396 1.5 spz SSL_AES128,
1397 1.5 spz SSL_SHA256,
1398 1.8 christos SSL_TLSV1_2,
1399 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401 1.5 spz 128,
1402 1.5 spz 128,
1403 1.5 spz },
1404 1.5 spz
1405 1.5 spz /* Cipher 68 */
1406 1.5 spz {
1407 1.5 spz 0, /* not implemented (non-ephemeral DH) */
1408 1.5 spz TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409 1.5 spz TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410 1.9 christos SSL_kDHd,
1411 1.5 spz SSL_aDH,
1412 1.5 spz SSL_AES256,
1413 1.5 spz SSL_SHA256,
1414 1.8 christos SSL_TLSV1_2,
1415 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417 1.5 spz 256,
1418 1.5 spz 256,
1419 1.5 spz },
1420 1.5 spz
1421 1.5 spz /* Cipher 69 */
1422 1.5 spz {
1423 1.5 spz 0, /* not implemented (non-ephemeral DH) */
1424 1.5 spz TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425 1.5 spz TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426 1.5 spz SSL_kDHr,
1427 1.5 spz SSL_aDH,
1428 1.5 spz SSL_AES256,
1429 1.5 spz SSL_SHA256,
1430 1.8 christos SSL_TLSV1_2,
1431 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433 1.5 spz 256,
1434 1.5 spz 256,
1435 1.5 spz },
1436 1.5 spz
1437 1.5 spz /* Cipher 6A */
1438 1.5 spz {
1439 1.5 spz 1,
1440 1.5 spz TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441 1.5 spz TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442 1.5 spz SSL_kEDH,
1443 1.5 spz SSL_aDSS,
1444 1.5 spz SSL_AES256,
1445 1.5 spz SSL_SHA256,
1446 1.8 christos SSL_TLSV1_2,
1447 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 1.5 spz 256,
1450 1.5 spz 256,
1451 1.5 spz },
1452 1.5 spz
1453 1.5 spz /* Cipher 6B */
1454 1.5 spz {
1455 1.5 spz 1,
1456 1.5 spz TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457 1.5 spz TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458 1.5 spz SSL_kEDH,
1459 1.5 spz SSL_aRSA,
1460 1.5 spz SSL_AES256,
1461 1.5 spz SSL_SHA256,
1462 1.8 christos SSL_TLSV1_2,
1463 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465 1.5 spz 256,
1466 1.5 spz 256,
1467 1.5 spz },
1468 1.5 spz
1469 1.5 spz /* Cipher 6C */
1470 1.5 spz {
1471 1.5 spz 1,
1472 1.5 spz TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473 1.5 spz TLS1_CK_ADH_WITH_AES_128_SHA256,
1474 1.5 spz SSL_kEDH,
1475 1.5 spz SSL_aNULL,
1476 1.5 spz SSL_AES128,
1477 1.5 spz SSL_SHA256,
1478 1.8 christos SSL_TLSV1_2,
1479 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481 1.5 spz 128,
1482 1.5 spz 128,
1483 1.5 spz },
1484 1.5 spz
1485 1.5 spz /* Cipher 6D */
1486 1.5 spz {
1487 1.5 spz 1,
1488 1.5 spz TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489 1.5 spz TLS1_CK_ADH_WITH_AES_256_SHA256,
1490 1.5 spz SSL_kEDH,
1491 1.5 spz SSL_aNULL,
1492 1.5 spz SSL_AES256,
1493 1.5 spz SSL_SHA256,
1494 1.8 christos SSL_TLSV1_2,
1495 1.5 spz SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497 1.5 spz 256,
1498 1.5 spz 256,
1499 1.5 spz },
1500 1.5 spz
1501 1.5 spz /* GOST Ciphersuites */
1502 1.5 spz
1503 1.1 christos {
1504 1.1 christos 1,
1505 1.1 christos "GOST94-GOST89-GOST89",
1506 1.1 christos 0x3000080,
1507 1.1 christos SSL_kGOST,
1508 1.1 christos SSL_aGOST94,
1509 1.1 christos SSL_eGOST2814789CNT,
1510 1.1 christos SSL_GOST89MAC,
1511 1.1 christos SSL_TLSV1,
1512 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1513 1.1 christos SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1514 1.1 christos 256,
1515 1.1 christos 256
1516 1.1 christos },
1517 1.1 christos {
1518 1.1 christos 1,
1519 1.1 christos "GOST2001-GOST89-GOST89",
1520 1.1 christos 0x3000081,
1521 1.1 christos SSL_kGOST,
1522 1.1 christos SSL_aGOST01,
1523 1.1 christos SSL_eGOST2814789CNT,
1524 1.1 christos SSL_GOST89MAC,
1525 1.1 christos SSL_TLSV1,
1526 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1527 1.1 christos SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1528 1.1 christos 256,
1529 1.1 christos 256
1530 1.1 christos },
1531 1.1 christos {
1532 1.1 christos 1,
1533 1.1 christos "GOST94-NULL-GOST94",
1534 1.1 christos 0x3000082,
1535 1.1 christos SSL_kGOST,
1536 1.1 christos SSL_aGOST94,
1537 1.1 christos SSL_eNULL,
1538 1.1 christos SSL_GOST94,
1539 1.1 christos SSL_TLSV1,
1540 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE,
1541 1.1 christos SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1542 1.1 christos 0,
1543 1.1 christos 0
1544 1.1 christos },
1545 1.1 christos {
1546 1.1 christos 1,
1547 1.1 christos "GOST2001-NULL-GOST94",
1548 1.1 christos 0x3000083,
1549 1.1 christos SSL_kGOST,
1550 1.1 christos SSL_aGOST01,
1551 1.1 christos SSL_eNULL,
1552 1.1 christos SSL_GOST94,
1553 1.1 christos SSL_TLSV1,
1554 1.1 christos SSL_NOT_EXP|SSL_STRONG_NONE,
1555 1.1 christos SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1556 1.1 christos 0,
1557 1.1 christos 0
1558 1.1 christos },
1559 1.1 christos
1560 1.1 christos #ifndef OPENSSL_NO_CAMELLIA
1561 1.1 christos /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1562 1.1 christos
1563 1.1 christos /* Cipher 84 */
1564 1.1 christos {
1565 1.1 christos 1,
1566 1.1 christos TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1567 1.1 christos TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1568 1.1 christos SSL_kRSA,
1569 1.1 christos SSL_aRSA,
1570 1.1 christos SSL_CAMELLIA256,
1571 1.1 christos SSL_SHA1,
1572 1.1 christos SSL_TLSV1,
1573 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1574 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 1.1 christos 256,
1576 1.1 christos 256,
1577 1.1 christos },
1578 1.1 christos /* Cipher 85 */
1579 1.1 christos {
1580 1.1 christos 0, /* not implemented (non-ephemeral DH) */
1581 1.1 christos TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1582 1.1 christos TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1583 1.1 christos SSL_kDHd,
1584 1.1 christos SSL_aDH,
1585 1.1 christos SSL_CAMELLIA256,
1586 1.1 christos SSL_SHA1,
1587 1.1 christos SSL_TLSV1,
1588 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1589 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1590 1.1 christos 256,
1591 1.1 christos 256,
1592 1.1 christos },
1593 1.1 christos
1594 1.1 christos /* Cipher 86 */
1595 1.1 christos {
1596 1.1 christos 0, /* not implemented (non-ephemeral DH) */
1597 1.1 christos TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1598 1.1 christos TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1599 1.1 christos SSL_kDHr,
1600 1.1 christos SSL_aDH,
1601 1.1 christos SSL_CAMELLIA256,
1602 1.1 christos SSL_SHA1,
1603 1.1 christos SSL_TLSV1,
1604 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1605 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1606 1.1 christos 256,
1607 1.1 christos 256,
1608 1.1 christos },
1609 1.1 christos
1610 1.1 christos /* Cipher 87 */
1611 1.1 christos {
1612 1.1 christos 1,
1613 1.1 christos TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1614 1.1 christos TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1615 1.1 christos SSL_kEDH,
1616 1.1 christos SSL_aDSS,
1617 1.1 christos SSL_CAMELLIA256,
1618 1.1 christos SSL_SHA1,
1619 1.1 christos SSL_TLSV1,
1620 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1621 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1622 1.1 christos 256,
1623 1.1 christos 256,
1624 1.1 christos },
1625 1.1 christos
1626 1.1 christos /* Cipher 88 */
1627 1.1 christos {
1628 1.1 christos 1,
1629 1.1 christos TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1630 1.1 christos TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1631 1.1 christos SSL_kEDH,
1632 1.1 christos SSL_aRSA,
1633 1.1 christos SSL_CAMELLIA256,
1634 1.1 christos SSL_SHA1,
1635 1.1 christos SSL_TLSV1,
1636 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1637 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1638 1.1 christos 256,
1639 1.1 christos 256,
1640 1.1 christos },
1641 1.1 christos
1642 1.1 christos /* Cipher 89 */
1643 1.1 christos {
1644 1.1 christos 1,
1645 1.1 christos TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1646 1.1 christos TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1647 1.1 christos SSL_kEDH,
1648 1.1 christos SSL_aNULL,
1649 1.1 christos SSL_CAMELLIA256,
1650 1.1 christos SSL_SHA1,
1651 1.1 christos SSL_TLSV1,
1652 1.1 christos SSL_NOT_EXP|SSL_HIGH,
1653 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1654 1.1 christos 256,
1655 1.1 christos 256,
1656 1.1 christos },
1657 1.1 christos #endif /* OPENSSL_NO_CAMELLIA */
1658 1.1 christos
1659 1.1 christos #ifndef OPENSSL_NO_PSK
1660 1.1 christos /* Cipher 8A */
1661 1.1 christos {
1662 1.1 christos 1,
1663 1.1 christos TLS1_TXT_PSK_WITH_RC4_128_SHA,
1664 1.1 christos TLS1_CK_PSK_WITH_RC4_128_SHA,
1665 1.1 christos SSL_kPSK,
1666 1.1 christos SSL_aPSK,
1667 1.1 christos SSL_RC4,
1668 1.1 christos SSL_SHA1,
1669 1.1 christos SSL_TLSV1,
1670 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
1671 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1672 1.1 christos 128,
1673 1.1 christos 128,
1674 1.1 christos },
1675 1.1 christos
1676 1.1 christos /* Cipher 8B */
1677 1.1 christos {
1678 1.1 christos 1,
1679 1.1 christos TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1680 1.1 christos TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1681 1.1 christos SSL_kPSK,
1682 1.1 christos SSL_aPSK,
1683 1.1 christos SSL_3DES,
1684 1.1 christos SSL_SHA1,
1685 1.1 christos SSL_TLSV1,
1686 1.10 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1687 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1688 1.11 spz 112,
1689 1.1 christos 168,
1690 1.1 christos },
1691 1.1 christos
1692 1.1 christos /* Cipher 8C */
1693 1.1 christos {
1694 1.1 christos 1,
1695 1.1 christos TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1696 1.1 christos TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1697 1.1 christos SSL_kPSK,
1698 1.1 christos SSL_aPSK,
1699 1.1 christos SSL_AES128,
1700 1.1 christos SSL_SHA1,
1701 1.1 christos SSL_TLSV1,
1702 1.10 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1703 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1704 1.1 christos 128,
1705 1.1 christos 128,
1706 1.1 christos },
1707 1.1 christos
1708 1.1 christos /* Cipher 8D */
1709 1.1 christos {
1710 1.1 christos 1,
1711 1.1 christos TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1712 1.1 christos TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1713 1.1 christos SSL_kPSK,
1714 1.1 christos SSL_aPSK,
1715 1.1 christos SSL_AES256,
1716 1.1 christos SSL_SHA1,
1717 1.1 christos SSL_TLSV1,
1718 1.10 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1719 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1720 1.1 christos 256,
1721 1.1 christos 256,
1722 1.1 christos },
1723 1.1 christos #endif /* OPENSSL_NO_PSK */
1724 1.1 christos
1725 1.1 christos #ifndef OPENSSL_NO_SEED
1726 1.1 christos /* SEED ciphersuites from RFC4162 */
1727 1.1 christos
1728 1.1 christos /* Cipher 96 */
1729 1.1 christos {
1730 1.1 christos 1,
1731 1.1 christos TLS1_TXT_RSA_WITH_SEED_SHA,
1732 1.1 christos TLS1_CK_RSA_WITH_SEED_SHA,
1733 1.1 christos SSL_kRSA,
1734 1.1 christos SSL_aRSA,
1735 1.1 christos SSL_SEED,
1736 1.1 christos SSL_SHA1,
1737 1.1 christos SSL_TLSV1,
1738 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
1739 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1740 1.1 christos 128,
1741 1.1 christos 128,
1742 1.1 christos },
1743 1.1 christos
1744 1.1 christos /* Cipher 97 */
1745 1.1 christos {
1746 1.1 christos 0, /* not implemented (non-ephemeral DH) */
1747 1.1 christos TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1748 1.1 christos TLS1_CK_DH_DSS_WITH_SEED_SHA,
1749 1.1 christos SSL_kDHd,
1750 1.1 christos SSL_aDH,
1751 1.1 christos SSL_SEED,
1752 1.1 christos SSL_SHA1,
1753 1.1 christos SSL_TLSV1,
1754 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
1755 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1756 1.1 christos 128,
1757 1.1 christos 128,
1758 1.1 christos },
1759 1.1 christos
1760 1.1 christos /* Cipher 98 */
1761 1.1 christos {
1762 1.1 christos 0, /* not implemented (non-ephemeral DH) */
1763 1.1 christos TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1764 1.1 christos TLS1_CK_DH_RSA_WITH_SEED_SHA,
1765 1.1 christos SSL_kDHr,
1766 1.1 christos SSL_aDH,
1767 1.1 christos SSL_SEED,
1768 1.1 christos SSL_SHA1,
1769 1.1 christos SSL_TLSV1,
1770 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
1771 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1772 1.1 christos 128,
1773 1.1 christos 128,
1774 1.1 christos },
1775 1.1 christos
1776 1.1 christos /* Cipher 99 */
1777 1.1 christos {
1778 1.1 christos 1,
1779 1.1 christos TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1780 1.1 christos TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1781 1.1 christos SSL_kEDH,
1782 1.1 christos SSL_aDSS,
1783 1.1 christos SSL_SEED,
1784 1.1 christos SSL_SHA1,
1785 1.1 christos SSL_TLSV1,
1786 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
1787 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1788 1.1 christos 128,
1789 1.1 christos 128,
1790 1.1 christos },
1791 1.1 christos
1792 1.1 christos /* Cipher 9A */
1793 1.1 christos {
1794 1.1 christos 1,
1795 1.1 christos TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1796 1.1 christos TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1797 1.1 christos SSL_kEDH,
1798 1.1 christos SSL_aRSA,
1799 1.1 christos SSL_SEED,
1800 1.1 christos SSL_SHA1,
1801 1.1 christos SSL_TLSV1,
1802 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
1803 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1804 1.1 christos 128,
1805 1.1 christos 128,
1806 1.1 christos },
1807 1.1 christos
1808 1.1 christos /* Cipher 9B */
1809 1.1 christos {
1810 1.1 christos 1,
1811 1.1 christos TLS1_TXT_ADH_WITH_SEED_SHA,
1812 1.1 christos TLS1_CK_ADH_WITH_SEED_SHA,
1813 1.1 christos SSL_kEDH,
1814 1.1 christos SSL_aNULL,
1815 1.1 christos SSL_SEED,
1816 1.1 christos SSL_SHA1,
1817 1.1 christos SSL_TLSV1,
1818 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
1819 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1820 1.1 christos 128,
1821 1.1 christos 128,
1822 1.1 christos },
1823 1.1 christos
1824 1.1 christos #endif /* OPENSSL_NO_SEED */
1825 1.1 christos
1826 1.8 christos /* GCM ciphersuites from RFC5288 */
1827 1.8 christos
1828 1.8 christos /* Cipher 9C */
1829 1.8 christos {
1830 1.8 christos 1,
1831 1.8 christos TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1832 1.8 christos TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1833 1.8 christos SSL_kRSA,
1834 1.8 christos SSL_aRSA,
1835 1.8 christos SSL_AES128GCM,
1836 1.8 christos SSL_AEAD,
1837 1.8 christos SSL_TLSV1_2,
1838 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1839 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1840 1.8 christos 128,
1841 1.8 christos 128,
1842 1.8 christos },
1843 1.8 christos
1844 1.8 christos /* Cipher 9D */
1845 1.8 christos {
1846 1.8 christos 1,
1847 1.8 christos TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1848 1.8 christos TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1849 1.8 christos SSL_kRSA,
1850 1.8 christos SSL_aRSA,
1851 1.8 christos SSL_AES256GCM,
1852 1.8 christos SSL_AEAD,
1853 1.8 christos SSL_TLSV1_2,
1854 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1855 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1856 1.8 christos 256,
1857 1.8 christos 256,
1858 1.8 christos },
1859 1.8 christos
1860 1.8 christos /* Cipher 9E */
1861 1.8 christos {
1862 1.8 christos 1,
1863 1.8 christos TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1864 1.8 christos TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1865 1.8 christos SSL_kEDH,
1866 1.8 christos SSL_aRSA,
1867 1.8 christos SSL_AES128GCM,
1868 1.8 christos SSL_AEAD,
1869 1.8 christos SSL_TLSV1_2,
1870 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1871 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1872 1.8 christos 128,
1873 1.8 christos 128,
1874 1.8 christos },
1875 1.8 christos
1876 1.8 christos /* Cipher 9F */
1877 1.8 christos {
1878 1.8 christos 1,
1879 1.8 christos TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1880 1.8 christos TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1881 1.8 christos SSL_kEDH,
1882 1.8 christos SSL_aRSA,
1883 1.8 christos SSL_AES256GCM,
1884 1.8 christos SSL_AEAD,
1885 1.8 christos SSL_TLSV1_2,
1886 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1887 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1888 1.8 christos 256,
1889 1.8 christos 256,
1890 1.8 christos },
1891 1.8 christos
1892 1.8 christos /* Cipher A0 */
1893 1.8 christos {
1894 1.8 christos 0,
1895 1.8 christos TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1896 1.8 christos TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1897 1.8 christos SSL_kDHr,
1898 1.8 christos SSL_aDH,
1899 1.8 christos SSL_AES128GCM,
1900 1.8 christos SSL_AEAD,
1901 1.8 christos SSL_TLSV1_2,
1902 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1903 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1904 1.8 christos 128,
1905 1.8 christos 128,
1906 1.8 christos },
1907 1.8 christos
1908 1.8 christos /* Cipher A1 */
1909 1.8 christos {
1910 1.8 christos 0,
1911 1.8 christos TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1912 1.8 christos TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1913 1.8 christos SSL_kDHr,
1914 1.8 christos SSL_aDH,
1915 1.8 christos SSL_AES256GCM,
1916 1.8 christos SSL_AEAD,
1917 1.8 christos SSL_TLSV1_2,
1918 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1919 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1920 1.8 christos 256,
1921 1.8 christos 256,
1922 1.8 christos },
1923 1.8 christos
1924 1.8 christos /* Cipher A2 */
1925 1.8 christos {
1926 1.8 christos 1,
1927 1.8 christos TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1928 1.8 christos TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1929 1.8 christos SSL_kEDH,
1930 1.8 christos SSL_aDSS,
1931 1.8 christos SSL_AES128GCM,
1932 1.8 christos SSL_AEAD,
1933 1.8 christos SSL_TLSV1_2,
1934 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1935 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1936 1.8 christos 128,
1937 1.8 christos 128,
1938 1.8 christos },
1939 1.8 christos
1940 1.8 christos /* Cipher A3 */
1941 1.8 christos {
1942 1.8 christos 1,
1943 1.8 christos TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1944 1.8 christos TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1945 1.8 christos SSL_kEDH,
1946 1.8 christos SSL_aDSS,
1947 1.8 christos SSL_AES256GCM,
1948 1.8 christos SSL_AEAD,
1949 1.8 christos SSL_TLSV1_2,
1950 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952 1.8 christos 256,
1953 1.8 christos 256,
1954 1.8 christos },
1955 1.8 christos
1956 1.8 christos /* Cipher A4 */
1957 1.8 christos {
1958 1.8 christos 0,
1959 1.8 christos TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960 1.8 christos TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961 1.9 christos SSL_kDHd,
1962 1.8 christos SSL_aDH,
1963 1.8 christos SSL_AES128GCM,
1964 1.8 christos SSL_AEAD,
1965 1.8 christos SSL_TLSV1_2,
1966 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968 1.8 christos 128,
1969 1.8 christos 128,
1970 1.8 christos },
1971 1.8 christos
1972 1.8 christos /* Cipher A5 */
1973 1.8 christos {
1974 1.8 christos 0,
1975 1.8 christos TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976 1.8 christos TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977 1.9 christos SSL_kDHd,
1978 1.8 christos SSL_aDH,
1979 1.8 christos SSL_AES256GCM,
1980 1.8 christos SSL_AEAD,
1981 1.8 christos SSL_TLSV1_2,
1982 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984 1.8 christos 256,
1985 1.8 christos 256,
1986 1.8 christos },
1987 1.8 christos
1988 1.8 christos /* Cipher A6 */
1989 1.8 christos {
1990 1.8 christos 1,
1991 1.8 christos TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1992 1.8 christos TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1993 1.8 christos SSL_kEDH,
1994 1.8 christos SSL_aNULL,
1995 1.8 christos SSL_AES128GCM,
1996 1.8 christos SSL_AEAD,
1997 1.8 christos SSL_TLSV1_2,
1998 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1999 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2000 1.8 christos 128,
2001 1.8 christos 128,
2002 1.8 christos },
2003 1.8 christos
2004 1.8 christos /* Cipher A7 */
2005 1.8 christos {
2006 1.8 christos 1,
2007 1.8 christos TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2008 1.8 christos TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2009 1.8 christos SSL_kEDH,
2010 1.8 christos SSL_aNULL,
2011 1.8 christos SSL_AES256GCM,
2012 1.8 christos SSL_AEAD,
2013 1.8 christos SSL_TLSV1_2,
2014 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2015 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2016 1.8 christos 256,
2017 1.8 christos 256,
2018 1.8 christos },
2019 1.8 christos
2020 1.1 christos #ifndef OPENSSL_NO_ECDH
2021 1.1 christos /* Cipher C001 */
2022 1.1 christos {
2023 1.1 christos 1,
2024 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2025 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2026 1.1 christos SSL_kECDHe,
2027 1.1 christos SSL_aECDH,
2028 1.1 christos SSL_eNULL,
2029 1.1 christos SSL_SHA1,
2030 1.1 christos SSL_TLSV1,
2031 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2032 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2033 1.1 christos 0,
2034 1.1 christos 0,
2035 1.1 christos },
2036 1.1 christos
2037 1.1 christos /* Cipher C002 */
2038 1.1 christos {
2039 1.1 christos 1,
2040 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2041 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2042 1.1 christos SSL_kECDHe,
2043 1.1 christos SSL_aECDH,
2044 1.1 christos SSL_RC4,
2045 1.1 christos SSL_SHA1,
2046 1.1 christos SSL_TLSV1,
2047 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
2048 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2049 1.1 christos 128,
2050 1.1 christos 128,
2051 1.1 christos },
2052 1.1 christos
2053 1.1 christos /* Cipher C003 */
2054 1.1 christos {
2055 1.1 christos 1,
2056 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2057 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2058 1.1 christos SSL_kECDHe,
2059 1.1 christos SSL_aECDH,
2060 1.1 christos SSL_3DES,
2061 1.1 christos SSL_SHA1,
2062 1.1 christos SSL_TLSV1,
2063 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2064 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2065 1.11 spz 112,
2066 1.1 christos 168,
2067 1.1 christos },
2068 1.1 christos
2069 1.1 christos /* Cipher C004 */
2070 1.1 christos {
2071 1.1 christos 1,
2072 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2073 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2074 1.1 christos SSL_kECDHe,
2075 1.1 christos SSL_aECDH,
2076 1.1 christos SSL_AES128,
2077 1.1 christos SSL_SHA1,
2078 1.1 christos SSL_TLSV1,
2079 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2080 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2081 1.1 christos 128,
2082 1.1 christos 128,
2083 1.1 christos },
2084 1.1 christos
2085 1.1 christos /* Cipher C005 */
2086 1.1 christos {
2087 1.1 christos 1,
2088 1.1 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2089 1.1 christos TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2090 1.1 christos SSL_kECDHe,
2091 1.1 christos SSL_aECDH,
2092 1.1 christos SSL_AES256,
2093 1.1 christos SSL_SHA1,
2094 1.1 christos SSL_TLSV1,
2095 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2097 1.1 christos 256,
2098 1.1 christos 256,
2099 1.1 christos },
2100 1.1 christos
2101 1.1 christos /* Cipher C006 */
2102 1.1 christos {
2103 1.1 christos 1,
2104 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2105 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2106 1.1 christos SSL_kEECDH,
2107 1.1 christos SSL_aECDSA,
2108 1.1 christos SSL_eNULL,
2109 1.1 christos SSL_SHA1,
2110 1.1 christos SSL_TLSV1,
2111 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2112 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2113 1.1 christos 0,
2114 1.1 christos 0,
2115 1.1 christos },
2116 1.1 christos
2117 1.1 christos /* Cipher C007 */
2118 1.1 christos {
2119 1.1 christos 1,
2120 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2121 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2122 1.1 christos SSL_kEECDH,
2123 1.1 christos SSL_aECDSA,
2124 1.1 christos SSL_RC4,
2125 1.1 christos SSL_SHA1,
2126 1.1 christos SSL_TLSV1,
2127 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
2128 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2129 1.1 christos 128,
2130 1.1 christos 128,
2131 1.1 christos },
2132 1.1 christos
2133 1.1 christos /* Cipher C008 */
2134 1.1 christos {
2135 1.1 christos 1,
2136 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2137 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2138 1.1 christos SSL_kEECDH,
2139 1.1 christos SSL_aECDSA,
2140 1.1 christos SSL_3DES,
2141 1.1 christos SSL_SHA1,
2142 1.1 christos SSL_TLSV1,
2143 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2144 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2145 1.11 spz 112,
2146 1.1 christos 168,
2147 1.1 christos },
2148 1.1 christos
2149 1.1 christos /* Cipher C009 */
2150 1.1 christos {
2151 1.1 christos 1,
2152 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2153 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2154 1.1 christos SSL_kEECDH,
2155 1.1 christos SSL_aECDSA,
2156 1.1 christos SSL_AES128,
2157 1.1 christos SSL_SHA1,
2158 1.1 christos SSL_TLSV1,
2159 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2160 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2161 1.1 christos 128,
2162 1.1 christos 128,
2163 1.1 christos },
2164 1.1 christos
2165 1.1 christos /* Cipher C00A */
2166 1.1 christos {
2167 1.1 christos 1,
2168 1.1 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2169 1.1 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2170 1.1 christos SSL_kEECDH,
2171 1.1 christos SSL_aECDSA,
2172 1.1 christos SSL_AES256,
2173 1.1 christos SSL_SHA1,
2174 1.1 christos SSL_TLSV1,
2175 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2177 1.1 christos 256,
2178 1.1 christos 256,
2179 1.1 christos },
2180 1.1 christos
2181 1.1 christos /* Cipher C00B */
2182 1.1 christos {
2183 1.1 christos 1,
2184 1.1 christos TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2185 1.1 christos TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2186 1.1 christos SSL_kECDHr,
2187 1.1 christos SSL_aECDH,
2188 1.1 christos SSL_eNULL,
2189 1.1 christos SSL_SHA1,
2190 1.1 christos SSL_TLSV1,
2191 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2192 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2193 1.1 christos 0,
2194 1.1 christos 0,
2195 1.1 christos },
2196 1.1 christos
2197 1.1 christos /* Cipher C00C */
2198 1.1 christos {
2199 1.1 christos 1,
2200 1.1 christos TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2201 1.1 christos TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2202 1.1 christos SSL_kECDHr,
2203 1.1 christos SSL_aECDH,
2204 1.1 christos SSL_RC4,
2205 1.1 christos SSL_SHA1,
2206 1.1 christos SSL_TLSV1,
2207 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
2208 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2209 1.1 christos 128,
2210 1.1 christos 128,
2211 1.1 christos },
2212 1.1 christos
2213 1.1 christos /* Cipher C00D */
2214 1.1 christos {
2215 1.1 christos 1,
2216 1.1 christos TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2217 1.1 christos TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2218 1.1 christos SSL_kECDHr,
2219 1.1 christos SSL_aECDH,
2220 1.1 christos SSL_3DES,
2221 1.1 christos SSL_SHA1,
2222 1.1 christos SSL_TLSV1,
2223 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2224 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2225 1.11 spz 112,
2226 1.1 christos 168,
2227 1.1 christos },
2228 1.1 christos
2229 1.1 christos /* Cipher C00E */
2230 1.1 christos {
2231 1.1 christos 1,
2232 1.1 christos TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2233 1.1 christos TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2234 1.1 christos SSL_kECDHr,
2235 1.1 christos SSL_aECDH,
2236 1.1 christos SSL_AES128,
2237 1.1 christos SSL_SHA1,
2238 1.1 christos SSL_TLSV1,
2239 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2240 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2241 1.1 christos 128,
2242 1.1 christos 128,
2243 1.1 christos },
2244 1.1 christos
2245 1.1 christos /* Cipher C00F */
2246 1.1 christos {
2247 1.1 christos 1,
2248 1.1 christos TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2249 1.1 christos TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2250 1.1 christos SSL_kECDHr,
2251 1.1 christos SSL_aECDH,
2252 1.1 christos SSL_AES256,
2253 1.1 christos SSL_SHA1,
2254 1.1 christos SSL_TLSV1,
2255 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2256 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2257 1.1 christos 256,
2258 1.1 christos 256,
2259 1.1 christos },
2260 1.1 christos
2261 1.1 christos /* Cipher C010 */
2262 1.1 christos {
2263 1.1 christos 1,
2264 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2265 1.1 christos TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2266 1.1 christos SSL_kEECDH,
2267 1.1 christos SSL_aRSA,
2268 1.1 christos SSL_eNULL,
2269 1.1 christos SSL_SHA1,
2270 1.1 christos SSL_TLSV1,
2271 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2272 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2273 1.1 christos 0,
2274 1.1 christos 0,
2275 1.1 christos },
2276 1.1 christos
2277 1.1 christos /* Cipher C011 */
2278 1.1 christos {
2279 1.1 christos 1,
2280 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2281 1.1 christos TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2282 1.1 christos SSL_kEECDH,
2283 1.1 christos SSL_aRSA,
2284 1.1 christos SSL_RC4,
2285 1.1 christos SSL_SHA1,
2286 1.1 christos SSL_TLSV1,
2287 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
2288 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2289 1.1 christos 128,
2290 1.1 christos 128,
2291 1.1 christos },
2292 1.1 christos
2293 1.1 christos /* Cipher C012 */
2294 1.1 christos {
2295 1.1 christos 1,
2296 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2297 1.1 christos TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2298 1.1 christos SSL_kEECDH,
2299 1.1 christos SSL_aRSA,
2300 1.1 christos SSL_3DES,
2301 1.1 christos SSL_SHA1,
2302 1.1 christos SSL_TLSV1,
2303 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2304 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2305 1.11 spz 112,
2306 1.1 christos 168,
2307 1.1 christos },
2308 1.1 christos
2309 1.1 christos /* Cipher C013 */
2310 1.1 christos {
2311 1.1 christos 1,
2312 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2313 1.1 christos TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2314 1.1 christos SSL_kEECDH,
2315 1.1 christos SSL_aRSA,
2316 1.1 christos SSL_AES128,
2317 1.1 christos SSL_SHA1,
2318 1.1 christos SSL_TLSV1,
2319 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2320 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2321 1.1 christos 128,
2322 1.1 christos 128,
2323 1.1 christos },
2324 1.1 christos
2325 1.1 christos /* Cipher C014 */
2326 1.1 christos {
2327 1.1 christos 1,
2328 1.1 christos TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2329 1.1 christos TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2330 1.1 christos SSL_kEECDH,
2331 1.1 christos SSL_aRSA,
2332 1.1 christos SSL_AES256,
2333 1.1 christos SSL_SHA1,
2334 1.1 christos SSL_TLSV1,
2335 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2336 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2337 1.1 christos 256,
2338 1.1 christos 256,
2339 1.1 christos },
2340 1.1 christos
2341 1.1 christos /* Cipher C015 */
2342 1.1 christos {
2343 1.1 christos 1,
2344 1.1 christos TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2345 1.1 christos TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2346 1.1 christos SSL_kEECDH,
2347 1.1 christos SSL_aNULL,
2348 1.1 christos SSL_eNULL,
2349 1.1 christos SSL_SHA1,
2350 1.1 christos SSL_TLSV1,
2351 1.8 christos SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2352 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2353 1.1 christos 0,
2354 1.1 christos 0,
2355 1.1 christos },
2356 1.1 christos
2357 1.1 christos /* Cipher C016 */
2358 1.1 christos {
2359 1.1 christos 1,
2360 1.1 christos TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2361 1.1 christos TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2362 1.1 christos SSL_kEECDH,
2363 1.1 christos SSL_aNULL,
2364 1.1 christos SSL_RC4,
2365 1.1 christos SSL_SHA1,
2366 1.1 christos SSL_TLSV1,
2367 1.1 christos SSL_NOT_EXP|SSL_MEDIUM,
2368 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2369 1.1 christos 128,
2370 1.1 christos 128,
2371 1.1 christos },
2372 1.1 christos
2373 1.1 christos /* Cipher C017 */
2374 1.1 christos {
2375 1.1 christos 1,
2376 1.1 christos TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2377 1.1 christos TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2378 1.1 christos SSL_kEECDH,
2379 1.1 christos SSL_aNULL,
2380 1.1 christos SSL_3DES,
2381 1.1 christos SSL_SHA1,
2382 1.1 christos SSL_TLSV1,
2383 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2384 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2385 1.11 spz 112,
2386 1.1 christos 168,
2387 1.1 christos },
2388 1.1 christos
2389 1.1 christos /* Cipher C018 */
2390 1.1 christos {
2391 1.1 christos 1,
2392 1.1 christos TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2393 1.1 christos TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2394 1.1 christos SSL_kEECDH,
2395 1.1 christos SSL_aNULL,
2396 1.1 christos SSL_AES128,
2397 1.1 christos SSL_SHA1,
2398 1.1 christos SSL_TLSV1,
2399 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2400 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2401 1.1 christos 128,
2402 1.1 christos 128,
2403 1.1 christos },
2404 1.1 christos
2405 1.1 christos /* Cipher C019 */
2406 1.1 christos {
2407 1.1 christos 1,
2408 1.1 christos TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2409 1.1 christos TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2410 1.1 christos SSL_kEECDH,
2411 1.1 christos SSL_aNULL,
2412 1.1 christos SSL_AES256,
2413 1.1 christos SSL_SHA1,
2414 1.1 christos SSL_TLSV1,
2415 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2416 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2417 1.1 christos 256,
2418 1.1 christos 256,
2419 1.1 christos },
2420 1.1 christos #endif /* OPENSSL_NO_ECDH */
2421 1.1 christos
2422 1.5 spz #ifndef OPENSSL_NO_SRP
2423 1.5 spz /* Cipher C01A */
2424 1.5 spz {
2425 1.5 spz 1,
2426 1.5 spz TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427 1.5 spz TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428 1.5 spz SSL_kSRP,
2429 1.11 spz SSL_aSRP,
2430 1.5 spz SSL_3DES,
2431 1.5 spz SSL_SHA1,
2432 1.5 spz SSL_TLSV1,
2433 1.5 spz SSL_NOT_EXP|SSL_HIGH,
2434 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435 1.11 spz 112,
2436 1.5 spz 168,
2437 1.5 spz },
2438 1.5 spz
2439 1.5 spz /* Cipher C01B */
2440 1.5 spz {
2441 1.5 spz 1,
2442 1.5 spz TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443 1.5 spz TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444 1.5 spz SSL_kSRP,
2445 1.5 spz SSL_aRSA,
2446 1.5 spz SSL_3DES,
2447 1.5 spz SSL_SHA1,
2448 1.5 spz SSL_TLSV1,
2449 1.5 spz SSL_NOT_EXP|SSL_HIGH,
2450 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451 1.11 spz 112,
2452 1.5 spz 168,
2453 1.5 spz },
2454 1.5 spz
2455 1.5 spz /* Cipher C01C */
2456 1.5 spz {
2457 1.5 spz 1,
2458 1.5 spz TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459 1.5 spz TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460 1.5 spz SSL_kSRP,
2461 1.5 spz SSL_aDSS,
2462 1.5 spz SSL_3DES,
2463 1.5 spz SSL_SHA1,
2464 1.5 spz SSL_TLSV1,
2465 1.5 spz SSL_NOT_EXP|SSL_HIGH,
2466 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467 1.11 spz 112,
2468 1.5 spz 168,
2469 1.5 spz },
2470 1.5 spz
2471 1.5 spz /* Cipher C01D */
2472 1.5 spz {
2473 1.5 spz 1,
2474 1.5 spz TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475 1.5 spz TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476 1.5 spz SSL_kSRP,
2477 1.11 spz SSL_aSRP,
2478 1.5 spz SSL_AES128,
2479 1.5 spz SSL_SHA1,
2480 1.5 spz SSL_TLSV1,
2481 1.5 spz SSL_NOT_EXP|SSL_HIGH,
2482 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483 1.5 spz 128,
2484 1.5 spz 128,
2485 1.5 spz },
2486 1.5 spz
2487 1.5 spz /* Cipher C01E */
2488 1.5 spz {
2489 1.5 spz 1,
2490 1.5 spz TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491 1.5 spz TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492 1.5 spz SSL_kSRP,
2493 1.5 spz SSL_aRSA,
2494 1.5 spz SSL_AES128,
2495 1.5 spz SSL_SHA1,
2496 1.5 spz SSL_TLSV1,
2497 1.5 spz SSL_NOT_EXP|SSL_HIGH,
2498 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499 1.5 spz 128,
2500 1.5 spz 128,
2501 1.5 spz },
2502 1.5 spz
2503 1.5 spz /* Cipher C01F */
2504 1.5 spz {
2505 1.5 spz 1,
2506 1.5 spz TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507 1.5 spz TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508 1.5 spz SSL_kSRP,
2509 1.5 spz SSL_aDSS,
2510 1.5 spz SSL_AES128,
2511 1.5 spz SSL_SHA1,
2512 1.5 spz SSL_TLSV1,
2513 1.5 spz SSL_NOT_EXP|SSL_HIGH,
2514 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515 1.5 spz 128,
2516 1.5 spz 128,
2517 1.5 spz },
2518 1.5 spz
2519 1.5 spz /* Cipher C020 */
2520 1.5 spz {
2521 1.5 spz 1,
2522 1.5 spz TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523 1.5 spz TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524 1.5 spz SSL_kSRP,
2525 1.11 spz SSL_aSRP,
2526 1.5 spz SSL_AES256,
2527 1.5 spz SSL_SHA1,
2528 1.5 spz SSL_TLSV1,
2529 1.5 spz SSL_NOT_EXP|SSL_HIGH,
2530 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531 1.5 spz 256,
2532 1.5 spz 256,
2533 1.5 spz },
2534 1.5 spz
2535 1.5 spz /* Cipher C021 */
2536 1.5 spz {
2537 1.5 spz 1,
2538 1.5 spz TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539 1.5 spz TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540 1.5 spz SSL_kSRP,
2541 1.5 spz SSL_aRSA,
2542 1.5 spz SSL_AES256,
2543 1.5 spz SSL_SHA1,
2544 1.5 spz SSL_TLSV1,
2545 1.5 spz SSL_NOT_EXP|SSL_HIGH,
2546 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547 1.5 spz 256,
2548 1.5 spz 256,
2549 1.5 spz },
2550 1.5 spz
2551 1.5 spz /* Cipher C022 */
2552 1.5 spz {
2553 1.5 spz 1,
2554 1.5 spz TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555 1.5 spz TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556 1.5 spz SSL_kSRP,
2557 1.5 spz SSL_aDSS,
2558 1.5 spz SSL_AES256,
2559 1.5 spz SSL_SHA1,
2560 1.5 spz SSL_TLSV1,
2561 1.5 spz SSL_NOT_EXP|SSL_HIGH,
2562 1.5 spz SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563 1.5 spz 256,
2564 1.5 spz 256,
2565 1.5 spz },
2566 1.5 spz #endif /* OPENSSL_NO_SRP */
2567 1.8 christos #ifndef OPENSSL_NO_ECDH
2568 1.8 christos
2569 1.8 christos /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2570 1.8 christos
2571 1.8 christos /* Cipher C023 */
2572 1.8 christos {
2573 1.8 christos 1,
2574 1.8 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2575 1.8 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2576 1.8 christos SSL_kEECDH,
2577 1.8 christos SSL_aECDSA,
2578 1.8 christos SSL_AES128,
2579 1.8 christos SSL_SHA256,
2580 1.8 christos SSL_TLSV1_2,
2581 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2582 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2583 1.8 christos 128,
2584 1.8 christos 128,
2585 1.8 christos },
2586 1.8 christos
2587 1.8 christos /* Cipher C024 */
2588 1.8 christos {
2589 1.8 christos 1,
2590 1.8 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2591 1.8 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2592 1.8 christos SSL_kEECDH,
2593 1.8 christos SSL_aECDSA,
2594 1.8 christos SSL_AES256,
2595 1.8 christos SSL_SHA384,
2596 1.8 christos SSL_TLSV1_2,
2597 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2598 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2599 1.8 christos 256,
2600 1.8 christos 256,
2601 1.8 christos },
2602 1.8 christos
2603 1.8 christos /* Cipher C025 */
2604 1.8 christos {
2605 1.8 christos 1,
2606 1.8 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2607 1.8 christos TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2608 1.8 christos SSL_kECDHe,
2609 1.8 christos SSL_aECDH,
2610 1.8 christos SSL_AES128,
2611 1.8 christos SSL_SHA256,
2612 1.8 christos SSL_TLSV1_2,
2613 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2614 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2615 1.8 christos 128,
2616 1.8 christos 128,
2617 1.8 christos },
2618 1.8 christos
2619 1.8 christos /* Cipher C026 */
2620 1.8 christos {
2621 1.8 christos 1,
2622 1.8 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2623 1.8 christos TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2624 1.8 christos SSL_kECDHe,
2625 1.8 christos SSL_aECDH,
2626 1.8 christos SSL_AES256,
2627 1.8 christos SSL_SHA384,
2628 1.8 christos SSL_TLSV1_2,
2629 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2630 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2631 1.8 christos 256,
2632 1.8 christos 256,
2633 1.8 christos },
2634 1.8 christos
2635 1.8 christos /* Cipher C027 */
2636 1.8 christos {
2637 1.8 christos 1,
2638 1.8 christos TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2639 1.8 christos TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2640 1.8 christos SSL_kEECDH,
2641 1.8 christos SSL_aRSA,
2642 1.8 christos SSL_AES128,
2643 1.8 christos SSL_SHA256,
2644 1.8 christos SSL_TLSV1_2,
2645 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2646 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2647 1.8 christos 128,
2648 1.8 christos 128,
2649 1.8 christos },
2650 1.8 christos
2651 1.8 christos /* Cipher C028 */
2652 1.8 christos {
2653 1.8 christos 1,
2654 1.8 christos TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2655 1.8 christos TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2656 1.8 christos SSL_kEECDH,
2657 1.8 christos SSL_aRSA,
2658 1.8 christos SSL_AES256,
2659 1.8 christos SSL_SHA384,
2660 1.8 christos SSL_TLSV1_2,
2661 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663 1.8 christos 256,
2664 1.8 christos 256,
2665 1.8 christos },
2666 1.8 christos
2667 1.8 christos /* Cipher C029 */
2668 1.8 christos {
2669 1.8 christos 1,
2670 1.8 christos TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671 1.8 christos TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672 1.9 christos SSL_kECDHr,
2673 1.8 christos SSL_aECDH,
2674 1.8 christos SSL_AES128,
2675 1.8 christos SSL_SHA256,
2676 1.8 christos SSL_TLSV1_2,
2677 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679 1.8 christos 128,
2680 1.8 christos 128,
2681 1.8 christos },
2682 1.8 christos
2683 1.8 christos /* Cipher C02A */
2684 1.8 christos {
2685 1.8 christos 1,
2686 1.8 christos TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687 1.8 christos TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688 1.9 christos SSL_kECDHr,
2689 1.8 christos SSL_aECDH,
2690 1.8 christos SSL_AES256,
2691 1.8 christos SSL_SHA384,
2692 1.8 christos SSL_TLSV1_2,
2693 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695 1.8 christos 256,
2696 1.8 christos 256,
2697 1.8 christos },
2698 1.8 christos
2699 1.8 christos /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700 1.8 christos
2701 1.8 christos /* Cipher C02B */
2702 1.8 christos {
2703 1.8 christos 1,
2704 1.8 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2705 1.8 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2706 1.8 christos SSL_kEECDH,
2707 1.8 christos SSL_aECDSA,
2708 1.8 christos SSL_AES128GCM,
2709 1.8 christos SSL_AEAD,
2710 1.8 christos SSL_TLSV1_2,
2711 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2712 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2713 1.8 christos 128,
2714 1.8 christos 128,
2715 1.8 christos },
2716 1.8 christos
2717 1.8 christos /* Cipher C02C */
2718 1.8 christos {
2719 1.8 christos 1,
2720 1.8 christos TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2721 1.8 christos TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2722 1.8 christos SSL_kEECDH,
2723 1.8 christos SSL_aECDSA,
2724 1.8 christos SSL_AES256GCM,
2725 1.8 christos SSL_AEAD,
2726 1.8 christos SSL_TLSV1_2,
2727 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2728 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2729 1.8 christos 256,
2730 1.8 christos 256,
2731 1.8 christos },
2732 1.8 christos
2733 1.8 christos /* Cipher C02D */
2734 1.8 christos {
2735 1.8 christos 1,
2736 1.8 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2737 1.8 christos TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2738 1.8 christos SSL_kECDHe,
2739 1.8 christos SSL_aECDH,
2740 1.8 christos SSL_AES128GCM,
2741 1.8 christos SSL_AEAD,
2742 1.8 christos SSL_TLSV1_2,
2743 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2744 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2745 1.8 christos 128,
2746 1.8 christos 128,
2747 1.8 christos },
2748 1.8 christos
2749 1.8 christos /* Cipher C02E */
2750 1.8 christos {
2751 1.8 christos 1,
2752 1.8 christos TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2753 1.8 christos TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2754 1.8 christos SSL_kECDHe,
2755 1.8 christos SSL_aECDH,
2756 1.8 christos SSL_AES256GCM,
2757 1.8 christos SSL_AEAD,
2758 1.8 christos SSL_TLSV1_2,
2759 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2760 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2761 1.8 christos 256,
2762 1.8 christos 256,
2763 1.8 christos },
2764 1.8 christos
2765 1.8 christos /* Cipher C02F */
2766 1.8 christos {
2767 1.8 christos 1,
2768 1.8 christos TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2769 1.8 christos TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2770 1.8 christos SSL_kEECDH,
2771 1.8 christos SSL_aRSA,
2772 1.8 christos SSL_AES128GCM,
2773 1.8 christos SSL_AEAD,
2774 1.8 christos SSL_TLSV1_2,
2775 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2776 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2777 1.8 christos 128,
2778 1.8 christos 128,
2779 1.8 christos },
2780 1.8 christos
2781 1.8 christos /* Cipher C030 */
2782 1.8 christos {
2783 1.8 christos 1,
2784 1.8 christos TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2785 1.8 christos TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2786 1.8 christos SSL_kEECDH,
2787 1.8 christos SSL_aRSA,
2788 1.8 christos SSL_AES256GCM,
2789 1.8 christos SSL_AEAD,
2790 1.8 christos SSL_TLSV1_2,
2791 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793 1.8 christos 256,
2794 1.8 christos 256,
2795 1.8 christos },
2796 1.8 christos
2797 1.8 christos /* Cipher C031 */
2798 1.8 christos {
2799 1.8 christos 1,
2800 1.8 christos TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801 1.8 christos TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802 1.9 christos SSL_kECDHr,
2803 1.8 christos SSL_aECDH,
2804 1.8 christos SSL_AES128GCM,
2805 1.8 christos SSL_AEAD,
2806 1.8 christos SSL_TLSV1_2,
2807 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808 1.8 christos SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809 1.8 christos 128,
2810 1.8 christos 128,
2811 1.8 christos },
2812 1.8 christos
2813 1.8 christos /* Cipher C032 */
2814 1.8 christos {
2815 1.8 christos 1,
2816 1.8 christos TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817 1.8 christos TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818 1.9 christos SSL_kECDHr,
2819 1.8 christos SSL_aECDH,
2820 1.8 christos SSL_AES256GCM,
2821 1.8 christos SSL_AEAD,
2822 1.8 christos SSL_TLSV1_2,
2823 1.8 christos SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824 1.8 christos SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825 1.8 christos 256,
2826 1.8 christos 256,
2827 1.8 christos },
2828 1.8 christos
2829 1.8 christos #endif /* OPENSSL_NO_ECDH */
2830 1.8 christos
2831 1.5 spz
2832 1.1 christos #ifdef TEMP_GOST_TLS
2833 1.1 christos /* Cipher FF00 */
2834 1.1 christos {
2835 1.1 christos 1,
2836 1.1 christos "GOST-MD5",
2837 1.1 christos 0x0300ff00,
2838 1.1 christos SSL_kRSA,
2839 1.1 christos SSL_aRSA,
2840 1.1 christos SSL_eGOST2814789CNT,
2841 1.1 christos SSL_MD5,
2842 1.1 christos SSL_TLSV1,
2843 1.1 christos SSL_NOT_EXP|SSL_HIGH,
2844 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2845 1.1 christos 256,
2846 1.1 christos 256,
2847 1.1 christos },
2848 1.1 christos {
2849 1.1 christos 1,
2850 1.1 christos "GOST-GOST94",
2851 1.1 christos 0x0300ff01,
2852 1.1 christos SSL_kRSA,
2853 1.1 christos SSL_aRSA,
2854 1.1 christos SSL_eGOST2814789CNT,
2855 1.1 christos SSL_GOST94,
2856 1.1 christos SSL_TLSV1,
2857 1.1 christos SSL_NOT_EXP|SSL_HIGH,
2858 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2859 1.1 christos 256,
2860 1.1 christos 256
2861 1.1 christos },
2862 1.1 christos {
2863 1.1 christos 1,
2864 1.1 christos "GOST-GOST89MAC",
2865 1.1 christos 0x0300ff02,
2866 1.1 christos SSL_kRSA,
2867 1.1 christos SSL_aRSA,
2868 1.1 christos SSL_eGOST2814789CNT,
2869 1.1 christos SSL_GOST89MAC,
2870 1.1 christos SSL_TLSV1,
2871 1.1 christos SSL_NOT_EXP|SSL_HIGH,
2872 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2873 1.1 christos 256,
2874 1.1 christos 256
2875 1.1 christos },
2876 1.1 christos {
2877 1.1 christos 1,
2878 1.1 christos "GOST-GOST89STREAM",
2879 1.1 christos 0x0300ff03,
2880 1.1 christos SSL_kRSA,
2881 1.1 christos SSL_aRSA,
2882 1.1 christos SSL_eGOST2814789CNT,
2883 1.1 christos SSL_GOST89MAC,
2884 1.1 christos SSL_TLSV1,
2885 1.1 christos SSL_NOT_EXP|SSL_HIGH,
2886 1.1 christos SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2887 1.1 christos 256,
2888 1.1 christos 256
2889 1.1 christos },
2890 1.1 christos #endif
2891 1.1 christos
2892 1.1 christos /* end of list */
2893 1.1 christos };
2894 1.1 christos
2895 1.1 christos SSL3_ENC_METHOD SSLv3_enc_data={
2896 1.1 christos ssl3_enc,
2897 1.1 christos n_ssl3_mac,
2898 1.1 christos ssl3_setup_key_block,
2899 1.1 christos ssl3_generate_master_secret,
2900 1.1 christos ssl3_change_cipher_state,
2901 1.1 christos ssl3_final_finish_mac,
2902 1.1 christos MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2903 1.1 christos ssl3_cert_verify_mac,
2904 1.1 christos SSL3_MD_CLIENT_FINISHED_CONST,4,
2905 1.1 christos SSL3_MD_SERVER_FINISHED_CONST,4,
2906 1.1 christos ssl3_alert_code,
2907 1.8 christos (int (*)(SSL *, unsigned char *, size_t, const char *,
2908 1.8 christos size_t, const unsigned char *, size_t,
2909 1.8 christos int use_context))ssl_undefined_function,
2910 1.1 christos };
2911 1.1 christos
2912 1.1 christos long ssl3_default_timeout(void)
2913 1.1 christos {
2914 1.1 christos /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2915 1.1 christos * is way too long for http, the cache would over fill */
2916 1.1 christos return(60*60*2);
2917 1.1 christos }
2918 1.1 christos
2919 1.1 christos int ssl3_num_ciphers(void)
2920 1.1 christos {
2921 1.1 christos return(SSL3_NUM_CIPHERS);
2922 1.1 christos }
2923 1.1 christos
2924 1.1 christos const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2925 1.1 christos {
2926 1.1 christos if (u < SSL3_NUM_CIPHERS)
2927 1.1 christos return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2928 1.1 christos else
2929 1.1 christos return(NULL);
2930 1.1 christos }
2931 1.1 christos
2932 1.1 christos int ssl3_pending(const SSL *s)
2933 1.1 christos {
2934 1.1 christos if (s->rstate == SSL_ST_READ_BODY)
2935 1.1 christos return 0;
2936 1.1 christos
2937 1.1 christos return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2938 1.1 christos }
2939 1.1 christos
2940 1.1 christos int ssl3_new(SSL *s)
2941 1.1 christos {
2942 1.1 christos SSL3_STATE *s3;
2943 1.1 christos
2944 1.1 christos if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2945 1.1 christos memset(s3,0,sizeof *s3);
2946 1.1 christos memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2947 1.1 christos memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2948 1.1 christos
2949 1.1 christos s->s3=s3;
2950 1.1 christos
2951 1.5 spz #ifndef OPENSSL_NO_SRP
2952 1.5 spz SSL_SRP_CTX_init(s);
2953 1.5 spz #endif
2954 1.1 christos s->method->ssl_clear(s);
2955 1.1 christos return(1);
2956 1.1 christos err:
2957 1.1 christos return(0);
2958 1.1 christos }
2959 1.1 christos
2960 1.1 christos void ssl3_free(SSL *s)
2961 1.1 christos {
2962 1.1 christos if(s == NULL)
2963 1.1 christos return;
2964 1.1 christos
2965 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input
2966 1.1 christos if (s->s3->client_opaque_prf_input != NULL)
2967 1.1 christos OPENSSL_free(s->s3->client_opaque_prf_input);
2968 1.1 christos if (s->s3->server_opaque_prf_input != NULL)
2969 1.1 christos OPENSSL_free(s->s3->server_opaque_prf_input);
2970 1.1 christos #endif
2971 1.1 christos
2972 1.1 christos ssl3_cleanup_key_block(s);
2973 1.1 christos if (s->s3->rbuf.buf != NULL)
2974 1.1 christos ssl3_release_read_buffer(s);
2975 1.1 christos if (s->s3->wbuf.buf != NULL)
2976 1.1 christos ssl3_release_write_buffer(s);
2977 1.1 christos if (s->s3->rrec.comp != NULL)
2978 1.1 christos OPENSSL_free(s->s3->rrec.comp);
2979 1.1 christos #ifndef OPENSSL_NO_DH
2980 1.1 christos if (s->s3->tmp.dh != NULL)
2981 1.1 christos DH_free(s->s3->tmp.dh);
2982 1.1 christos #endif
2983 1.1 christos #ifndef OPENSSL_NO_ECDH
2984 1.1 christos if (s->s3->tmp.ecdh != NULL)
2985 1.1 christos EC_KEY_free(s->s3->tmp.ecdh);
2986 1.1 christos #endif
2987 1.1 christos
2988 1.1 christos if (s->s3->tmp.ca_names != NULL)
2989 1.1 christos sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2990 1.1 christos if (s->s3->handshake_buffer) {
2991 1.1 christos BIO_free(s->s3->handshake_buffer);
2992 1.1 christos }
2993 1.1 christos if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2994 1.5 spz #ifndef OPENSSL_NO_SRP
2995 1.5 spz SSL_SRP_CTX_free(s);
2996 1.5 spz #endif
2997 1.1 christos OPENSSL_cleanse(s->s3,sizeof *s->s3);
2998 1.1 christos OPENSSL_free(s->s3);
2999 1.1 christos s->s3=NULL;
3000 1.1 christos }
3001 1.1 christos
3002 1.1 christos void ssl3_clear(SSL *s)
3003 1.1 christos {
3004 1.1 christos unsigned char *rp,*wp;
3005 1.1 christos size_t rlen, wlen;
3006 1.8 christos int init_extra;
3007 1.1 christos
3008 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input
3009 1.1 christos if (s->s3->client_opaque_prf_input != NULL)
3010 1.1 christos OPENSSL_free(s->s3->client_opaque_prf_input);
3011 1.1 christos s->s3->client_opaque_prf_input = NULL;
3012 1.1 christos if (s->s3->server_opaque_prf_input != NULL)
3013 1.1 christos OPENSSL_free(s->s3->server_opaque_prf_input);
3014 1.1 christos s->s3->server_opaque_prf_input = NULL;
3015 1.1 christos #endif
3016 1.1 christos
3017 1.1 christos ssl3_cleanup_key_block(s);
3018 1.1 christos if (s->s3->tmp.ca_names != NULL)
3019 1.1 christos sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
3020 1.1 christos
3021 1.1 christos if (s->s3->rrec.comp != NULL)
3022 1.1 christos {
3023 1.1 christos OPENSSL_free(s->s3->rrec.comp);
3024 1.1 christos s->s3->rrec.comp=NULL;
3025 1.1 christos }
3026 1.1 christos #ifndef OPENSSL_NO_DH
3027 1.1 christos if (s->s3->tmp.dh != NULL)
3028 1.7 drochner {
3029 1.1 christos DH_free(s->s3->tmp.dh);
3030 1.7 drochner s->s3->tmp.dh = NULL;
3031 1.7 drochner }
3032 1.1 christos #endif
3033 1.1 christos #ifndef OPENSSL_NO_ECDH
3034 1.1 christos if (s->s3->tmp.ecdh != NULL)
3035 1.7 drochner {
3036 1.1 christos EC_KEY_free(s->s3->tmp.ecdh);
3037 1.7 drochner s->s3->tmp.ecdh = NULL;
3038 1.7 drochner }
3039 1.1 christos #endif
3040 1.10 christos #ifndef OPENSSL_NO_TLSEXT
3041 1.10 christos #ifndef OPENSSL_NO_EC
3042 1.10 christos s->s3->is_probably_safari = 0;
3043 1.10 christos #endif /* !OPENSSL_NO_EC */
3044 1.10 christos #endif /* !OPENSSL_NO_TLSEXT */
3045 1.1 christos
3046 1.1 christos rp = s->s3->rbuf.buf;
3047 1.1 christos wp = s->s3->wbuf.buf;
3048 1.1 christos rlen = s->s3->rbuf.len;
3049 1.1 christos wlen = s->s3->wbuf.len;
3050 1.8 christos init_extra = s->s3->init_extra;
3051 1.1 christos if (s->s3->handshake_buffer) {
3052 1.1 christos BIO_free(s->s3->handshake_buffer);
3053 1.3 christos s->s3->handshake_buffer = NULL;
3054 1.1 christos }
3055 1.1 christos if (s->s3->handshake_dgst) {
3056 1.1 christos ssl3_free_digest_list(s);
3057 1.1 christos }
3058 1.1 christos memset(s->s3,0,sizeof *s->s3);
3059 1.1 christos s->s3->rbuf.buf = rp;
3060 1.1 christos s->s3->wbuf.buf = wp;
3061 1.1 christos s->s3->rbuf.len = rlen;
3062 1.1 christos s->s3->wbuf.len = wlen;
3063 1.8 christos s->s3->init_extra = init_extra;
3064 1.1 christos
3065 1.1 christos ssl_free_wbio_buffer(s);
3066 1.1 christos
3067 1.1 christos s->packet_length=0;
3068 1.1 christos s->s3->renegotiate=0;
3069 1.1 christos s->s3->total_renegotiations=0;
3070 1.1 christos s->s3->num_renegotiations=0;
3071 1.1 christos s->s3->in_read_app_data=0;
3072 1.1 christos s->version=SSL3_VERSION;
3073 1.8 christos
3074 1.8 christos #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3075 1.8 christos if (s->next_proto_negotiated)
3076 1.8 christos {
3077 1.8 christos OPENSSL_free(s->next_proto_negotiated);
3078 1.8 christos s->next_proto_negotiated = NULL;
3079 1.8 christos s->next_proto_negotiated_len = 0;
3080 1.8 christos }
3081 1.8 christos #endif
3082 1.1 christos }
3083 1.1 christos
3084 1.5 spz #ifndef OPENSSL_NO_SRP
3085 1.5 spz static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3086 1.5 spz {
3087 1.5 spz return BUF_strdup(s->srp_ctx.info) ;
3088 1.5 spz }
3089 1.5 spz #endif
3090 1.5 spz
3091 1.1 christos long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3092 1.1 christos {
3093 1.1 christos int ret=0;
3094 1.1 christos
3095 1.1 christos #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3096 1.1 christos if (
3097 1.1 christos #ifndef OPENSSL_NO_RSA
3098 1.1 christos cmd == SSL_CTRL_SET_TMP_RSA ||
3099 1.1 christos cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3100 1.1 christos #endif
3101 1.1 christos #ifndef OPENSSL_NO_DSA
3102 1.1 christos cmd == SSL_CTRL_SET_TMP_DH ||
3103 1.1 christos cmd == SSL_CTRL_SET_TMP_DH_CB ||
3104 1.1 christos #endif
3105 1.1 christos 0)
3106 1.1 christos {
3107 1.1 christos if (!ssl_cert_inst(&s->cert))
3108 1.1 christos {
3109 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3110 1.1 christos return(0);
3111 1.1 christos }
3112 1.1 christos }
3113 1.1 christos #endif
3114 1.1 christos
3115 1.1 christos switch (cmd)
3116 1.1 christos {
3117 1.1 christos case SSL_CTRL_GET_SESSION_REUSED:
3118 1.1 christos ret=s->hit;
3119 1.1 christos break;
3120 1.1 christos case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3121 1.1 christos break;
3122 1.1 christos case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3123 1.1 christos ret=s->s3->num_renegotiations;
3124 1.1 christos break;
3125 1.1 christos case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3126 1.1 christos ret=s->s3->num_renegotiations;
3127 1.1 christos s->s3->num_renegotiations=0;
3128 1.1 christos break;
3129 1.1 christos case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3130 1.1 christos ret=s->s3->total_renegotiations;
3131 1.1 christos break;
3132 1.1 christos case SSL_CTRL_GET_FLAGS:
3133 1.1 christos ret=(int)(s->s3->flags);
3134 1.1 christos break;
3135 1.1 christos #ifndef OPENSSL_NO_RSA
3136 1.1 christos case SSL_CTRL_NEED_TMP_RSA:
3137 1.1 christos if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3138 1.1 christos ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3139 1.1 christos (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
3140 1.1 christos ret = 1;
3141 1.1 christos break;
3142 1.1 christos case SSL_CTRL_SET_TMP_RSA:
3143 1.1 christos {
3144 1.1 christos RSA *rsa = (RSA *)parg;
3145 1.1 christos if (rsa == NULL)
3146 1.1 christos {
3147 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3148 1.1 christos return(ret);
3149 1.1 christos }
3150 1.1 christos if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3151 1.1 christos {
3152 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3153 1.1 christos return(ret);
3154 1.1 christos }
3155 1.1 christos if (s->cert->rsa_tmp != NULL)
3156 1.1 christos RSA_free(s->cert->rsa_tmp);
3157 1.1 christos s->cert->rsa_tmp = rsa;
3158 1.1 christos ret = 1;
3159 1.1 christos }
3160 1.1 christos break;
3161 1.1 christos case SSL_CTRL_SET_TMP_RSA_CB:
3162 1.1 christos {
3163 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3164 1.1 christos return(ret);
3165 1.1 christos }
3166 1.1 christos break;
3167 1.1 christos #endif
3168 1.1 christos #ifndef OPENSSL_NO_DH
3169 1.1 christos case SSL_CTRL_SET_TMP_DH:
3170 1.1 christos {
3171 1.1 christos DH *dh = (DH *)parg;
3172 1.1 christos if (dh == NULL)
3173 1.1 christos {
3174 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3175 1.1 christos return(ret);
3176 1.1 christos }
3177 1.1 christos if ((dh = DHparams_dup(dh)) == NULL)
3178 1.1 christos {
3179 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3180 1.1 christos return(ret);
3181 1.1 christos }
3182 1.1 christos if (!(s->options & SSL_OP_SINGLE_DH_USE))
3183 1.1 christos {
3184 1.1 christos if (!DH_generate_key(dh))
3185 1.1 christos {
3186 1.1 christos DH_free(dh);
3187 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3188 1.1 christos return(ret);
3189 1.1 christos }
3190 1.1 christos }
3191 1.1 christos if (s->cert->dh_tmp != NULL)
3192 1.1 christos DH_free(s->cert->dh_tmp);
3193 1.1 christos s->cert->dh_tmp = dh;
3194 1.1 christos ret = 1;
3195 1.1 christos }
3196 1.1 christos break;
3197 1.1 christos case SSL_CTRL_SET_TMP_DH_CB:
3198 1.1 christos {
3199 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3200 1.1 christos return(ret);
3201 1.1 christos }
3202 1.1 christos break;
3203 1.1 christos #endif
3204 1.1 christos #ifndef OPENSSL_NO_ECDH
3205 1.1 christos case SSL_CTRL_SET_TMP_ECDH:
3206 1.1 christos {
3207 1.1 christos EC_KEY *ecdh = NULL;
3208 1.1 christos
3209 1.1 christos if (parg == NULL)
3210 1.1 christos {
3211 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3212 1.1 christos return(ret);
3213 1.1 christos }
3214 1.1 christos if (!EC_KEY_up_ref((EC_KEY *)parg))
3215 1.1 christos {
3216 1.1 christos SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3217 1.1 christos return(ret);
3218 1.1 christos }
3219 1.1 christos ecdh = (EC_KEY *)parg;
3220 1.1 christos if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
3221 1.1 christos {
3222 1.1 christos if (!EC_KEY_generate_key(ecdh))
3223 1.1 christos {
3224 1.1 christos EC_KEY_free(ecdh);
3225 1.1 christos SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3226 1.1 christos return(ret);
3227 1.1 christos }
3228 1.1 christos }
3229 1.1 christos if (s->cert->ecdh_tmp != NULL)
3230 1.1 christos EC_KEY_free(s->cert->ecdh_tmp);
3231 1.1 christos s->cert->ecdh_tmp = ecdh;
3232 1.1 christos ret = 1;
3233 1.1 christos }
3234 1.1 christos break;
3235 1.1 christos case SSL_CTRL_SET_TMP_ECDH_CB:
3236 1.1 christos {
3237 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3238 1.1 christos return(ret);
3239 1.1 christos }
3240 1.1 christos break;
3241 1.1 christos #endif /* !OPENSSL_NO_ECDH */
3242 1.1 christos #ifndef OPENSSL_NO_TLSEXT
3243 1.1 christos case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3244 1.1 christos if (larg == TLSEXT_NAMETYPE_host_name)
3245 1.1 christos {
3246 1.1 christos if (s->tlsext_hostname != NULL)
3247 1.1 christos OPENSSL_free(s->tlsext_hostname);
3248 1.1 christos s->tlsext_hostname = NULL;
3249 1.1 christos
3250 1.1 christos ret = 1;
3251 1.1 christos if (parg == NULL)
3252 1.1 christos break;
3253 1.1 christos if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
3254 1.1 christos {
3255 1.1 christos SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3256 1.1 christos return 0;
3257 1.1 christos }
3258 1.1 christos if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
3259 1.1 christos {
3260 1.1 christos SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3261 1.1 christos return 0;
3262 1.1 christos }
3263 1.1 christos }
3264 1.1 christos else
3265 1.1 christos {
3266 1.1 christos SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3267 1.1 christos return 0;
3268 1.1 christos }
3269 1.1 christos break;
3270 1.1 christos case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3271 1.1 christos s->tlsext_debug_arg=parg;
3272 1.1 christos ret = 1;
3273 1.1 christos break;
3274 1.1 christos
3275 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input
3276 1.1 christos case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3277 1.1 christos if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
3278 1.1 christos * (including the cert chain and everything) */
3279 1.1 christos {
3280 1.1 christos SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3281 1.1 christos break;
3282 1.1 christos }
3283 1.1 christos if (s->tlsext_opaque_prf_input != NULL)
3284 1.1 christos OPENSSL_free(s->tlsext_opaque_prf_input);
3285 1.1 christos if ((size_t)larg == 0)
3286 1.1 christos s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
3287 1.1 christos else
3288 1.1 christos s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3289 1.1 christos if (s->tlsext_opaque_prf_input != NULL)
3290 1.1 christos {
3291 1.1 christos s->tlsext_opaque_prf_input_len = (size_t)larg;
3292 1.1 christos ret = 1;
3293 1.1 christos }
3294 1.1 christos else
3295 1.1 christos s->tlsext_opaque_prf_input_len = 0;
3296 1.1 christos break;
3297 1.1 christos #endif
3298 1.1 christos
3299 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3300 1.1 christos s->tlsext_status_type=larg;
3301 1.1 christos ret = 1;
3302 1.1 christos break;
3303 1.1 christos
3304 1.1 christos case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3305 1.1 christos *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3306 1.1 christos ret = 1;
3307 1.1 christos break;
3308 1.1 christos
3309 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3310 1.1 christos s->tlsext_ocsp_exts = parg;
3311 1.1 christos ret = 1;
3312 1.1 christos break;
3313 1.1 christos
3314 1.1 christos case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3315 1.1 christos *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3316 1.1 christos ret = 1;
3317 1.1 christos break;
3318 1.1 christos
3319 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3320 1.1 christos s->tlsext_ocsp_ids = parg;
3321 1.1 christos ret = 1;
3322 1.1 christos break;
3323 1.1 christos
3324 1.1 christos case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3325 1.1 christos *(unsigned char **)parg = s->tlsext_ocsp_resp;
3326 1.1 christos return s->tlsext_ocsp_resplen;
3327 1.1 christos
3328 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3329 1.1 christos if (s->tlsext_ocsp_resp)
3330 1.1 christos OPENSSL_free(s->tlsext_ocsp_resp);
3331 1.1 christos s->tlsext_ocsp_resp = parg;
3332 1.1 christos s->tlsext_ocsp_resplen = larg;
3333 1.1 christos ret = 1;
3334 1.1 christos break;
3335 1.1 christos
3336 1.8 christos #ifndef OPENSSL_NO_HEARTBEATS
3337 1.8 christos case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3338 1.8 christos if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
3339 1.8 christos ret = dtls1_heartbeat(s);
3340 1.8 christos else
3341 1.8 christos ret = tls1_heartbeat(s);
3342 1.8 christos break;
3343 1.8 christos
3344 1.8 christos case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3345 1.8 christos ret = s->tlsext_hb_pending;
3346 1.8 christos break;
3347 1.8 christos
3348 1.8 christos case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3349 1.8 christos if (larg)
3350 1.8 christos s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3351 1.8 christos else
3352 1.8 christos s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3353 1.8 christos ret = 1;
3354 1.8 christos break;
3355 1.8 christos #endif
3356 1.8 christos
3357 1.1 christos #endif /* !OPENSSL_NO_TLSEXT */
3358 1.1 christos default:
3359 1.1 christos break;
3360 1.1 christos }
3361 1.1 christos return(ret);
3362 1.1 christos }
3363 1.1 christos
3364 1.1 christos long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3365 1.1 christos {
3366 1.1 christos int ret=0;
3367 1.1 christos
3368 1.1 christos #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3369 1.1 christos if (
3370 1.1 christos #ifndef OPENSSL_NO_RSA
3371 1.1 christos cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3372 1.1 christos #endif
3373 1.1 christos #ifndef OPENSSL_NO_DSA
3374 1.1 christos cmd == SSL_CTRL_SET_TMP_DH_CB ||
3375 1.1 christos #endif
3376 1.1 christos 0)
3377 1.1 christos {
3378 1.1 christos if (!ssl_cert_inst(&s->cert))
3379 1.1 christos {
3380 1.1 christos SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3381 1.1 christos return(0);
3382 1.1 christos }
3383 1.1 christos }
3384 1.1 christos #endif
3385 1.1 christos
3386 1.1 christos switch (cmd)
3387 1.1 christos {
3388 1.1 christos #ifndef OPENSSL_NO_RSA
3389 1.1 christos case SSL_CTRL_SET_TMP_RSA_CB:
3390 1.1 christos {
3391 1.1 christos s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3392 1.1 christos }
3393 1.1 christos break;
3394 1.1 christos #endif
3395 1.1 christos #ifndef OPENSSL_NO_DH
3396 1.1 christos case SSL_CTRL_SET_TMP_DH_CB:
3397 1.1 christos {
3398 1.1 christos s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3399 1.1 christos }
3400 1.1 christos break;
3401 1.1 christos #endif
3402 1.1 christos #ifndef OPENSSL_NO_ECDH
3403 1.1 christos case SSL_CTRL_SET_TMP_ECDH_CB:
3404 1.1 christos {
3405 1.1 christos s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3406 1.1 christos }
3407 1.1 christos break;
3408 1.1 christos #endif
3409 1.1 christos #ifndef OPENSSL_NO_TLSEXT
3410 1.1 christos case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3411 1.1 christos s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
3412 1.1 christos unsigned char *, int, void *))fp;
3413 1.1 christos break;
3414 1.1 christos #endif
3415 1.1 christos default:
3416 1.1 christos break;
3417 1.1 christos }
3418 1.1 christos return(ret);
3419 1.1 christos }
3420 1.1 christos
3421 1.1 christos long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3422 1.1 christos {
3423 1.1 christos CERT *cert;
3424 1.1 christos
3425 1.1 christos cert=ctx->cert;
3426 1.1 christos
3427 1.1 christos switch (cmd)
3428 1.1 christos {
3429 1.1 christos #ifndef OPENSSL_NO_RSA
3430 1.1 christos case SSL_CTRL_NEED_TMP_RSA:
3431 1.1 christos if ( (cert->rsa_tmp == NULL) &&
3432 1.1 christos ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3433 1.1 christos (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
3434 1.1 christos )
3435 1.1 christos return(1);
3436 1.1 christos else
3437 1.1 christos return(0);
3438 1.1 christos /* break; */
3439 1.1 christos case SSL_CTRL_SET_TMP_RSA:
3440 1.1 christos {
3441 1.1 christos RSA *rsa;
3442 1.1 christos int i;
3443 1.1 christos
3444 1.1 christos rsa=(RSA *)parg;
3445 1.1 christos i=1;
3446 1.1 christos if (rsa == NULL)
3447 1.1 christos i=0;
3448 1.1 christos else
3449 1.1 christos {
3450 1.1 christos if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
3451 1.1 christos i=0;
3452 1.1 christos }
3453 1.1 christos if (!i)
3454 1.1 christos {
3455 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
3456 1.1 christos return(0);
3457 1.1 christos }
3458 1.1 christos else
3459 1.1 christos {
3460 1.1 christos if (cert->rsa_tmp != NULL)
3461 1.1 christos RSA_free(cert->rsa_tmp);
3462 1.1 christos cert->rsa_tmp=rsa;
3463 1.1 christos return(1);
3464 1.1 christos }
3465 1.1 christos }
3466 1.1 christos /* break; */
3467 1.1 christos case SSL_CTRL_SET_TMP_RSA_CB:
3468 1.1 christos {
3469 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3470 1.1 christos return(0);
3471 1.1 christos }
3472 1.1 christos break;
3473 1.1 christos #endif
3474 1.1 christos #ifndef OPENSSL_NO_DH
3475 1.1 christos case SSL_CTRL_SET_TMP_DH:
3476 1.1 christos {
3477 1.1 christos DH *new=NULL,*dh;
3478 1.1 christos
3479 1.1 christos dh=(DH *)parg;
3480 1.1 christos if ((new=DHparams_dup(dh)) == NULL)
3481 1.1 christos {
3482 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3483 1.1 christos return 0;
3484 1.1 christos }
3485 1.1 christos if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3486 1.1 christos {
3487 1.1 christos if (!DH_generate_key(new))
3488 1.1 christos {
3489 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3490 1.1 christos DH_free(new);
3491 1.1 christos return 0;
3492 1.1 christos }
3493 1.1 christos }
3494 1.1 christos if (cert->dh_tmp != NULL)
3495 1.1 christos DH_free(cert->dh_tmp);
3496 1.1 christos cert->dh_tmp=new;
3497 1.1 christos return 1;
3498 1.1 christos }
3499 1.1 christos /*break; */
3500 1.1 christos case SSL_CTRL_SET_TMP_DH_CB:
3501 1.1 christos {
3502 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3503 1.1 christos return(0);
3504 1.1 christos }
3505 1.1 christos break;
3506 1.1 christos #endif
3507 1.1 christos #ifndef OPENSSL_NO_ECDH
3508 1.1 christos case SSL_CTRL_SET_TMP_ECDH:
3509 1.1 christos {
3510 1.1 christos EC_KEY *ecdh = NULL;
3511 1.1 christos
3512 1.1 christos if (parg == NULL)
3513 1.1 christos {
3514 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3515 1.1 christos return 0;
3516 1.1 christos }
3517 1.1 christos ecdh = EC_KEY_dup((EC_KEY *)parg);
3518 1.1 christos if (ecdh == NULL)
3519 1.1 christos {
3520 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
3521 1.1 christos return 0;
3522 1.1 christos }
3523 1.1 christos if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
3524 1.1 christos {
3525 1.1 christos if (!EC_KEY_generate_key(ecdh))
3526 1.1 christos {
3527 1.1 christos EC_KEY_free(ecdh);
3528 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3529 1.1 christos return 0;
3530 1.1 christos }
3531 1.1 christos }
3532 1.1 christos
3533 1.1 christos if (cert->ecdh_tmp != NULL)
3534 1.1 christos {
3535 1.1 christos EC_KEY_free(cert->ecdh_tmp);
3536 1.1 christos }
3537 1.1 christos cert->ecdh_tmp = ecdh;
3538 1.1 christos return 1;
3539 1.1 christos }
3540 1.1 christos /* break; */
3541 1.1 christos case SSL_CTRL_SET_TMP_ECDH_CB:
3542 1.1 christos {
3543 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3544 1.1 christos return(0);
3545 1.1 christos }
3546 1.1 christos break;
3547 1.1 christos #endif /* !OPENSSL_NO_ECDH */
3548 1.1 christos #ifndef OPENSSL_NO_TLSEXT
3549 1.1 christos case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3550 1.1 christos ctx->tlsext_servername_arg=parg;
3551 1.1 christos break;
3552 1.1 christos case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3553 1.1 christos case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3554 1.1 christos {
3555 1.1 christos unsigned char *keys = parg;
3556 1.1 christos if (!keys)
3557 1.1 christos return 48;
3558 1.1 christos if (larg != 48)
3559 1.1 christos {
3560 1.1 christos SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3561 1.1 christos return 0;
3562 1.1 christos }
3563 1.1 christos if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3564 1.1 christos {
3565 1.1 christos memcpy(ctx->tlsext_tick_key_name, keys, 16);
3566 1.1 christos memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3567 1.1 christos memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3568 1.1 christos }
3569 1.1 christos else
3570 1.1 christos {
3571 1.1 christos memcpy(keys, ctx->tlsext_tick_key_name, 16);
3572 1.1 christos memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3573 1.1 christos memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3574 1.1 christos }
3575 1.1 christos return 1;
3576 1.1 christos }
3577 1.1 christos
3578 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input
3579 1.1 christos case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3580 1.1 christos ctx->tlsext_opaque_prf_input_callback_arg = parg;
3581 1.1 christos return 1;
3582 1.1 christos #endif
3583 1.1 christos
3584 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3585 1.1 christos ctx->tlsext_status_arg=parg;
3586 1.1 christos return 1;
3587 1.1 christos break;
3588 1.1 christos
3589 1.5 spz #ifndef OPENSSL_NO_SRP
3590 1.5 spz case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3591 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3592 1.5 spz if (ctx->srp_ctx.login != NULL)
3593 1.5 spz OPENSSL_free(ctx->srp_ctx.login);
3594 1.5 spz ctx->srp_ctx.login = NULL;
3595 1.5 spz if (parg == NULL)
3596 1.5 spz break;
3597 1.8 christos if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
3598 1.5 spz {
3599 1.5 spz SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3600 1.5 spz return 0;
3601 1.5 spz }
3602 1.5 spz if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
3603 1.5 spz {
3604 1.5 spz SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3605 1.5 spz return 0;
3606 1.5 spz }
3607 1.5 spz break;
3608 1.5 spz case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3609 1.5 spz ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
3610 1.5 spz ctx->srp_ctx.info=parg;
3611 1.5 spz break;
3612 1.5 spz case SSL_CTRL_SET_SRP_ARG:
3613 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3614 1.5 spz ctx->srp_ctx.SRP_cb_arg=parg;
3615 1.5 spz break;
3616 1.5 spz
3617 1.5 spz case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3618 1.5 spz ctx->srp_ctx.strength=larg;
3619 1.5 spz break;
3620 1.5 spz #endif
3621 1.1 christos #endif /* !OPENSSL_NO_TLSEXT */
3622 1.1 christos
3623 1.1 christos /* A Thawte special :-) */
3624 1.1 christos case SSL_CTRL_EXTRA_CHAIN_CERT:
3625 1.1 christos if (ctx->extra_certs == NULL)
3626 1.1 christos {
3627 1.1 christos if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
3628 1.1 christos return(0);
3629 1.1 christos }
3630 1.1 christos sk_X509_push(ctx->extra_certs,(X509 *)parg);
3631 1.1 christos break;
3632 1.1 christos
3633 1.8 christos case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3634 1.8 christos *(STACK_OF(X509) **)parg = ctx->extra_certs;
3635 1.8 christos break;
3636 1.8 christos
3637 1.8 christos case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3638 1.8 christos if (ctx->extra_certs)
3639 1.8 christos {
3640 1.8 christos sk_X509_pop_free(ctx->extra_certs, X509_free);
3641 1.8 christos ctx->extra_certs = NULL;
3642 1.8 christos }
3643 1.8 christos break;
3644 1.8 christos
3645 1.1 christos default:
3646 1.1 christos return(0);
3647 1.1 christos }
3648 1.1 christos return(1);
3649 1.1 christos }
3650 1.1 christos
3651 1.1 christos long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3652 1.1 christos {
3653 1.1 christos CERT *cert;
3654 1.1 christos
3655 1.1 christos cert=ctx->cert;
3656 1.1 christos
3657 1.1 christos switch (cmd)
3658 1.1 christos {
3659 1.1 christos #ifndef OPENSSL_NO_RSA
3660 1.1 christos case SSL_CTRL_SET_TMP_RSA_CB:
3661 1.1 christos {
3662 1.1 christos cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3663 1.1 christos }
3664 1.1 christos break;
3665 1.1 christos #endif
3666 1.1 christos #ifndef OPENSSL_NO_DH
3667 1.1 christos case SSL_CTRL_SET_TMP_DH_CB:
3668 1.1 christos {
3669 1.1 christos cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3670 1.1 christos }
3671 1.1 christos break;
3672 1.1 christos #endif
3673 1.1 christos #ifndef OPENSSL_NO_ECDH
3674 1.1 christos case SSL_CTRL_SET_TMP_ECDH_CB:
3675 1.1 christos {
3676 1.1 christos cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3677 1.1 christos }
3678 1.1 christos break;
3679 1.1 christos #endif
3680 1.1 christos #ifndef OPENSSL_NO_TLSEXT
3681 1.1 christos case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3682 1.1 christos ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
3683 1.1 christos break;
3684 1.1 christos
3685 1.1 christos #ifdef TLSEXT_TYPE_opaque_prf_input
3686 1.1 christos case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3687 1.1 christos ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
3688 1.1 christos break;
3689 1.1 christos #endif
3690 1.1 christos
3691 1.1 christos case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3692 1.1 christos ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
3693 1.1 christos break;
3694 1.1 christos
3695 1.1 christos case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3696 1.1 christos ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
3697 1.1 christos unsigned char *,
3698 1.1 christos EVP_CIPHER_CTX *,
3699 1.1 christos HMAC_CTX *, int))fp;
3700 1.1 christos break;
3701 1.1 christos
3702 1.5 spz #ifndef OPENSSL_NO_SRP
3703 1.5 spz case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3704 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3705 1.5 spz ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
3706 1.5 spz break;
3707 1.5 spz case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3708 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3709 1.5 spz ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
3710 1.5 spz break;
3711 1.5 spz case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3712 1.5 spz ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3713 1.5 spz ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
3714 1.5 spz break;
3715 1.5 spz #endif
3716 1.1 christos #endif
3717 1.1 christos default:
3718 1.1 christos return(0);
3719 1.1 christos }
3720 1.1 christos return(1);
3721 1.1 christos }
3722 1.1 christos
3723 1.1 christos /* This function needs to check if the ciphers required are actually
3724 1.1 christos * available */
3725 1.1 christos const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3726 1.1 christos {
3727 1.1 christos SSL_CIPHER c;
3728 1.1 christos const SSL_CIPHER *cp;
3729 1.1 christos unsigned long id;
3730 1.1 christos
3731 1.1 christos id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
3732 1.1 christos c.id=id;
3733 1.1 christos cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3734 1.5 spz #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3735 1.5 spz if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3736 1.5 spz #endif
3737 1.1 christos if (cp == NULL || cp->valid == 0)
3738 1.1 christos return NULL;
3739 1.1 christos else
3740 1.1 christos return cp;
3741 1.1 christos }
3742 1.1 christos
3743 1.1 christos int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3744 1.1 christos {
3745 1.1 christos long l;
3746 1.1 christos
3747 1.1 christos if (p != NULL)
3748 1.1 christos {
3749 1.1 christos l=c->id;
3750 1.1 christos if ((l & 0xff000000) != 0x03000000) return(0);
3751 1.1 christos p[0]=((unsigned char)(l>> 8L))&0xFF;
3752 1.1 christos p[1]=((unsigned char)(l ))&0xFF;
3753 1.1 christos }
3754 1.1 christos return(2);
3755 1.1 christos }
3756 1.1 christos
3757 1.1 christos SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3758 1.1 christos STACK_OF(SSL_CIPHER) *srvr)
3759 1.1 christos {
3760 1.1 christos SSL_CIPHER *c,*ret=NULL;
3761 1.1 christos STACK_OF(SSL_CIPHER) *prio, *allow;
3762 1.1 christos int i,ii,ok;
3763 1.1 christos #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3764 1.1 christos unsigned int j;
3765 1.1 christos int ec_ok, ec_nid;
3766 1.1 christos unsigned char ec_search1 = 0, ec_search2 = 0;
3767 1.1 christos #endif
3768 1.1 christos CERT *cert;
3769 1.1 christos unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
3770 1.1 christos
3771 1.1 christos /* Let's see which ciphers we can support */
3772 1.1 christos cert=s->cert;
3773 1.1 christos
3774 1.1 christos #if 0
3775 1.1 christos /* Do not set the compare functions, because this may lead to a
3776 1.1 christos * reordering by "id". We want to keep the original ordering.
3777 1.1 christos * We may pay a price in performance during sk_SSL_CIPHER_find(),
3778 1.1 christos * but would have to pay with the price of sk_SSL_CIPHER_dup().
3779 1.1 christos */
3780 1.1 christos sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3781 1.1 christos sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3782 1.1 christos #endif
3783 1.1 christos
3784 1.1 christos #ifdef CIPHER_DEBUG
3785 1.1 christos printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3786 1.1 christos for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
3787 1.1 christos {
3788 1.1 christos c=sk_SSL_CIPHER_value(srvr,i);
3789 1.1 christos printf("%p:%s\n",(void *)c,c->name);
3790 1.1 christos }
3791 1.1 christos printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3792 1.1 christos for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
3793 1.1 christos {
3794 1.1 christos c=sk_SSL_CIPHER_value(clnt,i);
3795 1.1 christos printf("%p:%s\n",(void *)c,c->name);
3796 1.1 christos }
3797 1.1 christos #endif
3798 1.1 christos
3799 1.1 christos if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
3800 1.1 christos {
3801 1.1 christos prio = srvr;
3802 1.1 christos allow = clnt;
3803 1.1 christos }
3804 1.1 christos else
3805 1.1 christos {
3806 1.1 christos prio = clnt;
3807 1.1 christos allow = srvr;
3808 1.1 christos }
3809 1.1 christos
3810 1.1 christos for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
3811 1.1 christos {
3812 1.1 christos c=sk_SSL_CIPHER_value(prio,i);
3813 1.1 christos
3814 1.8 christos /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3815 1.8 christos if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3816 1.8 christos (TLS1_get_version(s) < TLS1_2_VERSION))
3817 1.8 christos continue;
3818 1.8 christos
3819 1.1 christos ssl_set_cert_masks(cert,c);
3820 1.1 christos mask_k = cert->mask_k;
3821 1.1 christos mask_a = cert->mask_a;
3822 1.1 christos emask_k = cert->export_mask_k;
3823 1.1 christos emask_a = cert->export_mask_a;
3824 1.5 spz #ifndef OPENSSL_NO_SRP
3825 1.5 spz mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
3826 1.5 spz emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
3827 1.5 spz #endif
3828 1.1 christos
3829 1.1 christos #ifdef KSSL_DEBUG
3830 1.1 christos /* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3831 1.1 christos #endif /* KSSL_DEBUG */
3832 1.1 christos
3833 1.1 christos alg_k=c->algorithm_mkey;
3834 1.1 christos alg_a=c->algorithm_auth;
3835 1.1 christos
3836 1.1 christos #ifndef OPENSSL_NO_KRB5
3837 1.1 christos if (alg_k & SSL_kKRB5)
3838 1.1 christos {
3839 1.1 christos if ( !kssl_keytab_is_available(s->kssl_ctx) )
3840 1.1 christos continue;
3841 1.1 christos }
3842 1.1 christos #endif /* OPENSSL_NO_KRB5 */
3843 1.1 christos #ifndef OPENSSL_NO_PSK
3844 1.1 christos /* with PSK there must be server callback set */
3845 1.1 christos if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3846 1.1 christos continue;
3847 1.1 christos #endif /* OPENSSL_NO_PSK */
3848 1.1 christos
3849 1.1 christos if (SSL_C_IS_EXPORT(c))
3850 1.1 christos {
3851 1.1 christos ok = (alg_k & emask_k) && (alg_a & emask_a);
3852 1.1 christos #ifdef CIPHER_DEBUG
3853 1.1 christos printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
3854 1.1 christos (void *)c,c->name);
3855 1.1 christos #endif
3856 1.1 christos }
3857 1.1 christos else
3858 1.1 christos {
3859 1.1 christos ok = (alg_k & mask_k) && (alg_a & mask_a);
3860 1.1 christos #ifdef CIPHER_DEBUG
3861 1.1 christos printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
3862 1.1 christos c->name);
3863 1.1 christos #endif
3864 1.1 christos }
3865 1.1 christos
3866 1.1 christos #ifndef OPENSSL_NO_TLSEXT
3867 1.1 christos #ifndef OPENSSL_NO_EC
3868 1.1 christos if (
3869 1.1 christos /* if we are considering an ECC cipher suite that uses our certificate */
3870 1.1 christos (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3871 1.1 christos /* and we have an ECC certificate */
3872 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3873 1.1 christos /* and the client specified a Supported Point Formats extension */
3874 1.1 christos && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
3875 1.1 christos /* and our certificate's point is compressed */
3876 1.1 christos && (
3877 1.1 christos (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3878 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
3879 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
3880 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
3881 1.1 christos && (
3882 1.1 christos (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3883 1.1 christos || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
3884 1.1 christos )
3885 1.1 christos )
3886 1.1 christos )
3887 1.1 christos {
3888 1.1 christos ec_ok = 0;
3889 1.1 christos /* if our certificate's curve is over a field type that the client does not support
3890 1.1 christos * then do not allow this cipher suite to be negotiated */
3891 1.1 christos if (
3892 1.1 christos (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3893 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3894 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3895 1.1 christos && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3896 1.1 christos )
3897 1.1 christos {
3898 1.1 christos for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3899 1.1 christos {
3900 1.1 christos if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
3901 1.1 christos {
3902 1.1 christos ec_ok = 1;
3903 1.1 christos break;
3904 1.1 christos }
3905 1.1 christos }
3906 1.1 christos }
3907 1.1 christos else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3908 1.1 christos {
3909 1.1 christos for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3910 1.1 christos {
3911 1.1 christos if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
3912 1.1 christos {
3913 1.1 christos ec_ok = 1;
3914 1.1 christos break;
3915 1.1 christos }
3916 1.1 christos }
3917 1.1 christos }
3918 1.1 christos ok = ok && ec_ok;
3919 1.1 christos }
3920 1.1 christos if (
3921 1.1 christos /* if we are considering an ECC cipher suite that uses our certificate */
3922 1.1 christos (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3923 1.1 christos /* and we have an ECC certificate */
3924 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3925 1.1 christos /* and the client specified an EllipticCurves extension */
3926 1.1 christos && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3927 1.1 christos )
3928 1.1 christos {
3929 1.1 christos ec_ok = 0;
3930 1.1 christos if (
3931 1.1 christos (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3932 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3933 1.1 christos )
3934 1.1 christos {
3935 1.1 christos ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
3936 1.1 christos if ((ec_nid == 0)
3937 1.1 christos && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3938 1.1 christos )
3939 1.1 christos {
3940 1.1 christos if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3941 1.1 christos {
3942 1.1 christos ec_search1 = 0xFF;
3943 1.1 christos ec_search2 = 0x01;
3944 1.1 christos }
3945 1.1 christos else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3946 1.1 christos {
3947 1.1 christos ec_search1 = 0xFF;
3948 1.1 christos ec_search2 = 0x02;
3949 1.1 christos }
3950 1.1 christos }
3951 1.1 christos else
3952 1.1 christos {
3953 1.1 christos ec_search1 = 0x00;
3954 1.1 christos ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3955 1.1 christos }
3956 1.1 christos if ((ec_search1 != 0) || (ec_search2 != 0))
3957 1.1 christos {
3958 1.1 christos for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3959 1.1 christos {
3960 1.1 christos if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3961 1.1 christos {
3962 1.1 christos ec_ok = 1;
3963 1.1 christos break;
3964 1.1 christos }
3965 1.1 christos }
3966 1.1 christos }
3967 1.1 christos }
3968 1.1 christos ok = ok && ec_ok;
3969 1.1 christos }
3970 1.1 christos if (
3971 1.1 christos /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3972 1.1 christos (alg_k & SSL_kEECDH)
3973 1.1 christos /* and we have an ephemeral EC key */
3974 1.1 christos && (s->cert->ecdh_tmp != NULL)
3975 1.1 christos /* and the client specified an EllipticCurves extension */
3976 1.1 christos && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3977 1.1 christos )
3978 1.1 christos {
3979 1.1 christos ec_ok = 0;
3980 1.1 christos if (s->cert->ecdh_tmp->group != NULL)
3981 1.1 christos {
3982 1.1 christos ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3983 1.1 christos if ((ec_nid == 0)
3984 1.1 christos && (s->cert->ecdh_tmp->group->meth != NULL)
3985 1.1 christos )
3986 1.1 christos {
3987 1.1 christos if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3988 1.1 christos {
3989 1.1 christos ec_search1 = 0xFF;
3990 1.1 christos ec_search2 = 0x01;
3991 1.1 christos }
3992 1.1 christos else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3993 1.1 christos {
3994 1.1 christos ec_search1 = 0xFF;
3995 1.1 christos ec_search2 = 0x02;
3996 1.1 christos }
3997 1.1 christos }
3998 1.1 christos else
3999 1.1 christos {
4000 1.1 christos ec_search1 = 0x00;
4001 1.1 christos ec_search2 = tls1_ec_nid2curve_id(ec_nid);
4002 1.1 christos }
4003 1.1 christos if ((ec_search1 != 0) || (ec_search2 != 0))
4004 1.1 christos {
4005 1.1 christos for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
4006 1.1 christos {
4007 1.1 christos if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
4008 1.1 christos {
4009 1.1 christos ec_ok = 1;
4010 1.1 christos break;
4011 1.1 christos }
4012 1.1 christos }
4013 1.1 christos }
4014 1.1 christos }
4015 1.1 christos ok = ok && ec_ok;
4016 1.1 christos }
4017 1.1 christos #endif /* OPENSSL_NO_EC */
4018 1.1 christos #endif /* OPENSSL_NO_TLSEXT */
4019 1.1 christos
4020 1.1 christos if (!ok) continue;
4021 1.1 christos ii=sk_SSL_CIPHER_find(allow,c);
4022 1.1 christos if (ii >= 0)
4023 1.1 christos {
4024 1.10 christos #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4025 1.10 christos if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
4026 1.10 christos {
4027 1.10 christos if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
4028 1.10 christos continue;
4029 1.10 christos }
4030 1.10 christos #endif
4031 1.1 christos ret=sk_SSL_CIPHER_value(allow,ii);
4032 1.1 christos break;
4033 1.1 christos }
4034 1.1 christos }
4035 1.1 christos return(ret);
4036 1.1 christos }
4037 1.1 christos
4038 1.1 christos int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4039 1.1 christos {
4040 1.1 christos int ret=0;
4041 1.1 christos unsigned long alg_k;
4042 1.1 christos
4043 1.1 christos alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4044 1.1 christos
4045 1.1 christos #ifndef OPENSSL_NO_GOST
4046 1.1 christos if (s->version >= TLS1_VERSION)
4047 1.1 christos {
4048 1.1 christos if (alg_k & SSL_kGOST)
4049 1.1 christos {
4050 1.1 christos p[ret++]=TLS_CT_GOST94_SIGN;
4051 1.1 christos p[ret++]=TLS_CT_GOST01_SIGN;
4052 1.1 christos return(ret);
4053 1.1 christos }
4054 1.1 christos }
4055 1.1 christos #endif
4056 1.1 christos
4057 1.1 christos #ifndef OPENSSL_NO_DH
4058 1.1 christos if (alg_k & (SSL_kDHr|SSL_kEDH))
4059 1.1 christos {
4060 1.1 christos # ifndef OPENSSL_NO_RSA
4061 1.1 christos p[ret++]=SSL3_CT_RSA_FIXED_DH;
4062 1.1 christos # endif
4063 1.1 christos # ifndef OPENSSL_NO_DSA
4064 1.1 christos p[ret++]=SSL3_CT_DSS_FIXED_DH;
4065 1.1 christos # endif
4066 1.1 christos }
4067 1.1 christos if ((s->version == SSL3_VERSION) &&
4068 1.1 christos (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
4069 1.1 christos {
4070 1.1 christos # ifndef OPENSSL_NO_RSA
4071 1.1 christos p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
4072 1.1 christos # endif
4073 1.1 christos # ifndef OPENSSL_NO_DSA
4074 1.1 christos p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
4075 1.1 christos # endif
4076 1.1 christos }
4077 1.1 christos #endif /* !OPENSSL_NO_DH */
4078 1.1 christos #ifndef OPENSSL_NO_RSA
4079 1.1 christos p[ret++]=SSL3_CT_RSA_SIGN;
4080 1.1 christos #endif
4081 1.1 christos #ifndef OPENSSL_NO_DSA
4082 1.1 christos p[ret++]=SSL3_CT_DSS_SIGN;
4083 1.1 christos #endif
4084 1.1 christos #ifndef OPENSSL_NO_ECDH
4085 1.1 christos if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
4086 1.1 christos {
4087 1.1 christos p[ret++]=TLS_CT_RSA_FIXED_ECDH;
4088 1.1 christos p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
4089 1.1 christos }
4090 1.1 christos #endif
4091 1.1 christos
4092 1.1 christos #ifndef OPENSSL_NO_ECDSA
4093 1.1 christos /* ECDSA certs can be used with RSA cipher suites as well
4094 1.1 christos * so we don't need to check for SSL_kECDH or SSL_kEECDH
4095 1.1 christos */
4096 1.1 christos if (s->version >= TLS1_VERSION)
4097 1.1 christos {
4098 1.1 christos p[ret++]=TLS_CT_ECDSA_SIGN;
4099 1.1 christos }
4100 1.1 christos #endif
4101 1.1 christos return(ret);
4102 1.1 christos }
4103 1.1 christos
4104 1.1 christos int ssl3_shutdown(SSL *s)
4105 1.1 christos {
4106 1.1 christos int ret;
4107 1.1 christos
4108 1.1 christos /* Don't do anything much if we have not done the handshake or
4109 1.1 christos * we don't want to send messages :-) */
4110 1.1 christos if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
4111 1.1 christos {
4112 1.1 christos s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4113 1.1 christos return(1);
4114 1.1 christos }
4115 1.1 christos
4116 1.1 christos if (!(s->shutdown & SSL_SENT_SHUTDOWN))
4117 1.1 christos {
4118 1.1 christos s->shutdown|=SSL_SENT_SHUTDOWN;
4119 1.1 christos #if 1
4120 1.1 christos ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
4121 1.1 christos #endif
4122 1.1 christos /* our shutdown alert has been sent now, and if it still needs
4123 1.1 christos * to be written, s->s3->alert_dispatch will be true */
4124 1.1 christos if (s->s3->alert_dispatch)
4125 1.1 christos return(-1); /* return WANT_WRITE */
4126 1.1 christos }
4127 1.1 christos else if (s->s3->alert_dispatch)
4128 1.1 christos {
4129 1.1 christos /* resend it if not sent */
4130 1.1 christos #if 1
4131 1.1 christos ret=s->method->ssl_dispatch_alert(s);
4132 1.1 christos if(ret == -1)
4133 1.1 christos {
4134 1.1 christos /* we only get to return -1 here the 2nd/Nth
4135 1.1 christos * invocation, we must have already signalled
4136 1.1 christos * return 0 upon a previous invoation,
4137 1.1 christos * return WANT_WRITE */
4138 1.1 christos return(ret);
4139 1.1 christos }
4140 1.1 christos #endif
4141 1.1 christos }
4142 1.1 christos else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4143 1.1 christos {
4144 1.1 christos /* If we are waiting for a close from our peer, we are closed */
4145 1.1 christos s->method->ssl_read_bytes(s,0,NULL,0,0);
4146 1.1 christos if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4147 1.1 christos {
4148 1.1 christos return(-1); /* return WANT_READ */
4149 1.1 christos }
4150 1.1 christos }
4151 1.1 christos
4152 1.1 christos if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
4153 1.1 christos !s->s3->alert_dispatch)
4154 1.1 christos return(1);
4155 1.1 christos else
4156 1.1 christos return(0);
4157 1.1 christos }
4158 1.1 christos
4159 1.1 christos int ssl3_write(SSL *s, const void *buf, int len)
4160 1.1 christos {
4161 1.1 christos int ret,n;
4162 1.1 christos
4163 1.1 christos #if 0
4164 1.1 christos if (s->shutdown & SSL_SEND_SHUTDOWN)
4165 1.1 christos {
4166 1.1 christos s->rwstate=SSL_NOTHING;
4167 1.1 christos return(0);
4168 1.1 christos }
4169 1.1 christos #endif
4170 1.1 christos clear_sys_error();
4171 1.1 christos if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4172 1.1 christos
4173 1.1 christos /* This is an experimental flag that sends the
4174 1.1 christos * last handshake message in the same packet as the first
4175 1.1 christos * use data - used to see if it helps the TCP protocol during
4176 1.1 christos * session-id reuse */
4177 1.1 christos /* The second test is because the buffer may have been removed */
4178 1.1 christos if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
4179 1.1 christos {
4180 1.1 christos /* First time through, we write into the buffer */
4181 1.1 christos if (s->s3->delay_buf_pop_ret == 0)
4182 1.1 christos {
4183 1.1 christos ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
4184 1.1 christos buf,len);
4185 1.1 christos if (ret <= 0) return(ret);
4186 1.1 christos
4187 1.1 christos s->s3->delay_buf_pop_ret=ret;
4188 1.1 christos }
4189 1.1 christos
4190 1.1 christos s->rwstate=SSL_WRITING;
4191 1.1 christos n=BIO_flush(s->wbio);
4192 1.1 christos if (n <= 0) return(n);
4193 1.1 christos s->rwstate=SSL_NOTHING;
4194 1.1 christos
4195 1.1 christos /* We have flushed the buffer, so remove it */
4196 1.1 christos ssl_free_wbio_buffer(s);
4197 1.1 christos s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
4198 1.1 christos
4199 1.1 christos ret=s->s3->delay_buf_pop_ret;
4200 1.1 christos s->s3->delay_buf_pop_ret=0;
4201 1.1 christos }
4202 1.1 christos else
4203 1.1 christos {
4204 1.1 christos ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
4205 1.1 christos buf,len);
4206 1.1 christos if (ret <= 0) return(ret);
4207 1.1 christos }
4208 1.1 christos
4209 1.1 christos return(ret);
4210 1.1 christos }
4211 1.1 christos
4212 1.1 christos static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4213 1.1 christos {
4214 1.1 christos int ret;
4215 1.1 christos
4216 1.1 christos clear_sys_error();
4217 1.1 christos if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4218 1.1 christos s->s3->in_read_app_data=1;
4219 1.1 christos ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4220 1.1 christos if ((ret == -1) && (s->s3->in_read_app_data == 2))
4221 1.1 christos {
4222 1.1 christos /* ssl3_read_bytes decided to call s->handshake_func, which
4223 1.1 christos * called ssl3_read_bytes to read handshake data.
4224 1.1 christos * However, ssl3_read_bytes actually found application data
4225 1.1 christos * and thinks that application data makes sense here; so disable
4226 1.1 christos * handshake processing and try to read application data again. */
4227 1.1 christos s->in_handshake++;
4228 1.1 christos ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4229 1.1 christos s->in_handshake--;
4230 1.1 christos }
4231 1.1 christos else
4232 1.1 christos s->s3->in_read_app_data=0;
4233 1.1 christos
4234 1.1 christos return(ret);
4235 1.1 christos }
4236 1.1 christos
4237 1.1 christos int ssl3_read(SSL *s, void *buf, int len)
4238 1.1 christos {
4239 1.1 christos return ssl3_read_internal(s, buf, len, 0);
4240 1.1 christos }
4241 1.1 christos
4242 1.1 christos int ssl3_peek(SSL *s, void *buf, int len)
4243 1.1 christos {
4244 1.1 christos return ssl3_read_internal(s, buf, len, 1);
4245 1.1 christos }
4246 1.1 christos
4247 1.1 christos int ssl3_renegotiate(SSL *s)
4248 1.1 christos {
4249 1.1 christos if (s->handshake_func == NULL)
4250 1.1 christos return(1);
4251 1.1 christos
4252 1.1 christos if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4253 1.1 christos return(0);
4254 1.1 christos
4255 1.1 christos s->s3->renegotiate=1;
4256 1.1 christos return(1);
4257 1.1 christos }
4258 1.1 christos
4259 1.1 christos int ssl3_renegotiate_check(SSL *s)
4260 1.1 christos {
4261 1.1 christos int ret=0;
4262 1.1 christos
4263 1.1 christos if (s->s3->renegotiate)
4264 1.1 christos {
4265 1.1 christos if ( (s->s3->rbuf.left == 0) &&
4266 1.1 christos (s->s3->wbuf.left == 0) &&
4267 1.1 christos !SSL_in_init(s))
4268 1.1 christos {
4269 1.1 christos /*
4270 1.1 christos if we are the server, and we have sent a 'RENEGOTIATE' message, we
4271 1.1 christos need to go to SSL_ST_ACCEPT.
4272 1.1 christos */
4273 1.1 christos /* SSL_ST_ACCEPT */
4274 1.1 christos s->state=SSL_ST_RENEGOTIATE;
4275 1.1 christos s->s3->renegotiate=0;
4276 1.1 christos s->s3->num_renegotiations++;
4277 1.1 christos s->s3->total_renegotiations++;
4278 1.1 christos ret=1;
4279 1.1 christos }
4280 1.1 christos }
4281 1.1 christos return(ret);
4282 1.1 christos }
4283 1.5 spz /* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4284 1.5 spz * to new SHA256 PRF and handshake macs
4285 1.5 spz */
4286 1.5 spz long ssl_get_algorithm2(SSL *s)
4287 1.5 spz {
4288 1.5 spz long alg2 = s->s3->tmp.new_cipher->algorithm2;
4289 1.10 christos if (s->method->version == TLS1_2_VERSION &&
4290 1.5 spz alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
4291 1.5 spz return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4292 1.5 spz return alg2;
4293 1.5 spz }
4294 1.5 spz
4295