s3_lib.c revision 1.14
1 /* ssl/s3_lib.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay (at) cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay (at) cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core (at) openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay (at) cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh (at) cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * 114 * Portions of the attached software ("Contribution") are developed by 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 * 117 * The Contribution is licensed pursuant to the OpenSSL open source 118 * license provided above. 119 * 120 * ECC cipher suite support in OpenSSL originally written by 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 * 123 */ 124 /* ==================================================================== 125 * Copyright 2005 Nokia. All rights reserved. 126 * 127 * The portions of the attached software ("Contribution") is developed by 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 * license. 130 * 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 * support (see RFC 4279) to OpenSSL. 134 * 135 * No patent licenses or other rights except those expressly stated in 136 * the OpenSSL open source license shall be deemed granted or received 137 * expressly, by implication, estoppel, or otherwise. 138 * 139 * No assurances are provided by Nokia that the Contribution does not 140 * infringe the patent or other intellectual property rights of any third 141 * party or that the license provides you with all the necessary rights 142 * to make use of the Contribution. 143 * 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 * OTHERWISE. 149 */ 150 151 #include <stdio.h> 152 #include <openssl/objects.h> 153 #include "ssl_locl.h" 154 #include "kssl_lcl.h" 155 #ifndef OPENSSL_NO_TLSEXT 156 # ifndef OPENSSL_NO_EC 157 # include "../crypto/ec/ec_lcl.h" 158 # endif /* OPENSSL_NO_EC */ 159 #endif /* OPENSSL_NO_TLSEXT */ 160 #include <openssl/md5.h> 161 #ifndef OPENSSL_NO_DH 162 # include <openssl/dh.h> 163 #endif 164 165 const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT; 166 167 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) 168 169 /* list of available SSLv3 ciphers (sorted by id) */ 170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 171 172 /* The RSA ciphers */ 173 /* Cipher 01 */ 174 { 175 1, 176 SSL3_TXT_RSA_NULL_MD5, 177 SSL3_CK_RSA_NULL_MD5, 178 SSL_kRSA, 179 SSL_aRSA, 180 SSL_eNULL, 181 SSL_MD5, 182 SSL_SSLV3, 183 SSL_NOT_EXP | SSL_STRONG_NONE, 184 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 185 0, 186 0, 187 }, 188 189 /* Cipher 02 */ 190 { 191 1, 192 SSL3_TXT_RSA_NULL_SHA, 193 SSL3_CK_RSA_NULL_SHA, 194 SSL_kRSA, 195 SSL_aRSA, 196 SSL_eNULL, 197 SSL_SHA1, 198 SSL_SSLV3, 199 SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 200 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 201 0, 202 0, 203 }, 204 205 /* Cipher 03 */ 206 { 207 1, 208 SSL3_TXT_RSA_RC4_40_MD5, 209 SSL3_CK_RSA_RC4_40_MD5, 210 SSL_kRSA, 211 SSL_aRSA, 212 SSL_RC4, 213 SSL_MD5, 214 SSL_SSLV3, 215 SSL_EXPORT | SSL_EXP40, 216 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 217 40, 218 128, 219 }, 220 221 /* Cipher 04 */ 222 { 223 1, 224 SSL3_TXT_RSA_RC4_128_MD5, 225 SSL3_CK_RSA_RC4_128_MD5, 226 SSL_kRSA, 227 SSL_aRSA, 228 SSL_RC4, 229 SSL_MD5, 230 SSL_SSLV3, 231 SSL_NOT_EXP | SSL_MEDIUM, 232 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 233 128, 234 128, 235 }, 236 237 /* Cipher 05 */ 238 { 239 1, 240 SSL3_TXT_RSA_RC4_128_SHA, 241 SSL3_CK_RSA_RC4_128_SHA, 242 SSL_kRSA, 243 SSL_aRSA, 244 SSL_RC4, 245 SSL_SHA1, 246 SSL_SSLV3, 247 SSL_NOT_EXP | SSL_MEDIUM, 248 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 249 128, 250 128, 251 }, 252 253 /* Cipher 06 */ 254 { 255 1, 256 SSL3_TXT_RSA_RC2_40_MD5, 257 SSL3_CK_RSA_RC2_40_MD5, 258 SSL_kRSA, 259 SSL_aRSA, 260 SSL_RC2, 261 SSL_MD5, 262 SSL_SSLV3, 263 SSL_EXPORT | SSL_EXP40, 264 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 265 40, 266 128, 267 }, 268 269 /* Cipher 07 */ 270 #ifndef OPENSSL_NO_IDEA 271 { 272 1, 273 SSL3_TXT_RSA_IDEA_128_SHA, 274 SSL3_CK_RSA_IDEA_128_SHA, 275 SSL_kRSA, 276 SSL_aRSA, 277 SSL_IDEA, 278 SSL_SHA1, 279 SSL_SSLV3, 280 SSL_NOT_EXP | SSL_MEDIUM, 281 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 282 128, 283 128, 284 }, 285 #endif 286 287 /* Cipher 08 */ 288 { 289 1, 290 SSL3_TXT_RSA_DES_40_CBC_SHA, 291 SSL3_CK_RSA_DES_40_CBC_SHA, 292 SSL_kRSA, 293 SSL_aRSA, 294 SSL_DES, 295 SSL_SHA1, 296 SSL_SSLV3, 297 SSL_EXPORT | SSL_EXP40, 298 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 299 40, 300 56, 301 }, 302 303 /* Cipher 09 */ 304 { 305 1, 306 SSL3_TXT_RSA_DES_64_CBC_SHA, 307 SSL3_CK_RSA_DES_64_CBC_SHA, 308 SSL_kRSA, 309 SSL_aRSA, 310 SSL_DES, 311 SSL_SHA1, 312 SSL_SSLV3, 313 SSL_NOT_EXP | SSL_LOW, 314 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 315 56, 316 56, 317 }, 318 319 /* Cipher 0A */ 320 { 321 1, 322 SSL3_TXT_RSA_DES_192_CBC3_SHA, 323 SSL3_CK_RSA_DES_192_CBC3_SHA, 324 SSL_kRSA, 325 SSL_aRSA, 326 SSL_3DES, 327 SSL_SHA1, 328 SSL_SSLV3, 329 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 330 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 331 112, 332 168, 333 }, 334 335 /* The DH ciphers */ 336 /* Cipher 0B */ 337 { 338 0, 339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 340 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 341 SSL_kDHd, 342 SSL_aDH, 343 SSL_DES, 344 SSL_SHA1, 345 SSL_SSLV3, 346 SSL_EXPORT | SSL_EXP40, 347 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 348 40, 349 56, 350 }, 351 352 /* Cipher 0C */ 353 { 354 0, /* not implemented (non-ephemeral DH) */ 355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 356 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 357 SSL_kDHd, 358 SSL_aDH, 359 SSL_DES, 360 SSL_SHA1, 361 SSL_SSLV3, 362 SSL_NOT_EXP | SSL_LOW, 363 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 364 56, 365 56, 366 }, 367 368 /* Cipher 0D */ 369 { 370 0, /* not implemented (non-ephemeral DH) */ 371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 373 SSL_kDHd, 374 SSL_aDH, 375 SSL_3DES, 376 SSL_SHA1, 377 SSL_SSLV3, 378 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 379 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 380 112, 381 168, 382 }, 383 384 /* Cipher 0E */ 385 { 386 0, /* not implemented (non-ephemeral DH) */ 387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 388 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 389 SSL_kDHr, 390 SSL_aDH, 391 SSL_DES, 392 SSL_SHA1, 393 SSL_SSLV3, 394 SSL_EXPORT | SSL_EXP40, 395 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 396 40, 397 56, 398 }, 399 400 /* Cipher 0F */ 401 { 402 0, /* not implemented (non-ephemeral DH) */ 403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 404 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 405 SSL_kDHr, 406 SSL_aDH, 407 SSL_DES, 408 SSL_SHA1, 409 SSL_SSLV3, 410 SSL_NOT_EXP | SSL_LOW, 411 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 412 56, 413 56, 414 }, 415 416 /* Cipher 10 */ 417 { 418 0, /* not implemented (non-ephemeral DH) */ 419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 421 SSL_kDHr, 422 SSL_aDH, 423 SSL_3DES, 424 SSL_SHA1, 425 SSL_SSLV3, 426 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 427 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 428 112, 429 168, 430 }, 431 432 /* The Ephemeral DH ciphers */ 433 /* Cipher 11 */ 434 { 435 1, 436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 438 SSL_kEDH, 439 SSL_aDSS, 440 SSL_DES, 441 SSL_SHA1, 442 SSL_SSLV3, 443 SSL_EXPORT | SSL_EXP40, 444 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 445 40, 446 56, 447 }, 448 449 /* Cipher 12 */ 450 { 451 1, 452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 454 SSL_kEDH, 455 SSL_aDSS, 456 SSL_DES, 457 SSL_SHA1, 458 SSL_SSLV3, 459 SSL_NOT_EXP | SSL_LOW, 460 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 461 56, 462 56, 463 }, 464 465 /* Cipher 13 */ 466 { 467 1, 468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 470 SSL_kEDH, 471 SSL_aDSS, 472 SSL_3DES, 473 SSL_SHA1, 474 SSL_SSLV3, 475 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 476 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 477 112, 478 168, 479 }, 480 481 /* Cipher 14 */ 482 { 483 1, 484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 486 SSL_kEDH, 487 SSL_aRSA, 488 SSL_DES, 489 SSL_SHA1, 490 SSL_SSLV3, 491 SSL_EXPORT | SSL_EXP40, 492 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 493 40, 494 56, 495 }, 496 497 /* Cipher 15 */ 498 { 499 1, 500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 502 SSL_kEDH, 503 SSL_aRSA, 504 SSL_DES, 505 SSL_SHA1, 506 SSL_SSLV3, 507 SSL_NOT_EXP | SSL_LOW, 508 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 509 56, 510 56, 511 }, 512 513 /* Cipher 16 */ 514 { 515 1, 516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 518 SSL_kEDH, 519 SSL_aRSA, 520 SSL_3DES, 521 SSL_SHA1, 522 SSL_SSLV3, 523 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 524 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 525 112, 526 168, 527 }, 528 529 /* Cipher 17 */ 530 { 531 1, 532 SSL3_TXT_ADH_RC4_40_MD5, 533 SSL3_CK_ADH_RC4_40_MD5, 534 SSL_kEDH, 535 SSL_aNULL, 536 SSL_RC4, 537 SSL_MD5, 538 SSL_SSLV3, 539 SSL_EXPORT | SSL_EXP40, 540 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 541 40, 542 128, 543 }, 544 545 /* Cipher 18 */ 546 { 547 1, 548 SSL3_TXT_ADH_RC4_128_MD5, 549 SSL3_CK_ADH_RC4_128_MD5, 550 SSL_kEDH, 551 SSL_aNULL, 552 SSL_RC4, 553 SSL_MD5, 554 SSL_SSLV3, 555 SSL_NOT_EXP | SSL_MEDIUM, 556 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 557 128, 558 128, 559 }, 560 561 /* Cipher 19 */ 562 { 563 1, 564 SSL3_TXT_ADH_DES_40_CBC_SHA, 565 SSL3_CK_ADH_DES_40_CBC_SHA, 566 SSL_kEDH, 567 SSL_aNULL, 568 SSL_DES, 569 SSL_SHA1, 570 SSL_SSLV3, 571 SSL_EXPORT | SSL_EXP40, 572 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 573 40, 574 128, 575 }, 576 577 /* Cipher 1A */ 578 { 579 1, 580 SSL3_TXT_ADH_DES_64_CBC_SHA, 581 SSL3_CK_ADH_DES_64_CBC_SHA, 582 SSL_kEDH, 583 SSL_aNULL, 584 SSL_DES, 585 SSL_SHA1, 586 SSL_SSLV3, 587 SSL_NOT_EXP | SSL_LOW, 588 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 589 56, 590 56, 591 }, 592 593 /* Cipher 1B */ 594 { 595 1, 596 SSL3_TXT_ADH_DES_192_CBC_SHA, 597 SSL3_CK_ADH_DES_192_CBC_SHA, 598 SSL_kEDH, 599 SSL_aNULL, 600 SSL_3DES, 601 SSL_SHA1, 602 SSL_SSLV3, 603 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 604 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 605 112, 606 168, 607 }, 608 609 /* Fortezza ciphersuite from SSL 3.0 spec */ 610 #if 0 611 /* Cipher 1C */ 612 { 613 0, 614 SSL3_TXT_FZA_DMS_NULL_SHA, 615 SSL3_CK_FZA_DMS_NULL_SHA, 616 SSL_kFZA, 617 SSL_aFZA, 618 SSL_eNULL, 619 SSL_SHA1, 620 SSL_SSLV3, 621 SSL_NOT_EXP | SSL_STRONG_NONE, 622 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 623 0, 624 0, 625 }, 626 627 /* Cipher 1D */ 628 { 629 0, 630 SSL3_TXT_FZA_DMS_FZA_SHA, 631 SSL3_CK_FZA_DMS_FZA_SHA, 632 SSL_kFZA, 633 SSL_aFZA, 634 SSL_eFZA, 635 SSL_SHA1, 636 SSL_SSLV3, 637 SSL_NOT_EXP | SSL_STRONG_NONE, 638 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 639 0, 640 0, 641 }, 642 643 /* Cipher 1E */ 644 { 645 0, 646 SSL3_TXT_FZA_DMS_RC4_SHA, 647 SSL3_CK_FZA_DMS_RC4_SHA, 648 SSL_kFZA, 649 SSL_aFZA, 650 SSL_RC4, 651 SSL_SHA1, 652 SSL_SSLV3, 653 SSL_NOT_EXP | SSL_MEDIUM, 654 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 655 128, 656 128, 657 }, 658 #endif 659 660 #ifndef OPENSSL_NO_KRB5 661 /* The Kerberos ciphers*/ 662 /* Cipher 1E */ 663 { 664 1, 665 SSL3_TXT_KRB5_DES_64_CBC_SHA, 666 SSL3_CK_KRB5_DES_64_CBC_SHA, 667 SSL_kKRB5, 668 SSL_aKRB5, 669 SSL_DES, 670 SSL_SHA1, 671 SSL_SSLV3, 672 SSL_NOT_EXP | SSL_LOW, 673 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 674 56, 675 56, 676 }, 677 678 /* Cipher 1F */ 679 { 680 1, 681 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 682 SSL3_CK_KRB5_DES_192_CBC3_SHA, 683 SSL_kKRB5, 684 SSL_aKRB5, 685 SSL_3DES, 686 SSL_SHA1, 687 SSL_SSLV3, 688 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 689 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 690 112, 691 168, 692 }, 693 694 /* Cipher 20 */ 695 { 696 1, 697 SSL3_TXT_KRB5_RC4_128_SHA, 698 SSL3_CK_KRB5_RC4_128_SHA, 699 SSL_kKRB5, 700 SSL_aKRB5, 701 SSL_RC4, 702 SSL_SHA1, 703 SSL_SSLV3, 704 SSL_NOT_EXP | SSL_MEDIUM, 705 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 706 128, 707 128, 708 }, 709 710 /* Cipher 21 */ 711 { 712 1, 713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 714 SSL3_CK_KRB5_IDEA_128_CBC_SHA, 715 SSL_kKRB5, 716 SSL_aKRB5, 717 SSL_IDEA, 718 SSL_SHA1, 719 SSL_SSLV3, 720 SSL_NOT_EXP | SSL_MEDIUM, 721 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 722 128, 723 128, 724 }, 725 726 /* Cipher 22 */ 727 { 728 1, 729 SSL3_TXT_KRB5_DES_64_CBC_MD5, 730 SSL3_CK_KRB5_DES_64_CBC_MD5, 731 SSL_kKRB5, 732 SSL_aKRB5, 733 SSL_DES, 734 SSL_MD5, 735 SSL_SSLV3, 736 SSL_NOT_EXP | SSL_LOW, 737 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 738 56, 739 56, 740 }, 741 742 /* Cipher 23 */ 743 { 744 1, 745 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 746 SSL3_CK_KRB5_DES_192_CBC3_MD5, 747 SSL_kKRB5, 748 SSL_aKRB5, 749 SSL_3DES, 750 SSL_MD5, 751 SSL_SSLV3, 752 SSL_NOT_EXP | SSL_HIGH, 753 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 754 112, 755 168, 756 }, 757 758 /* Cipher 24 */ 759 { 760 1, 761 SSL3_TXT_KRB5_RC4_128_MD5, 762 SSL3_CK_KRB5_RC4_128_MD5, 763 SSL_kKRB5, 764 SSL_aKRB5, 765 SSL_RC4, 766 SSL_MD5, 767 SSL_SSLV3, 768 SSL_NOT_EXP | SSL_MEDIUM, 769 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 770 128, 771 128, 772 }, 773 774 /* Cipher 25 */ 775 { 776 1, 777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 778 SSL3_CK_KRB5_IDEA_128_CBC_MD5, 779 SSL_kKRB5, 780 SSL_aKRB5, 781 SSL_IDEA, 782 SSL_MD5, 783 SSL_SSLV3, 784 SSL_NOT_EXP | SSL_MEDIUM, 785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 786 128, 787 128, 788 }, 789 790 /* Cipher 26 */ 791 { 792 1, 793 SSL3_TXT_KRB5_DES_40_CBC_SHA, 794 SSL3_CK_KRB5_DES_40_CBC_SHA, 795 SSL_kKRB5, 796 SSL_aKRB5, 797 SSL_DES, 798 SSL_SHA1, 799 SSL_SSLV3, 800 SSL_EXPORT | SSL_EXP40, 801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 802 40, 803 56, 804 }, 805 806 /* Cipher 27 */ 807 { 808 1, 809 SSL3_TXT_KRB5_RC2_40_CBC_SHA, 810 SSL3_CK_KRB5_RC2_40_CBC_SHA, 811 SSL_kKRB5, 812 SSL_aKRB5, 813 SSL_RC2, 814 SSL_SHA1, 815 SSL_SSLV3, 816 SSL_EXPORT | SSL_EXP40, 817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 818 40, 819 128, 820 }, 821 822 /* Cipher 28 */ 823 { 824 1, 825 SSL3_TXT_KRB5_RC4_40_SHA, 826 SSL3_CK_KRB5_RC4_40_SHA, 827 SSL_kKRB5, 828 SSL_aKRB5, 829 SSL_RC4, 830 SSL_SHA1, 831 SSL_SSLV3, 832 SSL_EXPORT | SSL_EXP40, 833 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 834 40, 835 128, 836 }, 837 838 /* Cipher 29 */ 839 { 840 1, 841 SSL3_TXT_KRB5_DES_40_CBC_MD5, 842 SSL3_CK_KRB5_DES_40_CBC_MD5, 843 SSL_kKRB5, 844 SSL_aKRB5, 845 SSL_DES, 846 SSL_MD5, 847 SSL_SSLV3, 848 SSL_EXPORT | SSL_EXP40, 849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 850 40, 851 56, 852 }, 853 854 /* Cipher 2A */ 855 { 856 1, 857 SSL3_TXT_KRB5_RC2_40_CBC_MD5, 858 SSL3_CK_KRB5_RC2_40_CBC_MD5, 859 SSL_kKRB5, 860 SSL_aKRB5, 861 SSL_RC2, 862 SSL_MD5, 863 SSL_SSLV3, 864 SSL_EXPORT | SSL_EXP40, 865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 866 40, 867 128, 868 }, 869 870 /* Cipher 2B */ 871 { 872 1, 873 SSL3_TXT_KRB5_RC4_40_MD5, 874 SSL3_CK_KRB5_RC4_40_MD5, 875 SSL_kKRB5, 876 SSL_aKRB5, 877 SSL_RC4, 878 SSL_MD5, 879 SSL_SSLV3, 880 SSL_EXPORT | SSL_EXP40, 881 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 882 40, 883 128, 884 }, 885 #endif /* OPENSSL_NO_KRB5 */ 886 887 /* New AES ciphersuites */ 888 /* Cipher 2F */ 889 { 890 1, 891 TLS1_TXT_RSA_WITH_AES_128_SHA, 892 TLS1_CK_RSA_WITH_AES_128_SHA, 893 SSL_kRSA, 894 SSL_aRSA, 895 SSL_AES128, 896 SSL_SHA1, 897 SSL_TLSV1, 898 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 899 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 900 128, 901 128, 902 }, 903 /* Cipher 30 */ 904 { 905 0, 906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 907 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 908 SSL_kDHd, 909 SSL_aDH, 910 SSL_AES128, 911 SSL_SHA1, 912 SSL_TLSV1, 913 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 914 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 915 128, 916 128, 917 }, 918 /* Cipher 31 */ 919 { 920 0, 921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 922 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 923 SSL_kDHr, 924 SSL_aDH, 925 SSL_AES128, 926 SSL_SHA1, 927 SSL_TLSV1, 928 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 929 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 930 128, 931 128, 932 }, 933 /* Cipher 32 */ 934 { 935 1, 936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 938 SSL_kEDH, 939 SSL_aDSS, 940 SSL_AES128, 941 SSL_SHA1, 942 SSL_TLSV1, 943 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 944 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 945 128, 946 128, 947 }, 948 /* Cipher 33 */ 949 { 950 1, 951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 953 SSL_kEDH, 954 SSL_aRSA, 955 SSL_AES128, 956 SSL_SHA1, 957 SSL_TLSV1, 958 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 959 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 960 128, 961 128, 962 }, 963 /* Cipher 34 */ 964 { 965 1, 966 TLS1_TXT_ADH_WITH_AES_128_SHA, 967 TLS1_CK_ADH_WITH_AES_128_SHA, 968 SSL_kEDH, 969 SSL_aNULL, 970 SSL_AES128, 971 SSL_SHA1, 972 SSL_TLSV1, 973 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 974 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 975 128, 976 128, 977 }, 978 979 /* Cipher 35 */ 980 { 981 1, 982 TLS1_TXT_RSA_WITH_AES_256_SHA, 983 TLS1_CK_RSA_WITH_AES_256_SHA, 984 SSL_kRSA, 985 SSL_aRSA, 986 SSL_AES256, 987 SSL_SHA1, 988 SSL_TLSV1, 989 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 990 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 991 256, 992 256, 993 }, 994 /* Cipher 36 */ 995 { 996 0, 997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 998 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 999 SSL_kDHd, 1000 SSL_aDH, 1001 SSL_AES256, 1002 SSL_SHA1, 1003 SSL_TLSV1, 1004 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1005 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1006 256, 1007 256, 1008 }, 1009 1010 /* Cipher 37 */ 1011 { 1012 0, /* not implemented (non-ephemeral DH) */ 1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1015 SSL_kDHr, 1016 SSL_aDH, 1017 SSL_AES256, 1018 SSL_SHA1, 1019 SSL_TLSV1, 1020 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1021 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1022 256, 1023 256, 1024 }, 1025 1026 /* Cipher 38 */ 1027 { 1028 1, 1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1031 SSL_kEDH, 1032 SSL_aDSS, 1033 SSL_AES256, 1034 SSL_SHA1, 1035 SSL_TLSV1, 1036 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1037 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1038 256, 1039 256, 1040 }, 1041 1042 /* Cipher 39 */ 1043 { 1044 1, 1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1047 SSL_kEDH, 1048 SSL_aRSA, 1049 SSL_AES256, 1050 SSL_SHA1, 1051 SSL_TLSV1, 1052 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1053 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1054 256, 1055 256, 1056 }, 1057 1058 /* Cipher 3A */ 1059 { 1060 1, 1061 TLS1_TXT_ADH_WITH_AES_256_SHA, 1062 TLS1_CK_ADH_WITH_AES_256_SHA, 1063 SSL_kEDH, 1064 SSL_aNULL, 1065 SSL_AES256, 1066 SSL_SHA1, 1067 SSL_TLSV1, 1068 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1069 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1070 256, 1071 256, 1072 }, 1073 1074 /* TLS v1.2 ciphersuites */ 1075 /* Cipher 3B */ 1076 { 1077 1, 1078 TLS1_TXT_RSA_WITH_NULL_SHA256, 1079 TLS1_CK_RSA_WITH_NULL_SHA256, 1080 SSL_kRSA, 1081 SSL_aRSA, 1082 SSL_eNULL, 1083 SSL_SHA256, 1084 SSL_TLSV1_2, 1085 SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 1086 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1087 0, 1088 0, 1089 }, 1090 1091 /* Cipher 3C */ 1092 { 1093 1, 1094 TLS1_TXT_RSA_WITH_AES_128_SHA256, 1095 TLS1_CK_RSA_WITH_AES_128_SHA256, 1096 SSL_kRSA, 1097 SSL_aRSA, 1098 SSL_AES128, 1099 SSL_SHA256, 1100 SSL_TLSV1_2, 1101 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1102 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1103 128, 1104 128, 1105 }, 1106 1107 /* Cipher 3D */ 1108 { 1109 1, 1110 TLS1_TXT_RSA_WITH_AES_256_SHA256, 1111 TLS1_CK_RSA_WITH_AES_256_SHA256, 1112 SSL_kRSA, 1113 SSL_aRSA, 1114 SSL_AES256, 1115 SSL_SHA256, 1116 SSL_TLSV1_2, 1117 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1118 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1119 256, 1120 256, 1121 }, 1122 1123 /* Cipher 3E */ 1124 { 1125 0, /* not implemented (non-ephemeral DH) */ 1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 1128 SSL_kDHd, 1129 SSL_aDH, 1130 SSL_AES128, 1131 SSL_SHA256, 1132 SSL_TLSV1_2, 1133 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1134 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1135 128, 1136 128, 1137 }, 1138 1139 /* Cipher 3F */ 1140 { 1141 0, /* not implemented (non-ephemeral DH) */ 1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, 1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256, 1144 SSL_kDHr, 1145 SSL_aDH, 1146 SSL_AES128, 1147 SSL_SHA256, 1148 SSL_TLSV1_2, 1149 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1150 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1151 128, 1152 128, 1153 }, 1154 1155 /* Cipher 40 */ 1156 { 1157 1, 1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 1160 SSL_kEDH, 1161 SSL_aDSS, 1162 SSL_AES128, 1163 SSL_SHA256, 1164 SSL_TLSV1_2, 1165 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1166 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1167 128, 1168 128, 1169 }, 1170 1171 #ifndef OPENSSL_NO_CAMELLIA 1172 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 1173 1174 /* Cipher 41 */ 1175 { 1176 1, 1177 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1178 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1179 SSL_kRSA, 1180 SSL_aRSA, 1181 SSL_CAMELLIA128, 1182 SSL_SHA1, 1183 SSL_TLSV1, 1184 SSL_NOT_EXP | SSL_HIGH, 1185 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1186 128, 1187 128, 1188 }, 1189 1190 /* Cipher 42 */ 1191 { 1192 0, /* not implemented (non-ephemeral DH) */ 1193 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1194 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1195 SSL_kDHd, 1196 SSL_aDH, 1197 SSL_CAMELLIA128, 1198 SSL_SHA1, 1199 SSL_TLSV1, 1200 SSL_NOT_EXP | SSL_HIGH, 1201 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1202 128, 1203 128, 1204 }, 1205 1206 /* Cipher 43 */ 1207 { 1208 0, /* not implemented (non-ephemeral DH) */ 1209 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1210 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1211 SSL_kDHr, 1212 SSL_aDH, 1213 SSL_CAMELLIA128, 1214 SSL_SHA1, 1215 SSL_TLSV1, 1216 SSL_NOT_EXP | SSL_HIGH, 1217 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1218 128, 1219 128, 1220 }, 1221 1222 /* Cipher 44 */ 1223 { 1224 1, 1225 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1226 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1227 SSL_kEDH, 1228 SSL_aDSS, 1229 SSL_CAMELLIA128, 1230 SSL_SHA1, 1231 SSL_TLSV1, 1232 SSL_NOT_EXP | SSL_HIGH, 1233 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1234 128, 1235 128, 1236 }, 1237 1238 /* Cipher 45 */ 1239 { 1240 1, 1241 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1242 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1243 SSL_kEDH, 1244 SSL_aRSA, 1245 SSL_CAMELLIA128, 1246 SSL_SHA1, 1247 SSL_TLSV1, 1248 SSL_NOT_EXP | SSL_HIGH, 1249 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1250 128, 1251 128, 1252 }, 1253 1254 /* Cipher 46 */ 1255 { 1256 1, 1257 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1258 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1259 SSL_kEDH, 1260 SSL_aNULL, 1261 SSL_CAMELLIA128, 1262 SSL_SHA1, 1263 SSL_TLSV1, 1264 SSL_NOT_EXP | SSL_HIGH, 1265 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1266 128, 1267 128, 1268 }, 1269 #endif /* OPENSSL_NO_CAMELLIA */ 1270 1271 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1272 /* New TLS Export CipherSuites from expired ID */ 1273 # if 0 1274 /* Cipher 60 */ 1275 { 1276 1, 1277 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1278 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1279 SSL_kRSA, 1280 SSL_aRSA, 1281 SSL_RC4, 1282 SSL_MD5, 1283 SSL_TLSV1, 1284 SSL_EXPORT | SSL_EXP56, 1285 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1286 56, 1287 128, 1288 }, 1289 1290 /* Cipher 61 */ 1291 { 1292 1, 1293 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1294 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1295 SSL_kRSA, 1296 SSL_aRSA, 1297 SSL_RC2, 1298 SSL_MD5, 1299 SSL_TLSV1, 1300 SSL_EXPORT | SSL_EXP56, 1301 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1302 56, 1303 128, 1304 }, 1305 # endif 1306 1307 /* Cipher 62 */ 1308 { 1309 1, 1310 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1311 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1312 SSL_kRSA, 1313 SSL_aRSA, 1314 SSL_DES, 1315 SSL_SHA1, 1316 SSL_TLSV1, 1317 SSL_EXPORT | SSL_EXP56, 1318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1319 56, 1320 56, 1321 }, 1322 1323 /* Cipher 63 */ 1324 { 1325 1, 1326 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1327 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1328 SSL_kEDH, 1329 SSL_aDSS, 1330 SSL_DES, 1331 SSL_SHA1, 1332 SSL_TLSV1, 1333 SSL_EXPORT | SSL_EXP56, 1334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1335 56, 1336 56, 1337 }, 1338 1339 /* Cipher 64 */ 1340 { 1341 1, 1342 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1343 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1344 SSL_kRSA, 1345 SSL_aRSA, 1346 SSL_RC4, 1347 SSL_SHA1, 1348 SSL_TLSV1, 1349 SSL_EXPORT | SSL_EXP56, 1350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1351 56, 1352 128, 1353 }, 1354 1355 /* Cipher 65 */ 1356 { 1357 1, 1358 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1359 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1360 SSL_kEDH, 1361 SSL_aDSS, 1362 SSL_RC4, 1363 SSL_SHA1, 1364 SSL_TLSV1, 1365 SSL_EXPORT | SSL_EXP56, 1366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1367 56, 1368 128, 1369 }, 1370 1371 /* Cipher 66 */ 1372 { 1373 1, 1374 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1375 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1376 SSL_kEDH, 1377 SSL_aDSS, 1378 SSL_RC4, 1379 SSL_SHA1, 1380 SSL_TLSV1, 1381 SSL_NOT_EXP | SSL_MEDIUM, 1382 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1383 128, 1384 128, 1385 }, 1386 #endif 1387 1388 /* TLS v1.2 ciphersuites */ 1389 /* Cipher 67 */ 1390 { 1391 1, 1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 1394 SSL_kEDH, 1395 SSL_aRSA, 1396 SSL_AES128, 1397 SSL_SHA256, 1398 SSL_TLSV1_2, 1399 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1400 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1401 128, 1402 128, 1403 }, 1404 1405 /* Cipher 68 */ 1406 { 1407 0, /* not implemented (non-ephemeral DH) */ 1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1410 SSL_kDHd, 1411 SSL_aDH, 1412 SSL_AES256, 1413 SSL_SHA256, 1414 SSL_TLSV1_2, 1415 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1417 256, 1418 256, 1419 }, 1420 1421 /* Cipher 69 */ 1422 { 1423 0, /* not implemented (non-ephemeral DH) */ 1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, 1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256, 1426 SSL_kDHr, 1427 SSL_aDH, 1428 SSL_AES256, 1429 SSL_SHA256, 1430 SSL_TLSV1_2, 1431 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1432 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1433 256, 1434 256, 1435 }, 1436 1437 /* Cipher 6A */ 1438 { 1439 1, 1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1442 SSL_kEDH, 1443 SSL_aDSS, 1444 SSL_AES256, 1445 SSL_SHA256, 1446 SSL_TLSV1_2, 1447 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1448 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1449 256, 1450 256, 1451 }, 1452 1453 /* Cipher 6B */ 1454 { 1455 1, 1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1458 SSL_kEDH, 1459 SSL_aRSA, 1460 SSL_AES256, 1461 SSL_SHA256, 1462 SSL_TLSV1_2, 1463 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1464 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1465 256, 1466 256, 1467 }, 1468 1469 /* Cipher 6C */ 1470 { 1471 1, 1472 TLS1_TXT_ADH_WITH_AES_128_SHA256, 1473 TLS1_CK_ADH_WITH_AES_128_SHA256, 1474 SSL_kEDH, 1475 SSL_aNULL, 1476 SSL_AES128, 1477 SSL_SHA256, 1478 SSL_TLSV1_2, 1479 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1480 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1481 128, 1482 128, 1483 }, 1484 1485 /* Cipher 6D */ 1486 { 1487 1, 1488 TLS1_TXT_ADH_WITH_AES_256_SHA256, 1489 TLS1_CK_ADH_WITH_AES_256_SHA256, 1490 SSL_kEDH, 1491 SSL_aNULL, 1492 SSL_AES256, 1493 SSL_SHA256, 1494 SSL_TLSV1_2, 1495 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1496 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1497 256, 1498 256, 1499 }, 1500 1501 /* GOST Ciphersuites */ 1502 1503 { 1504 1, 1505 "GOST94-GOST89-GOST89", 1506 0x3000080, 1507 SSL_kGOST, 1508 SSL_aGOST94, 1509 SSL_eGOST2814789CNT, 1510 SSL_GOST89MAC, 1511 SSL_TLSV1, 1512 SSL_NOT_EXP | SSL_HIGH, 1513 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 1514 256, 1515 256}, 1516 { 1517 1, 1518 "GOST2001-GOST89-GOST89", 1519 0x3000081, 1520 SSL_kGOST, 1521 SSL_aGOST01, 1522 SSL_eGOST2814789CNT, 1523 SSL_GOST89MAC, 1524 SSL_TLSV1, 1525 SSL_NOT_EXP | SSL_HIGH, 1526 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 1527 256, 1528 256}, 1529 { 1530 1, 1531 "GOST94-NULL-GOST94", 1532 0x3000082, 1533 SSL_kGOST, 1534 SSL_aGOST94, 1535 SSL_eNULL, 1536 SSL_GOST94, 1537 SSL_TLSV1, 1538 SSL_NOT_EXP | SSL_STRONG_NONE, 1539 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 1540 0, 1541 0}, 1542 { 1543 1, 1544 "GOST2001-NULL-GOST94", 1545 0x3000083, 1546 SSL_kGOST, 1547 SSL_aGOST01, 1548 SSL_eNULL, 1549 SSL_GOST94, 1550 SSL_TLSV1, 1551 SSL_NOT_EXP | SSL_STRONG_NONE, 1552 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 1553 0, 1554 0}, 1555 1556 #ifndef OPENSSL_NO_CAMELLIA 1557 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 1558 1559 /* Cipher 84 */ 1560 { 1561 1, 1562 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1563 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1564 SSL_kRSA, 1565 SSL_aRSA, 1566 SSL_CAMELLIA256, 1567 SSL_SHA1, 1568 SSL_TLSV1, 1569 SSL_NOT_EXP | SSL_HIGH, 1570 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1571 256, 1572 256, 1573 }, 1574 /* Cipher 85 */ 1575 { 1576 0, /* not implemented (non-ephemeral DH) */ 1577 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1578 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1579 SSL_kDHd, 1580 SSL_aDH, 1581 SSL_CAMELLIA256, 1582 SSL_SHA1, 1583 SSL_TLSV1, 1584 SSL_NOT_EXP | SSL_HIGH, 1585 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1586 256, 1587 256, 1588 }, 1589 1590 /* Cipher 86 */ 1591 { 1592 0, /* not implemented (non-ephemeral DH) */ 1593 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1594 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1595 SSL_kDHr, 1596 SSL_aDH, 1597 SSL_CAMELLIA256, 1598 SSL_SHA1, 1599 SSL_TLSV1, 1600 SSL_NOT_EXP | SSL_HIGH, 1601 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1602 256, 1603 256, 1604 }, 1605 1606 /* Cipher 87 */ 1607 { 1608 1, 1609 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1610 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1611 SSL_kEDH, 1612 SSL_aDSS, 1613 SSL_CAMELLIA256, 1614 SSL_SHA1, 1615 SSL_TLSV1, 1616 SSL_NOT_EXP | SSL_HIGH, 1617 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1618 256, 1619 256, 1620 }, 1621 1622 /* Cipher 88 */ 1623 { 1624 1, 1625 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1626 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1627 SSL_kEDH, 1628 SSL_aRSA, 1629 SSL_CAMELLIA256, 1630 SSL_SHA1, 1631 SSL_TLSV1, 1632 SSL_NOT_EXP | SSL_HIGH, 1633 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1634 256, 1635 256, 1636 }, 1637 1638 /* Cipher 89 */ 1639 { 1640 1, 1641 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1642 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1643 SSL_kEDH, 1644 SSL_aNULL, 1645 SSL_CAMELLIA256, 1646 SSL_SHA1, 1647 SSL_TLSV1, 1648 SSL_NOT_EXP | SSL_HIGH, 1649 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1650 256, 1651 256, 1652 }, 1653 #endif /* OPENSSL_NO_CAMELLIA */ 1654 1655 #ifndef OPENSSL_NO_PSK 1656 /* Cipher 8A */ 1657 { 1658 1, 1659 TLS1_TXT_PSK_WITH_RC4_128_SHA, 1660 TLS1_CK_PSK_WITH_RC4_128_SHA, 1661 SSL_kPSK, 1662 SSL_aPSK, 1663 SSL_RC4, 1664 SSL_SHA1, 1665 SSL_TLSV1, 1666 SSL_NOT_EXP | SSL_MEDIUM, 1667 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1668 128, 1669 128, 1670 }, 1671 1672 /* Cipher 8B */ 1673 { 1674 1, 1675 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, 1676 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, 1677 SSL_kPSK, 1678 SSL_aPSK, 1679 SSL_3DES, 1680 SSL_SHA1, 1681 SSL_TLSV1, 1682 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1683 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1684 112, 1685 168, 1686 }, 1687 1688 /* Cipher 8C */ 1689 { 1690 1, 1691 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 1692 TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 1693 SSL_kPSK, 1694 SSL_aPSK, 1695 SSL_AES128, 1696 SSL_SHA1, 1697 SSL_TLSV1, 1698 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1699 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1700 128, 1701 128, 1702 }, 1703 1704 /* Cipher 8D */ 1705 { 1706 1, 1707 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 1708 TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 1709 SSL_kPSK, 1710 SSL_aPSK, 1711 SSL_AES256, 1712 SSL_SHA1, 1713 SSL_TLSV1, 1714 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1715 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1716 256, 1717 256, 1718 }, 1719 #endif /* OPENSSL_NO_PSK */ 1720 1721 #ifndef OPENSSL_NO_SEED 1722 /* SEED ciphersuites from RFC4162 */ 1723 1724 /* Cipher 96 */ 1725 { 1726 1, 1727 TLS1_TXT_RSA_WITH_SEED_SHA, 1728 TLS1_CK_RSA_WITH_SEED_SHA, 1729 SSL_kRSA, 1730 SSL_aRSA, 1731 SSL_SEED, 1732 SSL_SHA1, 1733 SSL_TLSV1, 1734 SSL_NOT_EXP | SSL_MEDIUM, 1735 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1736 128, 1737 128, 1738 }, 1739 1740 /* Cipher 97 */ 1741 { 1742 0, /* not implemented (non-ephemeral DH) */ 1743 TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1744 TLS1_CK_DH_DSS_WITH_SEED_SHA, 1745 SSL_kDHd, 1746 SSL_aDH, 1747 SSL_SEED, 1748 SSL_SHA1, 1749 SSL_TLSV1, 1750 SSL_NOT_EXP | SSL_MEDIUM, 1751 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1752 128, 1753 128, 1754 }, 1755 1756 /* Cipher 98 */ 1757 { 1758 0, /* not implemented (non-ephemeral DH) */ 1759 TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1760 TLS1_CK_DH_RSA_WITH_SEED_SHA, 1761 SSL_kDHr, 1762 SSL_aDH, 1763 SSL_SEED, 1764 SSL_SHA1, 1765 SSL_TLSV1, 1766 SSL_NOT_EXP | SSL_MEDIUM, 1767 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1768 128, 1769 128, 1770 }, 1771 1772 /* Cipher 99 */ 1773 { 1774 1, 1775 TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1776 TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1777 SSL_kEDH, 1778 SSL_aDSS, 1779 SSL_SEED, 1780 SSL_SHA1, 1781 SSL_TLSV1, 1782 SSL_NOT_EXP | SSL_MEDIUM, 1783 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1784 128, 1785 128, 1786 }, 1787 1788 /* Cipher 9A */ 1789 { 1790 1, 1791 TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1792 TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1793 SSL_kEDH, 1794 SSL_aRSA, 1795 SSL_SEED, 1796 SSL_SHA1, 1797 SSL_TLSV1, 1798 SSL_NOT_EXP | SSL_MEDIUM, 1799 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1800 128, 1801 128, 1802 }, 1803 1804 /* Cipher 9B */ 1805 { 1806 1, 1807 TLS1_TXT_ADH_WITH_SEED_SHA, 1808 TLS1_CK_ADH_WITH_SEED_SHA, 1809 SSL_kEDH, 1810 SSL_aNULL, 1811 SSL_SEED, 1812 SSL_SHA1, 1813 SSL_TLSV1, 1814 SSL_NOT_EXP | SSL_MEDIUM, 1815 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 1816 128, 1817 128, 1818 }, 1819 1820 #endif /* OPENSSL_NO_SEED */ 1821 1822 /* GCM ciphersuites from RFC5288 */ 1823 1824 /* Cipher 9C */ 1825 { 1826 1, 1827 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 1828 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 1829 SSL_kRSA, 1830 SSL_aRSA, 1831 SSL_AES128GCM, 1832 SSL_AEAD, 1833 SSL_TLSV1_2, 1834 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1835 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1836 128, 1837 128, 1838 }, 1839 1840 /* Cipher 9D */ 1841 { 1842 1, 1843 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 1844 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 1845 SSL_kRSA, 1846 SSL_aRSA, 1847 SSL_AES256GCM, 1848 SSL_AEAD, 1849 SSL_TLSV1_2, 1850 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1851 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1852 256, 1853 256, 1854 }, 1855 1856 /* Cipher 9E */ 1857 { 1858 1, 1859 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1860 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1861 SSL_kEDH, 1862 SSL_aRSA, 1863 SSL_AES128GCM, 1864 SSL_AEAD, 1865 SSL_TLSV1_2, 1866 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1867 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1868 128, 1869 128, 1870 }, 1871 1872 /* Cipher 9F */ 1873 { 1874 1, 1875 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1876 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1877 SSL_kEDH, 1878 SSL_aRSA, 1879 SSL_AES256GCM, 1880 SSL_AEAD, 1881 SSL_TLSV1_2, 1882 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1883 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1884 256, 1885 256, 1886 }, 1887 1888 /* Cipher A0 */ 1889 { 1890 0, 1891 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, 1892 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, 1893 SSL_kDHr, 1894 SSL_aDH, 1895 SSL_AES128GCM, 1896 SSL_AEAD, 1897 SSL_TLSV1_2, 1898 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1899 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1900 128, 1901 128, 1902 }, 1903 1904 /* Cipher A1 */ 1905 { 1906 0, 1907 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, 1908 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, 1909 SSL_kDHr, 1910 SSL_aDH, 1911 SSL_AES256GCM, 1912 SSL_AEAD, 1913 SSL_TLSV1_2, 1914 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1915 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1916 256, 1917 256, 1918 }, 1919 1920 /* Cipher A2 */ 1921 { 1922 1, 1923 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1924 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1925 SSL_kEDH, 1926 SSL_aDSS, 1927 SSL_AES128GCM, 1928 SSL_AEAD, 1929 SSL_TLSV1_2, 1930 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1931 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1932 128, 1933 128, 1934 }, 1935 1936 /* Cipher A3 */ 1937 { 1938 1, 1939 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1940 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1941 SSL_kEDH, 1942 SSL_aDSS, 1943 SSL_AES256GCM, 1944 SSL_AEAD, 1945 SSL_TLSV1_2, 1946 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1947 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1948 256, 1949 256, 1950 }, 1951 1952 /* Cipher A4 */ 1953 { 1954 0, 1955 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1956 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1957 SSL_kDHd, 1958 SSL_aDH, 1959 SSL_AES128GCM, 1960 SSL_AEAD, 1961 SSL_TLSV1_2, 1962 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1963 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1964 128, 1965 128, 1966 }, 1967 1968 /* Cipher A5 */ 1969 { 1970 0, 1971 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1972 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1973 SSL_kDHd, 1974 SSL_aDH, 1975 SSL_AES256GCM, 1976 SSL_AEAD, 1977 SSL_TLSV1_2, 1978 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1979 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 1980 256, 1981 256, 1982 }, 1983 1984 /* Cipher A6 */ 1985 { 1986 1, 1987 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1988 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1989 SSL_kEDH, 1990 SSL_aNULL, 1991 SSL_AES128GCM, 1992 SSL_AEAD, 1993 SSL_TLSV1_2, 1994 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 1995 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 1996 128, 1997 128, 1998 }, 1999 2000 /* Cipher A7 */ 2001 { 2002 1, 2003 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 2004 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 2005 SSL_kEDH, 2006 SSL_aNULL, 2007 SSL_AES256GCM, 2008 SSL_AEAD, 2009 SSL_TLSV1_2, 2010 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2011 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2012 256, 2013 256, 2014 }, 2015 2016 #ifndef OPENSSL_NO_ECDH 2017 /* Cipher C001 */ 2018 { 2019 1, 2020 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 2021 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 2022 SSL_kECDHe, 2023 SSL_aECDH, 2024 SSL_eNULL, 2025 SSL_SHA1, 2026 SSL_TLSV1, 2027 SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2028 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2029 0, 2030 0, 2031 }, 2032 2033 /* Cipher C002 */ 2034 { 2035 1, 2036 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 2037 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 2038 SSL_kECDHe, 2039 SSL_aECDH, 2040 SSL_RC4, 2041 SSL_SHA1, 2042 SSL_TLSV1, 2043 SSL_NOT_EXP | SSL_MEDIUM, 2044 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2045 128, 2046 128, 2047 }, 2048 2049 /* Cipher C003 */ 2050 { 2051 1, 2052 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2053 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 2054 SSL_kECDHe, 2055 SSL_aECDH, 2056 SSL_3DES, 2057 SSL_SHA1, 2058 SSL_TLSV1, 2059 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2060 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2061 112, 2062 168, 2063 }, 2064 2065 /* Cipher C004 */ 2066 { 2067 1, 2068 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2069 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 2070 SSL_kECDHe, 2071 SSL_aECDH, 2072 SSL_AES128, 2073 SSL_SHA1, 2074 SSL_TLSV1, 2075 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2076 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2077 128, 2078 128, 2079 }, 2080 2081 /* Cipher C005 */ 2082 { 2083 1, 2084 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2085 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 2086 SSL_kECDHe, 2087 SSL_aECDH, 2088 SSL_AES256, 2089 SSL_SHA1, 2090 SSL_TLSV1, 2091 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2092 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2093 256, 2094 256, 2095 }, 2096 2097 /* Cipher C006 */ 2098 { 2099 1, 2100 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 2101 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 2102 SSL_kEECDH, 2103 SSL_aECDSA, 2104 SSL_eNULL, 2105 SSL_SHA1, 2106 SSL_TLSV1, 2107 SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2108 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2109 0, 2110 0, 2111 }, 2112 2113 /* Cipher C007 */ 2114 { 2115 1, 2116 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 2117 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 2118 SSL_kEECDH, 2119 SSL_aECDSA, 2120 SSL_RC4, 2121 SSL_SHA1, 2122 SSL_TLSV1, 2123 SSL_NOT_EXP | SSL_MEDIUM, 2124 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2125 128, 2126 128, 2127 }, 2128 2129 /* Cipher C008 */ 2130 { 2131 1, 2132 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2133 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 2134 SSL_kEECDH, 2135 SSL_aECDSA, 2136 SSL_3DES, 2137 SSL_SHA1, 2138 SSL_TLSV1, 2139 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2141 112, 2142 168, 2143 }, 2144 2145 /* Cipher C009 */ 2146 { 2147 1, 2148 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2149 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 2150 SSL_kEECDH, 2151 SSL_aECDSA, 2152 SSL_AES128, 2153 SSL_SHA1, 2154 SSL_TLSV1, 2155 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2156 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2157 128, 2158 128, 2159 }, 2160 2161 /* Cipher C00A */ 2162 { 2163 1, 2164 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2165 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 2166 SSL_kEECDH, 2167 SSL_aECDSA, 2168 SSL_AES256, 2169 SSL_SHA1, 2170 SSL_TLSV1, 2171 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2172 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2173 256, 2174 256, 2175 }, 2176 2177 /* Cipher C00B */ 2178 { 2179 1, 2180 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 2181 TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 2182 SSL_kECDHr, 2183 SSL_aECDH, 2184 SSL_eNULL, 2185 SSL_SHA1, 2186 SSL_TLSV1, 2187 SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2188 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2189 0, 2190 0, 2191 }, 2192 2193 /* Cipher C00C */ 2194 { 2195 1, 2196 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 2197 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 2198 SSL_kECDHr, 2199 SSL_aECDH, 2200 SSL_RC4, 2201 SSL_SHA1, 2202 SSL_TLSV1, 2203 SSL_NOT_EXP | SSL_MEDIUM, 2204 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2205 128, 2206 128, 2207 }, 2208 2209 /* Cipher C00D */ 2210 { 2211 1, 2212 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2213 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 2214 SSL_kECDHr, 2215 SSL_aECDH, 2216 SSL_3DES, 2217 SSL_SHA1, 2218 SSL_TLSV1, 2219 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2220 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2221 112, 2222 168, 2223 }, 2224 2225 /* Cipher C00E */ 2226 { 2227 1, 2228 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 2229 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 2230 SSL_kECDHr, 2231 SSL_aECDH, 2232 SSL_AES128, 2233 SSL_SHA1, 2234 SSL_TLSV1, 2235 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2236 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2237 128, 2238 128, 2239 }, 2240 2241 /* Cipher C00F */ 2242 { 2243 1, 2244 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 2245 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 2246 SSL_kECDHr, 2247 SSL_aECDH, 2248 SSL_AES256, 2249 SSL_SHA1, 2250 SSL_TLSV1, 2251 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2252 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2253 256, 2254 256, 2255 }, 2256 2257 /* Cipher C010 */ 2258 { 2259 1, 2260 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 2261 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 2262 SSL_kEECDH, 2263 SSL_aRSA, 2264 SSL_eNULL, 2265 SSL_SHA1, 2266 SSL_TLSV1, 2267 SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2268 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2269 0, 2270 0, 2271 }, 2272 2273 /* Cipher C011 */ 2274 { 2275 1, 2276 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 2277 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 2278 SSL_kEECDH, 2279 SSL_aRSA, 2280 SSL_RC4, 2281 SSL_SHA1, 2282 SSL_TLSV1, 2283 SSL_NOT_EXP | SSL_MEDIUM, 2284 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2285 128, 2286 128, 2287 }, 2288 2289 /* Cipher C012 */ 2290 { 2291 1, 2292 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2293 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 2294 SSL_kEECDH, 2295 SSL_aRSA, 2296 SSL_3DES, 2297 SSL_SHA1, 2298 SSL_TLSV1, 2299 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2301 112, 2302 168, 2303 }, 2304 2305 /* Cipher C013 */ 2306 { 2307 1, 2308 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2309 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 2310 SSL_kEECDH, 2311 SSL_aRSA, 2312 SSL_AES128, 2313 SSL_SHA1, 2314 SSL_TLSV1, 2315 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2317 128, 2318 128, 2319 }, 2320 2321 /* Cipher C014 */ 2322 { 2323 1, 2324 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2325 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 2326 SSL_kEECDH, 2327 SSL_aRSA, 2328 SSL_AES256, 2329 SSL_SHA1, 2330 SSL_TLSV1, 2331 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2332 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2333 256, 2334 256, 2335 }, 2336 2337 /* Cipher C015 */ 2338 { 2339 1, 2340 TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 2341 TLS1_CK_ECDH_anon_WITH_NULL_SHA, 2342 SSL_kEECDH, 2343 SSL_aNULL, 2344 SSL_eNULL, 2345 SSL_SHA1, 2346 SSL_TLSV1, 2347 SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, 2348 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2349 0, 2350 0, 2351 }, 2352 2353 /* Cipher C016 */ 2354 { 2355 1, 2356 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 2357 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 2358 SSL_kEECDH, 2359 SSL_aNULL, 2360 SSL_RC4, 2361 SSL_SHA1, 2362 SSL_TLSV1, 2363 SSL_NOT_EXP | SSL_MEDIUM, 2364 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2365 128, 2366 128, 2367 }, 2368 2369 /* Cipher C017 */ 2370 { 2371 1, 2372 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 2373 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 2374 SSL_kEECDH, 2375 SSL_aNULL, 2376 SSL_3DES, 2377 SSL_SHA1, 2378 SSL_TLSV1, 2379 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2380 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2381 112, 2382 168, 2383 }, 2384 2385 /* Cipher C018 */ 2386 { 2387 1, 2388 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 2389 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 2390 SSL_kEECDH, 2391 SSL_aNULL, 2392 SSL_AES128, 2393 SSL_SHA1, 2394 SSL_TLSV1, 2395 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2396 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2397 128, 2398 128, 2399 }, 2400 2401 /* Cipher C019 */ 2402 { 2403 1, 2404 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2405 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2406 SSL_kEECDH, 2407 SSL_aNULL, 2408 SSL_AES256, 2409 SSL_SHA1, 2410 SSL_TLSV1, 2411 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2412 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2413 256, 2414 256, 2415 }, 2416 #endif /* OPENSSL_NO_ECDH */ 2417 2418 #ifndef OPENSSL_NO_SRP 2419 /* Cipher C01A */ 2420 { 2421 1, 2422 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2423 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, 2424 SSL_kSRP, 2425 SSL_aSRP, 2426 SSL_3DES, 2427 SSL_SHA1, 2428 SSL_TLSV1, 2429 SSL_NOT_EXP | SSL_HIGH, 2430 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2431 112, 2432 168, 2433 }, 2434 2435 /* Cipher C01B */ 2436 { 2437 1, 2438 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2439 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, 2440 SSL_kSRP, 2441 SSL_aRSA, 2442 SSL_3DES, 2443 SSL_SHA1, 2444 SSL_TLSV1, 2445 SSL_NOT_EXP | SSL_HIGH, 2446 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2447 112, 2448 168, 2449 }, 2450 2451 /* Cipher C01C */ 2452 { 2453 1, 2454 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2455 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, 2456 SSL_kSRP, 2457 SSL_aDSS, 2458 SSL_3DES, 2459 SSL_SHA1, 2460 SSL_TLSV1, 2461 SSL_NOT_EXP | SSL_HIGH, 2462 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2463 112, 2464 168, 2465 }, 2466 2467 /* Cipher C01D */ 2468 { 2469 1, 2470 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, 2471 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, 2472 SSL_kSRP, 2473 SSL_aSRP, 2474 SSL_AES128, 2475 SSL_SHA1, 2476 SSL_TLSV1, 2477 SSL_NOT_EXP | SSL_HIGH, 2478 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2479 128, 2480 128, 2481 }, 2482 2483 /* Cipher C01E */ 2484 { 2485 1, 2486 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2487 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, 2488 SSL_kSRP, 2489 SSL_aRSA, 2490 SSL_AES128, 2491 SSL_SHA1, 2492 SSL_TLSV1, 2493 SSL_NOT_EXP | SSL_HIGH, 2494 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2495 128, 2496 128, 2497 }, 2498 2499 /* Cipher C01F */ 2500 { 2501 1, 2502 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2503 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, 2504 SSL_kSRP, 2505 SSL_aDSS, 2506 SSL_AES128, 2507 SSL_SHA1, 2508 SSL_TLSV1, 2509 SSL_NOT_EXP | SSL_HIGH, 2510 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2511 128, 2512 128, 2513 }, 2514 2515 /* Cipher C020 */ 2516 { 2517 1, 2518 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, 2519 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, 2520 SSL_kSRP, 2521 SSL_aSRP, 2522 SSL_AES256, 2523 SSL_SHA1, 2524 SSL_TLSV1, 2525 SSL_NOT_EXP | SSL_HIGH, 2526 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2527 256, 2528 256, 2529 }, 2530 2531 /* Cipher C021 */ 2532 { 2533 1, 2534 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2535 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, 2536 SSL_kSRP, 2537 SSL_aRSA, 2538 SSL_AES256, 2539 SSL_SHA1, 2540 SSL_TLSV1, 2541 SSL_NOT_EXP | SSL_HIGH, 2542 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2543 256, 2544 256, 2545 }, 2546 2547 /* Cipher C022 */ 2548 { 2549 1, 2550 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2551 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, 2552 SSL_kSRP, 2553 SSL_aDSS, 2554 SSL_AES256, 2555 SSL_SHA1, 2556 SSL_TLSV1, 2557 SSL_NOT_EXP | SSL_HIGH, 2558 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2559 256, 2560 256, 2561 }, 2562 #endif /* OPENSSL_NO_SRP */ 2563 #ifndef OPENSSL_NO_ECDH 2564 2565 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 2566 2567 /* Cipher C023 */ 2568 { 2569 1, 2570 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 2571 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 2572 SSL_kEECDH, 2573 SSL_aECDSA, 2574 SSL_AES128, 2575 SSL_SHA256, 2576 SSL_TLSV1_2, 2577 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2578 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2579 128, 2580 128, 2581 }, 2582 2583 /* Cipher C024 */ 2584 { 2585 1, 2586 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 2587 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 2588 SSL_kEECDH, 2589 SSL_aECDSA, 2590 SSL_AES256, 2591 SSL_SHA384, 2592 SSL_TLSV1_2, 2593 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2595 256, 2596 256, 2597 }, 2598 2599 /* Cipher C025 */ 2600 { 2601 1, 2602 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 2603 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 2604 SSL_kECDHe, 2605 SSL_aECDH, 2606 SSL_AES128, 2607 SSL_SHA256, 2608 SSL_TLSV1_2, 2609 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2610 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2611 128, 2612 128, 2613 }, 2614 2615 /* Cipher C026 */ 2616 { 2617 1, 2618 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 2619 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 2620 SSL_kECDHe, 2621 SSL_aECDH, 2622 SSL_AES256, 2623 SSL_SHA384, 2624 SSL_TLSV1_2, 2625 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2626 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2627 256, 2628 256, 2629 }, 2630 2631 /* Cipher C027 */ 2632 { 2633 1, 2634 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 2635 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 2636 SSL_kEECDH, 2637 SSL_aRSA, 2638 SSL_AES128, 2639 SSL_SHA256, 2640 SSL_TLSV1_2, 2641 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2642 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2643 128, 2644 128, 2645 }, 2646 2647 /* Cipher C028 */ 2648 { 2649 1, 2650 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 2651 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 2652 SSL_kEECDH, 2653 SSL_aRSA, 2654 SSL_AES256, 2655 SSL_SHA384, 2656 SSL_TLSV1_2, 2657 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2658 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2659 256, 2660 256, 2661 }, 2662 2663 /* Cipher C029 */ 2664 { 2665 1, 2666 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2667 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2668 SSL_kECDHr, 2669 SSL_aECDH, 2670 SSL_AES128, 2671 SSL_SHA256, 2672 SSL_TLSV1_2, 2673 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2674 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2675 128, 2676 128, 2677 }, 2678 2679 /* Cipher C02A */ 2680 { 2681 1, 2682 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2683 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2684 SSL_kECDHr, 2685 SSL_aECDH, 2686 SSL_AES256, 2687 SSL_SHA384, 2688 SSL_TLSV1_2, 2689 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2690 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2691 256, 2692 256, 2693 }, 2694 2695 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2696 2697 /* Cipher C02B */ 2698 { 2699 1, 2700 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2701 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2702 SSL_kEECDH, 2703 SSL_aECDSA, 2704 SSL_AES128GCM, 2705 SSL_AEAD, 2706 SSL_TLSV1_2, 2707 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2708 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2709 128, 2710 128, 2711 }, 2712 2713 /* Cipher C02C */ 2714 { 2715 1, 2716 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2717 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2718 SSL_kEECDH, 2719 SSL_aECDSA, 2720 SSL_AES256GCM, 2721 SSL_AEAD, 2722 SSL_TLSV1_2, 2723 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2724 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2725 256, 2726 256, 2727 }, 2728 2729 /* Cipher C02D */ 2730 { 2731 1, 2732 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2733 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2734 SSL_kECDHe, 2735 SSL_aECDH, 2736 SSL_AES128GCM, 2737 SSL_AEAD, 2738 SSL_TLSV1_2, 2739 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2740 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2741 128, 2742 128, 2743 }, 2744 2745 /* Cipher C02E */ 2746 { 2747 1, 2748 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2749 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2750 SSL_kECDHe, 2751 SSL_aECDH, 2752 SSL_AES256GCM, 2753 SSL_AEAD, 2754 SSL_TLSV1_2, 2755 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2756 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2757 256, 2758 256, 2759 }, 2760 2761 /* Cipher C02F */ 2762 { 2763 1, 2764 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2765 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2766 SSL_kEECDH, 2767 SSL_aRSA, 2768 SSL_AES128GCM, 2769 SSL_AEAD, 2770 SSL_TLSV1_2, 2771 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2772 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2773 128, 2774 128, 2775 }, 2776 2777 /* Cipher C030 */ 2778 { 2779 1, 2780 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2781 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2782 SSL_kEECDH, 2783 SSL_aRSA, 2784 SSL_AES256GCM, 2785 SSL_AEAD, 2786 SSL_TLSV1_2, 2787 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2788 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2789 256, 2790 256, 2791 }, 2792 2793 /* Cipher C031 */ 2794 { 2795 1, 2796 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2797 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2798 SSL_kECDHr, 2799 SSL_aECDH, 2800 SSL_AES128GCM, 2801 SSL_AEAD, 2802 SSL_TLSV1_2, 2803 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2804 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 2805 128, 2806 128, 2807 }, 2808 2809 /* Cipher C032 */ 2810 { 2811 1, 2812 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2813 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2814 SSL_kECDHr, 2815 SSL_aECDH, 2816 SSL_AES256GCM, 2817 SSL_AEAD, 2818 SSL_TLSV1_2, 2819 SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 2820 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 2821 256, 2822 256, 2823 }, 2824 2825 #endif /* OPENSSL_NO_ECDH */ 2826 2827 #ifdef TEMP_GOST_TLS 2828 /* Cipher FF00 */ 2829 { 2830 1, 2831 "GOST-MD5", 2832 0x0300ff00, 2833 SSL_kRSA, 2834 SSL_aRSA, 2835 SSL_eGOST2814789CNT, 2836 SSL_MD5, 2837 SSL_TLSV1, 2838 SSL_NOT_EXP | SSL_HIGH, 2839 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2840 256, 2841 256, 2842 }, 2843 { 2844 1, 2845 "GOST-GOST94", 2846 0x0300ff01, 2847 SSL_kRSA, 2848 SSL_aRSA, 2849 SSL_eGOST2814789CNT, 2850 SSL_GOST94, 2851 SSL_TLSV1, 2852 SSL_NOT_EXP | SSL_HIGH, 2853 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2854 256, 2855 256}, 2856 { 2857 1, 2858 "GOST-GOST89MAC", 2859 0x0300ff02, 2860 SSL_kRSA, 2861 SSL_aRSA, 2862 SSL_eGOST2814789CNT, 2863 SSL_GOST89MAC, 2864 SSL_TLSV1, 2865 SSL_NOT_EXP | SSL_HIGH, 2866 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2867 256, 2868 256}, 2869 { 2870 1, 2871 "GOST-GOST89STREAM", 2872 0x0300ff03, 2873 SSL_kRSA, 2874 SSL_aRSA, 2875 SSL_eGOST2814789CNT, 2876 SSL_GOST89MAC, 2877 SSL_TLSV1, 2878 SSL_NOT_EXP | SSL_HIGH, 2879 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC, 2880 256, 2881 256}, 2882 #endif 2883 2884 /* end of list */ 2885 }; 2886 2887 SSL3_ENC_METHOD SSLv3_enc_data = { 2888 ssl3_enc, 2889 n_ssl3_mac, 2890 ssl3_setup_key_block, 2891 ssl3_generate_master_secret, 2892 ssl3_change_cipher_state, 2893 ssl3_final_finish_mac, 2894 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 2895 ssl3_cert_verify_mac, 2896 SSL3_MD_CLIENT_FINISHED_CONST, 4, 2897 SSL3_MD_SERVER_FINISHED_CONST, 4, 2898 ssl3_alert_code, 2899 (int (*)(SSL *, unsigned char *, size_t, const char *, 2900 size_t, const unsigned char *, size_t, 2901 int use_context))ssl_undefined_function, 2902 }; 2903 2904 long ssl3_default_timeout(void) 2905 { 2906 /* 2907 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for 2908 * http, the cache would over fill 2909 */ 2910 return (60 * 60 * 2); 2911 } 2912 2913 int ssl3_num_ciphers(void) 2914 { 2915 return (SSL3_NUM_CIPHERS); 2916 } 2917 2918 const SSL_CIPHER *ssl3_get_cipher(unsigned int u) 2919 { 2920 if (u < SSL3_NUM_CIPHERS) 2921 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); 2922 else 2923 return (NULL); 2924 } 2925 2926 int ssl3_pending(const SSL *s) 2927 { 2928 if (s->rstate == SSL_ST_READ_BODY) 2929 return 0; 2930 2931 return (s->s3->rrec.type == 2932 SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 2933 } 2934 2935 int ssl3_new(SSL *s) 2936 { 2937 SSL3_STATE *s3; 2938 2939 if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) 2940 goto err; 2941 memset(s3, 0, sizeof *s3); 2942 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2943 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 2944 2945 s->s3 = s3; 2946 2947 #ifndef OPENSSL_NO_SRP 2948 SSL_SRP_CTX_init(s); 2949 #endif 2950 s->method->ssl_clear(s); 2951 return (1); 2952 err: 2953 return (0); 2954 } 2955 2956 void ssl3_free(SSL *s) 2957 { 2958 if (s == NULL) 2959 return; 2960 2961 #ifdef TLSEXT_TYPE_opaque_prf_input 2962 if (s->s3->client_opaque_prf_input != NULL) 2963 OPENSSL_free(s->s3->client_opaque_prf_input); 2964 if (s->s3->server_opaque_prf_input != NULL) 2965 OPENSSL_free(s->s3->server_opaque_prf_input); 2966 #endif 2967 2968 ssl3_cleanup_key_block(s); 2969 if (s->s3->rbuf.buf != NULL) 2970 ssl3_release_read_buffer(s); 2971 if (s->s3->wbuf.buf != NULL) 2972 ssl3_release_write_buffer(s); 2973 if (s->s3->rrec.comp != NULL) 2974 OPENSSL_free(s->s3->rrec.comp); 2975 #ifndef OPENSSL_NO_DH 2976 if (s->s3->tmp.dh != NULL) 2977 DH_free(s->s3->tmp.dh); 2978 #endif 2979 #ifndef OPENSSL_NO_ECDH 2980 if (s->s3->tmp.ecdh != NULL) 2981 EC_KEY_free(s->s3->tmp.ecdh); 2982 #endif 2983 2984 if (s->s3->tmp.ca_names != NULL) 2985 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2986 if (s->s3->handshake_buffer) { 2987 BIO_free(s->s3->handshake_buffer); 2988 } 2989 if (s->s3->handshake_dgst) 2990 ssl3_free_digest_list(s); 2991 #ifndef OPENSSL_NO_SRP 2992 SSL_SRP_CTX_free(s); 2993 #endif 2994 OPENSSL_cleanse(s->s3, sizeof *s->s3); 2995 OPENSSL_free(s->s3); 2996 s->s3 = NULL; 2997 } 2998 2999 void ssl3_clear(SSL *s) 3000 { 3001 unsigned char *rp, *wp; 3002 size_t rlen, wlen; 3003 int init_extra; 3004 3005 #ifdef TLSEXT_TYPE_opaque_prf_input 3006 if (s->s3->client_opaque_prf_input != NULL) 3007 OPENSSL_free(s->s3->client_opaque_prf_input); 3008 s->s3->client_opaque_prf_input = NULL; 3009 if (s->s3->server_opaque_prf_input != NULL) 3010 OPENSSL_free(s->s3->server_opaque_prf_input); 3011 s->s3->server_opaque_prf_input = NULL; 3012 #endif 3013 3014 ssl3_cleanup_key_block(s); 3015 if (s->s3->tmp.ca_names != NULL) 3016 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 3017 3018 if (s->s3->rrec.comp != NULL) { 3019 OPENSSL_free(s->s3->rrec.comp); 3020 s->s3->rrec.comp = NULL; 3021 } 3022 #ifndef OPENSSL_NO_DH 3023 if (s->s3->tmp.dh != NULL) { 3024 DH_free(s->s3->tmp.dh); 3025 s->s3->tmp.dh = NULL; 3026 } 3027 #endif 3028 #ifndef OPENSSL_NO_ECDH 3029 if (s->s3->tmp.ecdh != NULL) { 3030 EC_KEY_free(s->s3->tmp.ecdh); 3031 s->s3->tmp.ecdh = NULL; 3032 } 3033 #endif 3034 #ifndef OPENSSL_NO_TLSEXT 3035 # ifndef OPENSSL_NO_EC 3036 s->s3->is_probably_safari = 0; 3037 # endif /* !OPENSSL_NO_EC */ 3038 #endif /* !OPENSSL_NO_TLSEXT */ 3039 3040 rp = s->s3->rbuf.buf; 3041 wp = s->s3->wbuf.buf; 3042 rlen = s->s3->rbuf.len; 3043 wlen = s->s3->wbuf.len; 3044 init_extra = s->s3->init_extra; 3045 if (s->s3->handshake_buffer) { 3046 BIO_free(s->s3->handshake_buffer); 3047 s->s3->handshake_buffer = NULL; 3048 } 3049 if (s->s3->handshake_dgst) { 3050 ssl3_free_digest_list(s); 3051 } 3052 memset(s->s3, 0, sizeof *s->s3); 3053 s->s3->rbuf.buf = rp; 3054 s->s3->wbuf.buf = wp; 3055 s->s3->rbuf.len = rlen; 3056 s->s3->wbuf.len = wlen; 3057 s->s3->init_extra = init_extra; 3058 3059 ssl_free_wbio_buffer(s); 3060 3061 s->packet_length = 0; 3062 s->s3->renegotiate = 0; 3063 s->s3->total_renegotiations = 0; 3064 s->s3->num_renegotiations = 0; 3065 s->s3->in_read_app_data = 0; 3066 s->version = SSL3_VERSION; 3067 3068 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3069 if (s->next_proto_negotiated) { 3070 OPENSSL_free(s->next_proto_negotiated); 3071 s->next_proto_negotiated = NULL; 3072 s->next_proto_negotiated_len = 0; 3073 } 3074 #endif 3075 } 3076 3077 #ifndef OPENSSL_NO_SRP 3078 static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg) 3079 { 3080 return BUF_strdup(s->srp_ctx.info); 3081 } 3082 #endif 3083 3084 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3085 { 3086 int ret = 0; 3087 3088 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3089 if ( 3090 # ifndef OPENSSL_NO_RSA 3091 cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || 3092 # endif 3093 # ifndef OPENSSL_NO_DSA 3094 cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB || 3095 # endif 3096 0) { 3097 if (!ssl_cert_inst(&s->cert)) { 3098 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); 3099 return (0); 3100 } 3101 } 3102 #endif 3103 3104 switch (cmd) { 3105 case SSL_CTRL_GET_SESSION_REUSED: 3106 ret = s->hit; 3107 break; 3108 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 3109 break; 3110 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 3111 ret = s->s3->num_renegotiations; 3112 break; 3113 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 3114 ret = s->s3->num_renegotiations; 3115 s->s3->num_renegotiations = 0; 3116 break; 3117 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 3118 ret = s->s3->total_renegotiations; 3119 break; 3120 case SSL_CTRL_GET_FLAGS: 3121 ret = (int)(s->s3->flags); 3122 break; 3123 #ifndef OPENSSL_NO_RSA 3124 case SSL_CTRL_NEED_TMP_RSA: 3125 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 3126 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3127 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > 3128 (512 / 8)))) 3129 ret = 1; 3130 break; 3131 case SSL_CTRL_SET_TMP_RSA: 3132 { 3133 RSA *rsa = (RSA *)parg; 3134 if (rsa == NULL) { 3135 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3136 return (ret); 3137 } 3138 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { 3139 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); 3140 return (ret); 3141 } 3142 if (s->cert->rsa_tmp != NULL) 3143 RSA_free(s->cert->rsa_tmp); 3144 s->cert->rsa_tmp = rsa; 3145 ret = 1; 3146 } 3147 break; 3148 case SSL_CTRL_SET_TMP_RSA_CB: 3149 { 3150 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3151 return (ret); 3152 } 3153 break; 3154 #endif 3155 #ifndef OPENSSL_NO_DH 3156 case SSL_CTRL_SET_TMP_DH: 3157 { 3158 DH *dh = (DH *)parg; 3159 if (dh == NULL) { 3160 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3161 return (ret); 3162 } 3163 if ((dh = DHparams_dup(dh)) == NULL) { 3164 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3165 return (ret); 3166 } 3167 if (!(s->options & SSL_OP_SINGLE_DH_USE)) { 3168 if (!DH_generate_key(dh)) { 3169 DH_free(dh); 3170 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3171 return (ret); 3172 } 3173 } 3174 if (s->cert->dh_tmp != NULL) 3175 DH_free(s->cert->dh_tmp); 3176 s->cert->dh_tmp = dh; 3177 ret = 1; 3178 } 3179 break; 3180 case SSL_CTRL_SET_TMP_DH_CB: 3181 { 3182 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3183 return (ret); 3184 } 3185 break; 3186 #endif 3187 #ifndef OPENSSL_NO_ECDH 3188 case SSL_CTRL_SET_TMP_ECDH: 3189 { 3190 EC_KEY *ecdh = NULL; 3191 3192 if (parg == NULL) { 3193 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3194 return (ret); 3195 } 3196 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 3197 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); 3198 return (ret); 3199 } 3200 ecdh = (EC_KEY *)parg; 3201 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 3202 if (!EC_KEY_generate_key(ecdh)) { 3203 EC_KEY_free(ecdh); 3204 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); 3205 return (ret); 3206 } 3207 } 3208 if (s->cert->ecdh_tmp != NULL) 3209 EC_KEY_free(s->cert->ecdh_tmp); 3210 s->cert->ecdh_tmp = ecdh; 3211 ret = 1; 3212 } 3213 break; 3214 case SSL_CTRL_SET_TMP_ECDH_CB: 3215 { 3216 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3217 return (ret); 3218 } 3219 break; 3220 #endif /* !OPENSSL_NO_ECDH */ 3221 #ifndef OPENSSL_NO_TLSEXT 3222 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 3223 if (larg == TLSEXT_NAMETYPE_host_name) { 3224 if (s->tlsext_hostname != NULL) 3225 OPENSSL_free(s->tlsext_hostname); 3226 s->tlsext_hostname = NULL; 3227 3228 ret = 1; 3229 if (parg == NULL) 3230 break; 3231 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 3232 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3233 return 0; 3234 } 3235 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) { 3236 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); 3237 return 0; 3238 } 3239 } else { 3240 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3241 return 0; 3242 } 3243 break; 3244 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 3245 s->tlsext_debug_arg = parg; 3246 ret = 1; 3247 break; 3248 3249 # ifdef TLSEXT_TYPE_opaque_prf_input 3250 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 3251 if (larg > 12288) { /* actual internal limit is 2^16 for the 3252 * complete hello message * (including the 3253 * cert chain and everything) */ 3254 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 3255 break; 3256 } 3257 if (s->tlsext_opaque_prf_input != NULL) 3258 OPENSSL_free(s->tlsext_opaque_prf_input); 3259 if ((size_t)larg == 0) 3260 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte 3261 * just to get 3262 * non-NULL */ 3263 else 3264 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); 3265 if (s->tlsext_opaque_prf_input != NULL) { 3266 s->tlsext_opaque_prf_input_len = (size_t)larg; 3267 ret = 1; 3268 } else 3269 s->tlsext_opaque_prf_input_len = 0; 3270 break; 3271 # endif 3272 3273 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 3274 s->tlsext_status_type = larg; 3275 ret = 1; 3276 break; 3277 3278 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 3279 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 3280 ret = 1; 3281 break; 3282 3283 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 3284 s->tlsext_ocsp_exts = parg; 3285 ret = 1; 3286 break; 3287 3288 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 3289 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 3290 ret = 1; 3291 break; 3292 3293 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 3294 s->tlsext_ocsp_ids = parg; 3295 ret = 1; 3296 break; 3297 3298 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 3299 *(unsigned char **)parg = s->tlsext_ocsp_resp; 3300 return s->tlsext_ocsp_resplen; 3301 3302 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 3303 if (s->tlsext_ocsp_resp) 3304 OPENSSL_free(s->tlsext_ocsp_resp); 3305 s->tlsext_ocsp_resp = parg; 3306 s->tlsext_ocsp_resplen = larg; 3307 ret = 1; 3308 break; 3309 3310 # ifndef OPENSSL_NO_HEARTBEATS 3311 case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT: 3312 if (SSL_version(s) == DTLS1_VERSION 3313 || SSL_version(s) == DTLS1_BAD_VER) 3314 ret = dtls1_heartbeat(s); 3315 else 3316 ret = tls1_heartbeat(s); 3317 break; 3318 3319 case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING: 3320 ret = s->tlsext_hb_pending; 3321 break; 3322 3323 case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS: 3324 if (larg) 3325 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS; 3326 else 3327 s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS; 3328 ret = 1; 3329 break; 3330 # endif 3331 3332 #endif /* !OPENSSL_NO_TLSEXT */ 3333 3334 case SSL_CTRL_CHECK_PROTO_VERSION: 3335 /* 3336 * For library-internal use; checks that the current protocol is the 3337 * highest enabled version (according to s->ctx->method, as version 3338 * negotiation may have changed s->method). 3339 */ 3340 if (s->version == s->ctx->method->version) 3341 return 1; 3342 /* 3343 * Apparently we're using a version-flexible SSL_METHOD (not at its 3344 * highest protocol version). 3345 */ 3346 if (s->ctx->method->version == SSLv23_method()->version) { 3347 #if TLS_MAX_VERSION != TLS1_2_VERSION 3348 # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. 3349 #endif 3350 if (!(s->options & SSL_OP_NO_TLSv1_2)) 3351 return s->version == TLS1_2_VERSION; 3352 if (!(s->options & SSL_OP_NO_TLSv1_1)) 3353 return s->version == TLS1_1_VERSION; 3354 if (!(s->options & SSL_OP_NO_TLSv1)) 3355 return s->version == TLS1_VERSION; 3356 if (!(s->options & SSL_OP_NO_SSLv3)) 3357 return s->version == SSL3_VERSION; 3358 if (!(s->options & SSL_OP_NO_SSLv2)) 3359 return s->version == SSL2_VERSION; 3360 } 3361 return 0; /* Unexpected state; fail closed. */ 3362 3363 default: 3364 break; 3365 } 3366 return (ret); 3367 } 3368 3369 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) 3370 { 3371 int ret = 0; 3372 3373 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) 3374 if ( 3375 # ifndef OPENSSL_NO_RSA 3376 cmd == SSL_CTRL_SET_TMP_RSA_CB || 3377 # endif 3378 # ifndef OPENSSL_NO_DSA 3379 cmd == SSL_CTRL_SET_TMP_DH_CB || 3380 # endif 3381 0) { 3382 if (!ssl_cert_inst(&s->cert)) { 3383 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); 3384 return (0); 3385 } 3386 } 3387 #endif 3388 3389 switch (cmd) { 3390 #ifndef OPENSSL_NO_RSA 3391 case SSL_CTRL_SET_TMP_RSA_CB: 3392 { 3393 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3394 } 3395 break; 3396 #endif 3397 #ifndef OPENSSL_NO_DH 3398 case SSL_CTRL_SET_TMP_DH_CB: 3399 { 3400 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3401 } 3402 break; 3403 #endif 3404 #ifndef OPENSSL_NO_ECDH 3405 case SSL_CTRL_SET_TMP_ECDH_CB: 3406 { 3407 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3408 } 3409 break; 3410 #endif 3411 #ifndef OPENSSL_NO_TLSEXT 3412 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3413 s->tlsext_debug_cb = (void (*)(SSL *, int, int, 3414 unsigned char *, int, void *))fp; 3415 break; 3416 #endif 3417 default: 3418 break; 3419 } 3420 return (ret); 3421 } 3422 3423 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 3424 { 3425 CERT *cert; 3426 3427 cert = ctx->cert; 3428 3429 switch (cmd) { 3430 #ifndef OPENSSL_NO_RSA 3431 case SSL_CTRL_NEED_TMP_RSA: 3432 if ((cert->rsa_tmp == NULL) && 3433 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3434 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > 3435 (512 / 8))) 3436 ) 3437 return (1); 3438 else 3439 return (0); 3440 /* break; */ 3441 case SSL_CTRL_SET_TMP_RSA: 3442 { 3443 RSA *rsa; 3444 int i; 3445 3446 rsa = (RSA *)parg; 3447 i = 1; 3448 if (rsa == NULL) 3449 i = 0; 3450 else { 3451 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) 3452 i = 0; 3453 } 3454 if (!i) { 3455 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB); 3456 return (0); 3457 } else { 3458 if (cert->rsa_tmp != NULL) 3459 RSA_free(cert->rsa_tmp); 3460 cert->rsa_tmp = rsa; 3461 return (1); 3462 } 3463 } 3464 /* break; */ 3465 case SSL_CTRL_SET_TMP_RSA_CB: 3466 { 3467 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3468 return (0); 3469 } 3470 break; 3471 #endif 3472 #ifndef OPENSSL_NO_DH 3473 case SSL_CTRL_SET_TMP_DH: 3474 { 3475 DH *new = NULL, *dh; 3476 3477 dh = (DH *)parg; 3478 if ((new = DHparams_dup(dh)) == NULL) { 3479 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); 3480 return 0; 3481 } 3482 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { 3483 if (!DH_generate_key(new)) { 3484 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); 3485 DH_free(new); 3486 return 0; 3487 } 3488 } 3489 if (cert->dh_tmp != NULL) 3490 DH_free(cert->dh_tmp); 3491 cert->dh_tmp = new; 3492 return 1; 3493 } 3494 /* 3495 * break; 3496 */ 3497 case SSL_CTRL_SET_TMP_DH_CB: 3498 { 3499 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3500 return (0); 3501 } 3502 break; 3503 #endif 3504 #ifndef OPENSSL_NO_ECDH 3505 case SSL_CTRL_SET_TMP_ECDH: 3506 { 3507 EC_KEY *ecdh = NULL; 3508 3509 if (parg == NULL) { 3510 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); 3511 return 0; 3512 } 3513 ecdh = EC_KEY_dup((EC_KEY *)parg); 3514 if (ecdh == NULL) { 3515 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB); 3516 return 0; 3517 } 3518 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 3519 if (!EC_KEY_generate_key(ecdh)) { 3520 EC_KEY_free(ecdh); 3521 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); 3522 return 0; 3523 } 3524 } 3525 3526 if (cert->ecdh_tmp != NULL) { 3527 EC_KEY_free(cert->ecdh_tmp); 3528 } 3529 cert->ecdh_tmp = ecdh; 3530 return 1; 3531 } 3532 /* break; */ 3533 case SSL_CTRL_SET_TMP_ECDH_CB: 3534 { 3535 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3536 return (0); 3537 } 3538 break; 3539 #endif /* !OPENSSL_NO_ECDH */ 3540 #ifndef OPENSSL_NO_TLSEXT 3541 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 3542 ctx->tlsext_servername_arg = parg; 3543 break; 3544 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 3545 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 3546 { 3547 unsigned char *keys = parg; 3548 if (!keys) 3549 return 48; 3550 if (larg != 48) { 3551 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3552 return 0; 3553 } 3554 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 3555 memcpy(ctx->tlsext_tick_key_name, keys, 16); 3556 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); 3557 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 3558 } else { 3559 memcpy(keys, ctx->tlsext_tick_key_name, 16); 3560 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 3561 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 3562 } 3563 return 1; 3564 } 3565 3566 # ifdef TLSEXT_TYPE_opaque_prf_input 3567 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: 3568 ctx->tlsext_opaque_prf_input_callback_arg = parg; 3569 return 1; 3570 # endif 3571 3572 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 3573 ctx->tlsext_status_arg = parg; 3574 return 1; 3575 break; 3576 3577 # ifndef OPENSSL_NO_SRP 3578 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: 3579 ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3580 if (ctx->srp_ctx.login != NULL) 3581 OPENSSL_free(ctx->srp_ctx.login); 3582 ctx->srp_ctx.login = NULL; 3583 if (parg == NULL) 3584 break; 3585 if (strlen((const char *)parg) > 255 3586 || strlen((const char *)parg) < 1) { 3587 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); 3588 return 0; 3589 } 3590 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) { 3591 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); 3592 return 0; 3593 } 3594 break; 3595 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3596 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = 3597 srp_password_from_info_cb; 3598 ctx->srp_ctx.info = parg; 3599 break; 3600 case SSL_CTRL_SET_SRP_ARG: 3601 ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3602 ctx->srp_ctx.SRP_cb_arg = parg; 3603 break; 3604 3605 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: 3606 ctx->srp_ctx.strength = larg; 3607 break; 3608 # endif 3609 #endif /* !OPENSSL_NO_TLSEXT */ 3610 3611 /* A Thawte special :-) */ 3612 case SSL_CTRL_EXTRA_CHAIN_CERT: 3613 if (ctx->extra_certs == NULL) { 3614 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) 3615 return (0); 3616 } 3617 sk_X509_push(ctx->extra_certs, (X509 *)parg); 3618 break; 3619 3620 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 3621 *(STACK_OF(X509) **)parg = ctx->extra_certs; 3622 break; 3623 3624 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 3625 if (ctx->extra_certs) { 3626 sk_X509_pop_free(ctx->extra_certs, X509_free); 3627 ctx->extra_certs = NULL; 3628 } 3629 break; 3630 3631 default: 3632 return (0); 3633 } 3634 return (1); 3635 } 3636 3637 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) 3638 { 3639 CERT *cert; 3640 3641 cert = ctx->cert; 3642 3643 switch (cmd) { 3644 #ifndef OPENSSL_NO_RSA 3645 case SSL_CTRL_SET_TMP_RSA_CB: 3646 { 3647 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 3648 } 3649 break; 3650 #endif 3651 #ifndef OPENSSL_NO_DH 3652 case SSL_CTRL_SET_TMP_DH_CB: 3653 { 3654 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 3655 } 3656 break; 3657 #endif 3658 #ifndef OPENSSL_NO_ECDH 3659 case SSL_CTRL_SET_TMP_ECDH_CB: 3660 { 3661 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3662 } 3663 break; 3664 #endif 3665 #ifndef OPENSSL_NO_TLSEXT 3666 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 3667 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; 3668 break; 3669 3670 # ifdef TLSEXT_TYPE_opaque_prf_input 3671 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 3672 ctx->tlsext_opaque_prf_input_callback = 3673 (int (*)(SSL *, void *, size_t, void *))fp; 3674 break; 3675 # endif 3676 3677 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 3678 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 3679 break; 3680 3681 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 3682 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 3683 unsigned char *, 3684 EVP_CIPHER_CTX *, 3685 HMAC_CTX *, int))fp; 3686 break; 3687 3688 # ifndef OPENSSL_NO_SRP 3689 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: 3690 ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3691 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp; 3692 break; 3693 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: 3694 ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3695 ctx->srp_ctx.TLS_ext_srp_username_callback = 3696 (int (*)(SSL *, int *, void *))fp; 3697 break; 3698 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: 3699 ctx->srp_ctx.srp_Mask |= SSL_kSRP; 3700 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = 3701 (char *(*)(SSL *, void *))fp; 3702 break; 3703 # endif 3704 #endif 3705 3706 default: 3707 return (0); 3708 } 3709 return (1); 3710 } 3711 3712 /* 3713 * This function needs to check if the ciphers required are actually 3714 * available 3715 */ 3716 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 3717 { 3718 SSL_CIPHER c; 3719 const SSL_CIPHER *cp; 3720 unsigned long id; 3721 3722 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; 3723 c.id = id; 3724 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 3725 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES 3726 if (cp == NULL) 3727 fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); 3728 #endif 3729 if (cp == NULL || cp->valid == 0) 3730 return NULL; 3731 else 3732 return cp; 3733 } 3734 3735 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 3736 { 3737 long l; 3738 3739 if (p != NULL) { 3740 l = c->id; 3741 if ((l & 0xff000000) != 0x03000000) 3742 return (0); 3743 p[0] = ((unsigned char)(l >> 8L)) & 0xFF; 3744 p[1] = ((unsigned char)(l)) & 0xFF; 3745 } 3746 return (2); 3747 } 3748 3749 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3750 STACK_OF(SSL_CIPHER) *srvr) 3751 { 3752 SSL_CIPHER *c, *ret = NULL; 3753 STACK_OF(SSL_CIPHER) *prio, *allow; 3754 int i, ii, ok; 3755 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3756 unsigned int j; 3757 int ec_ok, ec_nid; 3758 unsigned char ec_search1 = 0, ec_search2 = 0; 3759 #endif 3760 CERT *cert; 3761 unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; 3762 3763 /* Let's see which ciphers we can support */ 3764 cert = s->cert; 3765 3766 #if 0 3767 /* 3768 * Do not set the compare functions, because this may lead to a 3769 * reordering by "id". We want to keep the original ordering. We may pay 3770 * a price in performance during sk_SSL_CIPHER_find(), but would have to 3771 * pay with the price of sk_SSL_CIPHER_dup(). 3772 */ 3773 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); 3774 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); 3775 #endif 3776 3777 #ifdef CIPHER_DEBUG 3778 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), 3779 (void *)srvr); 3780 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { 3781 c = sk_SSL_CIPHER_value(srvr, i); 3782 fprintf(stderr, "%p:%s\n", (void *)c, c->name); 3783 } 3784 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), 3785 (void *)clnt); 3786 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { 3787 c = sk_SSL_CIPHER_value(clnt, i); 3788 fprintf(stderr, "%p:%s\n", (void *)c, c->name); 3789 } 3790 #endif 3791 3792 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 3793 prio = srvr; 3794 allow = clnt; 3795 } else { 3796 prio = clnt; 3797 allow = srvr; 3798 } 3799 3800 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 3801 c = sk_SSL_CIPHER_value(prio, i); 3802 3803 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3804 if ((c->algorithm_ssl & SSL_TLSV1_2) && 3805 (TLS1_get_version(s) < TLS1_2_VERSION)) 3806 continue; 3807 3808 ssl_set_cert_masks(cert, c); 3809 mask_k = cert->mask_k; 3810 mask_a = cert->mask_a; 3811 emask_k = cert->export_mask_k; 3812 emask_a = cert->export_mask_a; 3813 #ifndef OPENSSL_NO_SRP 3814 if (s->srp_ctx.srp_Mask & SSL_kSRP) { 3815 mask_k |= SSL_kSRP; 3816 emask_k |= SSL_kSRP; 3817 mask_a |= SSL_aSRP; 3818 emask_a |= SSL_aSRP; 3819 } 3820 #endif 3821 3822 #ifdef KSSL_DEBUG 3823 /* 3824 * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", 3825 * i,c->algorithms); 3826 */ 3827 #endif /* KSSL_DEBUG */ 3828 3829 alg_k = c->algorithm_mkey; 3830 alg_a = c->algorithm_auth; 3831 3832 #ifndef OPENSSL_NO_KRB5 3833 if (alg_k & SSL_kKRB5) { 3834 if (!kssl_keytab_is_available(s->kssl_ctx)) 3835 continue; 3836 } 3837 #endif /* OPENSSL_NO_KRB5 */ 3838 #ifndef OPENSSL_NO_PSK 3839 /* with PSK there must be server callback set */ 3840 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) 3841 continue; 3842 #endif /* OPENSSL_NO_PSK */ 3843 3844 if (SSL_C_IS_EXPORT(c)) { 3845 ok = (alg_k & emask_k) && (alg_a & emask_a); 3846 #ifdef CIPHER_DEBUG 3847 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", 3848 ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name); 3849 #endif 3850 } else { 3851 ok = (alg_k & mask_k) && (alg_a & mask_a); 3852 #ifdef CIPHER_DEBUG 3853 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, 3854 alg_a, mask_k, mask_a, (void *)c, c->name); 3855 #endif 3856 } 3857 3858 #ifndef OPENSSL_NO_TLSEXT 3859 # ifndef OPENSSL_NO_EC 3860 if ( 3861 /* 3862 * if we are considering an ECC cipher suite that uses our 3863 * certificate 3864 */ 3865 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3866 /* and we have an ECC certificate */ 3867 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3868 /* 3869 * and the client specified a Supported Point Formats 3870 * extension 3871 */ 3872 && ((s->session->tlsext_ecpointformatlist_length > 0) 3873 && (s->session->tlsext_ecpointformatlist != NULL)) 3874 /* and our certificate's point is compressed */ 3875 && ((s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3876 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != 3877 NULL) 3878 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info-> 3879 key->public_key != NULL) 3880 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info-> 3881 key->public_key->data != NULL) 3882 && 3883 ((* 3884 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info-> 3885 key->public_key->data) == POINT_CONVERSION_COMPRESSED) 3886 || 3887 (* 3888 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info-> 3889 key->public_key->data) == 3890 POINT_CONVERSION_COMPRESSED + 1) 3891 ) 3892 ) 3893 ) { 3894 ec_ok = 0; 3895 /* 3896 * if our certificate's curve is over a field type that the 3897 * client does not support then do not allow this cipher suite to 3898 * be negotiated 3899 */ 3900 if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3901 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != 3902 NULL) 3903 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec-> 3904 group->meth != NULL) 3905 && 3906 (EC_METHOD_get_field_type 3907 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec-> 3908 group->meth) == NID_X9_62_prime_field) 3909 ) { 3910 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; 3911 j++) { 3912 if (s->session->tlsext_ecpointformatlist[j] == 3913 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) { 3914 ec_ok = 1; 3915 break; 3916 } 3917 } 3918 } else 3919 if (EC_METHOD_get_field_type 3920 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec-> 3921 group->meth) == NID_X9_62_characteristic_two_field) { 3922 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; 3923 j++) { 3924 if (s->session->tlsext_ecpointformatlist[j] == 3925 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) { 3926 ec_ok = 1; 3927 break; 3928 } 3929 } 3930 } 3931 ok = ok && ec_ok; 3932 } 3933 if ( 3934 /* 3935 * if we are considering an ECC cipher suite that uses our 3936 * certificate 3937 */ 3938 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3939 /* and we have an ECC certificate */ 3940 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3941 /* 3942 * and the client specified an EllipticCurves extension 3943 */ 3944 && ((s->session->tlsext_ellipticcurvelist_length > 0) 3945 && (s->session->tlsext_ellipticcurvelist != NULL)) 3946 ) { 3947 ec_ok = 0; 3948 if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3949 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != 3950 NULL) 3951 ) { 3952 ec_nid = 3953 EC_GROUP_get_curve_name(s->cert-> 3954 pkeys[SSL_PKEY_ECC].privatekey-> 3955 pkey.ec->group); 3956 if ((ec_nid == 0) 3957 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey. 3958 ec->group->meth != NULL) 3959 ) { 3960 if (EC_METHOD_get_field_type 3961 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey. 3962 ec->group->meth) == NID_X9_62_prime_field) { 3963 ec_search1 = 0xFF; 3964 ec_search2 = 0x01; 3965 } else 3966 if (EC_METHOD_get_field_type 3967 (s->cert->pkeys[SSL_PKEY_ECC].privatekey-> 3968 pkey.ec->group->meth) == 3969 NID_X9_62_characteristic_two_field) { 3970 ec_search1 = 0xFF; 3971 ec_search2 = 0x02; 3972 } 3973 } else { 3974 ec_search1 = 0x00; 3975 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3976 } 3977 if ((ec_search1 != 0) || (ec_search2 != 0)) { 3978 for (j = 0; 3979 j < s->session->tlsext_ellipticcurvelist_length / 2; 3980 j++) { 3981 if ((s->session->tlsext_ellipticcurvelist[2 * j] == 3982 ec_search1) 3983 && (s->session->tlsext_ellipticcurvelist[2 * j + 3984 1] == 3985 ec_search2)) { 3986 ec_ok = 1; 3987 break; 3988 } 3989 } 3990 } 3991 } 3992 ok = ok && ec_ok; 3993 } 3994 # ifndef OPENSSL_NO_ECDH 3995 if ( 3996 /* 3997 * if we are considering an ECC cipher suite that uses an 3998 * ephemeral EC key 3999 */ 4000 (alg_k & SSL_kEECDH) 4001 /* and we have an ephemeral EC key */ 4002 && (s->cert->ecdh_tmp != NULL) 4003 /* 4004 * and the client specified an EllipticCurves extension 4005 */ 4006 && ((s->session->tlsext_ellipticcurvelist_length > 0) 4007 && (s->session->tlsext_ellipticcurvelist != NULL)) 4008 ) { 4009 ec_ok = 0; 4010 if (s->cert->ecdh_tmp->group != NULL) { 4011 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); 4012 if ((ec_nid == 0) 4013 && (s->cert->ecdh_tmp->group->meth != NULL) 4014 ) { 4015 if (EC_METHOD_get_field_type 4016 (s->cert->ecdh_tmp->group->meth) == 4017 NID_X9_62_prime_field) { 4018 ec_search1 = 0xFF; 4019 ec_search2 = 0x01; 4020 } else 4021 if (EC_METHOD_get_field_type 4022 (s->cert->ecdh_tmp->group->meth) == 4023 NID_X9_62_characteristic_two_field) { 4024 ec_search1 = 0xFF; 4025 ec_search2 = 0x02; 4026 } 4027 } else { 4028 ec_search1 = 0x00; 4029 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 4030 } 4031 if ((ec_search1 != 0) || (ec_search2 != 0)) { 4032 for (j = 0; 4033 j < s->session->tlsext_ellipticcurvelist_length / 2; 4034 j++) { 4035 if ((s->session->tlsext_ellipticcurvelist[2 * j] == 4036 ec_search1) 4037 && (s->session->tlsext_ellipticcurvelist[2 * j + 4038 1] == 4039 ec_search2)) { 4040 ec_ok = 1; 4041 break; 4042 } 4043 } 4044 } 4045 } 4046 ok = ok && ec_ok; 4047 } 4048 # endif /* OPENSSL_NO_ECDH */ 4049 # endif /* OPENSSL_NO_EC */ 4050 #endif /* OPENSSL_NO_TLSEXT */ 4051 4052 if (!ok) 4053 continue; 4054 ii = sk_SSL_CIPHER_find(allow, c); 4055 if (ii >= 0) { 4056 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 4057 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) 4058 && s->s3->is_probably_safari) { 4059 if (!ret) 4060 ret = sk_SSL_CIPHER_value(allow, ii); 4061 continue; 4062 } 4063 #endif 4064 ret = sk_SSL_CIPHER_value(allow, ii); 4065 break; 4066 } 4067 } 4068 return (ret); 4069 } 4070 4071 int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 4072 { 4073 int ret = 0; 4074 unsigned long alg_k; 4075 4076 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 4077 4078 #ifndef OPENSSL_NO_GOST 4079 if (s->version >= TLS1_VERSION) { 4080 if (alg_k & SSL_kGOST) { 4081 p[ret++] = TLS_CT_GOST94_SIGN; 4082 p[ret++] = TLS_CT_GOST01_SIGN; 4083 return (ret); 4084 } 4085 } 4086 #endif 4087 4088 #ifndef OPENSSL_NO_DH 4089 if (alg_k & (SSL_kDHr | SSL_kEDH)) { 4090 # ifndef OPENSSL_NO_RSA 4091 p[ret++] = SSL3_CT_RSA_FIXED_DH; 4092 # endif 4093 # ifndef OPENSSL_NO_DSA 4094 p[ret++] = SSL3_CT_DSS_FIXED_DH; 4095 # endif 4096 } 4097 if ((s->version == SSL3_VERSION) && 4098 (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) { 4099 # ifndef OPENSSL_NO_RSA 4100 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; 4101 # endif 4102 # ifndef OPENSSL_NO_DSA 4103 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; 4104 # endif 4105 } 4106 #endif /* !OPENSSL_NO_DH */ 4107 #ifndef OPENSSL_NO_RSA 4108 p[ret++] = SSL3_CT_RSA_SIGN; 4109 #endif 4110 #ifndef OPENSSL_NO_DSA 4111 p[ret++] = SSL3_CT_DSS_SIGN; 4112 #endif 4113 #ifndef OPENSSL_NO_ECDH 4114 if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { 4115 p[ret++] = TLS_CT_RSA_FIXED_ECDH; 4116 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; 4117 } 4118 #endif 4119 4120 #ifndef OPENSSL_NO_ECDSA 4121 /* 4122 * ECDSA certs can be used with RSA cipher suites as well so we don't 4123 * need to check for SSL_kECDH or SSL_kEECDH 4124 */ 4125 if (s->version >= TLS1_VERSION) { 4126 p[ret++] = TLS_CT_ECDSA_SIGN; 4127 } 4128 #endif 4129 return (ret); 4130 } 4131 4132 int ssl3_shutdown(SSL *s) 4133 { 4134 int ret; 4135 4136 /* 4137 * Don't do anything much if we have not done the handshake or we don't 4138 * want to send messages :-) 4139 */ 4140 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 4141 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 4142 return (1); 4143 } 4144 4145 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { 4146 s->shutdown |= SSL_SENT_SHUTDOWN; 4147 #if 1 4148 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 4149 #endif 4150 /* 4151 * our shutdown alert has been sent now, and if it still needs to be 4152 * written, s->s3->alert_dispatch will be true 4153 */ 4154 if (s->s3->alert_dispatch) 4155 return (-1); /* return WANT_WRITE */ 4156 } else if (s->s3->alert_dispatch) { 4157 /* resend it if not sent */ 4158 #if 1 4159 ret = s->method->ssl_dispatch_alert(s); 4160 if (ret == -1) { 4161 /* 4162 * we only get to return -1 here the 2nd/Nth invocation, we must 4163 * have already signalled return 0 upon a previous invoation, 4164 * return WANT_WRITE 4165 */ 4166 return (ret); 4167 } 4168 #endif 4169 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 4170 /* 4171 * If we are waiting for a close from our peer, we are closed 4172 */ 4173 s->method->ssl_read_bytes(s, 0, NULL, 0, 0); 4174 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 4175 return (-1); /* return WANT_READ */ 4176 } 4177 } 4178 4179 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && 4180 !s->s3->alert_dispatch) 4181 return (1); 4182 else 4183 return (0); 4184 } 4185 4186 int ssl3_write(SSL *s, const void *buf, int len) 4187 { 4188 int ret, n; 4189 4190 #if 0 4191 if (s->shutdown & SSL_SEND_SHUTDOWN) { 4192 s->rwstate = SSL_NOTHING; 4193 return (0); 4194 } 4195 #endif 4196 clear_sys_error(); 4197 if (s->s3->renegotiate) 4198 ssl3_renegotiate_check(s); 4199 4200 /* 4201 * This is an experimental flag that sends the last handshake message in 4202 * the same packet as the first use data - used to see if it helps the 4203 * TCP protocol during session-id reuse 4204 */ 4205 /* The second test is because the buffer may have been removed */ 4206 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 4207 /* First time through, we write into the buffer */ 4208 if (s->s3->delay_buf_pop_ret == 0) { 4209 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); 4210 if (ret <= 0) 4211 return (ret); 4212 4213 s->s3->delay_buf_pop_ret = ret; 4214 } 4215 4216 s->rwstate = SSL_WRITING; 4217 n = BIO_flush(s->wbio); 4218 if (n <= 0) 4219 return (n); 4220 s->rwstate = SSL_NOTHING; 4221 4222 /* We have flushed the buffer, so remove it */ 4223 ssl_free_wbio_buffer(s); 4224 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; 4225 4226 ret = s->s3->delay_buf_pop_ret; 4227 s->s3->delay_buf_pop_ret = 0; 4228 } else { 4229 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 4230 buf, len); 4231 if (ret <= 0) 4232 return (ret); 4233 } 4234 4235 return (ret); 4236 } 4237 4238 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) 4239 { 4240 int ret; 4241 4242 clear_sys_error(); 4243 if (s->s3->renegotiate) 4244 ssl3_renegotiate_check(s); 4245 s->s3->in_read_app_data = 1; 4246 ret = 4247 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, 4248 peek); 4249 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 4250 /* 4251 * ssl3_read_bytes decided to call s->handshake_func, which called 4252 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes 4253 * actually found application data and thinks that application data 4254 * makes sense here; so disable handshake processing and try to read 4255 * application data again. 4256 */ 4257 s->in_handshake++; 4258 ret = 4259 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, 4260 peek); 4261 s->in_handshake--; 4262 } else 4263 s->s3->in_read_app_data = 0; 4264 4265 return (ret); 4266 } 4267 4268 int ssl3_read(SSL *s, void *buf, int len) 4269 { 4270 return ssl3_read_internal(s, buf, len, 0); 4271 } 4272 4273 int ssl3_peek(SSL *s, void *buf, int len) 4274 { 4275 return ssl3_read_internal(s, buf, len, 1); 4276 } 4277 4278 int ssl3_renegotiate(SSL *s) 4279 { 4280 if (s->handshake_func == NULL) 4281 return (1); 4282 4283 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 4284 return (0); 4285 4286 s->s3->renegotiate = 1; 4287 return (1); 4288 } 4289 4290 int ssl3_renegotiate_check(SSL *s) 4291 { 4292 int ret = 0; 4293 4294 if (s->s3->renegotiate) { 4295 if ((s->s3->rbuf.left == 0) && 4296 (s->s3->wbuf.left == 0) && !SSL_in_init(s)) { 4297 /* 4298 * if we are the server, and we have sent a 'RENEGOTIATE' 4299 * message, we need to go to SSL_ST_ACCEPT. 4300 */ 4301 /* SSL_ST_ACCEPT */ 4302 s->state = SSL_ST_RENEGOTIATE; 4303 s->s3->renegotiate = 0; 4304 s->s3->num_renegotiations++; 4305 s->s3->total_renegotiations++; 4306 ret = 1; 4307 } 4308 } 4309 return (ret); 4310 } 4311 4312 /* 4313 * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 4314 * to new SHA256 PRF and handshake macs 4315 */ 4316 long ssl_get_algorithm2(SSL *s) 4317 { 4318 long alg2 = s->s3->tmp.new_cipher->algorithm2; 4319 if (s->method->version == TLS1_2_VERSION && 4320 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) 4321 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 4322 return alg2; 4323 } 4324
Indexes created Sun Mar 01 05:31:48 UTC 2026