1 /* $OpenBSD: s3_lib.c,v 1.71 2014/07/13 16:03:10 beck Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * 114 * Portions of the attached software ("Contribution") are developed by 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 * 117 * The Contribution is licensed pursuant to the OpenSSL open source 118 * license provided above. 119 * 120 * ECC cipher suite support in OpenSSL originally written by 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 * 123 */ 124 /* ==================================================================== 125 * Copyright 2005 Nokia. All rights reserved. 126 * 127 * The portions of the attached software ("Contribution") is developed by 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 * license. 130 * 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 * support (see RFC 4279) to OpenSSL. 134 * 135 * No patent licenses or other rights except those expressly stated in 136 * the OpenSSL open source license shall be deemed granted or received 137 * expressly, by implication, estoppel, or otherwise. 138 * 139 * No assurances are provided by Nokia that the Contribution does not 140 * infringe the patent or other intellectual property rights of any third 141 * party or that the license provides you with all the necessary rights 142 * to make use of the Contribution. 143 * 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 * OTHERWISE. 149 */ 150 151 #include <stdio.h> 152 #include <openssl/objects.h> 153 #include "ssl_locl.h" 154 #include "../crypto/ec/ec_lcl.h" 155 #include <openssl/md5.h> 156 #include <openssl/dh.h> 157 158 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) 159 160 /* 161 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the 162 * fixed nonce length in algorithms2. It is the inverse of the 163 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro. 164 */ 165 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) 166 167 /* list of available SSLv3 ciphers (sorted by id) */ 168 SSL_CIPHER ssl3_ciphers[] = { 169 170 /* The RSA ciphers */ 171 /* Cipher 01 */ 172 { 173 .valid = 1, 174 .name = SSL3_TXT_RSA_NULL_MD5, 175 .id = SSL3_CK_RSA_NULL_MD5, 176 .algorithm_mkey = SSL_kRSA, 177 .algorithm_auth = SSL_aRSA, 178 .algorithm_enc = SSL_eNULL, 179 .algorithm_mac = SSL_MD5, 180 .algorithm_ssl = SSL_SSLV3, 181 .algo_strength = SSL_STRONG_NONE, 182 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 183 .strength_bits = 0, 184 .alg_bits = 0, 185 }, 186 187 /* Cipher 02 */ 188 { 189 .valid = 1, 190 .name = SSL3_TXT_RSA_NULL_SHA, 191 .id = SSL3_CK_RSA_NULL_SHA, 192 .algorithm_mkey = SSL_kRSA, 193 .algorithm_auth = SSL_aRSA, 194 .algorithm_enc = SSL_eNULL, 195 .algorithm_mac = SSL_SHA1, 196 .algorithm_ssl = SSL_SSLV3, 197 .algo_strength = SSL_STRONG_NONE, 198 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 199 .strength_bits = 0, 200 .alg_bits = 0, 201 }, 202 203 /* Cipher 03 */ 204 { 205 .valid = 0, /* Weakened 40-bit export cipher. */ 206 .name = SSL3_TXT_RSA_RC4_40_MD5, 207 .id = SSL3_CK_RSA_RC4_40_MD5, 208 .algorithm_mkey = SSL_kRSA, 209 .algorithm_auth = SSL_aRSA, 210 .algorithm_enc = SSL_RC4, 211 .algorithm_mac = SSL_MD5, 212 .algorithm_ssl = SSL_SSLV3, 213 .algo_strength = 0, 214 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 215 .strength_bits = 40, 216 .alg_bits = 128, 217 }, 218 219 /* Cipher 04 */ 220 { 221 .valid = 1, 222 .name = SSL3_TXT_RSA_RC4_128_MD5, 223 .id = SSL3_CK_RSA_RC4_128_MD5, 224 .algorithm_mkey = SSL_kRSA, 225 .algorithm_auth = SSL_aRSA, 226 .algorithm_enc = SSL_RC4, 227 .algorithm_mac = SSL_MD5, 228 .algorithm_ssl = SSL_SSLV3, 229 .algo_strength = SSL_MEDIUM, 230 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 231 .strength_bits = 128, 232 .alg_bits = 128, 233 }, 234 235 /* Cipher 05 */ 236 { 237 .valid = 1, 238 .name = SSL3_TXT_RSA_RC4_128_SHA, 239 .id = SSL3_CK_RSA_RC4_128_SHA, 240 .algorithm_mkey = SSL_kRSA, 241 .algorithm_auth = SSL_aRSA, 242 .algorithm_enc = SSL_RC4, 243 .algorithm_mac = SSL_SHA1, 244 .algorithm_ssl = SSL_SSLV3, 245 .algo_strength = SSL_MEDIUM, 246 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 247 .strength_bits = 128, 248 .alg_bits = 128, 249 }, 250 251 /* Cipher 06 */ 252 { 253 .valid = 0, /* Weakened 40-bit export cipher. */ 254 .name = SSL3_TXT_RSA_RC2_40_MD5, 255 .id = SSL3_CK_RSA_RC2_40_MD5, 256 .algorithm_mkey = SSL_kRSA, 257 .algorithm_auth = SSL_aRSA, 258 .algorithm_enc = SSL_RC2, 259 .algorithm_mac = SSL_MD5, 260 .algorithm_ssl = SSL_SSLV3, 261 .algo_strength = 0, 262 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 263 .strength_bits = 40, 264 .alg_bits = 128, 265 }, 266 267 /* Cipher 07 */ 268 #ifndef OPENSSL_NO_IDEA 269 { 270 .valid = 1, 271 .name = SSL3_TXT_RSA_IDEA_128_SHA, 272 .id = SSL3_CK_RSA_IDEA_128_SHA, 273 .algorithm_mkey = SSL_kRSA, 274 .algorithm_auth = SSL_aRSA, 275 .algorithm_enc = SSL_IDEA, 276 .algorithm_mac = SSL_SHA1, 277 .algorithm_ssl = SSL_SSLV3, 278 .algo_strength = SSL_MEDIUM, 279 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 280 .strength_bits = 128, 281 .alg_bits = 128, 282 }, 283 #endif 284 285 /* Cipher 08 */ 286 { 287 .valid = 0, /* Weakened 40-bit export cipher. */ 288 .name = SSL3_TXT_RSA_DES_40_CBC_SHA, 289 .id = SSL3_CK_RSA_DES_40_CBC_SHA, 290 .algorithm_mkey = SSL_kRSA, 291 .algorithm_auth = SSL_aRSA, 292 .algorithm_enc = SSL_DES, 293 .algorithm_mac = SSL_SHA1, 294 .algorithm_ssl = SSL_SSLV3, 295 .algo_strength = 0, 296 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 297 .strength_bits = 40, 298 .alg_bits = 56, 299 }, 300 301 /* Cipher 09 */ 302 { 303 .valid = 1, 304 .name = SSL3_TXT_RSA_DES_64_CBC_SHA, 305 .id = SSL3_CK_RSA_DES_64_CBC_SHA, 306 .algorithm_mkey = SSL_kRSA, 307 .algorithm_auth = SSL_aRSA, 308 .algorithm_enc = SSL_DES, 309 .algorithm_mac = SSL_SHA1, 310 .algorithm_ssl = SSL_SSLV3, 311 .algo_strength = SSL_LOW, 312 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 313 .strength_bits = 56, 314 .alg_bits = 56, 315 }, 316 317 /* Cipher 0A */ 318 { 319 .valid = 1, 320 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, 321 .id = SSL3_CK_RSA_DES_192_CBC3_SHA, 322 .algorithm_mkey = SSL_kRSA, 323 .algorithm_auth = SSL_aRSA, 324 .algorithm_enc = SSL_3DES, 325 .algorithm_mac = SSL_SHA1, 326 .algorithm_ssl = SSL_SSLV3, 327 .algo_strength = SSL_HIGH, 328 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 329 .strength_bits = 112, 330 .alg_bits = 168, 331 }, 332 333 /* The DH ciphers */ 334 /* Cipher 0B */ 335 { 336 .valid = 0, /* Weakened 40-bit export cipher. */ 337 .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 338 .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA, 339 .algorithm_mkey = SSL_kDHd, 340 .algorithm_auth = SSL_aDH, 341 .algorithm_enc = SSL_DES, 342 .algorithm_mac = SSL_SHA1, 343 .algorithm_ssl = SSL_SSLV3, 344 .algo_strength = 0, 345 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 346 .strength_bits = 40, 347 .alg_bits = 56, 348 }, 349 350 /* Cipher 0C */ 351 { 352 .valid = 0, /* not implemented (non-ephemeral DH) */ 353 .name = SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 354 .id = SSL3_CK_DH_DSS_DES_64_CBC_SHA, 355 .algorithm_mkey = SSL_kDHd, 356 .algorithm_auth = SSL_aDH, 357 .algorithm_enc = SSL_DES, 358 .algorithm_mac = SSL_SHA1, 359 .algorithm_ssl = SSL_SSLV3, 360 .algo_strength = SSL_LOW, 361 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 362 .strength_bits = 56, 363 .alg_bits = 56, 364 }, 365 366 /* Cipher 0D */ 367 { 368 .valid = 0, /* not implemented (non-ephemeral DH) */ 369 .name = SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 370 .id = SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 371 .algorithm_mkey = SSL_kDHd, 372 .algorithm_auth = SSL_aDH, 373 .algorithm_enc = SSL_3DES, 374 .algorithm_mac = SSL_SHA1, 375 .algorithm_ssl = SSL_SSLV3, 376 .algo_strength = SSL_HIGH, 377 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 378 .strength_bits = 112, 379 .alg_bits = 168, 380 }, 381 382 /* Cipher 0E */ 383 { 384 .valid = 0, /* not implemented (non-ephemeral DH) */ 385 .name = SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 386 .id = SSL3_CK_DH_RSA_DES_40_CBC_SHA, 387 .algorithm_mkey = SSL_kDHr, 388 .algorithm_auth = SSL_aDH, 389 .algorithm_enc = SSL_DES, 390 .algorithm_mac = SSL_SHA1, 391 .algorithm_ssl = SSL_SSLV3, 392 .algo_strength = 0, 393 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 394 .strength_bits = 40, 395 .alg_bits = 56, 396 }, 397 398 /* Cipher 0F */ 399 { 400 .valid = 0, /* not implemented (non-ephemeral DH) */ 401 .name = SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 402 .id = SSL3_CK_DH_RSA_DES_64_CBC_SHA, 403 .algorithm_mkey = SSL_kDHr, 404 .algorithm_auth = SSL_aDH, 405 .algorithm_enc = SSL_DES, 406 .algorithm_mac = SSL_SHA1, 407 .algorithm_ssl = SSL_SSLV3, 408 .algo_strength = SSL_LOW, 409 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 410 .strength_bits = 56, 411 .alg_bits = 56, 412 }, 413 414 /* Cipher 10 */ 415 { 416 .valid = 0, /* not implemented (non-ephemeral DH) */ 417 .name = SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 418 .id = SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 419 .algorithm_mkey = SSL_kDHr, 420 .algorithm_auth = SSL_aDH, 421 .algorithm_enc = SSL_3DES, 422 .algorithm_mac = SSL_SHA1, 423 .algorithm_ssl = SSL_SSLV3, 424 .algo_strength = SSL_HIGH, 425 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 426 .strength_bits = 112, 427 .alg_bits = 168, 428 }, 429 430 /* The Ephemeral DH ciphers */ 431 /* Cipher 11 */ 432 { 433 .valid = 0, /* Weakened 40-bit export cipher. */ 434 .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 435 .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 436 .algorithm_mkey = SSL_kDHE, 437 .algorithm_auth = SSL_aDSS, 438 .algorithm_enc = SSL_DES, 439 .algorithm_mac = SSL_SHA1, 440 .algorithm_ssl = SSL_SSLV3, 441 .algo_strength = 0, 442 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 443 .strength_bits = 40, 444 .alg_bits = 56, 445 }, 446 447 /* Cipher 12 */ 448 { 449 .valid = 1, 450 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 451 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 452 .algorithm_mkey = SSL_kDHE, 453 .algorithm_auth = SSL_aDSS, 454 .algorithm_enc = SSL_DES, 455 .algorithm_mac = SSL_SHA1, 456 .algorithm_ssl = SSL_SSLV3, 457 .algo_strength = SSL_LOW, 458 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 459 .strength_bits = 56, 460 .alg_bits = 56, 461 }, 462 463 /* Cipher 13 */ 464 { 465 .valid = 1, 466 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 467 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 468 .algorithm_mkey = SSL_kDHE, 469 .algorithm_auth = SSL_aDSS, 470 .algorithm_enc = SSL_3DES, 471 .algorithm_mac = SSL_SHA1, 472 .algorithm_ssl = SSL_SSLV3, 473 .algo_strength = SSL_HIGH, 474 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 475 .strength_bits = 112, 476 .alg_bits = 168, 477 }, 478 479 /* Cipher 14 */ 480 { 481 .valid = 0, /* Weakened 40-bit export cipher. */ 482 .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 483 .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 484 .algorithm_mkey = SSL_kDHE, 485 .algorithm_auth = SSL_aRSA, 486 .algorithm_enc = SSL_DES, 487 .algorithm_mac = SSL_SHA1, 488 .algorithm_ssl = SSL_SSLV3, 489 .algo_strength = 0, 490 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 491 .strength_bits = 40, 492 .alg_bits = 56, 493 }, 494 495 /* Cipher 15 */ 496 { 497 .valid = 1, 498 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 499 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 500 .algorithm_mkey = SSL_kDHE, 501 .algorithm_auth = SSL_aRSA, 502 .algorithm_enc = SSL_DES, 503 .algorithm_mac = SSL_SHA1, 504 .algorithm_ssl = SSL_SSLV3, 505 .algo_strength = SSL_LOW, 506 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 507 .strength_bits = 56, 508 .alg_bits = 56, 509 }, 510 511 /* Cipher 16 */ 512 { 513 .valid = 1, 514 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 515 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 516 .algorithm_mkey = SSL_kDHE, 517 .algorithm_auth = SSL_aRSA, 518 .algorithm_enc = SSL_3DES, 519 .algorithm_mac = SSL_SHA1, 520 .algorithm_ssl = SSL_SSLV3, 521 .algo_strength = SSL_HIGH, 522 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 523 .strength_bits = 112, 524 .alg_bits = 168, 525 }, 526 527 /* Cipher 17 */ 528 { 529 .valid = 0, /* Weakened 40-bit export cipher. */ 530 .name = SSL3_TXT_ADH_RC4_40_MD5, 531 .id = SSL3_CK_ADH_RC4_40_MD5, 532 .algorithm_mkey = SSL_kDHE, 533 .algorithm_auth = SSL_aNULL, 534 .algorithm_enc = SSL_RC4, 535 .algorithm_mac = SSL_MD5, 536 .algorithm_ssl = SSL_SSLV3, 537 .algo_strength = 0, 538 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 539 .strength_bits = 40, 540 .alg_bits = 128, 541 }, 542 543 /* Cipher 18 */ 544 { 545 .valid = 1, 546 .name = SSL3_TXT_ADH_RC4_128_MD5, 547 .id = SSL3_CK_ADH_RC4_128_MD5, 548 .algorithm_mkey = SSL_kDHE, 549 .algorithm_auth = SSL_aNULL, 550 .algorithm_enc = SSL_RC4, 551 .algorithm_mac = SSL_MD5, 552 .algorithm_ssl = SSL_SSLV3, 553 .algo_strength = SSL_MEDIUM, 554 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 555 .strength_bits = 128, 556 .alg_bits = 128, 557 }, 558 559 /* Cipher 19 */ 560 { 561 .valid = 0, /* Weakened 40-bit export cipher. */ 562 .name = SSL3_TXT_ADH_DES_40_CBC_SHA, 563 .id = SSL3_CK_ADH_DES_40_CBC_SHA, 564 .algorithm_mkey = SSL_kDHE, 565 .algorithm_auth = SSL_aNULL, 566 .algorithm_enc = SSL_DES, 567 .algorithm_mac = SSL_SHA1, 568 .algorithm_ssl = SSL_SSLV3, 569 .algo_strength = 0, 570 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 571 .strength_bits = 40, 572 .alg_bits = 128, 573 }, 574 575 /* Cipher 1A */ 576 { 577 .valid = 1, 578 .name = SSL3_TXT_ADH_DES_64_CBC_SHA, 579 .id = SSL3_CK_ADH_DES_64_CBC_SHA, 580 .algorithm_mkey = SSL_kDHE, 581 .algorithm_auth = SSL_aNULL, 582 .algorithm_enc = SSL_DES, 583 .algorithm_mac = SSL_SHA1, 584 .algorithm_ssl = SSL_SSLV3, 585 .algo_strength = SSL_LOW, 586 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 587 .strength_bits = 56, 588 .alg_bits = 56, 589 }, 590 591 /* Cipher 1B */ 592 { 593 .valid = 1, 594 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 595 .id = SSL3_CK_ADH_DES_192_CBC_SHA, 596 .algorithm_mkey = SSL_kDHE, 597 .algorithm_auth = SSL_aNULL, 598 .algorithm_enc = SSL_3DES, 599 .algorithm_mac = SSL_SHA1, 600 .algorithm_ssl = SSL_SSLV3, 601 .algo_strength = SSL_HIGH, 602 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 603 .strength_bits = 112, 604 .alg_bits = 168, 605 }, 606 607 /* New AES ciphersuites */ 608 /* Cipher 2F */ 609 { 610 .valid = 1, 611 .name = TLS1_TXT_RSA_WITH_AES_128_SHA, 612 .id = TLS1_CK_RSA_WITH_AES_128_SHA, 613 .algorithm_mkey = SSL_kRSA, 614 .algorithm_auth = SSL_aRSA, 615 .algorithm_enc = SSL_AES128, 616 .algorithm_mac = SSL_SHA1, 617 .algorithm_ssl = SSL_TLSV1, 618 .algo_strength = SSL_HIGH, 619 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 620 .strength_bits = 128, 621 .alg_bits = 128, 622 }, 623 /* Cipher 30 */ 624 { 625 .valid = 0, 626 .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 627 .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA, 628 .algorithm_mkey = SSL_kDHd, 629 .algorithm_auth = SSL_aDH, 630 .algorithm_enc = SSL_AES128, 631 .algorithm_mac = SSL_SHA1, 632 .algorithm_ssl = SSL_TLSV1, 633 .algo_strength = SSL_HIGH, 634 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 635 .strength_bits = 128, 636 .alg_bits = 128, 637 }, 638 /* Cipher 31 */ 639 { 640 .valid = 0, 641 .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 642 .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA, 643 .algorithm_mkey = SSL_kDHr, 644 .algorithm_auth = SSL_aDH, 645 .algorithm_enc = SSL_AES128, 646 .algorithm_mac = SSL_SHA1, 647 .algorithm_ssl = SSL_TLSV1, 648 .algo_strength = SSL_HIGH, 649 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 650 .strength_bits = 128, 651 .alg_bits = 128, 652 }, 653 /* Cipher 32 */ 654 { 655 .valid = 1, 656 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 657 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 658 .algorithm_mkey = SSL_kDHE, 659 .algorithm_auth = SSL_aDSS, 660 .algorithm_enc = SSL_AES128, 661 .algorithm_mac = SSL_SHA1, 662 .algorithm_ssl = SSL_TLSV1, 663 .algo_strength = SSL_HIGH, 664 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 665 .strength_bits = 128, 666 .alg_bits = 128, 667 }, 668 /* Cipher 33 */ 669 { 670 .valid = 1, 671 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 672 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 673 .algorithm_mkey = SSL_kDHE, 674 .algorithm_auth = SSL_aRSA, 675 .algorithm_enc = SSL_AES128, 676 .algorithm_mac = SSL_SHA1, 677 .algorithm_ssl = SSL_TLSV1, 678 .algo_strength = SSL_HIGH, 679 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 680 .strength_bits = 128, 681 .alg_bits = 128, 682 }, 683 /* Cipher 34 */ 684 { 685 .valid = 1, 686 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 687 .id = TLS1_CK_ADH_WITH_AES_128_SHA, 688 .algorithm_mkey = SSL_kDHE, 689 .algorithm_auth = SSL_aNULL, 690 .algorithm_enc = SSL_AES128, 691 .algorithm_mac = SSL_SHA1, 692 .algorithm_ssl = SSL_TLSV1, 693 .algo_strength = SSL_HIGH, 694 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 695 .strength_bits = 128, 696 .alg_bits = 128, 697 }, 698 699 /* Cipher 35 */ 700 { 701 .valid = 1, 702 .name = TLS1_TXT_RSA_WITH_AES_256_SHA, 703 .id = TLS1_CK_RSA_WITH_AES_256_SHA, 704 .algorithm_mkey = SSL_kRSA, 705 .algorithm_auth = SSL_aRSA, 706 .algorithm_enc = SSL_AES256, 707 .algorithm_mac = SSL_SHA1, 708 .algorithm_ssl = SSL_TLSV1, 709 .algo_strength = SSL_HIGH, 710 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 711 .strength_bits = 256, 712 .alg_bits = 256, 713 }, 714 /* Cipher 36 */ 715 { 716 .valid = 0, 717 .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 718 .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA, 719 .algorithm_mkey = SSL_kDHd, 720 .algorithm_auth = SSL_aDH, 721 .algorithm_enc = SSL_AES256, 722 .algorithm_mac = SSL_SHA1, 723 .algorithm_ssl = SSL_TLSV1, 724 .algo_strength = SSL_HIGH, 725 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 726 .strength_bits = 256, 727 .alg_bits = 256, 728 }, 729 730 /* Cipher 37 */ 731 { 732 .valid = 0, /* not implemented (non-ephemeral DH) */ 733 .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 734 .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA, 735 .algorithm_mkey = SSL_kDHr, 736 .algorithm_auth = SSL_aDH, 737 .algorithm_enc = SSL_AES256, 738 .algorithm_mac = SSL_SHA1, 739 .algorithm_ssl = SSL_TLSV1, 740 .algo_strength = SSL_HIGH, 741 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 742 .strength_bits = 256, 743 .alg_bits = 256, 744 }, 745 746 /* Cipher 38 */ 747 { 748 .valid = 1, 749 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 750 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 751 .algorithm_mkey = SSL_kDHE, 752 .algorithm_auth = SSL_aDSS, 753 .algorithm_enc = SSL_AES256, 754 .algorithm_mac = SSL_SHA1, 755 .algorithm_ssl = SSL_TLSV1, 756 .algo_strength = SSL_HIGH, 757 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 758 .strength_bits = 256, 759 .alg_bits = 256, 760 }, 761 762 /* Cipher 39 */ 763 { 764 .valid = 1, 765 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 766 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 767 .algorithm_mkey = SSL_kDHE, 768 .algorithm_auth = SSL_aRSA, 769 .algorithm_enc = SSL_AES256, 770 .algorithm_mac = SSL_SHA1, 771 .algorithm_ssl = SSL_TLSV1, 772 .algo_strength = SSL_HIGH, 773 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 774 .strength_bits = 256, 775 .alg_bits = 256, 776 }, 777 778 /* Cipher 3A */ 779 { 780 .valid = 1, 781 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 782 .id = TLS1_CK_ADH_WITH_AES_256_SHA, 783 .algorithm_mkey = SSL_kDHE, 784 .algorithm_auth = SSL_aNULL, 785 .algorithm_enc = SSL_AES256, 786 .algorithm_mac = SSL_SHA1, 787 .algorithm_ssl = SSL_TLSV1, 788 .algo_strength = SSL_HIGH, 789 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 790 .strength_bits = 256, 791 .alg_bits = 256, 792 }, 793 794 /* TLS v1.2 ciphersuites */ 795 /* Cipher 3B */ 796 { 797 .valid = 1, 798 .name = TLS1_TXT_RSA_WITH_NULL_SHA256, 799 .id = TLS1_CK_RSA_WITH_NULL_SHA256, 800 .algorithm_mkey = SSL_kRSA, 801 .algorithm_auth = SSL_aRSA, 802 .algorithm_enc = SSL_eNULL, 803 .algorithm_mac = SSL_SHA256, 804 .algorithm_ssl = SSL_TLSV1_2, 805 .algo_strength = SSL_STRONG_NONE, 806 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 807 .strength_bits = 0, 808 .alg_bits = 0, 809 }, 810 811 /* Cipher 3C */ 812 { 813 .valid = 1, 814 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, 815 .id = TLS1_CK_RSA_WITH_AES_128_SHA256, 816 .algorithm_mkey = SSL_kRSA, 817 .algorithm_auth = SSL_aRSA, 818 .algorithm_enc = SSL_AES128, 819 .algorithm_mac = SSL_SHA256, 820 .algorithm_ssl = SSL_TLSV1_2, 821 .algo_strength = SSL_HIGH, 822 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 823 .strength_bits = 128, 824 .alg_bits = 128, 825 }, 826 827 /* Cipher 3D */ 828 { 829 .valid = 1, 830 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, 831 .id = TLS1_CK_RSA_WITH_AES_256_SHA256, 832 .algorithm_mkey = SSL_kRSA, 833 .algorithm_auth = SSL_aRSA, 834 .algorithm_enc = SSL_AES256, 835 .algorithm_mac = SSL_SHA256, 836 .algorithm_ssl = SSL_TLSV1_2, 837 .algo_strength = SSL_HIGH, 838 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 839 .strength_bits = 256, 840 .alg_bits = 256, 841 }, 842 843 /* Cipher 3E */ 844 { 845 .valid = 0, /* not implemented (non-ephemeral DH) */ 846 .name = TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 847 .id = TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 848 .algorithm_mkey = SSL_kDHd, 849 .algorithm_auth = SSL_aDH, 850 .algorithm_enc = SSL_AES128, 851 .algorithm_mac = SSL_SHA256, 852 .algorithm_ssl = SSL_TLSV1_2, 853 .algo_strength = SSL_HIGH, 854 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 855 .strength_bits = 128, 856 .alg_bits = 128, 857 }, 858 859 /* Cipher 3F */ 860 { 861 .valid = 0, /* not implemented (non-ephemeral DH) */ 862 .name = TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, 863 .id = TLS1_CK_DH_RSA_WITH_AES_128_SHA256, 864 .algorithm_mkey = SSL_kDHr, 865 .algorithm_auth = SSL_aDH, 866 .algorithm_enc = SSL_AES128, 867 .algorithm_mac = SSL_SHA256, 868 .algorithm_ssl = SSL_TLSV1_2, 869 .algo_strength = SSL_HIGH, 870 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 871 .strength_bits = 128, 872 .alg_bits = 128, 873 }, 874 875 /* Cipher 40 */ 876 { 877 .valid = 1, 878 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 879 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 880 .algorithm_mkey = SSL_kDHE, 881 .algorithm_auth = SSL_aDSS, 882 .algorithm_enc = SSL_AES128, 883 .algorithm_mac = SSL_SHA256, 884 .algorithm_ssl = SSL_TLSV1_2, 885 .algo_strength = SSL_HIGH, 886 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 887 .strength_bits = 128, 888 .alg_bits = 128, 889 }, 890 891 #ifndef OPENSSL_NO_CAMELLIA 892 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 893 894 /* Cipher 41 */ 895 { 896 .valid = 1, 897 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 898 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 899 .algorithm_mkey = SSL_kRSA, 900 .algorithm_auth = SSL_aRSA, 901 .algorithm_enc = SSL_CAMELLIA128, 902 .algorithm_mac = SSL_SHA1, 903 .algorithm_ssl = SSL_TLSV1, 904 .algo_strength = SSL_HIGH, 905 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 906 .strength_bits = 128, 907 .alg_bits = 128, 908 }, 909 910 /* Cipher 42 */ 911 { 912 .valid = 0, /* not implemented (non-ephemeral DH) */ 913 .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 914 .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 915 .algorithm_mkey = SSL_kDHd, 916 .algorithm_auth = SSL_aDH, 917 .algorithm_enc = SSL_CAMELLIA128, 918 .algorithm_mac = SSL_SHA1, 919 .algorithm_ssl = SSL_TLSV1, 920 .algo_strength = SSL_HIGH, 921 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 922 .strength_bits = 128, 923 .alg_bits = 128, 924 }, 925 926 /* Cipher 43 */ 927 { 928 .valid = 0, /* not implemented (non-ephemeral DH) */ 929 .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 930 .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 931 .algorithm_mkey = SSL_kDHr, 932 .algorithm_auth = SSL_aDH, 933 .algorithm_enc = SSL_CAMELLIA128, 934 .algorithm_mac = SSL_SHA1, 935 .algorithm_ssl = SSL_TLSV1, 936 .algo_strength = SSL_HIGH, 937 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 938 .strength_bits = 128, 939 .alg_bits = 128, 940 }, 941 942 /* Cipher 44 */ 943 { 944 .valid = 1, 945 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 946 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 947 .algorithm_mkey = SSL_kDHE, 948 .algorithm_auth = SSL_aDSS, 949 .algorithm_enc = SSL_CAMELLIA128, 950 .algorithm_mac = SSL_SHA1, 951 .algorithm_ssl = SSL_TLSV1, 952 .algo_strength = SSL_HIGH, 953 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 954 .strength_bits = 128, 955 .alg_bits = 128, 956 }, 957 958 /* Cipher 45 */ 959 { 960 .valid = 1, 961 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 962 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 963 .algorithm_mkey = SSL_kDHE, 964 .algorithm_auth = SSL_aRSA, 965 .algorithm_enc = SSL_CAMELLIA128, 966 .algorithm_mac = SSL_SHA1, 967 .algorithm_ssl = SSL_TLSV1, 968 .algo_strength = SSL_HIGH, 969 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 970 .strength_bits = 128, 971 .alg_bits = 128, 972 }, 973 974 /* Cipher 46 */ 975 { 976 .valid = 1, 977 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 978 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 979 .algorithm_mkey = SSL_kDHE, 980 .algorithm_auth = SSL_aNULL, 981 .algorithm_enc = SSL_CAMELLIA128, 982 .algorithm_mac = SSL_SHA1, 983 .algorithm_ssl = SSL_TLSV1, 984 .algo_strength = SSL_HIGH, 985 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 986 .strength_bits = 128, 987 .alg_bits = 128, 988 }, 989 #endif /* OPENSSL_NO_CAMELLIA */ 990 991 /* TLS v1.2 ciphersuites */ 992 /* Cipher 67 */ 993 { 994 .valid = 1, 995 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 996 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 997 .algorithm_mkey = SSL_kDHE, 998 .algorithm_auth = SSL_aRSA, 999 .algorithm_enc = SSL_AES128, 1000 .algorithm_mac = SSL_SHA256, 1001 .algorithm_ssl = SSL_TLSV1_2, 1002 .algo_strength = SSL_HIGH, 1003 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1004 .strength_bits = 128, 1005 .alg_bits = 128, 1006 }, 1007 1008 /* Cipher 68 */ 1009 { 1010 .valid = 0, /* not implemented (non-ephemeral DH) */ 1011 .name = TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1012 .id = TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1013 .algorithm_mkey = SSL_kDHd, 1014 .algorithm_auth = SSL_aDH, 1015 .algorithm_enc = SSL_AES256, 1016 .algorithm_mac = SSL_SHA256, 1017 .algorithm_ssl = SSL_TLSV1_2, 1018 .algo_strength = SSL_HIGH, 1019 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1020 .strength_bits = 256, 1021 .alg_bits = 256, 1022 }, 1023 1024 /* Cipher 69 */ 1025 { 1026 .valid = 0, /* not implemented (non-ephemeral DH) */ 1027 .name = TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, 1028 .id = TLS1_CK_DH_RSA_WITH_AES_256_SHA256, 1029 .algorithm_mkey = SSL_kDHr, 1030 .algorithm_auth = SSL_aDH, 1031 .algorithm_enc = SSL_AES256, 1032 .algorithm_mac = SSL_SHA256, 1033 .algorithm_ssl = SSL_TLSV1_2, 1034 .algo_strength = SSL_HIGH, 1035 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1036 .strength_bits = 256, 1037 .alg_bits = 256, 1038 }, 1039 1040 /* Cipher 6A */ 1041 { 1042 .valid = 1, 1043 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1044 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1045 .algorithm_mkey = SSL_kDHE, 1046 .algorithm_auth = SSL_aDSS, 1047 .algorithm_enc = SSL_AES256, 1048 .algorithm_mac = SSL_SHA256, 1049 .algorithm_ssl = SSL_TLSV1_2, 1050 .algo_strength = SSL_HIGH, 1051 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1052 .strength_bits = 256, 1053 .alg_bits = 256, 1054 }, 1055 1056 /* Cipher 6B */ 1057 { 1058 .valid = 1, 1059 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1060 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1061 .algorithm_mkey = SSL_kDHE, 1062 .algorithm_auth = SSL_aRSA, 1063 .algorithm_enc = SSL_AES256, 1064 .algorithm_mac = SSL_SHA256, 1065 .algorithm_ssl = SSL_TLSV1_2, 1066 .algo_strength = SSL_HIGH, 1067 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1068 .strength_bits = 256, 1069 .alg_bits = 256, 1070 }, 1071 1072 /* Cipher 6C */ 1073 { 1074 .valid = 1, 1075 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 1076 .id = TLS1_CK_ADH_WITH_AES_128_SHA256, 1077 .algorithm_mkey = SSL_kDHE, 1078 .algorithm_auth = SSL_aNULL, 1079 .algorithm_enc = SSL_AES128, 1080 .algorithm_mac = SSL_SHA256, 1081 .algorithm_ssl = SSL_TLSV1_2, 1082 .algo_strength = SSL_HIGH, 1083 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1084 .strength_bits = 128, 1085 .alg_bits = 128, 1086 }, 1087 1088 /* Cipher 6D */ 1089 { 1090 .valid = 1, 1091 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 1092 .id = TLS1_CK_ADH_WITH_AES_256_SHA256, 1093 .algorithm_mkey = SSL_kDHE, 1094 .algorithm_auth = SSL_aNULL, 1095 .algorithm_enc = SSL_AES256, 1096 .algorithm_mac = SSL_SHA256, 1097 .algorithm_ssl = SSL_TLSV1_2, 1098 .algo_strength = SSL_HIGH, 1099 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1100 .strength_bits = 256, 1101 .alg_bits = 256, 1102 }, 1103 1104 /* GOST Ciphersuites */ 1105 1106 { 1107 .valid = 1, 1108 .name = "GOST94-GOST89-GOST89", 1109 .id = 0x3000080, 1110 .algorithm_mkey = SSL_kGOST, 1111 .algorithm_auth = SSL_aGOST94, 1112 .algorithm_enc = SSL_eGOST2814789CNT, 1113 .algorithm_mac = SSL_GOST89MAC, 1114 .algorithm_ssl = SSL_TLSV1, 1115 .algo_strength = SSL_HIGH, 1116 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| 1117 TLS1_STREAM_MAC, 1118 .strength_bits = 256, 1119 .alg_bits = 256 1120 }, 1121 { 1122 .valid = 1, 1123 .name = "GOST2001-GOST89-GOST89", 1124 .id = 0x3000081, 1125 .algorithm_mkey = SSL_kGOST, 1126 .algorithm_auth = SSL_aGOST01, 1127 .algorithm_enc = SSL_eGOST2814789CNT, 1128 .algorithm_mac = SSL_GOST89MAC, 1129 .algorithm_ssl = SSL_TLSV1, 1130 .algo_strength = SSL_HIGH, 1131 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| 1132 TLS1_STREAM_MAC, 1133 .strength_bits = 256, 1134 .alg_bits = 256 1135 }, 1136 { 1137 .valid = 1, 1138 .name = "GOST94-NULL-GOST94", 1139 .id = 0x3000082, 1140 .algorithm_mkey = SSL_kGOST, 1141 .algorithm_auth = SSL_aGOST94, 1142 .algorithm_enc = SSL_eNULL, 1143 .algorithm_mac = SSL_GOST94, 1144 .algorithm_ssl = SSL_TLSV1, 1145 .algo_strength = SSL_STRONG_NONE, 1146 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1147 .strength_bits = 0, 1148 .alg_bits = 0 1149 }, 1150 { 1151 .valid = 1, 1152 .name = "GOST2001-NULL-GOST94", 1153 .id = 0x3000083, 1154 .algorithm_mkey = SSL_kGOST, 1155 .algorithm_auth = SSL_aGOST01, 1156 .algorithm_enc = SSL_eNULL, 1157 .algorithm_mac = SSL_GOST94, 1158 .algorithm_ssl = SSL_TLSV1, 1159 .algo_strength = SSL_STRONG_NONE, 1160 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1161 .strength_bits = 0, 1162 .alg_bits = 0 1163 }, 1164 1165 #ifndef OPENSSL_NO_CAMELLIA 1166 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 1167 1168 /* Cipher 84 */ 1169 { 1170 .valid = 1, 1171 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1172 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1173 .algorithm_mkey = SSL_kRSA, 1174 .algorithm_auth = SSL_aRSA, 1175 .algorithm_enc = SSL_CAMELLIA256, 1176 .algorithm_mac = SSL_SHA1, 1177 .algorithm_ssl = SSL_TLSV1, 1178 .algo_strength = SSL_HIGH, 1179 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1180 .strength_bits = 256, 1181 .alg_bits = 256, 1182 }, 1183 1184 /* Cipher 85 */ 1185 { 1186 .valid = 0, /* not implemented (non-ephemeral DH) */ 1187 .name = TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1188 .id = TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1189 .algorithm_mkey = SSL_kDHd, 1190 .algorithm_auth = SSL_aDH, 1191 .algorithm_enc = SSL_CAMELLIA256, 1192 .algorithm_mac = SSL_SHA1, 1193 .algorithm_ssl = SSL_TLSV1, 1194 .algo_strength = SSL_HIGH, 1195 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1196 .strength_bits = 256, 1197 .alg_bits = 256, 1198 }, 1199 1200 /* Cipher 86 */ 1201 { 1202 .valid = 0, /* not implemented (non-ephemeral DH) */ 1203 .name = TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1204 .id = TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1205 .algorithm_mkey = SSL_kDHr, 1206 .algorithm_auth = SSL_aDH, 1207 .algorithm_enc = SSL_CAMELLIA256, 1208 .algorithm_mac = SSL_SHA1, 1209 .algorithm_ssl = SSL_TLSV1, 1210 .algo_strength = SSL_HIGH, 1211 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1212 .strength_bits = 256, 1213 .alg_bits = 256, 1214 }, 1215 1216 /* Cipher 87 */ 1217 { 1218 .valid = 1, 1219 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1220 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1221 .algorithm_mkey = SSL_kDHE, 1222 .algorithm_auth = SSL_aDSS, 1223 .algorithm_enc = SSL_CAMELLIA256, 1224 .algorithm_mac = SSL_SHA1, 1225 .algorithm_ssl = SSL_TLSV1, 1226 .algo_strength = SSL_HIGH, 1227 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1228 .strength_bits = 256, 1229 .alg_bits = 256, 1230 }, 1231 1232 /* Cipher 88 */ 1233 { 1234 .valid = 1, 1235 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1236 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1237 .algorithm_mkey = SSL_kDHE, 1238 .algorithm_auth = SSL_aRSA, 1239 .algorithm_enc = SSL_CAMELLIA256, 1240 .algorithm_mac = SSL_SHA1, 1241 .algorithm_ssl = SSL_TLSV1, 1242 .algo_strength = SSL_HIGH, 1243 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1244 .strength_bits = 256, 1245 .alg_bits = 256, 1246 }, 1247 1248 /* Cipher 89 */ 1249 { 1250 .valid = 1, 1251 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1252 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1253 .algorithm_mkey = SSL_kDHE, 1254 .algorithm_auth = SSL_aNULL, 1255 .algorithm_enc = SSL_CAMELLIA256, 1256 .algorithm_mac = SSL_SHA1, 1257 .algorithm_ssl = SSL_TLSV1, 1258 .algo_strength = SSL_HIGH, 1259 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1260 .strength_bits = 256, 1261 .alg_bits = 256, 1262 }, 1263 #endif /* OPENSSL_NO_CAMELLIA */ 1264 1265 1266 /* GCM ciphersuites from RFC5288 */ 1267 1268 /* Cipher 9C */ 1269 { 1270 .valid = 1, 1271 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 1272 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 1273 .algorithm_mkey = SSL_kRSA, 1274 .algorithm_auth = SSL_aRSA, 1275 .algorithm_enc = SSL_AES128GCM, 1276 .algorithm_mac = SSL_AEAD, 1277 .algorithm_ssl = SSL_TLSV1_2, 1278 .algo_strength = SSL_HIGH, 1279 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1280 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1281 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1282 .strength_bits = 128, 1283 .alg_bits = 128, 1284 }, 1285 1286 /* Cipher 9D */ 1287 { 1288 .valid = 1, 1289 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 1290 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 1291 .algorithm_mkey = SSL_kRSA, 1292 .algorithm_auth = SSL_aRSA, 1293 .algorithm_enc = SSL_AES256GCM, 1294 .algorithm_mac = SSL_AEAD, 1295 .algorithm_ssl = SSL_TLSV1_2, 1296 .algo_strength = SSL_HIGH, 1297 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1298 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1299 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1300 .strength_bits = 256, 1301 .alg_bits = 256, 1302 }, 1303 1304 /* Cipher 9E */ 1305 { 1306 .valid = 1, 1307 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1308 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1309 .algorithm_mkey = SSL_kDHE, 1310 .algorithm_auth = SSL_aRSA, 1311 .algorithm_enc = SSL_AES128GCM, 1312 .algorithm_mac = SSL_AEAD, 1313 .algorithm_ssl = SSL_TLSV1_2, 1314 .algo_strength = SSL_HIGH, 1315 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1316 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1317 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1318 .strength_bits = 128, 1319 .alg_bits = 128, 1320 }, 1321 1322 /* Cipher 9F */ 1323 { 1324 .valid = 1, 1325 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1326 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1327 .algorithm_mkey = SSL_kDHE, 1328 .algorithm_auth = SSL_aRSA, 1329 .algorithm_enc = SSL_AES256GCM, 1330 .algorithm_mac = SSL_AEAD, 1331 .algorithm_ssl = SSL_TLSV1_2, 1332 .algo_strength = SSL_HIGH, 1333 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1334 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1335 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1336 .strength_bits = 256, 1337 .alg_bits = 256, 1338 }, 1339 1340 /* Cipher A0 */ 1341 { 1342 .valid = 0, 1343 .name = TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, 1344 .id = TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, 1345 .algorithm_mkey = SSL_kDHr, 1346 .algorithm_auth = SSL_aDH, 1347 .algorithm_enc = SSL_AES128GCM, 1348 .algorithm_mac = SSL_AEAD, 1349 .algorithm_ssl = SSL_TLSV1_2, 1350 .algo_strength = SSL_HIGH, 1351 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1352 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1353 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1354 .strength_bits = 128, 1355 .alg_bits = 128, 1356 }, 1357 1358 /* Cipher A1 */ 1359 { 1360 .valid = 0, 1361 .name = TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, 1362 .id = TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, 1363 .algorithm_mkey = SSL_kDHr, 1364 .algorithm_auth = SSL_aDH, 1365 .algorithm_enc = SSL_AES256GCM, 1366 .algorithm_mac = SSL_AEAD, 1367 .algorithm_ssl = SSL_TLSV1_2, 1368 .algo_strength = SSL_HIGH, 1369 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1370 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1371 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1372 .strength_bits = 256, 1373 .alg_bits = 256, 1374 }, 1375 1376 /* Cipher A2 */ 1377 { 1378 .valid = 1, 1379 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1380 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1381 .algorithm_mkey = SSL_kDHE, 1382 .algorithm_auth = SSL_aDSS, 1383 .algorithm_enc = SSL_AES128GCM, 1384 .algorithm_mac = SSL_AEAD, 1385 .algorithm_ssl = SSL_TLSV1_2, 1386 .algo_strength = SSL_HIGH, 1387 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1388 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1389 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1390 .strength_bits = 128, 1391 .alg_bits = 128, 1392 }, 1393 1394 /* Cipher A3 */ 1395 { 1396 .valid = 1, 1397 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1398 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1399 .algorithm_mkey = SSL_kDHE, 1400 .algorithm_auth = SSL_aDSS, 1401 .algorithm_enc = SSL_AES256GCM, 1402 .algorithm_mac = SSL_AEAD, 1403 .algorithm_ssl = SSL_TLSV1_2, 1404 .algo_strength = SSL_HIGH, 1405 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1406 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1407 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1408 .strength_bits = 256, 1409 .alg_bits = 256, 1410 }, 1411 1412 /* Cipher A4 */ 1413 { 1414 .valid = 0, 1415 .name = TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1416 .id = TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1417 .algorithm_mkey = SSL_kDHd, 1418 .algorithm_auth = SSL_aDH, 1419 .algorithm_enc = SSL_AES128GCM, 1420 .algorithm_mac = SSL_AEAD, 1421 .algorithm_ssl = SSL_TLSV1_2, 1422 .algo_strength = SSL_HIGH, 1423 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1424 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1425 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1426 .strength_bits = 128, 1427 .alg_bits = 128, 1428 }, 1429 1430 /* Cipher A5 */ 1431 { 1432 .valid = 0, 1433 .name = TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1434 .id = TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1435 .algorithm_mkey = SSL_kDHd, 1436 .algorithm_auth = SSL_aDH, 1437 .algorithm_enc = SSL_AES256GCM, 1438 .algorithm_mac = SSL_AEAD, 1439 .algorithm_ssl = SSL_TLSV1_2, 1440 .algo_strength = SSL_HIGH, 1441 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1442 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1443 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1444 .strength_bits = 256, 1445 .alg_bits = 256, 1446 }, 1447 1448 /* Cipher A6 */ 1449 { 1450 .valid = 1, 1451 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1452 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1453 .algorithm_mkey = SSL_kDHE, 1454 .algorithm_auth = SSL_aNULL, 1455 .algorithm_enc = SSL_AES128GCM, 1456 .algorithm_mac = SSL_AEAD, 1457 .algorithm_ssl = SSL_TLSV1_2, 1458 .algo_strength = SSL_HIGH, 1459 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1460 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1461 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1462 .strength_bits = 128, 1463 .alg_bits = 128, 1464 }, 1465 1466 /* Cipher A7 */ 1467 { 1468 .valid = 1, 1469 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 1470 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 1471 .algorithm_mkey = SSL_kDHE, 1472 .algorithm_auth = SSL_aNULL, 1473 .algorithm_enc = SSL_AES256GCM, 1474 .algorithm_mac = SSL_AEAD, 1475 .algorithm_ssl = SSL_TLSV1_2, 1476 .algo_strength = SSL_HIGH, 1477 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1478 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1479 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1480 .strength_bits = 256, 1481 .alg_bits = 256, 1482 }, 1483 1484 /* Cipher C001 */ 1485 { 1486 .valid = 1, 1487 .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 1488 .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 1489 .algorithm_mkey = SSL_kECDHe, 1490 .algorithm_auth = SSL_aECDH, 1491 .algorithm_enc = SSL_eNULL, 1492 .algorithm_mac = SSL_SHA1, 1493 .algorithm_ssl = SSL_TLSV1, 1494 .algo_strength = SSL_STRONG_NONE, 1495 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1496 .strength_bits = 0, 1497 .alg_bits = 0, 1498 }, 1499 1500 /* Cipher C002 */ 1501 { 1502 .valid = 1, 1503 .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 1504 .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 1505 .algorithm_mkey = SSL_kECDHe, 1506 .algorithm_auth = SSL_aECDH, 1507 .algorithm_enc = SSL_RC4, 1508 .algorithm_mac = SSL_SHA1, 1509 .algorithm_ssl = SSL_TLSV1, 1510 .algo_strength = SSL_MEDIUM, 1511 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1512 .strength_bits = 128, 1513 .alg_bits = 128, 1514 }, 1515 1516 /* Cipher C003 */ 1517 { 1518 .valid = 1, 1519 .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1520 .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1521 .algorithm_mkey = SSL_kECDHe, 1522 .algorithm_auth = SSL_aECDH, 1523 .algorithm_enc = SSL_3DES, 1524 .algorithm_mac = SSL_SHA1, 1525 .algorithm_ssl = SSL_TLSV1, 1526 .algo_strength = SSL_HIGH, 1527 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1528 .strength_bits = 112, 1529 .alg_bits = 168, 1530 }, 1531 1532 /* Cipher C004 */ 1533 { 1534 .valid = 1, 1535 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1536 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1537 .algorithm_mkey = SSL_kECDHe, 1538 .algorithm_auth = SSL_aECDH, 1539 .algorithm_enc = SSL_AES128, 1540 .algorithm_mac = SSL_SHA1, 1541 .algorithm_ssl = SSL_TLSV1, 1542 .algo_strength = SSL_HIGH, 1543 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1544 .strength_bits = 128, 1545 .alg_bits = 128, 1546 }, 1547 1548 /* Cipher C005 */ 1549 { 1550 .valid = 1, 1551 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1552 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1553 .algorithm_mkey = SSL_kECDHe, 1554 .algorithm_auth = SSL_aECDH, 1555 .algorithm_enc = SSL_AES256, 1556 .algorithm_mac = SSL_SHA1, 1557 .algorithm_ssl = SSL_TLSV1, 1558 .algo_strength = SSL_HIGH, 1559 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1560 .strength_bits = 256, 1561 .alg_bits = 256, 1562 }, 1563 1564 /* Cipher C006 */ 1565 { 1566 .valid = 1, 1567 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1568 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1569 .algorithm_mkey = SSL_kECDHE, 1570 .algorithm_auth = SSL_aECDSA, 1571 .algorithm_enc = SSL_eNULL, 1572 .algorithm_mac = SSL_SHA1, 1573 .algorithm_ssl = SSL_TLSV1, 1574 .algo_strength = SSL_STRONG_NONE, 1575 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1576 .strength_bits = 0, 1577 .alg_bits = 0, 1578 }, 1579 1580 /* Cipher C007 */ 1581 { 1582 .valid = 1, 1583 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1584 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1585 .algorithm_mkey = SSL_kECDHE, 1586 .algorithm_auth = SSL_aECDSA, 1587 .algorithm_enc = SSL_RC4, 1588 .algorithm_mac = SSL_SHA1, 1589 .algorithm_ssl = SSL_TLSV1, 1590 .algo_strength = SSL_MEDIUM, 1591 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1592 .strength_bits = 128, 1593 .alg_bits = 128, 1594 }, 1595 1596 /* Cipher C008 */ 1597 { 1598 .valid = 1, 1599 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1600 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1601 .algorithm_mkey = SSL_kECDHE, 1602 .algorithm_auth = SSL_aECDSA, 1603 .algorithm_enc = SSL_3DES, 1604 .algorithm_mac = SSL_SHA1, 1605 .algorithm_ssl = SSL_TLSV1, 1606 .algo_strength = SSL_HIGH, 1607 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1608 .strength_bits = 112, 1609 .alg_bits = 168, 1610 }, 1611 1612 /* Cipher C009 */ 1613 { 1614 .valid = 1, 1615 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1616 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1617 .algorithm_mkey = SSL_kECDHE, 1618 .algorithm_auth = SSL_aECDSA, 1619 .algorithm_enc = SSL_AES128, 1620 .algorithm_mac = SSL_SHA1, 1621 .algorithm_ssl = SSL_TLSV1, 1622 .algo_strength = SSL_HIGH, 1623 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1624 .strength_bits = 128, 1625 .alg_bits = 128, 1626 }, 1627 1628 /* Cipher C00A */ 1629 { 1630 .valid = 1, 1631 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1632 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1633 .algorithm_mkey = SSL_kECDHE, 1634 .algorithm_auth = SSL_aECDSA, 1635 .algorithm_enc = SSL_AES256, 1636 .algorithm_mac = SSL_SHA1, 1637 .algorithm_ssl = SSL_TLSV1, 1638 .algo_strength = SSL_HIGH, 1639 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1640 .strength_bits = 256, 1641 .alg_bits = 256, 1642 }, 1643 1644 /* Cipher C00B */ 1645 { 1646 .valid = 1, 1647 .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 1648 .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 1649 .algorithm_mkey = SSL_kECDHr, 1650 .algorithm_auth = SSL_aECDH, 1651 .algorithm_enc = SSL_eNULL, 1652 .algorithm_mac = SSL_SHA1, 1653 .algorithm_ssl = SSL_TLSV1, 1654 .algo_strength = SSL_STRONG_NONE, 1655 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1656 .strength_bits = 0, 1657 .alg_bits = 0, 1658 }, 1659 1660 /* Cipher C00C */ 1661 { 1662 .valid = 1, 1663 .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 1664 .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 1665 .algorithm_mkey = SSL_kECDHr, 1666 .algorithm_auth = SSL_aECDH, 1667 .algorithm_enc = SSL_RC4, 1668 .algorithm_mac = SSL_SHA1, 1669 .algorithm_ssl = SSL_TLSV1, 1670 .algo_strength = SSL_MEDIUM, 1671 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1672 .strength_bits = 128, 1673 .alg_bits = 128, 1674 }, 1675 1676 /* Cipher C00D */ 1677 { 1678 .valid = 1, 1679 .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1680 .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1681 .algorithm_mkey = SSL_kECDHr, 1682 .algorithm_auth = SSL_aECDH, 1683 .algorithm_enc = SSL_3DES, 1684 .algorithm_mac = SSL_SHA1, 1685 .algorithm_ssl = SSL_TLSV1, 1686 .algo_strength = SSL_HIGH, 1687 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1688 .strength_bits = 112, 1689 .alg_bits = 168, 1690 }, 1691 1692 /* Cipher C00E */ 1693 { 1694 .valid = 1, 1695 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 1696 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 1697 .algorithm_mkey = SSL_kECDHr, 1698 .algorithm_auth = SSL_aECDH, 1699 .algorithm_enc = SSL_AES128, 1700 .algorithm_mac = SSL_SHA1, 1701 .algorithm_ssl = SSL_TLSV1, 1702 .algo_strength = SSL_HIGH, 1703 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1704 .strength_bits = 128, 1705 .alg_bits = 128, 1706 }, 1707 1708 /* Cipher C00F */ 1709 { 1710 .valid = 1, 1711 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 1712 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 1713 .algorithm_mkey = SSL_kECDHr, 1714 .algorithm_auth = SSL_aECDH, 1715 .algorithm_enc = SSL_AES256, 1716 .algorithm_mac = SSL_SHA1, 1717 .algorithm_ssl = SSL_TLSV1, 1718 .algo_strength = SSL_HIGH, 1719 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1720 .strength_bits = 256, 1721 .alg_bits = 256, 1722 }, 1723 1724 /* Cipher C010 */ 1725 { 1726 .valid = 1, 1727 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1728 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1729 .algorithm_mkey = SSL_kECDHE, 1730 .algorithm_auth = SSL_aRSA, 1731 .algorithm_enc = SSL_eNULL, 1732 .algorithm_mac = SSL_SHA1, 1733 .algorithm_ssl = SSL_TLSV1, 1734 .algo_strength = SSL_STRONG_NONE, 1735 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1736 .strength_bits = 0, 1737 .alg_bits = 0, 1738 }, 1739 1740 /* Cipher C011 */ 1741 { 1742 .valid = 1, 1743 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1744 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1745 .algorithm_mkey = SSL_kECDHE, 1746 .algorithm_auth = SSL_aRSA, 1747 .algorithm_enc = SSL_RC4, 1748 .algorithm_mac = SSL_SHA1, 1749 .algorithm_ssl = SSL_TLSV1, 1750 .algo_strength = SSL_MEDIUM, 1751 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1752 .strength_bits = 128, 1753 .alg_bits = 128, 1754 }, 1755 1756 /* Cipher C012 */ 1757 { 1758 .valid = 1, 1759 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1760 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1761 .algorithm_mkey = SSL_kECDHE, 1762 .algorithm_auth = SSL_aRSA, 1763 .algorithm_enc = SSL_3DES, 1764 .algorithm_mac = SSL_SHA1, 1765 .algorithm_ssl = SSL_TLSV1, 1766 .algo_strength = SSL_HIGH, 1767 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1768 .strength_bits = 112, 1769 .alg_bits = 168, 1770 }, 1771 1772 /* Cipher C013 */ 1773 { 1774 .valid = 1, 1775 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1776 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1777 .algorithm_mkey = SSL_kECDHE, 1778 .algorithm_auth = SSL_aRSA, 1779 .algorithm_enc = SSL_AES128, 1780 .algorithm_mac = SSL_SHA1, 1781 .algorithm_ssl = SSL_TLSV1, 1782 .algo_strength = SSL_HIGH, 1783 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1784 .strength_bits = 128, 1785 .alg_bits = 128, 1786 }, 1787 1788 /* Cipher C014 */ 1789 { 1790 .valid = 1, 1791 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1792 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1793 .algorithm_mkey = SSL_kECDHE, 1794 .algorithm_auth = SSL_aRSA, 1795 .algorithm_enc = SSL_AES256, 1796 .algorithm_mac = SSL_SHA1, 1797 .algorithm_ssl = SSL_TLSV1, 1798 .algo_strength = SSL_HIGH, 1799 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1800 .strength_bits = 256, 1801 .alg_bits = 256, 1802 }, 1803 1804 /* Cipher C015 */ 1805 { 1806 .valid = 1, 1807 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1808 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1809 .algorithm_mkey = SSL_kECDHE, 1810 .algorithm_auth = SSL_aNULL, 1811 .algorithm_enc = SSL_eNULL, 1812 .algorithm_mac = SSL_SHA1, 1813 .algorithm_ssl = SSL_TLSV1, 1814 .algo_strength = SSL_STRONG_NONE, 1815 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1816 .strength_bits = 0, 1817 .alg_bits = 0, 1818 }, 1819 1820 /* Cipher C016 */ 1821 { 1822 .valid = 1, 1823 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1824 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1825 .algorithm_mkey = SSL_kECDHE, 1826 .algorithm_auth = SSL_aNULL, 1827 .algorithm_enc = SSL_RC4, 1828 .algorithm_mac = SSL_SHA1, 1829 .algorithm_ssl = SSL_TLSV1, 1830 .algo_strength = SSL_MEDIUM, 1831 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1832 .strength_bits = 128, 1833 .alg_bits = 128, 1834 }, 1835 1836 /* Cipher C017 */ 1837 { 1838 .valid = 1, 1839 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1840 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1841 .algorithm_mkey = SSL_kECDHE, 1842 .algorithm_auth = SSL_aNULL, 1843 .algorithm_enc = SSL_3DES, 1844 .algorithm_mac = SSL_SHA1, 1845 .algorithm_ssl = SSL_TLSV1, 1846 .algo_strength = SSL_HIGH, 1847 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1848 .strength_bits = 112, 1849 .alg_bits = 168, 1850 }, 1851 1852 /* Cipher C018 */ 1853 { 1854 .valid = 1, 1855 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1856 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1857 .algorithm_mkey = SSL_kECDHE, 1858 .algorithm_auth = SSL_aNULL, 1859 .algorithm_enc = SSL_AES128, 1860 .algorithm_mac = SSL_SHA1, 1861 .algorithm_ssl = SSL_TLSV1, 1862 .algo_strength = SSL_HIGH, 1863 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1864 .strength_bits = 128, 1865 .alg_bits = 128, 1866 }, 1867 1868 /* Cipher C019 */ 1869 { 1870 .valid = 1, 1871 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1872 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1873 .algorithm_mkey = SSL_kECDHE, 1874 .algorithm_auth = SSL_aNULL, 1875 .algorithm_enc = SSL_AES256, 1876 .algorithm_mac = SSL_SHA1, 1877 .algorithm_ssl = SSL_TLSV1, 1878 .algo_strength = SSL_HIGH, 1879 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1880 .strength_bits = 256, 1881 .alg_bits = 256, 1882 }, 1883 1884 1885 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 1886 1887 /* Cipher C023 */ 1888 { 1889 .valid = 1, 1890 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1891 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1892 .algorithm_mkey = SSL_kECDHE, 1893 .algorithm_auth = SSL_aECDSA, 1894 .algorithm_enc = SSL_AES128, 1895 .algorithm_mac = SSL_SHA256, 1896 .algorithm_ssl = SSL_TLSV1_2, 1897 .algo_strength = SSL_HIGH, 1898 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1899 .strength_bits = 128, 1900 .alg_bits = 128, 1901 }, 1902 1903 /* Cipher C024 */ 1904 { 1905 .valid = 1, 1906 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1907 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1908 .algorithm_mkey = SSL_kECDHE, 1909 .algorithm_auth = SSL_aECDSA, 1910 .algorithm_enc = SSL_AES256, 1911 .algorithm_mac = SSL_SHA384, 1912 .algorithm_ssl = SSL_TLSV1_2, 1913 .algo_strength = SSL_HIGH, 1914 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1915 .strength_bits = 256, 1916 .alg_bits = 256, 1917 }, 1918 1919 /* Cipher C025 */ 1920 { 1921 .valid = 1, 1922 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 1923 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 1924 .algorithm_mkey = SSL_kECDHe, 1925 .algorithm_auth = SSL_aECDH, 1926 .algorithm_enc = SSL_AES128, 1927 .algorithm_mac = SSL_SHA256, 1928 .algorithm_ssl = SSL_TLSV1_2, 1929 .algo_strength = SSL_HIGH, 1930 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1931 .strength_bits = 128, 1932 .alg_bits = 128, 1933 }, 1934 1935 /* Cipher C026 */ 1936 { 1937 .valid = 1, 1938 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 1939 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 1940 .algorithm_mkey = SSL_kECDHe, 1941 .algorithm_auth = SSL_aECDH, 1942 .algorithm_enc = SSL_AES256, 1943 .algorithm_mac = SSL_SHA384, 1944 .algorithm_ssl = SSL_TLSV1_2, 1945 .algo_strength = SSL_HIGH, 1946 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1947 .strength_bits = 256, 1948 .alg_bits = 256, 1949 }, 1950 1951 /* Cipher C027 */ 1952 { 1953 .valid = 1, 1954 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1955 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1956 .algorithm_mkey = SSL_kECDHE, 1957 .algorithm_auth = SSL_aRSA, 1958 .algorithm_enc = SSL_AES128, 1959 .algorithm_mac = SSL_SHA256, 1960 .algorithm_ssl = SSL_TLSV1_2, 1961 .algo_strength = SSL_HIGH, 1962 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1963 .strength_bits = 128, 1964 .alg_bits = 128, 1965 }, 1966 1967 /* Cipher C028 */ 1968 { 1969 .valid = 1, 1970 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1971 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 1972 .algorithm_mkey = SSL_kECDHE, 1973 .algorithm_auth = SSL_aRSA, 1974 .algorithm_enc = SSL_AES256, 1975 .algorithm_mac = SSL_SHA384, 1976 .algorithm_ssl = SSL_TLSV1_2, 1977 .algo_strength = SSL_HIGH, 1978 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1979 .strength_bits = 256, 1980 .alg_bits = 256, 1981 }, 1982 1983 /* Cipher C029 */ 1984 { 1985 .valid = 1, 1986 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 1987 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 1988 .algorithm_mkey = SSL_kECDHr, 1989 .algorithm_auth = SSL_aECDH, 1990 .algorithm_enc = SSL_AES128, 1991 .algorithm_mac = SSL_SHA256, 1992 .algorithm_ssl = SSL_TLSV1_2, 1993 .algo_strength = SSL_HIGH, 1994 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1995 .strength_bits = 128, 1996 .alg_bits = 128, 1997 }, 1998 1999 /* Cipher C02A */ 2000 { 2001 .valid = 1, 2002 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2003 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2004 .algorithm_mkey = SSL_kECDHr, 2005 .algorithm_auth = SSL_aECDH, 2006 .algorithm_enc = SSL_AES256, 2007 .algorithm_mac = SSL_SHA384, 2008 .algorithm_ssl = SSL_TLSV1_2, 2009 .algo_strength = SSL_HIGH, 2010 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2011 .strength_bits = 256, 2012 .alg_bits = 256, 2013 }, 2014 2015 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2016 2017 /* Cipher C02B */ 2018 { 2019 .valid = 1, 2020 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2021 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2022 .algorithm_mkey = SSL_kECDHE, 2023 .algorithm_auth = SSL_aECDSA, 2024 .algorithm_enc = SSL_AES128GCM, 2025 .algorithm_mac = SSL_AEAD, 2026 .algorithm_ssl = SSL_TLSV1_2, 2027 .algo_strength = SSL_HIGH, 2028 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 2029 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 2030 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 2031 .strength_bits = 128, 2032 .alg_bits = 128, 2033 }, 2034 2035 /* Cipher C02C */ 2036 { 2037 .valid = 1, 2038 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2039 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2040 .algorithm_mkey = SSL_kECDHE, 2041 .algorithm_auth = SSL_aECDSA, 2042 .algorithm_enc = SSL_AES256GCM, 2043 .algorithm_mac = SSL_AEAD, 2044 .algorithm_ssl = SSL_TLSV1_2, 2045 .algo_strength = SSL_HIGH, 2046 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 2047 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 2048 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 2049 .strength_bits = 256, 2050 .alg_bits = 256, 2051 }, 2052 2053 /* Cipher C02D */ 2054 { 2055 .valid = 1, 2056 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2057 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2058 .algorithm_mkey = SSL_kECDHe, 2059 .algorithm_auth = SSL_aECDH, 2060 .algorithm_enc = SSL_AES128GCM, 2061 .algorithm_mac = SSL_AEAD, 2062 .algorithm_ssl = SSL_TLSV1_2, 2063 .algo_strength = SSL_HIGH, 2064 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 2065 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 2066 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 2067 .strength_bits = 128, 2068 .alg_bits = 128, 2069 }, 2070 2071 /* Cipher C02E */ 2072 { 2073 .valid = 1, 2074 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2075 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2076 .algorithm_mkey = SSL_kECDHe, 2077 .algorithm_auth = SSL_aECDH, 2078 .algorithm_enc = SSL_AES256GCM, 2079 .algorithm_mac = SSL_AEAD, 2080 .algorithm_ssl = SSL_TLSV1_2, 2081 .algo_strength = SSL_HIGH, 2082 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 2083 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 2084 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 2085 .strength_bits = 256, 2086 .alg_bits = 256, 2087 }, 2088 2089 /* Cipher C02F */ 2090 { 2091 .valid = 1, 2092 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2093 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2094 .algorithm_mkey = SSL_kECDHE, 2095 .algorithm_auth = SSL_aRSA, 2096 .algorithm_enc = SSL_AES128GCM, 2097 .algorithm_mac = SSL_AEAD, 2098 .algorithm_ssl = SSL_TLSV1_2, 2099 .algo_strength = SSL_HIGH, 2100 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 2101 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 2102 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 2103 .strength_bits = 128, 2104 .alg_bits = 128, 2105 }, 2106 2107 /* Cipher C030 */ 2108 { 2109 .valid = 1, 2110 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2111 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2112 .algorithm_mkey = SSL_kECDHE, 2113 .algorithm_auth = SSL_aRSA, 2114 .algorithm_enc = SSL_AES256GCM, 2115 .algorithm_mac = SSL_AEAD, 2116 .algorithm_ssl = SSL_TLSV1_2, 2117 .algo_strength = SSL_HIGH, 2118 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 2119 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 2120 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 2121 .strength_bits = 256, 2122 .alg_bits = 256, 2123 }, 2124 2125 /* Cipher C031 */ 2126 { 2127 .valid = 1, 2128 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2129 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2130 .algorithm_mkey = SSL_kECDHr, 2131 .algorithm_auth = SSL_aECDH, 2132 .algorithm_enc = SSL_AES128GCM, 2133 .algorithm_mac = SSL_AEAD, 2134 .algorithm_ssl = SSL_TLSV1_2, 2135 .algo_strength = SSL_HIGH, 2136 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 2137 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 2138 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 2139 .strength_bits = 128, 2140 .alg_bits = 128, 2141 }, 2142 2143 /* Cipher C032 */ 2144 { 2145 .valid = 1, 2146 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2147 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2148 .algorithm_mkey = SSL_kECDHr, 2149 .algorithm_auth = SSL_aECDH, 2150 .algorithm_enc = SSL_AES256GCM, 2151 .algorithm_mac = SSL_AEAD, 2152 .algorithm_ssl = SSL_TLSV1_2, 2153 .algo_strength = SSL_HIGH, 2154 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 2155 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 2156 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 2157 .strength_bits = 256, 2158 .alg_bits = 256, 2159 }, 2160 2161 #ifdef TEMP_GOST_TLS 2162 /* Cipher FF00 */ 2163 { 2164 .valid = 1, 2165 .name = "GOST-MD5", 2166 .id = 0x0300ff00, 2167 .algorithm_mkey = SSL_kRSA, 2168 .algorithm_auth = SSL_aRSA, 2169 .algorithm_enc = SSL_eGOST2814789CNT, 2170 .algorithm_mac = SSL_MD5, 2171 .algorithm_ssl = SSL_TLSV1, 2172 .algo_strength = SSL_HIGH, 2173 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2174 .strength_bits = 256, 2175 .alg_bits = 256, 2176 }, 2177 { 2178 .valid = 1, 2179 .name = "GOST-GOST94", 2180 .id = 0x0300ff01, 2181 .algorithm_mkey = SSL_kRSA, 2182 .algorithm_auth = SSL_aRSA, 2183 .algorithm_enc = SSL_eGOST2814789CNT, 2184 .algorithm_mac = SSL_GOST94, 2185 .algorithm_ssl = SSL_TLSV1, 2186 .algo_strength = SSL_HIGH, 2187 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2188 .strength_bits = 256, 2189 .alg_bits = 256 2190 }, 2191 { 2192 .valid = 1, 2193 .name = "GOST-GOST89MAC", 2194 .id = 0x0300ff02, 2195 .algorithm_mkey = SSL_kRSA, 2196 .algorithm_auth = SSL_aRSA, 2197 .algorithm_enc = SSL_eGOST2814789CNT, 2198 .algorithm_mac = SSL_GOST89MAC, 2199 .algorithm_ssl = SSL_TLSV1, 2200 .algo_strength = SSL_HIGH, 2201 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2202 .strength_bits = 256, 2203 .alg_bits = 256 2204 }, 2205 { 2206 .valid = 1, 2207 .name = "GOST-GOST89STREAM", 2208 .id = 0x0300ff03, 2209 .algorithm_mkey = SSL_kRSA, 2210 .algorithm_auth = SSL_aRSA, 2211 .algorithm_enc = SSL_eGOST2814789CNT, 2212 .algorithm_mac = SSL_GOST89MAC, 2213 .algorithm_ssl = SSL_TLSV1, 2214 .algo_strength = SSL_HIGH, 2215 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF| 2216 TLS1_STREAM_MAC, 2217 .strength_bits = 256, 2218 .alg_bits = 256 2219 }, 2220 #endif 2221 2222 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 2223 { 2224 .valid = 1, 2225 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 2226 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 2227 .algorithm_mkey = SSL_kECDHE, 2228 .algorithm_auth = SSL_aRSA, 2229 .algorithm_enc = SSL_CHACHA20POLY1305, 2230 .algorithm_mac = SSL_AEAD, 2231 .algorithm_ssl = SSL_TLSV1_2, 2232 .algo_strength = SSL_HIGH, 2233 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 2234 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 2235 .strength_bits = 256, 2236 .alg_bits = 0, 2237 }, 2238 2239 { 2240 .valid = 1, 2241 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 2242 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 2243 .algorithm_mkey = SSL_kECDHE, 2244 .algorithm_auth = SSL_aECDSA, 2245 .algorithm_enc = SSL_CHACHA20POLY1305, 2246 .algorithm_mac = SSL_AEAD, 2247 .algorithm_ssl = SSL_TLSV1_2, 2248 .algo_strength = SSL_HIGH, 2249 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 2250 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 2251 .strength_bits = 256, 2252 .alg_bits = 0, 2253 }, 2254 2255 { 2256 .valid = 1, 2257 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 2258 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, 2259 .algorithm_mkey = SSL_kDHE, 2260 .algorithm_auth = SSL_aRSA, 2261 .algorithm_enc = SSL_CHACHA20POLY1305, 2262 .algorithm_mac = SSL_AEAD, 2263 .algorithm_ssl = SSL_TLSV1_2, 2264 .algo_strength = SSL_HIGH, 2265 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 2266 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 2267 .strength_bits = 256, 2268 .alg_bits = 0, 2269 }, 2270 #endif 2271 2272 /* end of list */ 2273 }; 2274 2275 SSL3_ENC_METHOD SSLv3_enc_data = { 2276 .enc = ssl3_enc, 2277 .mac = n_ssl3_mac, 2278 .setup_key_block = ssl3_setup_key_block, 2279 .generate_master_secret = ssl3_generate_master_secret, 2280 .change_cipher_state = ssl3_change_cipher_state, 2281 .final_finish_mac = ssl3_final_finish_mac, 2282 .finish_mac_length = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 2283 .cert_verify_mac = ssl3_cert_verify_mac, 2284 .client_finished_label = SSL3_MD_CLIENT_FINISHED_CONST, 2285 .client_finished_label_len = 4, 2286 .server_finished_label = SSL3_MD_SERVER_FINISHED_CONST, 2287 .server_finished_label_len = 4, 2288 .alert_value = ssl3_alert_code, 2289 .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, 2290 const char *, size_t, const unsigned char *, size_t, 2291 int use_context))ssl_undefined_function, 2292 .enc_flags = 0, 2293 }; 2294 2295 long 2296 ssl3_default_timeout(void) 2297 { 2298 /* 2299 * 2 hours, the 24 hours mentioned in the SSLv3 spec 2300 * is way too long for http, the cache would over fill 2301 */ 2302 return (60 * 60 * 2); 2303 } 2304 2305 int 2306 ssl3_num_ciphers(void) 2307 { 2308 return (SSL3_NUM_CIPHERS); 2309 } 2310 2311 const SSL_CIPHER * 2312 ssl3_get_cipher(unsigned int u) 2313 { 2314 if (u < SSL3_NUM_CIPHERS) 2315 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); 2316 else 2317 return (NULL); 2318 } 2319 2320 int 2321 ssl3_pending(const SSL *s) 2322 { 2323 if (s->rstate == SSL_ST_READ_BODY) 2324 return 0; 2325 2326 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? 2327 s->s3->rrec.length : 0; 2328 } 2329 2330 int 2331 ssl3_new(SSL *s) 2332 { 2333 SSL3_STATE *s3; 2334 2335 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2336 goto err; 2337 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2338 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 2339 2340 s->s3 = s3; 2341 2342 s->method->ssl_clear(s); 2343 return (1); 2344 err: 2345 return (0); 2346 } 2347 2348 void 2349 ssl3_free(SSL *s) 2350 { 2351 if (s == NULL) 2352 return; 2353 2354 ssl3_cleanup_key_block(s); 2355 ssl3_release_read_buffer(s); 2356 ssl3_release_write_buffer(s); 2357 2358 DH_free(s->s3->tmp.dh); 2359 EC_KEY_free(s->s3->tmp.ecdh); 2360 2361 if (s->s3->tmp.ca_names != NULL) 2362 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2363 BIO_free(s->s3->handshake_buffer); 2364 ssl3_free_digest_list(s); 2365 OPENSSL_cleanse(s->s3, sizeof *s->s3); 2366 free(s->s3); 2367 s->s3 = NULL; 2368 } 2369 2370 void 2371 ssl3_clear(SSL *s) 2372 { 2373 unsigned char *rp, *wp; 2374 size_t rlen, wlen; 2375 int init_extra; 2376 2377 ssl3_cleanup_key_block(s); 2378 if (s->s3->tmp.ca_names != NULL) 2379 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2380 2381 DH_free(s->s3->tmp.dh); 2382 s->s3->tmp.dh = NULL; 2383 EC_KEY_free(s->s3->tmp.ecdh); 2384 s->s3->tmp.ecdh = NULL; 2385 2386 s->s3->is_probably_safari = 0; 2387 2388 rp = s->s3->rbuf.buf; 2389 wp = s->s3->wbuf.buf; 2390 rlen = s->s3->rbuf.len; 2391 wlen = s->s3->wbuf.len; 2392 init_extra = s->s3->init_extra; 2393 2394 BIO_free(s->s3->handshake_buffer); 2395 s->s3->handshake_buffer = NULL; 2396 2397 ssl3_free_digest_list(s); 2398 2399 memset(s->s3, 0, sizeof *s->s3); 2400 s->s3->rbuf.buf = rp; 2401 s->s3->wbuf.buf = wp; 2402 s->s3->rbuf.len = rlen; 2403 s->s3->wbuf.len = wlen; 2404 s->s3->init_extra = init_extra; 2405 2406 ssl_free_wbio_buffer(s); 2407 2408 s->packet_length = 0; 2409 s->s3->renegotiate = 0; 2410 s->s3->total_renegotiations = 0; 2411 s->s3->num_renegotiations = 0; 2412 s->s3->in_read_app_data = 0; 2413 s->version = SSL3_VERSION; 2414 2415 #ifndef OPENSSL_NO_NEXTPROTONEG 2416 free(s->next_proto_negotiated); 2417 s->next_proto_negotiated = NULL; 2418 s->next_proto_negotiated_len = 0; 2419 #endif 2420 } 2421 2422 2423 long 2424 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 2425 { 2426 int ret = 0; 2427 2428 if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || 2429 cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 2430 if (!ssl_cert_inst(&s->cert)) { 2431 SSLerr(SSL_F_SSL3_CTRL, 2432 ERR_R_MALLOC_FAILURE); 2433 return (0); 2434 } 2435 } 2436 2437 switch (cmd) { 2438 case SSL_CTRL_GET_SESSION_REUSED: 2439 ret = s->hit; 2440 break; 2441 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 2442 break; 2443 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 2444 ret = s->s3->num_renegotiations; 2445 break; 2446 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 2447 ret = s->s3->num_renegotiations; 2448 s->s3->num_renegotiations = 0; 2449 break; 2450 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 2451 ret = s->s3->total_renegotiations; 2452 break; 2453 case SSL_CTRL_GET_FLAGS: 2454 ret = (int)(s->s3->flags); 2455 break; 2456 case SSL_CTRL_NEED_TMP_RSA: 2457 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 2458 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 2459 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) 2460 > (512 / 8)))) 2461 ret = 1; 2462 break; 2463 case SSL_CTRL_SET_TMP_RSA: 2464 { 2465 RSA *rsa = (RSA *)parg; 2466 if (rsa == NULL) { 2467 SSLerr(SSL_F_SSL3_CTRL, 2468 ERR_R_PASSED_NULL_PARAMETER); 2469 return (ret); 2470 } 2471 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { 2472 SSLerr(SSL_F_SSL3_CTRL, 2473 ERR_R_RSA_LIB); 2474 return (ret); 2475 } 2476 RSA_free(s->cert->rsa_tmp); 2477 s->cert->rsa_tmp = rsa; 2478 ret = 1; 2479 } 2480 break; 2481 case SSL_CTRL_SET_TMP_RSA_CB: 2482 { 2483 SSLerr(SSL_F_SSL3_CTRL, 2484 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2485 return (ret); 2486 } 2487 break; 2488 case SSL_CTRL_SET_TMP_DH: 2489 { 2490 DH *dh = (DH *)parg; 2491 if (dh == NULL) { 2492 SSLerr(SSL_F_SSL3_CTRL, 2493 ERR_R_PASSED_NULL_PARAMETER); 2494 return (ret); 2495 } 2496 if ((dh = DHparams_dup(dh)) == NULL) { 2497 SSLerr(SSL_F_SSL3_CTRL, 2498 ERR_R_DH_LIB); 2499 return (ret); 2500 } 2501 if (!(s->options & SSL_OP_SINGLE_DH_USE)) { 2502 if (!DH_generate_key(dh)) { 2503 DH_free(dh); 2504 SSLerr(SSL_F_SSL3_CTRL, 2505 ERR_R_DH_LIB); 2506 return (ret); 2507 } 2508 } 2509 DH_free(s->cert->dh_tmp); 2510 s->cert->dh_tmp = dh; 2511 ret = 1; 2512 } 2513 break; 2514 case SSL_CTRL_SET_TMP_DH_CB: 2515 { 2516 SSLerr(SSL_F_SSL3_CTRL, 2517 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2518 return (ret); 2519 } 2520 break; 2521 case SSL_CTRL_SET_TMP_ECDH: 2522 { 2523 EC_KEY *ecdh = NULL; 2524 2525 if (parg == NULL) { 2526 SSLerr(SSL_F_SSL3_CTRL, 2527 ERR_R_PASSED_NULL_PARAMETER); 2528 return (ret); 2529 } 2530 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 2531 SSLerr(SSL_F_SSL3_CTRL, 2532 ERR_R_ECDH_LIB); 2533 return (ret); 2534 } 2535 ecdh = (EC_KEY *)parg; 2536 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 2537 if (!EC_KEY_generate_key(ecdh)) { 2538 EC_KEY_free(ecdh); 2539 SSLerr(SSL_F_SSL3_CTRL, 2540 ERR_R_ECDH_LIB); 2541 return (ret); 2542 } 2543 } 2544 EC_KEY_free(s->cert->ecdh_tmp); 2545 s->cert->ecdh_tmp = ecdh; 2546 ret = 1; 2547 } 2548 break; 2549 case SSL_CTRL_SET_TMP_ECDH_CB: 2550 { 2551 SSLerr(SSL_F_SSL3_CTRL, 2552 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2553 return (ret); 2554 } 2555 break; 2556 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2557 if (larg == TLSEXT_NAMETYPE_host_name) { 2558 free(s->tlsext_hostname); 2559 s->tlsext_hostname = NULL; 2560 2561 ret = 1; 2562 if (parg == NULL) 2563 break; 2564 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 2565 SSLerr(SSL_F_SSL3_CTRL, 2566 SSL_R_SSL3_EXT_INVALID_SERVERNAME); 2567 return 0; 2568 } 2569 if ((s->tlsext_hostname = strdup((char *)parg)) 2570 == NULL) { 2571 SSLerr(SSL_F_SSL3_CTRL, 2572 ERR_R_INTERNAL_ERROR); 2573 return 0; 2574 } 2575 } else { 2576 SSLerr(SSL_F_SSL3_CTRL, 2577 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 2578 return 0; 2579 } 2580 break; 2581 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 2582 s->tlsext_debug_arg = parg; 2583 ret = 1; 2584 break; 2585 2586 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2587 s->tlsext_status_type = larg; 2588 ret = 1; 2589 break; 2590 2591 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 2592 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 2593 ret = 1; 2594 break; 2595 2596 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 2597 s->tlsext_ocsp_exts = parg; 2598 ret = 1; 2599 break; 2600 2601 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 2602 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 2603 ret = 1; 2604 break; 2605 2606 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 2607 s->tlsext_ocsp_ids = parg; 2608 ret = 1; 2609 break; 2610 2611 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 2612 *(unsigned char **)parg = s->tlsext_ocsp_resp; 2613 return s->tlsext_ocsp_resplen; 2614 2615 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2616 free(s->tlsext_ocsp_resp); 2617 s->tlsext_ocsp_resp = parg; 2618 s->tlsext_ocsp_resplen = larg; 2619 ret = 1; 2620 break; 2621 2622 default: 2623 break; 2624 } 2625 return (ret); 2626 } 2627 2628 long 2629 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 2630 { 2631 int ret = 0; 2632 2633 if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { 2634 if (!ssl_cert_inst(&s->cert)) { 2635 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, 2636 ERR_R_MALLOC_FAILURE); 2637 return (0); 2638 } 2639 } 2640 2641 switch (cmd) { 2642 case SSL_CTRL_SET_TMP_RSA_CB: 2643 { 2644 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 2645 } 2646 break; 2647 case SSL_CTRL_SET_TMP_DH_CB: 2648 { 2649 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2650 } 2651 break; 2652 case SSL_CTRL_SET_TMP_ECDH_CB: 2653 { 2654 s->cert->ecdh_tmp_cb = 2655 (EC_KEY *(*)(SSL *, int, int))fp; 2656 } 2657 break; 2658 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2659 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 2660 unsigned char *, int, void *))fp; 2661 break; 2662 default: 2663 break; 2664 } 2665 return (ret); 2666 } 2667 2668 long 2669 ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 2670 { 2671 CERT *cert; 2672 2673 cert = ctx->cert; 2674 2675 switch (cmd) { 2676 case SSL_CTRL_NEED_TMP_RSA: 2677 if ((cert->rsa_tmp == NULL) && 2678 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 2679 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > 2680 (512 / 8)))) 2681 return (1); 2682 else 2683 return (0); 2684 /* break; */ 2685 case SSL_CTRL_SET_TMP_RSA: 2686 { 2687 RSA *rsa; 2688 int i; 2689 2690 rsa = (RSA *)parg; 2691 i = 1; 2692 if (rsa == NULL) 2693 i = 0; 2694 else { 2695 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) 2696 i = 0; 2697 } 2698 if (!i) { 2699 SSLerr(SSL_F_SSL3_CTX_CTRL, 2700 ERR_R_RSA_LIB); 2701 return (0); 2702 } else { 2703 RSA_free(cert->rsa_tmp); 2704 cert->rsa_tmp = rsa; 2705 return (1); 2706 } 2707 } 2708 /* break; */ 2709 case SSL_CTRL_SET_TMP_RSA_CB: 2710 { 2711 SSLerr(SSL_F_SSL3_CTX_CTRL, 2712 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2713 return (0); 2714 } 2715 break; 2716 case SSL_CTRL_SET_TMP_DH: 2717 { 2718 DH *new = NULL, *dh; 2719 2720 dh = (DH *)parg; 2721 if ((new = DHparams_dup(dh)) == NULL) { 2722 SSLerr(SSL_F_SSL3_CTX_CTRL, 2723 ERR_R_DH_LIB); 2724 return 0; 2725 } 2726 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { 2727 if (!DH_generate_key(new)) { 2728 SSLerr(SSL_F_SSL3_CTX_CTRL, 2729 ERR_R_DH_LIB); 2730 DH_free(new); 2731 return 0; 2732 } 2733 } 2734 DH_free(cert->dh_tmp); 2735 cert->dh_tmp = new; 2736 return 1; 2737 } 2738 /*break; */ 2739 case SSL_CTRL_SET_TMP_DH_CB: 2740 { 2741 SSLerr(SSL_F_SSL3_CTX_CTRL, 2742 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2743 return (0); 2744 } 2745 break; 2746 case SSL_CTRL_SET_TMP_ECDH: 2747 { 2748 EC_KEY *ecdh = NULL; 2749 2750 if (parg == NULL) { 2751 SSLerr(SSL_F_SSL3_CTX_CTRL, 2752 ERR_R_ECDH_LIB); 2753 return 0; 2754 } 2755 ecdh = EC_KEY_dup((EC_KEY *)parg); 2756 if (ecdh == NULL) { 2757 SSLerr(SSL_F_SSL3_CTX_CTRL, 2758 ERR_R_EC_LIB); 2759 return 0; 2760 } 2761 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 2762 if (!EC_KEY_generate_key(ecdh)) { 2763 EC_KEY_free(ecdh); 2764 SSLerr(SSL_F_SSL3_CTX_CTRL, 2765 ERR_R_ECDH_LIB); 2766 return 0; 2767 } 2768 } 2769 2770 EC_KEY_free(cert->ecdh_tmp); 2771 cert->ecdh_tmp = ecdh; 2772 return 1; 2773 } 2774 /* break; */ 2775 case SSL_CTRL_SET_TMP_ECDH_CB: 2776 { 2777 SSLerr(SSL_F_SSL3_CTX_CTRL, 2778 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2779 return (0); 2780 } 2781 break; 2782 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2783 ctx->tlsext_servername_arg = parg; 2784 break; 2785 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 2786 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 2787 { 2788 unsigned char *keys = parg; 2789 if (!keys) 2790 return 48; 2791 if (larg != 48) { 2792 SSLerr(SSL_F_SSL3_CTX_CTRL, 2793 SSL_R_INVALID_TICKET_KEYS_LENGTH); 2794 return 0; 2795 } 2796 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 2797 memcpy(ctx->tlsext_tick_key_name, keys, 16); 2798 memcpy(ctx->tlsext_tick_hmac_key, 2799 keys + 16, 16); 2800 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 2801 } else { 2802 memcpy(keys, ctx->tlsext_tick_key_name, 16); 2803 memcpy(keys + 16, 2804 ctx->tlsext_tick_hmac_key, 16); 2805 memcpy(keys + 32, 2806 ctx->tlsext_tick_aes_key, 16); 2807 } 2808 return 1; 2809 } 2810 2811 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2812 ctx->tlsext_status_arg = parg; 2813 return 1; 2814 break; 2815 2816 2817 /* A Thawte special :-) */ 2818 case SSL_CTRL_EXTRA_CHAIN_CERT: 2819 if (ctx->extra_certs == NULL) { 2820 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) 2821 return (0); 2822 } 2823 sk_X509_push(ctx->extra_certs,(X509 *)parg); 2824 break; 2825 2826 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 2827 *(STACK_OF(X509) **)parg = ctx->extra_certs; 2828 break; 2829 2830 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 2831 if (ctx->extra_certs) { 2832 sk_X509_pop_free(ctx->extra_certs, X509_free); 2833 ctx->extra_certs = NULL; 2834 } 2835 break; 2836 2837 default: 2838 return (0); 2839 } 2840 return (1); 2841 } 2842 2843 long 2844 ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 2845 { 2846 CERT *cert; 2847 2848 cert = ctx->cert; 2849 2850 switch (cmd) { 2851 case SSL_CTRL_SET_TMP_RSA_CB: 2852 { 2853 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 2854 } 2855 break; 2856 case SSL_CTRL_SET_TMP_DH_CB: 2857 { 2858 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2859 } 2860 break; 2861 case SSL_CTRL_SET_TMP_ECDH_CB: 2862 { 2863 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2864 } 2865 break; 2866 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2867 ctx->tlsext_servername_callback = 2868 (int (*)(SSL *, int *, void *))fp; 2869 break; 2870 2871 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2872 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2873 break; 2874 2875 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 2876 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 2877 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2878 break; 2879 2880 default: 2881 return (0); 2882 } 2883 return (1); 2884 } 2885 2886 /* This function needs to check if the ciphers required are actually 2887 * available */ 2888 const SSL_CIPHER * 2889 ssl3_get_cipher_by_char(const unsigned char *p) 2890 { 2891 SSL_CIPHER c; 2892 const SSL_CIPHER *cp; 2893 unsigned long id; 2894 2895 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; 2896 c.id = id; 2897 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 2898 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES 2899 if (cp == NULL) 2900 fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); 2901 #endif 2902 if (cp == NULL || cp->valid == 0) 2903 return NULL; 2904 else 2905 return cp; 2906 } 2907 2908 int 2909 ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 2910 { 2911 long l; 2912 2913 if (p != NULL) { 2914 l = c->id; 2915 if ((l & 0xff000000) != 0x03000000) 2916 return (0); 2917 p[0] = ((unsigned char)(l >> 8L)) & 0xFF; 2918 p[1] = ((unsigned char)(l)) & 0xFF; 2919 } 2920 return (2); 2921 } 2922 2923 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 2924 STACK_OF(SSL_CIPHER) *srvr) 2925 { 2926 SSL_CIPHER *c, *ret = NULL; 2927 STACK_OF(SSL_CIPHER) *prio, *allow; 2928 int i, ii, ok; 2929 unsigned int j; 2930 int ec_ok, ec_nid; 2931 unsigned char ec_search1 = 0, ec_search2 = 0; 2932 CERT *cert; 2933 unsigned long alg_k, alg_a, mask_k, mask_a; 2934 2935 /* Let's see which ciphers we can support */ 2936 cert = s->cert; 2937 2938 /* 2939 * Do not set the compare functions, because this may lead to a 2940 * reordering by "id". We want to keep the original ordering. 2941 * We may pay a price in performance during sk_SSL_CIPHER_find(), 2942 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 2943 */ 2944 2945 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 2946 prio = srvr; 2947 allow = clnt; 2948 } else { 2949 prio = clnt; 2950 allow = srvr; 2951 } 2952 2953 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 2954 c = sk_SSL_CIPHER_value(prio, i); 2955 2956 /* Skip TLS v1.2 only ciphersuites if not supported. */ 2957 if ((c->algorithm_ssl & SSL_TLSV1_2) && 2958 !SSL_USE_TLS1_2_CIPHERS(s)) 2959 continue; 2960 2961 ssl_set_cert_masks(cert, c); 2962 mask_k = cert->mask_k; 2963 mask_a = cert->mask_a; 2964 2965 alg_k = c->algorithm_mkey; 2966 alg_a = c->algorithm_auth; 2967 2968 2969 ok = (alg_k & mask_k) && (alg_a & mask_a); 2970 2971 if ( 2972 /* 2973 * if we are considering an ECC cipher suite that uses our 2974 * certificate 2975 */ 2976 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 2977 /* and we have an ECC certificate */ 2978 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 2979 /* 2980 * and the client specified a Supported Point Formats 2981 * extension 2982 */ 2983 && ((s->session->tlsext_ecpointformatlist_length > 0) && 2984 (s->session->tlsext_ecpointformatlist != NULL)) 2985 /* and our certificate's point is compressed */ 2986 && ( 2987 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 2988 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) 2989 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) 2990 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) 2991 && ( 2992 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) 2993 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) 2994 ) 2995 ) 2996 ) { 2997 ec_ok = 0; 2998 /* 2999 * If our certificate's curve is over a field type 3000 * that the client does not support then do not allow 3001 * this cipher suite to be negotiated 3002 */ 3003 if ( 3004 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3005 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3006 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3007 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) 3008 ) { 3009 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) { 3010 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) { 3011 ec_ok = 1; 3012 break; 3013 } 3014 } 3015 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) { 3016 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) { 3017 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) { 3018 ec_ok = 1; 3019 break; 3020 } 3021 } 3022 } 3023 ok = ok && ec_ok; 3024 } 3025 if ( 3026 /* 3027 * If we are considering an ECC cipher suite that uses our 3028 * certificate 3029 */ 3030 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3031 /* and we have an ECC certificate */ 3032 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3033 /* and the client specified an EllipticCurves extension */ 3034 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3035 ) { 3036 ec_ok = 0; 3037 if ( 3038 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3039 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3040 ) { 3041 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); 3042 if ((ec_nid == 0) 3043 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3044 ) { 3045 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) { 3046 ec_search1 = 0xFF; 3047 ec_search2 = 0x01; 3048 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) { 3049 ec_search1 = 0xFF; 3050 ec_search2 = 0x02; 3051 } 3052 } else { 3053 ec_search1 = 0x00; 3054 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3055 } 3056 if ((ec_search1 != 0) || (ec_search2 != 0)) { 3057 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) { 3058 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) { 3059 ec_ok = 1; 3060 break; 3061 } 3062 } 3063 } 3064 } 3065 ok = ok && ec_ok; 3066 } 3067 if ( 3068 /* 3069 * if we are considering an ECC cipher suite that uses an 3070 * ephemeral EC key 3071 */ 3072 (alg_k & SSL_kECDHE) 3073 /* and we have an ephemeral EC key */ 3074 && (s->cert->ecdh_tmp != NULL) 3075 /* and the client specified an EllipticCurves extension */ 3076 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3077 ) { 3078 ec_ok = 0; 3079 if (s->cert->ecdh_tmp->group != NULL) { 3080 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); 3081 if ((ec_nid == 0) 3082 && (s->cert->ecdh_tmp->group->meth != NULL) 3083 ) { 3084 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) { 3085 ec_search1 = 0xFF; 3086 ec_search2 = 0x01; 3087 } else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) { 3088 ec_search1 = 0xFF; 3089 ec_search2 = 0x02; 3090 } 3091 } else { 3092 ec_search1 = 0x00; 3093 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3094 } 3095 if ((ec_search1 != 0) || (ec_search2 != 0)) { 3096 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) { 3097 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) { 3098 ec_ok = 1; 3099 break; 3100 } 3101 } 3102 } 3103 } 3104 ok = ok && ec_ok; 3105 } 3106 3107 if (!ok) 3108 continue; 3109 ii = sk_SSL_CIPHER_find(allow, c); 3110 if (ii >= 0) { 3111 if ((alg_k & SSL_kECDHE) && 3112 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { 3113 if (!ret) 3114 ret = sk_SSL_CIPHER_value(allow, ii); 3115 continue; 3116 } 3117 ret = sk_SSL_CIPHER_value(allow, ii); 3118 break; 3119 } 3120 } 3121 return (ret); 3122 } 3123 3124 int 3125 ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3126 { 3127 int ret = 0; 3128 unsigned long alg_k; 3129 3130 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 3131 3132 #ifndef OPENSSL_NO_GOST 3133 if (s->version >= TLS1_VERSION) { 3134 if (alg_k & SSL_kGOST) { 3135 p[ret++] = TLS_CT_GOST94_SIGN; 3136 p[ret++] = TLS_CT_GOST01_SIGN; 3137 return (ret); 3138 } 3139 } 3140 #endif 3141 3142 if (alg_k & (SSL_kDHr|SSL_kDHE)) { 3143 p[ret++] = SSL3_CT_RSA_FIXED_DH; 3144 p[ret++] = SSL3_CT_DSS_FIXED_DH; 3145 } 3146 if ((s->version == SSL3_VERSION) && 3147 (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr))) { 3148 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; 3149 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; 3150 } 3151 p[ret++] = SSL3_CT_RSA_SIGN; 3152 p[ret++] = SSL3_CT_DSS_SIGN; 3153 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { 3154 p[ret++] = TLS_CT_RSA_FIXED_ECDH; 3155 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; 3156 } 3157 3158 /* 3159 * ECDSA certs can be used with RSA cipher suites as well 3160 * so we don't need to check for SSL_kECDH or SSL_kECDHE 3161 */ 3162 if (s->version >= TLS1_VERSION) { 3163 p[ret++] = TLS_CT_ECDSA_SIGN; 3164 } 3165 return (ret); 3166 } 3167 3168 int 3169 ssl3_shutdown(SSL *s) 3170 { 3171 int ret; 3172 3173 /* 3174 * Don't do anything much if we have not done the handshake or 3175 * we don't want to send messages :-) 3176 */ 3177 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 3178 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 3179 return (1); 3180 } 3181 3182 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { 3183 s->shutdown|=SSL_SENT_SHUTDOWN; 3184 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 3185 /* 3186 * Our shutdown alert has been sent now, and if it still needs 3187 * to be written, s->s3->alert_dispatch will be true 3188 */ 3189 if (s->s3->alert_dispatch) 3190 return(-1); /* return WANT_WRITE */ 3191 } else if (s->s3->alert_dispatch) { 3192 /* resend it if not sent */ 3193 ret = s->method->ssl_dispatch_alert(s); 3194 if (ret == -1) { 3195 /* 3196 * We only get to return -1 here the 2nd/Nth 3197 * invocation, we must have already signalled 3198 * return 0 upon a previous invoation, 3199 * return WANT_WRITE 3200 */ 3201 return (ret); 3202 } 3203 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 3204 /* If we are waiting for a close from our peer, we are closed */ 3205 s->method->ssl_read_bytes(s, 0, NULL, 0, 0); 3206 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 3207 return(-1); /* return WANT_READ */ 3208 } 3209 } 3210 3211 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 3212 !s->s3->alert_dispatch) 3213 return (1); 3214 else 3215 return (0); 3216 } 3217 3218 int 3219 ssl3_write(SSL *s, const void *buf, int len) 3220 { 3221 int ret, n; 3222 3223 #if 0 3224 if (s->shutdown & SSL_SEND_SHUTDOWN) { 3225 s->rwstate = SSL_NOTHING; 3226 return (0); 3227 } 3228 #endif 3229 errno = 0; 3230 if (s->s3->renegotiate) 3231 ssl3_renegotiate_check(s); 3232 3233 /* 3234 * This is an experimental flag that sends the 3235 * last handshake message in the same packet as the first 3236 * use data - used to see if it helps the TCP protocol during 3237 * session-id reuse 3238 */ 3239 /* The second test is because the buffer may have been removed */ 3240 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 3241 /* First time through, we write into the buffer */ 3242 if (s->s3->delay_buf_pop_ret == 0) { 3243 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 3244 buf, len); 3245 if (ret <= 0) 3246 return (ret); 3247 3248 s->s3->delay_buf_pop_ret = ret; 3249 } 3250 3251 s->rwstate = SSL_WRITING; 3252 n = BIO_flush(s->wbio); 3253 if (n <= 0) 3254 return (n); 3255 s->rwstate = SSL_NOTHING; 3256 3257 /* We have flushed the buffer, so remove it */ 3258 ssl_free_wbio_buffer(s); 3259 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 3260 3261 ret = s->s3->delay_buf_pop_ret; 3262 s->s3->delay_buf_pop_ret = 0; 3263 } else { 3264 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 3265 buf, len); 3266 if (ret <= 0) 3267 return (ret); 3268 } 3269 3270 return (ret); 3271 } 3272 3273 static int 3274 ssl3_read_internal(SSL *s, void *buf, int len, int peek) 3275 { 3276 int ret; 3277 3278 errno = 0; 3279 if (s->s3->renegotiate) 3280 ssl3_renegotiate_check(s); 3281 s->s3->in_read_app_data = 1; 3282 ret = s->method->ssl_read_bytes(s, 3283 SSL3_RT_APPLICATION_DATA, buf, len, peek); 3284 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 3285 /* 3286 * ssl3_read_bytes decided to call s->handshake_func, which 3287 * called ssl3_read_bytes to read handshake data. 3288 * However, ssl3_read_bytes actually found application data 3289 * and thinks that application data makes sense here; so disable 3290 * handshake processing and try to read application data again. 3291 */ 3292 s->in_handshake++; 3293 ret = s->method->ssl_read_bytes(s, 3294 SSL3_RT_APPLICATION_DATA, buf, len, peek); 3295 s->in_handshake--; 3296 } else 3297 s->s3->in_read_app_data = 0; 3298 3299 return (ret); 3300 } 3301 3302 int 3303 ssl3_read(SSL *s, void *buf, int len) 3304 { 3305 return ssl3_read_internal(s, buf, len, 0); 3306 } 3307 3308 int 3309 ssl3_peek(SSL *s, void *buf, int len) 3310 { 3311 return ssl3_read_internal(s, buf, len, 1); 3312 } 3313 3314 int 3315 ssl3_renegotiate(SSL *s) 3316 { 3317 if (s->handshake_func == NULL) 3318 return (1); 3319 3320 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 3321 return (0); 3322 3323 s->s3->renegotiate = 1; 3324 return (1); 3325 } 3326 3327 int 3328 ssl3_renegotiate_check(SSL *s) 3329 { 3330 int ret = 0; 3331 3332 if (s->s3->renegotiate) { 3333 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 3334 !SSL_in_init(s)) { 3335 /* 3336 * If we are the server, and we have sent 3337 * a 'RENEGOTIATE' message, we need to go 3338 * to SSL_ST_ACCEPT. 3339 */ 3340 /* SSL_ST_ACCEPT */ 3341 s->state = SSL_ST_RENEGOTIATE; 3342 s->s3->renegotiate = 0; 3343 s->s3->num_renegotiations++; 3344 s->s3->total_renegotiations++; 3345 ret = 1; 3346 } 3347 } 3348 return (ret); 3349 } 3350 /* 3351 * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 3352 * to new SHA256 PRF and handshake macs 3353 */ 3354 long 3355 ssl_get_algorithm2(SSL *s) 3356 { 3357 long alg2 = s->s3->tmp.new_cipher->algorithm2; 3358 3359 if (s->method->version == TLS1_2_VERSION && 3360 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 3361 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 3362 return alg2; 3363 } 3364