1 /* $OpenBSD: s3_lib.c,v 1.113 2016/12/06 13:17:52 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * 114 * Portions of the attached software ("Contribution") are developed by 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 * 117 * The Contribution is licensed pursuant to the OpenSSL open source 118 * license provided above. 119 * 120 * ECC cipher suite support in OpenSSL originally written by 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 * 123 */ 124 /* ==================================================================== 125 * Copyright 2005 Nokia. All rights reserved. 126 * 127 * The portions of the attached software ("Contribution") is developed by 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 * license. 130 * 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 * support (see RFC 4279) to OpenSSL. 134 * 135 * No patent licenses or other rights except those expressly stated in 136 * the OpenSSL open source license shall be deemed granted or received 137 * expressly, by implication, estoppel, or otherwise. 138 * 139 * No assurances are provided by Nokia that the Contribution does not 140 * infringe the patent or other intellectual property rights of any third 141 * party or that the license provides you with all the necessary rights 142 * to make use of the Contribution. 143 * 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 * OTHERWISE. 149 */ 150 151 #include <limits.h> 152 #include <stdio.h> 153 154 #include <openssl/dh.h> 155 #include <openssl/md5.h> 156 #include <openssl/objects.h> 157 158 #include "ssl_locl.h" 159 #include "bytestring.h" 160 161 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) 162 163 /* 164 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the 165 * fixed nonce length in algorithms2. It is the inverse of the 166 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro. 167 */ 168 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) 169 170 /* list of available SSLv3 ciphers (sorted by id) */ 171 SSL_CIPHER ssl3_ciphers[] = { 172 173 /* The RSA ciphers */ 174 /* Cipher 01 */ 175 { 176 .valid = 1, 177 .name = SSL3_TXT_RSA_NULL_MD5, 178 .id = SSL3_CK_RSA_NULL_MD5, 179 .algorithm_mkey = SSL_kRSA, 180 .algorithm_auth = SSL_aRSA, 181 .algorithm_enc = SSL_eNULL, 182 .algorithm_mac = SSL_MD5, 183 .algorithm_ssl = SSL_SSLV3, 184 .algo_strength = SSL_STRONG_NONE, 185 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 186 .strength_bits = 0, 187 .alg_bits = 0, 188 }, 189 190 /* Cipher 02 */ 191 { 192 .valid = 1, 193 .name = SSL3_TXT_RSA_NULL_SHA, 194 .id = SSL3_CK_RSA_NULL_SHA, 195 .algorithm_mkey = SSL_kRSA, 196 .algorithm_auth = SSL_aRSA, 197 .algorithm_enc = SSL_eNULL, 198 .algorithm_mac = SSL_SHA1, 199 .algorithm_ssl = SSL_SSLV3, 200 .algo_strength = SSL_STRONG_NONE, 201 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 202 .strength_bits = 0, 203 .alg_bits = 0, 204 }, 205 206 /* Cipher 04 */ 207 { 208 .valid = 1, 209 .name = SSL3_TXT_RSA_RC4_128_MD5, 210 .id = SSL3_CK_RSA_RC4_128_MD5, 211 .algorithm_mkey = SSL_kRSA, 212 .algorithm_auth = SSL_aRSA, 213 .algorithm_enc = SSL_RC4, 214 .algorithm_mac = SSL_MD5, 215 .algorithm_ssl = SSL_SSLV3, 216 .algo_strength = SSL_LOW, 217 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 218 .strength_bits = 128, 219 .alg_bits = 128, 220 }, 221 222 /* Cipher 05 */ 223 { 224 .valid = 1, 225 .name = SSL3_TXT_RSA_RC4_128_SHA, 226 .id = SSL3_CK_RSA_RC4_128_SHA, 227 .algorithm_mkey = SSL_kRSA, 228 .algorithm_auth = SSL_aRSA, 229 .algorithm_enc = SSL_RC4, 230 .algorithm_mac = SSL_SHA1, 231 .algorithm_ssl = SSL_SSLV3, 232 .algo_strength = SSL_LOW, 233 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 234 .strength_bits = 128, 235 .alg_bits = 128, 236 }, 237 238 /* Cipher 09 */ 239 { 240 .valid = 1, 241 .name = SSL3_TXT_RSA_DES_64_CBC_SHA, 242 .id = SSL3_CK_RSA_DES_64_CBC_SHA, 243 .algorithm_mkey = SSL_kRSA, 244 .algorithm_auth = SSL_aRSA, 245 .algorithm_enc = SSL_DES, 246 .algorithm_mac = SSL_SHA1, 247 .algorithm_ssl = SSL_SSLV3, 248 .algo_strength = SSL_LOW, 249 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 250 .strength_bits = 56, 251 .alg_bits = 56, 252 }, 253 254 /* Cipher 0A */ 255 { 256 .valid = 1, 257 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, 258 .id = SSL3_CK_RSA_DES_192_CBC3_SHA, 259 .algorithm_mkey = SSL_kRSA, 260 .algorithm_auth = SSL_aRSA, 261 .algorithm_enc = SSL_3DES, 262 .algorithm_mac = SSL_SHA1, 263 .algorithm_ssl = SSL_SSLV3, 264 .algo_strength = SSL_MEDIUM, 265 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 266 .strength_bits = 112, 267 .alg_bits = 168, 268 }, 269 270 /* 271 * Ephemeral DH (DHE) ciphers. 272 */ 273 274 /* Cipher 12 */ 275 { 276 .valid = 1, 277 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 278 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 279 .algorithm_mkey = SSL_kDHE, 280 .algorithm_auth = SSL_aDSS, 281 .algorithm_enc = SSL_DES, 282 .algorithm_mac = SSL_SHA1, 283 .algorithm_ssl = SSL_SSLV3, 284 .algo_strength = SSL_LOW, 285 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 286 .strength_bits = 56, 287 .alg_bits = 56, 288 }, 289 290 /* Cipher 13 */ 291 { 292 .valid = 1, 293 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 294 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 295 .algorithm_mkey = SSL_kDHE, 296 .algorithm_auth = SSL_aDSS, 297 .algorithm_enc = SSL_3DES, 298 .algorithm_mac = SSL_SHA1, 299 .algorithm_ssl = SSL_SSLV3, 300 .algo_strength = SSL_MEDIUM, 301 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 302 .strength_bits = 112, 303 .alg_bits = 168, 304 }, 305 306 /* Cipher 15 */ 307 { 308 .valid = 1, 309 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 310 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 311 .algorithm_mkey = SSL_kDHE, 312 .algorithm_auth = SSL_aRSA, 313 .algorithm_enc = SSL_DES, 314 .algorithm_mac = SSL_SHA1, 315 .algorithm_ssl = SSL_SSLV3, 316 .algo_strength = SSL_LOW, 317 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 318 .strength_bits = 56, 319 .alg_bits = 56, 320 }, 321 322 /* Cipher 16 */ 323 { 324 .valid = 1, 325 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 326 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 327 .algorithm_mkey = SSL_kDHE, 328 .algorithm_auth = SSL_aRSA, 329 .algorithm_enc = SSL_3DES, 330 .algorithm_mac = SSL_SHA1, 331 .algorithm_ssl = SSL_SSLV3, 332 .algo_strength = SSL_MEDIUM, 333 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 334 .strength_bits = 112, 335 .alg_bits = 168, 336 }, 337 338 /* Cipher 18 */ 339 { 340 .valid = 1, 341 .name = SSL3_TXT_ADH_RC4_128_MD5, 342 .id = SSL3_CK_ADH_RC4_128_MD5, 343 .algorithm_mkey = SSL_kDHE, 344 .algorithm_auth = SSL_aNULL, 345 .algorithm_enc = SSL_RC4, 346 .algorithm_mac = SSL_MD5, 347 .algorithm_ssl = SSL_SSLV3, 348 .algo_strength = SSL_LOW, 349 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 350 .strength_bits = 128, 351 .alg_bits = 128, 352 }, 353 354 /* Cipher 1A */ 355 { 356 .valid = 1, 357 .name = SSL3_TXT_ADH_DES_64_CBC_SHA, 358 .id = SSL3_CK_ADH_DES_64_CBC_SHA, 359 .algorithm_mkey = SSL_kDHE, 360 .algorithm_auth = SSL_aNULL, 361 .algorithm_enc = SSL_DES, 362 .algorithm_mac = SSL_SHA1, 363 .algorithm_ssl = SSL_SSLV3, 364 .algo_strength = SSL_LOW, 365 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 366 .strength_bits = 56, 367 .alg_bits = 56, 368 }, 369 370 /* Cipher 1B */ 371 { 372 .valid = 1, 373 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 374 .id = SSL3_CK_ADH_DES_192_CBC_SHA, 375 .algorithm_mkey = SSL_kDHE, 376 .algorithm_auth = SSL_aNULL, 377 .algorithm_enc = SSL_3DES, 378 .algorithm_mac = SSL_SHA1, 379 .algorithm_ssl = SSL_SSLV3, 380 .algo_strength = SSL_MEDIUM, 381 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 382 .strength_bits = 112, 383 .alg_bits = 168, 384 }, 385 386 /* 387 * AES ciphersuites. 388 */ 389 390 /* Cipher 2F */ 391 { 392 .valid = 1, 393 .name = TLS1_TXT_RSA_WITH_AES_128_SHA, 394 .id = TLS1_CK_RSA_WITH_AES_128_SHA, 395 .algorithm_mkey = SSL_kRSA, 396 .algorithm_auth = SSL_aRSA, 397 .algorithm_enc = SSL_AES128, 398 .algorithm_mac = SSL_SHA1, 399 .algorithm_ssl = SSL_TLSV1, 400 .algo_strength = SSL_HIGH, 401 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 402 .strength_bits = 128, 403 .alg_bits = 128, 404 }, 405 406 /* Cipher 32 */ 407 { 408 .valid = 1, 409 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 410 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 411 .algorithm_mkey = SSL_kDHE, 412 .algorithm_auth = SSL_aDSS, 413 .algorithm_enc = SSL_AES128, 414 .algorithm_mac = SSL_SHA1, 415 .algorithm_ssl = SSL_TLSV1, 416 .algo_strength = SSL_HIGH, 417 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 418 .strength_bits = 128, 419 .alg_bits = 128, 420 }, 421 422 /* Cipher 33 */ 423 { 424 .valid = 1, 425 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 426 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 427 .algorithm_mkey = SSL_kDHE, 428 .algorithm_auth = SSL_aRSA, 429 .algorithm_enc = SSL_AES128, 430 .algorithm_mac = SSL_SHA1, 431 .algorithm_ssl = SSL_TLSV1, 432 .algo_strength = SSL_HIGH, 433 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 434 .strength_bits = 128, 435 .alg_bits = 128, 436 }, 437 438 /* Cipher 34 */ 439 { 440 .valid = 1, 441 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 442 .id = TLS1_CK_ADH_WITH_AES_128_SHA, 443 .algorithm_mkey = SSL_kDHE, 444 .algorithm_auth = SSL_aNULL, 445 .algorithm_enc = SSL_AES128, 446 .algorithm_mac = SSL_SHA1, 447 .algorithm_ssl = SSL_TLSV1, 448 .algo_strength = SSL_HIGH, 449 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 450 .strength_bits = 128, 451 .alg_bits = 128, 452 }, 453 454 /* Cipher 35 */ 455 { 456 .valid = 1, 457 .name = TLS1_TXT_RSA_WITH_AES_256_SHA, 458 .id = TLS1_CK_RSA_WITH_AES_256_SHA, 459 .algorithm_mkey = SSL_kRSA, 460 .algorithm_auth = SSL_aRSA, 461 .algorithm_enc = SSL_AES256, 462 .algorithm_mac = SSL_SHA1, 463 .algorithm_ssl = SSL_TLSV1, 464 .algo_strength = SSL_HIGH, 465 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 466 .strength_bits = 256, 467 .alg_bits = 256, 468 }, 469 470 /* Cipher 38 */ 471 { 472 .valid = 1, 473 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 474 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 475 .algorithm_mkey = SSL_kDHE, 476 .algorithm_auth = SSL_aDSS, 477 .algorithm_enc = SSL_AES256, 478 .algorithm_mac = SSL_SHA1, 479 .algorithm_ssl = SSL_TLSV1, 480 .algo_strength = SSL_HIGH, 481 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 482 .strength_bits = 256, 483 .alg_bits = 256, 484 }, 485 486 /* Cipher 39 */ 487 { 488 .valid = 1, 489 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 490 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 491 .algorithm_mkey = SSL_kDHE, 492 .algorithm_auth = SSL_aRSA, 493 .algorithm_enc = SSL_AES256, 494 .algorithm_mac = SSL_SHA1, 495 .algorithm_ssl = SSL_TLSV1, 496 .algo_strength = SSL_HIGH, 497 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 498 .strength_bits = 256, 499 .alg_bits = 256, 500 }, 501 502 /* Cipher 3A */ 503 { 504 .valid = 1, 505 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 506 .id = TLS1_CK_ADH_WITH_AES_256_SHA, 507 .algorithm_mkey = SSL_kDHE, 508 .algorithm_auth = SSL_aNULL, 509 .algorithm_enc = SSL_AES256, 510 .algorithm_mac = SSL_SHA1, 511 .algorithm_ssl = SSL_TLSV1, 512 .algo_strength = SSL_HIGH, 513 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 514 .strength_bits = 256, 515 .alg_bits = 256, 516 }, 517 518 /* TLS v1.2 ciphersuites */ 519 /* Cipher 3B */ 520 { 521 .valid = 1, 522 .name = TLS1_TXT_RSA_WITH_NULL_SHA256, 523 .id = TLS1_CK_RSA_WITH_NULL_SHA256, 524 .algorithm_mkey = SSL_kRSA, 525 .algorithm_auth = SSL_aRSA, 526 .algorithm_enc = SSL_eNULL, 527 .algorithm_mac = SSL_SHA256, 528 .algorithm_ssl = SSL_TLSV1_2, 529 .algo_strength = SSL_STRONG_NONE, 530 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 531 .strength_bits = 0, 532 .alg_bits = 0, 533 }, 534 535 /* Cipher 3C */ 536 { 537 .valid = 1, 538 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, 539 .id = TLS1_CK_RSA_WITH_AES_128_SHA256, 540 .algorithm_mkey = SSL_kRSA, 541 .algorithm_auth = SSL_aRSA, 542 .algorithm_enc = SSL_AES128, 543 .algorithm_mac = SSL_SHA256, 544 .algorithm_ssl = SSL_TLSV1_2, 545 .algo_strength = SSL_HIGH, 546 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 547 .strength_bits = 128, 548 .alg_bits = 128, 549 }, 550 551 /* Cipher 3D */ 552 { 553 .valid = 1, 554 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, 555 .id = TLS1_CK_RSA_WITH_AES_256_SHA256, 556 .algorithm_mkey = SSL_kRSA, 557 .algorithm_auth = SSL_aRSA, 558 .algorithm_enc = SSL_AES256, 559 .algorithm_mac = SSL_SHA256, 560 .algorithm_ssl = SSL_TLSV1_2, 561 .algo_strength = SSL_HIGH, 562 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 563 .strength_bits = 256, 564 .alg_bits = 256, 565 }, 566 567 /* Cipher 40 */ 568 { 569 .valid = 1, 570 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 571 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 572 .algorithm_mkey = SSL_kDHE, 573 .algorithm_auth = SSL_aDSS, 574 .algorithm_enc = SSL_AES128, 575 .algorithm_mac = SSL_SHA256, 576 .algorithm_ssl = SSL_TLSV1_2, 577 .algo_strength = SSL_HIGH, 578 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 579 .strength_bits = 128, 580 .alg_bits = 128, 581 }, 582 583 #ifndef OPENSSL_NO_CAMELLIA 584 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 585 586 /* Cipher 41 */ 587 { 588 .valid = 1, 589 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 590 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 591 .algorithm_mkey = SSL_kRSA, 592 .algorithm_auth = SSL_aRSA, 593 .algorithm_enc = SSL_CAMELLIA128, 594 .algorithm_mac = SSL_SHA1, 595 .algorithm_ssl = SSL_TLSV1, 596 .algo_strength = SSL_HIGH, 597 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 598 .strength_bits = 128, 599 .alg_bits = 128, 600 }, 601 602 /* Cipher 44 */ 603 { 604 .valid = 1, 605 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 606 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 607 .algorithm_mkey = SSL_kDHE, 608 .algorithm_auth = SSL_aDSS, 609 .algorithm_enc = SSL_CAMELLIA128, 610 .algorithm_mac = SSL_SHA1, 611 .algorithm_ssl = SSL_TLSV1, 612 .algo_strength = SSL_HIGH, 613 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 614 .strength_bits = 128, 615 .alg_bits = 128, 616 }, 617 618 /* Cipher 45 */ 619 { 620 .valid = 1, 621 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 622 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 623 .algorithm_mkey = SSL_kDHE, 624 .algorithm_auth = SSL_aRSA, 625 .algorithm_enc = SSL_CAMELLIA128, 626 .algorithm_mac = SSL_SHA1, 627 .algorithm_ssl = SSL_TLSV1, 628 .algo_strength = SSL_HIGH, 629 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 630 .strength_bits = 128, 631 .alg_bits = 128, 632 }, 633 634 /* Cipher 46 */ 635 { 636 .valid = 1, 637 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 638 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 639 .algorithm_mkey = SSL_kDHE, 640 .algorithm_auth = SSL_aNULL, 641 .algorithm_enc = SSL_CAMELLIA128, 642 .algorithm_mac = SSL_SHA1, 643 .algorithm_ssl = SSL_TLSV1, 644 .algo_strength = SSL_HIGH, 645 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 646 .strength_bits = 128, 647 .alg_bits = 128, 648 }, 649 #endif /* OPENSSL_NO_CAMELLIA */ 650 651 /* TLS v1.2 ciphersuites */ 652 /* Cipher 67 */ 653 { 654 .valid = 1, 655 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 656 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 657 .algorithm_mkey = SSL_kDHE, 658 .algorithm_auth = SSL_aRSA, 659 .algorithm_enc = SSL_AES128, 660 .algorithm_mac = SSL_SHA256, 661 .algorithm_ssl = SSL_TLSV1_2, 662 .algo_strength = SSL_HIGH, 663 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 664 .strength_bits = 128, 665 .alg_bits = 128, 666 }, 667 668 /* Cipher 6A */ 669 { 670 .valid = 1, 671 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 672 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 673 .algorithm_mkey = SSL_kDHE, 674 .algorithm_auth = SSL_aDSS, 675 .algorithm_enc = SSL_AES256, 676 .algorithm_mac = SSL_SHA256, 677 .algorithm_ssl = SSL_TLSV1_2, 678 .algo_strength = SSL_HIGH, 679 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 680 .strength_bits = 256, 681 .alg_bits = 256, 682 }, 683 684 /* Cipher 6B */ 685 { 686 .valid = 1, 687 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 688 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 689 .algorithm_mkey = SSL_kDHE, 690 .algorithm_auth = SSL_aRSA, 691 .algorithm_enc = SSL_AES256, 692 .algorithm_mac = SSL_SHA256, 693 .algorithm_ssl = SSL_TLSV1_2, 694 .algo_strength = SSL_HIGH, 695 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 696 .strength_bits = 256, 697 .alg_bits = 256, 698 }, 699 700 /* Cipher 6C */ 701 { 702 .valid = 1, 703 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 704 .id = TLS1_CK_ADH_WITH_AES_128_SHA256, 705 .algorithm_mkey = SSL_kDHE, 706 .algorithm_auth = SSL_aNULL, 707 .algorithm_enc = SSL_AES128, 708 .algorithm_mac = SSL_SHA256, 709 .algorithm_ssl = SSL_TLSV1_2, 710 .algo_strength = SSL_HIGH, 711 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 712 .strength_bits = 128, 713 .alg_bits = 128, 714 }, 715 716 /* Cipher 6D */ 717 { 718 .valid = 1, 719 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 720 .id = TLS1_CK_ADH_WITH_AES_256_SHA256, 721 .algorithm_mkey = SSL_kDHE, 722 .algorithm_auth = SSL_aNULL, 723 .algorithm_enc = SSL_AES256, 724 .algorithm_mac = SSL_SHA256, 725 .algorithm_ssl = SSL_TLSV1_2, 726 .algo_strength = SSL_HIGH, 727 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 728 .strength_bits = 256, 729 .alg_bits = 256, 730 }, 731 732 /* GOST Ciphersuites */ 733 734 /* Cipher 81 */ 735 { 736 .valid = 1, 737 .name = "GOST2001-GOST89-GOST89", 738 .id = 0x3000081, 739 .algorithm_mkey = SSL_kGOST, 740 .algorithm_auth = SSL_aGOST01, 741 .algorithm_enc = SSL_eGOST2814789CNT, 742 .algorithm_mac = SSL_GOST89MAC, 743 .algorithm_ssl = SSL_TLSV1, 744 .algo_strength = SSL_HIGH, 745 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| 746 TLS1_STREAM_MAC, 747 .strength_bits = 256, 748 .alg_bits = 256 749 }, 750 751 /* Cipher 83 */ 752 { 753 .valid = 1, 754 .name = "GOST2001-NULL-GOST94", 755 .id = 0x3000083, 756 .algorithm_mkey = SSL_kGOST, 757 .algorithm_auth = SSL_aGOST01, 758 .algorithm_enc = SSL_eNULL, 759 .algorithm_mac = SSL_GOST94, 760 .algorithm_ssl = SSL_TLSV1, 761 .algo_strength = SSL_STRONG_NONE, 762 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 763 .strength_bits = 0, 764 .alg_bits = 0 765 }, 766 767 #ifndef OPENSSL_NO_CAMELLIA 768 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 769 770 /* Cipher 84 */ 771 { 772 .valid = 1, 773 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 774 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 775 .algorithm_mkey = SSL_kRSA, 776 .algorithm_auth = SSL_aRSA, 777 .algorithm_enc = SSL_CAMELLIA256, 778 .algorithm_mac = SSL_SHA1, 779 .algorithm_ssl = SSL_TLSV1, 780 .algo_strength = SSL_HIGH, 781 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 782 .strength_bits = 256, 783 .alg_bits = 256, 784 }, 785 786 /* Cipher 87 */ 787 { 788 .valid = 1, 789 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 790 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 791 .algorithm_mkey = SSL_kDHE, 792 .algorithm_auth = SSL_aDSS, 793 .algorithm_enc = SSL_CAMELLIA256, 794 .algorithm_mac = SSL_SHA1, 795 .algorithm_ssl = SSL_TLSV1, 796 .algo_strength = SSL_HIGH, 797 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 798 .strength_bits = 256, 799 .alg_bits = 256, 800 }, 801 802 /* Cipher 88 */ 803 { 804 .valid = 1, 805 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 806 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 807 .algorithm_mkey = SSL_kDHE, 808 .algorithm_auth = SSL_aRSA, 809 .algorithm_enc = SSL_CAMELLIA256, 810 .algorithm_mac = SSL_SHA1, 811 .algorithm_ssl = SSL_TLSV1, 812 .algo_strength = SSL_HIGH, 813 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 814 .strength_bits = 256, 815 .alg_bits = 256, 816 }, 817 818 /* Cipher 89 */ 819 { 820 .valid = 1, 821 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 822 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 823 .algorithm_mkey = SSL_kDHE, 824 .algorithm_auth = SSL_aNULL, 825 .algorithm_enc = SSL_CAMELLIA256, 826 .algorithm_mac = SSL_SHA1, 827 .algorithm_ssl = SSL_TLSV1, 828 .algo_strength = SSL_HIGH, 829 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 830 .strength_bits = 256, 831 .alg_bits = 256, 832 }, 833 #endif /* OPENSSL_NO_CAMELLIA */ 834 835 /* 836 * GCM ciphersuites from RFC5288. 837 */ 838 839 /* Cipher 9C */ 840 { 841 .valid = 1, 842 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 843 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 844 .algorithm_mkey = SSL_kRSA, 845 .algorithm_auth = SSL_aRSA, 846 .algorithm_enc = SSL_AES128GCM, 847 .algorithm_mac = SSL_AEAD, 848 .algorithm_ssl = SSL_TLSV1_2, 849 .algo_strength = SSL_HIGH, 850 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 851 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 852 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 853 .strength_bits = 128, 854 .alg_bits = 128, 855 }, 856 857 /* Cipher 9D */ 858 { 859 .valid = 1, 860 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 861 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 862 .algorithm_mkey = SSL_kRSA, 863 .algorithm_auth = SSL_aRSA, 864 .algorithm_enc = SSL_AES256GCM, 865 .algorithm_mac = SSL_AEAD, 866 .algorithm_ssl = SSL_TLSV1_2, 867 .algo_strength = SSL_HIGH, 868 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 869 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 870 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 871 .strength_bits = 256, 872 .alg_bits = 256, 873 }, 874 875 /* Cipher 9E */ 876 { 877 .valid = 1, 878 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 879 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 880 .algorithm_mkey = SSL_kDHE, 881 .algorithm_auth = SSL_aRSA, 882 .algorithm_enc = SSL_AES128GCM, 883 .algorithm_mac = SSL_AEAD, 884 .algorithm_ssl = SSL_TLSV1_2, 885 .algo_strength = SSL_HIGH, 886 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 887 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 888 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 889 .strength_bits = 128, 890 .alg_bits = 128, 891 }, 892 893 /* Cipher 9F */ 894 { 895 .valid = 1, 896 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 897 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 898 .algorithm_mkey = SSL_kDHE, 899 .algorithm_auth = SSL_aRSA, 900 .algorithm_enc = SSL_AES256GCM, 901 .algorithm_mac = SSL_AEAD, 902 .algorithm_ssl = SSL_TLSV1_2, 903 .algo_strength = SSL_HIGH, 904 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 905 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 906 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 907 .strength_bits = 256, 908 .alg_bits = 256, 909 }, 910 911 /* Cipher A2 */ 912 { 913 .valid = 1, 914 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 915 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 916 .algorithm_mkey = SSL_kDHE, 917 .algorithm_auth = SSL_aDSS, 918 .algorithm_enc = SSL_AES128GCM, 919 .algorithm_mac = SSL_AEAD, 920 .algorithm_ssl = SSL_TLSV1_2, 921 .algo_strength = SSL_HIGH, 922 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 923 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 924 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 925 .strength_bits = 128, 926 .alg_bits = 128, 927 }, 928 929 /* Cipher A3 */ 930 { 931 .valid = 1, 932 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 933 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 934 .algorithm_mkey = SSL_kDHE, 935 .algorithm_auth = SSL_aDSS, 936 .algorithm_enc = SSL_AES256GCM, 937 .algorithm_mac = SSL_AEAD, 938 .algorithm_ssl = SSL_TLSV1_2, 939 .algo_strength = SSL_HIGH, 940 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 941 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 942 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 943 .strength_bits = 256, 944 .alg_bits = 256, 945 }, 946 947 /* Cipher A6 */ 948 { 949 .valid = 1, 950 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 951 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 952 .algorithm_mkey = SSL_kDHE, 953 .algorithm_auth = SSL_aNULL, 954 .algorithm_enc = SSL_AES128GCM, 955 .algorithm_mac = SSL_AEAD, 956 .algorithm_ssl = SSL_TLSV1_2, 957 .algo_strength = SSL_HIGH, 958 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 959 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 960 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 961 .strength_bits = 128, 962 .alg_bits = 128, 963 }, 964 965 /* Cipher A7 */ 966 { 967 .valid = 1, 968 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 969 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 970 .algorithm_mkey = SSL_kDHE, 971 .algorithm_auth = SSL_aNULL, 972 .algorithm_enc = SSL_AES256GCM, 973 .algorithm_mac = SSL_AEAD, 974 .algorithm_ssl = SSL_TLSV1_2, 975 .algo_strength = SSL_HIGH, 976 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 977 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 978 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 979 .strength_bits = 256, 980 .alg_bits = 256, 981 }, 982 983 #ifndef OPENSSL_NO_CAMELLIA 984 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 985 986 /* Cipher BA */ 987 { 988 .valid = 1, 989 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, 990 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, 991 .algorithm_mkey = SSL_kRSA, 992 .algorithm_auth = SSL_aRSA, 993 .algorithm_enc = SSL_CAMELLIA128, 994 .algorithm_mac = SSL_SHA256, 995 .algorithm_ssl = SSL_TLSV1_2, 996 .algo_strength = SSL_HIGH, 997 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 998 .strength_bits = 128, 999 .alg_bits = 128, 1000 }, 1001 1002 /* Cipher BD */ 1003 { 1004 .valid = 1, 1005 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 1006 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 1007 .algorithm_mkey = SSL_kDHE, 1008 .algorithm_auth = SSL_aDSS, 1009 .algorithm_enc = SSL_CAMELLIA128, 1010 .algorithm_mac = SSL_SHA256, 1011 .algorithm_ssl = SSL_TLSV1_2, 1012 .algo_strength = SSL_HIGH, 1013 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1014 .strength_bits = 128, 1015 .alg_bits = 128, 1016 }, 1017 1018 /* Cipher BE */ 1019 { 1020 .valid = 1, 1021 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1022 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1023 .algorithm_mkey = SSL_kDHE, 1024 .algorithm_auth = SSL_aRSA, 1025 .algorithm_enc = SSL_CAMELLIA128, 1026 .algorithm_mac = SSL_SHA256, 1027 .algorithm_ssl = SSL_TLSV1_2, 1028 .algo_strength = SSL_HIGH, 1029 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1030 .strength_bits = 128, 1031 .alg_bits = 128, 1032 }, 1033 1034 /* Cipher BF */ 1035 { 1036 .valid = 1, 1037 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, 1038 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, 1039 .algorithm_mkey = SSL_kDHE, 1040 .algorithm_auth = SSL_aNULL, 1041 .algorithm_enc = SSL_CAMELLIA128, 1042 .algorithm_mac = SSL_SHA256, 1043 .algorithm_ssl = SSL_TLSV1_2, 1044 .algo_strength = SSL_HIGH, 1045 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1046 .strength_bits = 128, 1047 .alg_bits = 128, 1048 }, 1049 1050 /* Cipher C0 */ 1051 { 1052 .valid = 1, 1053 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1054 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1055 .algorithm_mkey = SSL_kRSA, 1056 .algorithm_auth = SSL_aRSA, 1057 .algorithm_enc = SSL_CAMELLIA256, 1058 .algorithm_mac = SSL_SHA256, 1059 .algorithm_ssl = SSL_TLSV1_2, 1060 .algo_strength = SSL_HIGH, 1061 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1062 .strength_bits = 256, 1063 .alg_bits = 256, 1064 }, 1065 1066 /* Cipher C3 */ 1067 { 1068 .valid = 1, 1069 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 1070 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 1071 .algorithm_mkey = SSL_kDHE, 1072 .algorithm_auth = SSL_aDSS, 1073 .algorithm_enc = SSL_CAMELLIA256, 1074 .algorithm_mac = SSL_SHA256, 1075 .algorithm_ssl = SSL_TLSV1_2, 1076 .algo_strength = SSL_HIGH, 1077 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1078 .strength_bits = 256, 1079 .alg_bits = 256, 1080 }, 1081 1082 /* Cipher C4 */ 1083 { 1084 .valid = 1, 1085 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1086 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1087 .algorithm_mkey = SSL_kDHE, 1088 .algorithm_auth = SSL_aRSA, 1089 .algorithm_enc = SSL_CAMELLIA256, 1090 .algorithm_mac = SSL_SHA256, 1091 .algorithm_ssl = SSL_TLSV1_2, 1092 .algo_strength = SSL_HIGH, 1093 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1094 .strength_bits = 256, 1095 .alg_bits = 256, 1096 }, 1097 1098 /* Cipher C5 */ 1099 { 1100 .valid = 1, 1101 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, 1102 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, 1103 .algorithm_mkey = SSL_kDHE, 1104 .algorithm_auth = SSL_aNULL, 1105 .algorithm_enc = SSL_CAMELLIA256, 1106 .algorithm_mac = SSL_SHA256, 1107 .algorithm_ssl = SSL_TLSV1_2, 1108 .algo_strength = SSL_HIGH, 1109 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1110 .strength_bits = 256, 1111 .alg_bits = 256, 1112 }, 1113 #endif /* OPENSSL_NO_CAMELLIA */ 1114 1115 /* Cipher C006 */ 1116 { 1117 .valid = 1, 1118 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1119 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1120 .algorithm_mkey = SSL_kECDHE, 1121 .algorithm_auth = SSL_aECDSA, 1122 .algorithm_enc = SSL_eNULL, 1123 .algorithm_mac = SSL_SHA1, 1124 .algorithm_ssl = SSL_TLSV1, 1125 .algo_strength = SSL_STRONG_NONE, 1126 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1127 .strength_bits = 0, 1128 .alg_bits = 0, 1129 }, 1130 1131 /* Cipher C007 */ 1132 { 1133 .valid = 1, 1134 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1135 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1136 .algorithm_mkey = SSL_kECDHE, 1137 .algorithm_auth = SSL_aECDSA, 1138 .algorithm_enc = SSL_RC4, 1139 .algorithm_mac = SSL_SHA1, 1140 .algorithm_ssl = SSL_TLSV1, 1141 .algo_strength = SSL_LOW, 1142 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1143 .strength_bits = 128, 1144 .alg_bits = 128, 1145 }, 1146 1147 /* Cipher C008 */ 1148 { 1149 .valid = 1, 1150 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1151 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1152 .algorithm_mkey = SSL_kECDHE, 1153 .algorithm_auth = SSL_aECDSA, 1154 .algorithm_enc = SSL_3DES, 1155 .algorithm_mac = SSL_SHA1, 1156 .algorithm_ssl = SSL_TLSV1, 1157 .algo_strength = SSL_MEDIUM, 1158 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1159 .strength_bits = 112, 1160 .alg_bits = 168, 1161 }, 1162 1163 /* Cipher C009 */ 1164 { 1165 .valid = 1, 1166 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1167 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1168 .algorithm_mkey = SSL_kECDHE, 1169 .algorithm_auth = SSL_aECDSA, 1170 .algorithm_enc = SSL_AES128, 1171 .algorithm_mac = SSL_SHA1, 1172 .algorithm_ssl = SSL_TLSV1, 1173 .algo_strength = SSL_HIGH, 1174 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1175 .strength_bits = 128, 1176 .alg_bits = 128, 1177 }, 1178 1179 /* Cipher C00A */ 1180 { 1181 .valid = 1, 1182 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1183 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1184 .algorithm_mkey = SSL_kECDHE, 1185 .algorithm_auth = SSL_aECDSA, 1186 .algorithm_enc = SSL_AES256, 1187 .algorithm_mac = SSL_SHA1, 1188 .algorithm_ssl = SSL_TLSV1, 1189 .algo_strength = SSL_HIGH, 1190 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1191 .strength_bits = 256, 1192 .alg_bits = 256, 1193 }, 1194 1195 /* Cipher C010 */ 1196 { 1197 .valid = 1, 1198 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1199 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1200 .algorithm_mkey = SSL_kECDHE, 1201 .algorithm_auth = SSL_aRSA, 1202 .algorithm_enc = SSL_eNULL, 1203 .algorithm_mac = SSL_SHA1, 1204 .algorithm_ssl = SSL_TLSV1, 1205 .algo_strength = SSL_STRONG_NONE, 1206 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1207 .strength_bits = 0, 1208 .alg_bits = 0, 1209 }, 1210 1211 /* Cipher C011 */ 1212 { 1213 .valid = 1, 1214 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1215 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1216 .algorithm_mkey = SSL_kECDHE, 1217 .algorithm_auth = SSL_aRSA, 1218 .algorithm_enc = SSL_RC4, 1219 .algorithm_mac = SSL_SHA1, 1220 .algorithm_ssl = SSL_TLSV1, 1221 .algo_strength = SSL_LOW, 1222 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1223 .strength_bits = 128, 1224 .alg_bits = 128, 1225 }, 1226 1227 /* Cipher C012 */ 1228 { 1229 .valid = 1, 1230 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1231 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1232 .algorithm_mkey = SSL_kECDHE, 1233 .algorithm_auth = SSL_aRSA, 1234 .algorithm_enc = SSL_3DES, 1235 .algorithm_mac = SSL_SHA1, 1236 .algorithm_ssl = SSL_TLSV1, 1237 .algo_strength = SSL_HIGH, 1238 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1239 .strength_bits = 112, 1240 .alg_bits = 168, 1241 }, 1242 1243 /* Cipher C013 */ 1244 { 1245 .valid = 1, 1246 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1247 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1248 .algorithm_mkey = SSL_kECDHE, 1249 .algorithm_auth = SSL_aRSA, 1250 .algorithm_enc = SSL_AES128, 1251 .algorithm_mac = SSL_SHA1, 1252 .algorithm_ssl = SSL_TLSV1, 1253 .algo_strength = SSL_HIGH, 1254 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1255 .strength_bits = 128, 1256 .alg_bits = 128, 1257 }, 1258 1259 /* Cipher C014 */ 1260 { 1261 .valid = 1, 1262 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1263 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1264 .algorithm_mkey = SSL_kECDHE, 1265 .algorithm_auth = SSL_aRSA, 1266 .algorithm_enc = SSL_AES256, 1267 .algorithm_mac = SSL_SHA1, 1268 .algorithm_ssl = SSL_TLSV1, 1269 .algo_strength = SSL_HIGH, 1270 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1271 .strength_bits = 256, 1272 .alg_bits = 256, 1273 }, 1274 1275 /* Cipher C015 */ 1276 { 1277 .valid = 1, 1278 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1279 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1280 .algorithm_mkey = SSL_kECDHE, 1281 .algorithm_auth = SSL_aNULL, 1282 .algorithm_enc = SSL_eNULL, 1283 .algorithm_mac = SSL_SHA1, 1284 .algorithm_ssl = SSL_TLSV1, 1285 .algo_strength = SSL_STRONG_NONE, 1286 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1287 .strength_bits = 0, 1288 .alg_bits = 0, 1289 }, 1290 1291 /* Cipher C016 */ 1292 { 1293 .valid = 1, 1294 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1295 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1296 .algorithm_mkey = SSL_kECDHE, 1297 .algorithm_auth = SSL_aNULL, 1298 .algorithm_enc = SSL_RC4, 1299 .algorithm_mac = SSL_SHA1, 1300 .algorithm_ssl = SSL_TLSV1, 1301 .algo_strength = SSL_LOW, 1302 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1303 .strength_bits = 128, 1304 .alg_bits = 128, 1305 }, 1306 1307 /* Cipher C017 */ 1308 { 1309 .valid = 1, 1310 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1311 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1312 .algorithm_mkey = SSL_kECDHE, 1313 .algorithm_auth = SSL_aNULL, 1314 .algorithm_enc = SSL_3DES, 1315 .algorithm_mac = SSL_SHA1, 1316 .algorithm_ssl = SSL_TLSV1, 1317 .algo_strength = SSL_MEDIUM, 1318 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1319 .strength_bits = 112, 1320 .alg_bits = 168, 1321 }, 1322 1323 /* Cipher C018 */ 1324 { 1325 .valid = 1, 1326 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1327 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1328 .algorithm_mkey = SSL_kECDHE, 1329 .algorithm_auth = SSL_aNULL, 1330 .algorithm_enc = SSL_AES128, 1331 .algorithm_mac = SSL_SHA1, 1332 .algorithm_ssl = SSL_TLSV1, 1333 .algo_strength = SSL_HIGH, 1334 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1335 .strength_bits = 128, 1336 .alg_bits = 128, 1337 }, 1338 1339 /* Cipher C019 */ 1340 { 1341 .valid = 1, 1342 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1343 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1344 .algorithm_mkey = SSL_kECDHE, 1345 .algorithm_auth = SSL_aNULL, 1346 .algorithm_enc = SSL_AES256, 1347 .algorithm_mac = SSL_SHA1, 1348 .algorithm_ssl = SSL_TLSV1, 1349 .algo_strength = SSL_HIGH, 1350 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1351 .strength_bits = 256, 1352 .alg_bits = 256, 1353 }, 1354 1355 1356 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 1357 1358 /* Cipher C023 */ 1359 { 1360 .valid = 1, 1361 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1362 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1363 .algorithm_mkey = SSL_kECDHE, 1364 .algorithm_auth = SSL_aECDSA, 1365 .algorithm_enc = SSL_AES128, 1366 .algorithm_mac = SSL_SHA256, 1367 .algorithm_ssl = SSL_TLSV1_2, 1368 .algo_strength = SSL_HIGH, 1369 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1370 .strength_bits = 128, 1371 .alg_bits = 128, 1372 }, 1373 1374 /* Cipher C024 */ 1375 { 1376 .valid = 1, 1377 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1378 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1379 .algorithm_mkey = SSL_kECDHE, 1380 .algorithm_auth = SSL_aECDSA, 1381 .algorithm_enc = SSL_AES256, 1382 .algorithm_mac = SSL_SHA384, 1383 .algorithm_ssl = SSL_TLSV1_2, 1384 .algo_strength = SSL_HIGH, 1385 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1386 .strength_bits = 256, 1387 .alg_bits = 256, 1388 }, 1389 1390 /* Cipher C027 */ 1391 { 1392 .valid = 1, 1393 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1394 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1395 .algorithm_mkey = SSL_kECDHE, 1396 .algorithm_auth = SSL_aRSA, 1397 .algorithm_enc = SSL_AES128, 1398 .algorithm_mac = SSL_SHA256, 1399 .algorithm_ssl = SSL_TLSV1_2, 1400 .algo_strength = SSL_HIGH, 1401 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1402 .strength_bits = 128, 1403 .alg_bits = 128, 1404 }, 1405 1406 /* Cipher C028 */ 1407 { 1408 .valid = 1, 1409 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1410 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 1411 .algorithm_mkey = SSL_kECDHE, 1412 .algorithm_auth = SSL_aRSA, 1413 .algorithm_enc = SSL_AES256, 1414 .algorithm_mac = SSL_SHA384, 1415 .algorithm_ssl = SSL_TLSV1_2, 1416 .algo_strength = SSL_HIGH, 1417 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1418 .strength_bits = 256, 1419 .alg_bits = 256, 1420 }, 1421 1422 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 1423 1424 /* Cipher C02B */ 1425 { 1426 .valid = 1, 1427 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1428 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1429 .algorithm_mkey = SSL_kECDHE, 1430 .algorithm_auth = SSL_aECDSA, 1431 .algorithm_enc = SSL_AES128GCM, 1432 .algorithm_mac = SSL_AEAD, 1433 .algorithm_ssl = SSL_TLSV1_2, 1434 .algo_strength = SSL_HIGH, 1435 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1436 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1437 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1438 .strength_bits = 128, 1439 .alg_bits = 128, 1440 }, 1441 1442 /* Cipher C02C */ 1443 { 1444 .valid = 1, 1445 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1446 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1447 .algorithm_mkey = SSL_kECDHE, 1448 .algorithm_auth = SSL_aECDSA, 1449 .algorithm_enc = SSL_AES256GCM, 1450 .algorithm_mac = SSL_AEAD, 1451 .algorithm_ssl = SSL_TLSV1_2, 1452 .algo_strength = SSL_HIGH, 1453 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1454 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1455 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1456 .strength_bits = 256, 1457 .alg_bits = 256, 1458 }, 1459 1460 /* Cipher C02F */ 1461 { 1462 .valid = 1, 1463 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1464 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1465 .algorithm_mkey = SSL_kECDHE, 1466 .algorithm_auth = SSL_aRSA, 1467 .algorithm_enc = SSL_AES128GCM, 1468 .algorithm_mac = SSL_AEAD, 1469 .algorithm_ssl = SSL_TLSV1_2, 1470 .algo_strength = SSL_HIGH, 1471 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1472 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1473 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1474 .strength_bits = 128, 1475 .alg_bits = 128, 1476 }, 1477 1478 /* Cipher C030 */ 1479 { 1480 .valid = 1, 1481 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1482 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1483 .algorithm_mkey = SSL_kECDHE, 1484 .algorithm_auth = SSL_aRSA, 1485 .algorithm_enc = SSL_AES256GCM, 1486 .algorithm_mac = SSL_AEAD, 1487 .algorithm_ssl = SSL_TLSV1_2, 1488 .algo_strength = SSL_HIGH, 1489 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1490 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1491 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1492 .strength_bits = 256, 1493 .alg_bits = 256, 1494 }, 1495 1496 /* Cipher CC13 */ 1497 { 1498 .valid = 1, 1499 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD, 1500 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 1501 .algorithm_mkey = SSL_kECDHE, 1502 .algorithm_auth = SSL_aRSA, 1503 .algorithm_enc = SSL_CHACHA20POLY1305_OLD, 1504 .algorithm_mac = SSL_AEAD, 1505 .algorithm_ssl = SSL_TLSV1_2, 1506 .algo_strength = SSL_HIGH, 1507 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1508 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1509 .strength_bits = 256, 1510 .alg_bits = 256, 1511 }, 1512 1513 /* Cipher CC14 */ 1514 { 1515 .valid = 1, 1516 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD, 1517 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1518 .algorithm_mkey = SSL_kECDHE, 1519 .algorithm_auth = SSL_aECDSA, 1520 .algorithm_enc = SSL_CHACHA20POLY1305_OLD, 1521 .algorithm_mac = SSL_AEAD, 1522 .algorithm_ssl = SSL_TLSV1_2, 1523 .algo_strength = SSL_HIGH, 1524 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1525 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1526 .strength_bits = 256, 1527 .alg_bits = 256, 1528 }, 1529 1530 /* Cipher CC15 */ 1531 { 1532 .valid = 1, 1533 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD, 1534 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD, 1535 .algorithm_mkey = SSL_kDHE, 1536 .algorithm_auth = SSL_aRSA, 1537 .algorithm_enc = SSL_CHACHA20POLY1305_OLD, 1538 .algorithm_mac = SSL_AEAD, 1539 .algorithm_ssl = SSL_TLSV1_2, 1540 .algo_strength = SSL_HIGH, 1541 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1542 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1543 .strength_bits = 256, 1544 .alg_bits = 256, 1545 }, 1546 1547 /* Cipher CCA8 */ 1548 { 1549 .valid = 1, 1550 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 1551 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 1552 .algorithm_mkey = SSL_kECDHE, 1553 .algorithm_auth = SSL_aRSA, 1554 .algorithm_enc = SSL_CHACHA20POLY1305, 1555 .algorithm_mac = SSL_AEAD, 1556 .algorithm_ssl = SSL_TLSV1_2, 1557 .algo_strength = SSL_HIGH, 1558 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1559 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), 1560 .strength_bits = 256, 1561 .alg_bits = 256, 1562 }, 1563 1564 /* Cipher CCA9 */ 1565 { 1566 .valid = 1, 1567 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 1568 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 1569 .algorithm_mkey = SSL_kECDHE, 1570 .algorithm_auth = SSL_aECDSA, 1571 .algorithm_enc = SSL_CHACHA20POLY1305, 1572 .algorithm_mac = SSL_AEAD, 1573 .algorithm_ssl = SSL_TLSV1_2, 1574 .algo_strength = SSL_HIGH, 1575 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1576 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), 1577 .strength_bits = 256, 1578 .alg_bits = 256, 1579 }, 1580 1581 /* Cipher CCAA */ 1582 { 1583 .valid = 1, 1584 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 1585 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, 1586 .algorithm_mkey = SSL_kDHE, 1587 .algorithm_auth = SSL_aRSA, 1588 .algorithm_enc = SSL_CHACHA20POLY1305, 1589 .algorithm_mac = SSL_AEAD, 1590 .algorithm_ssl = SSL_TLSV1_2, 1591 .algo_strength = SSL_HIGH, 1592 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1593 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), 1594 .strength_bits = 256, 1595 .alg_bits = 256, 1596 }, 1597 1598 /* Cipher FF85 FIXME IANA */ 1599 { 1600 .valid = 1, 1601 .name = "GOST2012256-GOST89-GOST89", 1602 .id = 0x300ff85, /* FIXME IANA */ 1603 .algorithm_mkey = SSL_kGOST, 1604 .algorithm_auth = SSL_aGOST01, 1605 .algorithm_enc = SSL_eGOST2814789CNT, 1606 .algorithm_mac = SSL_GOST89MAC, 1607 .algorithm_ssl = SSL_TLSV1, 1608 .algo_strength = SSL_HIGH, 1609 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| 1610 TLS1_STREAM_MAC, 1611 .strength_bits = 256, 1612 .alg_bits = 256 1613 }, 1614 1615 /* Cipher FF87 FIXME IANA */ 1616 { 1617 .valid = 1, 1618 .name = "GOST2012256-NULL-STREEBOG256", 1619 .id = 0x300ff87, /* FIXME IANA */ 1620 .algorithm_mkey = SSL_kGOST, 1621 .algorithm_auth = SSL_aGOST01, 1622 .algorithm_enc = SSL_eNULL, 1623 .algorithm_mac = SSL_STREEBOG256, 1624 .algorithm_ssl = SSL_TLSV1, 1625 .algo_strength = SSL_STRONG_NONE, 1626 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, 1627 .strength_bits = 0, 1628 .alg_bits = 0 1629 }, 1630 1631 1632 /* end of list */ 1633 }; 1634 1635 int 1636 ssl3_num_ciphers(void) 1637 { 1638 return (SSL3_NUM_CIPHERS); 1639 } 1640 1641 const SSL_CIPHER * 1642 ssl3_get_cipher(unsigned int u) 1643 { 1644 if (u < SSL3_NUM_CIPHERS) 1645 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); 1646 else 1647 return (NULL); 1648 } 1649 1650 const SSL_CIPHER * 1651 ssl3_get_cipher_by_id(unsigned int id) 1652 { 1653 const SSL_CIPHER *cp; 1654 SSL_CIPHER c; 1655 1656 c.id = id; 1657 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 1658 if (cp != NULL && cp->valid == 1) 1659 return (cp); 1660 1661 return (NULL); 1662 } 1663 1664 const SSL_CIPHER * 1665 ssl3_get_cipher_by_value(uint16_t value) 1666 { 1667 return ssl3_get_cipher_by_id(SSL3_CK_ID | value); 1668 } 1669 1670 uint16_t 1671 ssl3_cipher_get_value(const SSL_CIPHER *c) 1672 { 1673 return (c->id & SSL3_CK_VALUE_MASK); 1674 } 1675 1676 int 1677 ssl3_pending(const SSL *s) 1678 { 1679 if (s->rstate == SSL_ST_READ_BODY) 1680 return 0; 1681 1682 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? 1683 s->s3->rrec.length : 0; 1684 } 1685 1686 int 1687 ssl3_handshake_msg_hdr_len(SSL *s) 1688 { 1689 return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : 1690 SSL3_HM_HEADER_LENGTH); 1691 } 1692 1693 unsigned char * 1694 ssl3_handshake_msg_start(SSL *s, uint8_t msg_type) 1695 { 1696 unsigned char *d, *p; 1697 1698 d = p = (unsigned char *)s->init_buf->data; 1699 1700 /* Handshake message type and length. */ 1701 *(p++) = msg_type; 1702 l2n3(0, p); 1703 1704 return (d + ssl3_handshake_msg_hdr_len(s)); 1705 } 1706 1707 void 1708 ssl3_handshake_msg_finish(SSL *s, unsigned int len) 1709 { 1710 unsigned char *d, *p; 1711 uint8_t msg_type; 1712 1713 d = p = (unsigned char *)s->init_buf->data; 1714 1715 /* Handshake message length. */ 1716 msg_type = *(p++); 1717 l2n3(len, p); 1718 1719 s->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len; 1720 s->init_off = 0; 1721 1722 if (SSL_IS_DTLS(s)) { 1723 dtls1_set_message_header(s, d, msg_type, len, 0, len); 1724 dtls1_buffer_message(s, 0); 1725 } 1726 } 1727 1728 int 1729 ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body, 1730 uint8_t msg_type) 1731 { 1732 int ret = 0; 1733 1734 if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH)) 1735 goto err; 1736 if (!CBB_add_u8(handshake, msg_type)) 1737 goto err; 1738 if (SSL_IS_DTLS(s)) { 1739 unsigned char *data; 1740 1741 if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH - 1742 SSL3_HM_HEADER_LENGTH)) 1743 goto err; 1744 } 1745 if (!CBB_add_u24_length_prefixed(handshake, body)) 1746 goto err; 1747 1748 ret = 1; 1749 1750 err: 1751 return (ret); 1752 } 1753 1754 int 1755 ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake) 1756 { 1757 unsigned char *data = NULL; 1758 size_t outlen; 1759 int ret = 0; 1760 1761 if (!CBB_finish(handshake, &data, &outlen)) 1762 goto err; 1763 1764 if (outlen > INT_MAX) 1765 goto err; 1766 1767 if (!BUF_MEM_grow_clean(s->init_buf, outlen)) 1768 goto err; 1769 1770 memcpy(s->init_buf->data, data, outlen); 1771 1772 s->init_num = (int)outlen; 1773 s->init_off = 0; 1774 1775 if (SSL_IS_DTLS(s)) { 1776 unsigned long len; 1777 uint8_t msg_type; 1778 CBS cbs; 1779 1780 CBS_init(&cbs, data, outlen); 1781 if (!CBS_get_u8(&cbs, &msg_type)) 1782 goto err; 1783 1784 len = outlen - ssl3_handshake_msg_hdr_len(s); 1785 1786 dtls1_set_message_header(s, data, msg_type, len, 0, len); 1787 dtls1_buffer_message(s, 0); 1788 } 1789 1790 ret = 1; 1791 1792 err: 1793 free(data); 1794 1795 return (ret); 1796 } 1797 1798 int 1799 ssl3_handshake_write(SSL *s) 1800 { 1801 if (SSL_IS_DTLS(s)) 1802 return dtls1_do_write(s, SSL3_RT_HANDSHAKE); 1803 1804 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 1805 } 1806 1807 int 1808 ssl3_new(SSL *s) 1809 { 1810 SSL3_STATE *s3; 1811 1812 if ((s3 = calloc(1, sizeof *s3)) == NULL) 1813 goto err; 1814 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 1815 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 1816 1817 s->s3 = s3; 1818 1819 s->method->ssl_clear(s); 1820 return (1); 1821 err: 1822 return (0); 1823 } 1824 1825 void 1826 ssl3_free(SSL *s) 1827 { 1828 if (s == NULL) 1829 return; 1830 1831 tls1_cleanup_key_block(s); 1832 ssl3_release_read_buffer(s); 1833 ssl3_release_write_buffer(s); 1834 1835 DH_free(s->s3->tmp.dh); 1836 EC_KEY_free(s->s3->tmp.ecdh); 1837 1838 if (s->s3->tmp.ca_names != NULL) 1839 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 1840 BIO_free(s->s3->handshake_buffer); 1841 tls1_free_digest_list(s); 1842 free(s->s3->alpn_selected); 1843 1844 explicit_bzero(s->s3, sizeof *s->s3); 1845 free(s->s3); 1846 s->s3 = NULL; 1847 } 1848 1849 void 1850 ssl3_clear(SSL *s) 1851 { 1852 unsigned char *rp, *wp; 1853 size_t rlen, wlen; 1854 1855 tls1_cleanup_key_block(s); 1856 if (s->s3->tmp.ca_names != NULL) 1857 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 1858 1859 DH_free(s->s3->tmp.dh); 1860 s->s3->tmp.dh = NULL; 1861 EC_KEY_free(s->s3->tmp.ecdh); 1862 s->s3->tmp.ecdh = NULL; 1863 1864 rp = s->s3->rbuf.buf; 1865 wp = s->s3->wbuf.buf; 1866 rlen = s->s3->rbuf.len; 1867 wlen = s->s3->wbuf.len; 1868 1869 BIO_free(s->s3->handshake_buffer); 1870 s->s3->handshake_buffer = NULL; 1871 1872 tls1_free_digest_list(s); 1873 1874 free(s->s3->alpn_selected); 1875 s->s3->alpn_selected = NULL; 1876 1877 memset(s->s3, 0, sizeof *s->s3); 1878 s->s3->rbuf.buf = rp; 1879 s->s3->wbuf.buf = wp; 1880 s->s3->rbuf.len = rlen; 1881 s->s3->wbuf.len = wlen; 1882 1883 ssl_free_wbio_buffer(s); 1884 1885 s->packet_length = 0; 1886 s->s3->renegotiate = 0; 1887 s->s3->total_renegotiations = 0; 1888 s->s3->num_renegotiations = 0; 1889 s->s3->in_read_app_data = 0; 1890 s->version = TLS1_VERSION; 1891 1892 free(s->next_proto_negotiated); 1893 s->next_proto_negotiated = NULL; 1894 s->next_proto_negotiated_len = 0; 1895 } 1896 1897 1898 long 1899 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 1900 { 1901 int ret = 0; 1902 1903 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 1904 if (!ssl_cert_inst(&s->cert)) { 1905 SSLerr(SSL_F_SSL3_CTRL, 1906 ERR_R_MALLOC_FAILURE); 1907 return (0); 1908 } 1909 } 1910 1911 switch (cmd) { 1912 case SSL_CTRL_GET_SESSION_REUSED: 1913 ret = s->hit; 1914 break; 1915 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 1916 break; 1917 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 1918 ret = s->s3->num_renegotiations; 1919 break; 1920 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 1921 ret = s->s3->num_renegotiations; 1922 s->s3->num_renegotiations = 0; 1923 break; 1924 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 1925 ret = s->s3->total_renegotiations; 1926 break; 1927 case SSL_CTRL_GET_FLAGS: 1928 ret = (int)(s->s3->flags); 1929 break; 1930 case SSL_CTRL_NEED_TMP_RSA: 1931 ret = 0; 1932 break; 1933 case SSL_CTRL_SET_TMP_RSA: 1934 case SSL_CTRL_SET_TMP_RSA_CB: 1935 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1936 break; 1937 case SSL_CTRL_SET_TMP_DH: 1938 { 1939 DH *dh = (DH *)parg; 1940 if (dh == NULL) { 1941 SSLerr(SSL_F_SSL3_CTRL, 1942 ERR_R_PASSED_NULL_PARAMETER); 1943 return (ret); 1944 } 1945 if ((dh = DHparams_dup(dh)) == NULL) { 1946 SSLerr(SSL_F_SSL3_CTRL, 1947 ERR_R_DH_LIB); 1948 return (ret); 1949 } 1950 DH_free(s->cert->dh_tmp); 1951 s->cert->dh_tmp = dh; 1952 ret = 1; 1953 } 1954 break; 1955 1956 case SSL_CTRL_SET_TMP_DH_CB: 1957 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1958 return (ret); 1959 1960 case SSL_CTRL_SET_DH_AUTO: 1961 s->cert->dh_tmp_auto = larg; 1962 return 1; 1963 1964 case SSL_CTRL_SET_TMP_ECDH: 1965 { 1966 EC_KEY *ecdh = NULL; 1967 1968 if (parg == NULL) { 1969 SSLerr(SSL_F_SSL3_CTRL, 1970 ERR_R_PASSED_NULL_PARAMETER); 1971 return (ret); 1972 } 1973 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 1974 SSLerr(SSL_F_SSL3_CTRL, 1975 ERR_R_ECDH_LIB); 1976 return (ret); 1977 } 1978 ecdh = (EC_KEY *)parg; 1979 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 1980 if (!EC_KEY_generate_key(ecdh)) { 1981 EC_KEY_free(ecdh); 1982 SSLerr(SSL_F_SSL3_CTRL, 1983 ERR_R_ECDH_LIB); 1984 return (ret); 1985 } 1986 } 1987 EC_KEY_free(s->cert->ecdh_tmp); 1988 s->cert->ecdh_tmp = ecdh; 1989 ret = 1; 1990 } 1991 break; 1992 case SSL_CTRL_SET_TMP_ECDH_CB: 1993 { 1994 SSLerr(SSL_F_SSL3_CTRL, 1995 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1996 return (ret); 1997 } 1998 break; 1999 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2000 if (larg == TLSEXT_NAMETYPE_host_name) { 2001 free(s->tlsext_hostname); 2002 s->tlsext_hostname = NULL; 2003 2004 ret = 1; 2005 if (parg == NULL) 2006 break; 2007 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 2008 SSLerr(SSL_F_SSL3_CTRL, 2009 SSL_R_SSL3_EXT_INVALID_SERVERNAME); 2010 return 0; 2011 } 2012 if ((s->tlsext_hostname = strdup((char *)parg)) 2013 == NULL) { 2014 SSLerr(SSL_F_SSL3_CTRL, 2015 ERR_R_INTERNAL_ERROR); 2016 return 0; 2017 } 2018 } else { 2019 SSLerr(SSL_F_SSL3_CTRL, 2020 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 2021 return 0; 2022 } 2023 break; 2024 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 2025 s->tlsext_debug_arg = parg; 2026 ret = 1; 2027 break; 2028 2029 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2030 s->tlsext_status_type = larg; 2031 ret = 1; 2032 break; 2033 2034 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 2035 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 2036 ret = 1; 2037 break; 2038 2039 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 2040 s->tlsext_ocsp_exts = parg; 2041 ret = 1; 2042 break; 2043 2044 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 2045 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 2046 ret = 1; 2047 break; 2048 2049 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 2050 s->tlsext_ocsp_ids = parg; 2051 ret = 1; 2052 break; 2053 2054 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 2055 *(unsigned char **)parg = s->tlsext_ocsp_resp; 2056 return s->tlsext_ocsp_resplen; 2057 2058 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2059 free(s->tlsext_ocsp_resp); 2060 s->tlsext_ocsp_resp = parg; 2061 s->tlsext_ocsp_resplen = larg; 2062 ret = 1; 2063 break; 2064 2065 case SSL_CTRL_SET_ECDH_AUTO: 2066 s->cert->ecdh_tmp_auto = larg; 2067 ret = 1; 2068 break; 2069 2070 default: 2071 break; 2072 } 2073 return (ret); 2074 } 2075 2076 long 2077 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 2078 { 2079 int ret = 0; 2080 2081 if (cmd == SSL_CTRL_SET_TMP_DH_CB) { 2082 if (!ssl_cert_inst(&s->cert)) { 2083 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, 2084 ERR_R_MALLOC_FAILURE); 2085 return (0); 2086 } 2087 } 2088 2089 switch (cmd) { 2090 case SSL_CTRL_SET_TMP_RSA_CB: 2091 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2092 break; 2093 case SSL_CTRL_SET_TMP_DH_CB: 2094 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2095 break; 2096 case SSL_CTRL_SET_TMP_ECDH_CB: 2097 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2098 break; 2099 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2100 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 2101 unsigned char *, int, void *))fp; 2102 break; 2103 default: 2104 break; 2105 } 2106 return (ret); 2107 } 2108 2109 long 2110 ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 2111 { 2112 CERT *cert; 2113 2114 cert = ctx->cert; 2115 2116 switch (cmd) { 2117 case SSL_CTRL_NEED_TMP_RSA: 2118 return (0); 2119 case SSL_CTRL_SET_TMP_RSA: 2120 case SSL_CTRL_SET_TMP_RSA_CB: 2121 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2122 return (0); 2123 case SSL_CTRL_SET_TMP_DH: 2124 { 2125 DH *new = NULL, *dh; 2126 2127 dh = (DH *)parg; 2128 if ((new = DHparams_dup(dh)) == NULL) { 2129 SSLerr(SSL_F_SSL3_CTX_CTRL, 2130 ERR_R_DH_LIB); 2131 return 0; 2132 } 2133 DH_free(cert->dh_tmp); 2134 cert->dh_tmp = new; 2135 return 1; 2136 } 2137 /*break; */ 2138 2139 case SSL_CTRL_SET_TMP_DH_CB: 2140 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2141 return (0); 2142 2143 case SSL_CTRL_SET_DH_AUTO: 2144 ctx->cert->dh_tmp_auto = larg; 2145 return (1); 2146 2147 case SSL_CTRL_SET_TMP_ECDH: 2148 { 2149 EC_KEY *ecdh = NULL; 2150 2151 if (parg == NULL) { 2152 SSLerr(SSL_F_SSL3_CTX_CTRL, 2153 ERR_R_ECDH_LIB); 2154 return 0; 2155 } 2156 ecdh = EC_KEY_dup((EC_KEY *)parg); 2157 if (ecdh == NULL) { 2158 SSLerr(SSL_F_SSL3_CTX_CTRL, 2159 ERR_R_EC_LIB); 2160 return 0; 2161 } 2162 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 2163 if (!EC_KEY_generate_key(ecdh)) { 2164 EC_KEY_free(ecdh); 2165 SSLerr(SSL_F_SSL3_CTX_CTRL, 2166 ERR_R_ECDH_LIB); 2167 return 0; 2168 } 2169 } 2170 2171 EC_KEY_free(cert->ecdh_tmp); 2172 cert->ecdh_tmp = ecdh; 2173 return 1; 2174 } 2175 /* break; */ 2176 case SSL_CTRL_SET_TMP_ECDH_CB: 2177 { 2178 SSLerr(SSL_F_SSL3_CTX_CTRL, 2179 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2180 return (0); 2181 } 2182 break; 2183 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2184 ctx->tlsext_servername_arg = parg; 2185 break; 2186 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 2187 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 2188 { 2189 unsigned char *keys = parg; 2190 if (!keys) 2191 return 48; 2192 if (larg != 48) { 2193 SSLerr(SSL_F_SSL3_CTX_CTRL, 2194 SSL_R_INVALID_TICKET_KEYS_LENGTH); 2195 return 0; 2196 } 2197 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 2198 memcpy(ctx->tlsext_tick_key_name, keys, 16); 2199 memcpy(ctx->tlsext_tick_hmac_key, 2200 keys + 16, 16); 2201 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 2202 } else { 2203 memcpy(keys, ctx->tlsext_tick_key_name, 16); 2204 memcpy(keys + 16, 2205 ctx->tlsext_tick_hmac_key, 16); 2206 memcpy(keys + 32, 2207 ctx->tlsext_tick_aes_key, 16); 2208 } 2209 return 1; 2210 } 2211 2212 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2213 ctx->tlsext_status_arg = parg; 2214 return 1; 2215 break; 2216 2217 case SSL_CTRL_SET_ECDH_AUTO: 2218 ctx->cert->ecdh_tmp_auto = larg; 2219 return 1; 2220 2221 /* A Thawte special :-) */ 2222 case SSL_CTRL_EXTRA_CHAIN_CERT: 2223 if (ctx->extra_certs == NULL) { 2224 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) 2225 return (0); 2226 } 2227 sk_X509_push(ctx->extra_certs,(X509 *)parg); 2228 break; 2229 2230 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 2231 *(STACK_OF(X509) **)parg = ctx->extra_certs; 2232 break; 2233 2234 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 2235 if (ctx->extra_certs) { 2236 sk_X509_pop_free(ctx->extra_certs, X509_free); 2237 ctx->extra_certs = NULL; 2238 } 2239 break; 2240 2241 default: 2242 return (0); 2243 } 2244 return (1); 2245 } 2246 2247 long 2248 ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 2249 { 2250 CERT *cert; 2251 2252 cert = ctx->cert; 2253 2254 switch (cmd) { 2255 case SSL_CTRL_SET_TMP_RSA_CB: 2256 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2257 return (0); 2258 case SSL_CTRL_SET_TMP_DH_CB: 2259 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2260 break; 2261 case SSL_CTRL_SET_TMP_ECDH_CB: 2262 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2263 break; 2264 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2265 ctx->tlsext_servername_callback = 2266 (int (*)(SSL *, int *, void *))fp; 2267 break; 2268 2269 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2270 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2271 break; 2272 2273 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 2274 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 2275 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2276 break; 2277 2278 default: 2279 return (0); 2280 } 2281 return (1); 2282 } 2283 2284 /* 2285 * This function needs to check if the ciphers required are actually available. 2286 */ 2287 const SSL_CIPHER * 2288 ssl3_get_cipher_by_char(const unsigned char *p) 2289 { 2290 CBS cipher; 2291 uint16_t cipher_value; 2292 2293 /* We have to assume it is at least 2 bytes due to existing API. */ 2294 CBS_init(&cipher, p, 2); 2295 if (!CBS_get_u16(&cipher, &cipher_value)) 2296 return NULL; 2297 2298 return ssl3_get_cipher_by_value(cipher_value); 2299 } 2300 2301 int 2302 ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 2303 { 2304 if (p != NULL) { 2305 if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) 2306 return (0); 2307 s2n(ssl3_cipher_get_value(c), p); 2308 } 2309 return (2); 2310 } 2311 2312 SSL_CIPHER * 2313 ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 2314 STACK_OF(SSL_CIPHER) *srvr) 2315 { 2316 unsigned long alg_k, alg_a, mask_k, mask_a; 2317 STACK_OF(SSL_CIPHER) *prio, *allow; 2318 SSL_CIPHER *c, *ret = NULL; 2319 int i, ii, ok; 2320 CERT *cert; 2321 2322 /* Let's see which ciphers we can support */ 2323 cert = s->cert; 2324 2325 /* 2326 * Do not set the compare functions, because this may lead to a 2327 * reordering by "id". We want to keep the original ordering. 2328 * We may pay a price in performance during sk_SSL_CIPHER_find(), 2329 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 2330 */ 2331 2332 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 2333 prio = srvr; 2334 allow = clnt; 2335 } else { 2336 prio = clnt; 2337 allow = srvr; 2338 } 2339 2340 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 2341 c = sk_SSL_CIPHER_value(prio, i); 2342 2343 /* Skip TLS v1.2 only ciphersuites if not supported. */ 2344 if ((c->algorithm_ssl & SSL_TLSV1_2) && 2345 !SSL_USE_TLS1_2_CIPHERS(s)) 2346 continue; 2347 2348 ssl_set_cert_masks(cert, c); 2349 mask_k = cert->mask_k; 2350 mask_a = cert->mask_a; 2351 2352 alg_k = c->algorithm_mkey; 2353 alg_a = c->algorithm_auth; 2354 2355 2356 ok = (alg_k & mask_k) && (alg_a & mask_a); 2357 2358 /* 2359 * If we are considering an ECC cipher suite that uses our 2360 * certificate check it. 2361 */ 2362 if (alg_a & SSL_aECDSA) 2363 ok = ok && tls1_check_ec_server_key(s); 2364 /* 2365 * If we are considering an ECC cipher suite that uses 2366 * an ephemeral EC key check it. 2367 */ 2368 if (alg_k & SSL_kECDHE) 2369 ok = ok && tls1_check_ec_tmp_key(s); 2370 2371 if (!ok) 2372 continue; 2373 ii = sk_SSL_CIPHER_find(allow, c); 2374 if (ii >= 0) { 2375 ret = sk_SSL_CIPHER_value(allow, ii); 2376 break; 2377 } 2378 } 2379 return (ret); 2380 } 2381 2382 int 2383 ssl3_get_req_cert_type(SSL *s, unsigned char *p) 2384 { 2385 int ret = 0; 2386 unsigned long alg_k; 2387 2388 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2389 2390 #ifndef OPENSSL_NO_GOST 2391 if ((alg_k & SSL_kGOST)) { 2392 p[ret++] = TLS_CT_GOST94_SIGN; 2393 p[ret++] = TLS_CT_GOST01_SIGN; 2394 p[ret++] = TLS_CT_GOST12_256_SIGN; 2395 p[ret++] = TLS_CT_GOST12_512_SIGN; 2396 } 2397 #endif 2398 2399 if (alg_k & SSL_kDHE) { 2400 p[ret++] = SSL3_CT_RSA_FIXED_DH; 2401 p[ret++] = SSL3_CT_DSS_FIXED_DH; 2402 } 2403 p[ret++] = SSL3_CT_RSA_SIGN; 2404 p[ret++] = SSL3_CT_DSS_SIGN; 2405 2406 /* 2407 * ECDSA certs can be used with RSA cipher suites as well 2408 * so we don't need to check for SSL_kECDH or SSL_kECDHE. 2409 */ 2410 p[ret++] = TLS_CT_ECDSA_SIGN; 2411 2412 return (ret); 2413 } 2414 2415 int 2416 ssl3_shutdown(SSL *s) 2417 { 2418 int ret; 2419 2420 /* 2421 * Don't do anything much if we have not done the handshake or 2422 * we don't want to send messages :-) 2423 */ 2424 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 2425 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2426 return (1); 2427 } 2428 2429 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { 2430 s->shutdown|=SSL_SENT_SHUTDOWN; 2431 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 2432 /* 2433 * Our shutdown alert has been sent now, and if it still needs 2434 * to be written, s->s3->alert_dispatch will be true 2435 */ 2436 if (s->s3->alert_dispatch) 2437 return(-1); /* return WANT_WRITE */ 2438 } else if (s->s3->alert_dispatch) { 2439 /* resend it if not sent */ 2440 ret = s->method->ssl_dispatch_alert(s); 2441 if (ret == -1) { 2442 /* 2443 * We only get to return -1 here the 2nd/Nth 2444 * invocation, we must have already signalled 2445 * return 0 upon a previous invoation, 2446 * return WANT_WRITE 2447 */ 2448 return (ret); 2449 } 2450 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2451 /* If we are waiting for a close from our peer, we are closed */ 2452 s->method->ssl_read_bytes(s, 0, NULL, 0, 0); 2453 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2454 return(-1); /* return WANT_READ */ 2455 } 2456 } 2457 2458 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2459 !s->s3->alert_dispatch) 2460 return (1); 2461 else 2462 return (0); 2463 } 2464 2465 int 2466 ssl3_write(SSL *s, const void *buf, int len) 2467 { 2468 int ret, n; 2469 2470 #if 0 2471 if (s->shutdown & SSL_SEND_SHUTDOWN) { 2472 s->rwstate = SSL_NOTHING; 2473 return (0); 2474 } 2475 #endif 2476 errno = 0; 2477 if (s->s3->renegotiate) 2478 ssl3_renegotiate_check(s); 2479 2480 /* 2481 * This is an experimental flag that sends the 2482 * last handshake message in the same packet as the first 2483 * use data - used to see if it helps the TCP protocol during 2484 * session-id reuse 2485 */ 2486 /* The second test is because the buffer may have been removed */ 2487 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 2488 /* First time through, we write into the buffer */ 2489 if (s->s3->delay_buf_pop_ret == 0) { 2490 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2491 buf, len); 2492 if (ret <= 0) 2493 return (ret); 2494 2495 s->s3->delay_buf_pop_ret = ret; 2496 } 2497 2498 s->rwstate = SSL_WRITING; 2499 n = BIO_flush(s->wbio); 2500 if (n <= 0) 2501 return (n); 2502 s->rwstate = SSL_NOTHING; 2503 2504 /* We have flushed the buffer, so remove it */ 2505 ssl_free_wbio_buffer(s); 2506 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 2507 2508 ret = s->s3->delay_buf_pop_ret; 2509 s->s3->delay_buf_pop_ret = 0; 2510 } else { 2511 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2512 buf, len); 2513 if (ret <= 0) 2514 return (ret); 2515 } 2516 2517 return (ret); 2518 } 2519 2520 static int 2521 ssl3_read_internal(SSL *s, void *buf, int len, int peek) 2522 { 2523 int ret; 2524 2525 errno = 0; 2526 if (s->s3->renegotiate) 2527 ssl3_renegotiate_check(s); 2528 s->s3->in_read_app_data = 1; 2529 ret = s->method->ssl_read_bytes(s, 2530 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2531 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 2532 /* 2533 * ssl3_read_bytes decided to call s->handshake_func, which 2534 * called ssl3_read_bytes to read handshake data. 2535 * However, ssl3_read_bytes actually found application data 2536 * and thinks that application data makes sense here; so disable 2537 * handshake processing and try to read application data again. 2538 */ 2539 s->in_handshake++; 2540 ret = s->method->ssl_read_bytes(s, 2541 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2542 s->in_handshake--; 2543 } else 2544 s->s3->in_read_app_data = 0; 2545 2546 return (ret); 2547 } 2548 2549 int 2550 ssl3_read(SSL *s, void *buf, int len) 2551 { 2552 return ssl3_read_internal(s, buf, len, 0); 2553 } 2554 2555 int 2556 ssl3_peek(SSL *s, void *buf, int len) 2557 { 2558 return ssl3_read_internal(s, buf, len, 1); 2559 } 2560 2561 int 2562 ssl3_renegotiate(SSL *s) 2563 { 2564 if (s->handshake_func == NULL) 2565 return (1); 2566 2567 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 2568 return (0); 2569 2570 s->s3->renegotiate = 1; 2571 return (1); 2572 } 2573 2574 int 2575 ssl3_renegotiate_check(SSL *s) 2576 { 2577 int ret = 0; 2578 2579 if (s->s3->renegotiate) { 2580 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 2581 !SSL_in_init(s)) { 2582 /* 2583 * If we are the server, and we have sent 2584 * a 'RENEGOTIATE' message, we need to go 2585 * to SSL_ST_ACCEPT. 2586 */ 2587 /* SSL_ST_ACCEPT */ 2588 s->state = SSL_ST_RENEGOTIATE; 2589 s->s3->renegotiate = 0; 2590 s->s3->num_renegotiations++; 2591 s->s3->total_renegotiations++; 2592 ret = 1; 2593 } 2594 } 2595 return (ret); 2596 } 2597 /* 2598 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF 2599 * and handshake macs if required. 2600 */ 2601 long 2602 ssl_get_algorithm2(SSL *s) 2603 { 2604 long alg2 = s->s3->tmp.new_cipher->algorithm2; 2605 2606 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && 2607 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 2608 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 2609 return alg2; 2610 } 2611