1 /* ssl/s3_lib.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * 114 * Portions of the attached software ("Contribution") are developed by 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 * 117 * The Contribution is licensed pursuant to the OpenSSL open source 118 * license provided above. 119 * 120 * ECC cipher suite support in OpenSSL originally written by 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 * 123 */ 124 /* ==================================================================== 125 * Copyright 2005 Nokia. All rights reserved. 126 * 127 * The portions of the attached software ("Contribution") is developed by 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 * license. 130 * 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 * support (see RFC 4279) to OpenSSL. 134 * 135 * No patent licenses or other rights except those expressly stated in 136 * the OpenSSL open source license shall be deemed granted or received 137 * expressly, by implication, estoppel, or otherwise. 138 * 139 * No assurances are provided by Nokia that the Contribution does not 140 * infringe the patent or other intellectual property rights of any third 141 * party or that the license provides you with all the necessary rights 142 * to make use of the Contribution. 143 * 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 * OTHERWISE. 149 */ 150 151 #include <stdio.h> 152 #include <openssl/objects.h> 153 #include "ssl_locl.h" 154 #include "kssl_lcl.h" 155 #ifndef OPENSSL_NO_TLSEXT 156 #ifndef OPENSSL_NO_EC 157 #include "../crypto/ec/ec_lcl.h" 158 #endif /* OPENSSL_NO_EC */ 159 #endif /* OPENSSL_NO_TLSEXT */ 160 #include <openssl/md5.h> 161 #ifndef OPENSSL_NO_DH 162 #include <openssl/dh.h> 163 #endif 164 165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 166 167 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) 168 169 /* list of available SSLv3 ciphers (sorted by id) */ 170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 171 172 /* The RSA ciphers */ 173 /* Cipher 01 */ 174 { 175 1, 176 SSL3_TXT_RSA_NULL_MD5, 177 SSL3_CK_RSA_NULL_MD5, 178 SSL_kRSA, 179 SSL_aRSA, 180 SSL_eNULL, 181 SSL_MD5, 182 SSL_SSLV3, 183 SSL_NOT_EXP|SSL_STRONG_NONE, 184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 185 0, 186 0, 187 }, 188 189 /* Cipher 02 */ 190 { 191 1, 192 SSL3_TXT_RSA_NULL_SHA, 193 SSL3_CK_RSA_NULL_SHA, 194 SSL_kRSA, 195 SSL_aRSA, 196 SSL_eNULL, 197 SSL_SHA1, 198 SSL_SSLV3, 199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 201 0, 202 0, 203 }, 204 205 /* Cipher 03 */ 206 { 207 1, 208 SSL3_TXT_RSA_RC4_40_MD5, 209 SSL3_CK_RSA_RC4_40_MD5, 210 SSL_kRSA, 211 SSL_aRSA, 212 SSL_RC4, 213 SSL_MD5, 214 SSL_SSLV3, 215 SSL_EXPORT|SSL_EXP40, 216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 217 40, 218 128, 219 }, 220 221 /* Cipher 04 */ 222 { 223 1, 224 SSL3_TXT_RSA_RC4_128_MD5, 225 SSL3_CK_RSA_RC4_128_MD5, 226 SSL_kRSA, 227 SSL_aRSA, 228 SSL_RC4, 229 SSL_MD5, 230 SSL_SSLV3, 231 SSL_NOT_EXP|SSL_MEDIUM, 232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 233 128, 234 128, 235 }, 236 237 /* Cipher 05 */ 238 { 239 1, 240 SSL3_TXT_RSA_RC4_128_SHA, 241 SSL3_CK_RSA_RC4_128_SHA, 242 SSL_kRSA, 243 SSL_aRSA, 244 SSL_RC4, 245 SSL_SHA1, 246 SSL_SSLV3, 247 SSL_NOT_EXP|SSL_MEDIUM, 248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 249 128, 250 128, 251 }, 252 253 /* Cipher 06 */ 254 { 255 1, 256 SSL3_TXT_RSA_RC2_40_MD5, 257 SSL3_CK_RSA_RC2_40_MD5, 258 SSL_kRSA, 259 SSL_aRSA, 260 SSL_RC2, 261 SSL_MD5, 262 SSL_SSLV3, 263 SSL_EXPORT|SSL_EXP40, 264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 265 40, 266 128, 267 }, 268 269 /* Cipher 07 */ 270 #ifndef OPENSSL_NO_IDEA 271 { 272 1, 273 SSL3_TXT_RSA_IDEA_128_SHA, 274 SSL3_CK_RSA_IDEA_128_SHA, 275 SSL_kRSA, 276 SSL_aRSA, 277 SSL_IDEA, 278 SSL_SHA1, 279 SSL_SSLV3, 280 SSL_NOT_EXP|SSL_MEDIUM, 281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 282 128, 283 128, 284 }, 285 #endif 286 287 /* Cipher 08 */ 288 { 289 1, 290 SSL3_TXT_RSA_DES_40_CBC_SHA, 291 SSL3_CK_RSA_DES_40_CBC_SHA, 292 SSL_kRSA, 293 SSL_aRSA, 294 SSL_DES, 295 SSL_SHA1, 296 SSL_SSLV3, 297 SSL_EXPORT|SSL_EXP40, 298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 299 40, 300 56, 301 }, 302 303 /* Cipher 09 */ 304 { 305 1, 306 SSL3_TXT_RSA_DES_64_CBC_SHA, 307 SSL3_CK_RSA_DES_64_CBC_SHA, 308 SSL_kRSA, 309 SSL_aRSA, 310 SSL_DES, 311 SSL_SHA1, 312 SSL_SSLV3, 313 SSL_NOT_EXP|SSL_LOW, 314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 315 56, 316 56, 317 }, 318 319 /* Cipher 0A */ 320 { 321 1, 322 SSL3_TXT_RSA_DES_192_CBC3_SHA, 323 SSL3_CK_RSA_DES_192_CBC3_SHA, 324 SSL_kRSA, 325 SSL_aRSA, 326 SSL_3DES, 327 SSL_SHA1, 328 SSL_SSLV3, 329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 331 168, 332 168, 333 }, 334 335 /* The DH ciphers */ 336 /* Cipher 0B */ 337 { 338 0, 339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 340 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 341 SSL_kDHd, 342 SSL_aDH, 343 SSL_DES, 344 SSL_SHA1, 345 SSL_SSLV3, 346 SSL_EXPORT|SSL_EXP40, 347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 348 40, 349 56, 350 }, 351 352 /* Cipher 0C */ 353 { 354 0, /* not implemented (non-ephemeral DH) */ 355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 356 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 357 SSL_kDHd, 358 SSL_aDH, 359 SSL_DES, 360 SSL_SHA1, 361 SSL_SSLV3, 362 SSL_NOT_EXP|SSL_LOW, 363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 364 56, 365 56, 366 }, 367 368 /* Cipher 0D */ 369 { 370 0, /* not implemented (non-ephemeral DH) */ 371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 373 SSL_kDHd, 374 SSL_aDH, 375 SSL_3DES, 376 SSL_SHA1, 377 SSL_SSLV3, 378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 380 168, 381 168, 382 }, 383 384 /* Cipher 0E */ 385 { 386 0, /* not implemented (non-ephemeral DH) */ 387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 388 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 389 SSL_kDHr, 390 SSL_aDH, 391 SSL_DES, 392 SSL_SHA1, 393 SSL_SSLV3, 394 SSL_EXPORT|SSL_EXP40, 395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 396 40, 397 56, 398 }, 399 400 /* Cipher 0F */ 401 { 402 0, /* not implemented (non-ephemeral DH) */ 403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 404 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 405 SSL_kDHr, 406 SSL_aDH, 407 SSL_DES, 408 SSL_SHA1, 409 SSL_SSLV3, 410 SSL_NOT_EXP|SSL_LOW, 411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 412 56, 413 56, 414 }, 415 416 /* Cipher 10 */ 417 { 418 0, /* not implemented (non-ephemeral DH) */ 419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 421 SSL_kDHr, 422 SSL_aDH, 423 SSL_3DES, 424 SSL_SHA1, 425 SSL_SSLV3, 426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 428 168, 429 168, 430 }, 431 432 /* The Ephemeral DH ciphers */ 433 /* Cipher 11 */ 434 { 435 1, 436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 438 SSL_kEDH, 439 SSL_aDSS, 440 SSL_DES, 441 SSL_SHA1, 442 SSL_SSLV3, 443 SSL_EXPORT|SSL_EXP40, 444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 445 40, 446 56, 447 }, 448 449 /* Cipher 12 */ 450 { 451 1, 452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 454 SSL_kEDH, 455 SSL_aDSS, 456 SSL_DES, 457 SSL_SHA1, 458 SSL_SSLV3, 459 SSL_NOT_EXP|SSL_LOW, 460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 461 56, 462 56, 463 }, 464 465 /* Cipher 13 */ 466 { 467 1, 468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 470 SSL_kEDH, 471 SSL_aDSS, 472 SSL_3DES, 473 SSL_SHA1, 474 SSL_SSLV3, 475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 477 168, 478 168, 479 }, 480 481 /* Cipher 14 */ 482 { 483 1, 484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 486 SSL_kEDH, 487 SSL_aRSA, 488 SSL_DES, 489 SSL_SHA1, 490 SSL_SSLV3, 491 SSL_EXPORT|SSL_EXP40, 492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 493 40, 494 56, 495 }, 496 497 /* Cipher 15 */ 498 { 499 1, 500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 502 SSL_kEDH, 503 SSL_aRSA, 504 SSL_DES, 505 SSL_SHA1, 506 SSL_SSLV3, 507 SSL_NOT_EXP|SSL_LOW, 508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 509 56, 510 56, 511 }, 512 513 /* Cipher 16 */ 514 { 515 1, 516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 518 SSL_kEDH, 519 SSL_aRSA, 520 SSL_3DES, 521 SSL_SHA1, 522 SSL_SSLV3, 523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 525 168, 526 168, 527 }, 528 529 /* Cipher 17 */ 530 { 531 1, 532 SSL3_TXT_ADH_RC4_40_MD5, 533 SSL3_CK_ADH_RC4_40_MD5, 534 SSL_kEDH, 535 SSL_aNULL, 536 SSL_RC4, 537 SSL_MD5, 538 SSL_SSLV3, 539 SSL_EXPORT|SSL_EXP40, 540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 541 40, 542 128, 543 }, 544 545 /* Cipher 18 */ 546 { 547 1, 548 SSL3_TXT_ADH_RC4_128_MD5, 549 SSL3_CK_ADH_RC4_128_MD5, 550 SSL_kEDH, 551 SSL_aNULL, 552 SSL_RC4, 553 SSL_MD5, 554 SSL_SSLV3, 555 SSL_NOT_EXP|SSL_MEDIUM, 556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 557 128, 558 128, 559 }, 560 561 /* Cipher 19 */ 562 { 563 1, 564 SSL3_TXT_ADH_DES_40_CBC_SHA, 565 SSL3_CK_ADH_DES_40_CBC_SHA, 566 SSL_kEDH, 567 SSL_aNULL, 568 SSL_DES, 569 SSL_SHA1, 570 SSL_SSLV3, 571 SSL_EXPORT|SSL_EXP40, 572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 573 40, 574 128, 575 }, 576 577 /* Cipher 1A */ 578 { 579 1, 580 SSL3_TXT_ADH_DES_64_CBC_SHA, 581 SSL3_CK_ADH_DES_64_CBC_SHA, 582 SSL_kEDH, 583 SSL_aNULL, 584 SSL_DES, 585 SSL_SHA1, 586 SSL_SSLV3, 587 SSL_NOT_EXP|SSL_LOW, 588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 589 56, 590 56, 591 }, 592 593 /* Cipher 1B */ 594 { 595 1, 596 SSL3_TXT_ADH_DES_192_CBC_SHA, 597 SSL3_CK_ADH_DES_192_CBC_SHA, 598 SSL_kEDH, 599 SSL_aNULL, 600 SSL_3DES, 601 SSL_SHA1, 602 SSL_SSLV3, 603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 605 168, 606 168, 607 }, 608 609 /* New AES ciphersuites */ 610 /* Cipher 2F */ 611 { 612 1, 613 TLS1_TXT_RSA_WITH_AES_128_SHA, 614 TLS1_CK_RSA_WITH_AES_128_SHA, 615 SSL_kRSA, 616 SSL_aRSA, 617 SSL_AES128, 618 SSL_SHA1, 619 SSL_TLSV1, 620 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 621 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 622 128, 623 128, 624 }, 625 /* Cipher 30 */ 626 { 627 0, 628 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 629 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 630 SSL_kDHd, 631 SSL_aDH, 632 SSL_AES128, 633 SSL_SHA1, 634 SSL_TLSV1, 635 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 636 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 637 128, 638 128, 639 }, 640 /* Cipher 31 */ 641 { 642 0, 643 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 644 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 645 SSL_kDHr, 646 SSL_aDH, 647 SSL_AES128, 648 SSL_SHA1, 649 SSL_TLSV1, 650 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 651 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 652 128, 653 128, 654 }, 655 /* Cipher 32 */ 656 { 657 1, 658 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 659 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 660 SSL_kEDH, 661 SSL_aDSS, 662 SSL_AES128, 663 SSL_SHA1, 664 SSL_TLSV1, 665 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 666 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 667 128, 668 128, 669 }, 670 /* Cipher 33 */ 671 { 672 1, 673 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 674 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 675 SSL_kEDH, 676 SSL_aRSA, 677 SSL_AES128, 678 SSL_SHA1, 679 SSL_TLSV1, 680 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 681 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 682 128, 683 128, 684 }, 685 /* Cipher 34 */ 686 { 687 1, 688 TLS1_TXT_ADH_WITH_AES_128_SHA, 689 TLS1_CK_ADH_WITH_AES_128_SHA, 690 SSL_kEDH, 691 SSL_aNULL, 692 SSL_AES128, 693 SSL_SHA1, 694 SSL_TLSV1, 695 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 696 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 697 128, 698 128, 699 }, 700 701 /* Cipher 35 */ 702 { 703 1, 704 TLS1_TXT_RSA_WITH_AES_256_SHA, 705 TLS1_CK_RSA_WITH_AES_256_SHA, 706 SSL_kRSA, 707 SSL_aRSA, 708 SSL_AES256, 709 SSL_SHA1, 710 SSL_TLSV1, 711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 712 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 713 256, 714 256, 715 }, 716 /* Cipher 36 */ 717 { 718 0, 719 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 720 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 721 SSL_kDHd, 722 SSL_aDH, 723 SSL_AES256, 724 SSL_SHA1, 725 SSL_TLSV1, 726 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 727 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 728 256, 729 256, 730 }, 731 732 /* Cipher 37 */ 733 { 734 0, /* not implemented (non-ephemeral DH) */ 735 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 736 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 737 SSL_kDHr, 738 SSL_aDH, 739 SSL_AES256, 740 SSL_SHA1, 741 SSL_TLSV1, 742 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 743 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 744 256, 745 256, 746 }, 747 748 /* Cipher 38 */ 749 { 750 1, 751 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 752 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 753 SSL_kEDH, 754 SSL_aDSS, 755 SSL_AES256, 756 SSL_SHA1, 757 SSL_TLSV1, 758 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 759 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 760 256, 761 256, 762 }, 763 764 /* Cipher 39 */ 765 { 766 1, 767 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 768 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 769 SSL_kEDH, 770 SSL_aRSA, 771 SSL_AES256, 772 SSL_SHA1, 773 SSL_TLSV1, 774 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 775 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 776 256, 777 256, 778 }, 779 780 /* Cipher 3A */ 781 { 782 1, 783 TLS1_TXT_ADH_WITH_AES_256_SHA, 784 TLS1_CK_ADH_WITH_AES_256_SHA, 785 SSL_kEDH, 786 SSL_aNULL, 787 SSL_AES256, 788 SSL_SHA1, 789 SSL_TLSV1, 790 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 791 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 792 256, 793 256, 794 }, 795 796 /* TLS v1.2 ciphersuites */ 797 /* Cipher 3B */ 798 { 799 1, 800 TLS1_TXT_RSA_WITH_NULL_SHA256, 801 TLS1_CK_RSA_WITH_NULL_SHA256, 802 SSL_kRSA, 803 SSL_aRSA, 804 SSL_eNULL, 805 SSL_SHA256, 806 SSL_TLSV1_2, 807 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 808 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 809 0, 810 0, 811 }, 812 813 /* Cipher 3C */ 814 { 815 1, 816 TLS1_TXT_RSA_WITH_AES_128_SHA256, 817 TLS1_CK_RSA_WITH_AES_128_SHA256, 818 SSL_kRSA, 819 SSL_aRSA, 820 SSL_AES128, 821 SSL_SHA256, 822 SSL_TLSV1_2, 823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 824 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 825 128, 826 128, 827 }, 828 829 /* Cipher 3D */ 830 { 831 1, 832 TLS1_TXT_RSA_WITH_AES_256_SHA256, 833 TLS1_CK_RSA_WITH_AES_256_SHA256, 834 SSL_kRSA, 835 SSL_aRSA, 836 SSL_AES256, 837 SSL_SHA256, 838 SSL_TLSV1_2, 839 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 840 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 841 256, 842 256, 843 }, 844 845 /* Cipher 3E */ 846 { 847 0, /* not implemented (non-ephemeral DH) */ 848 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 849 TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 850 SSL_kDHd, 851 SSL_aDH, 852 SSL_AES128, 853 SSL_SHA256, 854 SSL_TLSV1_2, 855 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 856 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 857 128, 858 128, 859 }, 860 861 /* Cipher 3F */ 862 { 863 0, /* not implemented (non-ephemeral DH) */ 864 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, 865 TLS1_CK_DH_RSA_WITH_AES_128_SHA256, 866 SSL_kDHr, 867 SSL_aDH, 868 SSL_AES128, 869 SSL_SHA256, 870 SSL_TLSV1_2, 871 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 873 128, 874 128, 875 }, 876 877 /* Cipher 40 */ 878 { 879 1, 880 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 881 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 882 SSL_kEDH, 883 SSL_aDSS, 884 SSL_AES128, 885 SSL_SHA256, 886 SSL_TLSV1_2, 887 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 888 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 889 128, 890 128, 891 }, 892 893 #ifndef OPENSSL_NO_CAMELLIA 894 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 895 896 /* Cipher 41 */ 897 { 898 1, 899 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 900 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 901 SSL_kRSA, 902 SSL_aRSA, 903 SSL_CAMELLIA128, 904 SSL_SHA1, 905 SSL_TLSV1, 906 SSL_NOT_EXP|SSL_HIGH, 907 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 908 128, 909 128, 910 }, 911 912 /* Cipher 42 */ 913 { 914 0, /* not implemented (non-ephemeral DH) */ 915 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 916 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 917 SSL_kDHd, 918 SSL_aDH, 919 SSL_CAMELLIA128, 920 SSL_SHA1, 921 SSL_TLSV1, 922 SSL_NOT_EXP|SSL_HIGH, 923 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 924 128, 925 128, 926 }, 927 928 /* Cipher 43 */ 929 { 930 0, /* not implemented (non-ephemeral DH) */ 931 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 932 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 933 SSL_kDHr, 934 SSL_aDH, 935 SSL_CAMELLIA128, 936 SSL_SHA1, 937 SSL_TLSV1, 938 SSL_NOT_EXP|SSL_HIGH, 939 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 940 128, 941 128, 942 }, 943 944 /* Cipher 44 */ 945 { 946 1, 947 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 948 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 949 SSL_kEDH, 950 SSL_aDSS, 951 SSL_CAMELLIA128, 952 SSL_SHA1, 953 SSL_TLSV1, 954 SSL_NOT_EXP|SSL_HIGH, 955 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 956 128, 957 128, 958 }, 959 960 /* Cipher 45 */ 961 { 962 1, 963 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 964 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 965 SSL_kEDH, 966 SSL_aRSA, 967 SSL_CAMELLIA128, 968 SSL_SHA1, 969 SSL_TLSV1, 970 SSL_NOT_EXP|SSL_HIGH, 971 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 972 128, 973 128, 974 }, 975 976 /* Cipher 46 */ 977 { 978 1, 979 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 980 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 981 SSL_kEDH, 982 SSL_aNULL, 983 SSL_CAMELLIA128, 984 SSL_SHA1, 985 SSL_TLSV1, 986 SSL_NOT_EXP|SSL_HIGH, 987 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 988 128, 989 128, 990 }, 991 #endif /* OPENSSL_NO_CAMELLIA */ 992 993 /* TLS v1.2 ciphersuites */ 994 /* Cipher 67 */ 995 { 996 1, 997 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 998 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 999 SSL_kEDH, 1000 SSL_aRSA, 1001 SSL_AES128, 1002 SSL_SHA256, 1003 SSL_TLSV1_2, 1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1006 128, 1007 128, 1008 }, 1009 1010 /* Cipher 68 */ 1011 { 1012 0, /* not implemented (non-ephemeral DH) */ 1013 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1014 TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1015 SSL_kDHd, 1016 SSL_aDH, 1017 SSL_AES256, 1018 SSL_SHA256, 1019 SSL_TLSV1_2, 1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1022 256, 1023 256, 1024 }, 1025 1026 /* Cipher 69 */ 1027 { 1028 0, /* not implemented (non-ephemeral DH) */ 1029 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, 1030 TLS1_CK_DH_RSA_WITH_AES_256_SHA256, 1031 SSL_kDHr, 1032 SSL_aDH, 1033 SSL_AES256, 1034 SSL_SHA256, 1035 SSL_TLSV1_2, 1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1038 256, 1039 256, 1040 }, 1041 1042 /* Cipher 6A */ 1043 { 1044 1, 1045 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 1046 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 1047 SSL_kEDH, 1048 SSL_aDSS, 1049 SSL_AES256, 1050 SSL_SHA256, 1051 SSL_TLSV1_2, 1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1054 256, 1055 256, 1056 }, 1057 1058 /* Cipher 6B */ 1059 { 1060 1, 1061 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 1062 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 1063 SSL_kEDH, 1064 SSL_aRSA, 1065 SSL_AES256, 1066 SSL_SHA256, 1067 SSL_TLSV1_2, 1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1070 256, 1071 256, 1072 }, 1073 1074 /* Cipher 6C */ 1075 { 1076 1, 1077 TLS1_TXT_ADH_WITH_AES_128_SHA256, 1078 TLS1_CK_ADH_WITH_AES_128_SHA256, 1079 SSL_kEDH, 1080 SSL_aNULL, 1081 SSL_AES128, 1082 SSL_SHA256, 1083 SSL_TLSV1_2, 1084 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1085 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1086 128, 1087 128, 1088 }, 1089 1090 /* Cipher 6D */ 1091 { 1092 1, 1093 TLS1_TXT_ADH_WITH_AES_256_SHA256, 1094 TLS1_CK_ADH_WITH_AES_256_SHA256, 1095 SSL_kEDH, 1096 SSL_aNULL, 1097 SSL_AES256, 1098 SSL_SHA256, 1099 SSL_TLSV1_2, 1100 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1101 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1102 256, 1103 256, 1104 }, 1105 1106 /* GOST Ciphersuites */ 1107 1108 { 1109 1, 1110 "GOST94-GOST89-GOST89", 1111 0x3000080, 1112 SSL_kGOST, 1113 SSL_aGOST94, 1114 SSL_eGOST2814789CNT, 1115 SSL_GOST89MAC, 1116 SSL_TLSV1, 1117 SSL_NOT_EXP|SSL_HIGH, 1118 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1119 256, 1120 256 1121 }, 1122 { 1123 1, 1124 "GOST2001-GOST89-GOST89", 1125 0x3000081, 1126 SSL_kGOST, 1127 SSL_aGOST01, 1128 SSL_eGOST2814789CNT, 1129 SSL_GOST89MAC, 1130 SSL_TLSV1, 1131 SSL_NOT_EXP|SSL_HIGH, 1132 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC, 1133 256, 1134 256 1135 }, 1136 { 1137 1, 1138 "GOST94-NULL-GOST94", 1139 0x3000082, 1140 SSL_kGOST, 1141 SSL_aGOST94, 1142 SSL_eNULL, 1143 SSL_GOST94, 1144 SSL_TLSV1, 1145 SSL_NOT_EXP|SSL_STRONG_NONE, 1146 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1147 0, 1148 0 1149 }, 1150 { 1151 1, 1152 "GOST2001-NULL-GOST94", 1153 0x3000083, 1154 SSL_kGOST, 1155 SSL_aGOST01, 1156 SSL_eNULL, 1157 SSL_GOST94, 1158 SSL_TLSV1, 1159 SSL_NOT_EXP|SSL_STRONG_NONE, 1160 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 1161 0, 1162 0 1163 }, 1164 1165 #ifndef OPENSSL_NO_CAMELLIA 1166 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 1167 1168 /* Cipher 84 */ 1169 { 1170 1, 1171 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1172 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1173 SSL_kRSA, 1174 SSL_aRSA, 1175 SSL_CAMELLIA256, 1176 SSL_SHA1, 1177 SSL_TLSV1, 1178 SSL_NOT_EXP|SSL_HIGH, 1179 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1180 256, 1181 256, 1182 }, 1183 /* Cipher 85 */ 1184 { 1185 0, /* not implemented (non-ephemeral DH) */ 1186 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1187 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1188 SSL_kDHd, 1189 SSL_aDH, 1190 SSL_CAMELLIA256, 1191 SSL_SHA1, 1192 SSL_TLSV1, 1193 SSL_NOT_EXP|SSL_HIGH, 1194 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1195 256, 1196 256, 1197 }, 1198 1199 /* Cipher 86 */ 1200 { 1201 0, /* not implemented (non-ephemeral DH) */ 1202 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1203 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1204 SSL_kDHr, 1205 SSL_aDH, 1206 SSL_CAMELLIA256, 1207 SSL_SHA1, 1208 SSL_TLSV1, 1209 SSL_NOT_EXP|SSL_HIGH, 1210 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1211 256, 1212 256, 1213 }, 1214 1215 /* Cipher 87 */ 1216 { 1217 1, 1218 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1219 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1220 SSL_kEDH, 1221 SSL_aDSS, 1222 SSL_CAMELLIA256, 1223 SSL_SHA1, 1224 SSL_TLSV1, 1225 SSL_NOT_EXP|SSL_HIGH, 1226 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1227 256, 1228 256, 1229 }, 1230 1231 /* Cipher 88 */ 1232 { 1233 1, 1234 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1235 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1236 SSL_kEDH, 1237 SSL_aRSA, 1238 SSL_CAMELLIA256, 1239 SSL_SHA1, 1240 SSL_TLSV1, 1241 SSL_NOT_EXP|SSL_HIGH, 1242 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1243 256, 1244 256, 1245 }, 1246 1247 /* Cipher 89 */ 1248 { 1249 1, 1250 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1251 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1252 SSL_kEDH, 1253 SSL_aNULL, 1254 SSL_CAMELLIA256, 1255 SSL_SHA1, 1256 SSL_TLSV1, 1257 SSL_NOT_EXP|SSL_HIGH, 1258 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1259 256, 1260 256, 1261 }, 1262 #endif /* OPENSSL_NO_CAMELLIA */ 1263 1264 #ifndef OPENSSL_NO_PSK 1265 /* Cipher 8A */ 1266 { 1267 1, 1268 TLS1_TXT_PSK_WITH_RC4_128_SHA, 1269 TLS1_CK_PSK_WITH_RC4_128_SHA, 1270 SSL_kPSK, 1271 SSL_aPSK, 1272 SSL_RC4, 1273 SSL_SHA1, 1274 SSL_TLSV1, 1275 SSL_NOT_EXP|SSL_MEDIUM, 1276 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1277 128, 1278 128, 1279 }, 1280 1281 /* Cipher 8B */ 1282 { 1283 1, 1284 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, 1285 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, 1286 SSL_kPSK, 1287 SSL_aPSK, 1288 SSL_3DES, 1289 SSL_SHA1, 1290 SSL_TLSV1, 1291 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1292 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1293 168, 1294 168, 1295 }, 1296 1297 /* Cipher 8C */ 1298 { 1299 1, 1300 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, 1301 TLS1_CK_PSK_WITH_AES_128_CBC_SHA, 1302 SSL_kPSK, 1303 SSL_aPSK, 1304 SSL_AES128, 1305 SSL_SHA1, 1306 SSL_TLSV1, 1307 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1308 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1309 128, 1310 128, 1311 }, 1312 1313 /* Cipher 8D */ 1314 { 1315 1, 1316 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, 1317 TLS1_CK_PSK_WITH_AES_256_CBC_SHA, 1318 SSL_kPSK, 1319 SSL_aPSK, 1320 SSL_AES256, 1321 SSL_SHA1, 1322 SSL_TLSV1, 1323 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1324 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1325 256, 1326 256, 1327 }, 1328 #endif /* OPENSSL_NO_PSK */ 1329 1330 /* GCM ciphersuites from RFC5288 */ 1331 1332 /* Cipher 9C */ 1333 { 1334 1, 1335 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 1336 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 1337 SSL_kRSA, 1338 SSL_aRSA, 1339 SSL_AES128GCM, 1340 SSL_AEAD, 1341 SSL_TLSV1_2, 1342 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1343 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1344 128, 1345 128, 1346 }, 1347 1348 /* Cipher 9D */ 1349 { 1350 1, 1351 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 1352 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 1353 SSL_kRSA, 1354 SSL_aRSA, 1355 SSL_AES256GCM, 1356 SSL_AEAD, 1357 SSL_TLSV1_2, 1358 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1359 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1360 256, 1361 256, 1362 }, 1363 1364 /* Cipher 9E */ 1365 { 1366 1, 1367 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 1368 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 1369 SSL_kEDH, 1370 SSL_aRSA, 1371 SSL_AES128GCM, 1372 SSL_AEAD, 1373 SSL_TLSV1_2, 1374 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1375 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1376 128, 1377 128, 1378 }, 1379 1380 /* Cipher 9F */ 1381 { 1382 1, 1383 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 1384 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 1385 SSL_kEDH, 1386 SSL_aRSA, 1387 SSL_AES256GCM, 1388 SSL_AEAD, 1389 SSL_TLSV1_2, 1390 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1391 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1392 256, 1393 256, 1394 }, 1395 1396 /* Cipher A0 */ 1397 { 1398 0, 1399 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, 1400 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, 1401 SSL_kDHr, 1402 SSL_aDH, 1403 SSL_AES128GCM, 1404 SSL_AEAD, 1405 SSL_TLSV1_2, 1406 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1407 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1408 128, 1409 128, 1410 }, 1411 1412 /* Cipher A1 */ 1413 { 1414 0, 1415 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, 1416 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, 1417 SSL_kDHr, 1418 SSL_aDH, 1419 SSL_AES256GCM, 1420 SSL_AEAD, 1421 SSL_TLSV1_2, 1422 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1423 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1424 256, 1425 256, 1426 }, 1427 1428 /* Cipher A2 */ 1429 { 1430 1, 1431 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 1432 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 1433 SSL_kEDH, 1434 SSL_aDSS, 1435 SSL_AES128GCM, 1436 SSL_AEAD, 1437 SSL_TLSV1_2, 1438 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1439 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1440 128, 1441 128, 1442 }, 1443 1444 /* Cipher A3 */ 1445 { 1446 1, 1447 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 1448 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 1449 SSL_kEDH, 1450 SSL_aDSS, 1451 SSL_AES256GCM, 1452 SSL_AEAD, 1453 SSL_TLSV1_2, 1454 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1455 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1456 256, 1457 256, 1458 }, 1459 1460 /* Cipher A4 */ 1461 { 1462 0, 1463 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1464 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1465 SSL_kDHd, 1466 SSL_aDH, 1467 SSL_AES128GCM, 1468 SSL_AEAD, 1469 SSL_TLSV1_2, 1470 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1471 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1472 128, 1473 128, 1474 }, 1475 1476 /* Cipher A5 */ 1477 { 1478 0, 1479 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1480 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1481 SSL_kDHd, 1482 SSL_aDH, 1483 SSL_AES256GCM, 1484 SSL_AEAD, 1485 SSL_TLSV1_2, 1486 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1487 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1488 256, 1489 256, 1490 }, 1491 1492 /* Cipher A6 */ 1493 { 1494 1, 1495 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1496 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1497 SSL_kEDH, 1498 SSL_aNULL, 1499 SSL_AES128GCM, 1500 SSL_AEAD, 1501 SSL_TLSV1_2, 1502 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1503 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1504 128, 1505 128, 1506 }, 1507 1508 /* Cipher A7 */ 1509 { 1510 1, 1511 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 1512 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 1513 SSL_kEDH, 1514 SSL_aNULL, 1515 SSL_AES256GCM, 1516 SSL_AEAD, 1517 SSL_TLSV1_2, 1518 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1519 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1520 256, 1521 256, 1522 }, 1523 1524 #ifndef OPENSSL_NO_ECDH 1525 /* Cipher C001 */ 1526 { 1527 1, 1528 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 1529 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 1530 SSL_kECDHe, 1531 SSL_aECDH, 1532 SSL_eNULL, 1533 SSL_SHA1, 1534 SSL_TLSV1, 1535 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1536 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1537 0, 1538 0, 1539 }, 1540 1541 /* Cipher C002 */ 1542 { 1543 1, 1544 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 1545 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 1546 SSL_kECDHe, 1547 SSL_aECDH, 1548 SSL_RC4, 1549 SSL_SHA1, 1550 SSL_TLSV1, 1551 SSL_NOT_EXP|SSL_MEDIUM, 1552 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1553 128, 1554 128, 1555 }, 1556 1557 /* Cipher C003 */ 1558 { 1559 1, 1560 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1561 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1562 SSL_kECDHe, 1563 SSL_aECDH, 1564 SSL_3DES, 1565 SSL_SHA1, 1566 SSL_TLSV1, 1567 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1568 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1569 168, 1570 168, 1571 }, 1572 1573 /* Cipher C004 */ 1574 { 1575 1, 1576 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1577 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1578 SSL_kECDHe, 1579 SSL_aECDH, 1580 SSL_AES128, 1581 SSL_SHA1, 1582 SSL_TLSV1, 1583 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1584 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1585 128, 1586 128, 1587 }, 1588 1589 /* Cipher C005 */ 1590 { 1591 1, 1592 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1593 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1594 SSL_kECDHe, 1595 SSL_aECDH, 1596 SSL_AES256, 1597 SSL_SHA1, 1598 SSL_TLSV1, 1599 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1600 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1601 256, 1602 256, 1603 }, 1604 1605 /* Cipher C006 */ 1606 { 1607 1, 1608 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1609 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1610 SSL_kEECDH, 1611 SSL_aECDSA, 1612 SSL_eNULL, 1613 SSL_SHA1, 1614 SSL_TLSV1, 1615 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1616 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1617 0, 1618 0, 1619 }, 1620 1621 /* Cipher C007 */ 1622 { 1623 1, 1624 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1625 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1626 SSL_kEECDH, 1627 SSL_aECDSA, 1628 SSL_RC4, 1629 SSL_SHA1, 1630 SSL_TLSV1, 1631 SSL_NOT_EXP|SSL_MEDIUM, 1632 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1633 128, 1634 128, 1635 }, 1636 1637 /* Cipher C008 */ 1638 { 1639 1, 1640 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1641 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1642 SSL_kEECDH, 1643 SSL_aECDSA, 1644 SSL_3DES, 1645 SSL_SHA1, 1646 SSL_TLSV1, 1647 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1648 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1649 168, 1650 168, 1651 }, 1652 1653 /* Cipher C009 */ 1654 { 1655 1, 1656 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1657 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1658 SSL_kEECDH, 1659 SSL_aECDSA, 1660 SSL_AES128, 1661 SSL_SHA1, 1662 SSL_TLSV1, 1663 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1664 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1665 128, 1666 128, 1667 }, 1668 1669 /* Cipher C00A */ 1670 { 1671 1, 1672 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1673 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1674 SSL_kEECDH, 1675 SSL_aECDSA, 1676 SSL_AES256, 1677 SSL_SHA1, 1678 SSL_TLSV1, 1679 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1680 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1681 256, 1682 256, 1683 }, 1684 1685 /* Cipher C00B */ 1686 { 1687 1, 1688 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 1689 TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 1690 SSL_kECDHr, 1691 SSL_aECDH, 1692 SSL_eNULL, 1693 SSL_SHA1, 1694 SSL_TLSV1, 1695 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1696 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1697 0, 1698 0, 1699 }, 1700 1701 /* Cipher C00C */ 1702 { 1703 1, 1704 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 1705 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 1706 SSL_kECDHr, 1707 SSL_aECDH, 1708 SSL_RC4, 1709 SSL_SHA1, 1710 SSL_TLSV1, 1711 SSL_NOT_EXP|SSL_MEDIUM, 1712 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1713 128, 1714 128, 1715 }, 1716 1717 /* Cipher C00D */ 1718 { 1719 1, 1720 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1721 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1722 SSL_kECDHr, 1723 SSL_aECDH, 1724 SSL_3DES, 1725 SSL_SHA1, 1726 SSL_TLSV1, 1727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1728 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1729 168, 1730 168, 1731 }, 1732 1733 /* Cipher C00E */ 1734 { 1735 1, 1736 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 1737 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 1738 SSL_kECDHr, 1739 SSL_aECDH, 1740 SSL_AES128, 1741 SSL_SHA1, 1742 SSL_TLSV1, 1743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1744 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1745 128, 1746 128, 1747 }, 1748 1749 /* Cipher C00F */ 1750 { 1751 1, 1752 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 1753 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 1754 SSL_kECDHr, 1755 SSL_aECDH, 1756 SSL_AES256, 1757 SSL_SHA1, 1758 SSL_TLSV1, 1759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1760 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1761 256, 1762 256, 1763 }, 1764 1765 /* Cipher C010 */ 1766 { 1767 1, 1768 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1769 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1770 SSL_kEECDH, 1771 SSL_aRSA, 1772 SSL_eNULL, 1773 SSL_SHA1, 1774 SSL_TLSV1, 1775 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1776 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1777 0, 1778 0, 1779 }, 1780 1781 /* Cipher C011 */ 1782 { 1783 1, 1784 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1785 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1786 SSL_kEECDH, 1787 SSL_aRSA, 1788 SSL_RC4, 1789 SSL_SHA1, 1790 SSL_TLSV1, 1791 SSL_NOT_EXP|SSL_MEDIUM, 1792 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1793 128, 1794 128, 1795 }, 1796 1797 /* Cipher C012 */ 1798 { 1799 1, 1800 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1801 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1802 SSL_kEECDH, 1803 SSL_aRSA, 1804 SSL_3DES, 1805 SSL_SHA1, 1806 SSL_TLSV1, 1807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1808 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1809 168, 1810 168, 1811 }, 1812 1813 /* Cipher C013 */ 1814 { 1815 1, 1816 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1817 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1818 SSL_kEECDH, 1819 SSL_aRSA, 1820 SSL_AES128, 1821 SSL_SHA1, 1822 SSL_TLSV1, 1823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1824 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1825 128, 1826 128, 1827 }, 1828 1829 /* Cipher C014 */ 1830 { 1831 1, 1832 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1833 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1834 SSL_kEECDH, 1835 SSL_aRSA, 1836 SSL_AES256, 1837 SSL_SHA1, 1838 SSL_TLSV1, 1839 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1840 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1841 256, 1842 256, 1843 }, 1844 1845 /* Cipher C015 */ 1846 { 1847 1, 1848 TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1849 TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1850 SSL_kEECDH, 1851 SSL_aNULL, 1852 SSL_eNULL, 1853 SSL_SHA1, 1854 SSL_TLSV1, 1855 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 1856 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1857 0, 1858 0, 1859 }, 1860 1861 /* Cipher C016 */ 1862 { 1863 1, 1864 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1865 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1866 SSL_kEECDH, 1867 SSL_aNULL, 1868 SSL_RC4, 1869 SSL_SHA1, 1870 SSL_TLSV1, 1871 SSL_NOT_EXP|SSL_MEDIUM, 1872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1873 128, 1874 128, 1875 }, 1876 1877 /* Cipher C017 */ 1878 { 1879 1, 1880 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1881 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1882 SSL_kEECDH, 1883 SSL_aNULL, 1884 SSL_3DES, 1885 SSL_SHA1, 1886 SSL_TLSV1, 1887 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1888 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1889 168, 1890 168, 1891 }, 1892 1893 /* Cipher C018 */ 1894 { 1895 1, 1896 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1897 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1898 SSL_kEECDH, 1899 SSL_aNULL, 1900 SSL_AES128, 1901 SSL_SHA1, 1902 SSL_TLSV1, 1903 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1904 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1905 128, 1906 128, 1907 }, 1908 1909 /* Cipher C019 */ 1910 { 1911 1, 1912 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1913 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1914 SSL_kEECDH, 1915 SSL_aNULL, 1916 SSL_AES256, 1917 SSL_SHA1, 1918 SSL_TLSV1, 1919 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1920 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1921 256, 1922 256, 1923 }, 1924 #endif /* OPENSSL_NO_ECDH */ 1925 1926 #ifndef OPENSSL_NO_ECDH 1927 1928 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 1929 1930 /* Cipher C023 */ 1931 { 1932 1, 1933 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1934 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1935 SSL_kEECDH, 1936 SSL_aECDSA, 1937 SSL_AES128, 1938 SSL_SHA256, 1939 SSL_TLSV1_2, 1940 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1941 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1942 128, 1943 128, 1944 }, 1945 1946 /* Cipher C024 */ 1947 { 1948 1, 1949 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1950 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1951 SSL_kEECDH, 1952 SSL_aECDSA, 1953 SSL_AES256, 1954 SSL_SHA384, 1955 SSL_TLSV1_2, 1956 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1957 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1958 256, 1959 256, 1960 }, 1961 1962 /* Cipher C025 */ 1963 { 1964 1, 1965 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 1966 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 1967 SSL_kECDHe, 1968 SSL_aECDH, 1969 SSL_AES128, 1970 SSL_SHA256, 1971 SSL_TLSV1_2, 1972 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1973 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1974 128, 1975 128, 1976 }, 1977 1978 /* Cipher C026 */ 1979 { 1980 1, 1981 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 1982 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 1983 SSL_kECDHe, 1984 SSL_aECDH, 1985 SSL_AES256, 1986 SSL_SHA384, 1987 SSL_TLSV1_2, 1988 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1989 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1990 256, 1991 256, 1992 }, 1993 1994 /* Cipher C027 */ 1995 { 1996 1, 1997 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1998 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1999 SSL_kEECDH, 2000 SSL_aRSA, 2001 SSL_AES128, 2002 SSL_SHA256, 2003 SSL_TLSV1_2, 2004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2005 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2006 128, 2007 128, 2008 }, 2009 2010 /* Cipher C028 */ 2011 { 2012 1, 2013 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 2014 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 2015 SSL_kEECDH, 2016 SSL_aRSA, 2017 SSL_AES256, 2018 SSL_SHA384, 2019 SSL_TLSV1_2, 2020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2021 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2022 256, 2023 256, 2024 }, 2025 2026 /* Cipher C029 */ 2027 { 2028 1, 2029 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2030 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2031 SSL_kECDHr, 2032 SSL_aECDH, 2033 SSL_AES128, 2034 SSL_SHA256, 2035 SSL_TLSV1_2, 2036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2037 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2038 128, 2039 128, 2040 }, 2041 2042 /* Cipher C02A */ 2043 { 2044 1, 2045 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2046 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2047 SSL_kECDHr, 2048 SSL_aECDH, 2049 SSL_AES256, 2050 SSL_SHA384, 2051 SSL_TLSV1_2, 2052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2053 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2054 256, 2055 256, 2056 }, 2057 2058 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 2059 2060 /* Cipher C02B */ 2061 { 2062 1, 2063 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2064 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 2065 SSL_kEECDH, 2066 SSL_aECDSA, 2067 SSL_AES128GCM, 2068 SSL_AEAD, 2069 SSL_TLSV1_2, 2070 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2071 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2072 128, 2073 128, 2074 }, 2075 2076 /* Cipher C02C */ 2077 { 2078 1, 2079 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2080 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 2081 SSL_kEECDH, 2082 SSL_aECDSA, 2083 SSL_AES256GCM, 2084 SSL_AEAD, 2085 SSL_TLSV1_2, 2086 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2087 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2088 256, 2089 256, 2090 }, 2091 2092 /* Cipher C02D */ 2093 { 2094 1, 2095 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2096 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 2097 SSL_kECDHe, 2098 SSL_aECDH, 2099 SSL_AES128GCM, 2100 SSL_AEAD, 2101 SSL_TLSV1_2, 2102 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2103 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2104 128, 2105 128, 2106 }, 2107 2108 /* Cipher C02E */ 2109 { 2110 1, 2111 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2112 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 2113 SSL_kECDHe, 2114 SSL_aECDH, 2115 SSL_AES256GCM, 2116 SSL_AEAD, 2117 SSL_TLSV1_2, 2118 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2119 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2120 256, 2121 256, 2122 }, 2123 2124 /* Cipher C02F */ 2125 { 2126 1, 2127 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2128 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 2129 SSL_kEECDH, 2130 SSL_aRSA, 2131 SSL_AES128GCM, 2132 SSL_AEAD, 2133 SSL_TLSV1_2, 2134 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2135 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2136 128, 2137 128, 2138 }, 2139 2140 /* Cipher C030 */ 2141 { 2142 1, 2143 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2144 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 2145 SSL_kEECDH, 2146 SSL_aRSA, 2147 SSL_AES256GCM, 2148 SSL_AEAD, 2149 SSL_TLSV1_2, 2150 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2151 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2152 256, 2153 256, 2154 }, 2155 2156 /* Cipher C031 */ 2157 { 2158 1, 2159 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2160 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2161 SSL_kECDHr, 2162 SSL_aECDH, 2163 SSL_AES128GCM, 2164 SSL_AEAD, 2165 SSL_TLSV1_2, 2166 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2167 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 2168 128, 2169 128, 2170 }, 2171 2172 /* Cipher C032 */ 2173 { 2174 1, 2175 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2176 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2177 SSL_kECDHr, 2178 SSL_aECDH, 2179 SSL_AES256GCM, 2180 SSL_AEAD, 2181 SSL_TLSV1_2, 2182 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 2183 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 2184 256, 2185 256, 2186 }, 2187 2188 #endif /* OPENSSL_NO_ECDH */ 2189 2190 2191 #ifdef TEMP_GOST_TLS 2192 /* Cipher FF00 */ 2193 { 2194 1, 2195 "GOST-MD5", 2196 0x0300ff00, 2197 SSL_kRSA, 2198 SSL_aRSA, 2199 SSL_eGOST2814789CNT, 2200 SSL_MD5, 2201 SSL_TLSV1, 2202 SSL_NOT_EXP|SSL_HIGH, 2203 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2204 256, 2205 256, 2206 }, 2207 { 2208 1, 2209 "GOST-GOST94", 2210 0x0300ff01, 2211 SSL_kRSA, 2212 SSL_aRSA, 2213 SSL_eGOST2814789CNT, 2214 SSL_GOST94, 2215 SSL_TLSV1, 2216 SSL_NOT_EXP|SSL_HIGH, 2217 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2218 256, 2219 256 2220 }, 2221 { 2222 1, 2223 "GOST-GOST89MAC", 2224 0x0300ff02, 2225 SSL_kRSA, 2226 SSL_aRSA, 2227 SSL_eGOST2814789CNT, 2228 SSL_GOST89MAC, 2229 SSL_TLSV1, 2230 SSL_NOT_EXP|SSL_HIGH, 2231 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 2232 256, 2233 256 2234 }, 2235 { 2236 1, 2237 "GOST-GOST89STREAM", 2238 0x0300ff03, 2239 SSL_kRSA, 2240 SSL_aRSA, 2241 SSL_eGOST2814789CNT, 2242 SSL_GOST89MAC, 2243 SSL_TLSV1, 2244 SSL_NOT_EXP|SSL_HIGH, 2245 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC, 2246 256, 2247 256 2248 }, 2249 #endif 2250 2251 /* end of list */ 2252 }; 2253 2254 SSL3_ENC_METHOD SSLv3_enc_data = { 2255 ssl3_enc, 2256 n_ssl3_mac, 2257 ssl3_setup_key_block, 2258 ssl3_generate_master_secret, 2259 ssl3_change_cipher_state, 2260 ssl3_final_finish_mac, 2261 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 2262 ssl3_cert_verify_mac, 2263 SSL3_MD_CLIENT_FINISHED_CONST, 4, 2264 SSL3_MD_SERVER_FINISHED_CONST, 4, 2265 ssl3_alert_code, 2266 (int (*)(SSL *, unsigned char *, size_t, const char *, 2267 size_t, const unsigned char *, size_t, 2268 int use_context))ssl_undefined_function, 2269 }; 2270 2271 long 2272 ssl3_default_timeout(void) 2273 { 2274 /* 2275 * 2 hours, the 24 hours mentioned in the SSLv3 spec 2276 * is way too long for http, the cache would over fill 2277 */ 2278 return (60 * 60 * 2); 2279 } 2280 2281 int 2282 ssl3_num_ciphers(void) 2283 { 2284 return (SSL3_NUM_CIPHERS); 2285 } 2286 2287 const SSL_CIPHER * 2288 ssl3_get_cipher(unsigned int u) 2289 { 2290 if (u < SSL3_NUM_CIPHERS) 2291 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); 2292 else 2293 return (NULL); 2294 } 2295 2296 int 2297 ssl3_pending(const SSL *s) 2298 { 2299 if (s->rstate == SSL_ST_READ_BODY) 2300 return 0; 2301 2302 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? 2303 s->s3->rrec.length : 0; 2304 } 2305 2306 int 2307 ssl3_new(SSL *s) 2308 { 2309 SSL3_STATE *s3; 2310 2311 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2312 goto err; 2313 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2314 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 2315 2316 s->s3 = s3; 2317 2318 s->method->ssl_clear(s); 2319 return (1); 2320 err: 2321 return (0); 2322 } 2323 2324 void 2325 ssl3_free(SSL *s) 2326 { 2327 if (s == NULL) 2328 return; 2329 2330 #ifdef TLSEXT_TYPE_opaque_prf_input 2331 if (s->s3->client_opaque_prf_input != NULL) 2332 free(s->s3->client_opaque_prf_input); 2333 if (s->s3->server_opaque_prf_input != NULL) 2334 free(s->s3->server_opaque_prf_input); 2335 #endif 2336 2337 ssl3_cleanup_key_block(s); 2338 if (s->s3->rbuf.buf != NULL) 2339 ssl3_release_read_buffer(s); 2340 if (s->s3->wbuf.buf != NULL) 2341 ssl3_release_write_buffer(s); 2342 if (s->s3->rrec.comp != NULL) 2343 free(s->s3->rrec.comp); 2344 #ifndef OPENSSL_NO_DH 2345 if (s->s3->tmp.dh != NULL) 2346 DH_free(s->s3->tmp.dh); 2347 #endif 2348 #ifndef OPENSSL_NO_ECDH 2349 if (s->s3->tmp.ecdh != NULL) 2350 EC_KEY_free(s->s3->tmp.ecdh); 2351 #endif 2352 2353 if (s->s3->tmp.ca_names != NULL) 2354 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2355 if (s->s3->handshake_buffer) { 2356 BIO_free(s->s3->handshake_buffer); 2357 } 2358 if (s->s3->handshake_dgst) 2359 ssl3_free_digest_list(s); 2360 OPENSSL_cleanse(s->s3, sizeof *s->s3); 2361 free(s->s3); 2362 s->s3 = NULL; 2363 } 2364 2365 void 2366 ssl3_clear(SSL *s) 2367 { 2368 unsigned char *rp, *wp; 2369 size_t rlen, wlen; 2370 int init_extra; 2371 2372 #ifdef TLSEXT_TYPE_opaque_prf_input 2373 if (s->s3->client_opaque_prf_input != NULL) 2374 free(s->s3->client_opaque_prf_input); 2375 s->s3->client_opaque_prf_input = NULL; 2376 if (s->s3->server_opaque_prf_input != NULL) 2377 free(s->s3->server_opaque_prf_input); 2378 s->s3->server_opaque_prf_input = NULL; 2379 #endif 2380 2381 ssl3_cleanup_key_block(s); 2382 if (s->s3->tmp.ca_names != NULL) 2383 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2384 2385 if (s->s3->rrec.comp != NULL) { 2386 free(s->s3->rrec.comp); 2387 s->s3->rrec.comp = NULL; 2388 } 2389 #ifndef OPENSSL_NO_DH 2390 if (s->s3->tmp.dh != NULL) { 2391 DH_free(s->s3->tmp.dh); 2392 s->s3->tmp.dh = NULL; 2393 } 2394 #endif 2395 #ifndef OPENSSL_NO_ECDH 2396 if (s->s3->tmp.ecdh != NULL) { 2397 EC_KEY_free(s->s3->tmp.ecdh); 2398 s->s3->tmp.ecdh = NULL; 2399 } 2400 #endif 2401 #ifndef OPENSSL_NO_TLSEXT 2402 #ifndef OPENSSL_NO_EC 2403 s->s3->is_probably_safari = 0; 2404 #endif /* !OPENSSL_NO_EC */ 2405 #endif /* !OPENSSL_NO_TLSEXT */ 2406 2407 rp = s->s3->rbuf.buf; 2408 wp = s->s3->wbuf.buf; 2409 rlen = s->s3->rbuf.len; 2410 wlen = s->s3->wbuf.len; 2411 init_extra = s->s3->init_extra; 2412 if (s->s3->handshake_buffer) { 2413 BIO_free(s->s3->handshake_buffer); 2414 s->s3->handshake_buffer = NULL; 2415 } 2416 if (s->s3->handshake_dgst) { 2417 ssl3_free_digest_list(s); 2418 } 2419 memset(s->s3, 0, sizeof *s->s3); 2420 s->s3->rbuf.buf = rp; 2421 s->s3->wbuf.buf = wp; 2422 s->s3->rbuf.len = rlen; 2423 s->s3->wbuf.len = wlen; 2424 s->s3->init_extra = init_extra; 2425 2426 ssl_free_wbio_buffer(s); 2427 2428 s->packet_length = 0; 2429 s->s3->renegotiate = 0; 2430 s->s3->total_renegotiations = 0; 2431 s->s3->num_renegotiations = 0; 2432 s->s3->in_read_app_data = 0; 2433 s->version = SSL3_VERSION; 2434 2435 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2436 if (s->next_proto_negotiated) { 2437 free(s->next_proto_negotiated); 2438 s->next_proto_negotiated = NULL; 2439 s->next_proto_negotiated_len = 0; 2440 } 2441 #endif 2442 } 2443 2444 2445 long 2446 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 2447 { 2448 int ret = 0; 2449 2450 if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || 2451 cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 2452 if (!ssl_cert_inst(&s->cert)) { 2453 SSLerr(SSL_F_SSL3_CTRL, 2454 ERR_R_MALLOC_FAILURE); 2455 return (0); 2456 } 2457 } 2458 2459 switch (cmd) { 2460 case SSL_CTRL_GET_SESSION_REUSED: 2461 ret = s->hit; 2462 break; 2463 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 2464 break; 2465 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 2466 ret = s->s3->num_renegotiations; 2467 break; 2468 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 2469 ret = s->s3->num_renegotiations; 2470 s->s3->num_renegotiations = 0; 2471 break; 2472 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 2473 ret = s->s3->total_renegotiations; 2474 break; 2475 case SSL_CTRL_GET_FLAGS: 2476 ret = (int)(s->s3->flags); 2477 break; 2478 case SSL_CTRL_NEED_TMP_RSA: 2479 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 2480 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 2481 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) 2482 > (512 / 8)))) 2483 ret = 1; 2484 break; 2485 case SSL_CTRL_SET_TMP_RSA: 2486 { 2487 RSA *rsa = (RSA *)parg; 2488 if (rsa == NULL) { 2489 SSLerr(SSL_F_SSL3_CTRL, 2490 ERR_R_PASSED_NULL_PARAMETER); 2491 return (ret); 2492 } 2493 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { 2494 SSLerr(SSL_F_SSL3_CTRL, 2495 ERR_R_RSA_LIB); 2496 return (ret); 2497 } 2498 if (s->cert->rsa_tmp != NULL) 2499 RSA_free(s->cert->rsa_tmp); 2500 s->cert->rsa_tmp = rsa; 2501 ret = 1; 2502 } 2503 break; 2504 case SSL_CTRL_SET_TMP_RSA_CB: 2505 { 2506 SSLerr(SSL_F_SSL3_CTRL, 2507 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2508 return (ret); 2509 } 2510 break; 2511 #ifndef OPENSSL_NO_DH 2512 case SSL_CTRL_SET_TMP_DH: 2513 { 2514 DH *dh = (DH *)parg; 2515 if (dh == NULL) { 2516 SSLerr(SSL_F_SSL3_CTRL, 2517 ERR_R_PASSED_NULL_PARAMETER); 2518 return (ret); 2519 } 2520 if ((dh = DHparams_dup(dh)) == NULL) { 2521 SSLerr(SSL_F_SSL3_CTRL, 2522 ERR_R_DH_LIB); 2523 return (ret); 2524 } 2525 if (!(s->options & SSL_OP_SINGLE_DH_USE)) { 2526 if (!DH_generate_key(dh)) { 2527 DH_free(dh); 2528 SSLerr(SSL_F_SSL3_CTRL, 2529 ERR_R_DH_LIB); 2530 return (ret); 2531 } 2532 } 2533 if (s->cert->dh_tmp != NULL) 2534 DH_free(s->cert->dh_tmp); 2535 s->cert->dh_tmp = dh; 2536 ret = 1; 2537 } 2538 break; 2539 case SSL_CTRL_SET_TMP_DH_CB: 2540 { 2541 SSLerr(SSL_F_SSL3_CTRL, 2542 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2543 return (ret); 2544 } 2545 break; 2546 #endif 2547 #ifndef OPENSSL_NO_ECDH 2548 case SSL_CTRL_SET_TMP_ECDH: 2549 { 2550 EC_KEY *ecdh = NULL; 2551 2552 if (parg == NULL) { 2553 SSLerr(SSL_F_SSL3_CTRL, 2554 ERR_R_PASSED_NULL_PARAMETER); 2555 return (ret); 2556 } 2557 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 2558 SSLerr(SSL_F_SSL3_CTRL, 2559 ERR_R_ECDH_LIB); 2560 return (ret); 2561 } 2562 ecdh = (EC_KEY *)parg; 2563 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 2564 if (!EC_KEY_generate_key(ecdh)) { 2565 EC_KEY_free(ecdh); 2566 SSLerr(SSL_F_SSL3_CTRL, 2567 ERR_R_ECDH_LIB); 2568 return (ret); 2569 } 2570 } 2571 if (s->cert->ecdh_tmp != NULL) 2572 EC_KEY_free(s->cert->ecdh_tmp); 2573 s->cert->ecdh_tmp = ecdh; 2574 ret = 1; 2575 } 2576 break; 2577 case SSL_CTRL_SET_TMP_ECDH_CB: 2578 { 2579 SSLerr(SSL_F_SSL3_CTRL, 2580 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2581 return (ret); 2582 } 2583 break; 2584 #endif /* !OPENSSL_NO_ECDH */ 2585 #ifndef OPENSSL_NO_TLSEXT 2586 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2587 if (larg == TLSEXT_NAMETYPE_host_name) { 2588 if (s->tlsext_hostname != NULL) 2589 free(s->tlsext_hostname); 2590 s->tlsext_hostname = NULL; 2591 2592 ret = 1; 2593 if (parg == NULL) 2594 break; 2595 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 2596 SSLerr(SSL_F_SSL3_CTRL, 2597 SSL_R_SSL3_EXT_INVALID_SERVERNAME); 2598 return 0; 2599 } 2600 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) 2601 == NULL) { 2602 SSLerr(SSL_F_SSL3_CTRL, 2603 ERR_R_INTERNAL_ERROR); 2604 return 0; 2605 } 2606 } else { 2607 SSLerr(SSL_F_SSL3_CTRL, 2608 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 2609 return 0; 2610 } 2611 break; 2612 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 2613 s->tlsext_debug_arg = parg; 2614 ret = 1; 2615 break; 2616 2617 #ifdef TLSEXT_TYPE_opaque_prf_input 2618 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 2619 if (larg > 12288) { 2620 /* 2621 * Actual internal limit is 2^16 for the complete 2622 * hello message (including the cert chain and 2623 * everything) 2624 */ 2625 SSLerr(SSL_F_SSL3_CTRL, 2626 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 2627 break; 2628 } 2629 if (s->tlsext_opaque_prf_input != NULL) 2630 free(s->tlsext_opaque_prf_input); 2631 if ((size_t)larg == 0) { 2632 /* dummy byte just to get non-NULL */ 2633 s->tlsext_opaque_prf_input = malloc(1); 2634 } else 2635 s->tlsext_opaque_prf_input = 2636 BUF_memdup(parg, (size_t)larg); 2637 if (s->tlsext_opaque_prf_input != NULL) { 2638 s->tlsext_opaque_prf_input_len = (size_t)larg; 2639 ret = 1; 2640 } else 2641 s->tlsext_opaque_prf_input_len = 0; 2642 break; 2643 #endif 2644 2645 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2646 s->tlsext_status_type = larg; 2647 ret = 1; 2648 break; 2649 2650 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 2651 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 2652 ret = 1; 2653 break; 2654 2655 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 2656 s->tlsext_ocsp_exts = parg; 2657 ret = 1; 2658 break; 2659 2660 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 2661 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 2662 ret = 1; 2663 break; 2664 2665 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 2666 s->tlsext_ocsp_ids = parg; 2667 ret = 1; 2668 break; 2669 2670 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 2671 *(unsigned char **)parg = s->tlsext_ocsp_resp; 2672 return s->tlsext_ocsp_resplen; 2673 2674 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2675 if (s->tlsext_ocsp_resp) 2676 free(s->tlsext_ocsp_resp); 2677 s->tlsext_ocsp_resp = parg; 2678 s->tlsext_ocsp_resplen = larg; 2679 ret = 1; 2680 break; 2681 2682 #endif /* !OPENSSL_NO_TLSEXT */ 2683 default: 2684 break; 2685 } 2686 return (ret); 2687 } 2688 2689 long 2690 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 2691 { 2692 int ret = 0; 2693 2694 if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { 2695 if (!ssl_cert_inst(&s->cert)) { 2696 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, 2697 ERR_R_MALLOC_FAILURE); 2698 return (0); 2699 } 2700 } 2701 2702 switch (cmd) { 2703 case SSL_CTRL_SET_TMP_RSA_CB: 2704 { 2705 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 2706 } 2707 break; 2708 #ifndef OPENSSL_NO_DH 2709 case SSL_CTRL_SET_TMP_DH_CB: 2710 { 2711 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2712 } 2713 break; 2714 #endif 2715 #ifndef OPENSSL_NO_ECDH 2716 case SSL_CTRL_SET_TMP_ECDH_CB: 2717 { 2718 s->cert->ecdh_tmp_cb = 2719 (EC_KEY *(*)(SSL *, int, int))fp; 2720 } 2721 break; 2722 #endif 2723 #ifndef OPENSSL_NO_TLSEXT 2724 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2725 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 2726 unsigned char *, int, void *))fp; 2727 break; 2728 #endif 2729 default: 2730 break; 2731 } 2732 return (ret); 2733 } 2734 2735 long 2736 ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 2737 { 2738 CERT *cert; 2739 2740 cert = ctx->cert; 2741 2742 switch (cmd) { 2743 case SSL_CTRL_NEED_TMP_RSA: 2744 if ((cert->rsa_tmp == NULL) && 2745 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 2746 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > 2747 (512 / 8)))) 2748 return (1); 2749 else 2750 return (0); 2751 /* break; */ 2752 case SSL_CTRL_SET_TMP_RSA: 2753 { 2754 RSA *rsa; 2755 int i; 2756 2757 rsa = (RSA *)parg; 2758 i = 1; 2759 if (rsa == NULL) 2760 i = 0; 2761 else { 2762 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) 2763 i = 0; 2764 } 2765 if (!i) { 2766 SSLerr(SSL_F_SSL3_CTX_CTRL, 2767 ERR_R_RSA_LIB); 2768 return (0); 2769 } else { 2770 if (cert->rsa_tmp != NULL) 2771 RSA_free(cert->rsa_tmp); 2772 cert->rsa_tmp = rsa; 2773 return (1); 2774 } 2775 } 2776 /* break; */ 2777 case SSL_CTRL_SET_TMP_RSA_CB: 2778 { 2779 SSLerr(SSL_F_SSL3_CTX_CTRL, 2780 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2781 return (0); 2782 } 2783 break; 2784 #ifndef OPENSSL_NO_DH 2785 case SSL_CTRL_SET_TMP_DH: 2786 { 2787 DH *new = NULL, *dh; 2788 2789 dh = (DH *)parg; 2790 if ((new = DHparams_dup(dh)) == NULL) { 2791 SSLerr(SSL_F_SSL3_CTX_CTRL, 2792 ERR_R_DH_LIB); 2793 return 0; 2794 } 2795 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { 2796 if (!DH_generate_key(new)) { 2797 SSLerr(SSL_F_SSL3_CTX_CTRL, 2798 ERR_R_DH_LIB); 2799 DH_free(new); 2800 return 0; 2801 } 2802 } 2803 if (cert->dh_tmp != NULL) 2804 DH_free(cert->dh_tmp); 2805 cert->dh_tmp = new; 2806 return 1; 2807 } 2808 /*break; */ 2809 case SSL_CTRL_SET_TMP_DH_CB: 2810 { 2811 SSLerr(SSL_F_SSL3_CTX_CTRL, 2812 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2813 return (0); 2814 } 2815 break; 2816 #endif 2817 #ifndef OPENSSL_NO_ECDH 2818 case SSL_CTRL_SET_TMP_ECDH: 2819 { 2820 EC_KEY *ecdh = NULL; 2821 2822 if (parg == NULL) { 2823 SSLerr(SSL_F_SSL3_CTX_CTRL, 2824 ERR_R_ECDH_LIB); 2825 return 0; 2826 } 2827 ecdh = EC_KEY_dup((EC_KEY *)parg); 2828 if (ecdh == NULL) { 2829 SSLerr(SSL_F_SSL3_CTX_CTRL, 2830 ERR_R_EC_LIB); 2831 return 0; 2832 } 2833 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 2834 if (!EC_KEY_generate_key(ecdh)) { 2835 EC_KEY_free(ecdh); 2836 SSLerr(SSL_F_SSL3_CTX_CTRL, 2837 ERR_R_ECDH_LIB); 2838 return 0; 2839 } 2840 } 2841 2842 if (cert->ecdh_tmp != NULL) { 2843 EC_KEY_free(cert->ecdh_tmp); 2844 } 2845 cert->ecdh_tmp = ecdh; 2846 return 1; 2847 } 2848 /* break; */ 2849 case SSL_CTRL_SET_TMP_ECDH_CB: 2850 { 2851 SSLerr(SSL_F_SSL3_CTX_CTRL, 2852 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2853 return (0); 2854 } 2855 break; 2856 #endif /* !OPENSSL_NO_ECDH */ 2857 #ifndef OPENSSL_NO_TLSEXT 2858 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2859 ctx->tlsext_servername_arg = parg; 2860 break; 2861 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 2862 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 2863 { 2864 unsigned char *keys = parg; 2865 if (!keys) 2866 return 48; 2867 if (larg != 48) { 2868 SSLerr(SSL_F_SSL3_CTX_CTRL, 2869 SSL_R_INVALID_TICKET_KEYS_LENGTH); 2870 return 0; 2871 } 2872 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 2873 memcpy(ctx->tlsext_tick_key_name, keys, 16); 2874 memcpy(ctx->tlsext_tick_hmac_key, 2875 keys + 16, 16); 2876 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 2877 } else { 2878 memcpy(keys, ctx->tlsext_tick_key_name, 16); 2879 memcpy(keys + 16, 2880 ctx->tlsext_tick_hmac_key, 16); 2881 memcpy(keys + 32, 2882 ctx->tlsext_tick_aes_key, 16); 2883 } 2884 return 1; 2885 } 2886 2887 #ifdef TLSEXT_TYPE_opaque_prf_input 2888 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: 2889 ctx->tlsext_opaque_prf_input_callback_arg = parg; 2890 return 1; 2891 #endif 2892 2893 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2894 ctx->tlsext_status_arg = parg; 2895 return 1; 2896 break; 2897 2898 #endif /* !OPENSSL_NO_TLSEXT */ 2899 2900 /* A Thawte special :-) */ 2901 case SSL_CTRL_EXTRA_CHAIN_CERT: 2902 if (ctx->extra_certs == NULL) { 2903 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) 2904 return (0); 2905 } 2906 sk_X509_push(ctx->extra_certs,(X509 *)parg); 2907 break; 2908 2909 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 2910 *(STACK_OF(X509) **)parg = ctx->extra_certs; 2911 break; 2912 2913 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 2914 if (ctx->extra_certs) { 2915 sk_X509_pop_free(ctx->extra_certs, X509_free); 2916 ctx->extra_certs = NULL; 2917 } 2918 break; 2919 2920 default: 2921 return (0); 2922 } 2923 return (1); 2924 } 2925 2926 long 2927 ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 2928 { 2929 CERT *cert; 2930 2931 cert = ctx->cert; 2932 2933 switch (cmd) { 2934 case SSL_CTRL_SET_TMP_RSA_CB: 2935 { 2936 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 2937 } 2938 break; 2939 #ifndef OPENSSL_NO_DH 2940 case SSL_CTRL_SET_TMP_DH_CB: 2941 { 2942 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2943 } 2944 break; 2945 #endif 2946 #ifndef OPENSSL_NO_ECDH 2947 case SSL_CTRL_SET_TMP_ECDH_CB: 2948 { 2949 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2950 } 2951 break; 2952 #endif 2953 #ifndef OPENSSL_NO_TLSEXT 2954 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2955 ctx->tlsext_servername_callback = 2956 (int (*)(SSL *, int *, void *))fp; 2957 break; 2958 2959 #ifdef TLSEXT_TYPE_opaque_prf_input 2960 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 2961 ctx->tlsext_opaque_prf_input_callback = 2962 (int (*)(SSL *, void *, size_t, void *))fp; 2963 break; 2964 #endif 2965 2966 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2967 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2968 break; 2969 2970 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 2971 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 2972 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2973 break; 2974 2975 #endif 2976 default: 2977 return (0); 2978 } 2979 return (1); 2980 } 2981 2982 /* This function needs to check if the ciphers required are actually 2983 * available */ 2984 const SSL_CIPHER * 2985 ssl3_get_cipher_by_char(const unsigned char *p) 2986 { 2987 SSL_CIPHER c; 2988 const SSL_CIPHER *cp; 2989 unsigned long id; 2990 2991 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; 2992 c.id = id; 2993 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 2994 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES 2995 if (cp == NULL) 2996 fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]); 2997 #endif 2998 if (cp == NULL || cp->valid == 0) 2999 return NULL; 3000 else 3001 return cp; 3002 } 3003 3004 int 3005 ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 3006 { 3007 long l; 3008 3009 if (p != NULL) { 3010 l = c->id; 3011 if ((l & 0xff000000) != 0x03000000) 3012 return (0); 3013 p[0] = ((unsigned char)(l >> 8L)) & 0xFF; 3014 p[1] = ((unsigned char)(l)) & 0xFF; 3015 } 3016 return (2); 3017 } 3018 3019 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3020 STACK_OF(SSL_CIPHER) *srvr) 3021 { 3022 SSL_CIPHER *c, *ret = NULL; 3023 STACK_OF(SSL_CIPHER) *prio, *allow; 3024 int i, ii, ok; 3025 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3026 unsigned int j; 3027 int ec_ok, ec_nid; 3028 unsigned char ec_search1 = 0, ec_search2 = 0; 3029 #endif 3030 CERT *cert; 3031 unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; 3032 3033 /* Let's see which ciphers we can support */ 3034 cert = s->cert; 3035 3036 #if 0 3037 /* 3038 * Do not set the compare functions, because this may lead to a 3039 * reordering by "id". We want to keep the original ordering. 3040 * We may pay a price in performance during sk_SSL_CIPHER_find(), 3041 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 3042 */ 3043 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); 3044 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); 3045 #endif 3046 3047 #ifdef CIPHER_DEBUG 3048 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), 3049 (void *)srvr); 3050 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { 3051 c = sk_SSL_CIPHER_value(srvr, i); 3052 printf("%p:%s\n",(void *)c, c->name); 3053 } 3054 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), 3055 (void *)clnt); 3056 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { 3057 c = sk_SSL_CIPHER_value(clnt, i); 3058 printf("%p:%s\n",(void *)c, c->name); 3059 } 3060 #endif 3061 3062 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 3063 prio = srvr; 3064 allow = clnt; 3065 } else { 3066 prio = clnt; 3067 allow = srvr; 3068 } 3069 3070 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 3071 c = sk_SSL_CIPHER_value(prio, i); 3072 3073 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3074 if ((c->algorithm_ssl & SSL_TLSV1_2) && 3075 (TLS1_get_version(s) < TLS1_2_VERSION)) 3076 continue; 3077 3078 ssl_set_cert_masks(cert, c); 3079 mask_k = cert->mask_k; 3080 mask_a = cert->mask_a; 3081 emask_k = cert->export_mask_k; 3082 emask_a = cert->export_mask_a; 3083 3084 #ifdef KSSL_DEBUG 3085 /* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3086 #endif /* KSSL_DEBUG */ 3087 3088 alg_k = c->algorithm_mkey; 3089 alg_a = c->algorithm_auth; 3090 3091 #ifndef OPENSSL_NO_PSK 3092 /* with PSK there must be server callback set */ 3093 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) 3094 continue; 3095 #endif /* OPENSSL_NO_PSK */ 3096 3097 if (SSL_C_IS_EXPORT(c)) { 3098 ok = (alg_k & emask_k) && (alg_a & emask_a); 3099 #ifdef CIPHER_DEBUG 3100 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", 3101 ok, alg_k, alg_a, emask_k, emask_a, (void *)c, 3102 c->name); 3103 #endif 3104 } else { 3105 ok = (alg_k & mask_k) && (alg_a & mask_a); 3106 #ifdef CIPHER_DEBUG 3107 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", 3108 ok, alg_k, alg_a, mask_k, mask_a,(void *)c, 3109 c->name); 3110 #endif 3111 } 3112 3113 #ifndef OPENSSL_NO_TLSEXT 3114 #ifndef OPENSSL_NO_EC 3115 if ( 3116 /* 3117 * if we are considering an ECC cipher suite that uses our 3118 * certificate 3119 */ 3120 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3121 /* and we have an ECC certificate */ 3122 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3123 /* 3124 * and the client specified a Supported Point Formats 3125 * extension 3126 */ 3127 && ((s->session->tlsext_ecpointformatlist_length > 0) && 3128 (s->session->tlsext_ecpointformatlist != NULL)) 3129 /* and our certificate's point is compressed */ 3130 && ( 3131 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3132 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL) 3133 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL) 3134 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL) 3135 && ( 3136 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED) 3137 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1) 3138 ) 3139 ) 3140 ) { 3141 ec_ok = 0; 3142 /* 3143 * If our certificate's curve is over a field type 3144 * that the client does not support then do not allow 3145 * this cipher suite to be negotiated 3146 */ 3147 if ( 3148 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3149 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3150 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3151 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) 3152 ) { 3153 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) { 3154 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) { 3155 ec_ok = 1; 3156 break; 3157 } 3158 } 3159 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) { 3160 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++) { 3161 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) { 3162 ec_ok = 1; 3163 break; 3164 } 3165 } 3166 } 3167 ok = ok && ec_ok; 3168 } 3169 if ( 3170 /* 3171 * If we are considering an ECC cipher suite that uses our 3172 * certificate 3173 */ 3174 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3175 /* and we have an ECC certificate */ 3176 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3177 /* and the client specified an EllipticCurves extension */ 3178 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3179 ) { 3180 ec_ok = 0; 3181 if ( 3182 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3183 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3184 ) { 3185 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group); 3186 if ((ec_nid == 0) 3187 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL) 3188 ) { 3189 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field) { 3190 ec_search1 = 0xFF; 3191 ec_search2 = 0x01; 3192 } else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field) { 3193 ec_search1 = 0xFF; 3194 ec_search2 = 0x02; 3195 } 3196 } else { 3197 ec_search1 = 0x00; 3198 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3199 } 3200 if ((ec_search1 != 0) || (ec_search2 != 0)) { 3201 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) { 3202 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) { 3203 ec_ok = 1; 3204 break; 3205 } 3206 } 3207 } 3208 } 3209 ok = ok && ec_ok; 3210 } 3211 if ( 3212 /* 3213 * if we are considering an ECC cipher suite that uses an 3214 * ephemeral EC key 3215 */ 3216 (alg_k & SSL_kEECDH) 3217 /* and we have an ephemeral EC key */ 3218 && (s->cert->ecdh_tmp != NULL) 3219 /* and the client specified an EllipticCurves extension */ 3220 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL)) 3221 ) { 3222 ec_ok = 0; 3223 if (s->cert->ecdh_tmp->group != NULL) { 3224 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group); 3225 if ((ec_nid == 0) 3226 && (s->cert->ecdh_tmp->group->meth != NULL) 3227 ) { 3228 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field) { 3229 ec_search1 = 0xFF; 3230 ec_search2 = 0x01; 3231 } else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field) { 3232 ec_search1 = 0xFF; 3233 ec_search2 = 0x02; 3234 } 3235 } else { 3236 ec_search1 = 0x00; 3237 ec_search2 = tls1_ec_nid2curve_id(ec_nid); 3238 } 3239 if ((ec_search1 != 0) || (ec_search2 != 0)) { 3240 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++) { 3241 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j + 1] == ec_search2)) { 3242 ec_ok = 1; 3243 break; 3244 } 3245 } 3246 } 3247 } 3248 ok = ok && ec_ok; 3249 } 3250 #endif /* OPENSSL_NO_EC */ 3251 #endif /* OPENSSL_NO_TLSEXT */ 3252 3253 if (!ok) 3254 continue; 3255 ii = sk_SSL_CIPHER_find(allow, c); 3256 if (ii >= 0) { 3257 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 3258 if ((alg_k & SSL_kEECDH) && 3259 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { 3260 if (!ret) 3261 ret = sk_SSL_CIPHER_value(allow, ii); 3262 continue; 3263 } 3264 #endif 3265 ret = sk_SSL_CIPHER_value(allow, ii); 3266 break; 3267 } 3268 } 3269 return (ret); 3270 } 3271 3272 int 3273 ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3274 { 3275 int ret = 0; 3276 unsigned long alg_k; 3277 3278 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 3279 3280 #ifndef OPENSSL_NO_GOST 3281 if (s->version >= TLS1_VERSION) { 3282 if (alg_k & SSL_kGOST) { 3283 p[ret++] = TLS_CT_GOST94_SIGN; 3284 p[ret++] = TLS_CT_GOST01_SIGN; 3285 return (ret); 3286 } 3287 } 3288 #endif 3289 3290 #ifndef OPENSSL_NO_DH 3291 if (alg_k & (SSL_kDHr|SSL_kEDH)) { 3292 p[ret++] = SSL3_CT_RSA_FIXED_DH; 3293 p[ret++] = SSL3_CT_DSS_FIXED_DH; 3294 } 3295 if ((s->version == SSL3_VERSION) && 3296 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) { 3297 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; 3298 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; 3299 } 3300 #endif /* !OPENSSL_NO_DH */ 3301 p[ret++] = SSL3_CT_RSA_SIGN; 3302 p[ret++] = SSL3_CT_DSS_SIGN; 3303 #ifndef OPENSSL_NO_ECDH 3304 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { 3305 p[ret++] = TLS_CT_RSA_FIXED_ECDH; 3306 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; 3307 } 3308 #endif 3309 3310 #ifndef OPENSSL_NO_ECDSA 3311 /* 3312 * ECDSA certs can be used with RSA cipher suites as well 3313 * so we don't need to check for SSL_kECDH or SSL_kEECDH 3314 */ 3315 if (s->version >= TLS1_VERSION) { 3316 p[ret++] = TLS_CT_ECDSA_SIGN; 3317 } 3318 #endif 3319 return (ret); 3320 } 3321 3322 int 3323 ssl3_shutdown(SSL *s) 3324 { 3325 int ret; 3326 3327 /* 3328 * Don't do anything much if we have not done the handshake or 3329 * we don't want to send messages :-) 3330 */ 3331 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 3332 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 3333 return (1); 3334 } 3335 3336 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { 3337 s->shutdown|=SSL_SENT_SHUTDOWN; 3338 #if 1 3339 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 3340 #endif 3341 /* 3342 * Our shutdown alert has been sent now, and if it still needs 3343 * to be written, s->s3->alert_dispatch will be true 3344 */ 3345 if (s->s3->alert_dispatch) 3346 return(-1); /* return WANT_WRITE */ 3347 } else if (s->s3->alert_dispatch) { 3348 /* resend it if not sent */ 3349 #if 1 3350 ret = s->method->ssl_dispatch_alert(s); 3351 if (ret == -1) { 3352 /* 3353 * We only get to return -1 here the 2nd/Nth 3354 * invocation, we must have already signalled 3355 * return 0 upon a previous invoation, 3356 * return WANT_WRITE 3357 */ 3358 return (ret); 3359 } 3360 #endif 3361 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 3362 /* If we are waiting for a close from our peer, we are closed */ 3363 s->method->ssl_read_bytes(s, 0, NULL, 0, 0); 3364 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 3365 return(-1); /* return WANT_READ */ 3366 } 3367 } 3368 3369 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 3370 !s->s3->alert_dispatch) 3371 return (1); 3372 else 3373 return (0); 3374 } 3375 3376 int 3377 ssl3_write(SSL *s, const void *buf, int len) 3378 { 3379 int ret, n; 3380 3381 #if 0 3382 if (s->shutdown & SSL_SEND_SHUTDOWN) { 3383 s->rwstate = SSL_NOTHING; 3384 return (0); 3385 } 3386 #endif 3387 errno = 0; 3388 if (s->s3->renegotiate) 3389 ssl3_renegotiate_check(s); 3390 3391 /* 3392 * This is an experimental flag that sends the 3393 * last handshake message in the same packet as the first 3394 * use data - used to see if it helps the TCP protocol during 3395 * session-id reuse 3396 */ 3397 /* The second test is because the buffer may have been removed */ 3398 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 3399 /* First time through, we write into the buffer */ 3400 if (s->s3->delay_buf_pop_ret == 0) { 3401 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 3402 buf, len); 3403 if (ret <= 0) 3404 return (ret); 3405 3406 s->s3->delay_buf_pop_ret = ret; 3407 } 3408 3409 s->rwstate = SSL_WRITING; 3410 n = BIO_flush(s->wbio); 3411 if (n <= 0) 3412 return (n); 3413 s->rwstate = SSL_NOTHING; 3414 3415 /* We have flushed the buffer, so remove it */ 3416 ssl_free_wbio_buffer(s); 3417 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 3418 3419 ret = s->s3->delay_buf_pop_ret; 3420 s->s3->delay_buf_pop_ret = 0; 3421 } else { 3422 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 3423 buf, len); 3424 if (ret <= 0) 3425 return (ret); 3426 } 3427 3428 return (ret); 3429 } 3430 3431 static int 3432 ssl3_read_internal(SSL *s, void *buf, int len, int peek) 3433 { 3434 int ret; 3435 3436 errno = 0; 3437 if (s->s3->renegotiate) 3438 ssl3_renegotiate_check(s); 3439 s->s3->in_read_app_data = 1; 3440 ret = s->method->ssl_read_bytes(s, 3441 SSL3_RT_APPLICATION_DATA, buf, len, peek); 3442 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 3443 /* 3444 * ssl3_read_bytes decided to call s->handshake_func, which 3445 * called ssl3_read_bytes to read handshake data. 3446 * However, ssl3_read_bytes actually found application data 3447 * and thinks that application data makes sense here; so disable 3448 * handshake processing and try to read application data again. 3449 */ 3450 s->in_handshake++; 3451 ret = s->method->ssl_read_bytes(s, 3452 SSL3_RT_APPLICATION_DATA, buf, len, peek); 3453 s->in_handshake--; 3454 } else 3455 s->s3->in_read_app_data = 0; 3456 3457 return (ret); 3458 } 3459 3460 int 3461 ssl3_read(SSL *s, void *buf, int len) 3462 { 3463 return ssl3_read_internal(s, buf, len, 0); 3464 } 3465 3466 int 3467 ssl3_peek(SSL *s, void *buf, int len) 3468 { 3469 return ssl3_read_internal(s, buf, len, 1); 3470 } 3471 3472 int 3473 ssl3_renegotiate(SSL *s) 3474 { 3475 if (s->handshake_func == NULL) 3476 return (1); 3477 3478 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 3479 return (0); 3480 3481 s->s3->renegotiate = 1; 3482 return (1); 3483 } 3484 3485 int 3486 ssl3_renegotiate_check(SSL *s) 3487 { 3488 int ret = 0; 3489 3490 if (s->s3->renegotiate) { 3491 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 3492 !SSL_in_init(s)) { 3493 /* 3494 * If we are the server, and we have sent 3495 * a 'RENEGOTIATE' message, we need to go 3496 * to SSL_ST_ACCEPT. 3497 */ 3498 /* SSL_ST_ACCEPT */ 3499 s->state = SSL_ST_RENEGOTIATE; 3500 s->s3->renegotiate = 0; 3501 s->s3->num_renegotiations++; 3502 s->s3->total_renegotiations++; 3503 ret = 1; 3504 } 3505 } 3506 return (ret); 3507 } 3508 /* 3509 * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 3510 * to new SHA256 PRF and handshake macs 3511 */ 3512 long 3513 ssl_get_algorithm2(SSL *s) 3514 { 3515 long alg2 = s->s3->tmp.new_cipher->algorithm2; 3516 3517 if (s->method->version == TLS1_2_VERSION && 3518 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 3519 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 3520 return alg2; 3521 } 3522