1 /* $OpenBSD: s3_lib.c,v 1.85 2014/11/18 05:33:43 miod Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * 114 * Portions of the attached software ("Contribution") are developed by 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 * 117 * The Contribution is licensed pursuant to the OpenSSL open source 118 * license provided above. 119 * 120 * ECC cipher suite support in OpenSSL originally written by 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 * 123 */ 124 /* ==================================================================== 125 * Copyright 2005 Nokia. All rights reserved. 126 * 127 * The portions of the attached software ("Contribution") is developed by 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 * license. 130 * 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 * support (see RFC 4279) to OpenSSL. 134 * 135 * No patent licenses or other rights except those expressly stated in 136 * the OpenSSL open source license shall be deemed granted or received 137 * expressly, by implication, estoppel, or otherwise. 138 * 139 * No assurances are provided by Nokia that the Contribution does not 140 * infringe the patent or other intellectual property rights of any third 141 * party or that the license provides you with all the necessary rights 142 * to make use of the Contribution. 143 * 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 * OTHERWISE. 149 */ 150 151 #include <stdio.h> 152 153 #include <openssl/dh.h> 154 #include <openssl/md5.h> 155 #include <openssl/objects.h> 156 157 #include "ssl_locl.h" 158 159 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) 160 161 /* 162 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the 163 * fixed nonce length in algorithms2. It is the inverse of the 164 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro. 165 */ 166 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) 167 168 /* list of available SSLv3 ciphers (sorted by id) */ 169 SSL_CIPHER ssl3_ciphers[] = { 170 171 /* The RSA ciphers */ 172 /* Cipher 01 */ 173 { 174 .valid = 1, 175 .name = SSL3_TXT_RSA_NULL_MD5, 176 .id = SSL3_CK_RSA_NULL_MD5, 177 .algorithm_mkey = SSL_kRSA, 178 .algorithm_auth = SSL_aRSA, 179 .algorithm_enc = SSL_eNULL, 180 .algorithm_mac = SSL_MD5, 181 .algorithm_ssl = SSL_SSLV3, 182 .algo_strength = SSL_STRONG_NONE, 183 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 184 .strength_bits = 0, 185 .alg_bits = 0, 186 }, 187 188 /* Cipher 02 */ 189 { 190 .valid = 1, 191 .name = SSL3_TXT_RSA_NULL_SHA, 192 .id = SSL3_CK_RSA_NULL_SHA, 193 .algorithm_mkey = SSL_kRSA, 194 .algorithm_auth = SSL_aRSA, 195 .algorithm_enc = SSL_eNULL, 196 .algorithm_mac = SSL_SHA1, 197 .algorithm_ssl = SSL_SSLV3, 198 .algo_strength = SSL_STRONG_NONE, 199 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 200 .strength_bits = 0, 201 .alg_bits = 0, 202 }, 203 204 /* Cipher 04 */ 205 { 206 .valid = 1, 207 .name = SSL3_TXT_RSA_RC4_128_MD5, 208 .id = SSL3_CK_RSA_RC4_128_MD5, 209 .algorithm_mkey = SSL_kRSA, 210 .algorithm_auth = SSL_aRSA, 211 .algorithm_enc = SSL_RC4, 212 .algorithm_mac = SSL_MD5, 213 .algorithm_ssl = SSL_SSLV3, 214 .algo_strength = SSL_MEDIUM, 215 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 216 .strength_bits = 128, 217 .alg_bits = 128, 218 }, 219 220 /* Cipher 05 */ 221 { 222 .valid = 1, 223 .name = SSL3_TXT_RSA_RC4_128_SHA, 224 .id = SSL3_CK_RSA_RC4_128_SHA, 225 .algorithm_mkey = SSL_kRSA, 226 .algorithm_auth = SSL_aRSA, 227 .algorithm_enc = SSL_RC4, 228 .algorithm_mac = SSL_SHA1, 229 .algorithm_ssl = SSL_SSLV3, 230 .algo_strength = SSL_MEDIUM, 231 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 232 .strength_bits = 128, 233 .alg_bits = 128, 234 }, 235 236 /* Cipher 07 */ 237 #ifndef OPENSSL_NO_IDEA 238 { 239 .valid = 1, 240 .name = SSL3_TXT_RSA_IDEA_128_SHA, 241 .id = SSL3_CK_RSA_IDEA_128_SHA, 242 .algorithm_mkey = SSL_kRSA, 243 .algorithm_auth = SSL_aRSA, 244 .algorithm_enc = SSL_IDEA, 245 .algorithm_mac = SSL_SHA1, 246 .algorithm_ssl = SSL_SSLV3, 247 .algo_strength = SSL_MEDIUM, 248 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 249 .strength_bits = 128, 250 .alg_bits = 128, 251 }, 252 #endif 253 254 /* Cipher 09 */ 255 { 256 .valid = 1, 257 .name = SSL3_TXT_RSA_DES_64_CBC_SHA, 258 .id = SSL3_CK_RSA_DES_64_CBC_SHA, 259 .algorithm_mkey = SSL_kRSA, 260 .algorithm_auth = SSL_aRSA, 261 .algorithm_enc = SSL_DES, 262 .algorithm_mac = SSL_SHA1, 263 .algorithm_ssl = SSL_SSLV3, 264 .algo_strength = SSL_LOW, 265 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 266 .strength_bits = 56, 267 .alg_bits = 56, 268 }, 269 270 /* Cipher 0A */ 271 { 272 .valid = 1, 273 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, 274 .id = SSL3_CK_RSA_DES_192_CBC3_SHA, 275 .algorithm_mkey = SSL_kRSA, 276 .algorithm_auth = SSL_aRSA, 277 .algorithm_enc = SSL_3DES, 278 .algorithm_mac = SSL_SHA1, 279 .algorithm_ssl = SSL_SSLV3, 280 .algo_strength = SSL_HIGH, 281 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 282 .strength_bits = 112, 283 .alg_bits = 168, 284 }, 285 286 /* 287 * Ephemeral DH (DHE) ciphers. 288 */ 289 290 /* Cipher 12 */ 291 { 292 .valid = 1, 293 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 294 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 295 .algorithm_mkey = SSL_kDHE, 296 .algorithm_auth = SSL_aDSS, 297 .algorithm_enc = SSL_DES, 298 .algorithm_mac = SSL_SHA1, 299 .algorithm_ssl = SSL_SSLV3, 300 .algo_strength = SSL_LOW, 301 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 302 .strength_bits = 56, 303 .alg_bits = 56, 304 }, 305 306 /* Cipher 13 */ 307 { 308 .valid = 1, 309 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 310 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 311 .algorithm_mkey = SSL_kDHE, 312 .algorithm_auth = SSL_aDSS, 313 .algorithm_enc = SSL_3DES, 314 .algorithm_mac = SSL_SHA1, 315 .algorithm_ssl = SSL_SSLV3, 316 .algo_strength = SSL_HIGH, 317 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 318 .strength_bits = 112, 319 .alg_bits = 168, 320 }, 321 322 /* Cipher 15 */ 323 { 324 .valid = 1, 325 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 326 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 327 .algorithm_mkey = SSL_kDHE, 328 .algorithm_auth = SSL_aRSA, 329 .algorithm_enc = SSL_DES, 330 .algorithm_mac = SSL_SHA1, 331 .algorithm_ssl = SSL_SSLV3, 332 .algo_strength = SSL_LOW, 333 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 334 .strength_bits = 56, 335 .alg_bits = 56, 336 }, 337 338 /* Cipher 16 */ 339 { 340 .valid = 1, 341 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 342 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 343 .algorithm_mkey = SSL_kDHE, 344 .algorithm_auth = SSL_aRSA, 345 .algorithm_enc = SSL_3DES, 346 .algorithm_mac = SSL_SHA1, 347 .algorithm_ssl = SSL_SSLV3, 348 .algo_strength = SSL_HIGH, 349 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 350 .strength_bits = 112, 351 .alg_bits = 168, 352 }, 353 354 /* Cipher 18 */ 355 { 356 .valid = 1, 357 .name = SSL3_TXT_ADH_RC4_128_MD5, 358 .id = SSL3_CK_ADH_RC4_128_MD5, 359 .algorithm_mkey = SSL_kDHE, 360 .algorithm_auth = SSL_aNULL, 361 .algorithm_enc = SSL_RC4, 362 .algorithm_mac = SSL_MD5, 363 .algorithm_ssl = SSL_SSLV3, 364 .algo_strength = SSL_MEDIUM, 365 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 366 .strength_bits = 128, 367 .alg_bits = 128, 368 }, 369 370 /* Cipher 1A */ 371 { 372 .valid = 1, 373 .name = SSL3_TXT_ADH_DES_64_CBC_SHA, 374 .id = SSL3_CK_ADH_DES_64_CBC_SHA, 375 .algorithm_mkey = SSL_kDHE, 376 .algorithm_auth = SSL_aNULL, 377 .algorithm_enc = SSL_DES, 378 .algorithm_mac = SSL_SHA1, 379 .algorithm_ssl = SSL_SSLV3, 380 .algo_strength = SSL_LOW, 381 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 382 .strength_bits = 56, 383 .alg_bits = 56, 384 }, 385 386 /* Cipher 1B */ 387 { 388 .valid = 1, 389 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 390 .id = SSL3_CK_ADH_DES_192_CBC_SHA, 391 .algorithm_mkey = SSL_kDHE, 392 .algorithm_auth = SSL_aNULL, 393 .algorithm_enc = SSL_3DES, 394 .algorithm_mac = SSL_SHA1, 395 .algorithm_ssl = SSL_SSLV3, 396 .algo_strength = SSL_HIGH, 397 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 398 .strength_bits = 112, 399 .alg_bits = 168, 400 }, 401 402 /* 403 * AES ciphersuites. 404 */ 405 406 /* Cipher 2F */ 407 { 408 .valid = 1, 409 .name = TLS1_TXT_RSA_WITH_AES_128_SHA, 410 .id = TLS1_CK_RSA_WITH_AES_128_SHA, 411 .algorithm_mkey = SSL_kRSA, 412 .algorithm_auth = SSL_aRSA, 413 .algorithm_enc = SSL_AES128, 414 .algorithm_mac = SSL_SHA1, 415 .algorithm_ssl = SSL_TLSV1, 416 .algo_strength = SSL_HIGH, 417 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 418 .strength_bits = 128, 419 .alg_bits = 128, 420 }, 421 422 /* Cipher 32 */ 423 { 424 .valid = 1, 425 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 426 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 427 .algorithm_mkey = SSL_kDHE, 428 .algorithm_auth = SSL_aDSS, 429 .algorithm_enc = SSL_AES128, 430 .algorithm_mac = SSL_SHA1, 431 .algorithm_ssl = SSL_TLSV1, 432 .algo_strength = SSL_HIGH, 433 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 434 .strength_bits = 128, 435 .alg_bits = 128, 436 }, 437 438 /* Cipher 33 */ 439 { 440 .valid = 1, 441 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 442 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 443 .algorithm_mkey = SSL_kDHE, 444 .algorithm_auth = SSL_aRSA, 445 .algorithm_enc = SSL_AES128, 446 .algorithm_mac = SSL_SHA1, 447 .algorithm_ssl = SSL_TLSV1, 448 .algo_strength = SSL_HIGH, 449 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 450 .strength_bits = 128, 451 .alg_bits = 128, 452 }, 453 454 /* Cipher 34 */ 455 { 456 .valid = 1, 457 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 458 .id = TLS1_CK_ADH_WITH_AES_128_SHA, 459 .algorithm_mkey = SSL_kDHE, 460 .algorithm_auth = SSL_aNULL, 461 .algorithm_enc = SSL_AES128, 462 .algorithm_mac = SSL_SHA1, 463 .algorithm_ssl = SSL_TLSV1, 464 .algo_strength = SSL_HIGH, 465 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 466 .strength_bits = 128, 467 .alg_bits = 128, 468 }, 469 470 /* Cipher 35 */ 471 { 472 .valid = 1, 473 .name = TLS1_TXT_RSA_WITH_AES_256_SHA, 474 .id = TLS1_CK_RSA_WITH_AES_256_SHA, 475 .algorithm_mkey = SSL_kRSA, 476 .algorithm_auth = SSL_aRSA, 477 .algorithm_enc = SSL_AES256, 478 .algorithm_mac = SSL_SHA1, 479 .algorithm_ssl = SSL_TLSV1, 480 .algo_strength = SSL_HIGH, 481 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 482 .strength_bits = 256, 483 .alg_bits = 256, 484 }, 485 486 /* Cipher 38 */ 487 { 488 .valid = 1, 489 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 490 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 491 .algorithm_mkey = SSL_kDHE, 492 .algorithm_auth = SSL_aDSS, 493 .algorithm_enc = SSL_AES256, 494 .algorithm_mac = SSL_SHA1, 495 .algorithm_ssl = SSL_TLSV1, 496 .algo_strength = SSL_HIGH, 497 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 498 .strength_bits = 256, 499 .alg_bits = 256, 500 }, 501 502 /* Cipher 39 */ 503 { 504 .valid = 1, 505 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 506 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 507 .algorithm_mkey = SSL_kDHE, 508 .algorithm_auth = SSL_aRSA, 509 .algorithm_enc = SSL_AES256, 510 .algorithm_mac = SSL_SHA1, 511 .algorithm_ssl = SSL_TLSV1, 512 .algo_strength = SSL_HIGH, 513 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 514 .strength_bits = 256, 515 .alg_bits = 256, 516 }, 517 518 /* Cipher 3A */ 519 { 520 .valid = 1, 521 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 522 .id = TLS1_CK_ADH_WITH_AES_256_SHA, 523 .algorithm_mkey = SSL_kDHE, 524 .algorithm_auth = SSL_aNULL, 525 .algorithm_enc = SSL_AES256, 526 .algorithm_mac = SSL_SHA1, 527 .algorithm_ssl = SSL_TLSV1, 528 .algo_strength = SSL_HIGH, 529 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 530 .strength_bits = 256, 531 .alg_bits = 256, 532 }, 533 534 /* TLS v1.2 ciphersuites */ 535 /* Cipher 3B */ 536 { 537 .valid = 1, 538 .name = TLS1_TXT_RSA_WITH_NULL_SHA256, 539 .id = TLS1_CK_RSA_WITH_NULL_SHA256, 540 .algorithm_mkey = SSL_kRSA, 541 .algorithm_auth = SSL_aRSA, 542 .algorithm_enc = SSL_eNULL, 543 .algorithm_mac = SSL_SHA256, 544 .algorithm_ssl = SSL_TLSV1_2, 545 .algo_strength = SSL_STRONG_NONE, 546 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 547 .strength_bits = 0, 548 .alg_bits = 0, 549 }, 550 551 /* Cipher 3C */ 552 { 553 .valid = 1, 554 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, 555 .id = TLS1_CK_RSA_WITH_AES_128_SHA256, 556 .algorithm_mkey = SSL_kRSA, 557 .algorithm_auth = SSL_aRSA, 558 .algorithm_enc = SSL_AES128, 559 .algorithm_mac = SSL_SHA256, 560 .algorithm_ssl = SSL_TLSV1_2, 561 .algo_strength = SSL_HIGH, 562 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 563 .strength_bits = 128, 564 .alg_bits = 128, 565 }, 566 567 /* Cipher 3D */ 568 { 569 .valid = 1, 570 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, 571 .id = TLS1_CK_RSA_WITH_AES_256_SHA256, 572 .algorithm_mkey = SSL_kRSA, 573 .algorithm_auth = SSL_aRSA, 574 .algorithm_enc = SSL_AES256, 575 .algorithm_mac = SSL_SHA256, 576 .algorithm_ssl = SSL_TLSV1_2, 577 .algo_strength = SSL_HIGH, 578 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 579 .strength_bits = 256, 580 .alg_bits = 256, 581 }, 582 583 /* Cipher 40 */ 584 { 585 .valid = 1, 586 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 587 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 588 .algorithm_mkey = SSL_kDHE, 589 .algorithm_auth = SSL_aDSS, 590 .algorithm_enc = SSL_AES128, 591 .algorithm_mac = SSL_SHA256, 592 .algorithm_ssl = SSL_TLSV1_2, 593 .algo_strength = SSL_HIGH, 594 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 595 .strength_bits = 128, 596 .alg_bits = 128, 597 }, 598 599 #ifndef OPENSSL_NO_CAMELLIA 600 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 601 602 /* Cipher 41 */ 603 { 604 .valid = 1, 605 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 606 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 607 .algorithm_mkey = SSL_kRSA, 608 .algorithm_auth = SSL_aRSA, 609 .algorithm_enc = SSL_CAMELLIA128, 610 .algorithm_mac = SSL_SHA1, 611 .algorithm_ssl = SSL_TLSV1, 612 .algo_strength = SSL_HIGH, 613 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 614 .strength_bits = 128, 615 .alg_bits = 128, 616 }, 617 618 /* Cipher 44 */ 619 { 620 .valid = 1, 621 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 622 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 623 .algorithm_mkey = SSL_kDHE, 624 .algorithm_auth = SSL_aDSS, 625 .algorithm_enc = SSL_CAMELLIA128, 626 .algorithm_mac = SSL_SHA1, 627 .algorithm_ssl = SSL_TLSV1, 628 .algo_strength = SSL_HIGH, 629 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 630 .strength_bits = 128, 631 .alg_bits = 128, 632 }, 633 634 /* Cipher 45 */ 635 { 636 .valid = 1, 637 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 638 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 639 .algorithm_mkey = SSL_kDHE, 640 .algorithm_auth = SSL_aRSA, 641 .algorithm_enc = SSL_CAMELLIA128, 642 .algorithm_mac = SSL_SHA1, 643 .algorithm_ssl = SSL_TLSV1, 644 .algo_strength = SSL_HIGH, 645 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 646 .strength_bits = 128, 647 .alg_bits = 128, 648 }, 649 650 /* Cipher 46 */ 651 { 652 .valid = 1, 653 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 654 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 655 .algorithm_mkey = SSL_kDHE, 656 .algorithm_auth = SSL_aNULL, 657 .algorithm_enc = SSL_CAMELLIA128, 658 .algorithm_mac = SSL_SHA1, 659 .algorithm_ssl = SSL_TLSV1, 660 .algo_strength = SSL_HIGH, 661 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 662 .strength_bits = 128, 663 .alg_bits = 128, 664 }, 665 #endif /* OPENSSL_NO_CAMELLIA */ 666 667 /* TLS v1.2 ciphersuites */ 668 /* Cipher 67 */ 669 { 670 .valid = 1, 671 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 672 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 673 .algorithm_mkey = SSL_kDHE, 674 .algorithm_auth = SSL_aRSA, 675 .algorithm_enc = SSL_AES128, 676 .algorithm_mac = SSL_SHA256, 677 .algorithm_ssl = SSL_TLSV1_2, 678 .algo_strength = SSL_HIGH, 679 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 680 .strength_bits = 128, 681 .alg_bits = 128, 682 }, 683 684 /* Cipher 6A */ 685 { 686 .valid = 1, 687 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 688 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 689 .algorithm_mkey = SSL_kDHE, 690 .algorithm_auth = SSL_aDSS, 691 .algorithm_enc = SSL_AES256, 692 .algorithm_mac = SSL_SHA256, 693 .algorithm_ssl = SSL_TLSV1_2, 694 .algo_strength = SSL_HIGH, 695 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 696 .strength_bits = 256, 697 .alg_bits = 256, 698 }, 699 700 /* Cipher 6B */ 701 { 702 .valid = 1, 703 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 704 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 705 .algorithm_mkey = SSL_kDHE, 706 .algorithm_auth = SSL_aRSA, 707 .algorithm_enc = SSL_AES256, 708 .algorithm_mac = SSL_SHA256, 709 .algorithm_ssl = SSL_TLSV1_2, 710 .algo_strength = SSL_HIGH, 711 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 712 .strength_bits = 256, 713 .alg_bits = 256, 714 }, 715 716 /* Cipher 6C */ 717 { 718 .valid = 1, 719 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 720 .id = TLS1_CK_ADH_WITH_AES_128_SHA256, 721 .algorithm_mkey = SSL_kDHE, 722 .algorithm_auth = SSL_aNULL, 723 .algorithm_enc = SSL_AES128, 724 .algorithm_mac = SSL_SHA256, 725 .algorithm_ssl = SSL_TLSV1_2, 726 .algo_strength = SSL_HIGH, 727 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 728 .strength_bits = 128, 729 .alg_bits = 128, 730 }, 731 732 /* Cipher 6D */ 733 { 734 .valid = 1, 735 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 736 .id = TLS1_CK_ADH_WITH_AES_256_SHA256, 737 .algorithm_mkey = SSL_kDHE, 738 .algorithm_auth = SSL_aNULL, 739 .algorithm_enc = SSL_AES256, 740 .algorithm_mac = SSL_SHA256, 741 .algorithm_ssl = SSL_TLSV1_2, 742 .algo_strength = SSL_HIGH, 743 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 744 .strength_bits = 256, 745 .alg_bits = 256, 746 }, 747 748 /* GOST Ciphersuites */ 749 750 /* Cipher 80 */ 751 { 752 .valid = 1, 753 .name = "GOST94-GOST89-GOST89", 754 .id = 0x3000080, 755 .algorithm_mkey = SSL_kGOST, 756 .algorithm_auth = SSL_aGOST94, 757 .algorithm_enc = SSL_eGOST2814789CNT, 758 .algorithm_mac = SSL_GOST89MAC, 759 .algorithm_ssl = SSL_TLSV1, 760 .algo_strength = SSL_HIGH, 761 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| 762 TLS1_STREAM_MAC, 763 .strength_bits = 256, 764 .alg_bits = 256 765 }, 766 767 /* Cipher 81 */ 768 { 769 .valid = 1, 770 .name = "GOST2001-GOST89-GOST89", 771 .id = 0x3000081, 772 .algorithm_mkey = SSL_kGOST, 773 .algorithm_auth = SSL_aGOST01, 774 .algorithm_enc = SSL_eGOST2814789CNT, 775 .algorithm_mac = SSL_GOST89MAC, 776 .algorithm_ssl = SSL_TLSV1, 777 .algo_strength = SSL_HIGH, 778 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| 779 TLS1_STREAM_MAC, 780 .strength_bits = 256, 781 .alg_bits = 256 782 }, 783 784 /* Cipher 82 */ 785 { 786 .valid = 1, 787 .name = "GOST94-NULL-GOST94", 788 .id = 0x3000082, 789 .algorithm_mkey = SSL_kGOST, 790 .algorithm_auth = SSL_aGOST94, 791 .algorithm_enc = SSL_eNULL, 792 .algorithm_mac = SSL_GOST94, 793 .algorithm_ssl = SSL_TLSV1, 794 .algo_strength = SSL_STRONG_NONE, 795 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 796 .strength_bits = 0, 797 .alg_bits = 0 798 }, 799 800 /* Cipher 83 */ 801 { 802 .valid = 1, 803 .name = "GOST2001-NULL-GOST94", 804 .id = 0x3000083, 805 .algorithm_mkey = SSL_kGOST, 806 .algorithm_auth = SSL_aGOST01, 807 .algorithm_enc = SSL_eNULL, 808 .algorithm_mac = SSL_GOST94, 809 .algorithm_ssl = SSL_TLSV1, 810 .algo_strength = SSL_STRONG_NONE, 811 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 812 .strength_bits = 0, 813 .alg_bits = 0 814 }, 815 816 #ifndef OPENSSL_NO_CAMELLIA 817 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 818 819 /* Cipher 84 */ 820 { 821 .valid = 1, 822 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 823 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 824 .algorithm_mkey = SSL_kRSA, 825 .algorithm_auth = SSL_aRSA, 826 .algorithm_enc = SSL_CAMELLIA256, 827 .algorithm_mac = SSL_SHA1, 828 .algorithm_ssl = SSL_TLSV1, 829 .algo_strength = SSL_HIGH, 830 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 831 .strength_bits = 256, 832 .alg_bits = 256, 833 }, 834 835 /* Cipher 87 */ 836 { 837 .valid = 1, 838 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 839 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 840 .algorithm_mkey = SSL_kDHE, 841 .algorithm_auth = SSL_aDSS, 842 .algorithm_enc = SSL_CAMELLIA256, 843 .algorithm_mac = SSL_SHA1, 844 .algorithm_ssl = SSL_TLSV1, 845 .algo_strength = SSL_HIGH, 846 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 847 .strength_bits = 256, 848 .alg_bits = 256, 849 }, 850 851 /* Cipher 88 */ 852 { 853 .valid = 1, 854 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 855 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 856 .algorithm_mkey = SSL_kDHE, 857 .algorithm_auth = SSL_aRSA, 858 .algorithm_enc = SSL_CAMELLIA256, 859 .algorithm_mac = SSL_SHA1, 860 .algorithm_ssl = SSL_TLSV1, 861 .algo_strength = SSL_HIGH, 862 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 863 .strength_bits = 256, 864 .alg_bits = 256, 865 }, 866 867 /* Cipher 89 */ 868 { 869 .valid = 1, 870 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 871 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 872 .algorithm_mkey = SSL_kDHE, 873 .algorithm_auth = SSL_aNULL, 874 .algorithm_enc = SSL_CAMELLIA256, 875 .algorithm_mac = SSL_SHA1, 876 .algorithm_ssl = SSL_TLSV1, 877 .algo_strength = SSL_HIGH, 878 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 879 .strength_bits = 256, 880 .alg_bits = 256, 881 }, 882 #endif /* OPENSSL_NO_CAMELLIA */ 883 884 /* 885 * GCM ciphersuites from RFC5288. 886 */ 887 888 /* Cipher 9C */ 889 { 890 .valid = 1, 891 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 892 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 893 .algorithm_mkey = SSL_kRSA, 894 .algorithm_auth = SSL_aRSA, 895 .algorithm_enc = SSL_AES128GCM, 896 .algorithm_mac = SSL_AEAD, 897 .algorithm_ssl = SSL_TLSV1_2, 898 .algo_strength = SSL_HIGH, 899 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 900 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 901 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 902 .strength_bits = 128, 903 .alg_bits = 128, 904 }, 905 906 /* Cipher 9D */ 907 { 908 .valid = 1, 909 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 910 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 911 .algorithm_mkey = SSL_kRSA, 912 .algorithm_auth = SSL_aRSA, 913 .algorithm_enc = SSL_AES256GCM, 914 .algorithm_mac = SSL_AEAD, 915 .algorithm_ssl = SSL_TLSV1_2, 916 .algo_strength = SSL_HIGH, 917 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 918 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 919 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 920 .strength_bits = 256, 921 .alg_bits = 256, 922 }, 923 924 /* Cipher 9E */ 925 { 926 .valid = 1, 927 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 928 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 929 .algorithm_mkey = SSL_kDHE, 930 .algorithm_auth = SSL_aRSA, 931 .algorithm_enc = SSL_AES128GCM, 932 .algorithm_mac = SSL_AEAD, 933 .algorithm_ssl = SSL_TLSV1_2, 934 .algo_strength = SSL_HIGH, 935 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 936 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 937 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 938 .strength_bits = 128, 939 .alg_bits = 128, 940 }, 941 942 /* Cipher 9F */ 943 { 944 .valid = 1, 945 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 946 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 947 .algorithm_mkey = SSL_kDHE, 948 .algorithm_auth = SSL_aRSA, 949 .algorithm_enc = SSL_AES256GCM, 950 .algorithm_mac = SSL_AEAD, 951 .algorithm_ssl = SSL_TLSV1_2, 952 .algo_strength = SSL_HIGH, 953 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 954 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 955 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 956 .strength_bits = 256, 957 .alg_bits = 256, 958 }, 959 960 /* Cipher A2 */ 961 { 962 .valid = 1, 963 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 964 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 965 .algorithm_mkey = SSL_kDHE, 966 .algorithm_auth = SSL_aDSS, 967 .algorithm_enc = SSL_AES128GCM, 968 .algorithm_mac = SSL_AEAD, 969 .algorithm_ssl = SSL_TLSV1_2, 970 .algo_strength = SSL_HIGH, 971 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 972 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 973 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 974 .strength_bits = 128, 975 .alg_bits = 128, 976 }, 977 978 /* Cipher A3 */ 979 { 980 .valid = 1, 981 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 982 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 983 .algorithm_mkey = SSL_kDHE, 984 .algorithm_auth = SSL_aDSS, 985 .algorithm_enc = SSL_AES256GCM, 986 .algorithm_mac = SSL_AEAD, 987 .algorithm_ssl = SSL_TLSV1_2, 988 .algo_strength = SSL_HIGH, 989 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 990 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 991 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 992 .strength_bits = 256, 993 .alg_bits = 256, 994 }, 995 996 /* Cipher A6 */ 997 { 998 .valid = 1, 999 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 1000 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 1001 .algorithm_mkey = SSL_kDHE, 1002 .algorithm_auth = SSL_aNULL, 1003 .algorithm_enc = SSL_AES128GCM, 1004 .algorithm_mac = SSL_AEAD, 1005 .algorithm_ssl = SSL_TLSV1_2, 1006 .algo_strength = SSL_HIGH, 1007 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1008 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1009 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1010 .strength_bits = 128, 1011 .alg_bits = 128, 1012 }, 1013 1014 /* Cipher A7 */ 1015 { 1016 .valid = 1, 1017 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 1018 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 1019 .algorithm_mkey = SSL_kDHE, 1020 .algorithm_auth = SSL_aNULL, 1021 .algorithm_enc = SSL_AES256GCM, 1022 .algorithm_mac = SSL_AEAD, 1023 .algorithm_ssl = SSL_TLSV1_2, 1024 .algo_strength = SSL_HIGH, 1025 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1026 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1027 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1028 .strength_bits = 256, 1029 .alg_bits = 256, 1030 }, 1031 1032 /* Cipher C001 */ 1033 { 1034 .valid = 1, 1035 .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 1036 .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 1037 .algorithm_mkey = SSL_kECDHe, 1038 .algorithm_auth = SSL_aECDH, 1039 .algorithm_enc = SSL_eNULL, 1040 .algorithm_mac = SSL_SHA1, 1041 .algorithm_ssl = SSL_TLSV1, 1042 .algo_strength = SSL_STRONG_NONE, 1043 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1044 .strength_bits = 0, 1045 .alg_bits = 0, 1046 }, 1047 1048 /* Cipher C002 */ 1049 { 1050 .valid = 1, 1051 .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 1052 .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 1053 .algorithm_mkey = SSL_kECDHe, 1054 .algorithm_auth = SSL_aECDH, 1055 .algorithm_enc = SSL_RC4, 1056 .algorithm_mac = SSL_SHA1, 1057 .algorithm_ssl = SSL_TLSV1, 1058 .algo_strength = SSL_MEDIUM, 1059 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1060 .strength_bits = 128, 1061 .alg_bits = 128, 1062 }, 1063 1064 /* Cipher C003 */ 1065 { 1066 .valid = 1, 1067 .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1068 .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1069 .algorithm_mkey = SSL_kECDHe, 1070 .algorithm_auth = SSL_aECDH, 1071 .algorithm_enc = SSL_3DES, 1072 .algorithm_mac = SSL_SHA1, 1073 .algorithm_ssl = SSL_TLSV1, 1074 .algo_strength = SSL_HIGH, 1075 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1076 .strength_bits = 112, 1077 .alg_bits = 168, 1078 }, 1079 1080 /* Cipher C004 */ 1081 { 1082 .valid = 1, 1083 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1084 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1085 .algorithm_mkey = SSL_kECDHe, 1086 .algorithm_auth = SSL_aECDH, 1087 .algorithm_enc = SSL_AES128, 1088 .algorithm_mac = SSL_SHA1, 1089 .algorithm_ssl = SSL_TLSV1, 1090 .algo_strength = SSL_HIGH, 1091 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1092 .strength_bits = 128, 1093 .alg_bits = 128, 1094 }, 1095 1096 /* Cipher C005 */ 1097 { 1098 .valid = 1, 1099 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1100 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1101 .algorithm_mkey = SSL_kECDHe, 1102 .algorithm_auth = SSL_aECDH, 1103 .algorithm_enc = SSL_AES256, 1104 .algorithm_mac = SSL_SHA1, 1105 .algorithm_ssl = SSL_TLSV1, 1106 .algo_strength = SSL_HIGH, 1107 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1108 .strength_bits = 256, 1109 .alg_bits = 256, 1110 }, 1111 1112 /* Cipher C006 */ 1113 { 1114 .valid = 1, 1115 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1116 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1117 .algorithm_mkey = SSL_kECDHE, 1118 .algorithm_auth = SSL_aECDSA, 1119 .algorithm_enc = SSL_eNULL, 1120 .algorithm_mac = SSL_SHA1, 1121 .algorithm_ssl = SSL_TLSV1, 1122 .algo_strength = SSL_STRONG_NONE, 1123 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1124 .strength_bits = 0, 1125 .alg_bits = 0, 1126 }, 1127 1128 /* Cipher C007 */ 1129 { 1130 .valid = 1, 1131 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1132 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1133 .algorithm_mkey = SSL_kECDHE, 1134 .algorithm_auth = SSL_aECDSA, 1135 .algorithm_enc = SSL_RC4, 1136 .algorithm_mac = SSL_SHA1, 1137 .algorithm_ssl = SSL_TLSV1, 1138 .algo_strength = SSL_MEDIUM, 1139 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1140 .strength_bits = 128, 1141 .alg_bits = 128, 1142 }, 1143 1144 /* Cipher C008 */ 1145 { 1146 .valid = 1, 1147 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1148 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1149 .algorithm_mkey = SSL_kECDHE, 1150 .algorithm_auth = SSL_aECDSA, 1151 .algorithm_enc = SSL_3DES, 1152 .algorithm_mac = SSL_SHA1, 1153 .algorithm_ssl = SSL_TLSV1, 1154 .algo_strength = SSL_HIGH, 1155 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1156 .strength_bits = 112, 1157 .alg_bits = 168, 1158 }, 1159 1160 /* Cipher C009 */ 1161 { 1162 .valid = 1, 1163 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1164 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1165 .algorithm_mkey = SSL_kECDHE, 1166 .algorithm_auth = SSL_aECDSA, 1167 .algorithm_enc = SSL_AES128, 1168 .algorithm_mac = SSL_SHA1, 1169 .algorithm_ssl = SSL_TLSV1, 1170 .algo_strength = SSL_HIGH, 1171 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1172 .strength_bits = 128, 1173 .alg_bits = 128, 1174 }, 1175 1176 /* Cipher C00A */ 1177 { 1178 .valid = 1, 1179 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1180 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1181 .algorithm_mkey = SSL_kECDHE, 1182 .algorithm_auth = SSL_aECDSA, 1183 .algorithm_enc = SSL_AES256, 1184 .algorithm_mac = SSL_SHA1, 1185 .algorithm_ssl = SSL_TLSV1, 1186 .algo_strength = SSL_HIGH, 1187 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1188 .strength_bits = 256, 1189 .alg_bits = 256, 1190 }, 1191 1192 /* Cipher C00B */ 1193 { 1194 .valid = 1, 1195 .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 1196 .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 1197 .algorithm_mkey = SSL_kECDHr, 1198 .algorithm_auth = SSL_aECDH, 1199 .algorithm_enc = SSL_eNULL, 1200 .algorithm_mac = SSL_SHA1, 1201 .algorithm_ssl = SSL_TLSV1, 1202 .algo_strength = SSL_STRONG_NONE, 1203 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1204 .strength_bits = 0, 1205 .alg_bits = 0, 1206 }, 1207 1208 /* Cipher C00C */ 1209 { 1210 .valid = 1, 1211 .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 1212 .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 1213 .algorithm_mkey = SSL_kECDHr, 1214 .algorithm_auth = SSL_aECDH, 1215 .algorithm_enc = SSL_RC4, 1216 .algorithm_mac = SSL_SHA1, 1217 .algorithm_ssl = SSL_TLSV1, 1218 .algo_strength = SSL_MEDIUM, 1219 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1220 .strength_bits = 128, 1221 .alg_bits = 128, 1222 }, 1223 1224 /* Cipher C00D */ 1225 { 1226 .valid = 1, 1227 .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1228 .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1229 .algorithm_mkey = SSL_kECDHr, 1230 .algorithm_auth = SSL_aECDH, 1231 .algorithm_enc = SSL_3DES, 1232 .algorithm_mac = SSL_SHA1, 1233 .algorithm_ssl = SSL_TLSV1, 1234 .algo_strength = SSL_HIGH, 1235 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1236 .strength_bits = 112, 1237 .alg_bits = 168, 1238 }, 1239 1240 /* Cipher C00E */ 1241 { 1242 .valid = 1, 1243 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 1244 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 1245 .algorithm_mkey = SSL_kECDHr, 1246 .algorithm_auth = SSL_aECDH, 1247 .algorithm_enc = SSL_AES128, 1248 .algorithm_mac = SSL_SHA1, 1249 .algorithm_ssl = SSL_TLSV1, 1250 .algo_strength = SSL_HIGH, 1251 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1252 .strength_bits = 128, 1253 .alg_bits = 128, 1254 }, 1255 1256 /* Cipher C00F */ 1257 { 1258 .valid = 1, 1259 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 1260 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 1261 .algorithm_mkey = SSL_kECDHr, 1262 .algorithm_auth = SSL_aECDH, 1263 .algorithm_enc = SSL_AES256, 1264 .algorithm_mac = SSL_SHA1, 1265 .algorithm_ssl = SSL_TLSV1, 1266 .algo_strength = SSL_HIGH, 1267 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1268 .strength_bits = 256, 1269 .alg_bits = 256, 1270 }, 1271 1272 /* Cipher C010 */ 1273 { 1274 .valid = 1, 1275 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1276 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1277 .algorithm_mkey = SSL_kECDHE, 1278 .algorithm_auth = SSL_aRSA, 1279 .algorithm_enc = SSL_eNULL, 1280 .algorithm_mac = SSL_SHA1, 1281 .algorithm_ssl = SSL_TLSV1, 1282 .algo_strength = SSL_STRONG_NONE, 1283 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1284 .strength_bits = 0, 1285 .alg_bits = 0, 1286 }, 1287 1288 /* Cipher C011 */ 1289 { 1290 .valid = 1, 1291 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1292 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1293 .algorithm_mkey = SSL_kECDHE, 1294 .algorithm_auth = SSL_aRSA, 1295 .algorithm_enc = SSL_RC4, 1296 .algorithm_mac = SSL_SHA1, 1297 .algorithm_ssl = SSL_TLSV1, 1298 .algo_strength = SSL_MEDIUM, 1299 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1300 .strength_bits = 128, 1301 .alg_bits = 128, 1302 }, 1303 1304 /* Cipher C012 */ 1305 { 1306 .valid = 1, 1307 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1308 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1309 .algorithm_mkey = SSL_kECDHE, 1310 .algorithm_auth = SSL_aRSA, 1311 .algorithm_enc = SSL_3DES, 1312 .algorithm_mac = SSL_SHA1, 1313 .algorithm_ssl = SSL_TLSV1, 1314 .algo_strength = SSL_HIGH, 1315 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1316 .strength_bits = 112, 1317 .alg_bits = 168, 1318 }, 1319 1320 /* Cipher C013 */ 1321 { 1322 .valid = 1, 1323 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1324 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1325 .algorithm_mkey = SSL_kECDHE, 1326 .algorithm_auth = SSL_aRSA, 1327 .algorithm_enc = SSL_AES128, 1328 .algorithm_mac = SSL_SHA1, 1329 .algorithm_ssl = SSL_TLSV1, 1330 .algo_strength = SSL_HIGH, 1331 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1332 .strength_bits = 128, 1333 .alg_bits = 128, 1334 }, 1335 1336 /* Cipher C014 */ 1337 { 1338 .valid = 1, 1339 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1340 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1341 .algorithm_mkey = SSL_kECDHE, 1342 .algorithm_auth = SSL_aRSA, 1343 .algorithm_enc = SSL_AES256, 1344 .algorithm_mac = SSL_SHA1, 1345 .algorithm_ssl = SSL_TLSV1, 1346 .algo_strength = SSL_HIGH, 1347 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1348 .strength_bits = 256, 1349 .alg_bits = 256, 1350 }, 1351 1352 /* Cipher C015 */ 1353 { 1354 .valid = 1, 1355 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1356 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1357 .algorithm_mkey = SSL_kECDHE, 1358 .algorithm_auth = SSL_aNULL, 1359 .algorithm_enc = SSL_eNULL, 1360 .algorithm_mac = SSL_SHA1, 1361 .algorithm_ssl = SSL_TLSV1, 1362 .algo_strength = SSL_STRONG_NONE, 1363 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1364 .strength_bits = 0, 1365 .alg_bits = 0, 1366 }, 1367 1368 /* Cipher C016 */ 1369 { 1370 .valid = 1, 1371 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1372 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1373 .algorithm_mkey = SSL_kECDHE, 1374 .algorithm_auth = SSL_aNULL, 1375 .algorithm_enc = SSL_RC4, 1376 .algorithm_mac = SSL_SHA1, 1377 .algorithm_ssl = SSL_TLSV1, 1378 .algo_strength = SSL_MEDIUM, 1379 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1380 .strength_bits = 128, 1381 .alg_bits = 128, 1382 }, 1383 1384 /* Cipher C017 */ 1385 { 1386 .valid = 1, 1387 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1388 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1389 .algorithm_mkey = SSL_kECDHE, 1390 .algorithm_auth = SSL_aNULL, 1391 .algorithm_enc = SSL_3DES, 1392 .algorithm_mac = SSL_SHA1, 1393 .algorithm_ssl = SSL_TLSV1, 1394 .algo_strength = SSL_HIGH, 1395 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1396 .strength_bits = 112, 1397 .alg_bits = 168, 1398 }, 1399 1400 /* Cipher C018 */ 1401 { 1402 .valid = 1, 1403 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1404 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1405 .algorithm_mkey = SSL_kECDHE, 1406 .algorithm_auth = SSL_aNULL, 1407 .algorithm_enc = SSL_AES128, 1408 .algorithm_mac = SSL_SHA1, 1409 .algorithm_ssl = SSL_TLSV1, 1410 .algo_strength = SSL_HIGH, 1411 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1412 .strength_bits = 128, 1413 .alg_bits = 128, 1414 }, 1415 1416 /* Cipher C019 */ 1417 { 1418 .valid = 1, 1419 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1420 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1421 .algorithm_mkey = SSL_kECDHE, 1422 .algorithm_auth = SSL_aNULL, 1423 .algorithm_enc = SSL_AES256, 1424 .algorithm_mac = SSL_SHA1, 1425 .algorithm_ssl = SSL_TLSV1, 1426 .algo_strength = SSL_HIGH, 1427 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1428 .strength_bits = 256, 1429 .alg_bits = 256, 1430 }, 1431 1432 1433 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 1434 1435 /* Cipher C023 */ 1436 { 1437 .valid = 1, 1438 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1439 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1440 .algorithm_mkey = SSL_kECDHE, 1441 .algorithm_auth = SSL_aECDSA, 1442 .algorithm_enc = SSL_AES128, 1443 .algorithm_mac = SSL_SHA256, 1444 .algorithm_ssl = SSL_TLSV1_2, 1445 .algo_strength = SSL_HIGH, 1446 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1447 .strength_bits = 128, 1448 .alg_bits = 128, 1449 }, 1450 1451 /* Cipher C024 */ 1452 { 1453 .valid = 1, 1454 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1455 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1456 .algorithm_mkey = SSL_kECDHE, 1457 .algorithm_auth = SSL_aECDSA, 1458 .algorithm_enc = SSL_AES256, 1459 .algorithm_mac = SSL_SHA384, 1460 .algorithm_ssl = SSL_TLSV1_2, 1461 .algo_strength = SSL_HIGH, 1462 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1463 .strength_bits = 256, 1464 .alg_bits = 256, 1465 }, 1466 1467 /* Cipher C025 */ 1468 { 1469 .valid = 1, 1470 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 1471 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 1472 .algorithm_mkey = SSL_kECDHe, 1473 .algorithm_auth = SSL_aECDH, 1474 .algorithm_enc = SSL_AES128, 1475 .algorithm_mac = SSL_SHA256, 1476 .algorithm_ssl = SSL_TLSV1_2, 1477 .algo_strength = SSL_HIGH, 1478 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1479 .strength_bits = 128, 1480 .alg_bits = 128, 1481 }, 1482 1483 /* Cipher C026 */ 1484 { 1485 .valid = 1, 1486 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 1487 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 1488 .algorithm_mkey = SSL_kECDHe, 1489 .algorithm_auth = SSL_aECDH, 1490 .algorithm_enc = SSL_AES256, 1491 .algorithm_mac = SSL_SHA384, 1492 .algorithm_ssl = SSL_TLSV1_2, 1493 .algo_strength = SSL_HIGH, 1494 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1495 .strength_bits = 256, 1496 .alg_bits = 256, 1497 }, 1498 1499 /* Cipher C027 */ 1500 { 1501 .valid = 1, 1502 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1503 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1504 .algorithm_mkey = SSL_kECDHE, 1505 .algorithm_auth = SSL_aRSA, 1506 .algorithm_enc = SSL_AES128, 1507 .algorithm_mac = SSL_SHA256, 1508 .algorithm_ssl = SSL_TLSV1_2, 1509 .algo_strength = SSL_HIGH, 1510 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1511 .strength_bits = 128, 1512 .alg_bits = 128, 1513 }, 1514 1515 /* Cipher C028 */ 1516 { 1517 .valid = 1, 1518 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1519 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 1520 .algorithm_mkey = SSL_kECDHE, 1521 .algorithm_auth = SSL_aRSA, 1522 .algorithm_enc = SSL_AES256, 1523 .algorithm_mac = SSL_SHA384, 1524 .algorithm_ssl = SSL_TLSV1_2, 1525 .algo_strength = SSL_HIGH, 1526 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1527 .strength_bits = 256, 1528 .alg_bits = 256, 1529 }, 1530 1531 /* Cipher C029 */ 1532 { 1533 .valid = 1, 1534 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 1535 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 1536 .algorithm_mkey = SSL_kECDHr, 1537 .algorithm_auth = SSL_aECDH, 1538 .algorithm_enc = SSL_AES128, 1539 .algorithm_mac = SSL_SHA256, 1540 .algorithm_ssl = SSL_TLSV1_2, 1541 .algo_strength = SSL_HIGH, 1542 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1543 .strength_bits = 128, 1544 .alg_bits = 128, 1545 }, 1546 1547 /* Cipher C02A */ 1548 { 1549 .valid = 1, 1550 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 1551 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 1552 .algorithm_mkey = SSL_kECDHr, 1553 .algorithm_auth = SSL_aECDH, 1554 .algorithm_enc = SSL_AES256, 1555 .algorithm_mac = SSL_SHA384, 1556 .algorithm_ssl = SSL_TLSV1_2, 1557 .algo_strength = SSL_HIGH, 1558 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1559 .strength_bits = 256, 1560 .alg_bits = 256, 1561 }, 1562 1563 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 1564 1565 /* Cipher C02B */ 1566 { 1567 .valid = 1, 1568 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1569 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1570 .algorithm_mkey = SSL_kECDHE, 1571 .algorithm_auth = SSL_aECDSA, 1572 .algorithm_enc = SSL_AES128GCM, 1573 .algorithm_mac = SSL_AEAD, 1574 .algorithm_ssl = SSL_TLSV1_2, 1575 .algo_strength = SSL_HIGH, 1576 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1577 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1578 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1579 .strength_bits = 128, 1580 .alg_bits = 128, 1581 }, 1582 1583 /* Cipher C02C */ 1584 { 1585 .valid = 1, 1586 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1587 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1588 .algorithm_mkey = SSL_kECDHE, 1589 .algorithm_auth = SSL_aECDSA, 1590 .algorithm_enc = SSL_AES256GCM, 1591 .algorithm_mac = SSL_AEAD, 1592 .algorithm_ssl = SSL_TLSV1_2, 1593 .algo_strength = SSL_HIGH, 1594 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1595 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1596 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1597 .strength_bits = 256, 1598 .alg_bits = 256, 1599 }, 1600 1601 /* Cipher C02D */ 1602 { 1603 .valid = 1, 1604 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 1605 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 1606 .algorithm_mkey = SSL_kECDHe, 1607 .algorithm_auth = SSL_aECDH, 1608 .algorithm_enc = SSL_AES128GCM, 1609 .algorithm_mac = SSL_AEAD, 1610 .algorithm_ssl = SSL_TLSV1_2, 1611 .algo_strength = SSL_HIGH, 1612 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1613 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1614 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1615 .strength_bits = 128, 1616 .alg_bits = 128, 1617 }, 1618 1619 /* Cipher C02E */ 1620 { 1621 .valid = 1, 1622 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 1623 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 1624 .algorithm_mkey = SSL_kECDHe, 1625 .algorithm_auth = SSL_aECDH, 1626 .algorithm_enc = SSL_AES256GCM, 1627 .algorithm_mac = SSL_AEAD, 1628 .algorithm_ssl = SSL_TLSV1_2, 1629 .algo_strength = SSL_HIGH, 1630 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1631 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1632 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1633 .strength_bits = 256, 1634 .alg_bits = 256, 1635 }, 1636 1637 /* Cipher C02F */ 1638 { 1639 .valid = 1, 1640 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1641 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1642 .algorithm_mkey = SSL_kECDHE, 1643 .algorithm_auth = SSL_aRSA, 1644 .algorithm_enc = SSL_AES128GCM, 1645 .algorithm_mac = SSL_AEAD, 1646 .algorithm_ssl = SSL_TLSV1_2, 1647 .algo_strength = SSL_HIGH, 1648 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1649 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1650 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1651 .strength_bits = 128, 1652 .alg_bits = 128, 1653 }, 1654 1655 /* Cipher C030 */ 1656 { 1657 .valid = 1, 1658 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1659 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1660 .algorithm_mkey = SSL_kECDHE, 1661 .algorithm_auth = SSL_aRSA, 1662 .algorithm_enc = SSL_AES256GCM, 1663 .algorithm_mac = SSL_AEAD, 1664 .algorithm_ssl = SSL_TLSV1_2, 1665 .algo_strength = SSL_HIGH, 1666 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1667 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1668 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1669 .strength_bits = 256, 1670 .alg_bits = 256, 1671 }, 1672 1673 /* Cipher C031 */ 1674 { 1675 .valid = 1, 1676 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 1677 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 1678 .algorithm_mkey = SSL_kECDHr, 1679 .algorithm_auth = SSL_aECDH, 1680 .algorithm_enc = SSL_AES128GCM, 1681 .algorithm_mac = SSL_AEAD, 1682 .algorithm_ssl = SSL_TLSV1_2, 1683 .algo_strength = SSL_HIGH, 1684 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1685 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1686 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1687 .strength_bits = 128, 1688 .alg_bits = 128, 1689 }, 1690 1691 /* Cipher C032 */ 1692 { 1693 .valid = 1, 1694 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 1695 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 1696 .algorithm_mkey = SSL_kECDHr, 1697 .algorithm_auth = SSL_aECDH, 1698 .algorithm_enc = SSL_AES256GCM, 1699 .algorithm_mac = SSL_AEAD, 1700 .algorithm_ssl = SSL_TLSV1_2, 1701 .algo_strength = SSL_HIGH, 1702 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1703 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1704 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1705 .strength_bits = 256, 1706 .alg_bits = 256, 1707 }, 1708 1709 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 1710 /* Cipher CC13 */ 1711 { 1712 .valid = 1, 1713 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 1714 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 1715 .algorithm_mkey = SSL_kECDHE, 1716 .algorithm_auth = SSL_aRSA, 1717 .algorithm_enc = SSL_CHACHA20POLY1305, 1718 .algorithm_mac = SSL_AEAD, 1719 .algorithm_ssl = SSL_TLSV1_2, 1720 .algo_strength = SSL_HIGH, 1721 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1722 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1723 .strength_bits = 256, 1724 .alg_bits = 0, 1725 }, 1726 1727 /* Cipher CC14 */ 1728 { 1729 .valid = 1, 1730 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 1731 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 1732 .algorithm_mkey = SSL_kECDHE, 1733 .algorithm_auth = SSL_aECDSA, 1734 .algorithm_enc = SSL_CHACHA20POLY1305, 1735 .algorithm_mac = SSL_AEAD, 1736 .algorithm_ssl = SSL_TLSV1_2, 1737 .algo_strength = SSL_HIGH, 1738 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1739 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1740 .strength_bits = 256, 1741 .alg_bits = 0, 1742 }, 1743 1744 /* Cipher CC15 */ 1745 { 1746 .valid = 1, 1747 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 1748 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, 1749 .algorithm_mkey = SSL_kDHE, 1750 .algorithm_auth = SSL_aRSA, 1751 .algorithm_enc = SSL_CHACHA20POLY1305, 1752 .algorithm_mac = SSL_AEAD, 1753 .algorithm_ssl = SSL_TLSV1_2, 1754 .algo_strength = SSL_HIGH, 1755 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1756 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1757 .strength_bits = 256, 1758 .alg_bits = 0, 1759 }, 1760 #endif 1761 1762 /* Cipher FF85 FIXME IANA */ 1763 { 1764 .valid = 1, 1765 .name = "GOST2012256-GOST89-GOST89", 1766 .id = 0x300ff85, /* FIXME IANA */ 1767 .algorithm_mkey = SSL_kGOST, 1768 .algorithm_auth = SSL_aGOST01, 1769 .algorithm_enc = SSL_eGOST2814789CNT, 1770 .algorithm_mac = SSL_GOST89MAC, 1771 .algorithm_ssl = SSL_TLSV1, 1772 .algo_strength = SSL_HIGH, 1773 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| 1774 TLS1_STREAM_MAC, 1775 .strength_bits = 256, 1776 .alg_bits = 256 1777 }, 1778 1779 /* Cipher FF87 FIXME IANA */ 1780 { 1781 .valid = 1, 1782 .name = "GOST2012256-NULL-STREEBOG256", 1783 .id = 0x300ff87, /* FIXME IANA */ 1784 .algorithm_mkey = SSL_kGOST, 1785 .algorithm_auth = SSL_aGOST01, 1786 .algorithm_enc = SSL_eNULL, 1787 .algorithm_mac = SSL_STREEBOG256, 1788 .algorithm_ssl = SSL_TLSV1, 1789 .algo_strength = SSL_STRONG_NONE, 1790 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, 1791 .strength_bits = 0, 1792 .alg_bits = 0 1793 }, 1794 1795 1796 /* end of list */ 1797 }; 1798 1799 SSL3_ENC_METHOD SSLv3_enc_data = { 1800 .enc = ssl3_enc, 1801 .mac = n_ssl3_mac, 1802 .setup_key_block = ssl3_setup_key_block, 1803 .generate_master_secret = ssl3_generate_master_secret, 1804 .change_cipher_state = ssl3_change_cipher_state, 1805 .final_finish_mac = ssl3_final_finish_mac, 1806 .finish_mac_length = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 1807 .cert_verify_mac = ssl3_cert_verify_mac, 1808 .client_finished_label = SSL3_MD_CLIENT_FINISHED_CONST, 1809 .client_finished_label_len = 4, 1810 .server_finished_label = SSL3_MD_SERVER_FINISHED_CONST, 1811 .server_finished_label_len = 4, 1812 .alert_value = ssl3_alert_code, 1813 .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, 1814 const char *, size_t, const unsigned char *, size_t, 1815 int use_context))ssl_undefined_function, 1816 .enc_flags = 0, 1817 }; 1818 1819 long 1820 ssl3_default_timeout(void) 1821 { 1822 /* 1823 * 2 hours, the 24 hours mentioned in the SSLv3 spec 1824 * is way too long for http, the cache would over fill 1825 */ 1826 return (60 * 60 * 2); 1827 } 1828 1829 int 1830 ssl3_num_ciphers(void) 1831 { 1832 return (SSL3_NUM_CIPHERS); 1833 } 1834 1835 const SSL_CIPHER * 1836 ssl3_get_cipher(unsigned int u) 1837 { 1838 if (u < SSL3_NUM_CIPHERS) 1839 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); 1840 else 1841 return (NULL); 1842 } 1843 1844 const SSL_CIPHER * 1845 ssl3_get_cipher_by_id(unsigned int id) 1846 { 1847 const SSL_CIPHER *cp; 1848 SSL_CIPHER c; 1849 1850 c.id = id; 1851 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 1852 if (cp != NULL && cp->valid == 1) 1853 return (cp); 1854 return (NULL); 1855 } 1856 1857 uint16_t 1858 ssl3_cipher_get_value(const SSL_CIPHER *c) 1859 { 1860 return (c->id & SSL3_CK_VALUE_MASK); 1861 } 1862 1863 int 1864 ssl3_pending(const SSL *s) 1865 { 1866 if (s->rstate == SSL_ST_READ_BODY) 1867 return 0; 1868 1869 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? 1870 s->s3->rrec.length : 0; 1871 } 1872 1873 int 1874 ssl3_new(SSL *s) 1875 { 1876 SSL3_STATE *s3; 1877 1878 if ((s3 = calloc(1, sizeof *s3)) == NULL) 1879 goto err; 1880 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 1881 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 1882 1883 s->s3 = s3; 1884 1885 s->method->ssl_clear(s); 1886 return (1); 1887 err: 1888 return (0); 1889 } 1890 1891 void 1892 ssl3_free(SSL *s) 1893 { 1894 if (s == NULL) 1895 return; 1896 1897 ssl3_cleanup_key_block(s); 1898 ssl3_release_read_buffer(s); 1899 ssl3_release_write_buffer(s); 1900 1901 DH_free(s->s3->tmp.dh); 1902 EC_KEY_free(s->s3->tmp.ecdh); 1903 1904 if (s->s3->tmp.ca_names != NULL) 1905 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 1906 BIO_free(s->s3->handshake_buffer); 1907 ssl3_free_digest_list(s); 1908 OPENSSL_cleanse(s->s3, sizeof *s->s3); 1909 free(s->s3); 1910 s->s3 = NULL; 1911 } 1912 1913 void 1914 ssl3_clear(SSL *s) 1915 { 1916 unsigned char *rp, *wp; 1917 size_t rlen, wlen; 1918 int init_extra; 1919 1920 ssl3_cleanup_key_block(s); 1921 if (s->s3->tmp.ca_names != NULL) 1922 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 1923 1924 DH_free(s->s3->tmp.dh); 1925 s->s3->tmp.dh = NULL; 1926 EC_KEY_free(s->s3->tmp.ecdh); 1927 s->s3->tmp.ecdh = NULL; 1928 1929 s->s3->is_probably_safari = 0; 1930 1931 rp = s->s3->rbuf.buf; 1932 wp = s->s3->wbuf.buf; 1933 rlen = s->s3->rbuf.len; 1934 wlen = s->s3->wbuf.len; 1935 init_extra = s->s3->init_extra; 1936 1937 BIO_free(s->s3->handshake_buffer); 1938 s->s3->handshake_buffer = NULL; 1939 1940 ssl3_free_digest_list(s); 1941 1942 memset(s->s3, 0, sizeof *s->s3); 1943 s->s3->rbuf.buf = rp; 1944 s->s3->wbuf.buf = wp; 1945 s->s3->rbuf.len = rlen; 1946 s->s3->wbuf.len = wlen; 1947 s->s3->init_extra = init_extra; 1948 1949 ssl_free_wbio_buffer(s); 1950 1951 s->packet_length = 0; 1952 s->s3->renegotiate = 0; 1953 s->s3->total_renegotiations = 0; 1954 s->s3->num_renegotiations = 0; 1955 s->s3->in_read_app_data = 0; 1956 s->version = SSL3_VERSION; 1957 1958 #ifndef OPENSSL_NO_NEXTPROTONEG 1959 free(s->next_proto_negotiated); 1960 s->next_proto_negotiated = NULL; 1961 s->next_proto_negotiated_len = 0; 1962 #endif 1963 } 1964 1965 1966 long 1967 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 1968 { 1969 int ret = 0; 1970 1971 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 1972 if (!ssl_cert_inst(&s->cert)) { 1973 SSLerr(SSL_F_SSL3_CTRL, 1974 ERR_R_MALLOC_FAILURE); 1975 return (0); 1976 } 1977 } 1978 1979 switch (cmd) { 1980 case SSL_CTRL_GET_SESSION_REUSED: 1981 ret = s->hit; 1982 break; 1983 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 1984 break; 1985 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 1986 ret = s->s3->num_renegotiations; 1987 break; 1988 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 1989 ret = s->s3->num_renegotiations; 1990 s->s3->num_renegotiations = 0; 1991 break; 1992 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 1993 ret = s->s3->total_renegotiations; 1994 break; 1995 case SSL_CTRL_GET_FLAGS: 1996 ret = (int)(s->s3->flags); 1997 break; 1998 case SSL_CTRL_NEED_TMP_RSA: 1999 ret = 0; 2000 break; 2001 case SSL_CTRL_SET_TMP_RSA: 2002 case SSL_CTRL_SET_TMP_RSA_CB: 2003 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2004 break; 2005 case SSL_CTRL_SET_TMP_DH: 2006 { 2007 DH *dh = (DH *)parg; 2008 if (dh == NULL) { 2009 SSLerr(SSL_F_SSL3_CTRL, 2010 ERR_R_PASSED_NULL_PARAMETER); 2011 return (ret); 2012 } 2013 if ((dh = DHparams_dup(dh)) == NULL) { 2014 SSLerr(SSL_F_SSL3_CTRL, 2015 ERR_R_DH_LIB); 2016 return (ret); 2017 } 2018 if (!(s->options & SSL_OP_SINGLE_DH_USE)) { 2019 if (!DH_generate_key(dh)) { 2020 DH_free(dh); 2021 SSLerr(SSL_F_SSL3_CTRL, 2022 ERR_R_DH_LIB); 2023 return (ret); 2024 } 2025 } 2026 DH_free(s->cert->dh_tmp); 2027 s->cert->dh_tmp = dh; 2028 ret = 1; 2029 } 2030 break; 2031 2032 case SSL_CTRL_SET_TMP_DH_CB: 2033 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2034 return (ret); 2035 2036 case SSL_CTRL_SET_DH_AUTO: 2037 s->cert->dh_tmp_auto = larg; 2038 return 1; 2039 2040 case SSL_CTRL_SET_TMP_ECDH: 2041 { 2042 EC_KEY *ecdh = NULL; 2043 2044 if (parg == NULL) { 2045 SSLerr(SSL_F_SSL3_CTRL, 2046 ERR_R_PASSED_NULL_PARAMETER); 2047 return (ret); 2048 } 2049 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 2050 SSLerr(SSL_F_SSL3_CTRL, 2051 ERR_R_ECDH_LIB); 2052 return (ret); 2053 } 2054 ecdh = (EC_KEY *)parg; 2055 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 2056 if (!EC_KEY_generate_key(ecdh)) { 2057 EC_KEY_free(ecdh); 2058 SSLerr(SSL_F_SSL3_CTRL, 2059 ERR_R_ECDH_LIB); 2060 return (ret); 2061 } 2062 } 2063 EC_KEY_free(s->cert->ecdh_tmp); 2064 s->cert->ecdh_tmp = ecdh; 2065 ret = 1; 2066 } 2067 break; 2068 case SSL_CTRL_SET_TMP_ECDH_CB: 2069 { 2070 SSLerr(SSL_F_SSL3_CTRL, 2071 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2072 return (ret); 2073 } 2074 break; 2075 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2076 if (larg == TLSEXT_NAMETYPE_host_name) { 2077 free(s->tlsext_hostname); 2078 s->tlsext_hostname = NULL; 2079 2080 ret = 1; 2081 if (parg == NULL) 2082 break; 2083 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 2084 SSLerr(SSL_F_SSL3_CTRL, 2085 SSL_R_SSL3_EXT_INVALID_SERVERNAME); 2086 return 0; 2087 } 2088 if ((s->tlsext_hostname = strdup((char *)parg)) 2089 == NULL) { 2090 SSLerr(SSL_F_SSL3_CTRL, 2091 ERR_R_INTERNAL_ERROR); 2092 return 0; 2093 } 2094 } else { 2095 SSLerr(SSL_F_SSL3_CTRL, 2096 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 2097 return 0; 2098 } 2099 break; 2100 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 2101 s->tlsext_debug_arg = parg; 2102 ret = 1; 2103 break; 2104 2105 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2106 s->tlsext_status_type = larg; 2107 ret = 1; 2108 break; 2109 2110 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 2111 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 2112 ret = 1; 2113 break; 2114 2115 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 2116 s->tlsext_ocsp_exts = parg; 2117 ret = 1; 2118 break; 2119 2120 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 2121 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 2122 ret = 1; 2123 break; 2124 2125 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 2126 s->tlsext_ocsp_ids = parg; 2127 ret = 1; 2128 break; 2129 2130 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 2131 *(unsigned char **)parg = s->tlsext_ocsp_resp; 2132 return s->tlsext_ocsp_resplen; 2133 2134 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2135 free(s->tlsext_ocsp_resp); 2136 s->tlsext_ocsp_resp = parg; 2137 s->tlsext_ocsp_resplen = larg; 2138 ret = 1; 2139 break; 2140 2141 case SSL_CTRL_SET_ECDH_AUTO: 2142 s->cert->ecdh_tmp_auto = larg; 2143 ret = 1; 2144 break; 2145 2146 default: 2147 break; 2148 } 2149 return (ret); 2150 } 2151 2152 long 2153 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 2154 { 2155 int ret = 0; 2156 2157 if (cmd == SSL_CTRL_SET_TMP_DH_CB) { 2158 if (!ssl_cert_inst(&s->cert)) { 2159 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, 2160 ERR_R_MALLOC_FAILURE); 2161 return (0); 2162 } 2163 } 2164 2165 switch (cmd) { 2166 case SSL_CTRL_SET_TMP_RSA_CB: 2167 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2168 break; 2169 case SSL_CTRL_SET_TMP_DH_CB: 2170 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2171 break; 2172 case SSL_CTRL_SET_TMP_ECDH_CB: 2173 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2174 break; 2175 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2176 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 2177 unsigned char *, int, void *))fp; 2178 break; 2179 default: 2180 break; 2181 } 2182 return (ret); 2183 } 2184 2185 long 2186 ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 2187 { 2188 CERT *cert; 2189 2190 cert = ctx->cert; 2191 2192 switch (cmd) { 2193 case SSL_CTRL_NEED_TMP_RSA: 2194 return (0); 2195 case SSL_CTRL_SET_TMP_RSA: 2196 case SSL_CTRL_SET_TMP_RSA_CB: 2197 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2198 return (0); 2199 case SSL_CTRL_SET_TMP_DH: 2200 { 2201 DH *new = NULL, *dh; 2202 2203 dh = (DH *)parg; 2204 if ((new = DHparams_dup(dh)) == NULL) { 2205 SSLerr(SSL_F_SSL3_CTX_CTRL, 2206 ERR_R_DH_LIB); 2207 return 0; 2208 } 2209 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { 2210 if (!DH_generate_key(new)) { 2211 SSLerr(SSL_F_SSL3_CTX_CTRL, 2212 ERR_R_DH_LIB); 2213 DH_free(new); 2214 return 0; 2215 } 2216 } 2217 DH_free(cert->dh_tmp); 2218 cert->dh_tmp = new; 2219 return 1; 2220 } 2221 /*break; */ 2222 2223 case SSL_CTRL_SET_TMP_DH_CB: 2224 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2225 return (0); 2226 2227 case SSL_CTRL_SET_DH_AUTO: 2228 ctx->cert->dh_tmp_auto = larg; 2229 return (1); 2230 2231 case SSL_CTRL_SET_TMP_ECDH: 2232 { 2233 EC_KEY *ecdh = NULL; 2234 2235 if (parg == NULL) { 2236 SSLerr(SSL_F_SSL3_CTX_CTRL, 2237 ERR_R_ECDH_LIB); 2238 return 0; 2239 } 2240 ecdh = EC_KEY_dup((EC_KEY *)parg); 2241 if (ecdh == NULL) { 2242 SSLerr(SSL_F_SSL3_CTX_CTRL, 2243 ERR_R_EC_LIB); 2244 return 0; 2245 } 2246 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 2247 if (!EC_KEY_generate_key(ecdh)) { 2248 EC_KEY_free(ecdh); 2249 SSLerr(SSL_F_SSL3_CTX_CTRL, 2250 ERR_R_ECDH_LIB); 2251 return 0; 2252 } 2253 } 2254 2255 EC_KEY_free(cert->ecdh_tmp); 2256 cert->ecdh_tmp = ecdh; 2257 return 1; 2258 } 2259 /* break; */ 2260 case SSL_CTRL_SET_TMP_ECDH_CB: 2261 { 2262 SSLerr(SSL_F_SSL3_CTX_CTRL, 2263 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2264 return (0); 2265 } 2266 break; 2267 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2268 ctx->tlsext_servername_arg = parg; 2269 break; 2270 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 2271 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 2272 { 2273 unsigned char *keys = parg; 2274 if (!keys) 2275 return 48; 2276 if (larg != 48) { 2277 SSLerr(SSL_F_SSL3_CTX_CTRL, 2278 SSL_R_INVALID_TICKET_KEYS_LENGTH); 2279 return 0; 2280 } 2281 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 2282 memcpy(ctx->tlsext_tick_key_name, keys, 16); 2283 memcpy(ctx->tlsext_tick_hmac_key, 2284 keys + 16, 16); 2285 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 2286 } else { 2287 memcpy(keys, ctx->tlsext_tick_key_name, 16); 2288 memcpy(keys + 16, 2289 ctx->tlsext_tick_hmac_key, 16); 2290 memcpy(keys + 32, 2291 ctx->tlsext_tick_aes_key, 16); 2292 } 2293 return 1; 2294 } 2295 2296 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2297 ctx->tlsext_status_arg = parg; 2298 return 1; 2299 break; 2300 2301 case SSL_CTRL_SET_ECDH_AUTO: 2302 ctx->cert->ecdh_tmp_auto = larg; 2303 return 1; 2304 2305 /* A Thawte special :-) */ 2306 case SSL_CTRL_EXTRA_CHAIN_CERT: 2307 if (ctx->extra_certs == NULL) { 2308 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) 2309 return (0); 2310 } 2311 sk_X509_push(ctx->extra_certs,(X509 *)parg); 2312 break; 2313 2314 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 2315 *(STACK_OF(X509) **)parg = ctx->extra_certs; 2316 break; 2317 2318 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 2319 if (ctx->extra_certs) { 2320 sk_X509_pop_free(ctx->extra_certs, X509_free); 2321 ctx->extra_certs = NULL; 2322 } 2323 break; 2324 2325 default: 2326 return (0); 2327 } 2328 return (1); 2329 } 2330 2331 long 2332 ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 2333 { 2334 CERT *cert; 2335 2336 cert = ctx->cert; 2337 2338 switch (cmd) { 2339 case SSL_CTRL_SET_TMP_RSA_CB: 2340 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2341 return (0); 2342 case SSL_CTRL_SET_TMP_DH_CB: 2343 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2344 break; 2345 case SSL_CTRL_SET_TMP_ECDH_CB: 2346 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2347 break; 2348 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2349 ctx->tlsext_servername_callback = 2350 (int (*)(SSL *, int *, void *))fp; 2351 break; 2352 2353 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2354 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2355 break; 2356 2357 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 2358 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 2359 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2360 break; 2361 2362 default: 2363 return (0); 2364 } 2365 return (1); 2366 } 2367 2368 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 2369 STACK_OF(SSL_CIPHER) *srvr) 2370 { 2371 unsigned long alg_k, alg_a, mask_k, mask_a; 2372 STACK_OF(SSL_CIPHER) *prio, *allow; 2373 SSL_CIPHER *c, *ret = NULL; 2374 int i, ii, ok; 2375 CERT *cert; 2376 2377 /* Let's see which ciphers we can support */ 2378 cert = s->cert; 2379 2380 /* 2381 * Do not set the compare functions, because this may lead to a 2382 * reordering by "id". We want to keep the original ordering. 2383 * We may pay a price in performance during sk_SSL_CIPHER_find(), 2384 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 2385 */ 2386 2387 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 2388 prio = srvr; 2389 allow = clnt; 2390 } else { 2391 prio = clnt; 2392 allow = srvr; 2393 } 2394 2395 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 2396 c = sk_SSL_CIPHER_value(prio, i); 2397 2398 /* Skip TLS v1.2 only ciphersuites if not supported. */ 2399 if ((c->algorithm_ssl & SSL_TLSV1_2) && 2400 !SSL_USE_TLS1_2_CIPHERS(s)) 2401 continue; 2402 2403 ssl_set_cert_masks(cert, c); 2404 mask_k = cert->mask_k; 2405 mask_a = cert->mask_a; 2406 2407 alg_k = c->algorithm_mkey; 2408 alg_a = c->algorithm_auth; 2409 2410 2411 ok = (alg_k & mask_k) && (alg_a & mask_a); 2412 2413 /* 2414 * If we are considering an ECC cipher suite that uses our 2415 * certificate check it. 2416 */ 2417 if (alg_a & (SSL_aECDSA|SSL_aECDH)) 2418 ok = ok && tls1_check_ec_server_key(s); 2419 /* 2420 * If we are considering an ECC cipher suite that uses 2421 * an ephemeral EC key check it. 2422 */ 2423 if (alg_k & SSL_kECDHE) 2424 ok = ok && tls1_check_ec_tmp_key(s); 2425 2426 if (!ok) 2427 continue; 2428 ii = sk_SSL_CIPHER_find(allow, c); 2429 if (ii >= 0) { 2430 if ((alg_k & SSL_kECDHE) && 2431 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { 2432 if (!ret) 2433 ret = sk_SSL_CIPHER_value(allow, ii); 2434 continue; 2435 } 2436 ret = sk_SSL_CIPHER_value(allow, ii); 2437 break; 2438 } 2439 } 2440 return (ret); 2441 } 2442 2443 int 2444 ssl3_get_req_cert_type(SSL *s, unsigned char *p) 2445 { 2446 int ret = 0; 2447 unsigned long alg_k; 2448 2449 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2450 2451 #ifndef OPENSSL_NO_GOST 2452 if ((alg_k & SSL_kGOST) && (s->version >= TLS1_VERSION)) { 2453 p[ret++] = TLS_CT_GOST94_SIGN; 2454 p[ret++] = TLS_CT_GOST01_SIGN; 2455 p[ret++] = TLS_CT_GOST12_256_SIGN; 2456 p[ret++] = TLS_CT_GOST12_512_SIGN; 2457 } 2458 #endif 2459 2460 if (alg_k & SSL_kDHE) { 2461 p[ret++] = SSL3_CT_RSA_FIXED_DH; 2462 p[ret++] = SSL3_CT_DSS_FIXED_DH; 2463 } 2464 if (s->version == SSL3_VERSION && (alg_k & SSL_kDHE)) { 2465 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; 2466 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; 2467 } 2468 p[ret++] = SSL3_CT_RSA_SIGN; 2469 p[ret++] = SSL3_CT_DSS_SIGN; 2470 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { 2471 p[ret++] = TLS_CT_RSA_FIXED_ECDH; 2472 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; 2473 } 2474 2475 /* 2476 * ECDSA certs can be used with RSA cipher suites as well 2477 * so we don't need to check for SSL_kECDH or SSL_kECDHE 2478 */ 2479 if (s->version >= TLS1_VERSION) { 2480 p[ret++] = TLS_CT_ECDSA_SIGN; 2481 } 2482 return (ret); 2483 } 2484 2485 int 2486 ssl3_shutdown(SSL *s) 2487 { 2488 int ret; 2489 2490 /* 2491 * Don't do anything much if we have not done the handshake or 2492 * we don't want to send messages :-) 2493 */ 2494 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 2495 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2496 return (1); 2497 } 2498 2499 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { 2500 s->shutdown|=SSL_SENT_SHUTDOWN; 2501 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 2502 /* 2503 * Our shutdown alert has been sent now, and if it still needs 2504 * to be written, s->s3->alert_dispatch will be true 2505 */ 2506 if (s->s3->alert_dispatch) 2507 return(-1); /* return WANT_WRITE */ 2508 } else if (s->s3->alert_dispatch) { 2509 /* resend it if not sent */ 2510 ret = s->method->ssl_dispatch_alert(s); 2511 if (ret == -1) { 2512 /* 2513 * We only get to return -1 here the 2nd/Nth 2514 * invocation, we must have already signalled 2515 * return 0 upon a previous invoation, 2516 * return WANT_WRITE 2517 */ 2518 return (ret); 2519 } 2520 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2521 /* If we are waiting for a close from our peer, we are closed */ 2522 s->method->ssl_read_bytes(s, 0, NULL, 0, 0); 2523 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2524 return(-1); /* return WANT_READ */ 2525 } 2526 } 2527 2528 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2529 !s->s3->alert_dispatch) 2530 return (1); 2531 else 2532 return (0); 2533 } 2534 2535 int 2536 ssl3_write(SSL *s, const void *buf, int len) 2537 { 2538 int ret, n; 2539 2540 #if 0 2541 if (s->shutdown & SSL_SEND_SHUTDOWN) { 2542 s->rwstate = SSL_NOTHING; 2543 return (0); 2544 } 2545 #endif 2546 errno = 0; 2547 if (s->s3->renegotiate) 2548 ssl3_renegotiate_check(s); 2549 2550 /* 2551 * This is an experimental flag that sends the 2552 * last handshake message in the same packet as the first 2553 * use data - used to see if it helps the TCP protocol during 2554 * session-id reuse 2555 */ 2556 /* The second test is because the buffer may have been removed */ 2557 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 2558 /* First time through, we write into the buffer */ 2559 if (s->s3->delay_buf_pop_ret == 0) { 2560 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2561 buf, len); 2562 if (ret <= 0) 2563 return (ret); 2564 2565 s->s3->delay_buf_pop_ret = ret; 2566 } 2567 2568 s->rwstate = SSL_WRITING; 2569 n = BIO_flush(s->wbio); 2570 if (n <= 0) 2571 return (n); 2572 s->rwstate = SSL_NOTHING; 2573 2574 /* We have flushed the buffer, so remove it */ 2575 ssl_free_wbio_buffer(s); 2576 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 2577 2578 ret = s->s3->delay_buf_pop_ret; 2579 s->s3->delay_buf_pop_ret = 0; 2580 } else { 2581 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2582 buf, len); 2583 if (ret <= 0) 2584 return (ret); 2585 } 2586 2587 return (ret); 2588 } 2589 2590 static int 2591 ssl3_read_internal(SSL *s, void *buf, int len, int peek) 2592 { 2593 int ret; 2594 2595 errno = 0; 2596 if (s->s3->renegotiate) 2597 ssl3_renegotiate_check(s); 2598 s->s3->in_read_app_data = 1; 2599 ret = s->method->ssl_read_bytes(s, 2600 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2601 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 2602 /* 2603 * ssl3_read_bytes decided to call s->handshake_func, which 2604 * called ssl3_read_bytes to read handshake data. 2605 * However, ssl3_read_bytes actually found application data 2606 * and thinks that application data makes sense here; so disable 2607 * handshake processing and try to read application data again. 2608 */ 2609 s->in_handshake++; 2610 ret = s->method->ssl_read_bytes(s, 2611 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2612 s->in_handshake--; 2613 } else 2614 s->s3->in_read_app_data = 0; 2615 2616 return (ret); 2617 } 2618 2619 int 2620 ssl3_read(SSL *s, void *buf, int len) 2621 { 2622 return ssl3_read_internal(s, buf, len, 0); 2623 } 2624 2625 int 2626 ssl3_peek(SSL *s, void *buf, int len) 2627 { 2628 return ssl3_read_internal(s, buf, len, 1); 2629 } 2630 2631 int 2632 ssl3_renegotiate(SSL *s) 2633 { 2634 if (s->handshake_func == NULL) 2635 return (1); 2636 2637 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 2638 return (0); 2639 2640 s->s3->renegotiate = 1; 2641 return (1); 2642 } 2643 2644 int 2645 ssl3_renegotiate_check(SSL *s) 2646 { 2647 int ret = 0; 2648 2649 if (s->s3->renegotiate) { 2650 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 2651 !SSL_in_init(s)) { 2652 /* 2653 * If we are the server, and we have sent 2654 * a 'RENEGOTIATE' message, we need to go 2655 * to SSL_ST_ACCEPT. 2656 */ 2657 /* SSL_ST_ACCEPT */ 2658 s->state = SSL_ST_RENEGOTIATE; 2659 s->s3->renegotiate = 0; 2660 s->s3->num_renegotiations++; 2661 s->s3->total_renegotiations++; 2662 ret = 1; 2663 } 2664 } 2665 return (ret); 2666 } 2667 /* 2668 * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 2669 * to new SHA256 PRF and handshake macs 2670 */ 2671 long 2672 ssl_get_algorithm2(SSL *s) 2673 { 2674 long alg2 = s->s3->tmp.new_cipher->algorithm2; 2675 2676 if (s->method->version == TLS1_2_VERSION && 2677 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 2678 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 2679 return alg2; 2680 } 2681