1 /* $OpenBSD: s3_lib.c,v 1.95 2015/02/08 22:06:49 miod Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * 114 * Portions of the attached software ("Contribution") are developed by 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 * 117 * The Contribution is licensed pursuant to the OpenSSL open source 118 * license provided above. 119 * 120 * ECC cipher suite support in OpenSSL originally written by 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 * 123 */ 124 /* ==================================================================== 125 * Copyright 2005 Nokia. All rights reserved. 126 * 127 * The portions of the attached software ("Contribution") is developed by 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 * license. 130 * 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 * support (see RFC 4279) to OpenSSL. 134 * 135 * No patent licenses or other rights except those expressly stated in 136 * the OpenSSL open source license shall be deemed granted or received 137 * expressly, by implication, estoppel, or otherwise. 138 * 139 * No assurances are provided by Nokia that the Contribution does not 140 * infringe the patent or other intellectual property rights of any third 141 * party or that the license provides you with all the necessary rights 142 * to make use of the Contribution. 143 * 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 * OTHERWISE. 149 */ 150 151 #include <stdio.h> 152 153 #include <openssl/dh.h> 154 #include <openssl/md5.h> 155 #include <openssl/objects.h> 156 157 #include "ssl_locl.h" 158 159 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) 160 161 /* 162 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the 163 * fixed nonce length in algorithms2. It is the inverse of the 164 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro. 165 */ 166 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) 167 168 /* list of available SSLv3 ciphers (sorted by id) */ 169 SSL_CIPHER ssl3_ciphers[] = { 170 171 /* The RSA ciphers */ 172 /* Cipher 01 */ 173 { 174 .valid = 1, 175 .name = SSL3_TXT_RSA_NULL_MD5, 176 .id = SSL3_CK_RSA_NULL_MD5, 177 .algorithm_mkey = SSL_kRSA, 178 .algorithm_auth = SSL_aRSA, 179 .algorithm_enc = SSL_eNULL, 180 .algorithm_mac = SSL_MD5, 181 .algorithm_ssl = SSL_SSLV3, 182 .algo_strength = SSL_STRONG_NONE, 183 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 184 .strength_bits = 0, 185 .alg_bits = 0, 186 }, 187 188 /* Cipher 02 */ 189 { 190 .valid = 1, 191 .name = SSL3_TXT_RSA_NULL_SHA, 192 .id = SSL3_CK_RSA_NULL_SHA, 193 .algorithm_mkey = SSL_kRSA, 194 .algorithm_auth = SSL_aRSA, 195 .algorithm_enc = SSL_eNULL, 196 .algorithm_mac = SSL_SHA1, 197 .algorithm_ssl = SSL_SSLV3, 198 .algo_strength = SSL_STRONG_NONE, 199 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 200 .strength_bits = 0, 201 .alg_bits = 0, 202 }, 203 204 /* Cipher 04 */ 205 { 206 .valid = 1, 207 .name = SSL3_TXT_RSA_RC4_128_MD5, 208 .id = SSL3_CK_RSA_RC4_128_MD5, 209 .algorithm_mkey = SSL_kRSA, 210 .algorithm_auth = SSL_aRSA, 211 .algorithm_enc = SSL_RC4, 212 .algorithm_mac = SSL_MD5, 213 .algorithm_ssl = SSL_SSLV3, 214 .algo_strength = SSL_MEDIUM, 215 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 216 .strength_bits = 128, 217 .alg_bits = 128, 218 }, 219 220 /* Cipher 05 */ 221 { 222 .valid = 1, 223 .name = SSL3_TXT_RSA_RC4_128_SHA, 224 .id = SSL3_CK_RSA_RC4_128_SHA, 225 .algorithm_mkey = SSL_kRSA, 226 .algorithm_auth = SSL_aRSA, 227 .algorithm_enc = SSL_RC4, 228 .algorithm_mac = SSL_SHA1, 229 .algorithm_ssl = SSL_SSLV3, 230 .algo_strength = SSL_MEDIUM, 231 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 232 .strength_bits = 128, 233 .alg_bits = 128, 234 }, 235 236 /* Cipher 07 */ 237 #ifndef OPENSSL_NO_IDEA 238 { 239 .valid = 1, 240 .name = SSL3_TXT_RSA_IDEA_128_SHA, 241 .id = SSL3_CK_RSA_IDEA_128_SHA, 242 .algorithm_mkey = SSL_kRSA, 243 .algorithm_auth = SSL_aRSA, 244 .algorithm_enc = SSL_IDEA, 245 .algorithm_mac = SSL_SHA1, 246 .algorithm_ssl = SSL_SSLV3, 247 .algo_strength = SSL_MEDIUM, 248 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 249 .strength_bits = 128, 250 .alg_bits = 128, 251 }, 252 #endif 253 254 /* Cipher 09 */ 255 { 256 .valid = 1, 257 .name = SSL3_TXT_RSA_DES_64_CBC_SHA, 258 .id = SSL3_CK_RSA_DES_64_CBC_SHA, 259 .algorithm_mkey = SSL_kRSA, 260 .algorithm_auth = SSL_aRSA, 261 .algorithm_enc = SSL_DES, 262 .algorithm_mac = SSL_SHA1, 263 .algorithm_ssl = SSL_SSLV3, 264 .algo_strength = SSL_LOW, 265 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 266 .strength_bits = 56, 267 .alg_bits = 56, 268 }, 269 270 /* Cipher 0A */ 271 { 272 .valid = 1, 273 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, 274 .id = SSL3_CK_RSA_DES_192_CBC3_SHA, 275 .algorithm_mkey = SSL_kRSA, 276 .algorithm_auth = SSL_aRSA, 277 .algorithm_enc = SSL_3DES, 278 .algorithm_mac = SSL_SHA1, 279 .algorithm_ssl = SSL_SSLV3, 280 .algo_strength = SSL_HIGH, 281 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 282 .strength_bits = 112, 283 .alg_bits = 168, 284 }, 285 286 /* 287 * Ephemeral DH (DHE) ciphers. 288 */ 289 290 /* Cipher 12 */ 291 { 292 .valid = 1, 293 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 294 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 295 .algorithm_mkey = SSL_kDHE, 296 .algorithm_auth = SSL_aDSS, 297 .algorithm_enc = SSL_DES, 298 .algorithm_mac = SSL_SHA1, 299 .algorithm_ssl = SSL_SSLV3, 300 .algo_strength = SSL_LOW, 301 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 302 .strength_bits = 56, 303 .alg_bits = 56, 304 }, 305 306 /* Cipher 13 */ 307 { 308 .valid = 1, 309 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 310 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 311 .algorithm_mkey = SSL_kDHE, 312 .algorithm_auth = SSL_aDSS, 313 .algorithm_enc = SSL_3DES, 314 .algorithm_mac = SSL_SHA1, 315 .algorithm_ssl = SSL_SSLV3, 316 .algo_strength = SSL_HIGH, 317 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 318 .strength_bits = 112, 319 .alg_bits = 168, 320 }, 321 322 /* Cipher 15 */ 323 { 324 .valid = 1, 325 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 326 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 327 .algorithm_mkey = SSL_kDHE, 328 .algorithm_auth = SSL_aRSA, 329 .algorithm_enc = SSL_DES, 330 .algorithm_mac = SSL_SHA1, 331 .algorithm_ssl = SSL_SSLV3, 332 .algo_strength = SSL_LOW, 333 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 334 .strength_bits = 56, 335 .alg_bits = 56, 336 }, 337 338 /* Cipher 16 */ 339 { 340 .valid = 1, 341 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 342 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 343 .algorithm_mkey = SSL_kDHE, 344 .algorithm_auth = SSL_aRSA, 345 .algorithm_enc = SSL_3DES, 346 .algorithm_mac = SSL_SHA1, 347 .algorithm_ssl = SSL_SSLV3, 348 .algo_strength = SSL_HIGH, 349 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 350 .strength_bits = 112, 351 .alg_bits = 168, 352 }, 353 354 /* Cipher 18 */ 355 { 356 .valid = 1, 357 .name = SSL3_TXT_ADH_RC4_128_MD5, 358 .id = SSL3_CK_ADH_RC4_128_MD5, 359 .algorithm_mkey = SSL_kDHE, 360 .algorithm_auth = SSL_aNULL, 361 .algorithm_enc = SSL_RC4, 362 .algorithm_mac = SSL_MD5, 363 .algorithm_ssl = SSL_SSLV3, 364 .algo_strength = SSL_MEDIUM, 365 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 366 .strength_bits = 128, 367 .alg_bits = 128, 368 }, 369 370 /* Cipher 1A */ 371 { 372 .valid = 1, 373 .name = SSL3_TXT_ADH_DES_64_CBC_SHA, 374 .id = SSL3_CK_ADH_DES_64_CBC_SHA, 375 .algorithm_mkey = SSL_kDHE, 376 .algorithm_auth = SSL_aNULL, 377 .algorithm_enc = SSL_DES, 378 .algorithm_mac = SSL_SHA1, 379 .algorithm_ssl = SSL_SSLV3, 380 .algo_strength = SSL_LOW, 381 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 382 .strength_bits = 56, 383 .alg_bits = 56, 384 }, 385 386 /* Cipher 1B */ 387 { 388 .valid = 1, 389 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 390 .id = SSL3_CK_ADH_DES_192_CBC_SHA, 391 .algorithm_mkey = SSL_kDHE, 392 .algorithm_auth = SSL_aNULL, 393 .algorithm_enc = SSL_3DES, 394 .algorithm_mac = SSL_SHA1, 395 .algorithm_ssl = SSL_SSLV3, 396 .algo_strength = SSL_HIGH, 397 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 398 .strength_bits = 112, 399 .alg_bits = 168, 400 }, 401 402 /* 403 * AES ciphersuites. 404 */ 405 406 /* Cipher 2F */ 407 { 408 .valid = 1, 409 .name = TLS1_TXT_RSA_WITH_AES_128_SHA, 410 .id = TLS1_CK_RSA_WITH_AES_128_SHA, 411 .algorithm_mkey = SSL_kRSA, 412 .algorithm_auth = SSL_aRSA, 413 .algorithm_enc = SSL_AES128, 414 .algorithm_mac = SSL_SHA1, 415 .algorithm_ssl = SSL_TLSV1, 416 .algo_strength = SSL_HIGH, 417 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 418 .strength_bits = 128, 419 .alg_bits = 128, 420 }, 421 422 /* Cipher 32 */ 423 { 424 .valid = 1, 425 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 426 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 427 .algorithm_mkey = SSL_kDHE, 428 .algorithm_auth = SSL_aDSS, 429 .algorithm_enc = SSL_AES128, 430 .algorithm_mac = SSL_SHA1, 431 .algorithm_ssl = SSL_TLSV1, 432 .algo_strength = SSL_HIGH, 433 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 434 .strength_bits = 128, 435 .alg_bits = 128, 436 }, 437 438 /* Cipher 33 */ 439 { 440 .valid = 1, 441 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 442 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 443 .algorithm_mkey = SSL_kDHE, 444 .algorithm_auth = SSL_aRSA, 445 .algorithm_enc = SSL_AES128, 446 .algorithm_mac = SSL_SHA1, 447 .algorithm_ssl = SSL_TLSV1, 448 .algo_strength = SSL_HIGH, 449 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 450 .strength_bits = 128, 451 .alg_bits = 128, 452 }, 453 454 /* Cipher 34 */ 455 { 456 .valid = 1, 457 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 458 .id = TLS1_CK_ADH_WITH_AES_128_SHA, 459 .algorithm_mkey = SSL_kDHE, 460 .algorithm_auth = SSL_aNULL, 461 .algorithm_enc = SSL_AES128, 462 .algorithm_mac = SSL_SHA1, 463 .algorithm_ssl = SSL_TLSV1, 464 .algo_strength = SSL_HIGH, 465 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 466 .strength_bits = 128, 467 .alg_bits = 128, 468 }, 469 470 /* Cipher 35 */ 471 { 472 .valid = 1, 473 .name = TLS1_TXT_RSA_WITH_AES_256_SHA, 474 .id = TLS1_CK_RSA_WITH_AES_256_SHA, 475 .algorithm_mkey = SSL_kRSA, 476 .algorithm_auth = SSL_aRSA, 477 .algorithm_enc = SSL_AES256, 478 .algorithm_mac = SSL_SHA1, 479 .algorithm_ssl = SSL_TLSV1, 480 .algo_strength = SSL_HIGH, 481 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 482 .strength_bits = 256, 483 .alg_bits = 256, 484 }, 485 486 /* Cipher 38 */ 487 { 488 .valid = 1, 489 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 490 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 491 .algorithm_mkey = SSL_kDHE, 492 .algorithm_auth = SSL_aDSS, 493 .algorithm_enc = SSL_AES256, 494 .algorithm_mac = SSL_SHA1, 495 .algorithm_ssl = SSL_TLSV1, 496 .algo_strength = SSL_HIGH, 497 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 498 .strength_bits = 256, 499 .alg_bits = 256, 500 }, 501 502 /* Cipher 39 */ 503 { 504 .valid = 1, 505 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 506 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 507 .algorithm_mkey = SSL_kDHE, 508 .algorithm_auth = SSL_aRSA, 509 .algorithm_enc = SSL_AES256, 510 .algorithm_mac = SSL_SHA1, 511 .algorithm_ssl = SSL_TLSV1, 512 .algo_strength = SSL_HIGH, 513 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 514 .strength_bits = 256, 515 .alg_bits = 256, 516 }, 517 518 /* Cipher 3A */ 519 { 520 .valid = 1, 521 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 522 .id = TLS1_CK_ADH_WITH_AES_256_SHA, 523 .algorithm_mkey = SSL_kDHE, 524 .algorithm_auth = SSL_aNULL, 525 .algorithm_enc = SSL_AES256, 526 .algorithm_mac = SSL_SHA1, 527 .algorithm_ssl = SSL_TLSV1, 528 .algo_strength = SSL_HIGH, 529 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 530 .strength_bits = 256, 531 .alg_bits = 256, 532 }, 533 534 /* TLS v1.2 ciphersuites */ 535 /* Cipher 3B */ 536 { 537 .valid = 1, 538 .name = TLS1_TXT_RSA_WITH_NULL_SHA256, 539 .id = TLS1_CK_RSA_WITH_NULL_SHA256, 540 .algorithm_mkey = SSL_kRSA, 541 .algorithm_auth = SSL_aRSA, 542 .algorithm_enc = SSL_eNULL, 543 .algorithm_mac = SSL_SHA256, 544 .algorithm_ssl = SSL_TLSV1_2, 545 .algo_strength = SSL_STRONG_NONE, 546 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 547 .strength_bits = 0, 548 .alg_bits = 0, 549 }, 550 551 /* Cipher 3C */ 552 { 553 .valid = 1, 554 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, 555 .id = TLS1_CK_RSA_WITH_AES_128_SHA256, 556 .algorithm_mkey = SSL_kRSA, 557 .algorithm_auth = SSL_aRSA, 558 .algorithm_enc = SSL_AES128, 559 .algorithm_mac = SSL_SHA256, 560 .algorithm_ssl = SSL_TLSV1_2, 561 .algo_strength = SSL_HIGH, 562 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 563 .strength_bits = 128, 564 .alg_bits = 128, 565 }, 566 567 /* Cipher 3D */ 568 { 569 .valid = 1, 570 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, 571 .id = TLS1_CK_RSA_WITH_AES_256_SHA256, 572 .algorithm_mkey = SSL_kRSA, 573 .algorithm_auth = SSL_aRSA, 574 .algorithm_enc = SSL_AES256, 575 .algorithm_mac = SSL_SHA256, 576 .algorithm_ssl = SSL_TLSV1_2, 577 .algo_strength = SSL_HIGH, 578 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 579 .strength_bits = 256, 580 .alg_bits = 256, 581 }, 582 583 /* Cipher 40 */ 584 { 585 .valid = 1, 586 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 587 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 588 .algorithm_mkey = SSL_kDHE, 589 .algorithm_auth = SSL_aDSS, 590 .algorithm_enc = SSL_AES128, 591 .algorithm_mac = SSL_SHA256, 592 .algorithm_ssl = SSL_TLSV1_2, 593 .algo_strength = SSL_HIGH, 594 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 595 .strength_bits = 128, 596 .alg_bits = 128, 597 }, 598 599 #ifndef OPENSSL_NO_CAMELLIA 600 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 601 602 /* Cipher 41 */ 603 { 604 .valid = 1, 605 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 606 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 607 .algorithm_mkey = SSL_kRSA, 608 .algorithm_auth = SSL_aRSA, 609 .algorithm_enc = SSL_CAMELLIA128, 610 .algorithm_mac = SSL_SHA1, 611 .algorithm_ssl = SSL_TLSV1, 612 .algo_strength = SSL_HIGH, 613 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 614 .strength_bits = 128, 615 .alg_bits = 128, 616 }, 617 618 /* Cipher 44 */ 619 { 620 .valid = 1, 621 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 622 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 623 .algorithm_mkey = SSL_kDHE, 624 .algorithm_auth = SSL_aDSS, 625 .algorithm_enc = SSL_CAMELLIA128, 626 .algorithm_mac = SSL_SHA1, 627 .algorithm_ssl = SSL_TLSV1, 628 .algo_strength = SSL_HIGH, 629 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 630 .strength_bits = 128, 631 .alg_bits = 128, 632 }, 633 634 /* Cipher 45 */ 635 { 636 .valid = 1, 637 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 638 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 639 .algorithm_mkey = SSL_kDHE, 640 .algorithm_auth = SSL_aRSA, 641 .algorithm_enc = SSL_CAMELLIA128, 642 .algorithm_mac = SSL_SHA1, 643 .algorithm_ssl = SSL_TLSV1, 644 .algo_strength = SSL_HIGH, 645 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 646 .strength_bits = 128, 647 .alg_bits = 128, 648 }, 649 650 /* Cipher 46 */ 651 { 652 .valid = 1, 653 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 654 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 655 .algorithm_mkey = SSL_kDHE, 656 .algorithm_auth = SSL_aNULL, 657 .algorithm_enc = SSL_CAMELLIA128, 658 .algorithm_mac = SSL_SHA1, 659 .algorithm_ssl = SSL_TLSV1, 660 .algo_strength = SSL_HIGH, 661 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 662 .strength_bits = 128, 663 .alg_bits = 128, 664 }, 665 #endif /* OPENSSL_NO_CAMELLIA */ 666 667 /* TLS v1.2 ciphersuites */ 668 /* Cipher 67 */ 669 { 670 .valid = 1, 671 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 672 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 673 .algorithm_mkey = SSL_kDHE, 674 .algorithm_auth = SSL_aRSA, 675 .algorithm_enc = SSL_AES128, 676 .algorithm_mac = SSL_SHA256, 677 .algorithm_ssl = SSL_TLSV1_2, 678 .algo_strength = SSL_HIGH, 679 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 680 .strength_bits = 128, 681 .alg_bits = 128, 682 }, 683 684 /* Cipher 6A */ 685 { 686 .valid = 1, 687 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 688 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 689 .algorithm_mkey = SSL_kDHE, 690 .algorithm_auth = SSL_aDSS, 691 .algorithm_enc = SSL_AES256, 692 .algorithm_mac = SSL_SHA256, 693 .algorithm_ssl = SSL_TLSV1_2, 694 .algo_strength = SSL_HIGH, 695 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 696 .strength_bits = 256, 697 .alg_bits = 256, 698 }, 699 700 /* Cipher 6B */ 701 { 702 .valid = 1, 703 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 704 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 705 .algorithm_mkey = SSL_kDHE, 706 .algorithm_auth = SSL_aRSA, 707 .algorithm_enc = SSL_AES256, 708 .algorithm_mac = SSL_SHA256, 709 .algorithm_ssl = SSL_TLSV1_2, 710 .algo_strength = SSL_HIGH, 711 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 712 .strength_bits = 256, 713 .alg_bits = 256, 714 }, 715 716 /* Cipher 6C */ 717 { 718 .valid = 1, 719 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 720 .id = TLS1_CK_ADH_WITH_AES_128_SHA256, 721 .algorithm_mkey = SSL_kDHE, 722 .algorithm_auth = SSL_aNULL, 723 .algorithm_enc = SSL_AES128, 724 .algorithm_mac = SSL_SHA256, 725 .algorithm_ssl = SSL_TLSV1_2, 726 .algo_strength = SSL_HIGH, 727 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 728 .strength_bits = 128, 729 .alg_bits = 128, 730 }, 731 732 /* Cipher 6D */ 733 { 734 .valid = 1, 735 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 736 .id = TLS1_CK_ADH_WITH_AES_256_SHA256, 737 .algorithm_mkey = SSL_kDHE, 738 .algorithm_auth = SSL_aNULL, 739 .algorithm_enc = SSL_AES256, 740 .algorithm_mac = SSL_SHA256, 741 .algorithm_ssl = SSL_TLSV1_2, 742 .algo_strength = SSL_HIGH, 743 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 744 .strength_bits = 256, 745 .alg_bits = 256, 746 }, 747 748 /* GOST Ciphersuites */ 749 750 /* Cipher 81 */ 751 { 752 .valid = 1, 753 .name = "GOST2001-GOST89-GOST89", 754 .id = 0x3000081, 755 .algorithm_mkey = SSL_kGOST, 756 .algorithm_auth = SSL_aGOST01, 757 .algorithm_enc = SSL_eGOST2814789CNT, 758 .algorithm_mac = SSL_GOST89MAC, 759 .algorithm_ssl = SSL_TLSV1, 760 .algo_strength = SSL_HIGH, 761 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| 762 TLS1_STREAM_MAC, 763 .strength_bits = 256, 764 .alg_bits = 256 765 }, 766 767 /* Cipher 83 */ 768 { 769 .valid = 1, 770 .name = "GOST2001-NULL-GOST94", 771 .id = 0x3000083, 772 .algorithm_mkey = SSL_kGOST, 773 .algorithm_auth = SSL_aGOST01, 774 .algorithm_enc = SSL_eNULL, 775 .algorithm_mac = SSL_GOST94, 776 .algorithm_ssl = SSL_TLSV1, 777 .algo_strength = SSL_STRONG_NONE, 778 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 779 .strength_bits = 0, 780 .alg_bits = 0 781 }, 782 783 #ifndef OPENSSL_NO_CAMELLIA 784 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 785 786 /* Cipher 84 */ 787 { 788 .valid = 1, 789 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 790 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 791 .algorithm_mkey = SSL_kRSA, 792 .algorithm_auth = SSL_aRSA, 793 .algorithm_enc = SSL_CAMELLIA256, 794 .algorithm_mac = SSL_SHA1, 795 .algorithm_ssl = SSL_TLSV1, 796 .algo_strength = SSL_HIGH, 797 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 798 .strength_bits = 256, 799 .alg_bits = 256, 800 }, 801 802 /* Cipher 87 */ 803 { 804 .valid = 1, 805 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 806 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 807 .algorithm_mkey = SSL_kDHE, 808 .algorithm_auth = SSL_aDSS, 809 .algorithm_enc = SSL_CAMELLIA256, 810 .algorithm_mac = SSL_SHA1, 811 .algorithm_ssl = SSL_TLSV1, 812 .algo_strength = SSL_HIGH, 813 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 814 .strength_bits = 256, 815 .alg_bits = 256, 816 }, 817 818 /* Cipher 88 */ 819 { 820 .valid = 1, 821 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 822 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 823 .algorithm_mkey = SSL_kDHE, 824 .algorithm_auth = SSL_aRSA, 825 .algorithm_enc = SSL_CAMELLIA256, 826 .algorithm_mac = SSL_SHA1, 827 .algorithm_ssl = SSL_TLSV1, 828 .algo_strength = SSL_HIGH, 829 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 830 .strength_bits = 256, 831 .alg_bits = 256, 832 }, 833 834 /* Cipher 89 */ 835 { 836 .valid = 1, 837 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 838 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 839 .algorithm_mkey = SSL_kDHE, 840 .algorithm_auth = SSL_aNULL, 841 .algorithm_enc = SSL_CAMELLIA256, 842 .algorithm_mac = SSL_SHA1, 843 .algorithm_ssl = SSL_TLSV1, 844 .algo_strength = SSL_HIGH, 845 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 846 .strength_bits = 256, 847 .alg_bits = 256, 848 }, 849 #endif /* OPENSSL_NO_CAMELLIA */ 850 851 /* 852 * GCM ciphersuites from RFC5288. 853 */ 854 855 /* Cipher 9C */ 856 { 857 .valid = 1, 858 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 859 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 860 .algorithm_mkey = SSL_kRSA, 861 .algorithm_auth = SSL_aRSA, 862 .algorithm_enc = SSL_AES128GCM, 863 .algorithm_mac = SSL_AEAD, 864 .algorithm_ssl = SSL_TLSV1_2, 865 .algo_strength = SSL_HIGH, 866 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 867 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 868 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 869 .strength_bits = 128, 870 .alg_bits = 128, 871 }, 872 873 /* Cipher 9D */ 874 { 875 .valid = 1, 876 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 877 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 878 .algorithm_mkey = SSL_kRSA, 879 .algorithm_auth = SSL_aRSA, 880 .algorithm_enc = SSL_AES256GCM, 881 .algorithm_mac = SSL_AEAD, 882 .algorithm_ssl = SSL_TLSV1_2, 883 .algo_strength = SSL_HIGH, 884 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 885 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 886 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 887 .strength_bits = 256, 888 .alg_bits = 256, 889 }, 890 891 /* Cipher 9E */ 892 { 893 .valid = 1, 894 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 895 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 896 .algorithm_mkey = SSL_kDHE, 897 .algorithm_auth = SSL_aRSA, 898 .algorithm_enc = SSL_AES128GCM, 899 .algorithm_mac = SSL_AEAD, 900 .algorithm_ssl = SSL_TLSV1_2, 901 .algo_strength = SSL_HIGH, 902 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 903 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 904 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 905 .strength_bits = 128, 906 .alg_bits = 128, 907 }, 908 909 /* Cipher 9F */ 910 { 911 .valid = 1, 912 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 913 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 914 .algorithm_mkey = SSL_kDHE, 915 .algorithm_auth = SSL_aRSA, 916 .algorithm_enc = SSL_AES256GCM, 917 .algorithm_mac = SSL_AEAD, 918 .algorithm_ssl = SSL_TLSV1_2, 919 .algo_strength = SSL_HIGH, 920 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 921 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 922 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 923 .strength_bits = 256, 924 .alg_bits = 256, 925 }, 926 927 /* Cipher A2 */ 928 { 929 .valid = 1, 930 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 931 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 932 .algorithm_mkey = SSL_kDHE, 933 .algorithm_auth = SSL_aDSS, 934 .algorithm_enc = SSL_AES128GCM, 935 .algorithm_mac = SSL_AEAD, 936 .algorithm_ssl = SSL_TLSV1_2, 937 .algo_strength = SSL_HIGH, 938 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 939 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 940 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 941 .strength_bits = 128, 942 .alg_bits = 128, 943 }, 944 945 /* Cipher A3 */ 946 { 947 .valid = 1, 948 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 949 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 950 .algorithm_mkey = SSL_kDHE, 951 .algorithm_auth = SSL_aDSS, 952 .algorithm_enc = SSL_AES256GCM, 953 .algorithm_mac = SSL_AEAD, 954 .algorithm_ssl = SSL_TLSV1_2, 955 .algo_strength = SSL_HIGH, 956 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 957 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 958 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 959 .strength_bits = 256, 960 .alg_bits = 256, 961 }, 962 963 /* Cipher A6 */ 964 { 965 .valid = 1, 966 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 967 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 968 .algorithm_mkey = SSL_kDHE, 969 .algorithm_auth = SSL_aNULL, 970 .algorithm_enc = SSL_AES128GCM, 971 .algorithm_mac = SSL_AEAD, 972 .algorithm_ssl = SSL_TLSV1_2, 973 .algo_strength = SSL_HIGH, 974 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 975 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 976 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 977 .strength_bits = 128, 978 .alg_bits = 128, 979 }, 980 981 /* Cipher A7 */ 982 { 983 .valid = 1, 984 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 985 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 986 .algorithm_mkey = SSL_kDHE, 987 .algorithm_auth = SSL_aNULL, 988 .algorithm_enc = SSL_AES256GCM, 989 .algorithm_mac = SSL_AEAD, 990 .algorithm_ssl = SSL_TLSV1_2, 991 .algo_strength = SSL_HIGH, 992 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 993 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 994 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 995 .strength_bits = 256, 996 .alg_bits = 256, 997 }, 998 999 #ifndef OPENSSL_NO_CAMELLIA 1000 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 1001 1002 /* Cipher BA */ 1003 { 1004 .valid = 1, 1005 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1006 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1007 .algorithm_mkey = SSL_kRSA, 1008 .algorithm_auth = SSL_aRSA, 1009 .algorithm_enc = SSL_CAMELLIA128, 1010 .algorithm_mac = SSL_SHA256, 1011 .algorithm_ssl = SSL_TLSV1_2, 1012 .algo_strength = SSL_HIGH, 1013 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1014 .strength_bits = 128, 1015 .alg_bits = 128, 1016 }, 1017 1018 /* Cipher BD */ 1019 { 1020 .valid = 1, 1021 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 1022 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 1023 .algorithm_mkey = SSL_kDHE, 1024 .algorithm_auth = SSL_aDSS, 1025 .algorithm_enc = SSL_CAMELLIA128, 1026 .algorithm_mac = SSL_SHA256, 1027 .algorithm_ssl = SSL_TLSV1_2, 1028 .algo_strength = SSL_HIGH, 1029 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1030 .strength_bits = 128, 1031 .alg_bits = 128, 1032 }, 1033 1034 /* Cipher BE */ 1035 { 1036 .valid = 1, 1037 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1038 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1039 .algorithm_mkey = SSL_kDHE, 1040 .algorithm_auth = SSL_aRSA, 1041 .algorithm_enc = SSL_CAMELLIA128, 1042 .algorithm_mac = SSL_SHA256, 1043 .algorithm_ssl = SSL_TLSV1_2, 1044 .algo_strength = SSL_HIGH, 1045 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1046 .strength_bits = 128, 1047 .alg_bits = 128, 1048 }, 1049 1050 /* Cipher BF */ 1051 { 1052 .valid = 1, 1053 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, 1054 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, 1055 .algorithm_mkey = SSL_kDHE, 1056 .algorithm_auth = SSL_aNULL, 1057 .algorithm_enc = SSL_CAMELLIA128, 1058 .algorithm_mac = SSL_SHA256, 1059 .algorithm_ssl = SSL_TLSV1_2, 1060 .algo_strength = SSL_HIGH, 1061 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1062 .strength_bits = 128, 1063 .alg_bits = 128, 1064 }, 1065 1066 /* Cipher C0 */ 1067 { 1068 .valid = 1, 1069 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1070 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1071 .algorithm_mkey = SSL_kRSA, 1072 .algorithm_auth = SSL_aRSA, 1073 .algorithm_enc = SSL_CAMELLIA256, 1074 .algorithm_mac = SSL_SHA256, 1075 .algorithm_ssl = SSL_TLSV1_2, 1076 .algo_strength = SSL_HIGH, 1077 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1078 .strength_bits = 256, 1079 .alg_bits = 256, 1080 }, 1081 1082 /* Cipher C3 */ 1083 { 1084 .valid = 1, 1085 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 1086 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 1087 .algorithm_mkey = SSL_kDHE, 1088 .algorithm_auth = SSL_aDSS, 1089 .algorithm_enc = SSL_CAMELLIA256, 1090 .algorithm_mac = SSL_SHA256, 1091 .algorithm_ssl = SSL_TLSV1_2, 1092 .algo_strength = SSL_HIGH, 1093 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1094 .strength_bits = 256, 1095 .alg_bits = 256, 1096 }, 1097 1098 /* Cipher C4 */ 1099 { 1100 .valid = 1, 1101 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1102 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1103 .algorithm_mkey = SSL_kDHE, 1104 .algorithm_auth = SSL_aRSA, 1105 .algorithm_enc = SSL_CAMELLIA256, 1106 .algorithm_mac = SSL_SHA256, 1107 .algorithm_ssl = SSL_TLSV1_2, 1108 .algo_strength = SSL_HIGH, 1109 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1110 .strength_bits = 256, 1111 .alg_bits = 256, 1112 }, 1113 1114 /* Cipher C5 */ 1115 { 1116 .valid = 1, 1117 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, 1118 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, 1119 .algorithm_mkey = SSL_kDHE, 1120 .algorithm_auth = SSL_aNULL, 1121 .algorithm_enc = SSL_CAMELLIA256, 1122 .algorithm_mac = SSL_SHA256, 1123 .algorithm_ssl = SSL_TLSV1_2, 1124 .algo_strength = SSL_HIGH, 1125 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1126 .strength_bits = 256, 1127 .alg_bits = 256, 1128 }, 1129 #endif /* OPENSSL_NO_CAMELLIA */ 1130 1131 /* Cipher C001 */ 1132 { 1133 .valid = 1, 1134 .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 1135 .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 1136 .algorithm_mkey = SSL_kECDHe, 1137 .algorithm_auth = SSL_aECDH, 1138 .algorithm_enc = SSL_eNULL, 1139 .algorithm_mac = SSL_SHA1, 1140 .algorithm_ssl = SSL_TLSV1, 1141 .algo_strength = SSL_STRONG_NONE, 1142 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1143 .strength_bits = 0, 1144 .alg_bits = 0, 1145 }, 1146 1147 /* Cipher C002 */ 1148 { 1149 .valid = 1, 1150 .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 1151 .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 1152 .algorithm_mkey = SSL_kECDHe, 1153 .algorithm_auth = SSL_aECDH, 1154 .algorithm_enc = SSL_RC4, 1155 .algorithm_mac = SSL_SHA1, 1156 .algorithm_ssl = SSL_TLSV1, 1157 .algo_strength = SSL_MEDIUM, 1158 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1159 .strength_bits = 128, 1160 .alg_bits = 128, 1161 }, 1162 1163 /* Cipher C003 */ 1164 { 1165 .valid = 1, 1166 .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1167 .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1168 .algorithm_mkey = SSL_kECDHe, 1169 .algorithm_auth = SSL_aECDH, 1170 .algorithm_enc = SSL_3DES, 1171 .algorithm_mac = SSL_SHA1, 1172 .algorithm_ssl = SSL_TLSV1, 1173 .algo_strength = SSL_HIGH, 1174 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1175 .strength_bits = 112, 1176 .alg_bits = 168, 1177 }, 1178 1179 /* Cipher C004 */ 1180 { 1181 .valid = 1, 1182 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1183 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1184 .algorithm_mkey = SSL_kECDHe, 1185 .algorithm_auth = SSL_aECDH, 1186 .algorithm_enc = SSL_AES128, 1187 .algorithm_mac = SSL_SHA1, 1188 .algorithm_ssl = SSL_TLSV1, 1189 .algo_strength = SSL_HIGH, 1190 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1191 .strength_bits = 128, 1192 .alg_bits = 128, 1193 }, 1194 1195 /* Cipher C005 */ 1196 { 1197 .valid = 1, 1198 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1199 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1200 .algorithm_mkey = SSL_kECDHe, 1201 .algorithm_auth = SSL_aECDH, 1202 .algorithm_enc = SSL_AES256, 1203 .algorithm_mac = SSL_SHA1, 1204 .algorithm_ssl = SSL_TLSV1, 1205 .algo_strength = SSL_HIGH, 1206 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1207 .strength_bits = 256, 1208 .alg_bits = 256, 1209 }, 1210 1211 /* Cipher C006 */ 1212 { 1213 .valid = 1, 1214 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1215 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1216 .algorithm_mkey = SSL_kECDHE, 1217 .algorithm_auth = SSL_aECDSA, 1218 .algorithm_enc = SSL_eNULL, 1219 .algorithm_mac = SSL_SHA1, 1220 .algorithm_ssl = SSL_TLSV1, 1221 .algo_strength = SSL_STRONG_NONE, 1222 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1223 .strength_bits = 0, 1224 .alg_bits = 0, 1225 }, 1226 1227 /* Cipher C007 */ 1228 { 1229 .valid = 1, 1230 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1231 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1232 .algorithm_mkey = SSL_kECDHE, 1233 .algorithm_auth = SSL_aECDSA, 1234 .algorithm_enc = SSL_RC4, 1235 .algorithm_mac = SSL_SHA1, 1236 .algorithm_ssl = SSL_TLSV1, 1237 .algo_strength = SSL_MEDIUM, 1238 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1239 .strength_bits = 128, 1240 .alg_bits = 128, 1241 }, 1242 1243 /* Cipher C008 */ 1244 { 1245 .valid = 1, 1246 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1247 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1248 .algorithm_mkey = SSL_kECDHE, 1249 .algorithm_auth = SSL_aECDSA, 1250 .algorithm_enc = SSL_3DES, 1251 .algorithm_mac = SSL_SHA1, 1252 .algorithm_ssl = SSL_TLSV1, 1253 .algo_strength = SSL_HIGH, 1254 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1255 .strength_bits = 112, 1256 .alg_bits = 168, 1257 }, 1258 1259 /* Cipher C009 */ 1260 { 1261 .valid = 1, 1262 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1263 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1264 .algorithm_mkey = SSL_kECDHE, 1265 .algorithm_auth = SSL_aECDSA, 1266 .algorithm_enc = SSL_AES128, 1267 .algorithm_mac = SSL_SHA1, 1268 .algorithm_ssl = SSL_TLSV1, 1269 .algo_strength = SSL_HIGH, 1270 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1271 .strength_bits = 128, 1272 .alg_bits = 128, 1273 }, 1274 1275 /* Cipher C00A */ 1276 { 1277 .valid = 1, 1278 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1279 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1280 .algorithm_mkey = SSL_kECDHE, 1281 .algorithm_auth = SSL_aECDSA, 1282 .algorithm_enc = SSL_AES256, 1283 .algorithm_mac = SSL_SHA1, 1284 .algorithm_ssl = SSL_TLSV1, 1285 .algo_strength = SSL_HIGH, 1286 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1287 .strength_bits = 256, 1288 .alg_bits = 256, 1289 }, 1290 1291 /* Cipher C00B */ 1292 { 1293 .valid = 1, 1294 .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 1295 .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 1296 .algorithm_mkey = SSL_kECDHr, 1297 .algorithm_auth = SSL_aECDH, 1298 .algorithm_enc = SSL_eNULL, 1299 .algorithm_mac = SSL_SHA1, 1300 .algorithm_ssl = SSL_TLSV1, 1301 .algo_strength = SSL_STRONG_NONE, 1302 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1303 .strength_bits = 0, 1304 .alg_bits = 0, 1305 }, 1306 1307 /* Cipher C00C */ 1308 { 1309 .valid = 1, 1310 .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 1311 .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 1312 .algorithm_mkey = SSL_kECDHr, 1313 .algorithm_auth = SSL_aECDH, 1314 .algorithm_enc = SSL_RC4, 1315 .algorithm_mac = SSL_SHA1, 1316 .algorithm_ssl = SSL_TLSV1, 1317 .algo_strength = SSL_MEDIUM, 1318 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1319 .strength_bits = 128, 1320 .alg_bits = 128, 1321 }, 1322 1323 /* Cipher C00D */ 1324 { 1325 .valid = 1, 1326 .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1327 .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1328 .algorithm_mkey = SSL_kECDHr, 1329 .algorithm_auth = SSL_aECDH, 1330 .algorithm_enc = SSL_3DES, 1331 .algorithm_mac = SSL_SHA1, 1332 .algorithm_ssl = SSL_TLSV1, 1333 .algo_strength = SSL_HIGH, 1334 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1335 .strength_bits = 112, 1336 .alg_bits = 168, 1337 }, 1338 1339 /* Cipher C00E */ 1340 { 1341 .valid = 1, 1342 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 1343 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 1344 .algorithm_mkey = SSL_kECDHr, 1345 .algorithm_auth = SSL_aECDH, 1346 .algorithm_enc = SSL_AES128, 1347 .algorithm_mac = SSL_SHA1, 1348 .algorithm_ssl = SSL_TLSV1, 1349 .algo_strength = SSL_HIGH, 1350 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1351 .strength_bits = 128, 1352 .alg_bits = 128, 1353 }, 1354 1355 /* Cipher C00F */ 1356 { 1357 .valid = 1, 1358 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 1359 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 1360 .algorithm_mkey = SSL_kECDHr, 1361 .algorithm_auth = SSL_aECDH, 1362 .algorithm_enc = SSL_AES256, 1363 .algorithm_mac = SSL_SHA1, 1364 .algorithm_ssl = SSL_TLSV1, 1365 .algo_strength = SSL_HIGH, 1366 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1367 .strength_bits = 256, 1368 .alg_bits = 256, 1369 }, 1370 1371 /* Cipher C010 */ 1372 { 1373 .valid = 1, 1374 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1375 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1376 .algorithm_mkey = SSL_kECDHE, 1377 .algorithm_auth = SSL_aRSA, 1378 .algorithm_enc = SSL_eNULL, 1379 .algorithm_mac = SSL_SHA1, 1380 .algorithm_ssl = SSL_TLSV1, 1381 .algo_strength = SSL_STRONG_NONE, 1382 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1383 .strength_bits = 0, 1384 .alg_bits = 0, 1385 }, 1386 1387 /* Cipher C011 */ 1388 { 1389 .valid = 1, 1390 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1391 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1392 .algorithm_mkey = SSL_kECDHE, 1393 .algorithm_auth = SSL_aRSA, 1394 .algorithm_enc = SSL_RC4, 1395 .algorithm_mac = SSL_SHA1, 1396 .algorithm_ssl = SSL_TLSV1, 1397 .algo_strength = SSL_MEDIUM, 1398 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1399 .strength_bits = 128, 1400 .alg_bits = 128, 1401 }, 1402 1403 /* Cipher C012 */ 1404 { 1405 .valid = 1, 1406 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1407 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1408 .algorithm_mkey = SSL_kECDHE, 1409 .algorithm_auth = SSL_aRSA, 1410 .algorithm_enc = SSL_3DES, 1411 .algorithm_mac = SSL_SHA1, 1412 .algorithm_ssl = SSL_TLSV1, 1413 .algo_strength = SSL_HIGH, 1414 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1415 .strength_bits = 112, 1416 .alg_bits = 168, 1417 }, 1418 1419 /* Cipher C013 */ 1420 { 1421 .valid = 1, 1422 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1423 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1424 .algorithm_mkey = SSL_kECDHE, 1425 .algorithm_auth = SSL_aRSA, 1426 .algorithm_enc = SSL_AES128, 1427 .algorithm_mac = SSL_SHA1, 1428 .algorithm_ssl = SSL_TLSV1, 1429 .algo_strength = SSL_HIGH, 1430 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1431 .strength_bits = 128, 1432 .alg_bits = 128, 1433 }, 1434 1435 /* Cipher C014 */ 1436 { 1437 .valid = 1, 1438 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1439 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1440 .algorithm_mkey = SSL_kECDHE, 1441 .algorithm_auth = SSL_aRSA, 1442 .algorithm_enc = SSL_AES256, 1443 .algorithm_mac = SSL_SHA1, 1444 .algorithm_ssl = SSL_TLSV1, 1445 .algo_strength = SSL_HIGH, 1446 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1447 .strength_bits = 256, 1448 .alg_bits = 256, 1449 }, 1450 1451 /* Cipher C015 */ 1452 { 1453 .valid = 1, 1454 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1455 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1456 .algorithm_mkey = SSL_kECDHE, 1457 .algorithm_auth = SSL_aNULL, 1458 .algorithm_enc = SSL_eNULL, 1459 .algorithm_mac = SSL_SHA1, 1460 .algorithm_ssl = SSL_TLSV1, 1461 .algo_strength = SSL_STRONG_NONE, 1462 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1463 .strength_bits = 0, 1464 .alg_bits = 0, 1465 }, 1466 1467 /* Cipher C016 */ 1468 { 1469 .valid = 1, 1470 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1471 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1472 .algorithm_mkey = SSL_kECDHE, 1473 .algorithm_auth = SSL_aNULL, 1474 .algorithm_enc = SSL_RC4, 1475 .algorithm_mac = SSL_SHA1, 1476 .algorithm_ssl = SSL_TLSV1, 1477 .algo_strength = SSL_MEDIUM, 1478 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1479 .strength_bits = 128, 1480 .alg_bits = 128, 1481 }, 1482 1483 /* Cipher C017 */ 1484 { 1485 .valid = 1, 1486 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1487 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1488 .algorithm_mkey = SSL_kECDHE, 1489 .algorithm_auth = SSL_aNULL, 1490 .algorithm_enc = SSL_3DES, 1491 .algorithm_mac = SSL_SHA1, 1492 .algorithm_ssl = SSL_TLSV1, 1493 .algo_strength = SSL_HIGH, 1494 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1495 .strength_bits = 112, 1496 .alg_bits = 168, 1497 }, 1498 1499 /* Cipher C018 */ 1500 { 1501 .valid = 1, 1502 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1503 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1504 .algorithm_mkey = SSL_kECDHE, 1505 .algorithm_auth = SSL_aNULL, 1506 .algorithm_enc = SSL_AES128, 1507 .algorithm_mac = SSL_SHA1, 1508 .algorithm_ssl = SSL_TLSV1, 1509 .algo_strength = SSL_HIGH, 1510 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1511 .strength_bits = 128, 1512 .alg_bits = 128, 1513 }, 1514 1515 /* Cipher C019 */ 1516 { 1517 .valid = 1, 1518 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1519 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1520 .algorithm_mkey = SSL_kECDHE, 1521 .algorithm_auth = SSL_aNULL, 1522 .algorithm_enc = SSL_AES256, 1523 .algorithm_mac = SSL_SHA1, 1524 .algorithm_ssl = SSL_TLSV1, 1525 .algo_strength = SSL_HIGH, 1526 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1527 .strength_bits = 256, 1528 .alg_bits = 256, 1529 }, 1530 1531 1532 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 1533 1534 /* Cipher C023 */ 1535 { 1536 .valid = 1, 1537 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1538 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1539 .algorithm_mkey = SSL_kECDHE, 1540 .algorithm_auth = SSL_aECDSA, 1541 .algorithm_enc = SSL_AES128, 1542 .algorithm_mac = SSL_SHA256, 1543 .algorithm_ssl = SSL_TLSV1_2, 1544 .algo_strength = SSL_HIGH, 1545 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1546 .strength_bits = 128, 1547 .alg_bits = 128, 1548 }, 1549 1550 /* Cipher C024 */ 1551 { 1552 .valid = 1, 1553 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1554 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1555 .algorithm_mkey = SSL_kECDHE, 1556 .algorithm_auth = SSL_aECDSA, 1557 .algorithm_enc = SSL_AES256, 1558 .algorithm_mac = SSL_SHA384, 1559 .algorithm_ssl = SSL_TLSV1_2, 1560 .algo_strength = SSL_HIGH, 1561 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1562 .strength_bits = 256, 1563 .alg_bits = 256, 1564 }, 1565 1566 /* Cipher C025 */ 1567 { 1568 .valid = 1, 1569 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 1570 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 1571 .algorithm_mkey = SSL_kECDHe, 1572 .algorithm_auth = SSL_aECDH, 1573 .algorithm_enc = SSL_AES128, 1574 .algorithm_mac = SSL_SHA256, 1575 .algorithm_ssl = SSL_TLSV1_2, 1576 .algo_strength = SSL_HIGH, 1577 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1578 .strength_bits = 128, 1579 .alg_bits = 128, 1580 }, 1581 1582 /* Cipher C026 */ 1583 { 1584 .valid = 1, 1585 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 1586 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 1587 .algorithm_mkey = SSL_kECDHe, 1588 .algorithm_auth = SSL_aECDH, 1589 .algorithm_enc = SSL_AES256, 1590 .algorithm_mac = SSL_SHA384, 1591 .algorithm_ssl = SSL_TLSV1_2, 1592 .algo_strength = SSL_HIGH, 1593 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1594 .strength_bits = 256, 1595 .alg_bits = 256, 1596 }, 1597 1598 /* Cipher C027 */ 1599 { 1600 .valid = 1, 1601 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1602 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1603 .algorithm_mkey = SSL_kECDHE, 1604 .algorithm_auth = SSL_aRSA, 1605 .algorithm_enc = SSL_AES128, 1606 .algorithm_mac = SSL_SHA256, 1607 .algorithm_ssl = SSL_TLSV1_2, 1608 .algo_strength = SSL_HIGH, 1609 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1610 .strength_bits = 128, 1611 .alg_bits = 128, 1612 }, 1613 1614 /* Cipher C028 */ 1615 { 1616 .valid = 1, 1617 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1618 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 1619 .algorithm_mkey = SSL_kECDHE, 1620 .algorithm_auth = SSL_aRSA, 1621 .algorithm_enc = SSL_AES256, 1622 .algorithm_mac = SSL_SHA384, 1623 .algorithm_ssl = SSL_TLSV1_2, 1624 .algo_strength = SSL_HIGH, 1625 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1626 .strength_bits = 256, 1627 .alg_bits = 256, 1628 }, 1629 1630 /* Cipher C029 */ 1631 { 1632 .valid = 1, 1633 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 1634 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 1635 .algorithm_mkey = SSL_kECDHr, 1636 .algorithm_auth = SSL_aECDH, 1637 .algorithm_enc = SSL_AES128, 1638 .algorithm_mac = SSL_SHA256, 1639 .algorithm_ssl = SSL_TLSV1_2, 1640 .algo_strength = SSL_HIGH, 1641 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1642 .strength_bits = 128, 1643 .alg_bits = 128, 1644 }, 1645 1646 /* Cipher C02A */ 1647 { 1648 .valid = 1, 1649 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 1650 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 1651 .algorithm_mkey = SSL_kECDHr, 1652 .algorithm_auth = SSL_aECDH, 1653 .algorithm_enc = SSL_AES256, 1654 .algorithm_mac = SSL_SHA384, 1655 .algorithm_ssl = SSL_TLSV1_2, 1656 .algo_strength = SSL_HIGH, 1657 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1658 .strength_bits = 256, 1659 .alg_bits = 256, 1660 }, 1661 1662 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 1663 1664 /* Cipher C02B */ 1665 { 1666 .valid = 1, 1667 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1668 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1669 .algorithm_mkey = SSL_kECDHE, 1670 .algorithm_auth = SSL_aECDSA, 1671 .algorithm_enc = SSL_AES128GCM, 1672 .algorithm_mac = SSL_AEAD, 1673 .algorithm_ssl = SSL_TLSV1_2, 1674 .algo_strength = SSL_HIGH, 1675 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1676 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1677 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1678 .strength_bits = 128, 1679 .alg_bits = 128, 1680 }, 1681 1682 /* Cipher C02C */ 1683 { 1684 .valid = 1, 1685 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1686 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1687 .algorithm_mkey = SSL_kECDHE, 1688 .algorithm_auth = SSL_aECDSA, 1689 .algorithm_enc = SSL_AES256GCM, 1690 .algorithm_mac = SSL_AEAD, 1691 .algorithm_ssl = SSL_TLSV1_2, 1692 .algo_strength = SSL_HIGH, 1693 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1694 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1695 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1696 .strength_bits = 256, 1697 .alg_bits = 256, 1698 }, 1699 1700 /* Cipher C02D */ 1701 { 1702 .valid = 1, 1703 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 1704 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 1705 .algorithm_mkey = SSL_kECDHe, 1706 .algorithm_auth = SSL_aECDH, 1707 .algorithm_enc = SSL_AES128GCM, 1708 .algorithm_mac = SSL_AEAD, 1709 .algorithm_ssl = SSL_TLSV1_2, 1710 .algo_strength = SSL_HIGH, 1711 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1712 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1713 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1714 .strength_bits = 128, 1715 .alg_bits = 128, 1716 }, 1717 1718 /* Cipher C02E */ 1719 { 1720 .valid = 1, 1721 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 1722 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 1723 .algorithm_mkey = SSL_kECDHe, 1724 .algorithm_auth = SSL_aECDH, 1725 .algorithm_enc = SSL_AES256GCM, 1726 .algorithm_mac = SSL_AEAD, 1727 .algorithm_ssl = SSL_TLSV1_2, 1728 .algo_strength = SSL_HIGH, 1729 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1730 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1731 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1732 .strength_bits = 256, 1733 .alg_bits = 256, 1734 }, 1735 1736 /* Cipher C02F */ 1737 { 1738 .valid = 1, 1739 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1740 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1741 .algorithm_mkey = SSL_kECDHE, 1742 .algorithm_auth = SSL_aRSA, 1743 .algorithm_enc = SSL_AES128GCM, 1744 .algorithm_mac = SSL_AEAD, 1745 .algorithm_ssl = SSL_TLSV1_2, 1746 .algo_strength = SSL_HIGH, 1747 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1748 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1749 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1750 .strength_bits = 128, 1751 .alg_bits = 128, 1752 }, 1753 1754 /* Cipher C030 */ 1755 { 1756 .valid = 1, 1757 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1758 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1759 .algorithm_mkey = SSL_kECDHE, 1760 .algorithm_auth = SSL_aRSA, 1761 .algorithm_enc = SSL_AES256GCM, 1762 .algorithm_mac = SSL_AEAD, 1763 .algorithm_ssl = SSL_TLSV1_2, 1764 .algo_strength = SSL_HIGH, 1765 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1766 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1767 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1768 .strength_bits = 256, 1769 .alg_bits = 256, 1770 }, 1771 1772 /* Cipher C031 */ 1773 { 1774 .valid = 1, 1775 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 1776 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 1777 .algorithm_mkey = SSL_kECDHr, 1778 .algorithm_auth = SSL_aECDH, 1779 .algorithm_enc = SSL_AES128GCM, 1780 .algorithm_mac = SSL_AEAD, 1781 .algorithm_ssl = SSL_TLSV1_2, 1782 .algo_strength = SSL_HIGH, 1783 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1784 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1785 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1786 .strength_bits = 128, 1787 .alg_bits = 128, 1788 }, 1789 1790 /* Cipher C032 */ 1791 { 1792 .valid = 1, 1793 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 1794 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 1795 .algorithm_mkey = SSL_kECDHr, 1796 .algorithm_auth = SSL_aECDH, 1797 .algorithm_enc = SSL_AES256GCM, 1798 .algorithm_mac = SSL_AEAD, 1799 .algorithm_ssl = SSL_TLSV1_2, 1800 .algo_strength = SSL_HIGH, 1801 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1802 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1803 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1804 .strength_bits = 256, 1805 .alg_bits = 256, 1806 }, 1807 1808 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 1809 /* Cipher CC13 */ 1810 { 1811 .valid = 1, 1812 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 1813 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 1814 .algorithm_mkey = SSL_kECDHE, 1815 .algorithm_auth = SSL_aRSA, 1816 .algorithm_enc = SSL_CHACHA20POLY1305, 1817 .algorithm_mac = SSL_AEAD, 1818 .algorithm_ssl = SSL_TLSV1_2, 1819 .algo_strength = SSL_HIGH, 1820 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1821 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1822 .strength_bits = 256, 1823 .alg_bits = 0, 1824 }, 1825 1826 /* Cipher CC14 */ 1827 { 1828 .valid = 1, 1829 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 1830 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 1831 .algorithm_mkey = SSL_kECDHE, 1832 .algorithm_auth = SSL_aECDSA, 1833 .algorithm_enc = SSL_CHACHA20POLY1305, 1834 .algorithm_mac = SSL_AEAD, 1835 .algorithm_ssl = SSL_TLSV1_2, 1836 .algo_strength = SSL_HIGH, 1837 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1838 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1839 .strength_bits = 256, 1840 .alg_bits = 0, 1841 }, 1842 1843 /* Cipher CC15 */ 1844 { 1845 .valid = 1, 1846 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 1847 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, 1848 .algorithm_mkey = SSL_kDHE, 1849 .algorithm_auth = SSL_aRSA, 1850 .algorithm_enc = SSL_CHACHA20POLY1305, 1851 .algorithm_mac = SSL_AEAD, 1852 .algorithm_ssl = SSL_TLSV1_2, 1853 .algo_strength = SSL_HIGH, 1854 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1855 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1856 .strength_bits = 256, 1857 .alg_bits = 0, 1858 }, 1859 #endif 1860 1861 /* Cipher FF85 FIXME IANA */ 1862 { 1863 .valid = 1, 1864 .name = "GOST2012256-GOST89-GOST89", 1865 .id = 0x300ff85, /* FIXME IANA */ 1866 .algorithm_mkey = SSL_kGOST, 1867 .algorithm_auth = SSL_aGOST01, 1868 .algorithm_enc = SSL_eGOST2814789CNT, 1869 .algorithm_mac = SSL_GOST89MAC, 1870 .algorithm_ssl = SSL_TLSV1, 1871 .algo_strength = SSL_HIGH, 1872 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| 1873 TLS1_STREAM_MAC, 1874 .strength_bits = 256, 1875 .alg_bits = 256 1876 }, 1877 1878 /* Cipher FF87 FIXME IANA */ 1879 { 1880 .valid = 1, 1881 .name = "GOST2012256-NULL-STREEBOG256", 1882 .id = 0x300ff87, /* FIXME IANA */ 1883 .algorithm_mkey = SSL_kGOST, 1884 .algorithm_auth = SSL_aGOST01, 1885 .algorithm_enc = SSL_eNULL, 1886 .algorithm_mac = SSL_STREEBOG256, 1887 .algorithm_ssl = SSL_TLSV1, 1888 .algo_strength = SSL_STRONG_NONE, 1889 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, 1890 .strength_bits = 0, 1891 .alg_bits = 0 1892 }, 1893 1894 1895 /* end of list */ 1896 }; 1897 1898 SSL3_ENC_METHOD SSLv3_enc_data = { 1899 .enc = ssl3_enc, 1900 .mac = n_ssl3_mac, 1901 .setup_key_block = ssl3_setup_key_block, 1902 .generate_master_secret = ssl3_generate_master_secret, 1903 .change_cipher_state = ssl3_change_cipher_state, 1904 .final_finish_mac = ssl3_final_finish_mac, 1905 .finish_mac_length = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 1906 .cert_verify_mac = ssl3_cert_verify_mac, 1907 .client_finished_label = SSL3_MD_CLIENT_FINISHED_CONST, 1908 .client_finished_label_len = 4, 1909 .server_finished_label = SSL3_MD_SERVER_FINISHED_CONST, 1910 .server_finished_label_len = 4, 1911 .alert_value = ssl3_alert_code, 1912 .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, 1913 const char *, size_t, const unsigned char *, size_t, 1914 int use_context))ssl_undefined_function, 1915 .enc_flags = 0, 1916 }; 1917 1918 long 1919 ssl3_default_timeout(void) 1920 { 1921 /* 1922 * 2 hours, the 24 hours mentioned in the SSLv3 spec 1923 * is way too long for http, the cache would over fill 1924 */ 1925 return (60 * 60 * 2); 1926 } 1927 1928 int 1929 ssl3_num_ciphers(void) 1930 { 1931 return (SSL3_NUM_CIPHERS); 1932 } 1933 1934 const SSL_CIPHER * 1935 ssl3_get_cipher(unsigned int u) 1936 { 1937 if (u < SSL3_NUM_CIPHERS) 1938 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); 1939 else 1940 return (NULL); 1941 } 1942 1943 const SSL_CIPHER * 1944 ssl3_get_cipher_by_id(unsigned int id) 1945 { 1946 const SSL_CIPHER *cp; 1947 SSL_CIPHER c; 1948 1949 c.id = id; 1950 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 1951 if (cp != NULL && cp->valid == 1) 1952 return (cp); 1953 1954 return (NULL); 1955 } 1956 1957 const SSL_CIPHER * 1958 ssl3_get_cipher_by_value(uint16_t value) 1959 { 1960 return ssl3_get_cipher_by_id(SSL3_CK_ID | value); 1961 } 1962 1963 uint16_t 1964 ssl3_cipher_get_value(const SSL_CIPHER *c) 1965 { 1966 return (c->id & SSL3_CK_VALUE_MASK); 1967 } 1968 1969 int 1970 ssl3_pending(const SSL *s) 1971 { 1972 if (s->rstate == SSL_ST_READ_BODY) 1973 return 0; 1974 1975 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? 1976 s->s3->rrec.length : 0; 1977 } 1978 1979 unsigned char * 1980 ssl3_handshake_msg_start(SSL *s, uint8_t msg_type) 1981 { 1982 unsigned char *d, *p; 1983 int hdr_len; 1984 1985 d = p = (unsigned char *)s->init_buf->data; 1986 1987 hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : 1988 SSL3_HM_HEADER_LENGTH; 1989 1990 /* Handshake message type and length. */ 1991 *(p++) = msg_type; 1992 l2n3(0, p); 1993 1994 return (d + hdr_len); 1995 } 1996 1997 void 1998 ssl3_handshake_msg_finish(SSL *s, unsigned int len) 1999 { 2000 unsigned char *d, *p; 2001 uint8_t msg_type; 2002 int hdr_len; 2003 2004 d = p = (unsigned char *)s->init_buf->data; 2005 2006 hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : 2007 SSL3_HM_HEADER_LENGTH; 2008 2009 /* Handshake message length. */ 2010 msg_type = *(p++); 2011 l2n3(len, p); 2012 2013 s->init_num = hdr_len + (int)len; 2014 s->init_off = 0; 2015 2016 if (SSL_IS_DTLS(s)) { 2017 dtls1_set_message_header(s, d, msg_type, len, 0, len); 2018 dtls1_buffer_message(s, 0); 2019 } 2020 } 2021 2022 int 2023 ssl3_handshake_write(SSL *s) 2024 { 2025 if (SSL_IS_DTLS(s)) 2026 return dtls1_do_write(s, SSL3_RT_HANDSHAKE); 2027 2028 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 2029 } 2030 2031 int 2032 ssl3_new(SSL *s) 2033 { 2034 SSL3_STATE *s3; 2035 2036 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2037 goto err; 2038 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2039 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 2040 2041 s->s3 = s3; 2042 2043 s->method->ssl_clear(s); 2044 return (1); 2045 err: 2046 return (0); 2047 } 2048 2049 void 2050 ssl3_free(SSL *s) 2051 { 2052 if (s == NULL) 2053 return; 2054 2055 ssl3_cleanup_key_block(s); 2056 ssl3_release_read_buffer(s); 2057 ssl3_release_write_buffer(s); 2058 2059 DH_free(s->s3->tmp.dh); 2060 EC_KEY_free(s->s3->tmp.ecdh); 2061 2062 if (s->s3->tmp.ca_names != NULL) 2063 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2064 BIO_free(s->s3->handshake_buffer); 2065 ssl3_free_digest_list(s); 2066 free(s->s3->alpn_selected); 2067 2068 OPENSSL_cleanse(s->s3, sizeof *s->s3); 2069 free(s->s3); 2070 s->s3 = NULL; 2071 } 2072 2073 void 2074 ssl3_clear(SSL *s) 2075 { 2076 unsigned char *rp, *wp; 2077 size_t rlen, wlen; 2078 int init_extra; 2079 2080 ssl3_cleanup_key_block(s); 2081 if (s->s3->tmp.ca_names != NULL) 2082 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2083 2084 DH_free(s->s3->tmp.dh); 2085 s->s3->tmp.dh = NULL; 2086 EC_KEY_free(s->s3->tmp.ecdh); 2087 s->s3->tmp.ecdh = NULL; 2088 2089 s->s3->is_probably_safari = 0; 2090 2091 rp = s->s3->rbuf.buf; 2092 wp = s->s3->wbuf.buf; 2093 rlen = s->s3->rbuf.len; 2094 wlen = s->s3->wbuf.len; 2095 init_extra = s->s3->init_extra; 2096 2097 BIO_free(s->s3->handshake_buffer); 2098 s->s3->handshake_buffer = NULL; 2099 2100 ssl3_free_digest_list(s); 2101 2102 free(s->s3->alpn_selected); 2103 s->s3->alpn_selected = NULL; 2104 2105 memset(s->s3, 0, sizeof *s->s3); 2106 s->s3->rbuf.buf = rp; 2107 s->s3->wbuf.buf = wp; 2108 s->s3->rbuf.len = rlen; 2109 s->s3->wbuf.len = wlen; 2110 s->s3->init_extra = init_extra; 2111 2112 ssl_free_wbio_buffer(s); 2113 2114 s->packet_length = 0; 2115 s->s3->renegotiate = 0; 2116 s->s3->total_renegotiations = 0; 2117 s->s3->num_renegotiations = 0; 2118 s->s3->in_read_app_data = 0; 2119 s->version = SSL3_VERSION; 2120 2121 free(s->next_proto_negotiated); 2122 s->next_proto_negotiated = NULL; 2123 s->next_proto_negotiated_len = 0; 2124 } 2125 2126 2127 long 2128 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 2129 { 2130 int ret = 0; 2131 2132 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 2133 if (!ssl_cert_inst(&s->cert)) { 2134 SSLerr(SSL_F_SSL3_CTRL, 2135 ERR_R_MALLOC_FAILURE); 2136 return (0); 2137 } 2138 } 2139 2140 switch (cmd) { 2141 case SSL_CTRL_GET_SESSION_REUSED: 2142 ret = s->hit; 2143 break; 2144 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 2145 break; 2146 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 2147 ret = s->s3->num_renegotiations; 2148 break; 2149 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 2150 ret = s->s3->num_renegotiations; 2151 s->s3->num_renegotiations = 0; 2152 break; 2153 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 2154 ret = s->s3->total_renegotiations; 2155 break; 2156 case SSL_CTRL_GET_FLAGS: 2157 ret = (int)(s->s3->flags); 2158 break; 2159 case SSL_CTRL_NEED_TMP_RSA: 2160 ret = 0; 2161 break; 2162 case SSL_CTRL_SET_TMP_RSA: 2163 case SSL_CTRL_SET_TMP_RSA_CB: 2164 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2165 break; 2166 case SSL_CTRL_SET_TMP_DH: 2167 { 2168 DH *dh = (DH *)parg; 2169 if (dh == NULL) { 2170 SSLerr(SSL_F_SSL3_CTRL, 2171 ERR_R_PASSED_NULL_PARAMETER); 2172 return (ret); 2173 } 2174 if ((dh = DHparams_dup(dh)) == NULL) { 2175 SSLerr(SSL_F_SSL3_CTRL, 2176 ERR_R_DH_LIB); 2177 return (ret); 2178 } 2179 if (!(s->options & SSL_OP_SINGLE_DH_USE)) { 2180 if (!DH_generate_key(dh)) { 2181 DH_free(dh); 2182 SSLerr(SSL_F_SSL3_CTRL, 2183 ERR_R_DH_LIB); 2184 return (ret); 2185 } 2186 } 2187 DH_free(s->cert->dh_tmp); 2188 s->cert->dh_tmp = dh; 2189 ret = 1; 2190 } 2191 break; 2192 2193 case SSL_CTRL_SET_TMP_DH_CB: 2194 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2195 return (ret); 2196 2197 case SSL_CTRL_SET_DH_AUTO: 2198 s->cert->dh_tmp_auto = larg; 2199 return 1; 2200 2201 case SSL_CTRL_SET_TMP_ECDH: 2202 { 2203 EC_KEY *ecdh = NULL; 2204 2205 if (parg == NULL) { 2206 SSLerr(SSL_F_SSL3_CTRL, 2207 ERR_R_PASSED_NULL_PARAMETER); 2208 return (ret); 2209 } 2210 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 2211 SSLerr(SSL_F_SSL3_CTRL, 2212 ERR_R_ECDH_LIB); 2213 return (ret); 2214 } 2215 ecdh = (EC_KEY *)parg; 2216 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 2217 if (!EC_KEY_generate_key(ecdh)) { 2218 EC_KEY_free(ecdh); 2219 SSLerr(SSL_F_SSL3_CTRL, 2220 ERR_R_ECDH_LIB); 2221 return (ret); 2222 } 2223 } 2224 EC_KEY_free(s->cert->ecdh_tmp); 2225 s->cert->ecdh_tmp = ecdh; 2226 ret = 1; 2227 } 2228 break; 2229 case SSL_CTRL_SET_TMP_ECDH_CB: 2230 { 2231 SSLerr(SSL_F_SSL3_CTRL, 2232 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2233 return (ret); 2234 } 2235 break; 2236 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2237 if (larg == TLSEXT_NAMETYPE_host_name) { 2238 free(s->tlsext_hostname); 2239 s->tlsext_hostname = NULL; 2240 2241 ret = 1; 2242 if (parg == NULL) 2243 break; 2244 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 2245 SSLerr(SSL_F_SSL3_CTRL, 2246 SSL_R_SSL3_EXT_INVALID_SERVERNAME); 2247 return 0; 2248 } 2249 if ((s->tlsext_hostname = strdup((char *)parg)) 2250 == NULL) { 2251 SSLerr(SSL_F_SSL3_CTRL, 2252 ERR_R_INTERNAL_ERROR); 2253 return 0; 2254 } 2255 } else { 2256 SSLerr(SSL_F_SSL3_CTRL, 2257 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 2258 return 0; 2259 } 2260 break; 2261 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 2262 s->tlsext_debug_arg = parg; 2263 ret = 1; 2264 break; 2265 2266 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2267 s->tlsext_status_type = larg; 2268 ret = 1; 2269 break; 2270 2271 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 2272 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 2273 ret = 1; 2274 break; 2275 2276 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 2277 s->tlsext_ocsp_exts = parg; 2278 ret = 1; 2279 break; 2280 2281 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 2282 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 2283 ret = 1; 2284 break; 2285 2286 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 2287 s->tlsext_ocsp_ids = parg; 2288 ret = 1; 2289 break; 2290 2291 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 2292 *(unsigned char **)parg = s->tlsext_ocsp_resp; 2293 return s->tlsext_ocsp_resplen; 2294 2295 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2296 free(s->tlsext_ocsp_resp); 2297 s->tlsext_ocsp_resp = parg; 2298 s->tlsext_ocsp_resplen = larg; 2299 ret = 1; 2300 break; 2301 2302 case SSL_CTRL_SET_ECDH_AUTO: 2303 s->cert->ecdh_tmp_auto = larg; 2304 ret = 1; 2305 break; 2306 2307 default: 2308 break; 2309 } 2310 return (ret); 2311 } 2312 2313 long 2314 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 2315 { 2316 int ret = 0; 2317 2318 if (cmd == SSL_CTRL_SET_TMP_DH_CB) { 2319 if (!ssl_cert_inst(&s->cert)) { 2320 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, 2321 ERR_R_MALLOC_FAILURE); 2322 return (0); 2323 } 2324 } 2325 2326 switch (cmd) { 2327 case SSL_CTRL_SET_TMP_RSA_CB: 2328 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2329 break; 2330 case SSL_CTRL_SET_TMP_DH_CB: 2331 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2332 break; 2333 case SSL_CTRL_SET_TMP_ECDH_CB: 2334 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2335 break; 2336 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2337 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 2338 unsigned char *, int, void *))fp; 2339 break; 2340 default: 2341 break; 2342 } 2343 return (ret); 2344 } 2345 2346 long 2347 ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 2348 { 2349 CERT *cert; 2350 2351 cert = ctx->cert; 2352 2353 switch (cmd) { 2354 case SSL_CTRL_NEED_TMP_RSA: 2355 return (0); 2356 case SSL_CTRL_SET_TMP_RSA: 2357 case SSL_CTRL_SET_TMP_RSA_CB: 2358 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2359 return (0); 2360 case SSL_CTRL_SET_TMP_DH: 2361 { 2362 DH *new = NULL, *dh; 2363 2364 dh = (DH *)parg; 2365 if ((new = DHparams_dup(dh)) == NULL) { 2366 SSLerr(SSL_F_SSL3_CTX_CTRL, 2367 ERR_R_DH_LIB); 2368 return 0; 2369 } 2370 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { 2371 if (!DH_generate_key(new)) { 2372 SSLerr(SSL_F_SSL3_CTX_CTRL, 2373 ERR_R_DH_LIB); 2374 DH_free(new); 2375 return 0; 2376 } 2377 } 2378 DH_free(cert->dh_tmp); 2379 cert->dh_tmp = new; 2380 return 1; 2381 } 2382 /*break; */ 2383 2384 case SSL_CTRL_SET_TMP_DH_CB: 2385 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2386 return (0); 2387 2388 case SSL_CTRL_SET_DH_AUTO: 2389 ctx->cert->dh_tmp_auto = larg; 2390 return (1); 2391 2392 case SSL_CTRL_SET_TMP_ECDH: 2393 { 2394 EC_KEY *ecdh = NULL; 2395 2396 if (parg == NULL) { 2397 SSLerr(SSL_F_SSL3_CTX_CTRL, 2398 ERR_R_ECDH_LIB); 2399 return 0; 2400 } 2401 ecdh = EC_KEY_dup((EC_KEY *)parg); 2402 if (ecdh == NULL) { 2403 SSLerr(SSL_F_SSL3_CTX_CTRL, 2404 ERR_R_EC_LIB); 2405 return 0; 2406 } 2407 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 2408 if (!EC_KEY_generate_key(ecdh)) { 2409 EC_KEY_free(ecdh); 2410 SSLerr(SSL_F_SSL3_CTX_CTRL, 2411 ERR_R_ECDH_LIB); 2412 return 0; 2413 } 2414 } 2415 2416 EC_KEY_free(cert->ecdh_tmp); 2417 cert->ecdh_tmp = ecdh; 2418 return 1; 2419 } 2420 /* break; */ 2421 case SSL_CTRL_SET_TMP_ECDH_CB: 2422 { 2423 SSLerr(SSL_F_SSL3_CTX_CTRL, 2424 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2425 return (0); 2426 } 2427 break; 2428 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2429 ctx->tlsext_servername_arg = parg; 2430 break; 2431 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 2432 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 2433 { 2434 unsigned char *keys = parg; 2435 if (!keys) 2436 return 48; 2437 if (larg != 48) { 2438 SSLerr(SSL_F_SSL3_CTX_CTRL, 2439 SSL_R_INVALID_TICKET_KEYS_LENGTH); 2440 return 0; 2441 } 2442 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 2443 memcpy(ctx->tlsext_tick_key_name, keys, 16); 2444 memcpy(ctx->tlsext_tick_hmac_key, 2445 keys + 16, 16); 2446 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 2447 } else { 2448 memcpy(keys, ctx->tlsext_tick_key_name, 16); 2449 memcpy(keys + 16, 2450 ctx->tlsext_tick_hmac_key, 16); 2451 memcpy(keys + 32, 2452 ctx->tlsext_tick_aes_key, 16); 2453 } 2454 return 1; 2455 } 2456 2457 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2458 ctx->tlsext_status_arg = parg; 2459 return 1; 2460 break; 2461 2462 case SSL_CTRL_SET_ECDH_AUTO: 2463 ctx->cert->ecdh_tmp_auto = larg; 2464 return 1; 2465 2466 /* A Thawte special :-) */ 2467 case SSL_CTRL_EXTRA_CHAIN_CERT: 2468 if (ctx->extra_certs == NULL) { 2469 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) 2470 return (0); 2471 } 2472 sk_X509_push(ctx->extra_certs,(X509 *)parg); 2473 break; 2474 2475 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 2476 *(STACK_OF(X509) **)parg = ctx->extra_certs; 2477 break; 2478 2479 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 2480 if (ctx->extra_certs) { 2481 sk_X509_pop_free(ctx->extra_certs, X509_free); 2482 ctx->extra_certs = NULL; 2483 } 2484 break; 2485 2486 default: 2487 return (0); 2488 } 2489 return (1); 2490 } 2491 2492 long 2493 ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 2494 { 2495 CERT *cert; 2496 2497 cert = ctx->cert; 2498 2499 switch (cmd) { 2500 case SSL_CTRL_SET_TMP_RSA_CB: 2501 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2502 return (0); 2503 case SSL_CTRL_SET_TMP_DH_CB: 2504 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2505 break; 2506 case SSL_CTRL_SET_TMP_ECDH_CB: 2507 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2508 break; 2509 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2510 ctx->tlsext_servername_callback = 2511 (int (*)(SSL *, int *, void *))fp; 2512 break; 2513 2514 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2515 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2516 break; 2517 2518 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 2519 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 2520 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2521 break; 2522 2523 default: 2524 return (0); 2525 } 2526 return (1); 2527 } 2528 2529 /* 2530 * This function needs to check if the ciphers required are actually available. 2531 */ 2532 const SSL_CIPHER * 2533 ssl3_get_cipher_by_char(const unsigned char *p) 2534 { 2535 uint16_t cipher_value; 2536 2537 n2s(p, cipher_value); 2538 return ssl3_get_cipher_by_value(cipher_value); 2539 } 2540 2541 int 2542 ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 2543 { 2544 if (p != NULL) { 2545 if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) 2546 return (0); 2547 s2n(ssl3_cipher_get_value(c), p); 2548 } 2549 return (2); 2550 } 2551 2552 SSL_CIPHER * 2553 ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 2554 STACK_OF(SSL_CIPHER) *srvr) 2555 { 2556 unsigned long alg_k, alg_a, mask_k, mask_a; 2557 STACK_OF(SSL_CIPHER) *prio, *allow; 2558 SSL_CIPHER *c, *ret = NULL; 2559 int i, ii, ok; 2560 CERT *cert; 2561 2562 /* Let's see which ciphers we can support */ 2563 cert = s->cert; 2564 2565 /* 2566 * Do not set the compare functions, because this may lead to a 2567 * reordering by "id". We want to keep the original ordering. 2568 * We may pay a price in performance during sk_SSL_CIPHER_find(), 2569 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 2570 */ 2571 2572 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 2573 prio = srvr; 2574 allow = clnt; 2575 } else { 2576 prio = clnt; 2577 allow = srvr; 2578 } 2579 2580 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 2581 c = sk_SSL_CIPHER_value(prio, i); 2582 2583 /* Skip TLS v1.2 only ciphersuites if not supported. */ 2584 if ((c->algorithm_ssl & SSL_TLSV1_2) && 2585 !SSL_USE_TLS1_2_CIPHERS(s)) 2586 continue; 2587 2588 ssl_set_cert_masks(cert, c); 2589 mask_k = cert->mask_k; 2590 mask_a = cert->mask_a; 2591 2592 alg_k = c->algorithm_mkey; 2593 alg_a = c->algorithm_auth; 2594 2595 2596 ok = (alg_k & mask_k) && (alg_a & mask_a); 2597 2598 /* 2599 * If we are considering an ECC cipher suite that uses our 2600 * certificate check it. 2601 */ 2602 if (alg_a & (SSL_aECDSA|SSL_aECDH)) 2603 ok = ok && tls1_check_ec_server_key(s); 2604 /* 2605 * If we are considering an ECC cipher suite that uses 2606 * an ephemeral EC key check it. 2607 */ 2608 if (alg_k & SSL_kECDHE) 2609 ok = ok && tls1_check_ec_tmp_key(s); 2610 2611 if (!ok) 2612 continue; 2613 ii = sk_SSL_CIPHER_find(allow, c); 2614 if (ii >= 0) { 2615 if ((alg_k & SSL_kECDHE) && 2616 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { 2617 if (!ret) 2618 ret = sk_SSL_CIPHER_value(allow, ii); 2619 continue; 2620 } 2621 ret = sk_SSL_CIPHER_value(allow, ii); 2622 break; 2623 } 2624 } 2625 return (ret); 2626 } 2627 2628 int 2629 ssl3_get_req_cert_type(SSL *s, unsigned char *p) 2630 { 2631 int ret = 0; 2632 unsigned long alg_k; 2633 2634 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2635 2636 #ifndef OPENSSL_NO_GOST 2637 if ((alg_k & SSL_kGOST) && (s->version >= TLS1_VERSION)) { 2638 p[ret++] = TLS_CT_GOST94_SIGN; 2639 p[ret++] = TLS_CT_GOST01_SIGN; 2640 p[ret++] = TLS_CT_GOST12_256_SIGN; 2641 p[ret++] = TLS_CT_GOST12_512_SIGN; 2642 } 2643 #endif 2644 2645 if (alg_k & SSL_kDHE) { 2646 p[ret++] = SSL3_CT_RSA_FIXED_DH; 2647 p[ret++] = SSL3_CT_DSS_FIXED_DH; 2648 } 2649 if (s->version == SSL3_VERSION && (alg_k & SSL_kDHE)) { 2650 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; 2651 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; 2652 } 2653 p[ret++] = SSL3_CT_RSA_SIGN; 2654 p[ret++] = SSL3_CT_DSS_SIGN; 2655 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { 2656 p[ret++] = TLS_CT_RSA_FIXED_ECDH; 2657 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; 2658 } 2659 2660 /* 2661 * ECDSA certs can be used with RSA cipher suites as well 2662 * so we don't need to check for SSL_kECDH or SSL_kECDHE 2663 */ 2664 if (s->version >= TLS1_VERSION) { 2665 p[ret++] = TLS_CT_ECDSA_SIGN; 2666 } 2667 return (ret); 2668 } 2669 2670 int 2671 ssl3_shutdown(SSL *s) 2672 { 2673 int ret; 2674 2675 /* 2676 * Don't do anything much if we have not done the handshake or 2677 * we don't want to send messages :-) 2678 */ 2679 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 2680 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2681 return (1); 2682 } 2683 2684 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { 2685 s->shutdown|=SSL_SENT_SHUTDOWN; 2686 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 2687 /* 2688 * Our shutdown alert has been sent now, and if it still needs 2689 * to be written, s->s3->alert_dispatch will be true 2690 */ 2691 if (s->s3->alert_dispatch) 2692 return(-1); /* return WANT_WRITE */ 2693 } else if (s->s3->alert_dispatch) { 2694 /* resend it if not sent */ 2695 ret = s->method->ssl_dispatch_alert(s); 2696 if (ret == -1) { 2697 /* 2698 * We only get to return -1 here the 2nd/Nth 2699 * invocation, we must have already signalled 2700 * return 0 upon a previous invoation, 2701 * return WANT_WRITE 2702 */ 2703 return (ret); 2704 } 2705 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2706 /* If we are waiting for a close from our peer, we are closed */ 2707 s->method->ssl_read_bytes(s, 0, NULL, 0, 0); 2708 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2709 return(-1); /* return WANT_READ */ 2710 } 2711 } 2712 2713 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2714 !s->s3->alert_dispatch) 2715 return (1); 2716 else 2717 return (0); 2718 } 2719 2720 int 2721 ssl3_write(SSL *s, const void *buf, int len) 2722 { 2723 int ret, n; 2724 2725 #if 0 2726 if (s->shutdown & SSL_SEND_SHUTDOWN) { 2727 s->rwstate = SSL_NOTHING; 2728 return (0); 2729 } 2730 #endif 2731 errno = 0; 2732 if (s->s3->renegotiate) 2733 ssl3_renegotiate_check(s); 2734 2735 /* 2736 * This is an experimental flag that sends the 2737 * last handshake message in the same packet as the first 2738 * use data - used to see if it helps the TCP protocol during 2739 * session-id reuse 2740 */ 2741 /* The second test is because the buffer may have been removed */ 2742 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 2743 /* First time through, we write into the buffer */ 2744 if (s->s3->delay_buf_pop_ret == 0) { 2745 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2746 buf, len); 2747 if (ret <= 0) 2748 return (ret); 2749 2750 s->s3->delay_buf_pop_ret = ret; 2751 } 2752 2753 s->rwstate = SSL_WRITING; 2754 n = BIO_flush(s->wbio); 2755 if (n <= 0) 2756 return (n); 2757 s->rwstate = SSL_NOTHING; 2758 2759 /* We have flushed the buffer, so remove it */ 2760 ssl_free_wbio_buffer(s); 2761 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 2762 2763 ret = s->s3->delay_buf_pop_ret; 2764 s->s3->delay_buf_pop_ret = 0; 2765 } else { 2766 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2767 buf, len); 2768 if (ret <= 0) 2769 return (ret); 2770 } 2771 2772 return (ret); 2773 } 2774 2775 static int 2776 ssl3_read_internal(SSL *s, void *buf, int len, int peek) 2777 { 2778 int ret; 2779 2780 errno = 0; 2781 if (s->s3->renegotiate) 2782 ssl3_renegotiate_check(s); 2783 s->s3->in_read_app_data = 1; 2784 ret = s->method->ssl_read_bytes(s, 2785 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2786 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 2787 /* 2788 * ssl3_read_bytes decided to call s->handshake_func, which 2789 * called ssl3_read_bytes to read handshake data. 2790 * However, ssl3_read_bytes actually found application data 2791 * and thinks that application data makes sense here; so disable 2792 * handshake processing and try to read application data again. 2793 */ 2794 s->in_handshake++; 2795 ret = s->method->ssl_read_bytes(s, 2796 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2797 s->in_handshake--; 2798 } else 2799 s->s3->in_read_app_data = 0; 2800 2801 return (ret); 2802 } 2803 2804 int 2805 ssl3_read(SSL *s, void *buf, int len) 2806 { 2807 return ssl3_read_internal(s, buf, len, 0); 2808 } 2809 2810 int 2811 ssl3_peek(SSL *s, void *buf, int len) 2812 { 2813 return ssl3_read_internal(s, buf, len, 1); 2814 } 2815 2816 int 2817 ssl3_renegotiate(SSL *s) 2818 { 2819 if (s->handshake_func == NULL) 2820 return (1); 2821 2822 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 2823 return (0); 2824 2825 s->s3->renegotiate = 1; 2826 return (1); 2827 } 2828 2829 int 2830 ssl3_renegotiate_check(SSL *s) 2831 { 2832 int ret = 0; 2833 2834 if (s->s3->renegotiate) { 2835 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 2836 !SSL_in_init(s)) { 2837 /* 2838 * If we are the server, and we have sent 2839 * a 'RENEGOTIATE' message, we need to go 2840 * to SSL_ST_ACCEPT. 2841 */ 2842 /* SSL_ST_ACCEPT */ 2843 s->state = SSL_ST_RENEGOTIATE; 2844 s->s3->renegotiate = 0; 2845 s->s3->num_renegotiations++; 2846 s->s3->total_renegotiations++; 2847 ret = 1; 2848 } 2849 } 2850 return (ret); 2851 } 2852 /* 2853 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF 2854 * and handshake macs if required. 2855 */ 2856 long 2857 ssl_get_algorithm2(SSL *s) 2858 { 2859 long alg2 = s->s3->tmp.new_cipher->algorithm2; 2860 2861 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && 2862 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 2863 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 2864 return alg2; 2865 } 2866