1 /* $OpenBSD: s3_lib.c,v 1.136 2017/03/04 16:32:00 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * 114 * Portions of the attached software ("Contribution") are developed by 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 * 117 * The Contribution is licensed pursuant to the OpenSSL open source 118 * license provided above. 119 * 120 * ECC cipher suite support in OpenSSL originally written by 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 * 123 */ 124 /* ==================================================================== 125 * Copyright 2005 Nokia. All rights reserved. 126 * 127 * The portions of the attached software ("Contribution") is developed by 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 * license. 130 * 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 * support (see RFC 4279) to OpenSSL. 134 * 135 * No patent licenses or other rights except those expressly stated in 136 * the OpenSSL open source license shall be deemed granted or received 137 * expressly, by implication, estoppel, or otherwise. 138 * 139 * No assurances are provided by Nokia that the Contribution does not 140 * infringe the patent or other intellectual property rights of any third 141 * party or that the license provides you with all the necessary rights 142 * to make use of the Contribution. 143 * 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 * OTHERWISE. 149 */ 150 151 #include <limits.h> 152 #include <stdio.h> 153 154 #include <openssl/bn.h> 155 #include <openssl/curve25519.h> 156 #include <openssl/dh.h> 157 #include <openssl/md5.h> 158 #include <openssl/objects.h> 159 160 #include "ssl_locl.h" 161 #include "bytestring.h" 162 163 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) 164 165 /* 166 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the 167 * fixed nonce length in algorithms2. It is the inverse of the 168 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro. 169 */ 170 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) 171 172 /* list of available SSLv3 ciphers (sorted by id) */ 173 SSL_CIPHER ssl3_ciphers[] = { 174 175 /* The RSA ciphers */ 176 /* Cipher 01 */ 177 { 178 .valid = 1, 179 .name = SSL3_TXT_RSA_NULL_MD5, 180 .id = SSL3_CK_RSA_NULL_MD5, 181 .algorithm_mkey = SSL_kRSA, 182 .algorithm_auth = SSL_aRSA, 183 .algorithm_enc = SSL_eNULL, 184 .algorithm_mac = SSL_MD5, 185 .algorithm_ssl = SSL_SSLV3, 186 .algo_strength = SSL_STRONG_NONE, 187 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 188 .strength_bits = 0, 189 .alg_bits = 0, 190 }, 191 192 /* Cipher 02 */ 193 { 194 .valid = 1, 195 .name = SSL3_TXT_RSA_NULL_SHA, 196 .id = SSL3_CK_RSA_NULL_SHA, 197 .algorithm_mkey = SSL_kRSA, 198 .algorithm_auth = SSL_aRSA, 199 .algorithm_enc = SSL_eNULL, 200 .algorithm_mac = SSL_SHA1, 201 .algorithm_ssl = SSL_SSLV3, 202 .algo_strength = SSL_STRONG_NONE, 203 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 204 .strength_bits = 0, 205 .alg_bits = 0, 206 }, 207 208 /* Cipher 04 */ 209 { 210 .valid = 1, 211 .name = SSL3_TXT_RSA_RC4_128_MD5, 212 .id = SSL3_CK_RSA_RC4_128_MD5, 213 .algorithm_mkey = SSL_kRSA, 214 .algorithm_auth = SSL_aRSA, 215 .algorithm_enc = SSL_RC4, 216 .algorithm_mac = SSL_MD5, 217 .algorithm_ssl = SSL_SSLV3, 218 .algo_strength = SSL_LOW, 219 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 220 .strength_bits = 128, 221 .alg_bits = 128, 222 }, 223 224 /* Cipher 05 */ 225 { 226 .valid = 1, 227 .name = SSL3_TXT_RSA_RC4_128_SHA, 228 .id = SSL3_CK_RSA_RC4_128_SHA, 229 .algorithm_mkey = SSL_kRSA, 230 .algorithm_auth = SSL_aRSA, 231 .algorithm_enc = SSL_RC4, 232 .algorithm_mac = SSL_SHA1, 233 .algorithm_ssl = SSL_SSLV3, 234 .algo_strength = SSL_LOW, 235 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 236 .strength_bits = 128, 237 .alg_bits = 128, 238 }, 239 240 /* Cipher 09 */ 241 { 242 .valid = 1, 243 .name = SSL3_TXT_RSA_DES_64_CBC_SHA, 244 .id = SSL3_CK_RSA_DES_64_CBC_SHA, 245 .algorithm_mkey = SSL_kRSA, 246 .algorithm_auth = SSL_aRSA, 247 .algorithm_enc = SSL_DES, 248 .algorithm_mac = SSL_SHA1, 249 .algorithm_ssl = SSL_SSLV3, 250 .algo_strength = SSL_LOW, 251 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 252 .strength_bits = 56, 253 .alg_bits = 56, 254 }, 255 256 /* Cipher 0A */ 257 { 258 .valid = 1, 259 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, 260 .id = SSL3_CK_RSA_DES_192_CBC3_SHA, 261 .algorithm_mkey = SSL_kRSA, 262 .algorithm_auth = SSL_aRSA, 263 .algorithm_enc = SSL_3DES, 264 .algorithm_mac = SSL_SHA1, 265 .algorithm_ssl = SSL_SSLV3, 266 .algo_strength = SSL_MEDIUM, 267 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 268 .strength_bits = 112, 269 .alg_bits = 168, 270 }, 271 272 /* 273 * Ephemeral DH (DHE) ciphers. 274 */ 275 276 /* Cipher 12 */ 277 { 278 .valid = 1, 279 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 280 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 281 .algorithm_mkey = SSL_kDHE, 282 .algorithm_auth = SSL_aDSS, 283 .algorithm_enc = SSL_DES, 284 .algorithm_mac = SSL_SHA1, 285 .algorithm_ssl = SSL_SSLV3, 286 .algo_strength = SSL_LOW, 287 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 288 .strength_bits = 56, 289 .alg_bits = 56, 290 }, 291 292 /* Cipher 13 */ 293 { 294 .valid = 1, 295 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 296 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 297 .algorithm_mkey = SSL_kDHE, 298 .algorithm_auth = SSL_aDSS, 299 .algorithm_enc = SSL_3DES, 300 .algorithm_mac = SSL_SHA1, 301 .algorithm_ssl = SSL_SSLV3, 302 .algo_strength = SSL_MEDIUM, 303 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 304 .strength_bits = 112, 305 .alg_bits = 168, 306 }, 307 308 /* Cipher 15 */ 309 { 310 .valid = 1, 311 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 312 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 313 .algorithm_mkey = SSL_kDHE, 314 .algorithm_auth = SSL_aRSA, 315 .algorithm_enc = SSL_DES, 316 .algorithm_mac = SSL_SHA1, 317 .algorithm_ssl = SSL_SSLV3, 318 .algo_strength = SSL_LOW, 319 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 320 .strength_bits = 56, 321 .alg_bits = 56, 322 }, 323 324 /* Cipher 16 */ 325 { 326 .valid = 1, 327 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 328 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 329 .algorithm_mkey = SSL_kDHE, 330 .algorithm_auth = SSL_aRSA, 331 .algorithm_enc = SSL_3DES, 332 .algorithm_mac = SSL_SHA1, 333 .algorithm_ssl = SSL_SSLV3, 334 .algo_strength = SSL_MEDIUM, 335 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 336 .strength_bits = 112, 337 .alg_bits = 168, 338 }, 339 340 /* Cipher 18 */ 341 { 342 .valid = 1, 343 .name = SSL3_TXT_ADH_RC4_128_MD5, 344 .id = SSL3_CK_ADH_RC4_128_MD5, 345 .algorithm_mkey = SSL_kDHE, 346 .algorithm_auth = SSL_aNULL, 347 .algorithm_enc = SSL_RC4, 348 .algorithm_mac = SSL_MD5, 349 .algorithm_ssl = SSL_SSLV3, 350 .algo_strength = SSL_LOW, 351 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 352 .strength_bits = 128, 353 .alg_bits = 128, 354 }, 355 356 /* Cipher 1A */ 357 { 358 .valid = 1, 359 .name = SSL3_TXT_ADH_DES_64_CBC_SHA, 360 .id = SSL3_CK_ADH_DES_64_CBC_SHA, 361 .algorithm_mkey = SSL_kDHE, 362 .algorithm_auth = SSL_aNULL, 363 .algorithm_enc = SSL_DES, 364 .algorithm_mac = SSL_SHA1, 365 .algorithm_ssl = SSL_SSLV3, 366 .algo_strength = SSL_LOW, 367 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 368 .strength_bits = 56, 369 .alg_bits = 56, 370 }, 371 372 /* Cipher 1B */ 373 { 374 .valid = 1, 375 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 376 .id = SSL3_CK_ADH_DES_192_CBC_SHA, 377 .algorithm_mkey = SSL_kDHE, 378 .algorithm_auth = SSL_aNULL, 379 .algorithm_enc = SSL_3DES, 380 .algorithm_mac = SSL_SHA1, 381 .algorithm_ssl = SSL_SSLV3, 382 .algo_strength = SSL_MEDIUM, 383 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 384 .strength_bits = 112, 385 .alg_bits = 168, 386 }, 387 388 /* 389 * AES ciphersuites. 390 */ 391 392 /* Cipher 2F */ 393 { 394 .valid = 1, 395 .name = TLS1_TXT_RSA_WITH_AES_128_SHA, 396 .id = TLS1_CK_RSA_WITH_AES_128_SHA, 397 .algorithm_mkey = SSL_kRSA, 398 .algorithm_auth = SSL_aRSA, 399 .algorithm_enc = SSL_AES128, 400 .algorithm_mac = SSL_SHA1, 401 .algorithm_ssl = SSL_TLSV1, 402 .algo_strength = SSL_HIGH, 403 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 404 .strength_bits = 128, 405 .alg_bits = 128, 406 }, 407 408 /* Cipher 32 */ 409 { 410 .valid = 1, 411 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 412 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 413 .algorithm_mkey = SSL_kDHE, 414 .algorithm_auth = SSL_aDSS, 415 .algorithm_enc = SSL_AES128, 416 .algorithm_mac = SSL_SHA1, 417 .algorithm_ssl = SSL_TLSV1, 418 .algo_strength = SSL_HIGH, 419 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 420 .strength_bits = 128, 421 .alg_bits = 128, 422 }, 423 424 /* Cipher 33 */ 425 { 426 .valid = 1, 427 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 428 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 429 .algorithm_mkey = SSL_kDHE, 430 .algorithm_auth = SSL_aRSA, 431 .algorithm_enc = SSL_AES128, 432 .algorithm_mac = SSL_SHA1, 433 .algorithm_ssl = SSL_TLSV1, 434 .algo_strength = SSL_HIGH, 435 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 436 .strength_bits = 128, 437 .alg_bits = 128, 438 }, 439 440 /* Cipher 34 */ 441 { 442 .valid = 1, 443 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 444 .id = TLS1_CK_ADH_WITH_AES_128_SHA, 445 .algorithm_mkey = SSL_kDHE, 446 .algorithm_auth = SSL_aNULL, 447 .algorithm_enc = SSL_AES128, 448 .algorithm_mac = SSL_SHA1, 449 .algorithm_ssl = SSL_TLSV1, 450 .algo_strength = SSL_HIGH, 451 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 452 .strength_bits = 128, 453 .alg_bits = 128, 454 }, 455 456 /* Cipher 35 */ 457 { 458 .valid = 1, 459 .name = TLS1_TXT_RSA_WITH_AES_256_SHA, 460 .id = TLS1_CK_RSA_WITH_AES_256_SHA, 461 .algorithm_mkey = SSL_kRSA, 462 .algorithm_auth = SSL_aRSA, 463 .algorithm_enc = SSL_AES256, 464 .algorithm_mac = SSL_SHA1, 465 .algorithm_ssl = SSL_TLSV1, 466 .algo_strength = SSL_HIGH, 467 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 468 .strength_bits = 256, 469 .alg_bits = 256, 470 }, 471 472 /* Cipher 38 */ 473 { 474 .valid = 1, 475 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 476 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 477 .algorithm_mkey = SSL_kDHE, 478 .algorithm_auth = SSL_aDSS, 479 .algorithm_enc = SSL_AES256, 480 .algorithm_mac = SSL_SHA1, 481 .algorithm_ssl = SSL_TLSV1, 482 .algo_strength = SSL_HIGH, 483 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 484 .strength_bits = 256, 485 .alg_bits = 256, 486 }, 487 488 /* Cipher 39 */ 489 { 490 .valid = 1, 491 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 492 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 493 .algorithm_mkey = SSL_kDHE, 494 .algorithm_auth = SSL_aRSA, 495 .algorithm_enc = SSL_AES256, 496 .algorithm_mac = SSL_SHA1, 497 .algorithm_ssl = SSL_TLSV1, 498 .algo_strength = SSL_HIGH, 499 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 500 .strength_bits = 256, 501 .alg_bits = 256, 502 }, 503 504 /* Cipher 3A */ 505 { 506 .valid = 1, 507 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 508 .id = TLS1_CK_ADH_WITH_AES_256_SHA, 509 .algorithm_mkey = SSL_kDHE, 510 .algorithm_auth = SSL_aNULL, 511 .algorithm_enc = SSL_AES256, 512 .algorithm_mac = SSL_SHA1, 513 .algorithm_ssl = SSL_TLSV1, 514 .algo_strength = SSL_HIGH, 515 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 516 .strength_bits = 256, 517 .alg_bits = 256, 518 }, 519 520 /* TLS v1.2 ciphersuites */ 521 /* Cipher 3B */ 522 { 523 .valid = 1, 524 .name = TLS1_TXT_RSA_WITH_NULL_SHA256, 525 .id = TLS1_CK_RSA_WITH_NULL_SHA256, 526 .algorithm_mkey = SSL_kRSA, 527 .algorithm_auth = SSL_aRSA, 528 .algorithm_enc = SSL_eNULL, 529 .algorithm_mac = SSL_SHA256, 530 .algorithm_ssl = SSL_TLSV1_2, 531 .algo_strength = SSL_STRONG_NONE, 532 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 533 .strength_bits = 0, 534 .alg_bits = 0, 535 }, 536 537 /* Cipher 3C */ 538 { 539 .valid = 1, 540 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, 541 .id = TLS1_CK_RSA_WITH_AES_128_SHA256, 542 .algorithm_mkey = SSL_kRSA, 543 .algorithm_auth = SSL_aRSA, 544 .algorithm_enc = SSL_AES128, 545 .algorithm_mac = SSL_SHA256, 546 .algorithm_ssl = SSL_TLSV1_2, 547 .algo_strength = SSL_HIGH, 548 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 549 .strength_bits = 128, 550 .alg_bits = 128, 551 }, 552 553 /* Cipher 3D */ 554 { 555 .valid = 1, 556 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, 557 .id = TLS1_CK_RSA_WITH_AES_256_SHA256, 558 .algorithm_mkey = SSL_kRSA, 559 .algorithm_auth = SSL_aRSA, 560 .algorithm_enc = SSL_AES256, 561 .algorithm_mac = SSL_SHA256, 562 .algorithm_ssl = SSL_TLSV1_2, 563 .algo_strength = SSL_HIGH, 564 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 565 .strength_bits = 256, 566 .alg_bits = 256, 567 }, 568 569 /* Cipher 40 */ 570 { 571 .valid = 1, 572 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 573 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 574 .algorithm_mkey = SSL_kDHE, 575 .algorithm_auth = SSL_aDSS, 576 .algorithm_enc = SSL_AES128, 577 .algorithm_mac = SSL_SHA256, 578 .algorithm_ssl = SSL_TLSV1_2, 579 .algo_strength = SSL_HIGH, 580 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 581 .strength_bits = 128, 582 .alg_bits = 128, 583 }, 584 585 #ifndef OPENSSL_NO_CAMELLIA 586 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 587 588 /* Cipher 41 */ 589 { 590 .valid = 1, 591 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 592 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 593 .algorithm_mkey = SSL_kRSA, 594 .algorithm_auth = SSL_aRSA, 595 .algorithm_enc = SSL_CAMELLIA128, 596 .algorithm_mac = SSL_SHA1, 597 .algorithm_ssl = SSL_TLSV1, 598 .algo_strength = SSL_HIGH, 599 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 600 .strength_bits = 128, 601 .alg_bits = 128, 602 }, 603 604 /* Cipher 44 */ 605 { 606 .valid = 1, 607 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 608 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 609 .algorithm_mkey = SSL_kDHE, 610 .algorithm_auth = SSL_aDSS, 611 .algorithm_enc = SSL_CAMELLIA128, 612 .algorithm_mac = SSL_SHA1, 613 .algorithm_ssl = SSL_TLSV1, 614 .algo_strength = SSL_HIGH, 615 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 616 .strength_bits = 128, 617 .alg_bits = 128, 618 }, 619 620 /* Cipher 45 */ 621 { 622 .valid = 1, 623 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 624 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 625 .algorithm_mkey = SSL_kDHE, 626 .algorithm_auth = SSL_aRSA, 627 .algorithm_enc = SSL_CAMELLIA128, 628 .algorithm_mac = SSL_SHA1, 629 .algorithm_ssl = SSL_TLSV1, 630 .algo_strength = SSL_HIGH, 631 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 632 .strength_bits = 128, 633 .alg_bits = 128, 634 }, 635 636 /* Cipher 46 */ 637 { 638 .valid = 1, 639 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 640 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 641 .algorithm_mkey = SSL_kDHE, 642 .algorithm_auth = SSL_aNULL, 643 .algorithm_enc = SSL_CAMELLIA128, 644 .algorithm_mac = SSL_SHA1, 645 .algorithm_ssl = SSL_TLSV1, 646 .algo_strength = SSL_HIGH, 647 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 648 .strength_bits = 128, 649 .alg_bits = 128, 650 }, 651 #endif /* OPENSSL_NO_CAMELLIA */ 652 653 /* TLS v1.2 ciphersuites */ 654 /* Cipher 67 */ 655 { 656 .valid = 1, 657 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 658 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 659 .algorithm_mkey = SSL_kDHE, 660 .algorithm_auth = SSL_aRSA, 661 .algorithm_enc = SSL_AES128, 662 .algorithm_mac = SSL_SHA256, 663 .algorithm_ssl = SSL_TLSV1_2, 664 .algo_strength = SSL_HIGH, 665 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 666 .strength_bits = 128, 667 .alg_bits = 128, 668 }, 669 670 /* Cipher 6A */ 671 { 672 .valid = 1, 673 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 674 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 675 .algorithm_mkey = SSL_kDHE, 676 .algorithm_auth = SSL_aDSS, 677 .algorithm_enc = SSL_AES256, 678 .algorithm_mac = SSL_SHA256, 679 .algorithm_ssl = SSL_TLSV1_2, 680 .algo_strength = SSL_HIGH, 681 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 682 .strength_bits = 256, 683 .alg_bits = 256, 684 }, 685 686 /* Cipher 6B */ 687 { 688 .valid = 1, 689 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 690 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 691 .algorithm_mkey = SSL_kDHE, 692 .algorithm_auth = SSL_aRSA, 693 .algorithm_enc = SSL_AES256, 694 .algorithm_mac = SSL_SHA256, 695 .algorithm_ssl = SSL_TLSV1_2, 696 .algo_strength = SSL_HIGH, 697 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 698 .strength_bits = 256, 699 .alg_bits = 256, 700 }, 701 702 /* Cipher 6C */ 703 { 704 .valid = 1, 705 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 706 .id = TLS1_CK_ADH_WITH_AES_128_SHA256, 707 .algorithm_mkey = SSL_kDHE, 708 .algorithm_auth = SSL_aNULL, 709 .algorithm_enc = SSL_AES128, 710 .algorithm_mac = SSL_SHA256, 711 .algorithm_ssl = SSL_TLSV1_2, 712 .algo_strength = SSL_HIGH, 713 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 714 .strength_bits = 128, 715 .alg_bits = 128, 716 }, 717 718 /* Cipher 6D */ 719 { 720 .valid = 1, 721 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 722 .id = TLS1_CK_ADH_WITH_AES_256_SHA256, 723 .algorithm_mkey = SSL_kDHE, 724 .algorithm_auth = SSL_aNULL, 725 .algorithm_enc = SSL_AES256, 726 .algorithm_mac = SSL_SHA256, 727 .algorithm_ssl = SSL_TLSV1_2, 728 .algo_strength = SSL_HIGH, 729 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 730 .strength_bits = 256, 731 .alg_bits = 256, 732 }, 733 734 /* GOST Ciphersuites */ 735 736 /* Cipher 81 */ 737 { 738 .valid = 1, 739 .name = "GOST2001-GOST89-GOST89", 740 .id = 0x3000081, 741 .algorithm_mkey = SSL_kGOST, 742 .algorithm_auth = SSL_aGOST01, 743 .algorithm_enc = SSL_eGOST2814789CNT, 744 .algorithm_mac = SSL_GOST89MAC, 745 .algorithm_ssl = SSL_TLSV1, 746 .algo_strength = SSL_HIGH, 747 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| 748 TLS1_STREAM_MAC, 749 .strength_bits = 256, 750 .alg_bits = 256 751 }, 752 753 /* Cipher 83 */ 754 { 755 .valid = 1, 756 .name = "GOST2001-NULL-GOST94", 757 .id = 0x3000083, 758 .algorithm_mkey = SSL_kGOST, 759 .algorithm_auth = SSL_aGOST01, 760 .algorithm_enc = SSL_eNULL, 761 .algorithm_mac = SSL_GOST94, 762 .algorithm_ssl = SSL_TLSV1, 763 .algo_strength = SSL_STRONG_NONE, 764 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 765 .strength_bits = 0, 766 .alg_bits = 0 767 }, 768 769 #ifndef OPENSSL_NO_CAMELLIA 770 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 771 772 /* Cipher 84 */ 773 { 774 .valid = 1, 775 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 776 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 777 .algorithm_mkey = SSL_kRSA, 778 .algorithm_auth = SSL_aRSA, 779 .algorithm_enc = SSL_CAMELLIA256, 780 .algorithm_mac = SSL_SHA1, 781 .algorithm_ssl = SSL_TLSV1, 782 .algo_strength = SSL_HIGH, 783 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 784 .strength_bits = 256, 785 .alg_bits = 256, 786 }, 787 788 /* Cipher 87 */ 789 { 790 .valid = 1, 791 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 792 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 793 .algorithm_mkey = SSL_kDHE, 794 .algorithm_auth = SSL_aDSS, 795 .algorithm_enc = SSL_CAMELLIA256, 796 .algorithm_mac = SSL_SHA1, 797 .algorithm_ssl = SSL_TLSV1, 798 .algo_strength = SSL_HIGH, 799 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 800 .strength_bits = 256, 801 .alg_bits = 256, 802 }, 803 804 /* Cipher 88 */ 805 { 806 .valid = 1, 807 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 808 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 809 .algorithm_mkey = SSL_kDHE, 810 .algorithm_auth = SSL_aRSA, 811 .algorithm_enc = SSL_CAMELLIA256, 812 .algorithm_mac = SSL_SHA1, 813 .algorithm_ssl = SSL_TLSV1, 814 .algo_strength = SSL_HIGH, 815 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 816 .strength_bits = 256, 817 .alg_bits = 256, 818 }, 819 820 /* Cipher 89 */ 821 { 822 .valid = 1, 823 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 824 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 825 .algorithm_mkey = SSL_kDHE, 826 .algorithm_auth = SSL_aNULL, 827 .algorithm_enc = SSL_CAMELLIA256, 828 .algorithm_mac = SSL_SHA1, 829 .algorithm_ssl = SSL_TLSV1, 830 .algo_strength = SSL_HIGH, 831 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 832 .strength_bits = 256, 833 .alg_bits = 256, 834 }, 835 #endif /* OPENSSL_NO_CAMELLIA */ 836 837 /* 838 * GCM ciphersuites from RFC5288. 839 */ 840 841 /* Cipher 9C */ 842 { 843 .valid = 1, 844 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 845 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 846 .algorithm_mkey = SSL_kRSA, 847 .algorithm_auth = SSL_aRSA, 848 .algorithm_enc = SSL_AES128GCM, 849 .algorithm_mac = SSL_AEAD, 850 .algorithm_ssl = SSL_TLSV1_2, 851 .algo_strength = SSL_HIGH, 852 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 853 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 854 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 855 .strength_bits = 128, 856 .alg_bits = 128, 857 }, 858 859 /* Cipher 9D */ 860 { 861 .valid = 1, 862 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 863 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 864 .algorithm_mkey = SSL_kRSA, 865 .algorithm_auth = SSL_aRSA, 866 .algorithm_enc = SSL_AES256GCM, 867 .algorithm_mac = SSL_AEAD, 868 .algorithm_ssl = SSL_TLSV1_2, 869 .algo_strength = SSL_HIGH, 870 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 871 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 872 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 873 .strength_bits = 256, 874 .alg_bits = 256, 875 }, 876 877 /* Cipher 9E */ 878 { 879 .valid = 1, 880 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 881 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 882 .algorithm_mkey = SSL_kDHE, 883 .algorithm_auth = SSL_aRSA, 884 .algorithm_enc = SSL_AES128GCM, 885 .algorithm_mac = SSL_AEAD, 886 .algorithm_ssl = SSL_TLSV1_2, 887 .algo_strength = SSL_HIGH, 888 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 889 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 890 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 891 .strength_bits = 128, 892 .alg_bits = 128, 893 }, 894 895 /* Cipher 9F */ 896 { 897 .valid = 1, 898 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 899 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 900 .algorithm_mkey = SSL_kDHE, 901 .algorithm_auth = SSL_aRSA, 902 .algorithm_enc = SSL_AES256GCM, 903 .algorithm_mac = SSL_AEAD, 904 .algorithm_ssl = SSL_TLSV1_2, 905 .algo_strength = SSL_HIGH, 906 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 907 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 908 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 909 .strength_bits = 256, 910 .alg_bits = 256, 911 }, 912 913 /* Cipher A2 */ 914 { 915 .valid = 1, 916 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 917 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 918 .algorithm_mkey = SSL_kDHE, 919 .algorithm_auth = SSL_aDSS, 920 .algorithm_enc = SSL_AES128GCM, 921 .algorithm_mac = SSL_AEAD, 922 .algorithm_ssl = SSL_TLSV1_2, 923 .algo_strength = SSL_HIGH, 924 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 925 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 926 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 927 .strength_bits = 128, 928 .alg_bits = 128, 929 }, 930 931 /* Cipher A3 */ 932 { 933 .valid = 1, 934 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 935 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 936 .algorithm_mkey = SSL_kDHE, 937 .algorithm_auth = SSL_aDSS, 938 .algorithm_enc = SSL_AES256GCM, 939 .algorithm_mac = SSL_AEAD, 940 .algorithm_ssl = SSL_TLSV1_2, 941 .algo_strength = SSL_HIGH, 942 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 943 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 944 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 945 .strength_bits = 256, 946 .alg_bits = 256, 947 }, 948 949 /* Cipher A6 */ 950 { 951 .valid = 1, 952 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 953 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 954 .algorithm_mkey = SSL_kDHE, 955 .algorithm_auth = SSL_aNULL, 956 .algorithm_enc = SSL_AES128GCM, 957 .algorithm_mac = SSL_AEAD, 958 .algorithm_ssl = SSL_TLSV1_2, 959 .algo_strength = SSL_HIGH, 960 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 961 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 962 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 963 .strength_bits = 128, 964 .alg_bits = 128, 965 }, 966 967 /* Cipher A7 */ 968 { 969 .valid = 1, 970 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 971 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 972 .algorithm_mkey = SSL_kDHE, 973 .algorithm_auth = SSL_aNULL, 974 .algorithm_enc = SSL_AES256GCM, 975 .algorithm_mac = SSL_AEAD, 976 .algorithm_ssl = SSL_TLSV1_2, 977 .algo_strength = SSL_HIGH, 978 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 979 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 980 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 981 .strength_bits = 256, 982 .alg_bits = 256, 983 }, 984 985 #ifndef OPENSSL_NO_CAMELLIA 986 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 987 988 /* Cipher BA */ 989 { 990 .valid = 1, 991 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, 992 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, 993 .algorithm_mkey = SSL_kRSA, 994 .algorithm_auth = SSL_aRSA, 995 .algorithm_enc = SSL_CAMELLIA128, 996 .algorithm_mac = SSL_SHA256, 997 .algorithm_ssl = SSL_TLSV1_2, 998 .algo_strength = SSL_HIGH, 999 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1000 .strength_bits = 128, 1001 .alg_bits = 128, 1002 }, 1003 1004 /* Cipher BD */ 1005 { 1006 .valid = 1, 1007 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 1008 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 1009 .algorithm_mkey = SSL_kDHE, 1010 .algorithm_auth = SSL_aDSS, 1011 .algorithm_enc = SSL_CAMELLIA128, 1012 .algorithm_mac = SSL_SHA256, 1013 .algorithm_ssl = SSL_TLSV1_2, 1014 .algo_strength = SSL_HIGH, 1015 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1016 .strength_bits = 128, 1017 .alg_bits = 128, 1018 }, 1019 1020 /* Cipher BE */ 1021 { 1022 .valid = 1, 1023 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1024 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1025 .algorithm_mkey = SSL_kDHE, 1026 .algorithm_auth = SSL_aRSA, 1027 .algorithm_enc = SSL_CAMELLIA128, 1028 .algorithm_mac = SSL_SHA256, 1029 .algorithm_ssl = SSL_TLSV1_2, 1030 .algo_strength = SSL_HIGH, 1031 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1032 .strength_bits = 128, 1033 .alg_bits = 128, 1034 }, 1035 1036 /* Cipher BF */ 1037 { 1038 .valid = 1, 1039 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, 1040 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, 1041 .algorithm_mkey = SSL_kDHE, 1042 .algorithm_auth = SSL_aNULL, 1043 .algorithm_enc = SSL_CAMELLIA128, 1044 .algorithm_mac = SSL_SHA256, 1045 .algorithm_ssl = SSL_TLSV1_2, 1046 .algo_strength = SSL_HIGH, 1047 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1048 .strength_bits = 128, 1049 .alg_bits = 128, 1050 }, 1051 1052 /* Cipher C0 */ 1053 { 1054 .valid = 1, 1055 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1056 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1057 .algorithm_mkey = SSL_kRSA, 1058 .algorithm_auth = SSL_aRSA, 1059 .algorithm_enc = SSL_CAMELLIA256, 1060 .algorithm_mac = SSL_SHA256, 1061 .algorithm_ssl = SSL_TLSV1_2, 1062 .algo_strength = SSL_HIGH, 1063 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1064 .strength_bits = 256, 1065 .alg_bits = 256, 1066 }, 1067 1068 /* Cipher C3 */ 1069 { 1070 .valid = 1, 1071 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 1072 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 1073 .algorithm_mkey = SSL_kDHE, 1074 .algorithm_auth = SSL_aDSS, 1075 .algorithm_enc = SSL_CAMELLIA256, 1076 .algorithm_mac = SSL_SHA256, 1077 .algorithm_ssl = SSL_TLSV1_2, 1078 .algo_strength = SSL_HIGH, 1079 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1080 .strength_bits = 256, 1081 .alg_bits = 256, 1082 }, 1083 1084 /* Cipher C4 */ 1085 { 1086 .valid = 1, 1087 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1088 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1089 .algorithm_mkey = SSL_kDHE, 1090 .algorithm_auth = SSL_aRSA, 1091 .algorithm_enc = SSL_CAMELLIA256, 1092 .algorithm_mac = SSL_SHA256, 1093 .algorithm_ssl = SSL_TLSV1_2, 1094 .algo_strength = SSL_HIGH, 1095 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1096 .strength_bits = 256, 1097 .alg_bits = 256, 1098 }, 1099 1100 /* Cipher C5 */ 1101 { 1102 .valid = 1, 1103 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, 1104 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, 1105 .algorithm_mkey = SSL_kDHE, 1106 .algorithm_auth = SSL_aNULL, 1107 .algorithm_enc = SSL_CAMELLIA256, 1108 .algorithm_mac = SSL_SHA256, 1109 .algorithm_ssl = SSL_TLSV1_2, 1110 .algo_strength = SSL_HIGH, 1111 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1112 .strength_bits = 256, 1113 .alg_bits = 256, 1114 }, 1115 #endif /* OPENSSL_NO_CAMELLIA */ 1116 1117 /* Cipher C006 */ 1118 { 1119 .valid = 1, 1120 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1121 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1122 .algorithm_mkey = SSL_kECDHE, 1123 .algorithm_auth = SSL_aECDSA, 1124 .algorithm_enc = SSL_eNULL, 1125 .algorithm_mac = SSL_SHA1, 1126 .algorithm_ssl = SSL_TLSV1, 1127 .algo_strength = SSL_STRONG_NONE, 1128 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1129 .strength_bits = 0, 1130 .alg_bits = 0, 1131 }, 1132 1133 /* Cipher C007 */ 1134 { 1135 .valid = 1, 1136 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1137 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1138 .algorithm_mkey = SSL_kECDHE, 1139 .algorithm_auth = SSL_aECDSA, 1140 .algorithm_enc = SSL_RC4, 1141 .algorithm_mac = SSL_SHA1, 1142 .algorithm_ssl = SSL_TLSV1, 1143 .algo_strength = SSL_LOW, 1144 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1145 .strength_bits = 128, 1146 .alg_bits = 128, 1147 }, 1148 1149 /* Cipher C008 */ 1150 { 1151 .valid = 1, 1152 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1153 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1154 .algorithm_mkey = SSL_kECDHE, 1155 .algorithm_auth = SSL_aECDSA, 1156 .algorithm_enc = SSL_3DES, 1157 .algorithm_mac = SSL_SHA1, 1158 .algorithm_ssl = SSL_TLSV1, 1159 .algo_strength = SSL_MEDIUM, 1160 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1161 .strength_bits = 112, 1162 .alg_bits = 168, 1163 }, 1164 1165 /* Cipher C009 */ 1166 { 1167 .valid = 1, 1168 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1169 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1170 .algorithm_mkey = SSL_kECDHE, 1171 .algorithm_auth = SSL_aECDSA, 1172 .algorithm_enc = SSL_AES128, 1173 .algorithm_mac = SSL_SHA1, 1174 .algorithm_ssl = SSL_TLSV1, 1175 .algo_strength = SSL_HIGH, 1176 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1177 .strength_bits = 128, 1178 .alg_bits = 128, 1179 }, 1180 1181 /* Cipher C00A */ 1182 { 1183 .valid = 1, 1184 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1185 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1186 .algorithm_mkey = SSL_kECDHE, 1187 .algorithm_auth = SSL_aECDSA, 1188 .algorithm_enc = SSL_AES256, 1189 .algorithm_mac = SSL_SHA1, 1190 .algorithm_ssl = SSL_TLSV1, 1191 .algo_strength = SSL_HIGH, 1192 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1193 .strength_bits = 256, 1194 .alg_bits = 256, 1195 }, 1196 1197 /* Cipher C010 */ 1198 { 1199 .valid = 1, 1200 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1201 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1202 .algorithm_mkey = SSL_kECDHE, 1203 .algorithm_auth = SSL_aRSA, 1204 .algorithm_enc = SSL_eNULL, 1205 .algorithm_mac = SSL_SHA1, 1206 .algorithm_ssl = SSL_TLSV1, 1207 .algo_strength = SSL_STRONG_NONE, 1208 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1209 .strength_bits = 0, 1210 .alg_bits = 0, 1211 }, 1212 1213 /* Cipher C011 */ 1214 { 1215 .valid = 1, 1216 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1217 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1218 .algorithm_mkey = SSL_kECDHE, 1219 .algorithm_auth = SSL_aRSA, 1220 .algorithm_enc = SSL_RC4, 1221 .algorithm_mac = SSL_SHA1, 1222 .algorithm_ssl = SSL_TLSV1, 1223 .algo_strength = SSL_LOW, 1224 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1225 .strength_bits = 128, 1226 .alg_bits = 128, 1227 }, 1228 1229 /* Cipher C012 */ 1230 { 1231 .valid = 1, 1232 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1233 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1234 .algorithm_mkey = SSL_kECDHE, 1235 .algorithm_auth = SSL_aRSA, 1236 .algorithm_enc = SSL_3DES, 1237 .algorithm_mac = SSL_SHA1, 1238 .algorithm_ssl = SSL_TLSV1, 1239 .algo_strength = SSL_HIGH, 1240 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1241 .strength_bits = 112, 1242 .alg_bits = 168, 1243 }, 1244 1245 /* Cipher C013 */ 1246 { 1247 .valid = 1, 1248 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1249 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1250 .algorithm_mkey = SSL_kECDHE, 1251 .algorithm_auth = SSL_aRSA, 1252 .algorithm_enc = SSL_AES128, 1253 .algorithm_mac = SSL_SHA1, 1254 .algorithm_ssl = SSL_TLSV1, 1255 .algo_strength = SSL_HIGH, 1256 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1257 .strength_bits = 128, 1258 .alg_bits = 128, 1259 }, 1260 1261 /* Cipher C014 */ 1262 { 1263 .valid = 1, 1264 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1265 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1266 .algorithm_mkey = SSL_kECDHE, 1267 .algorithm_auth = SSL_aRSA, 1268 .algorithm_enc = SSL_AES256, 1269 .algorithm_mac = SSL_SHA1, 1270 .algorithm_ssl = SSL_TLSV1, 1271 .algo_strength = SSL_HIGH, 1272 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1273 .strength_bits = 256, 1274 .alg_bits = 256, 1275 }, 1276 1277 /* Cipher C015 */ 1278 { 1279 .valid = 1, 1280 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1281 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1282 .algorithm_mkey = SSL_kECDHE, 1283 .algorithm_auth = SSL_aNULL, 1284 .algorithm_enc = SSL_eNULL, 1285 .algorithm_mac = SSL_SHA1, 1286 .algorithm_ssl = SSL_TLSV1, 1287 .algo_strength = SSL_STRONG_NONE, 1288 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1289 .strength_bits = 0, 1290 .alg_bits = 0, 1291 }, 1292 1293 /* Cipher C016 */ 1294 { 1295 .valid = 1, 1296 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1297 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1298 .algorithm_mkey = SSL_kECDHE, 1299 .algorithm_auth = SSL_aNULL, 1300 .algorithm_enc = SSL_RC4, 1301 .algorithm_mac = SSL_SHA1, 1302 .algorithm_ssl = SSL_TLSV1, 1303 .algo_strength = SSL_LOW, 1304 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1305 .strength_bits = 128, 1306 .alg_bits = 128, 1307 }, 1308 1309 /* Cipher C017 */ 1310 { 1311 .valid = 1, 1312 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1313 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1314 .algorithm_mkey = SSL_kECDHE, 1315 .algorithm_auth = SSL_aNULL, 1316 .algorithm_enc = SSL_3DES, 1317 .algorithm_mac = SSL_SHA1, 1318 .algorithm_ssl = SSL_TLSV1, 1319 .algo_strength = SSL_MEDIUM, 1320 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1321 .strength_bits = 112, 1322 .alg_bits = 168, 1323 }, 1324 1325 /* Cipher C018 */ 1326 { 1327 .valid = 1, 1328 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1329 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1330 .algorithm_mkey = SSL_kECDHE, 1331 .algorithm_auth = SSL_aNULL, 1332 .algorithm_enc = SSL_AES128, 1333 .algorithm_mac = SSL_SHA1, 1334 .algorithm_ssl = SSL_TLSV1, 1335 .algo_strength = SSL_HIGH, 1336 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1337 .strength_bits = 128, 1338 .alg_bits = 128, 1339 }, 1340 1341 /* Cipher C019 */ 1342 { 1343 .valid = 1, 1344 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1345 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1346 .algorithm_mkey = SSL_kECDHE, 1347 .algorithm_auth = SSL_aNULL, 1348 .algorithm_enc = SSL_AES256, 1349 .algorithm_mac = SSL_SHA1, 1350 .algorithm_ssl = SSL_TLSV1, 1351 .algo_strength = SSL_HIGH, 1352 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1353 .strength_bits = 256, 1354 .alg_bits = 256, 1355 }, 1356 1357 1358 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 1359 1360 /* Cipher C023 */ 1361 { 1362 .valid = 1, 1363 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1364 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1365 .algorithm_mkey = SSL_kECDHE, 1366 .algorithm_auth = SSL_aECDSA, 1367 .algorithm_enc = SSL_AES128, 1368 .algorithm_mac = SSL_SHA256, 1369 .algorithm_ssl = SSL_TLSV1_2, 1370 .algo_strength = SSL_HIGH, 1371 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1372 .strength_bits = 128, 1373 .alg_bits = 128, 1374 }, 1375 1376 /* Cipher C024 */ 1377 { 1378 .valid = 1, 1379 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1380 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1381 .algorithm_mkey = SSL_kECDHE, 1382 .algorithm_auth = SSL_aECDSA, 1383 .algorithm_enc = SSL_AES256, 1384 .algorithm_mac = SSL_SHA384, 1385 .algorithm_ssl = SSL_TLSV1_2, 1386 .algo_strength = SSL_HIGH, 1387 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1388 .strength_bits = 256, 1389 .alg_bits = 256, 1390 }, 1391 1392 /* Cipher C027 */ 1393 { 1394 .valid = 1, 1395 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1396 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1397 .algorithm_mkey = SSL_kECDHE, 1398 .algorithm_auth = SSL_aRSA, 1399 .algorithm_enc = SSL_AES128, 1400 .algorithm_mac = SSL_SHA256, 1401 .algorithm_ssl = SSL_TLSV1_2, 1402 .algo_strength = SSL_HIGH, 1403 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1404 .strength_bits = 128, 1405 .alg_bits = 128, 1406 }, 1407 1408 /* Cipher C028 */ 1409 { 1410 .valid = 1, 1411 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1412 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 1413 .algorithm_mkey = SSL_kECDHE, 1414 .algorithm_auth = SSL_aRSA, 1415 .algorithm_enc = SSL_AES256, 1416 .algorithm_mac = SSL_SHA384, 1417 .algorithm_ssl = SSL_TLSV1_2, 1418 .algo_strength = SSL_HIGH, 1419 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1420 .strength_bits = 256, 1421 .alg_bits = 256, 1422 }, 1423 1424 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 1425 1426 /* Cipher C02B */ 1427 { 1428 .valid = 1, 1429 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1430 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1431 .algorithm_mkey = SSL_kECDHE, 1432 .algorithm_auth = SSL_aECDSA, 1433 .algorithm_enc = SSL_AES128GCM, 1434 .algorithm_mac = SSL_AEAD, 1435 .algorithm_ssl = SSL_TLSV1_2, 1436 .algo_strength = SSL_HIGH, 1437 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1438 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1439 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1440 .strength_bits = 128, 1441 .alg_bits = 128, 1442 }, 1443 1444 /* Cipher C02C */ 1445 { 1446 .valid = 1, 1447 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1448 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1449 .algorithm_mkey = SSL_kECDHE, 1450 .algorithm_auth = SSL_aECDSA, 1451 .algorithm_enc = SSL_AES256GCM, 1452 .algorithm_mac = SSL_AEAD, 1453 .algorithm_ssl = SSL_TLSV1_2, 1454 .algo_strength = SSL_HIGH, 1455 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1456 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1457 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1458 .strength_bits = 256, 1459 .alg_bits = 256, 1460 }, 1461 1462 /* Cipher C02F */ 1463 { 1464 .valid = 1, 1465 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1466 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1467 .algorithm_mkey = SSL_kECDHE, 1468 .algorithm_auth = SSL_aRSA, 1469 .algorithm_enc = SSL_AES128GCM, 1470 .algorithm_mac = SSL_AEAD, 1471 .algorithm_ssl = SSL_TLSV1_2, 1472 .algo_strength = SSL_HIGH, 1473 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1474 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1475 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1476 .strength_bits = 128, 1477 .alg_bits = 128, 1478 }, 1479 1480 /* Cipher C030 */ 1481 { 1482 .valid = 1, 1483 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1484 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1485 .algorithm_mkey = SSL_kECDHE, 1486 .algorithm_auth = SSL_aRSA, 1487 .algorithm_enc = SSL_AES256GCM, 1488 .algorithm_mac = SSL_AEAD, 1489 .algorithm_ssl = SSL_TLSV1_2, 1490 .algo_strength = SSL_HIGH, 1491 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1492 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1493 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1494 .strength_bits = 256, 1495 .alg_bits = 256, 1496 }, 1497 1498 /* Cipher CC13 */ 1499 { 1500 .valid = 1, 1501 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD, 1502 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 1503 .algorithm_mkey = SSL_kECDHE, 1504 .algorithm_auth = SSL_aRSA, 1505 .algorithm_enc = SSL_CHACHA20POLY1305_OLD, 1506 .algorithm_mac = SSL_AEAD, 1507 .algorithm_ssl = SSL_TLSV1_2, 1508 .algo_strength = SSL_HIGH, 1509 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1510 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1511 .strength_bits = 256, 1512 .alg_bits = 256, 1513 }, 1514 1515 /* Cipher CC14 */ 1516 { 1517 .valid = 1, 1518 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD, 1519 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1520 .algorithm_mkey = SSL_kECDHE, 1521 .algorithm_auth = SSL_aECDSA, 1522 .algorithm_enc = SSL_CHACHA20POLY1305_OLD, 1523 .algorithm_mac = SSL_AEAD, 1524 .algorithm_ssl = SSL_TLSV1_2, 1525 .algo_strength = SSL_HIGH, 1526 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1527 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1528 .strength_bits = 256, 1529 .alg_bits = 256, 1530 }, 1531 1532 /* Cipher CC15 */ 1533 { 1534 .valid = 1, 1535 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD, 1536 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD, 1537 .algorithm_mkey = SSL_kDHE, 1538 .algorithm_auth = SSL_aRSA, 1539 .algorithm_enc = SSL_CHACHA20POLY1305_OLD, 1540 .algorithm_mac = SSL_AEAD, 1541 .algorithm_ssl = SSL_TLSV1_2, 1542 .algo_strength = SSL_HIGH, 1543 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1544 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1545 .strength_bits = 256, 1546 .alg_bits = 256, 1547 }, 1548 1549 /* Cipher CCA8 */ 1550 { 1551 .valid = 1, 1552 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 1553 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 1554 .algorithm_mkey = SSL_kECDHE, 1555 .algorithm_auth = SSL_aRSA, 1556 .algorithm_enc = SSL_CHACHA20POLY1305, 1557 .algorithm_mac = SSL_AEAD, 1558 .algorithm_ssl = SSL_TLSV1_2, 1559 .algo_strength = SSL_HIGH, 1560 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1561 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), 1562 .strength_bits = 256, 1563 .alg_bits = 256, 1564 }, 1565 1566 /* Cipher CCA9 */ 1567 { 1568 .valid = 1, 1569 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 1570 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 1571 .algorithm_mkey = SSL_kECDHE, 1572 .algorithm_auth = SSL_aECDSA, 1573 .algorithm_enc = SSL_CHACHA20POLY1305, 1574 .algorithm_mac = SSL_AEAD, 1575 .algorithm_ssl = SSL_TLSV1_2, 1576 .algo_strength = SSL_HIGH, 1577 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1578 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), 1579 .strength_bits = 256, 1580 .alg_bits = 256, 1581 }, 1582 1583 /* Cipher CCAA */ 1584 { 1585 .valid = 1, 1586 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 1587 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, 1588 .algorithm_mkey = SSL_kDHE, 1589 .algorithm_auth = SSL_aRSA, 1590 .algorithm_enc = SSL_CHACHA20POLY1305, 1591 .algorithm_mac = SSL_AEAD, 1592 .algorithm_ssl = SSL_TLSV1_2, 1593 .algo_strength = SSL_HIGH, 1594 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1595 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), 1596 .strength_bits = 256, 1597 .alg_bits = 256, 1598 }, 1599 1600 /* Cipher FF85 FIXME IANA */ 1601 { 1602 .valid = 1, 1603 .name = "GOST2012256-GOST89-GOST89", 1604 .id = 0x300ff85, /* FIXME IANA */ 1605 .algorithm_mkey = SSL_kGOST, 1606 .algorithm_auth = SSL_aGOST01, 1607 .algorithm_enc = SSL_eGOST2814789CNT, 1608 .algorithm_mac = SSL_GOST89MAC, 1609 .algorithm_ssl = SSL_TLSV1, 1610 .algo_strength = SSL_HIGH, 1611 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| 1612 TLS1_STREAM_MAC, 1613 .strength_bits = 256, 1614 .alg_bits = 256 1615 }, 1616 1617 /* Cipher FF87 FIXME IANA */ 1618 { 1619 .valid = 1, 1620 .name = "GOST2012256-NULL-STREEBOG256", 1621 .id = 0x300ff87, /* FIXME IANA */ 1622 .algorithm_mkey = SSL_kGOST, 1623 .algorithm_auth = SSL_aGOST01, 1624 .algorithm_enc = SSL_eNULL, 1625 .algorithm_mac = SSL_STREEBOG256, 1626 .algorithm_ssl = SSL_TLSV1, 1627 .algo_strength = SSL_STRONG_NONE, 1628 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, 1629 .strength_bits = 0, 1630 .alg_bits = 0 1631 }, 1632 1633 1634 /* end of list */ 1635 }; 1636 1637 int 1638 ssl3_num_ciphers(void) 1639 { 1640 return (SSL3_NUM_CIPHERS); 1641 } 1642 1643 const SSL_CIPHER * 1644 ssl3_get_cipher(unsigned int u) 1645 { 1646 if (u < SSL3_NUM_CIPHERS) 1647 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); 1648 else 1649 return (NULL); 1650 } 1651 1652 const SSL_CIPHER * 1653 ssl3_get_cipher_by_id(unsigned int id) 1654 { 1655 const SSL_CIPHER *cp; 1656 SSL_CIPHER c; 1657 1658 c.id = id; 1659 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 1660 if (cp != NULL && cp->valid == 1) 1661 return (cp); 1662 1663 return (NULL); 1664 } 1665 1666 const SSL_CIPHER * 1667 ssl3_get_cipher_by_value(uint16_t value) 1668 { 1669 return ssl3_get_cipher_by_id(SSL3_CK_ID | value); 1670 } 1671 1672 uint16_t 1673 ssl3_cipher_get_value(const SSL_CIPHER *c) 1674 { 1675 return (c->id & SSL3_CK_VALUE_MASK); 1676 } 1677 1678 int 1679 ssl3_pending(const SSL *s) 1680 { 1681 if (s->internal->rstate == SSL_ST_READ_BODY) 1682 return 0; 1683 1684 return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? 1685 S3I(s)->rrec.length : 0; 1686 } 1687 1688 int 1689 ssl3_handshake_msg_hdr_len(SSL *s) 1690 { 1691 return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : 1692 SSL3_HM_HEADER_LENGTH); 1693 } 1694 1695 unsigned char * 1696 ssl3_handshake_msg_start(SSL *s, uint8_t msg_type) 1697 { 1698 unsigned char *d, *p; 1699 1700 d = p = (unsigned char *)s->internal->init_buf->data; 1701 1702 /* Handshake message type and length. */ 1703 *(p++) = msg_type; 1704 l2n3(0, p); 1705 1706 return (d + ssl3_handshake_msg_hdr_len(s)); 1707 } 1708 1709 void 1710 ssl3_handshake_msg_finish(SSL *s, unsigned int len) 1711 { 1712 unsigned char *d, *p; 1713 uint8_t msg_type; 1714 1715 d = p = (unsigned char *)s->internal->init_buf->data; 1716 1717 /* Handshake message length. */ 1718 msg_type = *(p++); 1719 l2n3(len, p); 1720 1721 s->internal->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len; 1722 s->internal->init_off = 0; 1723 1724 if (SSL_IS_DTLS(s)) { 1725 dtls1_set_message_header(s, msg_type, len, 0, len); 1726 dtls1_buffer_message(s, 0); 1727 } 1728 } 1729 1730 int 1731 ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body, 1732 uint8_t msg_type) 1733 { 1734 int ret = 0; 1735 1736 if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH)) 1737 goto err; 1738 if (!CBB_add_u8(handshake, msg_type)) 1739 goto err; 1740 if (SSL_IS_DTLS(s)) { 1741 unsigned char *data; 1742 1743 if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH - 1744 SSL3_HM_HEADER_LENGTH)) 1745 goto err; 1746 } 1747 if (!CBB_add_u24_length_prefixed(handshake, body)) 1748 goto err; 1749 1750 ret = 1; 1751 1752 err: 1753 return (ret); 1754 } 1755 1756 int 1757 ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake) 1758 { 1759 unsigned char *data = NULL; 1760 size_t outlen; 1761 int ret = 0; 1762 1763 if (!CBB_finish(handshake, &data, &outlen)) 1764 goto err; 1765 1766 if (outlen > INT_MAX) 1767 goto err; 1768 1769 if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen)) 1770 goto err; 1771 1772 memcpy(s->internal->init_buf->data, data, outlen); 1773 1774 s->internal->init_num = (int)outlen; 1775 s->internal->init_off = 0; 1776 1777 if (SSL_IS_DTLS(s)) { 1778 unsigned long len; 1779 uint8_t msg_type; 1780 CBS cbs; 1781 1782 CBS_init(&cbs, data, outlen); 1783 if (!CBS_get_u8(&cbs, &msg_type)) 1784 goto err; 1785 1786 len = outlen - ssl3_handshake_msg_hdr_len(s); 1787 1788 dtls1_set_message_header(s, msg_type, len, 0, len); 1789 dtls1_buffer_message(s, 0); 1790 } 1791 1792 ret = 1; 1793 1794 err: 1795 free(data); 1796 1797 return (ret); 1798 } 1799 1800 int 1801 ssl3_handshake_write(SSL *s) 1802 { 1803 if (SSL_IS_DTLS(s)) 1804 return dtls1_do_write(s, SSL3_RT_HANDSHAKE); 1805 1806 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 1807 } 1808 1809 int 1810 ssl3_new(SSL *s) 1811 { 1812 if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) 1813 return (0); 1814 if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) { 1815 free(s->s3); 1816 return (0); 1817 } 1818 1819 s->method->internal->ssl_clear(s); 1820 1821 return (1); 1822 } 1823 1824 void 1825 ssl3_free(SSL *s) 1826 { 1827 if (s == NULL) 1828 return; 1829 1830 tls1_cleanup_key_block(s); 1831 ssl3_release_read_buffer(s); 1832 ssl3_release_write_buffer(s); 1833 1834 DH_free(S3I(s)->tmp.dh); 1835 EC_KEY_free(S3I(s)->tmp.ecdh); 1836 1837 if (S3I(s)->tmp.x25519 != NULL) 1838 explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); 1839 free(S3I(s)->tmp.x25519); 1840 1841 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); 1842 BIO_free(S3I(s)->handshake_buffer); 1843 tls1_free_digest_list(s); 1844 free(S3I(s)->alpn_selected); 1845 1846 explicit_bzero(S3I(s), sizeof(*S3I(s))); 1847 free(S3I(s)); 1848 1849 explicit_bzero(s->s3, sizeof(*s->s3)); 1850 free(s->s3); 1851 1852 s->s3 = NULL; 1853 } 1854 1855 void 1856 ssl3_clear(SSL *s) 1857 { 1858 struct ssl3_state_internal_st *internal; 1859 unsigned char *rp, *wp; 1860 size_t rlen, wlen; 1861 1862 tls1_cleanup_key_block(s); 1863 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); 1864 1865 DH_free(S3I(s)->tmp.dh); 1866 S3I(s)->tmp.dh = NULL; 1867 EC_KEY_free(S3I(s)->tmp.ecdh); 1868 S3I(s)->tmp.ecdh = NULL; 1869 1870 if (S3I(s)->tmp.x25519 != NULL) 1871 explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); 1872 free(S3I(s)->tmp.x25519); 1873 S3I(s)->tmp.x25519 = NULL; 1874 1875 rp = s->s3->rbuf.buf; 1876 wp = s->s3->wbuf.buf; 1877 rlen = s->s3->rbuf.len; 1878 wlen = s->s3->wbuf.len; 1879 1880 BIO_free(S3I(s)->handshake_buffer); 1881 S3I(s)->handshake_buffer = NULL; 1882 1883 tls1_free_digest_list(s); 1884 1885 free(S3I(s)->alpn_selected); 1886 S3I(s)->alpn_selected = NULL; 1887 1888 memset(S3I(s), 0, sizeof(*S3I(s))); 1889 internal = S3I(s); 1890 memset(s->s3, 0, sizeof(*s->s3)); 1891 S3I(s) = internal; 1892 1893 s->s3->rbuf.buf = rp; 1894 s->s3->wbuf.buf = wp; 1895 s->s3->rbuf.len = rlen; 1896 s->s3->wbuf.len = wlen; 1897 1898 ssl_free_wbio_buffer(s); 1899 1900 /* Not needed... */ 1901 S3I(s)->renegotiate = 0; 1902 S3I(s)->total_renegotiations = 0; 1903 S3I(s)->num_renegotiations = 0; 1904 S3I(s)->in_read_app_data = 0; 1905 1906 s->internal->packet_length = 0; 1907 s->version = TLS1_VERSION; 1908 1909 free(s->internal->next_proto_negotiated); 1910 s->internal->next_proto_negotiated = NULL; 1911 s->internal->next_proto_negotiated_len = 0; 1912 } 1913 1914 static long 1915 ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) 1916 { 1917 EVP_PKEY *pkey = NULL; 1918 EC_GROUP *group = NULL; 1919 EC_POINT *point = NULL; 1920 EC_KEY *ec_key = NULL; 1921 BIGNUM *order = NULL; 1922 SESS_CERT *sc; 1923 int ret = 0; 1924 1925 *pkey_tmp = NULL; 1926 1927 if (s->server != 0) 1928 return 0; 1929 if (s->session == NULL || SSI(s)->sess_cert == NULL) 1930 return 0; 1931 1932 sc = SSI(s)->sess_cert; 1933 1934 if ((pkey = EVP_PKEY_new()) == NULL) 1935 return 0; 1936 1937 if (sc->peer_dh_tmp != NULL) { 1938 ret = EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp); 1939 } else if (sc->peer_ecdh_tmp) { 1940 ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp); 1941 } else if (sc->peer_x25519_tmp != NULL) { 1942 /* Fudge up an EC_KEY that looks like X25519... */ 1943 if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL) 1944 goto err; 1945 if ((point = EC_POINT_new(group)) == NULL) 1946 goto err; 1947 if ((order = BN_new()) == NULL) 1948 goto err; 1949 if (!BN_set_bit(order, 252)) 1950 goto err; 1951 if (!EC_GROUP_set_generator(group, point, order, NULL)) 1952 goto err; 1953 EC_GROUP_set_curve_name(group, NID_X25519); 1954 if ((ec_key = EC_KEY_new()) == NULL) 1955 goto err; 1956 if (!EC_KEY_set_group(ec_key, group)) 1957 goto err; 1958 ret = EVP_PKEY_set1_EC_KEY(pkey, ec_key); 1959 } 1960 1961 if (ret == 1) { 1962 *pkey_tmp = pkey; 1963 pkey = NULL; 1964 } 1965 1966 err: 1967 EVP_PKEY_free(pkey); 1968 EC_GROUP_free(group); 1969 EC_POINT_free(point); 1970 EC_KEY_free(ec_key); 1971 BN_free(order); 1972 1973 return (ret); 1974 } 1975 1976 long 1977 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 1978 { 1979 int ret = 0; 1980 1981 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 1982 if (!ssl_cert_inst(&s->cert)) { 1983 SSLerror(s, ERR_R_MALLOC_FAILURE); 1984 return (0); 1985 } 1986 } 1987 1988 switch (cmd) { 1989 case SSL_CTRL_GET_SESSION_REUSED: 1990 ret = s->internal->hit; 1991 break; 1992 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 1993 break; 1994 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 1995 ret = S3I(s)->num_renegotiations; 1996 break; 1997 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 1998 ret = S3I(s)->num_renegotiations; 1999 S3I(s)->num_renegotiations = 0; 2000 break; 2001 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 2002 ret = S3I(s)->total_renegotiations; 2003 break; 2004 case SSL_CTRL_GET_FLAGS: 2005 ret = (int)(s->s3->flags); 2006 break; 2007 case SSL_CTRL_NEED_TMP_RSA: 2008 ret = 0; 2009 break; 2010 case SSL_CTRL_SET_TMP_RSA: 2011 case SSL_CTRL_SET_TMP_RSA_CB: 2012 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2013 break; 2014 case SSL_CTRL_SET_TMP_DH: 2015 { 2016 DH *dh = (DH *)parg; 2017 if (dh == NULL) { 2018 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); 2019 return (ret); 2020 } 2021 if ((dh = DHparams_dup(dh)) == NULL) { 2022 SSLerror(s, ERR_R_DH_LIB); 2023 return (ret); 2024 } 2025 DH_free(s->cert->dh_tmp); 2026 s->cert->dh_tmp = dh; 2027 ret = 1; 2028 } 2029 break; 2030 2031 case SSL_CTRL_SET_TMP_DH_CB: 2032 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2033 return (ret); 2034 2035 case SSL_CTRL_SET_DH_AUTO: 2036 s->cert->dh_tmp_auto = larg; 2037 return 1; 2038 2039 case SSL_CTRL_SET_TMP_ECDH: 2040 { 2041 EC_KEY *ecdh = NULL; 2042 2043 if (parg == NULL) { 2044 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); 2045 return (ret); 2046 } 2047 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 2048 SSLerror(s, ERR_R_ECDH_LIB); 2049 return (ret); 2050 } 2051 ecdh = (EC_KEY *)parg; 2052 if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { 2053 if (!EC_KEY_generate_key(ecdh)) { 2054 EC_KEY_free(ecdh); 2055 SSLerror(s, ERR_R_ECDH_LIB); 2056 return (ret); 2057 } 2058 } 2059 EC_KEY_free(s->cert->ecdh_tmp); 2060 s->cert->ecdh_tmp = ecdh; 2061 ret = 1; 2062 } 2063 break; 2064 case SSL_CTRL_SET_TMP_ECDH_CB: 2065 { 2066 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2067 return (ret); 2068 } 2069 break; 2070 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2071 if (larg == TLSEXT_NAMETYPE_host_name) { 2072 free(s->tlsext_hostname); 2073 s->tlsext_hostname = NULL; 2074 2075 ret = 1; 2076 if (parg == NULL) 2077 break; 2078 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 2079 SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 2080 return 0; 2081 } 2082 if ((s->tlsext_hostname = strdup((char *)parg)) 2083 == NULL) { 2084 SSLerror(s, ERR_R_INTERNAL_ERROR); 2085 return 0; 2086 } 2087 } else { 2088 SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 2089 return 0; 2090 } 2091 break; 2092 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 2093 s->internal->tlsext_debug_arg = parg; 2094 ret = 1; 2095 break; 2096 2097 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2098 s->tlsext_status_type = larg; 2099 ret = 1; 2100 break; 2101 2102 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 2103 *(STACK_OF(X509_EXTENSION) **)parg = s->internal->tlsext_ocsp_exts; 2104 ret = 1; 2105 break; 2106 2107 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 2108 s->internal->tlsext_ocsp_exts = parg; 2109 ret = 1; 2110 break; 2111 2112 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 2113 *(STACK_OF(OCSP_RESPID) **)parg = s->internal->tlsext_ocsp_ids; 2114 ret = 1; 2115 break; 2116 2117 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 2118 s->internal->tlsext_ocsp_ids = parg; 2119 ret = 1; 2120 break; 2121 2122 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 2123 *(unsigned char **)parg = s->internal->tlsext_ocsp_resp; 2124 return s->internal->tlsext_ocsp_resplen; 2125 2126 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2127 free(s->internal->tlsext_ocsp_resp); 2128 s->internal->tlsext_ocsp_resp = parg; 2129 s->internal->tlsext_ocsp_resplen = larg; 2130 ret = 1; 2131 break; 2132 2133 case SSL_CTRL_SET_ECDH_AUTO: 2134 s->cert->ecdh_tmp_auto = larg; 2135 ret = 1; 2136 break; 2137 2138 case SSL_CTRL_SET_GROUPS: 2139 return SSL_set1_groups(s, parg, larg); 2140 2141 case SSL_CTRL_SET_GROUPS_LIST: 2142 return SSL_set1_groups_list(s, parg); 2143 2144 case SSL_CTRL_GET_SERVER_TMP_KEY: 2145 ret = ssl_ctrl_get_server_tmp_key(s, parg); 2146 break; 2147 2148 default: 2149 break; 2150 } 2151 2152 return (ret); 2153 } 2154 2155 int 2156 SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) 2157 { 2158 return tls1_set_groups(&s->internal->tlsext_supportedgroups, 2159 &s->internal->tlsext_supportedgroups_length, groups, groups_len); 2160 } 2161 2162 int 2163 SSL_set1_groups_list(SSL *s, const char *groups) 2164 { 2165 return tls1_set_groups_list(&s->internal->tlsext_supportedgroups, 2166 &s->internal->tlsext_supportedgroups_length, groups); 2167 } 2168 2169 long 2170 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 2171 { 2172 int ret = 0; 2173 2174 if (cmd == SSL_CTRL_SET_TMP_DH_CB) { 2175 if (!ssl_cert_inst(&s->cert)) { 2176 SSLerror(s, ERR_R_MALLOC_FAILURE); 2177 return (0); 2178 } 2179 } 2180 2181 switch (cmd) { 2182 case SSL_CTRL_SET_TMP_RSA_CB: 2183 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2184 break; 2185 case SSL_CTRL_SET_TMP_DH_CB: 2186 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2187 break; 2188 case SSL_CTRL_SET_TMP_ECDH_CB: 2189 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2190 break; 2191 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2192 s->internal->tlsext_debug_cb = (void (*)(SSL *, int , int, 2193 unsigned char *, int, void *))fp; 2194 break; 2195 default: 2196 break; 2197 } 2198 return (ret); 2199 } 2200 2201 long 2202 ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 2203 { 2204 CERT *cert; 2205 2206 cert = ctx->internal->cert; 2207 2208 switch (cmd) { 2209 case SSL_CTRL_NEED_TMP_RSA: 2210 return (0); 2211 case SSL_CTRL_SET_TMP_RSA: 2212 case SSL_CTRL_SET_TMP_RSA_CB: 2213 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2214 return (0); 2215 case SSL_CTRL_SET_TMP_DH: 2216 { 2217 DH *new = NULL, *dh; 2218 2219 dh = (DH *)parg; 2220 if ((new = DHparams_dup(dh)) == NULL) { 2221 SSLerrorx(ERR_R_DH_LIB); 2222 return 0; 2223 } 2224 DH_free(cert->dh_tmp); 2225 cert->dh_tmp = new; 2226 return 1; 2227 } 2228 /*break; */ 2229 2230 case SSL_CTRL_SET_TMP_DH_CB: 2231 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2232 return (0); 2233 2234 case SSL_CTRL_SET_DH_AUTO: 2235 ctx->internal->cert->dh_tmp_auto = larg; 2236 return (1); 2237 2238 case SSL_CTRL_SET_TMP_ECDH: 2239 { 2240 EC_KEY *ecdh = NULL; 2241 2242 if (parg == NULL) { 2243 SSLerrorx(ERR_R_ECDH_LIB); 2244 return 0; 2245 } 2246 ecdh = EC_KEY_dup((EC_KEY *)parg); 2247 if (ecdh == NULL) { 2248 SSLerrorx(ERR_R_EC_LIB); 2249 return 0; 2250 } 2251 if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) { 2252 if (!EC_KEY_generate_key(ecdh)) { 2253 EC_KEY_free(ecdh); 2254 SSLerrorx(ERR_R_ECDH_LIB); 2255 return 0; 2256 } 2257 } 2258 2259 EC_KEY_free(cert->ecdh_tmp); 2260 cert->ecdh_tmp = ecdh; 2261 return 1; 2262 } 2263 /* break; */ 2264 case SSL_CTRL_SET_TMP_ECDH_CB: 2265 { 2266 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2267 return (0); 2268 } 2269 break; 2270 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2271 ctx->internal->tlsext_servername_arg = parg; 2272 break; 2273 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 2274 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 2275 { 2276 unsigned char *keys = parg; 2277 if (!keys) 2278 return 48; 2279 if (larg != 48) { 2280 SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH); 2281 return 0; 2282 } 2283 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 2284 memcpy(ctx->internal->tlsext_tick_key_name, keys, 16); 2285 memcpy(ctx->internal->tlsext_tick_hmac_key, 2286 keys + 16, 16); 2287 memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16); 2288 } else { 2289 memcpy(keys, ctx->internal->tlsext_tick_key_name, 16); 2290 memcpy(keys + 16, 2291 ctx->internal->tlsext_tick_hmac_key, 16); 2292 memcpy(keys + 32, 2293 ctx->internal->tlsext_tick_aes_key, 16); 2294 } 2295 return 1; 2296 } 2297 2298 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2299 ctx->internal->tlsext_status_arg = parg; 2300 return 1; 2301 2302 case SSL_CTRL_SET_ECDH_AUTO: 2303 ctx->internal->cert->ecdh_tmp_auto = larg; 2304 return 1; 2305 2306 /* A Thawte special :-) */ 2307 case SSL_CTRL_EXTRA_CHAIN_CERT: 2308 if (ctx->extra_certs == NULL) { 2309 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) 2310 return (0); 2311 } 2312 sk_X509_push(ctx->extra_certs,(X509 *)parg); 2313 break; 2314 2315 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 2316 *(STACK_OF(X509) **)parg = ctx->extra_certs; 2317 break; 2318 2319 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 2320 sk_X509_pop_free(ctx->extra_certs, X509_free); 2321 ctx->extra_certs = NULL; 2322 break; 2323 2324 case SSL_CTRL_SET_GROUPS: 2325 return SSL_CTX_set1_groups(ctx, parg, larg); 2326 2327 case SSL_CTRL_SET_GROUPS_LIST: 2328 return SSL_CTX_set1_groups_list(ctx, parg); 2329 2330 default: 2331 return (0); 2332 } 2333 return (1); 2334 } 2335 2336 int 2337 SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) 2338 { 2339 return tls1_set_groups(&ctx->internal->tlsext_supportedgroups, 2340 &ctx->internal->tlsext_supportedgroups_length, groups, groups_len); 2341 } 2342 2343 int 2344 SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) 2345 { 2346 return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups, 2347 &ctx->internal->tlsext_supportedgroups_length, groups); 2348 } 2349 2350 long 2351 ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 2352 { 2353 CERT *cert; 2354 2355 cert = ctx->internal->cert; 2356 2357 switch (cmd) { 2358 case SSL_CTRL_SET_TMP_RSA_CB: 2359 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2360 return (0); 2361 case SSL_CTRL_SET_TMP_DH_CB: 2362 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2363 break; 2364 case SSL_CTRL_SET_TMP_ECDH_CB: 2365 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2366 break; 2367 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2368 ctx->internal->tlsext_servername_callback = 2369 (int (*)(SSL *, int *, void *))fp; 2370 break; 2371 2372 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2373 ctx->internal->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2374 break; 2375 2376 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 2377 ctx->internal->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 2378 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2379 break; 2380 2381 default: 2382 return (0); 2383 } 2384 return (1); 2385 } 2386 2387 /* 2388 * This function needs to check if the ciphers required are actually available. 2389 */ 2390 const SSL_CIPHER * 2391 ssl3_get_cipher_by_char(const unsigned char *p) 2392 { 2393 CBS cipher; 2394 uint16_t cipher_value; 2395 2396 /* We have to assume it is at least 2 bytes due to existing API. */ 2397 CBS_init(&cipher, p, 2); 2398 if (!CBS_get_u16(&cipher, &cipher_value)) 2399 return NULL; 2400 2401 return ssl3_get_cipher_by_value(cipher_value); 2402 } 2403 2404 int 2405 ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 2406 { 2407 if (p != NULL) { 2408 if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) 2409 return (0); 2410 s2n(ssl3_cipher_get_value(c), p); 2411 } 2412 return (2); 2413 } 2414 2415 SSL_CIPHER * 2416 ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 2417 STACK_OF(SSL_CIPHER) *srvr) 2418 { 2419 unsigned long alg_k, alg_a, mask_k, mask_a; 2420 STACK_OF(SSL_CIPHER) *prio, *allow; 2421 SSL_CIPHER *c, *ret = NULL; 2422 int i, ii, ok; 2423 CERT *cert; 2424 2425 /* Let's see which ciphers we can support */ 2426 cert = s->cert; 2427 2428 /* 2429 * Do not set the compare functions, because this may lead to a 2430 * reordering by "id". We want to keep the original ordering. 2431 * We may pay a price in performance during sk_SSL_CIPHER_find(), 2432 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 2433 */ 2434 2435 if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 2436 prio = srvr; 2437 allow = clnt; 2438 } else { 2439 prio = clnt; 2440 allow = srvr; 2441 } 2442 2443 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 2444 c = sk_SSL_CIPHER_value(prio, i); 2445 2446 /* Skip TLS v1.2 only ciphersuites if not supported. */ 2447 if ((c->algorithm_ssl & SSL_TLSV1_2) && 2448 !SSL_USE_TLS1_2_CIPHERS(s)) 2449 continue; 2450 2451 ssl_set_cert_masks(cert, c); 2452 mask_k = cert->mask_k; 2453 mask_a = cert->mask_a; 2454 2455 alg_k = c->algorithm_mkey; 2456 alg_a = c->algorithm_auth; 2457 2458 2459 ok = (alg_k & mask_k) && (alg_a & mask_a); 2460 2461 /* 2462 * If we are considering an ECC cipher suite that uses our 2463 * certificate check it. 2464 */ 2465 if (alg_a & SSL_aECDSA) 2466 ok = ok && tls1_check_ec_server_key(s); 2467 /* 2468 * If we are considering an ECC cipher suite that uses 2469 * an ephemeral EC key check it. 2470 */ 2471 if (alg_k & SSL_kECDHE) 2472 ok = ok && tls1_check_ec_tmp_key(s); 2473 2474 if (!ok) 2475 continue; 2476 ii = sk_SSL_CIPHER_find(allow, c); 2477 if (ii >= 0) { 2478 ret = sk_SSL_CIPHER_value(allow, ii); 2479 break; 2480 } 2481 } 2482 return (ret); 2483 } 2484 2485 int 2486 ssl3_get_req_cert_type(SSL *s, unsigned char *p) 2487 { 2488 int ret = 0; 2489 unsigned long alg_k; 2490 2491 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 2492 2493 #ifndef OPENSSL_NO_GOST 2494 if ((alg_k & SSL_kGOST)) { 2495 p[ret++] = TLS_CT_GOST94_SIGN; 2496 p[ret++] = TLS_CT_GOST01_SIGN; 2497 p[ret++] = TLS_CT_GOST12_256_SIGN; 2498 p[ret++] = TLS_CT_GOST12_512_SIGN; 2499 } 2500 #endif 2501 2502 if (alg_k & SSL_kDHE) { 2503 p[ret++] = SSL3_CT_RSA_FIXED_DH; 2504 p[ret++] = SSL3_CT_DSS_FIXED_DH; 2505 } 2506 p[ret++] = SSL3_CT_RSA_SIGN; 2507 p[ret++] = SSL3_CT_DSS_SIGN; 2508 2509 /* 2510 * ECDSA certs can be used with RSA cipher suites as well 2511 * so we don't need to check for SSL_kECDH or SSL_kECDHE. 2512 */ 2513 p[ret++] = TLS_CT_ECDSA_SIGN; 2514 2515 return (ret); 2516 } 2517 2518 int 2519 ssl3_shutdown(SSL *s) 2520 { 2521 int ret; 2522 2523 /* 2524 * Don't do anything much if we have not done the handshake or 2525 * we don't want to send messages :-) 2526 */ 2527 if ((s->internal->quiet_shutdown) || (s->internal->state == SSL_ST_BEFORE)) { 2528 s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2529 return (1); 2530 } 2531 2532 if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) { 2533 s->internal->shutdown|=SSL_SENT_SHUTDOWN; 2534 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 2535 /* 2536 * Our shutdown alert has been sent now, and if it still needs 2537 * to be written, s->s3->alert_dispatch will be true 2538 */ 2539 if (s->s3->alert_dispatch) 2540 return(-1); /* return WANT_WRITE */ 2541 } else if (s->s3->alert_dispatch) { 2542 /* resend it if not sent */ 2543 ret = s->method->ssl_dispatch_alert(s); 2544 if (ret == -1) { 2545 /* 2546 * We only get to return -1 here the 2nd/Nth 2547 * invocation, we must have already signalled 2548 * return 0 upon a previous invoation, 2549 * return WANT_WRITE 2550 */ 2551 return (ret); 2552 } 2553 } else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2554 /* If we are waiting for a close from our peer, we are closed */ 2555 s->method->internal->ssl_read_bytes(s, 0, NULL, 0, 0); 2556 if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2557 return(-1); /* return WANT_READ */ 2558 } 2559 } 2560 2561 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2562 !s->s3->alert_dispatch) 2563 return (1); 2564 else 2565 return (0); 2566 } 2567 2568 int 2569 ssl3_write(SSL *s, const void *buf, int len) 2570 { 2571 int ret, n; 2572 2573 #if 0 2574 if (s->internal->shutdown & SSL_SEND_SHUTDOWN) { 2575 s->internal->rwstate = SSL_NOTHING; 2576 return (0); 2577 } 2578 #endif 2579 errno = 0; 2580 if (S3I(s)->renegotiate) 2581 ssl3_renegotiate_check(s); 2582 2583 /* 2584 * This is an experimental flag that sends the 2585 * last handshake message in the same packet as the first 2586 * use data - used to see if it helps the TCP protocol during 2587 * session-id reuse 2588 */ 2589 /* The second test is because the buffer may have been removed */ 2590 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 2591 /* First time through, we write into the buffer */ 2592 if (S3I(s)->delay_buf_pop_ret == 0) { 2593 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2594 buf, len); 2595 if (ret <= 0) 2596 return (ret); 2597 2598 S3I(s)->delay_buf_pop_ret = ret; 2599 } 2600 2601 s->internal->rwstate = SSL_WRITING; 2602 n = BIO_flush(s->wbio); 2603 if (n <= 0) 2604 return (n); 2605 s->internal->rwstate = SSL_NOTHING; 2606 2607 /* We have flushed the buffer, so remove it */ 2608 ssl_free_wbio_buffer(s); 2609 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 2610 2611 ret = S3I(s)->delay_buf_pop_ret; 2612 S3I(s)->delay_buf_pop_ret = 0; 2613 } else { 2614 ret = s->method->internal->ssl_write_bytes(s, 2615 SSL3_RT_APPLICATION_DATA, buf, len); 2616 if (ret <= 0) 2617 return (ret); 2618 } 2619 2620 return (ret); 2621 } 2622 2623 static int 2624 ssl3_read_internal(SSL *s, void *buf, int len, int peek) 2625 { 2626 int ret; 2627 2628 errno = 0; 2629 if (S3I(s)->renegotiate) 2630 ssl3_renegotiate_check(s); 2631 S3I(s)->in_read_app_data = 1; 2632 ret = s->method->internal->ssl_read_bytes(s, 2633 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2634 if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) { 2635 /* 2636 * ssl3_read_bytes decided to call s->internal->handshake_func, which 2637 * called ssl3_read_bytes to read handshake data. 2638 * However, ssl3_read_bytes actually found application data 2639 * and thinks that application data makes sense here; so disable 2640 * handshake processing and try to read application data again. 2641 */ 2642 s->internal->in_handshake++; 2643 ret = s->method->internal->ssl_read_bytes(s, 2644 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2645 s->internal->in_handshake--; 2646 } else 2647 S3I(s)->in_read_app_data = 0; 2648 2649 return (ret); 2650 } 2651 2652 int 2653 ssl3_read(SSL *s, void *buf, int len) 2654 { 2655 return ssl3_read_internal(s, buf, len, 0); 2656 } 2657 2658 int 2659 ssl3_peek(SSL *s, void *buf, int len) 2660 { 2661 return ssl3_read_internal(s, buf, len, 1); 2662 } 2663 2664 int 2665 ssl3_renegotiate(SSL *s) 2666 { 2667 if (s->internal->handshake_func == NULL) 2668 return (1); 2669 2670 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 2671 return (0); 2672 2673 S3I(s)->renegotiate = 1; 2674 return (1); 2675 } 2676 2677 int 2678 ssl3_renegotiate_check(SSL *s) 2679 { 2680 int ret = 0; 2681 2682 if (S3I(s)->renegotiate) { 2683 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 2684 !SSL_in_init(s)) { 2685 /* 2686 * If we are the server, and we have sent 2687 * a 'RENEGOTIATE' message, we need to go 2688 * to SSL_ST_ACCEPT. 2689 */ 2690 /* SSL_ST_ACCEPT */ 2691 s->internal->state = SSL_ST_RENEGOTIATE; 2692 S3I(s)->renegotiate = 0; 2693 S3I(s)->num_renegotiations++; 2694 S3I(s)->total_renegotiations++; 2695 ret = 1; 2696 } 2697 } 2698 return (ret); 2699 } 2700 /* 2701 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF 2702 * and handshake macs if required. 2703 */ 2704 long 2705 ssl_get_algorithm2(SSL *s) 2706 { 2707 long alg2 = S3I(s)->tmp.new_cipher->algorithm2; 2708 2709 if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && 2710 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 2711 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 2712 return alg2; 2713 } 2714