summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2015-03-08 16:48:49 +0000
committercvs2svn <admin@example.com>2015-03-08 16:48:49 +0000
commitdecf84ba5550c1656a7fdb51b5b81969590c3f03 (patch)
tree44872802e872bdfd60730fa9cf01d9d5751251c1 /src/lib/libssl/s3_lib.c
parent7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427 (diff)
downloadopenbsd-libressl-v2.1.5.tar.gz
openbsd-libressl-v2.1.5.tar.bz2
openbsd-libressl-v2.1.5.zip
This commit was manufactured by cvs2git to create branch 'OPENBSD_5_7'.libressl-v2.1.5
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c2865
1 files changed, 0 insertions, 2865 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index c6062934dc..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,2865 +0,0 @@
1/* $OpenBSD: s3_lib.c,v 1.95 2015/02/08 22:06:49 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152
153#include <openssl/dh.h>
154#include <openssl/md5.h>
155#include <openssl/objects.h>
156
157#include "ssl_locl.h"
158
159#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
160
161/*
162 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the
163 * fixed nonce length in algorithms2. It is the inverse of the
164 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.
165 */
166#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
167
168/* list of available SSLv3 ciphers (sorted by id) */
169SSL_CIPHER ssl3_ciphers[] = {
170
171 /* The RSA ciphers */
172 /* Cipher 01 */
173 {
174 .valid = 1,
175 .name = SSL3_TXT_RSA_NULL_MD5,
176 .id = SSL3_CK_RSA_NULL_MD5,
177 .algorithm_mkey = SSL_kRSA,
178 .algorithm_auth = SSL_aRSA,
179 .algorithm_enc = SSL_eNULL,
180 .algorithm_mac = SSL_MD5,
181 .algorithm_ssl = SSL_SSLV3,
182 .algo_strength = SSL_STRONG_NONE,
183 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
184 .strength_bits = 0,
185 .alg_bits = 0,
186 },
187
188 /* Cipher 02 */
189 {
190 .valid = 1,
191 .name = SSL3_TXT_RSA_NULL_SHA,
192 .id = SSL3_CK_RSA_NULL_SHA,
193 .algorithm_mkey = SSL_kRSA,
194 .algorithm_auth = SSL_aRSA,
195 .algorithm_enc = SSL_eNULL,
196 .algorithm_mac = SSL_SHA1,
197 .algorithm_ssl = SSL_SSLV3,
198 .algo_strength = SSL_STRONG_NONE,
199 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
200 .strength_bits = 0,
201 .alg_bits = 0,
202 },
203
204 /* Cipher 04 */
205 {
206 .valid = 1,
207 .name = SSL3_TXT_RSA_RC4_128_MD5,
208 .id = SSL3_CK_RSA_RC4_128_MD5,
209 .algorithm_mkey = SSL_kRSA,
210 .algorithm_auth = SSL_aRSA,
211 .algorithm_enc = SSL_RC4,
212 .algorithm_mac = SSL_MD5,
213 .algorithm_ssl = SSL_SSLV3,
214 .algo_strength = SSL_MEDIUM,
215 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
216 .strength_bits = 128,
217 .alg_bits = 128,
218 },
219
220 /* Cipher 05 */
221 {
222 .valid = 1,
223 .name = SSL3_TXT_RSA_RC4_128_SHA,
224 .id = SSL3_CK_RSA_RC4_128_SHA,
225 .algorithm_mkey = SSL_kRSA,
226 .algorithm_auth = SSL_aRSA,
227 .algorithm_enc = SSL_RC4,
228 .algorithm_mac = SSL_SHA1,
229 .algorithm_ssl = SSL_SSLV3,
230 .algo_strength = SSL_MEDIUM,
231 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
232 .strength_bits = 128,
233 .alg_bits = 128,
234 },
235
236 /* Cipher 07 */
237#ifndef OPENSSL_NO_IDEA
238 {
239 .valid = 1,
240 .name = SSL3_TXT_RSA_IDEA_128_SHA,
241 .id = SSL3_CK_RSA_IDEA_128_SHA,
242 .algorithm_mkey = SSL_kRSA,
243 .algorithm_auth = SSL_aRSA,
244 .algorithm_enc = SSL_IDEA,
245 .algorithm_mac = SSL_SHA1,
246 .algorithm_ssl = SSL_SSLV3,
247 .algo_strength = SSL_MEDIUM,
248 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 .strength_bits = 128,
250 .alg_bits = 128,
251 },
252#endif
253
254 /* Cipher 09 */
255 {
256 .valid = 1,
257 .name = SSL3_TXT_RSA_DES_64_CBC_SHA,
258 .id = SSL3_CK_RSA_DES_64_CBC_SHA,
259 .algorithm_mkey = SSL_kRSA,
260 .algorithm_auth = SSL_aRSA,
261 .algorithm_enc = SSL_DES,
262 .algorithm_mac = SSL_SHA1,
263 .algorithm_ssl = SSL_SSLV3,
264 .algo_strength = SSL_LOW,
265 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
266 .strength_bits = 56,
267 .alg_bits = 56,
268 },
269
270 /* Cipher 0A */
271 {
272 .valid = 1,
273 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
274 .id = SSL3_CK_RSA_DES_192_CBC3_SHA,
275 .algorithm_mkey = SSL_kRSA,
276 .algorithm_auth = SSL_aRSA,
277 .algorithm_enc = SSL_3DES,
278 .algorithm_mac = SSL_SHA1,
279 .algorithm_ssl = SSL_SSLV3,
280 .algo_strength = SSL_HIGH,
281 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 .strength_bits = 112,
283 .alg_bits = 168,
284 },
285
286 /*
287 * Ephemeral DH (DHE) ciphers.
288 */
289
290 /* Cipher 12 */
291 {
292 .valid = 1,
293 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
294 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
295 .algorithm_mkey = SSL_kDHE,
296 .algorithm_auth = SSL_aDSS,
297 .algorithm_enc = SSL_DES,
298 .algorithm_mac = SSL_SHA1,
299 .algorithm_ssl = SSL_SSLV3,
300 .algo_strength = SSL_LOW,
301 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
302 .strength_bits = 56,
303 .alg_bits = 56,
304 },
305
306 /* Cipher 13 */
307 {
308 .valid = 1,
309 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
310 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
311 .algorithm_mkey = SSL_kDHE,
312 .algorithm_auth = SSL_aDSS,
313 .algorithm_enc = SSL_3DES,
314 .algorithm_mac = SSL_SHA1,
315 .algorithm_ssl = SSL_SSLV3,
316 .algo_strength = SSL_HIGH,
317 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
318 .strength_bits = 112,
319 .alg_bits = 168,
320 },
321
322 /* Cipher 15 */
323 {
324 .valid = 1,
325 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
326 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
327 .algorithm_mkey = SSL_kDHE,
328 .algorithm_auth = SSL_aRSA,
329 .algorithm_enc = SSL_DES,
330 .algorithm_mac = SSL_SHA1,
331 .algorithm_ssl = SSL_SSLV3,
332 .algo_strength = SSL_LOW,
333 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
334 .strength_bits = 56,
335 .alg_bits = 56,
336 },
337
338 /* Cipher 16 */
339 {
340 .valid = 1,
341 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
342 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
343 .algorithm_mkey = SSL_kDHE,
344 .algorithm_auth = SSL_aRSA,
345 .algorithm_enc = SSL_3DES,
346 .algorithm_mac = SSL_SHA1,
347 .algorithm_ssl = SSL_SSLV3,
348 .algo_strength = SSL_HIGH,
349 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
350 .strength_bits = 112,
351 .alg_bits = 168,
352 },
353
354 /* Cipher 18 */
355 {
356 .valid = 1,
357 .name = SSL3_TXT_ADH_RC4_128_MD5,
358 .id = SSL3_CK_ADH_RC4_128_MD5,
359 .algorithm_mkey = SSL_kDHE,
360 .algorithm_auth = SSL_aNULL,
361 .algorithm_enc = SSL_RC4,
362 .algorithm_mac = SSL_MD5,
363 .algorithm_ssl = SSL_SSLV3,
364 .algo_strength = SSL_MEDIUM,
365 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
366 .strength_bits = 128,
367 .alg_bits = 128,
368 },
369
370 /* Cipher 1A */
371 {
372 .valid = 1,
373 .name = SSL3_TXT_ADH_DES_64_CBC_SHA,
374 .id = SSL3_CK_ADH_DES_64_CBC_SHA,
375 .algorithm_mkey = SSL_kDHE,
376 .algorithm_auth = SSL_aNULL,
377 .algorithm_enc = SSL_DES,
378 .algorithm_mac = SSL_SHA1,
379 .algorithm_ssl = SSL_SSLV3,
380 .algo_strength = SSL_LOW,
381 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
382 .strength_bits = 56,
383 .alg_bits = 56,
384 },
385
386 /* Cipher 1B */
387 {
388 .valid = 1,
389 .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
390 .id = SSL3_CK_ADH_DES_192_CBC_SHA,
391 .algorithm_mkey = SSL_kDHE,
392 .algorithm_auth = SSL_aNULL,
393 .algorithm_enc = SSL_3DES,
394 .algorithm_mac = SSL_SHA1,
395 .algorithm_ssl = SSL_SSLV3,
396 .algo_strength = SSL_HIGH,
397 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
398 .strength_bits = 112,
399 .alg_bits = 168,
400 },
401
402 /*
403 * AES ciphersuites.
404 */
405
406 /* Cipher 2F */
407 {
408 .valid = 1,
409 .name = TLS1_TXT_RSA_WITH_AES_128_SHA,
410 .id = TLS1_CK_RSA_WITH_AES_128_SHA,
411 .algorithm_mkey = SSL_kRSA,
412 .algorithm_auth = SSL_aRSA,
413 .algorithm_enc = SSL_AES128,
414 .algorithm_mac = SSL_SHA1,
415 .algorithm_ssl = SSL_TLSV1,
416 .algo_strength = SSL_HIGH,
417 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
418 .strength_bits = 128,
419 .alg_bits = 128,
420 },
421
422 /* Cipher 32 */
423 {
424 .valid = 1,
425 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
426 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
427 .algorithm_mkey = SSL_kDHE,
428 .algorithm_auth = SSL_aDSS,
429 .algorithm_enc = SSL_AES128,
430 .algorithm_mac = SSL_SHA1,
431 .algorithm_ssl = SSL_TLSV1,
432 .algo_strength = SSL_HIGH,
433 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
434 .strength_bits = 128,
435 .alg_bits = 128,
436 },
437
438 /* Cipher 33 */
439 {
440 .valid = 1,
441 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
442 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
443 .algorithm_mkey = SSL_kDHE,
444 .algorithm_auth = SSL_aRSA,
445 .algorithm_enc = SSL_AES128,
446 .algorithm_mac = SSL_SHA1,
447 .algorithm_ssl = SSL_TLSV1,
448 .algo_strength = SSL_HIGH,
449 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
450 .strength_bits = 128,
451 .alg_bits = 128,
452 },
453
454 /* Cipher 34 */
455 {
456 .valid = 1,
457 .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
458 .id = TLS1_CK_ADH_WITH_AES_128_SHA,
459 .algorithm_mkey = SSL_kDHE,
460 .algorithm_auth = SSL_aNULL,
461 .algorithm_enc = SSL_AES128,
462 .algorithm_mac = SSL_SHA1,
463 .algorithm_ssl = SSL_TLSV1,
464 .algo_strength = SSL_HIGH,
465 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
466 .strength_bits = 128,
467 .alg_bits = 128,
468 },
469
470 /* Cipher 35 */
471 {
472 .valid = 1,
473 .name = TLS1_TXT_RSA_WITH_AES_256_SHA,
474 .id = TLS1_CK_RSA_WITH_AES_256_SHA,
475 .algorithm_mkey = SSL_kRSA,
476 .algorithm_auth = SSL_aRSA,
477 .algorithm_enc = SSL_AES256,
478 .algorithm_mac = SSL_SHA1,
479 .algorithm_ssl = SSL_TLSV1,
480 .algo_strength = SSL_HIGH,
481 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
482 .strength_bits = 256,
483 .alg_bits = 256,
484 },
485
486 /* Cipher 38 */
487 {
488 .valid = 1,
489 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
490 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
491 .algorithm_mkey = SSL_kDHE,
492 .algorithm_auth = SSL_aDSS,
493 .algorithm_enc = SSL_AES256,
494 .algorithm_mac = SSL_SHA1,
495 .algorithm_ssl = SSL_TLSV1,
496 .algo_strength = SSL_HIGH,
497 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
498 .strength_bits = 256,
499 .alg_bits = 256,
500 },
501
502 /* Cipher 39 */
503 {
504 .valid = 1,
505 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
506 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
507 .algorithm_mkey = SSL_kDHE,
508 .algorithm_auth = SSL_aRSA,
509 .algorithm_enc = SSL_AES256,
510 .algorithm_mac = SSL_SHA1,
511 .algorithm_ssl = SSL_TLSV1,
512 .algo_strength = SSL_HIGH,
513 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
514 .strength_bits = 256,
515 .alg_bits = 256,
516 },
517
518 /* Cipher 3A */
519 {
520 .valid = 1,
521 .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
522 .id = TLS1_CK_ADH_WITH_AES_256_SHA,
523 .algorithm_mkey = SSL_kDHE,
524 .algorithm_auth = SSL_aNULL,
525 .algorithm_enc = SSL_AES256,
526 .algorithm_mac = SSL_SHA1,
527 .algorithm_ssl = SSL_TLSV1,
528 .algo_strength = SSL_HIGH,
529 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
530 .strength_bits = 256,
531 .alg_bits = 256,
532 },
533
534 /* TLS v1.2 ciphersuites */
535 /* Cipher 3B */
536 {
537 .valid = 1,
538 .name = TLS1_TXT_RSA_WITH_NULL_SHA256,
539 .id = TLS1_CK_RSA_WITH_NULL_SHA256,
540 .algorithm_mkey = SSL_kRSA,
541 .algorithm_auth = SSL_aRSA,
542 .algorithm_enc = SSL_eNULL,
543 .algorithm_mac = SSL_SHA256,
544 .algorithm_ssl = SSL_TLSV1_2,
545 .algo_strength = SSL_STRONG_NONE,
546 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
547 .strength_bits = 0,
548 .alg_bits = 0,
549 },
550
551 /* Cipher 3C */
552 {
553 .valid = 1,
554 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256,
555 .id = TLS1_CK_RSA_WITH_AES_128_SHA256,
556 .algorithm_mkey = SSL_kRSA,
557 .algorithm_auth = SSL_aRSA,
558 .algorithm_enc = SSL_AES128,
559 .algorithm_mac = SSL_SHA256,
560 .algorithm_ssl = SSL_TLSV1_2,
561 .algo_strength = SSL_HIGH,
562 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
563 .strength_bits = 128,
564 .alg_bits = 128,
565 },
566
567 /* Cipher 3D */
568 {
569 .valid = 1,
570 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256,
571 .id = TLS1_CK_RSA_WITH_AES_256_SHA256,
572 .algorithm_mkey = SSL_kRSA,
573 .algorithm_auth = SSL_aRSA,
574 .algorithm_enc = SSL_AES256,
575 .algorithm_mac = SSL_SHA256,
576 .algorithm_ssl = SSL_TLSV1_2,
577 .algo_strength = SSL_HIGH,
578 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
579 .strength_bits = 256,
580 .alg_bits = 256,
581 },
582
583 /* Cipher 40 */
584 {
585 .valid = 1,
586 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
587 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
588 .algorithm_mkey = SSL_kDHE,
589 .algorithm_auth = SSL_aDSS,
590 .algorithm_enc = SSL_AES128,
591 .algorithm_mac = SSL_SHA256,
592 .algorithm_ssl = SSL_TLSV1_2,
593 .algo_strength = SSL_HIGH,
594 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
595 .strength_bits = 128,
596 .alg_bits = 128,
597 },
598
599#ifndef OPENSSL_NO_CAMELLIA
600 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
601
602 /* Cipher 41 */
603 {
604 .valid = 1,
605 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
606 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
607 .algorithm_mkey = SSL_kRSA,
608 .algorithm_auth = SSL_aRSA,
609 .algorithm_enc = SSL_CAMELLIA128,
610 .algorithm_mac = SSL_SHA1,
611 .algorithm_ssl = SSL_TLSV1,
612 .algo_strength = SSL_HIGH,
613 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
614 .strength_bits = 128,
615 .alg_bits = 128,
616 },
617
618 /* Cipher 44 */
619 {
620 .valid = 1,
621 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
622 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
623 .algorithm_mkey = SSL_kDHE,
624 .algorithm_auth = SSL_aDSS,
625 .algorithm_enc = SSL_CAMELLIA128,
626 .algorithm_mac = SSL_SHA1,
627 .algorithm_ssl = SSL_TLSV1,
628 .algo_strength = SSL_HIGH,
629 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
630 .strength_bits = 128,
631 .alg_bits = 128,
632 },
633
634 /* Cipher 45 */
635 {
636 .valid = 1,
637 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
638 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
639 .algorithm_mkey = SSL_kDHE,
640 .algorithm_auth = SSL_aRSA,
641 .algorithm_enc = SSL_CAMELLIA128,
642 .algorithm_mac = SSL_SHA1,
643 .algorithm_ssl = SSL_TLSV1,
644 .algo_strength = SSL_HIGH,
645 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
646 .strength_bits = 128,
647 .alg_bits = 128,
648 },
649
650 /* Cipher 46 */
651 {
652 .valid = 1,
653 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
654 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
655 .algorithm_mkey = SSL_kDHE,
656 .algorithm_auth = SSL_aNULL,
657 .algorithm_enc = SSL_CAMELLIA128,
658 .algorithm_mac = SSL_SHA1,
659 .algorithm_ssl = SSL_TLSV1,
660 .algo_strength = SSL_HIGH,
661 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
662 .strength_bits = 128,
663 .alg_bits = 128,
664 },
665#endif /* OPENSSL_NO_CAMELLIA */
666
667 /* TLS v1.2 ciphersuites */
668 /* Cipher 67 */
669 {
670 .valid = 1,
671 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
672 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
673 .algorithm_mkey = SSL_kDHE,
674 .algorithm_auth = SSL_aRSA,
675 .algorithm_enc = SSL_AES128,
676 .algorithm_mac = SSL_SHA256,
677 .algorithm_ssl = SSL_TLSV1_2,
678 .algo_strength = SSL_HIGH,
679 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
680 .strength_bits = 128,
681 .alg_bits = 128,
682 },
683
684 /* Cipher 6A */
685 {
686 .valid = 1,
687 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
688 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
689 .algorithm_mkey = SSL_kDHE,
690 .algorithm_auth = SSL_aDSS,
691 .algorithm_enc = SSL_AES256,
692 .algorithm_mac = SSL_SHA256,
693 .algorithm_ssl = SSL_TLSV1_2,
694 .algo_strength = SSL_HIGH,
695 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
696 .strength_bits = 256,
697 .alg_bits = 256,
698 },
699
700 /* Cipher 6B */
701 {
702 .valid = 1,
703 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
704 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
705 .algorithm_mkey = SSL_kDHE,
706 .algorithm_auth = SSL_aRSA,
707 .algorithm_enc = SSL_AES256,
708 .algorithm_mac = SSL_SHA256,
709 .algorithm_ssl = SSL_TLSV1_2,
710 .algo_strength = SSL_HIGH,
711 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
712 .strength_bits = 256,
713 .alg_bits = 256,
714 },
715
716 /* Cipher 6C */
717 {
718 .valid = 1,
719 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
720 .id = TLS1_CK_ADH_WITH_AES_128_SHA256,
721 .algorithm_mkey = SSL_kDHE,
722 .algorithm_auth = SSL_aNULL,
723 .algorithm_enc = SSL_AES128,
724 .algorithm_mac = SSL_SHA256,
725 .algorithm_ssl = SSL_TLSV1_2,
726 .algo_strength = SSL_HIGH,
727 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
728 .strength_bits = 128,
729 .alg_bits = 128,
730 },
731
732 /* Cipher 6D */
733 {
734 .valid = 1,
735 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
736 .id = TLS1_CK_ADH_WITH_AES_256_SHA256,
737 .algorithm_mkey = SSL_kDHE,
738 .algorithm_auth = SSL_aNULL,
739 .algorithm_enc = SSL_AES256,
740 .algorithm_mac = SSL_SHA256,
741 .algorithm_ssl = SSL_TLSV1_2,
742 .algo_strength = SSL_HIGH,
743 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
744 .strength_bits = 256,
745 .alg_bits = 256,
746 },
747
748 /* GOST Ciphersuites */
749
750 /* Cipher 81 */
751 {
752 .valid = 1,
753 .name = "GOST2001-GOST89-GOST89",
754 .id = 0x3000081,
755 .algorithm_mkey = SSL_kGOST,
756 .algorithm_auth = SSL_aGOST01,
757 .algorithm_enc = SSL_eGOST2814789CNT,
758 .algorithm_mac = SSL_GOST89MAC,
759 .algorithm_ssl = SSL_TLSV1,
760 .algo_strength = SSL_HIGH,
761 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
762 TLS1_STREAM_MAC,
763 .strength_bits = 256,
764 .alg_bits = 256
765 },
766
767 /* Cipher 83 */
768 {
769 .valid = 1,
770 .name = "GOST2001-NULL-GOST94",
771 .id = 0x3000083,
772 .algorithm_mkey = SSL_kGOST,
773 .algorithm_auth = SSL_aGOST01,
774 .algorithm_enc = SSL_eNULL,
775 .algorithm_mac = SSL_GOST94,
776 .algorithm_ssl = SSL_TLSV1,
777 .algo_strength = SSL_STRONG_NONE,
778 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
779 .strength_bits = 0,
780 .alg_bits = 0
781 },
782
783#ifndef OPENSSL_NO_CAMELLIA
784 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
785
786 /* Cipher 84 */
787 {
788 .valid = 1,
789 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
790 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
791 .algorithm_mkey = SSL_kRSA,
792 .algorithm_auth = SSL_aRSA,
793 .algorithm_enc = SSL_CAMELLIA256,
794 .algorithm_mac = SSL_SHA1,
795 .algorithm_ssl = SSL_TLSV1,
796 .algo_strength = SSL_HIGH,
797 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
798 .strength_bits = 256,
799 .alg_bits = 256,
800 },
801
802 /* Cipher 87 */
803 {
804 .valid = 1,
805 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
806 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
807 .algorithm_mkey = SSL_kDHE,
808 .algorithm_auth = SSL_aDSS,
809 .algorithm_enc = SSL_CAMELLIA256,
810 .algorithm_mac = SSL_SHA1,
811 .algorithm_ssl = SSL_TLSV1,
812 .algo_strength = SSL_HIGH,
813 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
814 .strength_bits = 256,
815 .alg_bits = 256,
816 },
817
818 /* Cipher 88 */
819 {
820 .valid = 1,
821 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
822 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
823 .algorithm_mkey = SSL_kDHE,
824 .algorithm_auth = SSL_aRSA,
825 .algorithm_enc = SSL_CAMELLIA256,
826 .algorithm_mac = SSL_SHA1,
827 .algorithm_ssl = SSL_TLSV1,
828 .algo_strength = SSL_HIGH,
829 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
830 .strength_bits = 256,
831 .alg_bits = 256,
832 },
833
834 /* Cipher 89 */
835 {
836 .valid = 1,
837 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
838 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
839 .algorithm_mkey = SSL_kDHE,
840 .algorithm_auth = SSL_aNULL,
841 .algorithm_enc = SSL_CAMELLIA256,
842 .algorithm_mac = SSL_SHA1,
843 .algorithm_ssl = SSL_TLSV1,
844 .algo_strength = SSL_HIGH,
845 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
846 .strength_bits = 256,
847 .alg_bits = 256,
848 },
849#endif /* OPENSSL_NO_CAMELLIA */
850
851 /*
852 * GCM ciphersuites from RFC5288.
853 */
854
855 /* Cipher 9C */
856 {
857 .valid = 1,
858 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
859 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
860 .algorithm_mkey = SSL_kRSA,
861 .algorithm_auth = SSL_aRSA,
862 .algorithm_enc = SSL_AES128GCM,
863 .algorithm_mac = SSL_AEAD,
864 .algorithm_ssl = SSL_TLSV1_2,
865 .algo_strength = SSL_HIGH,
866 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
867 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
868 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
869 .strength_bits = 128,
870 .alg_bits = 128,
871 },
872
873 /* Cipher 9D */
874 {
875 .valid = 1,
876 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
877 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
878 .algorithm_mkey = SSL_kRSA,
879 .algorithm_auth = SSL_aRSA,
880 .algorithm_enc = SSL_AES256GCM,
881 .algorithm_mac = SSL_AEAD,
882 .algorithm_ssl = SSL_TLSV1_2,
883 .algo_strength = SSL_HIGH,
884 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
885 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
886 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
887 .strength_bits = 256,
888 .alg_bits = 256,
889 },
890
891 /* Cipher 9E */
892 {
893 .valid = 1,
894 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
895 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
896 .algorithm_mkey = SSL_kDHE,
897 .algorithm_auth = SSL_aRSA,
898 .algorithm_enc = SSL_AES128GCM,
899 .algorithm_mac = SSL_AEAD,
900 .algorithm_ssl = SSL_TLSV1_2,
901 .algo_strength = SSL_HIGH,
902 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
903 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
904 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
905 .strength_bits = 128,
906 .alg_bits = 128,
907 },
908
909 /* Cipher 9F */
910 {
911 .valid = 1,
912 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
913 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
914 .algorithm_mkey = SSL_kDHE,
915 .algorithm_auth = SSL_aRSA,
916 .algorithm_enc = SSL_AES256GCM,
917 .algorithm_mac = SSL_AEAD,
918 .algorithm_ssl = SSL_TLSV1_2,
919 .algo_strength = SSL_HIGH,
920 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
921 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
922 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
923 .strength_bits = 256,
924 .alg_bits = 256,
925 },
926
927 /* Cipher A2 */
928 {
929 .valid = 1,
930 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
931 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
932 .algorithm_mkey = SSL_kDHE,
933 .algorithm_auth = SSL_aDSS,
934 .algorithm_enc = SSL_AES128GCM,
935 .algorithm_mac = SSL_AEAD,
936 .algorithm_ssl = SSL_TLSV1_2,
937 .algo_strength = SSL_HIGH,
938 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
939 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
940 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
941 .strength_bits = 128,
942 .alg_bits = 128,
943 },
944
945 /* Cipher A3 */
946 {
947 .valid = 1,
948 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
949 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
950 .algorithm_mkey = SSL_kDHE,
951 .algorithm_auth = SSL_aDSS,
952 .algorithm_enc = SSL_AES256GCM,
953 .algorithm_mac = SSL_AEAD,
954 .algorithm_ssl = SSL_TLSV1_2,
955 .algo_strength = SSL_HIGH,
956 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
957 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
958 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
959 .strength_bits = 256,
960 .alg_bits = 256,
961 },
962
963 /* Cipher A6 */
964 {
965 .valid = 1,
966 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
967 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
968 .algorithm_mkey = SSL_kDHE,
969 .algorithm_auth = SSL_aNULL,
970 .algorithm_enc = SSL_AES128GCM,
971 .algorithm_mac = SSL_AEAD,
972 .algorithm_ssl = SSL_TLSV1_2,
973 .algo_strength = SSL_HIGH,
974 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
975 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
976 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
977 .strength_bits = 128,
978 .alg_bits = 128,
979 },
980
981 /* Cipher A7 */
982 {
983 .valid = 1,
984 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
985 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
986 .algorithm_mkey = SSL_kDHE,
987 .algorithm_auth = SSL_aNULL,
988 .algorithm_enc = SSL_AES256GCM,
989 .algorithm_mac = SSL_AEAD,
990 .algorithm_ssl = SSL_TLSV1_2,
991 .algo_strength = SSL_HIGH,
992 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
993 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
994 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
995 .strength_bits = 256,
996 .alg_bits = 256,
997 },
998
999#ifndef OPENSSL_NO_CAMELLIA
1000 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
1001
1002 /* Cipher BA */
1003 {
1004 .valid = 1,
1005 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1006 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1007 .algorithm_mkey = SSL_kRSA,
1008 .algorithm_auth = SSL_aRSA,
1009 .algorithm_enc = SSL_CAMELLIA128,
1010 .algorithm_mac = SSL_SHA256,
1011 .algorithm_ssl = SSL_TLSV1_2,
1012 .algo_strength = SSL_HIGH,
1013 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1014 .strength_bits = 128,
1015 .alg_bits = 128,
1016 },
1017
1018 /* Cipher BD */
1019 {
1020 .valid = 1,
1021 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1022 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1023 .algorithm_mkey = SSL_kDHE,
1024 .algorithm_auth = SSL_aDSS,
1025 .algorithm_enc = SSL_CAMELLIA128,
1026 .algorithm_mac = SSL_SHA256,
1027 .algorithm_ssl = SSL_TLSV1_2,
1028 .algo_strength = SSL_HIGH,
1029 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1030 .strength_bits = 128,
1031 .alg_bits = 128,
1032 },
1033
1034 /* Cipher BE */
1035 {
1036 .valid = 1,
1037 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1038 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1039 .algorithm_mkey = SSL_kDHE,
1040 .algorithm_auth = SSL_aRSA,
1041 .algorithm_enc = SSL_CAMELLIA128,
1042 .algorithm_mac = SSL_SHA256,
1043 .algorithm_ssl = SSL_TLSV1_2,
1044 .algo_strength = SSL_HIGH,
1045 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1046 .strength_bits = 128,
1047 .alg_bits = 128,
1048 },
1049
1050 /* Cipher BF */
1051 {
1052 .valid = 1,
1053 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1054 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1055 .algorithm_mkey = SSL_kDHE,
1056 .algorithm_auth = SSL_aNULL,
1057 .algorithm_enc = SSL_CAMELLIA128,
1058 .algorithm_mac = SSL_SHA256,
1059 .algorithm_ssl = SSL_TLSV1_2,
1060 .algo_strength = SSL_HIGH,
1061 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1062 .strength_bits = 128,
1063 .alg_bits = 128,
1064 },
1065
1066 /* Cipher C0 */
1067 {
1068 .valid = 1,
1069 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1070 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1071 .algorithm_mkey = SSL_kRSA,
1072 .algorithm_auth = SSL_aRSA,
1073 .algorithm_enc = SSL_CAMELLIA256,
1074 .algorithm_mac = SSL_SHA256,
1075 .algorithm_ssl = SSL_TLSV1_2,
1076 .algo_strength = SSL_HIGH,
1077 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1078 .strength_bits = 256,
1079 .alg_bits = 256,
1080 },
1081
1082 /* Cipher C3 */
1083 {
1084 .valid = 1,
1085 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1086 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1087 .algorithm_mkey = SSL_kDHE,
1088 .algorithm_auth = SSL_aDSS,
1089 .algorithm_enc = SSL_CAMELLIA256,
1090 .algorithm_mac = SSL_SHA256,
1091 .algorithm_ssl = SSL_TLSV1_2,
1092 .algo_strength = SSL_HIGH,
1093 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1094 .strength_bits = 256,
1095 .alg_bits = 256,
1096 },
1097
1098 /* Cipher C4 */
1099 {
1100 .valid = 1,
1101 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1102 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1103 .algorithm_mkey = SSL_kDHE,
1104 .algorithm_auth = SSL_aRSA,
1105 .algorithm_enc = SSL_CAMELLIA256,
1106 .algorithm_mac = SSL_SHA256,
1107 .algorithm_ssl = SSL_TLSV1_2,
1108 .algo_strength = SSL_HIGH,
1109 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1110 .strength_bits = 256,
1111 .alg_bits = 256,
1112 },
1113
1114 /* Cipher C5 */
1115 {
1116 .valid = 1,
1117 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1118 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1119 .algorithm_mkey = SSL_kDHE,
1120 .algorithm_auth = SSL_aNULL,
1121 .algorithm_enc = SSL_CAMELLIA256,
1122 .algorithm_mac = SSL_SHA256,
1123 .algorithm_ssl = SSL_TLSV1_2,
1124 .algo_strength = SSL_HIGH,
1125 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1126 .strength_bits = 256,
1127 .alg_bits = 256,
1128 },
1129#endif /* OPENSSL_NO_CAMELLIA */
1130
1131 /* Cipher C001 */
1132 {
1133 .valid = 1,
1134 .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1135 .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1136 .algorithm_mkey = SSL_kECDHe,
1137 .algorithm_auth = SSL_aECDH,
1138 .algorithm_enc = SSL_eNULL,
1139 .algorithm_mac = SSL_SHA1,
1140 .algorithm_ssl = SSL_TLSV1,
1141 .algo_strength = SSL_STRONG_NONE,
1142 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1143 .strength_bits = 0,
1144 .alg_bits = 0,
1145 },
1146
1147 /* Cipher C002 */
1148 {
1149 .valid = 1,
1150 .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1151 .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1152 .algorithm_mkey = SSL_kECDHe,
1153 .algorithm_auth = SSL_aECDH,
1154 .algorithm_enc = SSL_RC4,
1155 .algorithm_mac = SSL_SHA1,
1156 .algorithm_ssl = SSL_TLSV1,
1157 .algo_strength = SSL_MEDIUM,
1158 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1159 .strength_bits = 128,
1160 .alg_bits = 128,
1161 },
1162
1163 /* Cipher C003 */
1164 {
1165 .valid = 1,
1166 .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1167 .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1168 .algorithm_mkey = SSL_kECDHe,
1169 .algorithm_auth = SSL_aECDH,
1170 .algorithm_enc = SSL_3DES,
1171 .algorithm_mac = SSL_SHA1,
1172 .algorithm_ssl = SSL_TLSV1,
1173 .algo_strength = SSL_HIGH,
1174 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1175 .strength_bits = 112,
1176 .alg_bits = 168,
1177 },
1178
1179 /* Cipher C004 */
1180 {
1181 .valid = 1,
1182 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1183 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1184 .algorithm_mkey = SSL_kECDHe,
1185 .algorithm_auth = SSL_aECDH,
1186 .algorithm_enc = SSL_AES128,
1187 .algorithm_mac = SSL_SHA1,
1188 .algorithm_ssl = SSL_TLSV1,
1189 .algo_strength = SSL_HIGH,
1190 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1191 .strength_bits = 128,
1192 .alg_bits = 128,
1193 },
1194
1195 /* Cipher C005 */
1196 {
1197 .valid = 1,
1198 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1199 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1200 .algorithm_mkey = SSL_kECDHe,
1201 .algorithm_auth = SSL_aECDH,
1202 .algorithm_enc = SSL_AES256,
1203 .algorithm_mac = SSL_SHA1,
1204 .algorithm_ssl = SSL_TLSV1,
1205 .algo_strength = SSL_HIGH,
1206 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1207 .strength_bits = 256,
1208 .alg_bits = 256,
1209 },
1210
1211 /* Cipher C006 */
1212 {
1213 .valid = 1,
1214 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1215 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1216 .algorithm_mkey = SSL_kECDHE,
1217 .algorithm_auth = SSL_aECDSA,
1218 .algorithm_enc = SSL_eNULL,
1219 .algorithm_mac = SSL_SHA1,
1220 .algorithm_ssl = SSL_TLSV1,
1221 .algo_strength = SSL_STRONG_NONE,
1222 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1223 .strength_bits = 0,
1224 .alg_bits = 0,
1225 },
1226
1227 /* Cipher C007 */
1228 {
1229 .valid = 1,
1230 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1231 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1232 .algorithm_mkey = SSL_kECDHE,
1233 .algorithm_auth = SSL_aECDSA,
1234 .algorithm_enc = SSL_RC4,
1235 .algorithm_mac = SSL_SHA1,
1236 .algorithm_ssl = SSL_TLSV1,
1237 .algo_strength = SSL_MEDIUM,
1238 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1239 .strength_bits = 128,
1240 .alg_bits = 128,
1241 },
1242
1243 /* Cipher C008 */
1244 {
1245 .valid = 1,
1246 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1247 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1248 .algorithm_mkey = SSL_kECDHE,
1249 .algorithm_auth = SSL_aECDSA,
1250 .algorithm_enc = SSL_3DES,
1251 .algorithm_mac = SSL_SHA1,
1252 .algorithm_ssl = SSL_TLSV1,
1253 .algo_strength = SSL_HIGH,
1254 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1255 .strength_bits = 112,
1256 .alg_bits = 168,
1257 },
1258
1259 /* Cipher C009 */
1260 {
1261 .valid = 1,
1262 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1263 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1264 .algorithm_mkey = SSL_kECDHE,
1265 .algorithm_auth = SSL_aECDSA,
1266 .algorithm_enc = SSL_AES128,
1267 .algorithm_mac = SSL_SHA1,
1268 .algorithm_ssl = SSL_TLSV1,
1269 .algo_strength = SSL_HIGH,
1270 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1271 .strength_bits = 128,
1272 .alg_bits = 128,
1273 },
1274
1275 /* Cipher C00A */
1276 {
1277 .valid = 1,
1278 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1279 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1280 .algorithm_mkey = SSL_kECDHE,
1281 .algorithm_auth = SSL_aECDSA,
1282 .algorithm_enc = SSL_AES256,
1283 .algorithm_mac = SSL_SHA1,
1284 .algorithm_ssl = SSL_TLSV1,
1285 .algo_strength = SSL_HIGH,
1286 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1287 .strength_bits = 256,
1288 .alg_bits = 256,
1289 },
1290
1291 /* Cipher C00B */
1292 {
1293 .valid = 1,
1294 .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1295 .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1296 .algorithm_mkey = SSL_kECDHr,
1297 .algorithm_auth = SSL_aECDH,
1298 .algorithm_enc = SSL_eNULL,
1299 .algorithm_mac = SSL_SHA1,
1300 .algorithm_ssl = SSL_TLSV1,
1301 .algo_strength = SSL_STRONG_NONE,
1302 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1303 .strength_bits = 0,
1304 .alg_bits = 0,
1305 },
1306
1307 /* Cipher C00C */
1308 {
1309 .valid = 1,
1310 .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1311 .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1312 .algorithm_mkey = SSL_kECDHr,
1313 .algorithm_auth = SSL_aECDH,
1314 .algorithm_enc = SSL_RC4,
1315 .algorithm_mac = SSL_SHA1,
1316 .algorithm_ssl = SSL_TLSV1,
1317 .algo_strength = SSL_MEDIUM,
1318 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1319 .strength_bits = 128,
1320 .alg_bits = 128,
1321 },
1322
1323 /* Cipher C00D */
1324 {
1325 .valid = 1,
1326 .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1327 .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1328 .algorithm_mkey = SSL_kECDHr,
1329 .algorithm_auth = SSL_aECDH,
1330 .algorithm_enc = SSL_3DES,
1331 .algorithm_mac = SSL_SHA1,
1332 .algorithm_ssl = SSL_TLSV1,
1333 .algo_strength = SSL_HIGH,
1334 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1335 .strength_bits = 112,
1336 .alg_bits = 168,
1337 },
1338
1339 /* Cipher C00E */
1340 {
1341 .valid = 1,
1342 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1343 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1344 .algorithm_mkey = SSL_kECDHr,
1345 .algorithm_auth = SSL_aECDH,
1346 .algorithm_enc = SSL_AES128,
1347 .algorithm_mac = SSL_SHA1,
1348 .algorithm_ssl = SSL_TLSV1,
1349 .algo_strength = SSL_HIGH,
1350 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351 .strength_bits = 128,
1352 .alg_bits = 128,
1353 },
1354
1355 /* Cipher C00F */
1356 {
1357 .valid = 1,
1358 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1359 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1360 .algorithm_mkey = SSL_kECDHr,
1361 .algorithm_auth = SSL_aECDH,
1362 .algorithm_enc = SSL_AES256,
1363 .algorithm_mac = SSL_SHA1,
1364 .algorithm_ssl = SSL_TLSV1,
1365 .algo_strength = SSL_HIGH,
1366 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1367 .strength_bits = 256,
1368 .alg_bits = 256,
1369 },
1370
1371 /* Cipher C010 */
1372 {
1373 .valid = 1,
1374 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1375 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1376 .algorithm_mkey = SSL_kECDHE,
1377 .algorithm_auth = SSL_aRSA,
1378 .algorithm_enc = SSL_eNULL,
1379 .algorithm_mac = SSL_SHA1,
1380 .algorithm_ssl = SSL_TLSV1,
1381 .algo_strength = SSL_STRONG_NONE,
1382 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1383 .strength_bits = 0,
1384 .alg_bits = 0,
1385 },
1386
1387 /* Cipher C011 */
1388 {
1389 .valid = 1,
1390 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1391 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1392 .algorithm_mkey = SSL_kECDHE,
1393 .algorithm_auth = SSL_aRSA,
1394 .algorithm_enc = SSL_RC4,
1395 .algorithm_mac = SSL_SHA1,
1396 .algorithm_ssl = SSL_TLSV1,
1397 .algo_strength = SSL_MEDIUM,
1398 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1399 .strength_bits = 128,
1400 .alg_bits = 128,
1401 },
1402
1403 /* Cipher C012 */
1404 {
1405 .valid = 1,
1406 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1407 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1408 .algorithm_mkey = SSL_kECDHE,
1409 .algorithm_auth = SSL_aRSA,
1410 .algorithm_enc = SSL_3DES,
1411 .algorithm_mac = SSL_SHA1,
1412 .algorithm_ssl = SSL_TLSV1,
1413 .algo_strength = SSL_HIGH,
1414 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1415 .strength_bits = 112,
1416 .alg_bits = 168,
1417 },
1418
1419 /* Cipher C013 */
1420 {
1421 .valid = 1,
1422 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1423 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1424 .algorithm_mkey = SSL_kECDHE,
1425 .algorithm_auth = SSL_aRSA,
1426 .algorithm_enc = SSL_AES128,
1427 .algorithm_mac = SSL_SHA1,
1428 .algorithm_ssl = SSL_TLSV1,
1429 .algo_strength = SSL_HIGH,
1430 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1431 .strength_bits = 128,
1432 .alg_bits = 128,
1433 },
1434
1435 /* Cipher C014 */
1436 {
1437 .valid = 1,
1438 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1439 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1440 .algorithm_mkey = SSL_kECDHE,
1441 .algorithm_auth = SSL_aRSA,
1442 .algorithm_enc = SSL_AES256,
1443 .algorithm_mac = SSL_SHA1,
1444 .algorithm_ssl = SSL_TLSV1,
1445 .algo_strength = SSL_HIGH,
1446 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1447 .strength_bits = 256,
1448 .alg_bits = 256,
1449 },
1450
1451 /* Cipher C015 */
1452 {
1453 .valid = 1,
1454 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1455 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1456 .algorithm_mkey = SSL_kECDHE,
1457 .algorithm_auth = SSL_aNULL,
1458 .algorithm_enc = SSL_eNULL,
1459 .algorithm_mac = SSL_SHA1,
1460 .algorithm_ssl = SSL_TLSV1,
1461 .algo_strength = SSL_STRONG_NONE,
1462 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1463 .strength_bits = 0,
1464 .alg_bits = 0,
1465 },
1466
1467 /* Cipher C016 */
1468 {
1469 .valid = 1,
1470 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1471 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1472 .algorithm_mkey = SSL_kECDHE,
1473 .algorithm_auth = SSL_aNULL,
1474 .algorithm_enc = SSL_RC4,
1475 .algorithm_mac = SSL_SHA1,
1476 .algorithm_ssl = SSL_TLSV1,
1477 .algo_strength = SSL_MEDIUM,
1478 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1479 .strength_bits = 128,
1480 .alg_bits = 128,
1481 },
1482
1483 /* Cipher C017 */
1484 {
1485 .valid = 1,
1486 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1487 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1488 .algorithm_mkey = SSL_kECDHE,
1489 .algorithm_auth = SSL_aNULL,
1490 .algorithm_enc = SSL_3DES,
1491 .algorithm_mac = SSL_SHA1,
1492 .algorithm_ssl = SSL_TLSV1,
1493 .algo_strength = SSL_HIGH,
1494 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1495 .strength_bits = 112,
1496 .alg_bits = 168,
1497 },
1498
1499 /* Cipher C018 */
1500 {
1501 .valid = 1,
1502 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1503 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1504 .algorithm_mkey = SSL_kECDHE,
1505 .algorithm_auth = SSL_aNULL,
1506 .algorithm_enc = SSL_AES128,
1507 .algorithm_mac = SSL_SHA1,
1508 .algorithm_ssl = SSL_TLSV1,
1509 .algo_strength = SSL_HIGH,
1510 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1511 .strength_bits = 128,
1512 .alg_bits = 128,
1513 },
1514
1515 /* Cipher C019 */
1516 {
1517 .valid = 1,
1518 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1519 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1520 .algorithm_mkey = SSL_kECDHE,
1521 .algorithm_auth = SSL_aNULL,
1522 .algorithm_enc = SSL_AES256,
1523 .algorithm_mac = SSL_SHA1,
1524 .algorithm_ssl = SSL_TLSV1,
1525 .algo_strength = SSL_HIGH,
1526 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1527 .strength_bits = 256,
1528 .alg_bits = 256,
1529 },
1530
1531
1532 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
1533
1534 /* Cipher C023 */
1535 {
1536 .valid = 1,
1537 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1538 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1539 .algorithm_mkey = SSL_kECDHE,
1540 .algorithm_auth = SSL_aECDSA,
1541 .algorithm_enc = SSL_AES128,
1542 .algorithm_mac = SSL_SHA256,
1543 .algorithm_ssl = SSL_TLSV1_2,
1544 .algo_strength = SSL_HIGH,
1545 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1546 .strength_bits = 128,
1547 .alg_bits = 128,
1548 },
1549
1550 /* Cipher C024 */
1551 {
1552 .valid = 1,
1553 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1554 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1555 .algorithm_mkey = SSL_kECDHE,
1556 .algorithm_auth = SSL_aECDSA,
1557 .algorithm_enc = SSL_AES256,
1558 .algorithm_mac = SSL_SHA384,
1559 .algorithm_ssl = SSL_TLSV1_2,
1560 .algo_strength = SSL_HIGH,
1561 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1562 .strength_bits = 256,
1563 .alg_bits = 256,
1564 },
1565
1566 /* Cipher C025 */
1567 {
1568 .valid = 1,
1569 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
1570 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
1571 .algorithm_mkey = SSL_kECDHe,
1572 .algorithm_auth = SSL_aECDH,
1573 .algorithm_enc = SSL_AES128,
1574 .algorithm_mac = SSL_SHA256,
1575 .algorithm_ssl = SSL_TLSV1_2,
1576 .algo_strength = SSL_HIGH,
1577 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1578 .strength_bits = 128,
1579 .alg_bits = 128,
1580 },
1581
1582 /* Cipher C026 */
1583 {
1584 .valid = 1,
1585 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
1586 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
1587 .algorithm_mkey = SSL_kECDHe,
1588 .algorithm_auth = SSL_aECDH,
1589 .algorithm_enc = SSL_AES256,
1590 .algorithm_mac = SSL_SHA384,
1591 .algorithm_ssl = SSL_TLSV1_2,
1592 .algo_strength = SSL_HIGH,
1593 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1594 .strength_bits = 256,
1595 .alg_bits = 256,
1596 },
1597
1598 /* Cipher C027 */
1599 {
1600 .valid = 1,
1601 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1602 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1603 .algorithm_mkey = SSL_kECDHE,
1604 .algorithm_auth = SSL_aRSA,
1605 .algorithm_enc = SSL_AES128,
1606 .algorithm_mac = SSL_SHA256,
1607 .algorithm_ssl = SSL_TLSV1_2,
1608 .algo_strength = SSL_HIGH,
1609 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1610 .strength_bits = 128,
1611 .alg_bits = 128,
1612 },
1613
1614 /* Cipher C028 */
1615 {
1616 .valid = 1,
1617 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1618 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1619 .algorithm_mkey = SSL_kECDHE,
1620 .algorithm_auth = SSL_aRSA,
1621 .algorithm_enc = SSL_AES256,
1622 .algorithm_mac = SSL_SHA384,
1623 .algorithm_ssl = SSL_TLSV1_2,
1624 .algo_strength = SSL_HIGH,
1625 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1626 .strength_bits = 256,
1627 .alg_bits = 256,
1628 },
1629
1630 /* Cipher C029 */
1631 {
1632 .valid = 1,
1633 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
1634 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
1635 .algorithm_mkey = SSL_kECDHr,
1636 .algorithm_auth = SSL_aECDH,
1637 .algorithm_enc = SSL_AES128,
1638 .algorithm_mac = SSL_SHA256,
1639 .algorithm_ssl = SSL_TLSV1_2,
1640 .algo_strength = SSL_HIGH,
1641 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1642 .strength_bits = 128,
1643 .alg_bits = 128,
1644 },
1645
1646 /* Cipher C02A */
1647 {
1648 .valid = 1,
1649 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
1650 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
1651 .algorithm_mkey = SSL_kECDHr,
1652 .algorithm_auth = SSL_aECDH,
1653 .algorithm_enc = SSL_AES256,
1654 .algorithm_mac = SSL_SHA384,
1655 .algorithm_ssl = SSL_TLSV1_2,
1656 .algo_strength = SSL_HIGH,
1657 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1658 .strength_bits = 256,
1659 .alg_bits = 256,
1660 },
1661
1662 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
1663
1664 /* Cipher C02B */
1665 {
1666 .valid = 1,
1667 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1668 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1669 .algorithm_mkey = SSL_kECDHE,
1670 .algorithm_auth = SSL_aECDSA,
1671 .algorithm_enc = SSL_AES128GCM,
1672 .algorithm_mac = SSL_AEAD,
1673 .algorithm_ssl = SSL_TLSV1_2,
1674 .algo_strength = SSL_HIGH,
1675 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1676 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1677 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1678 .strength_bits = 128,
1679 .alg_bits = 128,
1680 },
1681
1682 /* Cipher C02C */
1683 {
1684 .valid = 1,
1685 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1686 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1687 .algorithm_mkey = SSL_kECDHE,
1688 .algorithm_auth = SSL_aECDSA,
1689 .algorithm_enc = SSL_AES256GCM,
1690 .algorithm_mac = SSL_AEAD,
1691 .algorithm_ssl = SSL_TLSV1_2,
1692 .algo_strength = SSL_HIGH,
1693 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1694 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1695 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1696 .strength_bits = 256,
1697 .alg_bits = 256,
1698 },
1699
1700 /* Cipher C02D */
1701 {
1702 .valid = 1,
1703 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1704 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1705 .algorithm_mkey = SSL_kECDHe,
1706 .algorithm_auth = SSL_aECDH,
1707 .algorithm_enc = SSL_AES128GCM,
1708 .algorithm_mac = SSL_AEAD,
1709 .algorithm_ssl = SSL_TLSV1_2,
1710 .algo_strength = SSL_HIGH,
1711 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1712 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1713 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1714 .strength_bits = 128,
1715 .alg_bits = 128,
1716 },
1717
1718 /* Cipher C02E */
1719 {
1720 .valid = 1,
1721 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1722 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1723 .algorithm_mkey = SSL_kECDHe,
1724 .algorithm_auth = SSL_aECDH,
1725 .algorithm_enc = SSL_AES256GCM,
1726 .algorithm_mac = SSL_AEAD,
1727 .algorithm_ssl = SSL_TLSV1_2,
1728 .algo_strength = SSL_HIGH,
1729 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1730 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1731 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1732 .strength_bits = 256,
1733 .alg_bits = 256,
1734 },
1735
1736 /* Cipher C02F */
1737 {
1738 .valid = 1,
1739 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1740 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1741 .algorithm_mkey = SSL_kECDHE,
1742 .algorithm_auth = SSL_aRSA,
1743 .algorithm_enc = SSL_AES128GCM,
1744 .algorithm_mac = SSL_AEAD,
1745 .algorithm_ssl = SSL_TLSV1_2,
1746 .algo_strength = SSL_HIGH,
1747 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1748 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1749 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1750 .strength_bits = 128,
1751 .alg_bits = 128,
1752 },
1753
1754 /* Cipher C030 */
1755 {
1756 .valid = 1,
1757 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1758 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1759 .algorithm_mkey = SSL_kECDHE,
1760 .algorithm_auth = SSL_aRSA,
1761 .algorithm_enc = SSL_AES256GCM,
1762 .algorithm_mac = SSL_AEAD,
1763 .algorithm_ssl = SSL_TLSV1_2,
1764 .algo_strength = SSL_HIGH,
1765 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1766 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1767 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1768 .strength_bits = 256,
1769 .alg_bits = 256,
1770 },
1771
1772 /* Cipher C031 */
1773 {
1774 .valid = 1,
1775 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1776 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1777 .algorithm_mkey = SSL_kECDHr,
1778 .algorithm_auth = SSL_aECDH,
1779 .algorithm_enc = SSL_AES128GCM,
1780 .algorithm_mac = SSL_AEAD,
1781 .algorithm_ssl = SSL_TLSV1_2,
1782 .algo_strength = SSL_HIGH,
1783 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1784 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1785 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1786 .strength_bits = 128,
1787 .alg_bits = 128,
1788 },
1789
1790 /* Cipher C032 */
1791 {
1792 .valid = 1,
1793 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1794 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1795 .algorithm_mkey = SSL_kECDHr,
1796 .algorithm_auth = SSL_aECDH,
1797 .algorithm_enc = SSL_AES256GCM,
1798 .algorithm_mac = SSL_AEAD,
1799 .algorithm_ssl = SSL_TLSV1_2,
1800 .algo_strength = SSL_HIGH,
1801 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1802 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1803 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1804 .strength_bits = 256,
1805 .alg_bits = 256,
1806 },
1807
1808#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1809 /* Cipher CC13 */
1810 {
1811 .valid = 1,
1812 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1813 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
1814 .algorithm_mkey = SSL_kECDHE,
1815 .algorithm_auth = SSL_aRSA,
1816 .algorithm_enc = SSL_CHACHA20POLY1305,
1817 .algorithm_mac = SSL_AEAD,
1818 .algorithm_ssl = SSL_TLSV1_2,
1819 .algo_strength = SSL_HIGH,
1820 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1821 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1822 .strength_bits = 256,
1823 .alg_bits = 0,
1824 },
1825
1826 /* Cipher CC14 */
1827 {
1828 .valid = 1,
1829 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1830 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
1831 .algorithm_mkey = SSL_kECDHE,
1832 .algorithm_auth = SSL_aECDSA,
1833 .algorithm_enc = SSL_CHACHA20POLY1305,
1834 .algorithm_mac = SSL_AEAD,
1835 .algorithm_ssl = SSL_TLSV1_2,
1836 .algo_strength = SSL_HIGH,
1837 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1838 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1839 .strength_bits = 256,
1840 .alg_bits = 0,
1841 },
1842
1843 /* Cipher CC15 */
1844 {
1845 .valid = 1,
1846 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1847 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
1848 .algorithm_mkey = SSL_kDHE,
1849 .algorithm_auth = SSL_aRSA,
1850 .algorithm_enc = SSL_CHACHA20POLY1305,
1851 .algorithm_mac = SSL_AEAD,
1852 .algorithm_ssl = SSL_TLSV1_2,
1853 .algo_strength = SSL_HIGH,
1854 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1855 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1856 .strength_bits = 256,
1857 .alg_bits = 0,
1858 },
1859#endif
1860
1861 /* Cipher FF85 FIXME IANA */
1862 {
1863 .valid = 1,
1864 .name = "GOST2012256-GOST89-GOST89",
1865 .id = 0x300ff85, /* FIXME IANA */
1866 .algorithm_mkey = SSL_kGOST,
1867 .algorithm_auth = SSL_aGOST01,
1868 .algorithm_enc = SSL_eGOST2814789CNT,
1869 .algorithm_mac = SSL_GOST89MAC,
1870 .algorithm_ssl = SSL_TLSV1,
1871 .algo_strength = SSL_HIGH,
1872 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
1873 TLS1_STREAM_MAC,
1874 .strength_bits = 256,
1875 .alg_bits = 256
1876 },
1877
1878 /* Cipher FF87 FIXME IANA */
1879 {
1880 .valid = 1,
1881 .name = "GOST2012256-NULL-STREEBOG256",
1882 .id = 0x300ff87, /* FIXME IANA */
1883 .algorithm_mkey = SSL_kGOST,
1884 .algorithm_auth = SSL_aGOST01,
1885 .algorithm_enc = SSL_eNULL,
1886 .algorithm_mac = SSL_STREEBOG256,
1887 .algorithm_ssl = SSL_TLSV1,
1888 .algo_strength = SSL_STRONG_NONE,
1889 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
1890 .strength_bits = 0,
1891 .alg_bits = 0
1892 },
1893
1894
1895 /* end of list */
1896};
1897
1898SSL3_ENC_METHOD SSLv3_enc_data = {
1899 .enc = ssl3_enc,
1900 .mac = n_ssl3_mac,
1901 .setup_key_block = ssl3_setup_key_block,
1902 .generate_master_secret = ssl3_generate_master_secret,
1903 .change_cipher_state = ssl3_change_cipher_state,
1904 .final_finish_mac = ssl3_final_finish_mac,
1905 .finish_mac_length = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
1906 .cert_verify_mac = ssl3_cert_verify_mac,
1907 .client_finished_label = SSL3_MD_CLIENT_FINISHED_CONST,
1908 .client_finished_label_len = 4,
1909 .server_finished_label = SSL3_MD_SERVER_FINISHED_CONST,
1910 .server_finished_label_len = 4,
1911 .alert_value = ssl3_alert_code,
1912 .export_keying_material = (int (*)(SSL *, unsigned char *, size_t,
1913 const char *, size_t, const unsigned char *, size_t,
1914 int use_context))ssl_undefined_function,
1915 .enc_flags = 0,
1916};
1917
1918long
1919ssl3_default_timeout(void)
1920{
1921 /*
1922 * 2 hours, the 24 hours mentioned in the SSLv3 spec
1923 * is way too long for http, the cache would over fill
1924 */
1925 return (60 * 60 * 2);
1926}
1927
1928int
1929ssl3_num_ciphers(void)
1930{
1931 return (SSL3_NUM_CIPHERS);
1932}
1933
1934const SSL_CIPHER *
1935ssl3_get_cipher(unsigned int u)
1936{
1937 if (u < SSL3_NUM_CIPHERS)
1938 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
1939 else
1940 return (NULL);
1941}
1942
1943const SSL_CIPHER *
1944ssl3_get_cipher_by_id(unsigned int id)
1945{
1946 const SSL_CIPHER *cp;
1947 SSL_CIPHER c;
1948
1949 c.id = id;
1950 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
1951 if (cp != NULL && cp->valid == 1)
1952 return (cp);
1953
1954 return (NULL);
1955}
1956
1957const SSL_CIPHER *
1958ssl3_get_cipher_by_value(uint16_t value)
1959{
1960 return ssl3_get_cipher_by_id(SSL3_CK_ID | value);
1961}
1962
1963uint16_t
1964ssl3_cipher_get_value(const SSL_CIPHER *c)
1965{
1966 return (c->id & SSL3_CK_VALUE_MASK);
1967}
1968
1969int
1970ssl3_pending(const SSL *s)
1971{
1972 if (s->rstate == SSL_ST_READ_BODY)
1973 return 0;
1974
1975 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
1976 s->s3->rrec.length : 0;
1977}
1978
1979unsigned char *
1980ssl3_handshake_msg_start(SSL *s, uint8_t msg_type)
1981{
1982 unsigned char *d, *p;
1983 int hdr_len;
1984
1985 d = p = (unsigned char *)s->init_buf->data;
1986
1987 hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
1988 SSL3_HM_HEADER_LENGTH;
1989
1990 /* Handshake message type and length. */
1991 *(p++) = msg_type;
1992 l2n3(0, p);
1993
1994 return (d + hdr_len);
1995}
1996
1997void
1998ssl3_handshake_msg_finish(SSL *s, unsigned int len)
1999{
2000 unsigned char *d, *p;
2001 uint8_t msg_type;
2002 int hdr_len;
2003
2004 d = p = (unsigned char *)s->init_buf->data;
2005
2006 hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
2007 SSL3_HM_HEADER_LENGTH;
2008
2009 /* Handshake message length. */
2010 msg_type = *(p++);
2011 l2n3(len, p);
2012
2013 s->init_num = hdr_len + (int)len;
2014 s->init_off = 0;
2015
2016 if (SSL_IS_DTLS(s)) {
2017 dtls1_set_message_header(s, d, msg_type, len, 0, len);
2018 dtls1_buffer_message(s, 0);
2019 }
2020}
2021
2022int
2023ssl3_handshake_write(SSL *s)
2024{
2025 if (SSL_IS_DTLS(s))
2026 return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
2027
2028 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2029}
2030
2031int
2032ssl3_new(SSL *s)
2033{
2034 SSL3_STATE *s3;
2035
2036 if ((s3 = calloc(1, sizeof *s3)) == NULL)
2037 goto err;
2038 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2039 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2040
2041 s->s3 = s3;
2042
2043 s->method->ssl_clear(s);
2044 return (1);
2045err:
2046 return (0);
2047}
2048
2049void
2050ssl3_free(SSL *s)
2051{
2052 if (s == NULL)
2053 return;
2054
2055 ssl3_cleanup_key_block(s);
2056 ssl3_release_read_buffer(s);
2057 ssl3_release_write_buffer(s);
2058
2059 DH_free(s->s3->tmp.dh);
2060 EC_KEY_free(s->s3->tmp.ecdh);
2061
2062 if (s->s3->tmp.ca_names != NULL)
2063 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2064 BIO_free(s->s3->handshake_buffer);
2065 ssl3_free_digest_list(s);
2066 free(s->s3->alpn_selected);
2067
2068 OPENSSL_cleanse(s->s3, sizeof *s->s3);
2069 free(s->s3);
2070 s->s3 = NULL;
2071}
2072
2073void
2074ssl3_clear(SSL *s)
2075{
2076 unsigned char *rp, *wp;
2077 size_t rlen, wlen;
2078 int init_extra;
2079
2080 ssl3_cleanup_key_block(s);
2081 if (s->s3->tmp.ca_names != NULL)
2082 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2083
2084 DH_free(s->s3->tmp.dh);
2085 s->s3->tmp.dh = NULL;
2086 EC_KEY_free(s->s3->tmp.ecdh);
2087 s->s3->tmp.ecdh = NULL;
2088
2089 s->s3->is_probably_safari = 0;
2090
2091 rp = s->s3->rbuf.buf;
2092 wp = s->s3->wbuf.buf;
2093 rlen = s->s3->rbuf.len;
2094 wlen = s->s3->wbuf.len;
2095 init_extra = s->s3->init_extra;
2096
2097 BIO_free(s->s3->handshake_buffer);
2098 s->s3->handshake_buffer = NULL;
2099
2100 ssl3_free_digest_list(s);
2101
2102 free(s->s3->alpn_selected);
2103 s->s3->alpn_selected = NULL;
2104
2105 memset(s->s3, 0, sizeof *s->s3);
2106 s->s3->rbuf.buf = rp;
2107 s->s3->wbuf.buf = wp;
2108 s->s3->rbuf.len = rlen;
2109 s->s3->wbuf.len = wlen;
2110 s->s3->init_extra = init_extra;
2111
2112 ssl_free_wbio_buffer(s);
2113
2114 s->packet_length = 0;
2115 s->s3->renegotiate = 0;
2116 s->s3->total_renegotiations = 0;
2117 s->s3->num_renegotiations = 0;
2118 s->s3->in_read_app_data = 0;
2119 s->version = SSL3_VERSION;
2120
2121 free(s->next_proto_negotiated);
2122 s->next_proto_negotiated = NULL;
2123 s->next_proto_negotiated_len = 0;
2124}
2125
2126
2127long
2128ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2129{
2130 int ret = 0;
2131
2132 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
2133 if (!ssl_cert_inst(&s->cert)) {
2134 SSLerr(SSL_F_SSL3_CTRL,
2135 ERR_R_MALLOC_FAILURE);
2136 return (0);
2137 }
2138 }
2139
2140 switch (cmd) {
2141 case SSL_CTRL_GET_SESSION_REUSED:
2142 ret = s->hit;
2143 break;
2144 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2145 break;
2146 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2147 ret = s->s3->num_renegotiations;
2148 break;
2149 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2150 ret = s->s3->num_renegotiations;
2151 s->s3->num_renegotiations = 0;
2152 break;
2153 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2154 ret = s->s3->total_renegotiations;
2155 break;
2156 case SSL_CTRL_GET_FLAGS:
2157 ret = (int)(s->s3->flags);
2158 break;
2159 case SSL_CTRL_NEED_TMP_RSA:
2160 ret = 0;
2161 break;
2162 case SSL_CTRL_SET_TMP_RSA:
2163 case SSL_CTRL_SET_TMP_RSA_CB:
2164 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2165 break;
2166 case SSL_CTRL_SET_TMP_DH:
2167 {
2168 DH *dh = (DH *)parg;
2169 if (dh == NULL) {
2170 SSLerr(SSL_F_SSL3_CTRL,
2171 ERR_R_PASSED_NULL_PARAMETER);
2172 return (ret);
2173 }
2174 if ((dh = DHparams_dup(dh)) == NULL) {
2175 SSLerr(SSL_F_SSL3_CTRL,
2176 ERR_R_DH_LIB);
2177 return (ret);
2178 }
2179 if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
2180 if (!DH_generate_key(dh)) {
2181 DH_free(dh);
2182 SSLerr(SSL_F_SSL3_CTRL,
2183 ERR_R_DH_LIB);
2184 return (ret);
2185 }
2186 }
2187 DH_free(s->cert->dh_tmp);
2188 s->cert->dh_tmp = dh;
2189 ret = 1;
2190 }
2191 break;
2192
2193 case SSL_CTRL_SET_TMP_DH_CB:
2194 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2195 return (ret);
2196
2197 case SSL_CTRL_SET_DH_AUTO:
2198 s->cert->dh_tmp_auto = larg;
2199 return 1;
2200
2201 case SSL_CTRL_SET_TMP_ECDH:
2202 {
2203 EC_KEY *ecdh = NULL;
2204
2205 if (parg == NULL) {
2206 SSLerr(SSL_F_SSL3_CTRL,
2207 ERR_R_PASSED_NULL_PARAMETER);
2208 return (ret);
2209 }
2210 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
2211 SSLerr(SSL_F_SSL3_CTRL,
2212 ERR_R_ECDH_LIB);
2213 return (ret);
2214 }
2215 ecdh = (EC_KEY *)parg;
2216 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
2217 if (!EC_KEY_generate_key(ecdh)) {
2218 EC_KEY_free(ecdh);
2219 SSLerr(SSL_F_SSL3_CTRL,
2220 ERR_R_ECDH_LIB);
2221 return (ret);
2222 }
2223 }
2224 EC_KEY_free(s->cert->ecdh_tmp);
2225 s->cert->ecdh_tmp = ecdh;
2226 ret = 1;
2227 }
2228 break;
2229 case SSL_CTRL_SET_TMP_ECDH_CB:
2230 {
2231 SSLerr(SSL_F_SSL3_CTRL,
2232 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2233 return (ret);
2234 }
2235 break;
2236 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2237 if (larg == TLSEXT_NAMETYPE_host_name) {
2238 free(s->tlsext_hostname);
2239 s->tlsext_hostname = NULL;
2240
2241 ret = 1;
2242 if (parg == NULL)
2243 break;
2244 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
2245 SSLerr(SSL_F_SSL3_CTRL,
2246 SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2247 return 0;
2248 }
2249 if ((s->tlsext_hostname = strdup((char *)parg))
2250 == NULL) {
2251 SSLerr(SSL_F_SSL3_CTRL,
2252 ERR_R_INTERNAL_ERROR);
2253 return 0;
2254 }
2255 } else {
2256 SSLerr(SSL_F_SSL3_CTRL,
2257 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2258 return 0;
2259 }
2260 break;
2261 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2262 s->tlsext_debug_arg = parg;
2263 ret = 1;
2264 break;
2265
2266 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2267 s->tlsext_status_type = larg;
2268 ret = 1;
2269 break;
2270
2271 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2272 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2273 ret = 1;
2274 break;
2275
2276 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2277 s->tlsext_ocsp_exts = parg;
2278 ret = 1;
2279 break;
2280
2281 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2282 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2283 ret = 1;
2284 break;
2285
2286 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2287 s->tlsext_ocsp_ids = parg;
2288 ret = 1;
2289 break;
2290
2291 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2292 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2293 return s->tlsext_ocsp_resplen;
2294
2295 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2296 free(s->tlsext_ocsp_resp);
2297 s->tlsext_ocsp_resp = parg;
2298 s->tlsext_ocsp_resplen = larg;
2299 ret = 1;
2300 break;
2301
2302 case SSL_CTRL_SET_ECDH_AUTO:
2303 s->cert->ecdh_tmp_auto = larg;
2304 ret = 1;
2305 break;
2306
2307 default:
2308 break;
2309 }
2310 return (ret);
2311}
2312
2313long
2314ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2315{
2316 int ret = 0;
2317
2318 if (cmd == SSL_CTRL_SET_TMP_DH_CB) {
2319 if (!ssl_cert_inst(&s->cert)) {
2320 SSLerr(SSL_F_SSL3_CALLBACK_CTRL,
2321 ERR_R_MALLOC_FAILURE);
2322 return (0);
2323 }
2324 }
2325
2326 switch (cmd) {
2327 case SSL_CTRL_SET_TMP_RSA_CB:
2328 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2329 break;
2330 case SSL_CTRL_SET_TMP_DH_CB:
2331 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2332 break;
2333 case SSL_CTRL_SET_TMP_ECDH_CB:
2334 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2335 break;
2336 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2337 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
2338 unsigned char *, int, void *))fp;
2339 break;
2340 default:
2341 break;
2342 }
2343 return (ret);
2344}
2345
2346long
2347ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2348{
2349 CERT *cert;
2350
2351 cert = ctx->cert;
2352
2353 switch (cmd) {
2354 case SSL_CTRL_NEED_TMP_RSA:
2355 return (0);
2356 case SSL_CTRL_SET_TMP_RSA:
2357 case SSL_CTRL_SET_TMP_RSA_CB:
2358 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2359 return (0);
2360 case SSL_CTRL_SET_TMP_DH:
2361 {
2362 DH *new = NULL, *dh;
2363
2364 dh = (DH *)parg;
2365 if ((new = DHparams_dup(dh)) == NULL) {
2366 SSLerr(SSL_F_SSL3_CTX_CTRL,
2367 ERR_R_DH_LIB);
2368 return 0;
2369 }
2370 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
2371 if (!DH_generate_key(new)) {
2372 SSLerr(SSL_F_SSL3_CTX_CTRL,
2373 ERR_R_DH_LIB);
2374 DH_free(new);
2375 return 0;
2376 }
2377 }
2378 DH_free(cert->dh_tmp);
2379 cert->dh_tmp = new;
2380 return 1;
2381 }
2382 /*break; */
2383
2384 case SSL_CTRL_SET_TMP_DH_CB:
2385 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2386 return (0);
2387
2388 case SSL_CTRL_SET_DH_AUTO:
2389 ctx->cert->dh_tmp_auto = larg;
2390 return (1);
2391
2392 case SSL_CTRL_SET_TMP_ECDH:
2393 {
2394 EC_KEY *ecdh = NULL;
2395
2396 if (parg == NULL) {
2397 SSLerr(SSL_F_SSL3_CTX_CTRL,
2398 ERR_R_ECDH_LIB);
2399 return 0;
2400 }
2401 ecdh = EC_KEY_dup((EC_KEY *)parg);
2402 if (ecdh == NULL) {
2403 SSLerr(SSL_F_SSL3_CTX_CTRL,
2404 ERR_R_EC_LIB);
2405 return 0;
2406 }
2407 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
2408 if (!EC_KEY_generate_key(ecdh)) {
2409 EC_KEY_free(ecdh);
2410 SSLerr(SSL_F_SSL3_CTX_CTRL,
2411 ERR_R_ECDH_LIB);
2412 return 0;
2413 }
2414 }
2415
2416 EC_KEY_free(cert->ecdh_tmp);
2417 cert->ecdh_tmp = ecdh;
2418 return 1;
2419 }
2420 /* break; */
2421 case SSL_CTRL_SET_TMP_ECDH_CB:
2422 {
2423 SSLerr(SSL_F_SSL3_CTX_CTRL,
2424 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2425 return (0);
2426 }
2427 break;
2428 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2429 ctx->tlsext_servername_arg = parg;
2430 break;
2431 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2432 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2433 {
2434 unsigned char *keys = parg;
2435 if (!keys)
2436 return 48;
2437 if (larg != 48) {
2438 SSLerr(SSL_F_SSL3_CTX_CTRL,
2439 SSL_R_INVALID_TICKET_KEYS_LENGTH);
2440 return 0;
2441 }
2442 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
2443 memcpy(ctx->tlsext_tick_key_name, keys, 16);
2444 memcpy(ctx->tlsext_tick_hmac_key,
2445 keys + 16, 16);
2446 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2447 } else {
2448 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2449 memcpy(keys + 16,
2450 ctx->tlsext_tick_hmac_key, 16);
2451 memcpy(keys + 32,
2452 ctx->tlsext_tick_aes_key, 16);
2453 }
2454 return 1;
2455 }
2456
2457 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2458 ctx->tlsext_status_arg = parg;
2459 return 1;
2460 break;
2461
2462 case SSL_CTRL_SET_ECDH_AUTO:
2463 ctx->cert->ecdh_tmp_auto = larg;
2464 return 1;
2465
2466 /* A Thawte special :-) */
2467 case SSL_CTRL_EXTRA_CHAIN_CERT:
2468 if (ctx->extra_certs == NULL) {
2469 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
2470 return (0);
2471 }
2472 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2473 break;
2474
2475 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
2476 *(STACK_OF(X509) **)parg = ctx->extra_certs;
2477 break;
2478
2479 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
2480 if (ctx->extra_certs) {
2481 sk_X509_pop_free(ctx->extra_certs, X509_free);
2482 ctx->extra_certs = NULL;
2483 }
2484 break;
2485
2486 default:
2487 return (0);
2488 }
2489 return (1);
2490}
2491
2492long
2493ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2494{
2495 CERT *cert;
2496
2497 cert = ctx->cert;
2498
2499 switch (cmd) {
2500 case SSL_CTRL_SET_TMP_RSA_CB:
2501 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2502 return (0);
2503 case SSL_CTRL_SET_TMP_DH_CB:
2504 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2505 break;
2506 case SSL_CTRL_SET_TMP_ECDH_CB:
2507 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2508 break;
2509 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2510 ctx->tlsext_servername_callback =
2511 (int (*)(SSL *, int *, void *))fp;
2512 break;
2513
2514 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2515 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
2516 break;
2517
2518 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2519 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
2520 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
2521 break;
2522
2523 default:
2524 return (0);
2525 }
2526 return (1);
2527}
2528
2529/*
2530 * This function needs to check if the ciphers required are actually available.
2531 */
2532const SSL_CIPHER *
2533ssl3_get_cipher_by_char(const unsigned char *p)
2534{
2535 uint16_t cipher_value;
2536
2537 n2s(p, cipher_value);
2538 return ssl3_get_cipher_by_value(cipher_value);
2539}
2540
2541int
2542ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2543{
2544 if (p != NULL) {
2545 if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID)
2546 return (0);
2547 s2n(ssl3_cipher_get_value(c), p);
2548 }
2549 return (2);
2550}
2551
2552SSL_CIPHER *
2553ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2554 STACK_OF(SSL_CIPHER) *srvr)
2555{
2556 unsigned long alg_k, alg_a, mask_k, mask_a;
2557 STACK_OF(SSL_CIPHER) *prio, *allow;
2558 SSL_CIPHER *c, *ret = NULL;
2559 int i, ii, ok;
2560 CERT *cert;
2561
2562 /* Let's see which ciphers we can support */
2563 cert = s->cert;
2564
2565 /*
2566 * Do not set the compare functions, because this may lead to a
2567 * reordering by "id". We want to keep the original ordering.
2568 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2569 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2570 */
2571
2572 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
2573 prio = srvr;
2574 allow = clnt;
2575 } else {
2576 prio = clnt;
2577 allow = srvr;
2578 }
2579
2580 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
2581 c = sk_SSL_CIPHER_value(prio, i);
2582
2583 /* Skip TLS v1.2 only ciphersuites if not supported. */
2584 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
2585 !SSL_USE_TLS1_2_CIPHERS(s))
2586 continue;
2587
2588 ssl_set_cert_masks(cert, c);
2589 mask_k = cert->mask_k;
2590 mask_a = cert->mask_a;
2591
2592 alg_k = c->algorithm_mkey;
2593 alg_a = c->algorithm_auth;
2594
2595
2596 ok = (alg_k & mask_k) && (alg_a & mask_a);
2597
2598 /*
2599 * If we are considering an ECC cipher suite that uses our
2600 * certificate check it.
2601 */
2602 if (alg_a & (SSL_aECDSA|SSL_aECDH))
2603 ok = ok && tls1_check_ec_server_key(s);
2604 /*
2605 * If we are considering an ECC cipher suite that uses
2606 * an ephemeral EC key check it.
2607 */
2608 if (alg_k & SSL_kECDHE)
2609 ok = ok && tls1_check_ec_tmp_key(s);
2610
2611 if (!ok)
2612 continue;
2613 ii = sk_SSL_CIPHER_find(allow, c);
2614 if (ii >= 0) {
2615 if ((alg_k & SSL_kECDHE) &&
2616 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
2617 if (!ret)
2618 ret = sk_SSL_CIPHER_value(allow, ii);
2619 continue;
2620 }
2621 ret = sk_SSL_CIPHER_value(allow, ii);
2622 break;
2623 }
2624 }
2625 return (ret);
2626}
2627
2628int
2629ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2630{
2631 int ret = 0;
2632 unsigned long alg_k;
2633
2634 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2635
2636#ifndef OPENSSL_NO_GOST
2637 if ((alg_k & SSL_kGOST) && (s->version >= TLS1_VERSION)) {
2638 p[ret++] = TLS_CT_GOST94_SIGN;
2639 p[ret++] = TLS_CT_GOST01_SIGN;
2640 p[ret++] = TLS_CT_GOST12_256_SIGN;
2641 p[ret++] = TLS_CT_GOST12_512_SIGN;
2642 }
2643#endif
2644
2645 if (alg_k & SSL_kDHE) {
2646 p[ret++] = SSL3_CT_RSA_FIXED_DH;
2647 p[ret++] = SSL3_CT_DSS_FIXED_DH;
2648 }
2649 if (s->version == SSL3_VERSION && (alg_k & SSL_kDHE)) {
2650 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
2651 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
2652 }
2653 p[ret++] = SSL3_CT_RSA_SIGN;
2654 p[ret++] = SSL3_CT_DSS_SIGN;
2655 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
2656 p[ret++] = TLS_CT_RSA_FIXED_ECDH;
2657 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
2658 }
2659
2660 /*
2661 * ECDSA certs can be used with RSA cipher suites as well
2662 * so we don't need to check for SSL_kECDH or SSL_kECDHE
2663 */
2664 if (s->version >= TLS1_VERSION) {
2665 p[ret++] = TLS_CT_ECDSA_SIGN;
2666 }
2667 return (ret);
2668}
2669
2670int
2671ssl3_shutdown(SSL *s)
2672{
2673 int ret;
2674
2675 /*
2676 * Don't do anything much if we have not done the handshake or
2677 * we don't want to send messages :-)
2678 */
2679 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
2680 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2681 return (1);
2682 }
2683
2684 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
2685 s->shutdown|=SSL_SENT_SHUTDOWN;
2686 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2687 /*
2688 * Our shutdown alert has been sent now, and if it still needs
2689 * to be written, s->s3->alert_dispatch will be true
2690 */
2691 if (s->s3->alert_dispatch)
2692 return(-1); /* return WANT_WRITE */
2693 } else if (s->s3->alert_dispatch) {
2694 /* resend it if not sent */
2695 ret = s->method->ssl_dispatch_alert(s);
2696 if (ret == -1) {
2697 /*
2698 * We only get to return -1 here the 2nd/Nth
2699 * invocation, we must have already signalled
2700 * return 0 upon a previous invoation,
2701 * return WANT_WRITE
2702 */
2703 return (ret);
2704 }
2705 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2706 /* If we are waiting for a close from our peer, we are closed */
2707 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
2708 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2709 return(-1); /* return WANT_READ */
2710 }
2711 }
2712
2713 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2714 !s->s3->alert_dispatch)
2715 return (1);
2716 else
2717 return (0);
2718}
2719
2720int
2721ssl3_write(SSL *s, const void *buf, int len)
2722{
2723 int ret, n;
2724
2725#if 0
2726 if (s->shutdown & SSL_SEND_SHUTDOWN) {
2727 s->rwstate = SSL_NOTHING;
2728 return (0);
2729 }
2730#endif
2731 errno = 0;
2732 if (s->s3->renegotiate)
2733 ssl3_renegotiate_check(s);
2734
2735 /*
2736 * This is an experimental flag that sends the
2737 * last handshake message in the same packet as the first
2738 * use data - used to see if it helps the TCP protocol during
2739 * session-id reuse
2740 */
2741 /* The second test is because the buffer may have been removed */
2742 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
2743 /* First time through, we write into the buffer */
2744 if (s->s3->delay_buf_pop_ret == 0) {
2745 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2746 buf, len);
2747 if (ret <= 0)
2748 return (ret);
2749
2750 s->s3->delay_buf_pop_ret = ret;
2751 }
2752
2753 s->rwstate = SSL_WRITING;
2754 n = BIO_flush(s->wbio);
2755 if (n <= 0)
2756 return (n);
2757 s->rwstate = SSL_NOTHING;
2758
2759 /* We have flushed the buffer, so remove it */
2760 ssl_free_wbio_buffer(s);
2761 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
2762
2763 ret = s->s3->delay_buf_pop_ret;
2764 s->s3->delay_buf_pop_ret = 0;
2765 } else {
2766 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2767 buf, len);
2768 if (ret <= 0)
2769 return (ret);
2770 }
2771
2772 return (ret);
2773}
2774
2775static int
2776ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2777{
2778 int ret;
2779
2780 errno = 0;
2781 if (s->s3->renegotiate)
2782 ssl3_renegotiate_check(s);
2783 s->s3->in_read_app_data = 1;
2784 ret = s->method->ssl_read_bytes(s,
2785 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2786 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
2787 /*
2788 * ssl3_read_bytes decided to call s->handshake_func, which
2789 * called ssl3_read_bytes to read handshake data.
2790 * However, ssl3_read_bytes actually found application data
2791 * and thinks that application data makes sense here; so disable
2792 * handshake processing and try to read application data again.
2793 */
2794 s->in_handshake++;
2795 ret = s->method->ssl_read_bytes(s,
2796 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2797 s->in_handshake--;
2798 } else
2799 s->s3->in_read_app_data = 0;
2800
2801 return (ret);
2802}
2803
2804int
2805ssl3_read(SSL *s, void *buf, int len)
2806{
2807 return ssl3_read_internal(s, buf, len, 0);
2808}
2809
2810int
2811ssl3_peek(SSL *s, void *buf, int len)
2812{
2813 return ssl3_read_internal(s, buf, len, 1);
2814}
2815
2816int
2817ssl3_renegotiate(SSL *s)
2818{
2819 if (s->handshake_func == NULL)
2820 return (1);
2821
2822 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2823 return (0);
2824
2825 s->s3->renegotiate = 1;
2826 return (1);
2827}
2828
2829int
2830ssl3_renegotiate_check(SSL *s)
2831{
2832 int ret = 0;
2833
2834 if (s->s3->renegotiate) {
2835 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
2836 !SSL_in_init(s)) {
2837 /*
2838 * If we are the server, and we have sent
2839 * a 'RENEGOTIATE' message, we need to go
2840 * to SSL_ST_ACCEPT.
2841 */
2842 /* SSL_ST_ACCEPT */
2843 s->state = SSL_ST_RENEGOTIATE;
2844 s->s3->renegotiate = 0;
2845 s->s3->num_renegotiations++;
2846 s->s3->total_renegotiations++;
2847 ret = 1;
2848 }
2849 }
2850 return (ret);
2851}
2852/*
2853 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
2854 * and handshake macs if required.
2855 */
2856long
2857ssl_get_algorithm2(SSL *s)
2858{
2859 long alg2 = s->s3->tmp.new_cipher->algorithm2;
2860
2861 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
2862 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
2863 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
2864 return alg2;
2865}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 06:25:52 +0000