search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sd: remove 'ssd' driver support
[unleashed/tickless.git] / lib / libssl / s3_lib.c
blob2f02999377ddb12d68527405d3162f9947ff1da0
1 /* $OpenBSD: s3_lib.c,v 1.138 2017/03/10 16:03:27 jsing Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58 /* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124 /* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151 #include <limits.h>
152 #include <stdio.h>
153
154 #include <openssl/bn.h>
155 #include <openssl/curve25519.h>
156 #include <openssl/dh.h>
157 #include <openssl/md5.h>
158 #include <openssl/objects.h>
159
160 #include "ssl_locl.h"
161 #include "bytestring.h"
162
163 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
164
165 /*
166 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the
167 * fixed nonce length in algorithms2. It is the inverse of the
168 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.
169 */
170 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
171
172 /* list of available SSLv3 ciphers (sorted by id) */
173 SSL_CIPHER ssl3_ciphers[] = {
174
175 /* The RSA ciphers */
176 /* Cipher 01 */
177 {
178 .valid = 1,
179 .name = SSL3_TXT_RSA_NULL_MD5,
180 .id = SSL3_CK_RSA_NULL_MD5,
181 .algorithm_mkey = SSL_kRSA,
182 .algorithm_auth = SSL_aRSA,
183 .algorithm_enc = SSL_eNULL,
184 .algorithm_mac = SSL_MD5,
185 .algorithm_ssl = SSL_SSLV3,
186 .algo_strength = SSL_STRONG_NONE,
187 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
188 .strength_bits = 0,
189 .alg_bits = 0,
190 },
191
192 /* Cipher 02 */
193 {
194 .valid = 1,
195 .name = SSL3_TXT_RSA_NULL_SHA,
196 .id = SSL3_CK_RSA_NULL_SHA,
197 .algorithm_mkey = SSL_kRSA,
198 .algorithm_auth = SSL_aRSA,
199 .algorithm_enc = SSL_eNULL,
200 .algorithm_mac = SSL_SHA1,
201 .algorithm_ssl = SSL_SSLV3,
202 .algo_strength = SSL_STRONG_NONE,
203 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
204 .strength_bits = 0,
205 .alg_bits = 0,
206 },
207
208 /* Cipher 04 */
209 {
210 .valid = 1,
211 .name = SSL3_TXT_RSA_RC4_128_MD5,
212 .id = SSL3_CK_RSA_RC4_128_MD5,
213 .algorithm_mkey = SSL_kRSA,
214 .algorithm_auth = SSL_aRSA,
215 .algorithm_enc = SSL_RC4,
216 .algorithm_mac = SSL_MD5,
217 .algorithm_ssl = SSL_SSLV3,
218 .algo_strength = SSL_LOW,
219 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
220 .strength_bits = 128,
221 .alg_bits = 128,
222 },
223
224 /* Cipher 05 */
225 {
226 .valid = 1,
227 .name = SSL3_TXT_RSA_RC4_128_SHA,
228 .id = SSL3_CK_RSA_RC4_128_SHA,
229 .algorithm_mkey = SSL_kRSA,
230 .algorithm_auth = SSL_aRSA,
231 .algorithm_enc = SSL_RC4,
232 .algorithm_mac = SSL_SHA1,
233 .algorithm_ssl = SSL_SSLV3,
234 .algo_strength = SSL_LOW,
235 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
236 .strength_bits = 128,
237 .alg_bits = 128,
238 },
239
240 /* Cipher 09 */
241 {
242 .valid = 1,
243 .name = SSL3_TXT_RSA_DES_64_CBC_SHA,
244 .id = SSL3_CK_RSA_DES_64_CBC_SHA,
245 .algorithm_mkey = SSL_kRSA,
246 .algorithm_auth = SSL_aRSA,
247 .algorithm_enc = SSL_DES,
248 .algorithm_mac = SSL_SHA1,
249 .algorithm_ssl = SSL_SSLV3,
250 .algo_strength = SSL_LOW,
251 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
252 .strength_bits = 56,
253 .alg_bits = 56,
254 },
255
256 /* Cipher 0A */
257 {
258 .valid = 1,
259 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
260 .id = SSL3_CK_RSA_DES_192_CBC3_SHA,
261 .algorithm_mkey = SSL_kRSA,
262 .algorithm_auth = SSL_aRSA,
263 .algorithm_enc = SSL_3DES,
264 .algorithm_mac = SSL_SHA1,
265 .algorithm_ssl = SSL_SSLV3,
266 .algo_strength = SSL_MEDIUM,
267 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
268 .strength_bits = 112,
269 .alg_bits = 168,
270 },
271
272 /*
273 * Ephemeral DH (DHE) ciphers.
274 */
275
276 /* Cipher 12 */
277 {
278 .valid = 1,
279 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
280 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
281 .algorithm_mkey = SSL_kDHE,
282 .algorithm_auth = SSL_aDSS,
283 .algorithm_enc = SSL_DES,
284 .algorithm_mac = SSL_SHA1,
285 .algorithm_ssl = SSL_SSLV3,
286 .algo_strength = SSL_LOW,
287 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
288 .strength_bits = 56,
289 .alg_bits = 56,
290 },
291
292 /* Cipher 13 */
293 {
294 .valid = 1,
295 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
296 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
297 .algorithm_mkey = SSL_kDHE,
298 .algorithm_auth = SSL_aDSS,
299 .algorithm_enc = SSL_3DES,
300 .algorithm_mac = SSL_SHA1,
301 .algorithm_ssl = SSL_SSLV3,
302 .algo_strength = SSL_MEDIUM,
303 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
304 .strength_bits = 112,
305 .alg_bits = 168,
306 },
307
308 /* Cipher 15 */
309 {
310 .valid = 1,
311 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
312 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
313 .algorithm_mkey = SSL_kDHE,
314 .algorithm_auth = SSL_aRSA,
315 .algorithm_enc = SSL_DES,
316 .algorithm_mac = SSL_SHA1,
317 .algorithm_ssl = SSL_SSLV3,
318 .algo_strength = SSL_LOW,
319 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
320 .strength_bits = 56,
321 .alg_bits = 56,
322 },
323
324 /* Cipher 16 */
325 {
326 .valid = 1,
327 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
328 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
329 .algorithm_mkey = SSL_kDHE,
330 .algorithm_auth = SSL_aRSA,
331 .algorithm_enc = SSL_3DES,
332 .algorithm_mac = SSL_SHA1,
333 .algorithm_ssl = SSL_SSLV3,
334 .algo_strength = SSL_MEDIUM,
335 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
336 .strength_bits = 112,
337 .alg_bits = 168,
338 },
339
340 /* Cipher 18 */
341 {
342 .valid = 1,
343 .name = SSL3_TXT_ADH_RC4_128_MD5,
344 .id = SSL3_CK_ADH_RC4_128_MD5,
345 .algorithm_mkey = SSL_kDHE,
346 .algorithm_auth = SSL_aNULL,
347 .algorithm_enc = SSL_RC4,
348 .algorithm_mac = SSL_MD5,
349 .algorithm_ssl = SSL_SSLV3,
350 .algo_strength = SSL_LOW,
351 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
352 .strength_bits = 128,
353 .alg_bits = 128,
354 },
355
356 /* Cipher 1A */
357 {
358 .valid = 1,
359 .name = SSL3_TXT_ADH_DES_64_CBC_SHA,
360 .id = SSL3_CK_ADH_DES_64_CBC_SHA,
361 .algorithm_mkey = SSL_kDHE,
362 .algorithm_auth = SSL_aNULL,
363 .algorithm_enc = SSL_DES,
364 .algorithm_mac = SSL_SHA1,
365 .algorithm_ssl = SSL_SSLV3,
366 .algo_strength = SSL_LOW,
367 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
368 .strength_bits = 56,
369 .alg_bits = 56,
370 },
371
372 /* Cipher 1B */
373 {
374 .valid = 1,
375 .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
376 .id = SSL3_CK_ADH_DES_192_CBC_SHA,
377 .algorithm_mkey = SSL_kDHE,
378 .algorithm_auth = SSL_aNULL,
379 .algorithm_enc = SSL_3DES,
380 .algorithm_mac = SSL_SHA1,
381 .algorithm_ssl = SSL_SSLV3,
382 .algo_strength = SSL_MEDIUM,
383 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
384 .strength_bits = 112,
385 .alg_bits = 168,
386 },
387
388 /*
389 * AES ciphersuites.
390 */
391
392 /* Cipher 2F */
393 {
394 .valid = 1,
395 .name = TLS1_TXT_RSA_WITH_AES_128_SHA,
396 .id = TLS1_CK_RSA_WITH_AES_128_SHA,
397 .algorithm_mkey = SSL_kRSA,
398 .algorithm_auth = SSL_aRSA,
399 .algorithm_enc = SSL_AES128,
400 .algorithm_mac = SSL_SHA1,
401 .algorithm_ssl = SSL_TLSV1,
402 .algo_strength = SSL_HIGH,
403 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
404 .strength_bits = 128,
405 .alg_bits = 128,
406 },
407
408 /* Cipher 32 */
409 {
410 .valid = 1,
411 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
412 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
413 .algorithm_mkey = SSL_kDHE,
414 .algorithm_auth = SSL_aDSS,
415 .algorithm_enc = SSL_AES128,
416 .algorithm_mac = SSL_SHA1,
417 .algorithm_ssl = SSL_TLSV1,
418 .algo_strength = SSL_HIGH,
419 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
420 .strength_bits = 128,
421 .alg_bits = 128,
422 },
423
424 /* Cipher 33 */
425 {
426 .valid = 1,
427 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
428 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
429 .algorithm_mkey = SSL_kDHE,
430 .algorithm_auth = SSL_aRSA,
431 .algorithm_enc = SSL_AES128,
432 .algorithm_mac = SSL_SHA1,
433 .algorithm_ssl = SSL_TLSV1,
434 .algo_strength = SSL_HIGH,
435 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
436 .strength_bits = 128,
437 .alg_bits = 128,
438 },
439
440 /* Cipher 34 */
441 {
442 .valid = 1,
443 .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
444 .id = TLS1_CK_ADH_WITH_AES_128_SHA,
445 .algorithm_mkey = SSL_kDHE,
446 .algorithm_auth = SSL_aNULL,
447 .algorithm_enc = SSL_AES128,
448 .algorithm_mac = SSL_SHA1,
449 .algorithm_ssl = SSL_TLSV1,
450 .algo_strength = SSL_HIGH,
451 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
452 .strength_bits = 128,
453 .alg_bits = 128,
454 },
455
456 /* Cipher 35 */
457 {
458 .valid = 1,
459 .name = TLS1_TXT_RSA_WITH_AES_256_SHA,
460 .id = TLS1_CK_RSA_WITH_AES_256_SHA,
461 .algorithm_mkey = SSL_kRSA,
462 .algorithm_auth = SSL_aRSA,
463 .algorithm_enc = SSL_AES256,
464 .algorithm_mac = SSL_SHA1,
465 .algorithm_ssl = SSL_TLSV1,
466 .algo_strength = SSL_HIGH,
467 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
468 .strength_bits = 256,
469 .alg_bits = 256,
470 },
471
472 /* Cipher 38 */
473 {
474 .valid = 1,
475 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
476 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
477 .algorithm_mkey = SSL_kDHE,
478 .algorithm_auth = SSL_aDSS,
479 .algorithm_enc = SSL_AES256,
480 .algorithm_mac = SSL_SHA1,
481 .algorithm_ssl = SSL_TLSV1,
482 .algo_strength = SSL_HIGH,
483 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
484 .strength_bits = 256,
485 .alg_bits = 256,
486 },
487
488 /* Cipher 39 */
489 {
490 .valid = 1,
491 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
492 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
493 .algorithm_mkey = SSL_kDHE,
494 .algorithm_auth = SSL_aRSA,
495 .algorithm_enc = SSL_AES256,
496 .algorithm_mac = SSL_SHA1,
497 .algorithm_ssl = SSL_TLSV1,
498 .algo_strength = SSL_HIGH,
499 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
500 .strength_bits = 256,
501 .alg_bits = 256,
502 },
503
504 /* Cipher 3A */
505 {
506 .valid = 1,
507 .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
508 .id = TLS1_CK_ADH_WITH_AES_256_SHA,
509 .algorithm_mkey = SSL_kDHE,
510 .algorithm_auth = SSL_aNULL,
511 .algorithm_enc = SSL_AES256,
512 .algorithm_mac = SSL_SHA1,
513 .algorithm_ssl = SSL_TLSV1,
514 .algo_strength = SSL_HIGH,
515 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
516 .strength_bits = 256,
517 .alg_bits = 256,
518 },
519
520 /* TLS v1.2 ciphersuites */
521 /* Cipher 3B */
522 {
523 .valid = 1,
524 .name = TLS1_TXT_RSA_WITH_NULL_SHA256,
525 .id = TLS1_CK_RSA_WITH_NULL_SHA256,
526 .algorithm_mkey = SSL_kRSA,
527 .algorithm_auth = SSL_aRSA,
528 .algorithm_enc = SSL_eNULL,
529 .algorithm_mac = SSL_SHA256,
530 .algorithm_ssl = SSL_TLSV1_2,
531 .algo_strength = SSL_STRONG_NONE,
532 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
533 .strength_bits = 0,
534 .alg_bits = 0,
535 },
536
537 /* Cipher 3C */
538 {
539 .valid = 1,
540 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256,
541 .id = TLS1_CK_RSA_WITH_AES_128_SHA256,
542 .algorithm_mkey = SSL_kRSA,
543 .algorithm_auth = SSL_aRSA,
544 .algorithm_enc = SSL_AES128,
545 .algorithm_mac = SSL_SHA256,
546 .algorithm_ssl = SSL_TLSV1_2,
547 .algo_strength = SSL_HIGH,
548 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
549 .strength_bits = 128,
550 .alg_bits = 128,
551 },
552
553 /* Cipher 3D */
554 {
555 .valid = 1,
556 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256,
557 .id = TLS1_CK_RSA_WITH_AES_256_SHA256,
558 .algorithm_mkey = SSL_kRSA,
559 .algorithm_auth = SSL_aRSA,
560 .algorithm_enc = SSL_AES256,
561 .algorithm_mac = SSL_SHA256,
562 .algorithm_ssl = SSL_TLSV1_2,
563 .algo_strength = SSL_HIGH,
564 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
565 .strength_bits = 256,
566 .alg_bits = 256,
567 },
568
569 /* Cipher 40 */
570 {
571 .valid = 1,
572 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
573 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
574 .algorithm_mkey = SSL_kDHE,
575 .algorithm_auth = SSL_aDSS,
576 .algorithm_enc = SSL_AES128,
577 .algorithm_mac = SSL_SHA256,
578 .algorithm_ssl = SSL_TLSV1_2,
579 .algo_strength = SSL_HIGH,
580 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
581 .strength_bits = 128,
582 .alg_bits = 128,
583 },
584
585 #ifndef OPENSSL_NO_CAMELLIA
586 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
587
588 /* Cipher 41 */
589 {
590 .valid = 1,
591 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
592 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
593 .algorithm_mkey = SSL_kRSA,
594 .algorithm_auth = SSL_aRSA,
595 .algorithm_enc = SSL_CAMELLIA128,
596 .algorithm_mac = SSL_SHA1,
597 .algorithm_ssl = SSL_TLSV1,
598 .algo_strength = SSL_HIGH,
599 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
600 .strength_bits = 128,
601 .alg_bits = 128,
602 },
603
604 /* Cipher 44 */
605 {
606 .valid = 1,
607 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
608 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
609 .algorithm_mkey = SSL_kDHE,
610 .algorithm_auth = SSL_aDSS,
611 .algorithm_enc = SSL_CAMELLIA128,
612 .algorithm_mac = SSL_SHA1,
613 .algorithm_ssl = SSL_TLSV1,
614 .algo_strength = SSL_HIGH,
615 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
616 .strength_bits = 128,
617 .alg_bits = 128,
618 },
619
620 /* Cipher 45 */
621 {
622 .valid = 1,
623 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
624 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
625 .algorithm_mkey = SSL_kDHE,
626 .algorithm_auth = SSL_aRSA,
627 .algorithm_enc = SSL_CAMELLIA128,
628 .algorithm_mac = SSL_SHA1,
629 .algorithm_ssl = SSL_TLSV1,
630 .algo_strength = SSL_HIGH,
631 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
632 .strength_bits = 128,
633 .alg_bits = 128,
634 },
635
636 /* Cipher 46 */
637 {
638 .valid = 1,
639 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
640 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
641 .algorithm_mkey = SSL_kDHE,
642 .algorithm_auth = SSL_aNULL,
643 .algorithm_enc = SSL_CAMELLIA128,
644 .algorithm_mac = SSL_SHA1,
645 .algorithm_ssl = SSL_TLSV1,
646 .algo_strength = SSL_HIGH,
647 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
648 .strength_bits = 128,
649 .alg_bits = 128,
650 },
651 #endif /* OPENSSL_NO_CAMELLIA */
652
653 /* TLS v1.2 ciphersuites */
654 /* Cipher 67 */
655 {
656 .valid = 1,
657 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
658 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
659 .algorithm_mkey = SSL_kDHE,
660 .algorithm_auth = SSL_aRSA,
661 .algorithm_enc = SSL_AES128,
662 .algorithm_mac = SSL_SHA256,
663 .algorithm_ssl = SSL_TLSV1_2,
664 .algo_strength = SSL_HIGH,
665 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
666 .strength_bits = 128,
667 .alg_bits = 128,
668 },
669
670 /* Cipher 6A */
671 {
672 .valid = 1,
673 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
674 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
675 .algorithm_mkey = SSL_kDHE,
676 .algorithm_auth = SSL_aDSS,
677 .algorithm_enc = SSL_AES256,
678 .algorithm_mac = SSL_SHA256,
679 .algorithm_ssl = SSL_TLSV1_2,
680 .algo_strength = SSL_HIGH,
681 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
682 .strength_bits = 256,
683 .alg_bits = 256,
684 },
685
686 /* Cipher 6B */
687 {
688 .valid = 1,
689 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
690 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
691 .algorithm_mkey = SSL_kDHE,
692 .algorithm_auth = SSL_aRSA,
693 .algorithm_enc = SSL_AES256,
694 .algorithm_mac = SSL_SHA256,
695 .algorithm_ssl = SSL_TLSV1_2,
696 .algo_strength = SSL_HIGH,
697 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
698 .strength_bits = 256,
699 .alg_bits = 256,
700 },
701
702 /* Cipher 6C */
703 {
704 .valid = 1,
705 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
706 .id = TLS1_CK_ADH_WITH_AES_128_SHA256,
707 .algorithm_mkey = SSL_kDHE,
708 .algorithm_auth = SSL_aNULL,
709 .algorithm_enc = SSL_AES128,
710 .algorithm_mac = SSL_SHA256,
711 .algorithm_ssl = SSL_TLSV1_2,
712 .algo_strength = SSL_HIGH,
713 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
714 .strength_bits = 128,
715 .alg_bits = 128,
716 },
717
718 /* Cipher 6D */
719 {
720 .valid = 1,
721 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
722 .id = TLS1_CK_ADH_WITH_AES_256_SHA256,
723 .algorithm_mkey = SSL_kDHE,
724 .algorithm_auth = SSL_aNULL,
725 .algorithm_enc = SSL_AES256,
726 .algorithm_mac = SSL_SHA256,
727 .algorithm_ssl = SSL_TLSV1_2,
728 .algo_strength = SSL_HIGH,
729 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
730 .strength_bits = 256,
731 .alg_bits = 256,
732 },
733
734 /* GOST Ciphersuites */
735
736 /* Cipher 81 */
737 {
738 .valid = 1,
739 .name = "GOST2001-GOST89-GOST89",
740 .id = 0x3000081,
741 .algorithm_mkey = SSL_kGOST,
742 .algorithm_auth = SSL_aGOST01,
743 .algorithm_enc = SSL_eGOST2814789CNT,
744 .algorithm_mac = SSL_GOST89MAC,
745 .algorithm_ssl = SSL_TLSV1,
746 .algo_strength = SSL_HIGH,
747 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
748 TLS1_STREAM_MAC,
749 .strength_bits = 256,
750 .alg_bits = 256
751 },
752
753 /* Cipher 83 */
754 {
755 .valid = 1,
756 .name = "GOST2001-NULL-GOST94",
757 .id = 0x3000083,
758 .algorithm_mkey = SSL_kGOST,
759 .algorithm_auth = SSL_aGOST01,
760 .algorithm_enc = SSL_eNULL,
761 .algorithm_mac = SSL_GOST94,
762 .algorithm_ssl = SSL_TLSV1,
763 .algo_strength = SSL_STRONG_NONE,
764 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
765 .strength_bits = 0,
766 .alg_bits = 0
767 },
768
769 #ifndef OPENSSL_NO_CAMELLIA
770 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
771
772 /* Cipher 84 */
773 {
774 .valid = 1,
775 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
776 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
777 .algorithm_mkey = SSL_kRSA,
778 .algorithm_auth = SSL_aRSA,
779 .algorithm_enc = SSL_CAMELLIA256,
780 .algorithm_mac = SSL_SHA1,
781 .algorithm_ssl = SSL_TLSV1,
782 .algo_strength = SSL_HIGH,
783 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
784 .strength_bits = 256,
785 .alg_bits = 256,
786 },
787
788 /* Cipher 87 */
789 {
790 .valid = 1,
791 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
792 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
793 .algorithm_mkey = SSL_kDHE,
794 .algorithm_auth = SSL_aDSS,
795 .algorithm_enc = SSL_CAMELLIA256,
796 .algorithm_mac = SSL_SHA1,
797 .algorithm_ssl = SSL_TLSV1,
798 .algo_strength = SSL_HIGH,
799 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
800 .strength_bits = 256,
801 .alg_bits = 256,
802 },
803
804 /* Cipher 88 */
805 {
806 .valid = 1,
807 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
808 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
809 .algorithm_mkey = SSL_kDHE,
810 .algorithm_auth = SSL_aRSA,
811 .algorithm_enc = SSL_CAMELLIA256,
812 .algorithm_mac = SSL_SHA1,
813 .algorithm_ssl = SSL_TLSV1,
814 .algo_strength = SSL_HIGH,
815 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
816 .strength_bits = 256,
817 .alg_bits = 256,
818 },
819
820 /* Cipher 89 */
821 {
822 .valid = 1,
823 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
824 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
825 .algorithm_mkey = SSL_kDHE,
826 .algorithm_auth = SSL_aNULL,
827 .algorithm_enc = SSL_CAMELLIA256,
828 .algorithm_mac = SSL_SHA1,
829 .algorithm_ssl = SSL_TLSV1,
830 .algo_strength = SSL_HIGH,
831 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
832 .strength_bits = 256,
833 .alg_bits = 256,
834 },
835 #endif /* OPENSSL_NO_CAMELLIA */
836
837 /*
838 * GCM ciphersuites from RFC5288.
839 */
840
841 /* Cipher 9C */
842 {
843 .valid = 1,
844 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
845 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
846 .algorithm_mkey = SSL_kRSA,
847 .algorithm_auth = SSL_aRSA,
848 .algorithm_enc = SSL_AES128GCM,
849 .algorithm_mac = SSL_AEAD,
850 .algorithm_ssl = SSL_TLSV1_2,
851 .algo_strength = SSL_HIGH,
852 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
853 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
854 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
855 .strength_bits = 128,
856 .alg_bits = 128,
857 },
858
859 /* Cipher 9D */
860 {
861 .valid = 1,
862 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
863 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
864 .algorithm_mkey = SSL_kRSA,
865 .algorithm_auth = SSL_aRSA,
866 .algorithm_enc = SSL_AES256GCM,
867 .algorithm_mac = SSL_AEAD,
868 .algorithm_ssl = SSL_TLSV1_2,
869 .algo_strength = SSL_HIGH,
870 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
871 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
872 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
873 .strength_bits = 256,
874 .alg_bits = 256,
875 },
876
877 /* Cipher 9E */
878 {
879 .valid = 1,
880 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
881 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
882 .algorithm_mkey = SSL_kDHE,
883 .algorithm_auth = SSL_aRSA,
884 .algorithm_enc = SSL_AES128GCM,
885 .algorithm_mac = SSL_AEAD,
886 .algorithm_ssl = SSL_TLSV1_2,
887 .algo_strength = SSL_HIGH,
888 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
889 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
890 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
891 .strength_bits = 128,
892 .alg_bits = 128,
893 },
894
895 /* Cipher 9F */
896 {
897 .valid = 1,
898 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
899 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
900 .algorithm_mkey = SSL_kDHE,
901 .algorithm_auth = SSL_aRSA,
902 .algorithm_enc = SSL_AES256GCM,
903 .algorithm_mac = SSL_AEAD,
904 .algorithm_ssl = SSL_TLSV1_2,
905 .algo_strength = SSL_HIGH,
906 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
907 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
908 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
909 .strength_bits = 256,
910 .alg_bits = 256,
911 },
912
913 /* Cipher A2 */
914 {
915 .valid = 1,
916 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
917 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
918 .algorithm_mkey = SSL_kDHE,
919 .algorithm_auth = SSL_aDSS,
920 .algorithm_enc = SSL_AES128GCM,
921 .algorithm_mac = SSL_AEAD,
922 .algorithm_ssl = SSL_TLSV1_2,
923 .algo_strength = SSL_HIGH,
924 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
925 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
926 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
927 .strength_bits = 128,
928 .alg_bits = 128,
929 },
930
931 /* Cipher A3 */
932 {
933 .valid = 1,
934 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
935 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
936 .algorithm_mkey = SSL_kDHE,
937 .algorithm_auth = SSL_aDSS,
938 .algorithm_enc = SSL_AES256GCM,
939 .algorithm_mac = SSL_AEAD,
940 .algorithm_ssl = SSL_TLSV1_2,
941 .algo_strength = SSL_HIGH,
942 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
943 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
944 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
945 .strength_bits = 256,
946 .alg_bits = 256,
947 },
948
949 /* Cipher A6 */
950 {
951 .valid = 1,
952 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
953 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
954 .algorithm_mkey = SSL_kDHE,
955 .algorithm_auth = SSL_aNULL,
956 .algorithm_enc = SSL_AES128GCM,
957 .algorithm_mac = SSL_AEAD,
958 .algorithm_ssl = SSL_TLSV1_2,
959 .algo_strength = SSL_HIGH,
960 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
961 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
962 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
963 .strength_bits = 128,
964 .alg_bits = 128,
965 },
966
967 /* Cipher A7 */
968 {
969 .valid = 1,
970 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
971 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
972 .algorithm_mkey = SSL_kDHE,
973 .algorithm_auth = SSL_aNULL,
974 .algorithm_enc = SSL_AES256GCM,
975 .algorithm_mac = SSL_AEAD,
976 .algorithm_ssl = SSL_TLSV1_2,
977 .algo_strength = SSL_HIGH,
978 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
979 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
980 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
981 .strength_bits = 256,
982 .alg_bits = 256,
983 },
984
985 #ifndef OPENSSL_NO_CAMELLIA
986 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
987
988 /* Cipher BA */
989 {
990 .valid = 1,
991 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
992 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
993 .algorithm_mkey = SSL_kRSA,
994 .algorithm_auth = SSL_aRSA,
995 .algorithm_enc = SSL_CAMELLIA128,
996 .algorithm_mac = SSL_SHA256,
997 .algorithm_ssl = SSL_TLSV1_2,
998 .algo_strength = SSL_HIGH,
999 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1000 .strength_bits = 128,
1001 .alg_bits = 128,
1002 },
1003
1004 /* Cipher BD */
1005 {
1006 .valid = 1,
1007 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1008 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1009 .algorithm_mkey = SSL_kDHE,
1010 .algorithm_auth = SSL_aDSS,
1011 .algorithm_enc = SSL_CAMELLIA128,
1012 .algorithm_mac = SSL_SHA256,
1013 .algorithm_ssl = SSL_TLSV1_2,
1014 .algo_strength = SSL_HIGH,
1015 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1016 .strength_bits = 128,
1017 .alg_bits = 128,
1018 },
1019
1020 /* Cipher BE */
1021 {
1022 .valid = 1,
1023 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1024 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1025 .algorithm_mkey = SSL_kDHE,
1026 .algorithm_auth = SSL_aRSA,
1027 .algorithm_enc = SSL_CAMELLIA128,
1028 .algorithm_mac = SSL_SHA256,
1029 .algorithm_ssl = SSL_TLSV1_2,
1030 .algo_strength = SSL_HIGH,
1031 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1032 .strength_bits = 128,
1033 .alg_bits = 128,
1034 },
1035
1036 /* Cipher BF */
1037 {
1038 .valid = 1,
1039 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1040 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1041 .algorithm_mkey = SSL_kDHE,
1042 .algorithm_auth = SSL_aNULL,
1043 .algorithm_enc = SSL_CAMELLIA128,
1044 .algorithm_mac = SSL_SHA256,
1045 .algorithm_ssl = SSL_TLSV1_2,
1046 .algo_strength = SSL_HIGH,
1047 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1048 .strength_bits = 128,
1049 .alg_bits = 128,
1050 },
1051
1052 /* Cipher C0 */
1053 {
1054 .valid = 1,
1055 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1056 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1057 .algorithm_mkey = SSL_kRSA,
1058 .algorithm_auth = SSL_aRSA,
1059 .algorithm_enc = SSL_CAMELLIA256,
1060 .algorithm_mac = SSL_SHA256,
1061 .algorithm_ssl = SSL_TLSV1_2,
1062 .algo_strength = SSL_HIGH,
1063 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1064 .strength_bits = 256,
1065 .alg_bits = 256,
1066 },
1067
1068 /* Cipher C3 */
1069 {
1070 .valid = 1,
1071 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1072 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1073 .algorithm_mkey = SSL_kDHE,
1074 .algorithm_auth = SSL_aDSS,
1075 .algorithm_enc = SSL_CAMELLIA256,
1076 .algorithm_mac = SSL_SHA256,
1077 .algorithm_ssl = SSL_TLSV1_2,
1078 .algo_strength = SSL_HIGH,
1079 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1080 .strength_bits = 256,
1081 .alg_bits = 256,
1082 },
1083
1084 /* Cipher C4 */
1085 {
1086 .valid = 1,
1087 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1088 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1089 .algorithm_mkey = SSL_kDHE,
1090 .algorithm_auth = SSL_aRSA,
1091 .algorithm_enc = SSL_CAMELLIA256,
1092 .algorithm_mac = SSL_SHA256,
1093 .algorithm_ssl = SSL_TLSV1_2,
1094 .algo_strength = SSL_HIGH,
1095 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1096 .strength_bits = 256,
1097 .alg_bits = 256,
1098 },
1099
1100 /* Cipher C5 */
1101 {
1102 .valid = 1,
1103 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1104 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1105 .algorithm_mkey = SSL_kDHE,
1106 .algorithm_auth = SSL_aNULL,
1107 .algorithm_enc = SSL_CAMELLIA256,
1108 .algorithm_mac = SSL_SHA256,
1109 .algorithm_ssl = SSL_TLSV1_2,
1110 .algo_strength = SSL_HIGH,
1111 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1112 .strength_bits = 256,
1113 .alg_bits = 256,
1114 },
1115 #endif /* OPENSSL_NO_CAMELLIA */
1116
1117 /* Cipher C006 */
1118 {
1119 .valid = 1,
1120 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1121 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1122 .algorithm_mkey = SSL_kECDHE,
1123 .algorithm_auth = SSL_aECDSA,
1124 .algorithm_enc = SSL_eNULL,
1125 .algorithm_mac = SSL_SHA1,
1126 .algorithm_ssl = SSL_TLSV1,
1127 .algo_strength = SSL_STRONG_NONE,
1128 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1129 .strength_bits = 0,
1130 .alg_bits = 0,
1131 },
1132
1133 /* Cipher C007 */
1134 {
1135 .valid = 1,
1136 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1137 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1138 .algorithm_mkey = SSL_kECDHE,
1139 .algorithm_auth = SSL_aECDSA,
1140 .algorithm_enc = SSL_RC4,
1141 .algorithm_mac = SSL_SHA1,
1142 .algorithm_ssl = SSL_TLSV1,
1143 .algo_strength = SSL_LOW,
1144 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1145 .strength_bits = 128,
1146 .alg_bits = 128,
1147 },
1148
1149 /* Cipher C008 */
1150 {
1151 .valid = 1,
1152 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1153 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1154 .algorithm_mkey = SSL_kECDHE,
1155 .algorithm_auth = SSL_aECDSA,
1156 .algorithm_enc = SSL_3DES,
1157 .algorithm_mac = SSL_SHA1,
1158 .algorithm_ssl = SSL_TLSV1,
1159 .algo_strength = SSL_MEDIUM,
1160 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1161 .strength_bits = 112,
1162 .alg_bits = 168,
1163 },
1164
1165 /* Cipher C009 */
1166 {
1167 .valid = 1,
1168 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1169 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1170 .algorithm_mkey = SSL_kECDHE,
1171 .algorithm_auth = SSL_aECDSA,
1172 .algorithm_enc = SSL_AES128,
1173 .algorithm_mac = SSL_SHA1,
1174 .algorithm_ssl = SSL_TLSV1,
1175 .algo_strength = SSL_HIGH,
1176 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1177 .strength_bits = 128,
1178 .alg_bits = 128,
1179 },
1180
1181 /* Cipher C00A */
1182 {
1183 .valid = 1,
1184 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1185 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1186 .algorithm_mkey = SSL_kECDHE,
1187 .algorithm_auth = SSL_aECDSA,
1188 .algorithm_enc = SSL_AES256,
1189 .algorithm_mac = SSL_SHA1,
1190 .algorithm_ssl = SSL_TLSV1,
1191 .algo_strength = SSL_HIGH,
1192 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1193 .strength_bits = 256,
1194 .alg_bits = 256,
1195 },
1196
1197 /* Cipher C010 */
1198 {
1199 .valid = 1,
1200 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1201 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1202 .algorithm_mkey = SSL_kECDHE,
1203 .algorithm_auth = SSL_aRSA,
1204 .algorithm_enc = SSL_eNULL,
1205 .algorithm_mac = SSL_SHA1,
1206 .algorithm_ssl = SSL_TLSV1,
1207 .algo_strength = SSL_STRONG_NONE,
1208 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1209 .strength_bits = 0,
1210 .alg_bits = 0,
1211 },
1212
1213 /* Cipher C011 */
1214 {
1215 .valid = 1,
1216 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1217 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1218 .algorithm_mkey = SSL_kECDHE,
1219 .algorithm_auth = SSL_aRSA,
1220 .algorithm_enc = SSL_RC4,
1221 .algorithm_mac = SSL_SHA1,
1222 .algorithm_ssl = SSL_TLSV1,
1223 .algo_strength = SSL_LOW,
1224 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1225 .strength_bits = 128,
1226 .alg_bits = 128,
1227 },
1228
1229 /* Cipher C012 */
1230 {
1231 .valid = 1,
1232 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1233 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1234 .algorithm_mkey = SSL_kECDHE,
1235 .algorithm_auth = SSL_aRSA,
1236 .algorithm_enc = SSL_3DES,
1237 .algorithm_mac = SSL_SHA1,
1238 .algorithm_ssl = SSL_TLSV1,
1239 .algo_strength = SSL_HIGH,
1240 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1241 .strength_bits = 112,
1242 .alg_bits = 168,
1243 },
1244
1245 /* Cipher C013 */
1246 {
1247 .valid = 1,
1248 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1249 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1250 .algorithm_mkey = SSL_kECDHE,
1251 .algorithm_auth = SSL_aRSA,
1252 .algorithm_enc = SSL_AES128,
1253 .algorithm_mac = SSL_SHA1,
1254 .algorithm_ssl = SSL_TLSV1,
1255 .algo_strength = SSL_HIGH,
1256 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1257 .strength_bits = 128,
1258 .alg_bits = 128,
1259 },
1260
1261 /* Cipher C014 */
1262 {
1263 .valid = 1,
1264 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1265 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1266 .algorithm_mkey = SSL_kECDHE,
1267 .algorithm_auth = SSL_aRSA,
1268 .algorithm_enc = SSL_AES256,
1269 .algorithm_mac = SSL_SHA1,
1270 .algorithm_ssl = SSL_TLSV1,
1271 .algo_strength = SSL_HIGH,
1272 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1273 .strength_bits = 256,
1274 .alg_bits = 256,
1275 },
1276
1277 /* Cipher C015 */
1278 {
1279 .valid = 1,
1280 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1281 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1282 .algorithm_mkey = SSL_kECDHE,
1283 .algorithm_auth = SSL_aNULL,
1284 .algorithm_enc = SSL_eNULL,
1285 .algorithm_mac = SSL_SHA1,
1286 .algorithm_ssl = SSL_TLSV1,
1287 .algo_strength = SSL_STRONG_NONE,
1288 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1289 .strength_bits = 0,
1290 .alg_bits = 0,
1291 },
1292
1293 /* Cipher C016 */
1294 {
1295 .valid = 1,
1296 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1297 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1298 .algorithm_mkey = SSL_kECDHE,
1299 .algorithm_auth = SSL_aNULL,
1300 .algorithm_enc = SSL_RC4,
1301 .algorithm_mac = SSL_SHA1,
1302 .algorithm_ssl = SSL_TLSV1,
1303 .algo_strength = SSL_LOW,
1304 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1305 .strength_bits = 128,
1306 .alg_bits = 128,
1307 },
1308
1309 /* Cipher C017 */
1310 {
1311 .valid = 1,
1312 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1313 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1314 .algorithm_mkey = SSL_kECDHE,
1315 .algorithm_auth = SSL_aNULL,
1316 .algorithm_enc = SSL_3DES,
1317 .algorithm_mac = SSL_SHA1,
1318 .algorithm_ssl = SSL_TLSV1,
1319 .algo_strength = SSL_MEDIUM,
1320 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1321 .strength_bits = 112,
1322 .alg_bits = 168,
1323 },
1324
1325 /* Cipher C018 */
1326 {
1327 .valid = 1,
1328 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1329 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1330 .algorithm_mkey = SSL_kECDHE,
1331 .algorithm_auth = SSL_aNULL,
1332 .algorithm_enc = SSL_AES128,
1333 .algorithm_mac = SSL_SHA1,
1334 .algorithm_ssl = SSL_TLSV1,
1335 .algo_strength = SSL_HIGH,
1336 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1337 .strength_bits = 128,
1338 .alg_bits = 128,
1339 },
1340
1341 /* Cipher C019 */
1342 {
1343 .valid = 1,
1344 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1345 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1346 .algorithm_mkey = SSL_kECDHE,
1347 .algorithm_auth = SSL_aNULL,
1348 .algorithm_enc = SSL_AES256,
1349 .algorithm_mac = SSL_SHA1,
1350 .algorithm_ssl = SSL_TLSV1,
1351 .algo_strength = SSL_HIGH,
1352 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1353 .strength_bits = 256,
1354 .alg_bits = 256,
1355 },
1356
1357
1358 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
1359
1360 /* Cipher C023 */
1361 {
1362 .valid = 1,
1363 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1364 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1365 .algorithm_mkey = SSL_kECDHE,
1366 .algorithm_auth = SSL_aECDSA,
1367 .algorithm_enc = SSL_AES128,
1368 .algorithm_mac = SSL_SHA256,
1369 .algorithm_ssl = SSL_TLSV1_2,
1370 .algo_strength = SSL_HIGH,
1371 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1372 .strength_bits = 128,
1373 .alg_bits = 128,
1374 },
1375
1376 /* Cipher C024 */
1377 {
1378 .valid = 1,
1379 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1380 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1381 .algorithm_mkey = SSL_kECDHE,
1382 .algorithm_auth = SSL_aECDSA,
1383 .algorithm_enc = SSL_AES256,
1384 .algorithm_mac = SSL_SHA384,
1385 .algorithm_ssl = SSL_TLSV1_2,
1386 .algo_strength = SSL_HIGH,
1387 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1388 .strength_bits = 256,
1389 .alg_bits = 256,
1390 },
1391
1392 /* Cipher C027 */
1393 {
1394 .valid = 1,
1395 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1396 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1397 .algorithm_mkey = SSL_kECDHE,
1398 .algorithm_auth = SSL_aRSA,
1399 .algorithm_enc = SSL_AES128,
1400 .algorithm_mac = SSL_SHA256,
1401 .algorithm_ssl = SSL_TLSV1_2,
1402 .algo_strength = SSL_HIGH,
1403 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1404 .strength_bits = 128,
1405 .alg_bits = 128,
1406 },
1407
1408 /* Cipher C028 */
1409 {
1410 .valid = 1,
1411 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1412 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1413 .algorithm_mkey = SSL_kECDHE,
1414 .algorithm_auth = SSL_aRSA,
1415 .algorithm_enc = SSL_AES256,
1416 .algorithm_mac = SSL_SHA384,
1417 .algorithm_ssl = SSL_TLSV1_2,
1418 .algo_strength = SSL_HIGH,
1419 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1420 .strength_bits = 256,
1421 .alg_bits = 256,
1422 },
1423
1424 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
1425
1426 /* Cipher C02B */
1427 {
1428 .valid = 1,
1429 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1430 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1431 .algorithm_mkey = SSL_kECDHE,
1432 .algorithm_auth = SSL_aECDSA,
1433 .algorithm_enc = SSL_AES128GCM,
1434 .algorithm_mac = SSL_AEAD,
1435 .algorithm_ssl = SSL_TLSV1_2,
1436 .algo_strength = SSL_HIGH,
1437 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1438 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1439 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1440 .strength_bits = 128,
1441 .alg_bits = 128,
1442 },
1443
1444 /* Cipher C02C */
1445 {
1446 .valid = 1,
1447 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1448 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1449 .algorithm_mkey = SSL_kECDHE,
1450 .algorithm_auth = SSL_aECDSA,
1451 .algorithm_enc = SSL_AES256GCM,
1452 .algorithm_mac = SSL_AEAD,
1453 .algorithm_ssl = SSL_TLSV1_2,
1454 .algo_strength = SSL_HIGH,
1455 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1456 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1457 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1458 .strength_bits = 256,
1459 .alg_bits = 256,
1460 },
1461
1462 /* Cipher C02F */
1463 {
1464 .valid = 1,
1465 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1466 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1467 .algorithm_mkey = SSL_kECDHE,
1468 .algorithm_auth = SSL_aRSA,
1469 .algorithm_enc = SSL_AES128GCM,
1470 .algorithm_mac = SSL_AEAD,
1471 .algorithm_ssl = SSL_TLSV1_2,
1472 .algo_strength = SSL_HIGH,
1473 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1474 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1475 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1476 .strength_bits = 128,
1477 .alg_bits = 128,
1478 },
1479
1480 /* Cipher C030 */
1481 {
1482 .valid = 1,
1483 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1484 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1485 .algorithm_mkey = SSL_kECDHE,
1486 .algorithm_auth = SSL_aRSA,
1487 .algorithm_enc = SSL_AES256GCM,
1488 .algorithm_mac = SSL_AEAD,
1489 .algorithm_ssl = SSL_TLSV1_2,
1490 .algo_strength = SSL_HIGH,
1491 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1492 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1493 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1494 .strength_bits = 256,
1495 .alg_bits = 256,
1496 },
1497
1498 /* Cipher CC13 */
1499 {
1500 .valid = 1,
1501 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
1502 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
1503 .algorithm_mkey = SSL_kECDHE,
1504 .algorithm_auth = SSL_aRSA,
1505 .algorithm_enc = SSL_CHACHA20POLY1305_OLD,
1506 .algorithm_mac = SSL_AEAD,
1507 .algorithm_ssl = SSL_TLSV1_2,
1508 .algo_strength = SSL_HIGH,
1509 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1510 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1511 .strength_bits = 256,
1512 .alg_bits = 256,
1513 },
1514
1515 /* Cipher CC14 */
1516 {
1517 .valid = 1,
1518 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
1519 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
1520 .algorithm_mkey = SSL_kECDHE,
1521 .algorithm_auth = SSL_aECDSA,
1522 .algorithm_enc = SSL_CHACHA20POLY1305_OLD,
1523 .algorithm_mac = SSL_AEAD,
1524 .algorithm_ssl = SSL_TLSV1_2,
1525 .algo_strength = SSL_HIGH,
1526 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1527 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1528 .strength_bits = 256,
1529 .alg_bits = 256,
1530 },
1531
1532 /* Cipher CC15 */
1533 {
1534 .valid = 1,
1535 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD,
1536 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD,
1537 .algorithm_mkey = SSL_kDHE,
1538 .algorithm_auth = SSL_aRSA,
1539 .algorithm_enc = SSL_CHACHA20POLY1305_OLD,
1540 .algorithm_mac = SSL_AEAD,
1541 .algorithm_ssl = SSL_TLSV1_2,
1542 .algo_strength = SSL_HIGH,
1543 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1544 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1545 .strength_bits = 256,
1546 .alg_bits = 256,
1547 },
1548
1549 /* Cipher CCA8 */
1550 {
1551 .valid = 1,
1552 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1553 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
1554 .algorithm_mkey = SSL_kECDHE,
1555 .algorithm_auth = SSL_aRSA,
1556 .algorithm_enc = SSL_CHACHA20POLY1305,
1557 .algorithm_mac = SSL_AEAD,
1558 .algorithm_ssl = SSL_TLSV1_2,
1559 .algo_strength = SSL_HIGH,
1560 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1561 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
1562 .strength_bits = 256,
1563 .alg_bits = 256,
1564 },
1565
1566 /* Cipher CCA9 */
1567 {
1568 .valid = 1,
1569 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1570 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
1571 .algorithm_mkey = SSL_kECDHE,
1572 .algorithm_auth = SSL_aECDSA,
1573 .algorithm_enc = SSL_CHACHA20POLY1305,
1574 .algorithm_mac = SSL_AEAD,
1575 .algorithm_ssl = SSL_TLSV1_2,
1576 .algo_strength = SSL_HIGH,
1577 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1578 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
1579 .strength_bits = 256,
1580 .alg_bits = 256,
1581 },
1582
1583 /* Cipher CCAA */
1584 {
1585 .valid = 1,
1586 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1587 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
1588 .algorithm_mkey = SSL_kDHE,
1589 .algorithm_auth = SSL_aRSA,
1590 .algorithm_enc = SSL_CHACHA20POLY1305,
1591 .algorithm_mac = SSL_AEAD,
1592 .algorithm_ssl = SSL_TLSV1_2,
1593 .algo_strength = SSL_HIGH,
1594 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1595 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12),
1596 .strength_bits = 256,
1597 .alg_bits = 256,
1598 },
1599
1600 /* Cipher FF85 FIXME IANA */
1601 {
1602 .valid = 1,
1603 .name = "GOST2012256-GOST89-GOST89",
1604 .id = 0x300ff85, /* FIXME IANA */
1605 .algorithm_mkey = SSL_kGOST,
1606 .algorithm_auth = SSL_aGOST01,
1607 .algorithm_enc = SSL_eGOST2814789CNT,
1608 .algorithm_mac = SSL_GOST89MAC,
1609 .algorithm_ssl = SSL_TLSV1,
1610 .algo_strength = SSL_HIGH,
1611 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
1612 TLS1_STREAM_MAC,
1613 .strength_bits = 256,
1614 .alg_bits = 256
1615 },
1616
1617 /* Cipher FF87 FIXME IANA */
1618 {
1619 .valid = 1,
1620 .name = "GOST2012256-NULL-STREEBOG256",
1621 .id = 0x300ff87, /* FIXME IANA */
1622 .algorithm_mkey = SSL_kGOST,
1623 .algorithm_auth = SSL_aGOST01,
1624 .algorithm_enc = SSL_eNULL,
1625 .algorithm_mac = SSL_STREEBOG256,
1626 .algorithm_ssl = SSL_TLSV1,
1627 .algo_strength = SSL_STRONG_NONE,
1628 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
1629 .strength_bits = 0,
1630 .alg_bits = 0
1631 },
1632
1633
1634 /* end of list */
1635 };
1636
1637 int
1638 ssl3_num_ciphers(void)
1639 {
1640 return (SSL3_NUM_CIPHERS);
1641 }
1642
1643 const SSL_CIPHER *
1644 ssl3_get_cipher(unsigned int u)
1645 {
1646 if (u < SSL3_NUM_CIPHERS)
1647 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
1648 else
1649 return (NULL);
1650 }
1651
1652 const SSL_CIPHER *
1653 ssl3_get_cipher_by_id(unsigned int id)
1654 {
1655 const SSL_CIPHER *cp;
1656 SSL_CIPHER c;
1657
1658 c.id = id;
1659 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
1660 if (cp != NULL && cp->valid == 1)
1661 return (cp);
1662
1663 return (NULL);
1664 }
1665
1666 const SSL_CIPHER *
1667 ssl3_get_cipher_by_value(uint16_t value)
1668 {
1669 return ssl3_get_cipher_by_id(SSL3_CK_ID | value);
1670 }
1671
1672 uint16_t
1673 ssl3_cipher_get_value(const SSL_CIPHER *c)
1674 {
1675 return (c->id & SSL3_CK_VALUE_MASK);
1676 }
1677
1678 int
1679 ssl3_pending(const SSL *s)
1680 {
1681 if (s->internal->rstate == SSL_ST_READ_BODY)
1682 return 0;
1683
1684 return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ?
1685 S3I(s)->rrec.length : 0;
1686 }
1687
1688 int
1689 ssl3_handshake_msg_hdr_len(SSL *s)
1690 {
1691 return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
1692 SSL3_HM_HEADER_LENGTH);
1693 }
1694
1695 unsigned char *
1696 ssl3_handshake_msg_start(SSL *s, uint8_t msg_type)
1697 {
1698 unsigned char *d, *p;
1699
1700 d = p = (unsigned char *)s->internal->init_buf->data;
1701
1702 /* Handshake message type and length. */
1703 *(p++) = msg_type;
1704 l2n3(0, p);
1705
1706 return (d + ssl3_handshake_msg_hdr_len(s));
1707 }
1708
1709 void
1710 ssl3_handshake_msg_finish(SSL *s, unsigned int len)
1711 {
1712 unsigned char *p;
1713 uint8_t msg_type;
1714
1715 p = (unsigned char *)s->internal->init_buf->data;
1716
1717 /* Handshake message length. */
1718 msg_type = *(p++);
1719 l2n3(len, p);
1720
1721 s->internal->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len;
1722 s->internal->init_off = 0;
1723
1724 if (SSL_IS_DTLS(s)) {
1725 dtls1_set_message_header(s, msg_type, len, 0, len);
1726 dtls1_buffer_message(s, 0);
1727 }
1728 }
1729
1730 int
1731 ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body,
1732 uint8_t msg_type)
1733 {
1734 int ret = 0;
1735
1736 if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH))
1737 goto err;
1738 if (!CBB_add_u8(handshake, msg_type))
1739 goto err;
1740 if (SSL_IS_DTLS(s)) {
1741 unsigned char *data;
1742
1743 if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH -
1744 SSL3_HM_HEADER_LENGTH))
1745 goto err;
1746 }
1747 if (!CBB_add_u24_length_prefixed(handshake, body))
1748 goto err;
1749
1750 ret = 1;
1751
1752 err:
1753 return (ret);
1754 }
1755
1756 int
1757 ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake)
1758 {
1759 unsigned char *data = NULL;
1760 size_t outlen;
1761 int ret = 0;
1762
1763 if (!CBB_finish(handshake, &data, &outlen))
1764 goto err;
1765
1766 if (outlen > INT_MAX)
1767 goto err;
1768
1769 if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen))
1770 goto err;
1771
1772 memcpy(s->internal->init_buf->data, data, outlen);
1773
1774 s->internal->init_num = (int)outlen;
1775 s->internal->init_off = 0;
1776
1777 if (SSL_IS_DTLS(s)) {
1778 unsigned long len;
1779 uint8_t msg_type;
1780 CBS cbs;
1781
1782 CBS_init(&cbs, data, outlen);
1783 if (!CBS_get_u8(&cbs, &msg_type))
1784 goto err;
1785
1786 len = outlen - ssl3_handshake_msg_hdr_len(s);
1787
1788 dtls1_set_message_header(s, msg_type, len, 0, len);
1789 dtls1_buffer_message(s, 0);
1790 }
1791
1792 ret = 1;
1793
1794 err:
1795 free(data);
1796
1797 return (ret);
1798 }
1799
1800 int
1801 ssl3_handshake_write(SSL *s)
1802 {
1803 if (SSL_IS_DTLS(s))
1804 return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
1805
1806 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
1807 }
1808
1809 int
1810 ssl3_new(SSL *s)
1811 {
1812 if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
1813 return (0);
1814 if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) {
1815 free(s->s3);
1816 return (0);
1817 }
1818
1819 s->method->internal->ssl_clear(s);
1820
1821 return (1);
1822 }
1823
1824 void
1825 ssl3_free(SSL *s)
1826 {
1827 if (s == NULL)
1828 return;
1829
1830 tls1_cleanup_key_block(s);
1831 ssl3_release_read_buffer(s);
1832 ssl3_release_write_buffer(s);
1833
1834 DH_free(S3I(s)->tmp.dh);
1835 EC_KEY_free(S3I(s)->tmp.ecdh);
1836
1837 if (S3I(s)->tmp.x25519 != NULL)
1838 explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1839 free(S3I(s)->tmp.x25519);
1840
1841 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1842
1843 BIO_free(S3I(s)->handshake_buffer);
1844
1845 tls1_handshake_hash_free(s);
1846
1847 free(S3I(s)->alpn_selected);
1848
1849 explicit_bzero(S3I(s), sizeof(*S3I(s)));
1850 free(S3I(s));
1851
1852 explicit_bzero(s->s3, sizeof(*s->s3));
1853 free(s->s3);
1854
1855 s->s3 = NULL;
1856 }
1857
1858 void
1859 ssl3_clear(SSL *s)
1860 {
1861 struct ssl3_state_internal_st *internal;
1862 unsigned char *rp, *wp;
1863 size_t rlen, wlen;
1864
1865 tls1_cleanup_key_block(s);
1866 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1867
1868 DH_free(S3I(s)->tmp.dh);
1869 S3I(s)->tmp.dh = NULL;
1870 EC_KEY_free(S3I(s)->tmp.ecdh);
1871 S3I(s)->tmp.ecdh = NULL;
1872
1873 if (S3I(s)->tmp.x25519 != NULL)
1874 explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1875 free(S3I(s)->tmp.x25519);
1876 S3I(s)->tmp.x25519 = NULL;
1877
1878 rp = s->s3->rbuf.buf;
1879 wp = s->s3->wbuf.buf;
1880 rlen = s->s3->rbuf.len;
1881 wlen = s->s3->wbuf.len;
1882
1883 BIO_free(S3I(s)->handshake_buffer);
1884 S3I(s)->handshake_buffer = NULL;
1885
1886 tls1_handshake_hash_free(s);
1887
1888 free(S3I(s)->alpn_selected);
1889 S3I(s)->alpn_selected = NULL;
1890
1891 memset(S3I(s), 0, sizeof(*S3I(s)));
1892 internal = S3I(s);
1893 memset(s->s3, 0, sizeof(*s->s3));
1894 S3I(s) = internal;
1895
1896 s->s3->rbuf.buf = rp;
1897 s->s3->wbuf.buf = wp;
1898 s->s3->rbuf.len = rlen;
1899 s->s3->wbuf.len = wlen;
1900
1901 ssl_free_wbio_buffer(s);
1902
1903 /* Not needed... */
1904 S3I(s)->renegotiate = 0;
1905 S3I(s)->total_renegotiations = 0;
1906 S3I(s)->num_renegotiations = 0;
1907 S3I(s)->in_read_app_data = 0;
1908
1909 s->internal->packet_length = 0;
1910 s->version = TLS1_VERSION;
1911
1912 free(s->internal->next_proto_negotiated);
1913 s->internal->next_proto_negotiated = NULL;
1914 s->internal->next_proto_negotiated_len = 0;
1915 }
1916
1917 static long
1918 ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)
1919 {
1920 EVP_PKEY *pkey = NULL;
1921 EC_GROUP *group = NULL;
1922 EC_POINT *point = NULL;
1923 EC_KEY *ec_key = NULL;
1924 BIGNUM *order = NULL;
1925 SESS_CERT *sc;
1926 int ret = 0;
1927
1928 *pkey_tmp = NULL;
1929
1930 if (s->server != 0)
1931 return 0;
1932 if (s->session == NULL || SSI(s)->sess_cert == NULL)
1933 return 0;
1934
1935 sc = SSI(s)->sess_cert;
1936
1937 if ((pkey = EVP_PKEY_new()) == NULL)
1938 return 0;
1939
1940 if (sc->peer_dh_tmp != NULL) {
1941 ret = EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp);
1942 } else if (sc->peer_ecdh_tmp) {
1943 ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp);
1944 } else if (sc->peer_x25519_tmp != NULL) {
1945 /* Fudge up an EC_KEY that looks like X25519... */
1946 if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL)
1947 goto err;
1948 if ((point = EC_POINT_new(group)) == NULL)
1949 goto err;
1950 if ((order = BN_new()) == NULL)
1951 goto err;
1952 if (!BN_set_bit(order, 252))
1953 goto err;
1954 if (!EC_GROUP_set_generator(group, point, order, NULL))
1955 goto err;
1956 EC_GROUP_set_curve_name(group, NID_X25519);
1957 if ((ec_key = EC_KEY_new()) == NULL)
1958 goto err;
1959 if (!EC_KEY_set_group(ec_key, group))
1960 goto err;
1961 ret = EVP_PKEY_set1_EC_KEY(pkey, ec_key);
1962 }
1963
1964 if (ret == 1) {
1965 *pkey_tmp = pkey;
1966 pkey = NULL;
1967 }
1968
1969 err:
1970 EVP_PKEY_free(pkey);
1971 EC_GROUP_free(group);
1972 EC_POINT_free(point);
1973 EC_KEY_free(ec_key);
1974 BN_free(order);
1975
1976 return (ret);
1977 }
1978
1979 long
1980 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1981 {
1982 int ret = 0;
1983
1984 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
1985 if (!ssl_cert_inst(&s->cert)) {
1986 SSLerror(s, ERR_R_MALLOC_FAILURE);
1987 return (0);
1988 }
1989 }
1990
1991 switch (cmd) {
1992 case SSL_CTRL_GET_SESSION_REUSED:
1993 ret = s->internal->hit;
1994 break;
1995 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
1996 break;
1997 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
1998 ret = S3I(s)->num_renegotiations;
1999 break;
2000 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2001 ret = S3I(s)->num_renegotiations;
2002 S3I(s)->num_renegotiations = 0;
2003 break;
2004 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2005 ret = S3I(s)->total_renegotiations;
2006 break;
2007 case SSL_CTRL_GET_FLAGS:
2008 ret = (int)(s->s3->flags);
2009 break;
2010 case SSL_CTRL_NEED_TMP_RSA:
2011 ret = 0;
2012 break;
2013 case SSL_CTRL_SET_TMP_RSA:
2014 case SSL_CTRL_SET_TMP_RSA_CB:
2015 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2016 break;
2017 case SSL_CTRL_SET_TMP_DH:
2018 {
2019 DH *dh = (DH *)parg;
2020 if (dh == NULL) {
2021 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
2022 return (ret);
2023 }
2024 if ((dh = DHparams_dup(dh)) == NULL) {
2025 SSLerror(s, ERR_R_DH_LIB);
2026 return (ret);
2027 }
2028 DH_free(s->cert->dh_tmp);
2029 s->cert->dh_tmp = dh;
2030 ret = 1;
2031 }
2032 break;
2033
2034 case SSL_CTRL_SET_TMP_DH_CB:
2035 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2036 return (ret);
2037
2038 case SSL_CTRL_SET_DH_AUTO:
2039 s->cert->dh_tmp_auto = larg;
2040 return 1;
2041
2042 case SSL_CTRL_SET_TMP_ECDH:
2043 {
2044 EC_KEY *ecdh = NULL;
2045
2046 if (parg == NULL) {
2047 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
2048 return (ret);
2049 }
2050 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
2051 SSLerror(s, ERR_R_ECDH_LIB);
2052 return (ret);
2053 }
2054 ecdh = (EC_KEY *)parg;
2055 if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
2056 if (!EC_KEY_generate_key(ecdh)) {
2057 EC_KEY_free(ecdh);
2058 SSLerror(s, ERR_R_ECDH_LIB);
2059 return (ret);
2060 }
2061 }
2062 EC_KEY_free(s->cert->ecdh_tmp);
2063 s->cert->ecdh_tmp = ecdh;
2064 ret = 1;
2065 }
2066 break;
2067 case SSL_CTRL_SET_TMP_ECDH_CB:
2068 {
2069 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2070 return (ret);
2071 }
2072 break;
2073 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2074 if (larg == TLSEXT_NAMETYPE_host_name) {
2075 free(s->tlsext_hostname);
2076 s->tlsext_hostname = NULL;
2077
2078 ret = 1;
2079 if (parg == NULL)
2080 break;
2081 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
2082 SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2083 return 0;
2084 }
2085 if ((s->tlsext_hostname = strdup((char *)parg))
2086 == NULL) {
2087 SSLerror(s, ERR_R_INTERNAL_ERROR);
2088 return 0;
2089 }
2090 } else {
2091 SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2092 return 0;
2093 }
2094 break;
2095 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2096 s->internal->tlsext_debug_arg = parg;
2097 ret = 1;
2098 break;
2099
2100 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2101 s->tlsext_status_type = larg;
2102 ret = 1;
2103 break;
2104
2105 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2106 *(STACK_OF(X509_EXTENSION) **)parg = s->internal->tlsext_ocsp_exts;
2107 ret = 1;
2108 break;
2109
2110 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2111 s->internal->tlsext_ocsp_exts = parg;
2112 ret = 1;
2113 break;
2114
2115 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2116 *(STACK_OF(OCSP_RESPID) **)parg = s->internal->tlsext_ocsp_ids;
2117 ret = 1;
2118 break;
2119
2120 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2121 s->internal->tlsext_ocsp_ids = parg;
2122 ret = 1;
2123 break;
2124
2125 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2126 *(unsigned char **)parg = s->internal->tlsext_ocsp_resp;
2127 return s->internal->tlsext_ocsp_resplen;
2128
2129 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2130 free(s->internal->tlsext_ocsp_resp);
2131 s->internal->tlsext_ocsp_resp = parg;
2132 s->internal->tlsext_ocsp_resplen = larg;
2133 ret = 1;
2134 break;
2135
2136 case SSL_CTRL_SET_ECDH_AUTO:
2137 s->cert->ecdh_tmp_auto = larg;
2138 ret = 1;
2139 break;
2140
2141 case SSL_CTRL_SET_GROUPS:
2142 return SSL_set1_groups(s, parg, larg);
2143
2144 case SSL_CTRL_SET_GROUPS_LIST:
2145 return SSL_set1_groups_list(s, parg);
2146
2147 case SSL_CTRL_GET_SERVER_TMP_KEY:
2148 ret = ssl_ctrl_get_server_tmp_key(s, parg);
2149 break;
2150
2151 default:
2152 break;
2153 }
2154
2155 return (ret);
2156 }
2157
2158 int
2159 SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
2160 {
2161 return tls1_set_groups(&s->internal->tlsext_supportedgroups,
2162 &s->internal->tlsext_supportedgroups_length, groups, groups_len);
2163 }
2164
2165 int
2166 SSL_set1_groups_list(SSL *s, const char *groups)
2167 {
2168 return tls1_set_groups_list(&s->internal->tlsext_supportedgroups,
2169 &s->internal->tlsext_supportedgroups_length, groups);
2170 }
2171
2172 long
2173 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2174 {
2175 int ret = 0;
2176
2177 if (cmd == SSL_CTRL_SET_TMP_DH_CB) {
2178 if (!ssl_cert_inst(&s->cert)) {
2179 SSLerror(s, ERR_R_MALLOC_FAILURE);
2180 return (0);
2181 }
2182 }
2183
2184 switch (cmd) {
2185 case SSL_CTRL_SET_TMP_RSA_CB:
2186 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2187 break;
2188 case SSL_CTRL_SET_TMP_DH_CB:
2189 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2190 break;
2191 case SSL_CTRL_SET_TMP_ECDH_CB:
2192 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2193 break;
2194 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2195 s->internal->tlsext_debug_cb = (void (*)(SSL *, int , int,
2196 unsigned char *, int, void *))fp;
2197 break;
2198 default:
2199 break;
2200 }
2201 return (ret);
2202 }
2203
2204 long
2205 ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2206 {
2207 CERT *cert;
2208
2209 cert = ctx->internal->cert;
2210
2211 switch (cmd) {
2212 case SSL_CTRL_NEED_TMP_RSA:
2213 return (0);
2214 case SSL_CTRL_SET_TMP_RSA:
2215 case SSL_CTRL_SET_TMP_RSA_CB:
2216 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2217 return (0);
2218 case SSL_CTRL_SET_TMP_DH:
2219 {
2220 DH *new = NULL, *dh;
2221
2222 dh = (DH *)parg;
2223 if ((new = DHparams_dup(dh)) == NULL) {
2224 SSLerrorx(ERR_R_DH_LIB);
2225 return 0;
2226 }
2227 DH_free(cert->dh_tmp);
2228 cert->dh_tmp = new;
2229 return 1;
2230 }
2231 /*break; */
2232
2233 case SSL_CTRL_SET_TMP_DH_CB:
2234 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2235 return (0);
2236
2237 case SSL_CTRL_SET_DH_AUTO:
2238 ctx->internal->cert->dh_tmp_auto = larg;
2239 return (1);
2240
2241 case SSL_CTRL_SET_TMP_ECDH:
2242 {
2243 EC_KEY *ecdh = NULL;
2244
2245 if (parg == NULL) {
2246 SSLerrorx(ERR_R_ECDH_LIB);
2247 return 0;
2248 }
2249 ecdh = EC_KEY_dup((EC_KEY *)parg);
2250 if (ecdh == NULL) {
2251 SSLerrorx(ERR_R_EC_LIB);
2252 return 0;
2253 }
2254 if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
2255 if (!EC_KEY_generate_key(ecdh)) {
2256 EC_KEY_free(ecdh);
2257 SSLerrorx(ERR_R_ECDH_LIB);
2258 return 0;
2259 }
2260 }
2261
2262 EC_KEY_free(cert->ecdh_tmp);
2263 cert->ecdh_tmp = ecdh;
2264 return 1;
2265 }
2266 /* break; */
2267 case SSL_CTRL_SET_TMP_ECDH_CB:
2268 {
2269 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2270 return (0);
2271 }
2272 break;
2273 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2274 ctx->internal->tlsext_servername_arg = parg;
2275 break;
2276 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2277 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2278 {
2279 unsigned char *keys = parg;
2280 if (!keys)
2281 return 48;
2282 if (larg != 48) {
2283 SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
2284 return 0;
2285 }
2286 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
2287 memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);
2288 memcpy(ctx->internal->tlsext_tick_hmac_key,
2289 keys + 16, 16);
2290 memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);
2291 } else {
2292 memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);
2293 memcpy(keys + 16,
2294 ctx->internal->tlsext_tick_hmac_key, 16);
2295 memcpy(keys + 32,
2296 ctx->internal->tlsext_tick_aes_key, 16);
2297 }
2298 return 1;
2299 }
2300
2301 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2302 ctx->internal->tlsext_status_arg = parg;
2303 return 1;
2304
2305 case SSL_CTRL_SET_ECDH_AUTO:
2306 ctx->internal->cert->ecdh_tmp_auto = larg;
2307 return 1;
2308
2309 /* A Thawte special :-) */
2310 case SSL_CTRL_EXTRA_CHAIN_CERT:
2311 if (ctx->extra_certs == NULL) {
2312 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
2313 return (0);
2314 }
2315 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2316 break;
2317
2318 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
2319 *(STACK_OF(X509) **)parg = ctx->extra_certs;
2320 break;
2321
2322 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
2323 sk_X509_pop_free(ctx->extra_certs, X509_free);
2324 ctx->extra_certs = NULL;
2325 break;
2326
2327 case SSL_CTRL_SET_GROUPS:
2328 return SSL_CTX_set1_groups(ctx, parg, larg);
2329
2330 case SSL_CTRL_SET_GROUPS_LIST:
2331 return SSL_CTX_set1_groups_list(ctx, parg);
2332
2333 default:
2334 return (0);
2335 }
2336 return (1);
2337 }
2338
2339 int
2340 SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
2341 {
2342 return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,
2343 &ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
2344 }
2345
2346 int
2347 SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
2348 {
2349 return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,
2350 &ctx->internal->tlsext_supportedgroups_length, groups);
2351 }
2352
2353 long
2354 ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2355 {
2356 CERT *cert;
2357
2358 cert = ctx->internal->cert;
2359
2360 switch (cmd) {
2361 case SSL_CTRL_SET_TMP_RSA_CB:
2362 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2363 return (0);
2364 case SSL_CTRL_SET_TMP_DH_CB:
2365 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2366 break;
2367 case SSL_CTRL_SET_TMP_ECDH_CB:
2368 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2369 break;
2370 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2371 ctx->internal->tlsext_servername_callback =
2372 (int (*)(SSL *, int *, void *))fp;
2373 break;
2374
2375 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2376 ctx->internal->tlsext_status_cb = (int (*)(SSL *, void *))fp;
2377 break;
2378
2379 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2380 ctx->internal->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
2381 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
2382 break;
2383
2384 default:
2385 return (0);
2386 }
2387 return (1);
2388 }
2389
2390 /*
2391 * This function needs to check if the ciphers required are actually available.
2392 */
2393 const SSL_CIPHER *
2394 ssl3_get_cipher_by_char(const unsigned char *p)
2395 {
2396 CBS cipher;
2397 uint16_t cipher_value;
2398
2399 /* We have to assume it is at least 2 bytes due to existing API. */
2400 CBS_init(&cipher, p, 2);
2401 if (!CBS_get_u16(&cipher, &cipher_value))
2402 return NULL;
2403
2404 return ssl3_get_cipher_by_value(cipher_value);
2405 }
2406
2407 int
2408 ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2409 {
2410 if (p != NULL) {
2411 if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID)
2412 return (0);
2413 s2n(ssl3_cipher_get_value(c), p);
2414 }
2415 return (2);
2416 }
2417
2418 SSL_CIPHER *
2419 ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2420 STACK_OF(SSL_CIPHER) *srvr)
2421 {
2422 unsigned long alg_k, alg_a, mask_k, mask_a;
2423 STACK_OF(SSL_CIPHER) *prio, *allow;
2424 SSL_CIPHER *c, *ret = NULL;
2425 int i, ii, ok;
2426 CERT *cert;
2427
2428 /* Let's see which ciphers we can support */
2429 cert = s->cert;
2430
2431 /*
2432 * Do not set the compare functions, because this may lead to a
2433 * reordering by "id". We want to keep the original ordering.
2434 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2435 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2436 */
2437
2438 if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
2439 prio = srvr;
2440 allow = clnt;
2441 } else {
2442 prio = clnt;
2443 allow = srvr;
2444 }
2445
2446 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
2447 c = sk_SSL_CIPHER_value(prio, i);
2448
2449 /* Skip TLS v1.2 only ciphersuites if not supported. */
2450 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
2451 !SSL_USE_TLS1_2_CIPHERS(s))
2452 continue;
2453
2454 ssl_set_cert_masks(cert, c);
2455 mask_k = cert->mask_k;
2456 mask_a = cert->mask_a;
2457
2458 alg_k = c->algorithm_mkey;
2459 alg_a = c->algorithm_auth;
2460
2461
2462 ok = (alg_k & mask_k) && (alg_a & mask_a);
2463
2464 /*
2465 * If we are considering an ECC cipher suite that uses our
2466 * certificate check it.
2467 */
2468 if (alg_a & SSL_aECDSA)
2469 ok = ok && tls1_check_ec_server_key(s);
2470 /*
2471 * If we are considering an ECC cipher suite that uses
2472 * an ephemeral EC key check it.
2473 */
2474 if (alg_k & SSL_kECDHE)
2475 ok = ok && tls1_check_ec_tmp_key(s);
2476
2477 if (!ok)
2478 continue;
2479 ii = sk_SSL_CIPHER_find(allow, c);
2480 if (ii >= 0) {
2481 ret = sk_SSL_CIPHER_value(allow, ii);
2482 break;
2483 }
2484 }
2485 return (ret);
2486 }
2487
2488 int
2489 ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2490 {
2491 int ret = 0;
2492 unsigned long alg_k;
2493
2494 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2495
2496 #ifndef OPENSSL_NO_GOST
2497 if ((alg_k & SSL_kGOST)) {
2498 p[ret++] = TLS_CT_GOST94_SIGN;
2499 p[ret++] = TLS_CT_GOST01_SIGN;
2500 p[ret++] = TLS_CT_GOST12_256_SIGN;
2501 p[ret++] = TLS_CT_GOST12_512_SIGN;
2502 }
2503 #endif
2504
2505 if (alg_k & SSL_kDHE) {
2506 p[ret++] = SSL3_CT_RSA_FIXED_DH;
2507 p[ret++] = SSL3_CT_DSS_FIXED_DH;
2508 }
2509 p[ret++] = SSL3_CT_RSA_SIGN;
2510 p[ret++] = SSL3_CT_DSS_SIGN;
2511
2512 /*
2513 * ECDSA certs can be used with RSA cipher suites as well
2514 * so we don't need to check for SSL_kECDH or SSL_kECDHE.
2515 */
2516 p[ret++] = TLS_CT_ECDSA_SIGN;
2517
2518 return (ret);
2519 }
2520
2521 int
2522 ssl3_shutdown(SSL *s)
2523 {
2524 int ret;
2525
2526 /*
2527 * Don't do anything much if we have not done the handshake or
2528 * we don't want to send messages :-)
2529 */
2530 if ((s->internal->quiet_shutdown) || (s->internal->state == SSL_ST_BEFORE)) {
2531 s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2532 return (1);
2533 }
2534
2535 if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) {
2536 s->internal->shutdown|=SSL_SENT_SHUTDOWN;
2537 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2538 /*
2539 * Our shutdown alert has been sent now, and if it still needs
2540 * to be written, s->s3->alert_dispatch will be true
2541 */
2542 if (s->s3->alert_dispatch)
2543 return(-1); /* return WANT_WRITE */
2544 } else if (s->s3->alert_dispatch) {
2545 /* resend it if not sent */
2546 ret = s->method->ssl_dispatch_alert(s);
2547 if (ret == -1) {
2548 /*
2549 * We only get to return -1 here the 2nd/Nth
2550 * invocation, we must have already signalled
2551 * return 0 upon a previous invoation,
2552 * return WANT_WRITE
2553 */
2554 return (ret);
2555 }
2556 } else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2557 /* If we are waiting for a close from our peer, we are closed */
2558 s->method->internal->ssl_read_bytes(s, 0, NULL, 0, 0);
2559 if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2560 return(-1); /* return WANT_READ */
2561 }
2562 }
2563
2564 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2565 !s->s3->alert_dispatch)
2566 return (1);
2567 else
2568 return (0);
2569 }
2570
2571 int
2572 ssl3_write(SSL *s, const void *buf, int len)
2573 {
2574 int ret, n;
2575
2576 #if 0
2577 if (s->internal->shutdown & SSL_SEND_SHUTDOWN) {
2578 s->internal->rwstate = SSL_NOTHING;
2579 return (0);
2580 }
2581 #endif
2582 errno = 0;
2583 if (S3I(s)->renegotiate)
2584 ssl3_renegotiate_check(s);
2585
2586 /*
2587 * This is an experimental flag that sends the
2588 * last handshake message in the same packet as the first
2589 * use data - used to see if it helps the TCP protocol during
2590 * session-id reuse
2591 */
2592 /* The second test is because the buffer may have been removed */
2593 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
2594 /* First time through, we write into the buffer */
2595 if (S3I(s)->delay_buf_pop_ret == 0) {
2596 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2597 buf, len);
2598 if (ret <= 0)
2599 return (ret);
2600
2601 S3I(s)->delay_buf_pop_ret = ret;
2602 }
2603
2604 s->internal->rwstate = SSL_WRITING;
2605 n = BIO_flush(s->wbio);
2606 if (n <= 0)
2607 return (n);
2608 s->internal->rwstate = SSL_NOTHING;
2609
2610 /* We have flushed the buffer, so remove it */
2611 ssl_free_wbio_buffer(s);
2612 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
2613
2614 ret = S3I(s)->delay_buf_pop_ret;
2615 S3I(s)->delay_buf_pop_ret = 0;
2616 } else {
2617 ret = s->method->internal->ssl_write_bytes(s,
2618 SSL3_RT_APPLICATION_DATA, buf, len);
2619 if (ret <= 0)
2620 return (ret);
2621 }
2622
2623 return (ret);
2624 }
2625
2626 static int
2627 ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2628 {
2629 int ret;
2630
2631 errno = 0;
2632 if (S3I(s)->renegotiate)
2633 ssl3_renegotiate_check(s);
2634 S3I(s)->in_read_app_data = 1;
2635 ret = s->method->internal->ssl_read_bytes(s,
2636 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2637 if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) {
2638 /*
2639 * ssl3_read_bytes decided to call s->internal->handshake_func, which
2640 * called ssl3_read_bytes to read handshake data.
2641 * However, ssl3_read_bytes actually found application data
2642 * and thinks that application data makes sense here; so disable
2643 * handshake processing and try to read application data again.
2644 */
2645 s->internal->in_handshake++;
2646 ret = s->method->internal->ssl_read_bytes(s,
2647 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2648 s->internal->in_handshake--;
2649 } else
2650 S3I(s)->in_read_app_data = 0;
2651
2652 return (ret);
2653 }
2654
2655 int
2656 ssl3_read(SSL *s, void *buf, int len)
2657 {
2658 return ssl3_read_internal(s, buf, len, 0);
2659 }
2660
2661 int
2662 ssl3_peek(SSL *s, void *buf, int len)
2663 {
2664 return ssl3_read_internal(s, buf, len, 1);
2665 }
2666
2667 int
2668 ssl3_renegotiate(SSL *s)
2669 {
2670 if (s->internal->handshake_func == NULL)
2671 return (1);
2672
2673 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2674 return (0);
2675
2676 S3I(s)->renegotiate = 1;
2677 return (1);
2678 }
2679
2680 int
2681 ssl3_renegotiate_check(SSL *s)
2682 {
2683 int ret = 0;
2684
2685 if (S3I(s)->renegotiate) {
2686 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
2687 !SSL_in_init(s)) {
2688 /*
2689 * If we are the server, and we have sent
2690 * a 'RENEGOTIATE' message, we need to go
2691 * to SSL_ST_ACCEPT.
2692 */
2693 /* SSL_ST_ACCEPT */
2694 s->internal->state = SSL_ST_RENEGOTIATE;
2695 S3I(s)->renegotiate = 0;
2696 S3I(s)->num_renegotiations++;
2697 S3I(s)->total_renegotiations++;
2698 ret = 1;
2699 }
2700 }
2701 return (ret);
2702 }
2703 /*
2704 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
2705 * and handshake macs if required.
2706 */
2707 long
2708 ssl_get_algorithm2(SSL *s)
2709 {
2710 long alg2 = S3I(s)->tmp.new_cipher->algorithm2;
2711
2712 if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
2713 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
2714 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
2715 return alg2;
2716 }
unleashed repo fork