1 /* $OpenBSD: s3_lib.c,v 1.107 2016/01/27 02:06:16 beck Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * 114 * Portions of the attached software ("Contribution") are developed by 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 116 * 117 * The Contribution is licensed pursuant to the OpenSSL open source 118 * license provided above. 119 * 120 * ECC cipher suite support in OpenSSL originally written by 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 122 * 123 */ 124 /* ==================================================================== 125 * Copyright 2005 Nokia. All rights reserved. 126 * 127 * The portions of the attached software ("Contribution") is developed by 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 129 * license. 130 * 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 133 * support (see RFC 4279) to OpenSSL. 134 * 135 * No patent licenses or other rights except those expressly stated in 136 * the OpenSSL open source license shall be deemed granted or received 137 * expressly, by implication, estoppel, or otherwise. 138 * 139 * No assurances are provided by Nokia that the Contribution does not 140 * infringe the patent or other intellectual property rights of any third 141 * party or that the license provides you with all the necessary rights 142 * to make use of the Contribution. 143 * 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 148 * OTHERWISE. 149 */ 150 151 #include <stdio.h> 152 153 #include <openssl/dh.h> 154 #include <openssl/md5.h> 155 #include <openssl/objects.h> 156 157 #include "ssl_locl.h" 158 #include "bytestring.h" 159 160 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) 161 162 /* 163 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the 164 * fixed nonce length in algorithms2. It is the inverse of the 165 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro. 166 */ 167 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) 168 169 /* list of available SSLv3 ciphers (sorted by id) */ 170 SSL_CIPHER ssl3_ciphers[] = { 171 172 /* The RSA ciphers */ 173 /* Cipher 01 */ 174 { 175 .valid = 1, 176 .name = SSL3_TXT_RSA_NULL_MD5, 177 .id = SSL3_CK_RSA_NULL_MD5, 178 .algorithm_mkey = SSL_kRSA, 179 .algorithm_auth = SSL_aRSA, 180 .algorithm_enc = SSL_eNULL, 181 .algorithm_mac = SSL_MD5, 182 .algorithm_ssl = SSL_SSLV3, 183 .algo_strength = SSL_STRONG_NONE, 184 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 185 .strength_bits = 0, 186 .alg_bits = 0, 187 }, 188 189 /* Cipher 02 */ 190 { 191 .valid = 1, 192 .name = SSL3_TXT_RSA_NULL_SHA, 193 .id = SSL3_CK_RSA_NULL_SHA, 194 .algorithm_mkey = SSL_kRSA, 195 .algorithm_auth = SSL_aRSA, 196 .algorithm_enc = SSL_eNULL, 197 .algorithm_mac = SSL_SHA1, 198 .algorithm_ssl = SSL_SSLV3, 199 .algo_strength = SSL_STRONG_NONE, 200 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 201 .strength_bits = 0, 202 .alg_bits = 0, 203 }, 204 205 /* Cipher 04 */ 206 { 207 .valid = 1, 208 .name = SSL3_TXT_RSA_RC4_128_MD5, 209 .id = SSL3_CK_RSA_RC4_128_MD5, 210 .algorithm_mkey = SSL_kRSA, 211 .algorithm_auth = SSL_aRSA, 212 .algorithm_enc = SSL_RC4, 213 .algorithm_mac = SSL_MD5, 214 .algorithm_ssl = SSL_SSLV3, 215 .algo_strength = SSL_MEDIUM, 216 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 217 .strength_bits = 128, 218 .alg_bits = 128, 219 }, 220 221 /* Cipher 05 */ 222 { 223 .valid = 1, 224 .name = SSL3_TXT_RSA_RC4_128_SHA, 225 .id = SSL3_CK_RSA_RC4_128_SHA, 226 .algorithm_mkey = SSL_kRSA, 227 .algorithm_auth = SSL_aRSA, 228 .algorithm_enc = SSL_RC4, 229 .algorithm_mac = SSL_SHA1, 230 .algorithm_ssl = SSL_SSLV3, 231 .algo_strength = SSL_MEDIUM, 232 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 233 .strength_bits = 128, 234 .alg_bits = 128, 235 }, 236 237 /* Cipher 07 */ 238 #ifndef OPENSSL_NO_IDEA 239 { 240 .valid = 1, 241 .name = SSL3_TXT_RSA_IDEA_128_SHA, 242 .id = SSL3_CK_RSA_IDEA_128_SHA, 243 .algorithm_mkey = SSL_kRSA, 244 .algorithm_auth = SSL_aRSA, 245 .algorithm_enc = SSL_IDEA, 246 .algorithm_mac = SSL_SHA1, 247 .algorithm_ssl = SSL_SSLV3, 248 .algo_strength = SSL_MEDIUM, 249 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 250 .strength_bits = 128, 251 .alg_bits = 128, 252 }, 253 #endif 254 255 /* Cipher 09 */ 256 { 257 .valid = 1, 258 .name = SSL3_TXT_RSA_DES_64_CBC_SHA, 259 .id = SSL3_CK_RSA_DES_64_CBC_SHA, 260 .algorithm_mkey = SSL_kRSA, 261 .algorithm_auth = SSL_aRSA, 262 .algorithm_enc = SSL_DES, 263 .algorithm_mac = SSL_SHA1, 264 .algorithm_ssl = SSL_SSLV3, 265 .algo_strength = SSL_LOW, 266 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 267 .strength_bits = 56, 268 .alg_bits = 56, 269 }, 270 271 /* Cipher 0A */ 272 { 273 .valid = 1, 274 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, 275 .id = SSL3_CK_RSA_DES_192_CBC3_SHA, 276 .algorithm_mkey = SSL_kRSA, 277 .algorithm_auth = SSL_aRSA, 278 .algorithm_enc = SSL_3DES, 279 .algorithm_mac = SSL_SHA1, 280 .algorithm_ssl = SSL_SSLV3, 281 .algo_strength = SSL_HIGH, 282 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 283 .strength_bits = 112, 284 .alg_bits = 168, 285 }, 286 287 /* 288 * Ephemeral DH (DHE) ciphers. 289 */ 290 291 /* Cipher 12 */ 292 { 293 .valid = 1, 294 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 295 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 296 .algorithm_mkey = SSL_kDHE, 297 .algorithm_auth = SSL_aDSS, 298 .algorithm_enc = SSL_DES, 299 .algorithm_mac = SSL_SHA1, 300 .algorithm_ssl = SSL_SSLV3, 301 .algo_strength = SSL_LOW, 302 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 303 .strength_bits = 56, 304 .alg_bits = 56, 305 }, 306 307 /* Cipher 13 */ 308 { 309 .valid = 1, 310 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 311 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 312 .algorithm_mkey = SSL_kDHE, 313 .algorithm_auth = SSL_aDSS, 314 .algorithm_enc = SSL_3DES, 315 .algorithm_mac = SSL_SHA1, 316 .algorithm_ssl = SSL_SSLV3, 317 .algo_strength = SSL_HIGH, 318 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 319 .strength_bits = 112, 320 .alg_bits = 168, 321 }, 322 323 /* Cipher 15 */ 324 { 325 .valid = 1, 326 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 327 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 328 .algorithm_mkey = SSL_kDHE, 329 .algorithm_auth = SSL_aRSA, 330 .algorithm_enc = SSL_DES, 331 .algorithm_mac = SSL_SHA1, 332 .algorithm_ssl = SSL_SSLV3, 333 .algo_strength = SSL_LOW, 334 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 335 .strength_bits = 56, 336 .alg_bits = 56, 337 }, 338 339 /* Cipher 16 */ 340 { 341 .valid = 1, 342 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 343 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 344 .algorithm_mkey = SSL_kDHE, 345 .algorithm_auth = SSL_aRSA, 346 .algorithm_enc = SSL_3DES, 347 .algorithm_mac = SSL_SHA1, 348 .algorithm_ssl = SSL_SSLV3, 349 .algo_strength = SSL_HIGH, 350 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 351 .strength_bits = 112, 352 .alg_bits = 168, 353 }, 354 355 /* Cipher 18 */ 356 { 357 .valid = 1, 358 .name = SSL3_TXT_ADH_RC4_128_MD5, 359 .id = SSL3_CK_ADH_RC4_128_MD5, 360 .algorithm_mkey = SSL_kDHE, 361 .algorithm_auth = SSL_aNULL, 362 .algorithm_enc = SSL_RC4, 363 .algorithm_mac = SSL_MD5, 364 .algorithm_ssl = SSL_SSLV3, 365 .algo_strength = SSL_MEDIUM, 366 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 367 .strength_bits = 128, 368 .alg_bits = 128, 369 }, 370 371 /* Cipher 1A */ 372 { 373 .valid = 1, 374 .name = SSL3_TXT_ADH_DES_64_CBC_SHA, 375 .id = SSL3_CK_ADH_DES_64_CBC_SHA, 376 .algorithm_mkey = SSL_kDHE, 377 .algorithm_auth = SSL_aNULL, 378 .algorithm_enc = SSL_DES, 379 .algorithm_mac = SSL_SHA1, 380 .algorithm_ssl = SSL_SSLV3, 381 .algo_strength = SSL_LOW, 382 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 383 .strength_bits = 56, 384 .alg_bits = 56, 385 }, 386 387 /* Cipher 1B */ 388 { 389 .valid = 1, 390 .name = SSL3_TXT_ADH_DES_192_CBC_SHA, 391 .id = SSL3_CK_ADH_DES_192_CBC_SHA, 392 .algorithm_mkey = SSL_kDHE, 393 .algorithm_auth = SSL_aNULL, 394 .algorithm_enc = SSL_3DES, 395 .algorithm_mac = SSL_SHA1, 396 .algorithm_ssl = SSL_SSLV3, 397 .algo_strength = SSL_HIGH, 398 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 399 .strength_bits = 112, 400 .alg_bits = 168, 401 }, 402 403 /* 404 * AES ciphersuites. 405 */ 406 407 /* Cipher 2F */ 408 { 409 .valid = 1, 410 .name = TLS1_TXT_RSA_WITH_AES_128_SHA, 411 .id = TLS1_CK_RSA_WITH_AES_128_SHA, 412 .algorithm_mkey = SSL_kRSA, 413 .algorithm_auth = SSL_aRSA, 414 .algorithm_enc = SSL_AES128, 415 .algorithm_mac = SSL_SHA1, 416 .algorithm_ssl = SSL_TLSV1, 417 .algo_strength = SSL_HIGH, 418 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 419 .strength_bits = 128, 420 .alg_bits = 128, 421 }, 422 423 /* Cipher 32 */ 424 { 425 .valid = 1, 426 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 427 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 428 .algorithm_mkey = SSL_kDHE, 429 .algorithm_auth = SSL_aDSS, 430 .algorithm_enc = SSL_AES128, 431 .algorithm_mac = SSL_SHA1, 432 .algorithm_ssl = SSL_TLSV1, 433 .algo_strength = SSL_HIGH, 434 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 435 .strength_bits = 128, 436 .alg_bits = 128, 437 }, 438 439 /* Cipher 33 */ 440 { 441 .valid = 1, 442 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 443 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 444 .algorithm_mkey = SSL_kDHE, 445 .algorithm_auth = SSL_aRSA, 446 .algorithm_enc = SSL_AES128, 447 .algorithm_mac = SSL_SHA1, 448 .algorithm_ssl = SSL_TLSV1, 449 .algo_strength = SSL_HIGH, 450 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 451 .strength_bits = 128, 452 .alg_bits = 128, 453 }, 454 455 /* Cipher 34 */ 456 { 457 .valid = 1, 458 .name = TLS1_TXT_ADH_WITH_AES_128_SHA, 459 .id = TLS1_CK_ADH_WITH_AES_128_SHA, 460 .algorithm_mkey = SSL_kDHE, 461 .algorithm_auth = SSL_aNULL, 462 .algorithm_enc = SSL_AES128, 463 .algorithm_mac = SSL_SHA1, 464 .algorithm_ssl = SSL_TLSV1, 465 .algo_strength = SSL_HIGH, 466 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 467 .strength_bits = 128, 468 .alg_bits = 128, 469 }, 470 471 /* Cipher 35 */ 472 { 473 .valid = 1, 474 .name = TLS1_TXT_RSA_WITH_AES_256_SHA, 475 .id = TLS1_CK_RSA_WITH_AES_256_SHA, 476 .algorithm_mkey = SSL_kRSA, 477 .algorithm_auth = SSL_aRSA, 478 .algorithm_enc = SSL_AES256, 479 .algorithm_mac = SSL_SHA1, 480 .algorithm_ssl = SSL_TLSV1, 481 .algo_strength = SSL_HIGH, 482 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 483 .strength_bits = 256, 484 .alg_bits = 256, 485 }, 486 487 /* Cipher 38 */ 488 { 489 .valid = 1, 490 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 491 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 492 .algorithm_mkey = SSL_kDHE, 493 .algorithm_auth = SSL_aDSS, 494 .algorithm_enc = SSL_AES256, 495 .algorithm_mac = SSL_SHA1, 496 .algorithm_ssl = SSL_TLSV1, 497 .algo_strength = SSL_HIGH, 498 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 499 .strength_bits = 256, 500 .alg_bits = 256, 501 }, 502 503 /* Cipher 39 */ 504 { 505 .valid = 1, 506 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 507 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 508 .algorithm_mkey = SSL_kDHE, 509 .algorithm_auth = SSL_aRSA, 510 .algorithm_enc = SSL_AES256, 511 .algorithm_mac = SSL_SHA1, 512 .algorithm_ssl = SSL_TLSV1, 513 .algo_strength = SSL_HIGH, 514 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 515 .strength_bits = 256, 516 .alg_bits = 256, 517 }, 518 519 /* Cipher 3A */ 520 { 521 .valid = 1, 522 .name = TLS1_TXT_ADH_WITH_AES_256_SHA, 523 .id = TLS1_CK_ADH_WITH_AES_256_SHA, 524 .algorithm_mkey = SSL_kDHE, 525 .algorithm_auth = SSL_aNULL, 526 .algorithm_enc = SSL_AES256, 527 .algorithm_mac = SSL_SHA1, 528 .algorithm_ssl = SSL_TLSV1, 529 .algo_strength = SSL_HIGH, 530 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 531 .strength_bits = 256, 532 .alg_bits = 256, 533 }, 534 535 /* TLS v1.2 ciphersuites */ 536 /* Cipher 3B */ 537 { 538 .valid = 1, 539 .name = TLS1_TXT_RSA_WITH_NULL_SHA256, 540 .id = TLS1_CK_RSA_WITH_NULL_SHA256, 541 .algorithm_mkey = SSL_kRSA, 542 .algorithm_auth = SSL_aRSA, 543 .algorithm_enc = SSL_eNULL, 544 .algorithm_mac = SSL_SHA256, 545 .algorithm_ssl = SSL_TLSV1_2, 546 .algo_strength = SSL_STRONG_NONE, 547 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 548 .strength_bits = 0, 549 .alg_bits = 0, 550 }, 551 552 /* Cipher 3C */ 553 { 554 .valid = 1, 555 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, 556 .id = TLS1_CK_RSA_WITH_AES_128_SHA256, 557 .algorithm_mkey = SSL_kRSA, 558 .algorithm_auth = SSL_aRSA, 559 .algorithm_enc = SSL_AES128, 560 .algorithm_mac = SSL_SHA256, 561 .algorithm_ssl = SSL_TLSV1_2, 562 .algo_strength = SSL_HIGH, 563 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 564 .strength_bits = 128, 565 .alg_bits = 128, 566 }, 567 568 /* Cipher 3D */ 569 { 570 .valid = 1, 571 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, 572 .id = TLS1_CK_RSA_WITH_AES_256_SHA256, 573 .algorithm_mkey = SSL_kRSA, 574 .algorithm_auth = SSL_aRSA, 575 .algorithm_enc = SSL_AES256, 576 .algorithm_mac = SSL_SHA256, 577 .algorithm_ssl = SSL_TLSV1_2, 578 .algo_strength = SSL_HIGH, 579 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 580 .strength_bits = 256, 581 .alg_bits = 256, 582 }, 583 584 /* Cipher 40 */ 585 { 586 .valid = 1, 587 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, 588 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, 589 .algorithm_mkey = SSL_kDHE, 590 .algorithm_auth = SSL_aDSS, 591 .algorithm_enc = SSL_AES128, 592 .algorithm_mac = SSL_SHA256, 593 .algorithm_ssl = SSL_TLSV1_2, 594 .algo_strength = SSL_HIGH, 595 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 596 .strength_bits = 128, 597 .alg_bits = 128, 598 }, 599 600 #ifndef OPENSSL_NO_CAMELLIA 601 /* Camellia ciphersuites from RFC4132 (128-bit portion) */ 602 603 /* Cipher 41 */ 604 { 605 .valid = 1, 606 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 607 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 608 .algorithm_mkey = SSL_kRSA, 609 .algorithm_auth = SSL_aRSA, 610 .algorithm_enc = SSL_CAMELLIA128, 611 .algorithm_mac = SSL_SHA1, 612 .algorithm_ssl = SSL_TLSV1, 613 .algo_strength = SSL_HIGH, 614 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 615 .strength_bits = 128, 616 .alg_bits = 128, 617 }, 618 619 /* Cipher 44 */ 620 { 621 .valid = 1, 622 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 623 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 624 .algorithm_mkey = SSL_kDHE, 625 .algorithm_auth = SSL_aDSS, 626 .algorithm_enc = SSL_CAMELLIA128, 627 .algorithm_mac = SSL_SHA1, 628 .algorithm_ssl = SSL_TLSV1, 629 .algo_strength = SSL_HIGH, 630 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 631 .strength_bits = 128, 632 .alg_bits = 128, 633 }, 634 635 /* Cipher 45 */ 636 { 637 .valid = 1, 638 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 639 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 640 .algorithm_mkey = SSL_kDHE, 641 .algorithm_auth = SSL_aRSA, 642 .algorithm_enc = SSL_CAMELLIA128, 643 .algorithm_mac = SSL_SHA1, 644 .algorithm_ssl = SSL_TLSV1, 645 .algo_strength = SSL_HIGH, 646 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 647 .strength_bits = 128, 648 .alg_bits = 128, 649 }, 650 651 /* Cipher 46 */ 652 { 653 .valid = 1, 654 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 655 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 656 .algorithm_mkey = SSL_kDHE, 657 .algorithm_auth = SSL_aNULL, 658 .algorithm_enc = SSL_CAMELLIA128, 659 .algorithm_mac = SSL_SHA1, 660 .algorithm_ssl = SSL_TLSV1, 661 .algo_strength = SSL_HIGH, 662 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 663 .strength_bits = 128, 664 .alg_bits = 128, 665 }, 666 #endif /* OPENSSL_NO_CAMELLIA */ 667 668 /* TLS v1.2 ciphersuites */ 669 /* Cipher 67 */ 670 { 671 .valid = 1, 672 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, 673 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 674 .algorithm_mkey = SSL_kDHE, 675 .algorithm_auth = SSL_aRSA, 676 .algorithm_enc = SSL_AES128, 677 .algorithm_mac = SSL_SHA256, 678 .algorithm_ssl = SSL_TLSV1_2, 679 .algo_strength = SSL_HIGH, 680 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 681 .strength_bits = 128, 682 .alg_bits = 128, 683 }, 684 685 /* Cipher 6A */ 686 { 687 .valid = 1, 688 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, 689 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, 690 .algorithm_mkey = SSL_kDHE, 691 .algorithm_auth = SSL_aDSS, 692 .algorithm_enc = SSL_AES256, 693 .algorithm_mac = SSL_SHA256, 694 .algorithm_ssl = SSL_TLSV1_2, 695 .algo_strength = SSL_HIGH, 696 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 697 .strength_bits = 256, 698 .alg_bits = 256, 699 }, 700 701 /* Cipher 6B */ 702 { 703 .valid = 1, 704 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, 705 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 706 .algorithm_mkey = SSL_kDHE, 707 .algorithm_auth = SSL_aRSA, 708 .algorithm_enc = SSL_AES256, 709 .algorithm_mac = SSL_SHA256, 710 .algorithm_ssl = SSL_TLSV1_2, 711 .algo_strength = SSL_HIGH, 712 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 713 .strength_bits = 256, 714 .alg_bits = 256, 715 }, 716 717 /* Cipher 6C */ 718 { 719 .valid = 1, 720 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, 721 .id = TLS1_CK_ADH_WITH_AES_128_SHA256, 722 .algorithm_mkey = SSL_kDHE, 723 .algorithm_auth = SSL_aNULL, 724 .algorithm_enc = SSL_AES128, 725 .algorithm_mac = SSL_SHA256, 726 .algorithm_ssl = SSL_TLSV1_2, 727 .algo_strength = SSL_HIGH, 728 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 729 .strength_bits = 128, 730 .alg_bits = 128, 731 }, 732 733 /* Cipher 6D */ 734 { 735 .valid = 1, 736 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, 737 .id = TLS1_CK_ADH_WITH_AES_256_SHA256, 738 .algorithm_mkey = SSL_kDHE, 739 .algorithm_auth = SSL_aNULL, 740 .algorithm_enc = SSL_AES256, 741 .algorithm_mac = SSL_SHA256, 742 .algorithm_ssl = SSL_TLSV1_2, 743 .algo_strength = SSL_HIGH, 744 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 745 .strength_bits = 256, 746 .alg_bits = 256, 747 }, 748 749 /* GOST Ciphersuites */ 750 751 /* Cipher 81 */ 752 { 753 .valid = 1, 754 .name = "GOST2001-GOST89-GOST89", 755 .id = 0x3000081, 756 .algorithm_mkey = SSL_kGOST, 757 .algorithm_auth = SSL_aGOST01, 758 .algorithm_enc = SSL_eGOST2814789CNT, 759 .algorithm_mac = SSL_GOST89MAC, 760 .algorithm_ssl = SSL_TLSV1, 761 .algo_strength = SSL_HIGH, 762 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| 763 TLS1_STREAM_MAC, 764 .strength_bits = 256, 765 .alg_bits = 256 766 }, 767 768 /* Cipher 83 */ 769 { 770 .valid = 1, 771 .name = "GOST2001-NULL-GOST94", 772 .id = 0x3000083, 773 .algorithm_mkey = SSL_kGOST, 774 .algorithm_auth = SSL_aGOST01, 775 .algorithm_enc = SSL_eNULL, 776 .algorithm_mac = SSL_GOST94, 777 .algorithm_ssl = SSL_TLSV1, 778 .algo_strength = SSL_STRONG_NONE, 779 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, 780 .strength_bits = 0, 781 .alg_bits = 0 782 }, 783 784 #ifndef OPENSSL_NO_CAMELLIA 785 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 786 787 /* Cipher 84 */ 788 { 789 .valid = 1, 790 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 791 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 792 .algorithm_mkey = SSL_kRSA, 793 .algorithm_auth = SSL_aRSA, 794 .algorithm_enc = SSL_CAMELLIA256, 795 .algorithm_mac = SSL_SHA1, 796 .algorithm_ssl = SSL_TLSV1, 797 .algo_strength = SSL_HIGH, 798 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 799 .strength_bits = 256, 800 .alg_bits = 256, 801 }, 802 803 /* Cipher 87 */ 804 { 805 .valid = 1, 806 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 807 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 808 .algorithm_mkey = SSL_kDHE, 809 .algorithm_auth = SSL_aDSS, 810 .algorithm_enc = SSL_CAMELLIA256, 811 .algorithm_mac = SSL_SHA1, 812 .algorithm_ssl = SSL_TLSV1, 813 .algo_strength = SSL_HIGH, 814 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 815 .strength_bits = 256, 816 .alg_bits = 256, 817 }, 818 819 /* Cipher 88 */ 820 { 821 .valid = 1, 822 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 823 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 824 .algorithm_mkey = SSL_kDHE, 825 .algorithm_auth = SSL_aRSA, 826 .algorithm_enc = SSL_CAMELLIA256, 827 .algorithm_mac = SSL_SHA1, 828 .algorithm_ssl = SSL_TLSV1, 829 .algo_strength = SSL_HIGH, 830 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 831 .strength_bits = 256, 832 .alg_bits = 256, 833 }, 834 835 /* Cipher 89 */ 836 { 837 .valid = 1, 838 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 839 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 840 .algorithm_mkey = SSL_kDHE, 841 .algorithm_auth = SSL_aNULL, 842 .algorithm_enc = SSL_CAMELLIA256, 843 .algorithm_mac = SSL_SHA1, 844 .algorithm_ssl = SSL_TLSV1, 845 .algo_strength = SSL_HIGH, 846 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 847 .strength_bits = 256, 848 .alg_bits = 256, 849 }, 850 #endif /* OPENSSL_NO_CAMELLIA */ 851 852 /* 853 * GCM ciphersuites from RFC5288. 854 */ 855 856 /* Cipher 9C */ 857 { 858 .valid = 1, 859 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, 860 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 861 .algorithm_mkey = SSL_kRSA, 862 .algorithm_auth = SSL_aRSA, 863 .algorithm_enc = SSL_AES128GCM, 864 .algorithm_mac = SSL_AEAD, 865 .algorithm_ssl = SSL_TLSV1_2, 866 .algo_strength = SSL_HIGH, 867 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 868 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 869 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 870 .strength_bits = 128, 871 .alg_bits = 128, 872 }, 873 874 /* Cipher 9D */ 875 { 876 .valid = 1, 877 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, 878 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 879 .algorithm_mkey = SSL_kRSA, 880 .algorithm_auth = SSL_aRSA, 881 .algorithm_enc = SSL_AES256GCM, 882 .algorithm_mac = SSL_AEAD, 883 .algorithm_ssl = SSL_TLSV1_2, 884 .algo_strength = SSL_HIGH, 885 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 886 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 887 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 888 .strength_bits = 256, 889 .alg_bits = 256, 890 }, 891 892 /* Cipher 9E */ 893 { 894 .valid = 1, 895 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, 896 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 897 .algorithm_mkey = SSL_kDHE, 898 .algorithm_auth = SSL_aRSA, 899 .algorithm_enc = SSL_AES128GCM, 900 .algorithm_mac = SSL_AEAD, 901 .algorithm_ssl = SSL_TLSV1_2, 902 .algo_strength = SSL_HIGH, 903 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 904 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 905 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 906 .strength_bits = 128, 907 .alg_bits = 128, 908 }, 909 910 /* Cipher 9F */ 911 { 912 .valid = 1, 913 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, 914 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 915 .algorithm_mkey = SSL_kDHE, 916 .algorithm_auth = SSL_aRSA, 917 .algorithm_enc = SSL_AES256GCM, 918 .algorithm_mac = SSL_AEAD, 919 .algorithm_ssl = SSL_TLSV1_2, 920 .algo_strength = SSL_HIGH, 921 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 922 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 923 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 924 .strength_bits = 256, 925 .alg_bits = 256, 926 }, 927 928 /* Cipher A2 */ 929 { 930 .valid = 1, 931 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, 932 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, 933 .algorithm_mkey = SSL_kDHE, 934 .algorithm_auth = SSL_aDSS, 935 .algorithm_enc = SSL_AES128GCM, 936 .algorithm_mac = SSL_AEAD, 937 .algorithm_ssl = SSL_TLSV1_2, 938 .algo_strength = SSL_HIGH, 939 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 940 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 941 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 942 .strength_bits = 128, 943 .alg_bits = 128, 944 }, 945 946 /* Cipher A3 */ 947 { 948 .valid = 1, 949 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, 950 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, 951 .algorithm_mkey = SSL_kDHE, 952 .algorithm_auth = SSL_aDSS, 953 .algorithm_enc = SSL_AES256GCM, 954 .algorithm_mac = SSL_AEAD, 955 .algorithm_ssl = SSL_TLSV1_2, 956 .algo_strength = SSL_HIGH, 957 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 958 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 959 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 960 .strength_bits = 256, 961 .alg_bits = 256, 962 }, 963 964 /* Cipher A6 */ 965 { 966 .valid = 1, 967 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, 968 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, 969 .algorithm_mkey = SSL_kDHE, 970 .algorithm_auth = SSL_aNULL, 971 .algorithm_enc = SSL_AES128GCM, 972 .algorithm_mac = SSL_AEAD, 973 .algorithm_ssl = SSL_TLSV1_2, 974 .algo_strength = SSL_HIGH, 975 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 976 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 977 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 978 .strength_bits = 128, 979 .alg_bits = 128, 980 }, 981 982 /* Cipher A7 */ 983 { 984 .valid = 1, 985 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, 986 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, 987 .algorithm_mkey = SSL_kDHE, 988 .algorithm_auth = SSL_aNULL, 989 .algorithm_enc = SSL_AES256GCM, 990 .algorithm_mac = SSL_AEAD, 991 .algorithm_ssl = SSL_TLSV1_2, 992 .algo_strength = SSL_HIGH, 993 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 994 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 995 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 996 .strength_bits = 256, 997 .alg_bits = 256, 998 }, 999 1000 #ifndef OPENSSL_NO_CAMELLIA 1001 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ 1002 1003 /* Cipher BA */ 1004 { 1005 .valid = 1, 1006 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1007 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1008 .algorithm_mkey = SSL_kRSA, 1009 .algorithm_auth = SSL_aRSA, 1010 .algorithm_enc = SSL_CAMELLIA128, 1011 .algorithm_mac = SSL_SHA256, 1012 .algorithm_ssl = SSL_TLSV1_2, 1013 .algo_strength = SSL_HIGH, 1014 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1015 .strength_bits = 128, 1016 .alg_bits = 128, 1017 }, 1018 1019 /* Cipher BD */ 1020 { 1021 .valid = 1, 1022 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 1023 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, 1024 .algorithm_mkey = SSL_kDHE, 1025 .algorithm_auth = SSL_aDSS, 1026 .algorithm_enc = SSL_CAMELLIA128, 1027 .algorithm_mac = SSL_SHA256, 1028 .algorithm_ssl = SSL_TLSV1_2, 1029 .algo_strength = SSL_HIGH, 1030 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1031 .strength_bits = 128, 1032 .alg_bits = 128, 1033 }, 1034 1035 /* Cipher BE */ 1036 { 1037 .valid = 1, 1038 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1039 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 1040 .algorithm_mkey = SSL_kDHE, 1041 .algorithm_auth = SSL_aRSA, 1042 .algorithm_enc = SSL_CAMELLIA128, 1043 .algorithm_mac = SSL_SHA256, 1044 .algorithm_ssl = SSL_TLSV1_2, 1045 .algo_strength = SSL_HIGH, 1046 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1047 .strength_bits = 128, 1048 .alg_bits = 128, 1049 }, 1050 1051 /* Cipher BF */ 1052 { 1053 .valid = 1, 1054 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, 1055 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, 1056 .algorithm_mkey = SSL_kDHE, 1057 .algorithm_auth = SSL_aNULL, 1058 .algorithm_enc = SSL_CAMELLIA128, 1059 .algorithm_mac = SSL_SHA256, 1060 .algorithm_ssl = SSL_TLSV1_2, 1061 .algo_strength = SSL_HIGH, 1062 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1063 .strength_bits = 128, 1064 .alg_bits = 128, 1065 }, 1066 1067 /* Cipher C0 */ 1068 { 1069 .valid = 1, 1070 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1071 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1072 .algorithm_mkey = SSL_kRSA, 1073 .algorithm_auth = SSL_aRSA, 1074 .algorithm_enc = SSL_CAMELLIA256, 1075 .algorithm_mac = SSL_SHA256, 1076 .algorithm_ssl = SSL_TLSV1_2, 1077 .algo_strength = SSL_HIGH, 1078 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1079 .strength_bits = 256, 1080 .alg_bits = 256, 1081 }, 1082 1083 /* Cipher C3 */ 1084 { 1085 .valid = 1, 1086 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 1087 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, 1088 .algorithm_mkey = SSL_kDHE, 1089 .algorithm_auth = SSL_aDSS, 1090 .algorithm_enc = SSL_CAMELLIA256, 1091 .algorithm_mac = SSL_SHA256, 1092 .algorithm_ssl = SSL_TLSV1_2, 1093 .algo_strength = SSL_HIGH, 1094 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1095 .strength_bits = 256, 1096 .alg_bits = 256, 1097 }, 1098 1099 /* Cipher C4 */ 1100 { 1101 .valid = 1, 1102 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1103 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 1104 .algorithm_mkey = SSL_kDHE, 1105 .algorithm_auth = SSL_aRSA, 1106 .algorithm_enc = SSL_CAMELLIA256, 1107 .algorithm_mac = SSL_SHA256, 1108 .algorithm_ssl = SSL_TLSV1_2, 1109 .algo_strength = SSL_HIGH, 1110 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1111 .strength_bits = 256, 1112 .alg_bits = 256, 1113 }, 1114 1115 /* Cipher C5 */ 1116 { 1117 .valid = 1, 1118 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, 1119 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, 1120 .algorithm_mkey = SSL_kDHE, 1121 .algorithm_auth = SSL_aNULL, 1122 .algorithm_enc = SSL_CAMELLIA256, 1123 .algorithm_mac = SSL_SHA256, 1124 .algorithm_ssl = SSL_TLSV1_2, 1125 .algo_strength = SSL_HIGH, 1126 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1127 .strength_bits = 256, 1128 .alg_bits = 256, 1129 }, 1130 #endif /* OPENSSL_NO_CAMELLIA */ 1131 1132 /* Cipher C001 */ 1133 { 1134 .valid = 1, 1135 .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 1136 .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 1137 .algorithm_mkey = SSL_kECDHe, 1138 .algorithm_auth = SSL_aECDH, 1139 .algorithm_enc = SSL_eNULL, 1140 .algorithm_mac = SSL_SHA1, 1141 .algorithm_ssl = SSL_TLSV1, 1142 .algo_strength = SSL_STRONG_NONE, 1143 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1144 .strength_bits = 0, 1145 .alg_bits = 0, 1146 }, 1147 1148 /* Cipher C002 */ 1149 { 1150 .valid = 1, 1151 .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 1152 .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 1153 .algorithm_mkey = SSL_kECDHe, 1154 .algorithm_auth = SSL_aECDH, 1155 .algorithm_enc = SSL_RC4, 1156 .algorithm_mac = SSL_SHA1, 1157 .algorithm_ssl = SSL_TLSV1, 1158 .algo_strength = SSL_MEDIUM, 1159 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1160 .strength_bits = 128, 1161 .alg_bits = 128, 1162 }, 1163 1164 /* Cipher C003 */ 1165 { 1166 .valid = 1, 1167 .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1168 .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1169 .algorithm_mkey = SSL_kECDHe, 1170 .algorithm_auth = SSL_aECDH, 1171 .algorithm_enc = SSL_3DES, 1172 .algorithm_mac = SSL_SHA1, 1173 .algorithm_ssl = SSL_TLSV1, 1174 .algo_strength = SSL_HIGH, 1175 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1176 .strength_bits = 112, 1177 .alg_bits = 168, 1178 }, 1179 1180 /* Cipher C004 */ 1181 { 1182 .valid = 1, 1183 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1184 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1185 .algorithm_mkey = SSL_kECDHe, 1186 .algorithm_auth = SSL_aECDH, 1187 .algorithm_enc = SSL_AES128, 1188 .algorithm_mac = SSL_SHA1, 1189 .algorithm_ssl = SSL_TLSV1, 1190 .algo_strength = SSL_HIGH, 1191 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1192 .strength_bits = 128, 1193 .alg_bits = 128, 1194 }, 1195 1196 /* Cipher C005 */ 1197 { 1198 .valid = 1, 1199 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1200 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1201 .algorithm_mkey = SSL_kECDHe, 1202 .algorithm_auth = SSL_aECDH, 1203 .algorithm_enc = SSL_AES256, 1204 .algorithm_mac = SSL_SHA1, 1205 .algorithm_ssl = SSL_TLSV1, 1206 .algo_strength = SSL_HIGH, 1207 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1208 .strength_bits = 256, 1209 .alg_bits = 256, 1210 }, 1211 1212 /* Cipher C006 */ 1213 { 1214 .valid = 1, 1215 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1216 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1217 .algorithm_mkey = SSL_kECDHE, 1218 .algorithm_auth = SSL_aECDSA, 1219 .algorithm_enc = SSL_eNULL, 1220 .algorithm_mac = SSL_SHA1, 1221 .algorithm_ssl = SSL_TLSV1, 1222 .algo_strength = SSL_STRONG_NONE, 1223 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1224 .strength_bits = 0, 1225 .alg_bits = 0, 1226 }, 1227 1228 /* Cipher C007 */ 1229 { 1230 .valid = 1, 1231 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1232 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1233 .algorithm_mkey = SSL_kECDHE, 1234 .algorithm_auth = SSL_aECDSA, 1235 .algorithm_enc = SSL_RC4, 1236 .algorithm_mac = SSL_SHA1, 1237 .algorithm_ssl = SSL_TLSV1, 1238 .algo_strength = SSL_MEDIUM, 1239 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1240 .strength_bits = 128, 1241 .alg_bits = 128, 1242 }, 1243 1244 /* Cipher C008 */ 1245 { 1246 .valid = 1, 1247 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1248 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1249 .algorithm_mkey = SSL_kECDHE, 1250 .algorithm_auth = SSL_aECDSA, 1251 .algorithm_enc = SSL_3DES, 1252 .algorithm_mac = SSL_SHA1, 1253 .algorithm_ssl = SSL_TLSV1, 1254 .algo_strength = SSL_HIGH, 1255 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1256 .strength_bits = 112, 1257 .alg_bits = 168, 1258 }, 1259 1260 /* Cipher C009 */ 1261 { 1262 .valid = 1, 1263 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1264 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1265 .algorithm_mkey = SSL_kECDHE, 1266 .algorithm_auth = SSL_aECDSA, 1267 .algorithm_enc = SSL_AES128, 1268 .algorithm_mac = SSL_SHA1, 1269 .algorithm_ssl = SSL_TLSV1, 1270 .algo_strength = SSL_HIGH, 1271 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1272 .strength_bits = 128, 1273 .alg_bits = 128, 1274 }, 1275 1276 /* Cipher C00A */ 1277 { 1278 .valid = 1, 1279 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1280 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1281 .algorithm_mkey = SSL_kECDHE, 1282 .algorithm_auth = SSL_aECDSA, 1283 .algorithm_enc = SSL_AES256, 1284 .algorithm_mac = SSL_SHA1, 1285 .algorithm_ssl = SSL_TLSV1, 1286 .algo_strength = SSL_HIGH, 1287 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1288 .strength_bits = 256, 1289 .alg_bits = 256, 1290 }, 1291 1292 /* Cipher C00B */ 1293 { 1294 .valid = 1, 1295 .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 1296 .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 1297 .algorithm_mkey = SSL_kECDHr, 1298 .algorithm_auth = SSL_aECDH, 1299 .algorithm_enc = SSL_eNULL, 1300 .algorithm_mac = SSL_SHA1, 1301 .algorithm_ssl = SSL_TLSV1, 1302 .algo_strength = SSL_STRONG_NONE, 1303 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1304 .strength_bits = 0, 1305 .alg_bits = 0, 1306 }, 1307 1308 /* Cipher C00C */ 1309 { 1310 .valid = 1, 1311 .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 1312 .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 1313 .algorithm_mkey = SSL_kECDHr, 1314 .algorithm_auth = SSL_aECDH, 1315 .algorithm_enc = SSL_RC4, 1316 .algorithm_mac = SSL_SHA1, 1317 .algorithm_ssl = SSL_TLSV1, 1318 .algo_strength = SSL_MEDIUM, 1319 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1320 .strength_bits = 128, 1321 .alg_bits = 128, 1322 }, 1323 1324 /* Cipher C00D */ 1325 { 1326 .valid = 1, 1327 .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1328 .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1329 .algorithm_mkey = SSL_kECDHr, 1330 .algorithm_auth = SSL_aECDH, 1331 .algorithm_enc = SSL_3DES, 1332 .algorithm_mac = SSL_SHA1, 1333 .algorithm_ssl = SSL_TLSV1, 1334 .algo_strength = SSL_HIGH, 1335 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1336 .strength_bits = 112, 1337 .alg_bits = 168, 1338 }, 1339 1340 /* Cipher C00E */ 1341 { 1342 .valid = 1, 1343 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 1344 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 1345 .algorithm_mkey = SSL_kECDHr, 1346 .algorithm_auth = SSL_aECDH, 1347 .algorithm_enc = SSL_AES128, 1348 .algorithm_mac = SSL_SHA1, 1349 .algorithm_ssl = SSL_TLSV1, 1350 .algo_strength = SSL_HIGH, 1351 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1352 .strength_bits = 128, 1353 .alg_bits = 128, 1354 }, 1355 1356 /* Cipher C00F */ 1357 { 1358 .valid = 1, 1359 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 1360 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 1361 .algorithm_mkey = SSL_kECDHr, 1362 .algorithm_auth = SSL_aECDH, 1363 .algorithm_enc = SSL_AES256, 1364 .algorithm_mac = SSL_SHA1, 1365 .algorithm_ssl = SSL_TLSV1, 1366 .algo_strength = SSL_HIGH, 1367 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1368 .strength_bits = 256, 1369 .alg_bits = 256, 1370 }, 1371 1372 /* Cipher C010 */ 1373 { 1374 .valid = 1, 1375 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1376 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1377 .algorithm_mkey = SSL_kECDHE, 1378 .algorithm_auth = SSL_aRSA, 1379 .algorithm_enc = SSL_eNULL, 1380 .algorithm_mac = SSL_SHA1, 1381 .algorithm_ssl = SSL_TLSV1, 1382 .algo_strength = SSL_STRONG_NONE, 1383 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1384 .strength_bits = 0, 1385 .alg_bits = 0, 1386 }, 1387 1388 /* Cipher C011 */ 1389 { 1390 .valid = 1, 1391 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1392 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1393 .algorithm_mkey = SSL_kECDHE, 1394 .algorithm_auth = SSL_aRSA, 1395 .algorithm_enc = SSL_RC4, 1396 .algorithm_mac = SSL_SHA1, 1397 .algorithm_ssl = SSL_TLSV1, 1398 .algo_strength = SSL_MEDIUM, 1399 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1400 .strength_bits = 128, 1401 .alg_bits = 128, 1402 }, 1403 1404 /* Cipher C012 */ 1405 { 1406 .valid = 1, 1407 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1408 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1409 .algorithm_mkey = SSL_kECDHE, 1410 .algorithm_auth = SSL_aRSA, 1411 .algorithm_enc = SSL_3DES, 1412 .algorithm_mac = SSL_SHA1, 1413 .algorithm_ssl = SSL_TLSV1, 1414 .algo_strength = SSL_HIGH, 1415 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1416 .strength_bits = 112, 1417 .alg_bits = 168, 1418 }, 1419 1420 /* Cipher C013 */ 1421 { 1422 .valid = 1, 1423 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1424 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1425 .algorithm_mkey = SSL_kECDHE, 1426 .algorithm_auth = SSL_aRSA, 1427 .algorithm_enc = SSL_AES128, 1428 .algorithm_mac = SSL_SHA1, 1429 .algorithm_ssl = SSL_TLSV1, 1430 .algo_strength = SSL_HIGH, 1431 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1432 .strength_bits = 128, 1433 .alg_bits = 128, 1434 }, 1435 1436 /* Cipher C014 */ 1437 { 1438 .valid = 1, 1439 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1440 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1441 .algorithm_mkey = SSL_kECDHE, 1442 .algorithm_auth = SSL_aRSA, 1443 .algorithm_enc = SSL_AES256, 1444 .algorithm_mac = SSL_SHA1, 1445 .algorithm_ssl = SSL_TLSV1, 1446 .algo_strength = SSL_HIGH, 1447 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1448 .strength_bits = 256, 1449 .alg_bits = 256, 1450 }, 1451 1452 /* Cipher C015 */ 1453 { 1454 .valid = 1, 1455 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1456 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1457 .algorithm_mkey = SSL_kECDHE, 1458 .algorithm_auth = SSL_aNULL, 1459 .algorithm_enc = SSL_eNULL, 1460 .algorithm_mac = SSL_SHA1, 1461 .algorithm_ssl = SSL_TLSV1, 1462 .algo_strength = SSL_STRONG_NONE, 1463 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1464 .strength_bits = 0, 1465 .alg_bits = 0, 1466 }, 1467 1468 /* Cipher C016 */ 1469 { 1470 .valid = 1, 1471 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1472 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1473 .algorithm_mkey = SSL_kECDHE, 1474 .algorithm_auth = SSL_aNULL, 1475 .algorithm_enc = SSL_RC4, 1476 .algorithm_mac = SSL_SHA1, 1477 .algorithm_ssl = SSL_TLSV1, 1478 .algo_strength = SSL_MEDIUM, 1479 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1480 .strength_bits = 128, 1481 .alg_bits = 128, 1482 }, 1483 1484 /* Cipher C017 */ 1485 { 1486 .valid = 1, 1487 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1488 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1489 .algorithm_mkey = SSL_kECDHE, 1490 .algorithm_auth = SSL_aNULL, 1491 .algorithm_enc = SSL_3DES, 1492 .algorithm_mac = SSL_SHA1, 1493 .algorithm_ssl = SSL_TLSV1, 1494 .algo_strength = SSL_HIGH, 1495 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1496 .strength_bits = 112, 1497 .alg_bits = 168, 1498 }, 1499 1500 /* Cipher C018 */ 1501 { 1502 .valid = 1, 1503 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1504 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1505 .algorithm_mkey = SSL_kECDHE, 1506 .algorithm_auth = SSL_aNULL, 1507 .algorithm_enc = SSL_AES128, 1508 .algorithm_mac = SSL_SHA1, 1509 .algorithm_ssl = SSL_TLSV1, 1510 .algo_strength = SSL_HIGH, 1511 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1512 .strength_bits = 128, 1513 .alg_bits = 128, 1514 }, 1515 1516 /* Cipher C019 */ 1517 { 1518 .valid = 1, 1519 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 1520 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 1521 .algorithm_mkey = SSL_kECDHE, 1522 .algorithm_auth = SSL_aNULL, 1523 .algorithm_enc = SSL_AES256, 1524 .algorithm_mac = SSL_SHA1, 1525 .algorithm_ssl = SSL_TLSV1, 1526 .algo_strength = SSL_HIGH, 1527 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1528 .strength_bits = 256, 1529 .alg_bits = 256, 1530 }, 1531 1532 1533 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 1534 1535 /* Cipher C023 */ 1536 { 1537 .valid = 1, 1538 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, 1539 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 1540 .algorithm_mkey = SSL_kECDHE, 1541 .algorithm_auth = SSL_aECDSA, 1542 .algorithm_enc = SSL_AES128, 1543 .algorithm_mac = SSL_SHA256, 1544 .algorithm_ssl = SSL_TLSV1_2, 1545 .algo_strength = SSL_HIGH, 1546 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1547 .strength_bits = 128, 1548 .alg_bits = 128, 1549 }, 1550 1551 /* Cipher C024 */ 1552 { 1553 .valid = 1, 1554 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, 1555 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 1556 .algorithm_mkey = SSL_kECDHE, 1557 .algorithm_auth = SSL_aECDSA, 1558 .algorithm_enc = SSL_AES256, 1559 .algorithm_mac = SSL_SHA384, 1560 .algorithm_ssl = SSL_TLSV1_2, 1561 .algo_strength = SSL_HIGH, 1562 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1563 .strength_bits = 256, 1564 .alg_bits = 256, 1565 }, 1566 1567 /* Cipher C025 */ 1568 { 1569 .valid = 1, 1570 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, 1571 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, 1572 .algorithm_mkey = SSL_kECDHe, 1573 .algorithm_auth = SSL_aECDH, 1574 .algorithm_enc = SSL_AES128, 1575 .algorithm_mac = SSL_SHA256, 1576 .algorithm_ssl = SSL_TLSV1_2, 1577 .algo_strength = SSL_HIGH, 1578 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1579 .strength_bits = 128, 1580 .alg_bits = 128, 1581 }, 1582 1583 /* Cipher C026 */ 1584 { 1585 .valid = 1, 1586 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, 1587 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, 1588 .algorithm_mkey = SSL_kECDHe, 1589 .algorithm_auth = SSL_aECDH, 1590 .algorithm_enc = SSL_AES256, 1591 .algorithm_mac = SSL_SHA384, 1592 .algorithm_ssl = SSL_TLSV1_2, 1593 .algo_strength = SSL_HIGH, 1594 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1595 .strength_bits = 256, 1596 .alg_bits = 256, 1597 }, 1598 1599 /* Cipher C027 */ 1600 { 1601 .valid = 1, 1602 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, 1603 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 1604 .algorithm_mkey = SSL_kECDHE, 1605 .algorithm_auth = SSL_aRSA, 1606 .algorithm_enc = SSL_AES128, 1607 .algorithm_mac = SSL_SHA256, 1608 .algorithm_ssl = SSL_TLSV1_2, 1609 .algo_strength = SSL_HIGH, 1610 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1611 .strength_bits = 128, 1612 .alg_bits = 128, 1613 }, 1614 1615 /* Cipher C028 */ 1616 { 1617 .valid = 1, 1618 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, 1619 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 1620 .algorithm_mkey = SSL_kECDHE, 1621 .algorithm_auth = SSL_aRSA, 1622 .algorithm_enc = SSL_AES256, 1623 .algorithm_mac = SSL_SHA384, 1624 .algorithm_ssl = SSL_TLSV1_2, 1625 .algo_strength = SSL_HIGH, 1626 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1627 .strength_bits = 256, 1628 .alg_bits = 256, 1629 }, 1630 1631 /* Cipher C029 */ 1632 { 1633 .valid = 1, 1634 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 1635 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 1636 .algorithm_mkey = SSL_kECDHr, 1637 .algorithm_auth = SSL_aECDH, 1638 .algorithm_enc = SSL_AES128, 1639 .algorithm_mac = SSL_SHA256, 1640 .algorithm_ssl = SSL_TLSV1_2, 1641 .algo_strength = SSL_HIGH, 1642 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, 1643 .strength_bits = 128, 1644 .alg_bits = 128, 1645 }, 1646 1647 /* Cipher C02A */ 1648 { 1649 .valid = 1, 1650 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 1651 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 1652 .algorithm_mkey = SSL_kECDHr, 1653 .algorithm_auth = SSL_aECDH, 1654 .algorithm_enc = SSL_AES256, 1655 .algorithm_mac = SSL_SHA384, 1656 .algorithm_ssl = SSL_TLSV1_2, 1657 .algo_strength = SSL_HIGH, 1658 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, 1659 .strength_bits = 256, 1660 .alg_bits = 256, 1661 }, 1662 1663 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 1664 1665 /* Cipher C02B */ 1666 { 1667 .valid = 1, 1668 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1669 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1670 .algorithm_mkey = SSL_kECDHE, 1671 .algorithm_auth = SSL_aECDSA, 1672 .algorithm_enc = SSL_AES128GCM, 1673 .algorithm_mac = SSL_AEAD, 1674 .algorithm_ssl = SSL_TLSV1_2, 1675 .algo_strength = SSL_HIGH, 1676 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1677 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1678 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1679 .strength_bits = 128, 1680 .alg_bits = 128, 1681 }, 1682 1683 /* Cipher C02C */ 1684 { 1685 .valid = 1, 1686 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1687 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1688 .algorithm_mkey = SSL_kECDHE, 1689 .algorithm_auth = SSL_aECDSA, 1690 .algorithm_enc = SSL_AES256GCM, 1691 .algorithm_mac = SSL_AEAD, 1692 .algorithm_ssl = SSL_TLSV1_2, 1693 .algo_strength = SSL_HIGH, 1694 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1695 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1696 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1697 .strength_bits = 256, 1698 .alg_bits = 256, 1699 }, 1700 1701 /* Cipher C02D */ 1702 { 1703 .valid = 1, 1704 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 1705 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 1706 .algorithm_mkey = SSL_kECDHe, 1707 .algorithm_auth = SSL_aECDH, 1708 .algorithm_enc = SSL_AES128GCM, 1709 .algorithm_mac = SSL_AEAD, 1710 .algorithm_ssl = SSL_TLSV1_2, 1711 .algo_strength = SSL_HIGH, 1712 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1713 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1714 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1715 .strength_bits = 128, 1716 .alg_bits = 128, 1717 }, 1718 1719 /* Cipher C02E */ 1720 { 1721 .valid = 1, 1722 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 1723 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 1724 .algorithm_mkey = SSL_kECDHe, 1725 .algorithm_auth = SSL_aECDH, 1726 .algorithm_enc = SSL_AES256GCM, 1727 .algorithm_mac = SSL_AEAD, 1728 .algorithm_ssl = SSL_TLSV1_2, 1729 .algo_strength = SSL_HIGH, 1730 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1731 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1732 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1733 .strength_bits = 256, 1734 .alg_bits = 256, 1735 }, 1736 1737 /* Cipher C02F */ 1738 { 1739 .valid = 1, 1740 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1741 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1742 .algorithm_mkey = SSL_kECDHE, 1743 .algorithm_auth = SSL_aRSA, 1744 .algorithm_enc = SSL_AES128GCM, 1745 .algorithm_mac = SSL_AEAD, 1746 .algorithm_ssl = SSL_TLSV1_2, 1747 .algo_strength = SSL_HIGH, 1748 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1749 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1750 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1751 .strength_bits = 128, 1752 .alg_bits = 128, 1753 }, 1754 1755 /* Cipher C030 */ 1756 { 1757 .valid = 1, 1758 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1759 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1760 .algorithm_mkey = SSL_kECDHE, 1761 .algorithm_auth = SSL_aRSA, 1762 .algorithm_enc = SSL_AES256GCM, 1763 .algorithm_mac = SSL_AEAD, 1764 .algorithm_ssl = SSL_TLSV1_2, 1765 .algo_strength = SSL_HIGH, 1766 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1767 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1768 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1769 .strength_bits = 256, 1770 .alg_bits = 256, 1771 }, 1772 1773 /* Cipher C031 */ 1774 { 1775 .valid = 1, 1776 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 1777 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 1778 .algorithm_mkey = SSL_kECDHr, 1779 .algorithm_auth = SSL_aECDH, 1780 .algorithm_enc = SSL_AES128GCM, 1781 .algorithm_mac = SSL_AEAD, 1782 .algorithm_ssl = SSL_TLSV1_2, 1783 .algo_strength = SSL_HIGH, 1784 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1785 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1786 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1787 .strength_bits = 128, 1788 .alg_bits = 128, 1789 }, 1790 1791 /* Cipher C032 */ 1792 { 1793 .valid = 1, 1794 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 1795 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 1796 .algorithm_mkey = SSL_kECDHr, 1797 .algorithm_auth = SSL_aECDH, 1798 .algorithm_enc = SSL_AES256GCM, 1799 .algorithm_mac = SSL_AEAD, 1800 .algorithm_ssl = SSL_TLSV1_2, 1801 .algo_strength = SSL_HIGH, 1802 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| 1803 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| 1804 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, 1805 .strength_bits = 256, 1806 .alg_bits = 256, 1807 }, 1808 1809 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 1810 /* Cipher CC13 */ 1811 { 1812 .valid = 1, 1813 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD, 1814 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 1815 .algorithm_mkey = SSL_kECDHE, 1816 .algorithm_auth = SSL_aRSA, 1817 .algorithm_enc = SSL_CHACHA20POLY1305_OLD, 1818 .algorithm_mac = SSL_AEAD, 1819 .algorithm_ssl = SSL_TLSV1_2, 1820 .algo_strength = SSL_HIGH, 1821 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1822 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1823 .strength_bits = 256, 1824 .alg_bits = 256, 1825 }, 1826 1827 /* Cipher CC14 */ 1828 { 1829 .valid = 1, 1830 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD, 1831 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1832 .algorithm_mkey = SSL_kECDHE, 1833 .algorithm_auth = SSL_aECDSA, 1834 .algorithm_enc = SSL_CHACHA20POLY1305_OLD, 1835 .algorithm_mac = SSL_AEAD, 1836 .algorithm_ssl = SSL_TLSV1_2, 1837 .algo_strength = SSL_HIGH, 1838 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1839 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1840 .strength_bits = 256, 1841 .alg_bits = 256, 1842 }, 1843 1844 /* Cipher CC15 */ 1845 { 1846 .valid = 1, 1847 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD, 1848 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD, 1849 .algorithm_mkey = SSL_kDHE, 1850 .algorithm_auth = SSL_aRSA, 1851 .algorithm_enc = SSL_CHACHA20POLY1305_OLD, 1852 .algorithm_mac = SSL_AEAD, 1853 .algorithm_ssl = SSL_TLSV1_2, 1854 .algo_strength = SSL_HIGH, 1855 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1856 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), 1857 .strength_bits = 256, 1858 .alg_bits = 256, 1859 }, 1860 1861 /* Cipher CCA8 */ 1862 { 1863 .valid = 1, 1864 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, 1865 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 1866 .algorithm_mkey = SSL_kECDHE, 1867 .algorithm_auth = SSL_aRSA, 1868 .algorithm_enc = SSL_CHACHA20POLY1305, 1869 .algorithm_mac = SSL_AEAD, 1870 .algorithm_ssl = SSL_TLSV1_2, 1871 .algo_strength = SSL_HIGH, 1872 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1873 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), 1874 .strength_bits = 256, 1875 .alg_bits = 256, 1876 }, 1877 1878 /* Cipher CCA9 */ 1879 { 1880 .valid = 1, 1881 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 1882 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 1883 .algorithm_mkey = SSL_kECDHE, 1884 .algorithm_auth = SSL_aECDSA, 1885 .algorithm_enc = SSL_CHACHA20POLY1305, 1886 .algorithm_mac = SSL_AEAD, 1887 .algorithm_ssl = SSL_TLSV1_2, 1888 .algo_strength = SSL_HIGH, 1889 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1890 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), 1891 .strength_bits = 256, 1892 .alg_bits = 256, 1893 }, 1894 1895 /* Cipher CCAA */ 1896 { 1897 .valid = 1, 1898 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, 1899 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, 1900 .algorithm_mkey = SSL_kDHE, 1901 .algorithm_auth = SSL_aRSA, 1902 .algorithm_enc = SSL_CHACHA20POLY1305, 1903 .algorithm_mac = SSL_AEAD, 1904 .algorithm_ssl = SSL_TLSV1_2, 1905 .algo_strength = SSL_HIGH, 1906 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| 1907 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), 1908 .strength_bits = 256, 1909 .alg_bits = 256, 1910 }, 1911 #endif 1912 1913 /* Cipher FF85 FIXME IANA */ 1914 { 1915 .valid = 1, 1916 .name = "GOST2012256-GOST89-GOST89", 1917 .id = 0x300ff85, /* FIXME IANA */ 1918 .algorithm_mkey = SSL_kGOST, 1919 .algorithm_auth = SSL_aGOST01, 1920 .algorithm_enc = SSL_eGOST2814789CNT, 1921 .algorithm_mac = SSL_GOST89MAC, 1922 .algorithm_ssl = SSL_TLSV1, 1923 .algo_strength = SSL_HIGH, 1924 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| 1925 TLS1_STREAM_MAC, 1926 .strength_bits = 256, 1927 .alg_bits = 256 1928 }, 1929 1930 /* Cipher FF87 FIXME IANA */ 1931 { 1932 .valid = 1, 1933 .name = "GOST2012256-NULL-STREEBOG256", 1934 .id = 0x300ff87, /* FIXME IANA */ 1935 .algorithm_mkey = SSL_kGOST, 1936 .algorithm_auth = SSL_aGOST01, 1937 .algorithm_enc = SSL_eNULL, 1938 .algorithm_mac = SSL_STREEBOG256, 1939 .algorithm_ssl = SSL_TLSV1, 1940 .algo_strength = SSL_STRONG_NONE, 1941 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, 1942 .strength_bits = 0, 1943 .alg_bits = 0 1944 }, 1945 1946 1947 /* end of list */ 1948 }; 1949 1950 int 1951 ssl3_num_ciphers(void) 1952 { 1953 return (SSL3_NUM_CIPHERS); 1954 } 1955 1956 const SSL_CIPHER * 1957 ssl3_get_cipher(unsigned int u) 1958 { 1959 if (u < SSL3_NUM_CIPHERS) 1960 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); 1961 else 1962 return (NULL); 1963 } 1964 1965 const SSL_CIPHER * 1966 ssl3_get_cipher_by_id(unsigned int id) 1967 { 1968 const SSL_CIPHER *cp; 1969 SSL_CIPHER c; 1970 1971 c.id = id; 1972 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); 1973 if (cp != NULL && cp->valid == 1) 1974 return (cp); 1975 1976 return (NULL); 1977 } 1978 1979 const SSL_CIPHER * 1980 ssl3_get_cipher_by_value(uint16_t value) 1981 { 1982 return ssl3_get_cipher_by_id(SSL3_CK_ID | value); 1983 } 1984 1985 uint16_t 1986 ssl3_cipher_get_value(const SSL_CIPHER *c) 1987 { 1988 return (c->id & SSL3_CK_VALUE_MASK); 1989 } 1990 1991 int 1992 ssl3_pending(const SSL *s) 1993 { 1994 if (s->rstate == SSL_ST_READ_BODY) 1995 return 0; 1996 1997 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? 1998 s->s3->rrec.length : 0; 1999 } 2000 2001 int 2002 ssl3_handshake_msg_hdr_len(SSL *s) 2003 { 2004 return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : 2005 SSL3_HM_HEADER_LENGTH); 2006 } 2007 2008 unsigned char * 2009 ssl3_handshake_msg_start(SSL *s, uint8_t msg_type) 2010 { 2011 unsigned char *d, *p; 2012 2013 d = p = (unsigned char *)s->init_buf->data; 2014 2015 /* Handshake message type and length. */ 2016 *(p++) = msg_type; 2017 l2n3(0, p); 2018 2019 return (d + ssl3_handshake_msg_hdr_len(s)); 2020 } 2021 2022 void 2023 ssl3_handshake_msg_finish(SSL *s, unsigned int len) 2024 { 2025 unsigned char *d, *p; 2026 uint8_t msg_type; 2027 2028 d = p = (unsigned char *)s->init_buf->data; 2029 2030 /* Handshake message length. */ 2031 msg_type = *(p++); 2032 l2n3(len, p); 2033 2034 s->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len; 2035 s->init_off = 0; 2036 2037 if (SSL_IS_DTLS(s)) { 2038 dtls1_set_message_header(s, d, msg_type, len, 0, len); 2039 dtls1_buffer_message(s, 0); 2040 } 2041 } 2042 2043 int 2044 ssl3_handshake_write(SSL *s) 2045 { 2046 if (SSL_IS_DTLS(s)) 2047 return dtls1_do_write(s, SSL3_RT_HANDSHAKE); 2048 2049 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 2050 } 2051 2052 int 2053 ssl3_new(SSL *s) 2054 { 2055 SSL3_STATE *s3; 2056 2057 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2058 goto err; 2059 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); 2060 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); 2061 2062 s->s3 = s3; 2063 2064 s->method->ssl_clear(s); 2065 return (1); 2066 err: 2067 return (0); 2068 } 2069 2070 void 2071 ssl3_free(SSL *s) 2072 { 2073 if (s == NULL) 2074 return; 2075 2076 tls1_cleanup_key_block(s); 2077 ssl3_release_read_buffer(s); 2078 ssl3_release_write_buffer(s); 2079 2080 DH_free(s->s3->tmp.dh); 2081 EC_KEY_free(s->s3->tmp.ecdh); 2082 2083 if (s->s3->tmp.ca_names != NULL) 2084 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2085 BIO_free(s->s3->handshake_buffer); 2086 tls1_free_digest_list(s); 2087 free(s->s3->alpn_selected); 2088 2089 explicit_bzero(s->s3, sizeof *s->s3); 2090 free(s->s3); 2091 s->s3 = NULL; 2092 } 2093 2094 void 2095 ssl3_clear(SSL *s) 2096 { 2097 unsigned char *rp, *wp; 2098 size_t rlen, wlen; 2099 2100 tls1_cleanup_key_block(s); 2101 if (s->s3->tmp.ca_names != NULL) 2102 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2103 2104 DH_free(s->s3->tmp.dh); 2105 s->s3->tmp.dh = NULL; 2106 EC_KEY_free(s->s3->tmp.ecdh); 2107 s->s3->tmp.ecdh = NULL; 2108 2109 rp = s->s3->rbuf.buf; 2110 wp = s->s3->wbuf.buf; 2111 rlen = s->s3->rbuf.len; 2112 wlen = s->s3->wbuf.len; 2113 2114 BIO_free(s->s3->handshake_buffer); 2115 s->s3->handshake_buffer = NULL; 2116 2117 tls1_free_digest_list(s); 2118 2119 free(s->s3->alpn_selected); 2120 s->s3->alpn_selected = NULL; 2121 2122 memset(s->s3, 0, sizeof *s->s3); 2123 s->s3->rbuf.buf = rp; 2124 s->s3->wbuf.buf = wp; 2125 s->s3->rbuf.len = rlen; 2126 s->s3->wbuf.len = wlen; 2127 2128 ssl_free_wbio_buffer(s); 2129 2130 s->packet_length = 0; 2131 s->s3->renegotiate = 0; 2132 s->s3->total_renegotiations = 0; 2133 s->s3->num_renegotiations = 0; 2134 s->s3->in_read_app_data = 0; 2135 s->version = TLS1_VERSION; 2136 2137 free(s->next_proto_negotiated); 2138 s->next_proto_negotiated = NULL; 2139 s->next_proto_negotiated_len = 0; 2140 } 2141 2142 2143 long 2144 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 2145 { 2146 int ret = 0; 2147 2148 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 2149 if (!ssl_cert_inst(&s->cert)) { 2150 SSLerr(SSL_F_SSL3_CTRL, 2151 ERR_R_MALLOC_FAILURE); 2152 return (0); 2153 } 2154 } 2155 2156 switch (cmd) { 2157 case SSL_CTRL_GET_SESSION_REUSED: 2158 ret = s->hit; 2159 break; 2160 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 2161 break; 2162 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 2163 ret = s->s3->num_renegotiations; 2164 break; 2165 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 2166 ret = s->s3->num_renegotiations; 2167 s->s3->num_renegotiations = 0; 2168 break; 2169 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 2170 ret = s->s3->total_renegotiations; 2171 break; 2172 case SSL_CTRL_GET_FLAGS: 2173 ret = (int)(s->s3->flags); 2174 break; 2175 case SSL_CTRL_NEED_TMP_RSA: 2176 ret = 0; 2177 break; 2178 case SSL_CTRL_SET_TMP_RSA: 2179 case SSL_CTRL_SET_TMP_RSA_CB: 2180 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2181 break; 2182 case SSL_CTRL_SET_TMP_DH: 2183 { 2184 DH *dh = (DH *)parg; 2185 if (dh == NULL) { 2186 SSLerr(SSL_F_SSL3_CTRL, 2187 ERR_R_PASSED_NULL_PARAMETER); 2188 return (ret); 2189 } 2190 if ((dh = DHparams_dup(dh)) == NULL) { 2191 SSLerr(SSL_F_SSL3_CTRL, 2192 ERR_R_DH_LIB); 2193 return (ret); 2194 } 2195 DH_free(s->cert->dh_tmp); 2196 s->cert->dh_tmp = dh; 2197 ret = 1; 2198 } 2199 break; 2200 2201 case SSL_CTRL_SET_TMP_DH_CB: 2202 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2203 return (ret); 2204 2205 case SSL_CTRL_SET_DH_AUTO: 2206 s->cert->dh_tmp_auto = larg; 2207 return 1; 2208 2209 case SSL_CTRL_SET_TMP_ECDH: 2210 { 2211 EC_KEY *ecdh = NULL; 2212 2213 if (parg == NULL) { 2214 SSLerr(SSL_F_SSL3_CTRL, 2215 ERR_R_PASSED_NULL_PARAMETER); 2216 return (ret); 2217 } 2218 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 2219 SSLerr(SSL_F_SSL3_CTRL, 2220 ERR_R_ECDH_LIB); 2221 return (ret); 2222 } 2223 ecdh = (EC_KEY *)parg; 2224 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 2225 if (!EC_KEY_generate_key(ecdh)) { 2226 EC_KEY_free(ecdh); 2227 SSLerr(SSL_F_SSL3_CTRL, 2228 ERR_R_ECDH_LIB); 2229 return (ret); 2230 } 2231 } 2232 EC_KEY_free(s->cert->ecdh_tmp); 2233 s->cert->ecdh_tmp = ecdh; 2234 ret = 1; 2235 } 2236 break; 2237 case SSL_CTRL_SET_TMP_ECDH_CB: 2238 { 2239 SSLerr(SSL_F_SSL3_CTRL, 2240 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2241 return (ret); 2242 } 2243 break; 2244 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2245 if (larg == TLSEXT_NAMETYPE_host_name) { 2246 free(s->tlsext_hostname); 2247 s->tlsext_hostname = NULL; 2248 2249 ret = 1; 2250 if (parg == NULL) 2251 break; 2252 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 2253 SSLerr(SSL_F_SSL3_CTRL, 2254 SSL_R_SSL3_EXT_INVALID_SERVERNAME); 2255 return 0; 2256 } 2257 if ((s->tlsext_hostname = strdup((char *)parg)) 2258 == NULL) { 2259 SSLerr(SSL_F_SSL3_CTRL, 2260 ERR_R_INTERNAL_ERROR); 2261 return 0; 2262 } 2263 } else { 2264 SSLerr(SSL_F_SSL3_CTRL, 2265 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 2266 return 0; 2267 } 2268 break; 2269 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 2270 s->tlsext_debug_arg = parg; 2271 ret = 1; 2272 break; 2273 2274 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2275 s->tlsext_status_type = larg; 2276 ret = 1; 2277 break; 2278 2279 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: 2280 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; 2281 ret = 1; 2282 break; 2283 2284 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: 2285 s->tlsext_ocsp_exts = parg; 2286 ret = 1; 2287 break; 2288 2289 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: 2290 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; 2291 ret = 1; 2292 break; 2293 2294 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: 2295 s->tlsext_ocsp_ids = parg; 2296 ret = 1; 2297 break; 2298 2299 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: 2300 *(unsigned char **)parg = s->tlsext_ocsp_resp; 2301 return s->tlsext_ocsp_resplen; 2302 2303 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2304 free(s->tlsext_ocsp_resp); 2305 s->tlsext_ocsp_resp = parg; 2306 s->tlsext_ocsp_resplen = larg; 2307 ret = 1; 2308 break; 2309 2310 case SSL_CTRL_SET_ECDH_AUTO: 2311 s->cert->ecdh_tmp_auto = larg; 2312 ret = 1; 2313 break; 2314 2315 default: 2316 break; 2317 } 2318 return (ret); 2319 } 2320 2321 long 2322 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 2323 { 2324 int ret = 0; 2325 2326 if (cmd == SSL_CTRL_SET_TMP_DH_CB) { 2327 if (!ssl_cert_inst(&s->cert)) { 2328 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, 2329 ERR_R_MALLOC_FAILURE); 2330 return (0); 2331 } 2332 } 2333 2334 switch (cmd) { 2335 case SSL_CTRL_SET_TMP_RSA_CB: 2336 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2337 break; 2338 case SSL_CTRL_SET_TMP_DH_CB: 2339 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2340 break; 2341 case SSL_CTRL_SET_TMP_ECDH_CB: 2342 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2343 break; 2344 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2345 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 2346 unsigned char *, int, void *))fp; 2347 break; 2348 default: 2349 break; 2350 } 2351 return (ret); 2352 } 2353 2354 long 2355 ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 2356 { 2357 CERT *cert; 2358 2359 cert = ctx->cert; 2360 2361 switch (cmd) { 2362 case SSL_CTRL_NEED_TMP_RSA: 2363 return (0); 2364 case SSL_CTRL_SET_TMP_RSA: 2365 case SSL_CTRL_SET_TMP_RSA_CB: 2366 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2367 return (0); 2368 case SSL_CTRL_SET_TMP_DH: 2369 { 2370 DH *new = NULL, *dh; 2371 2372 dh = (DH *)parg; 2373 if ((new = DHparams_dup(dh)) == NULL) { 2374 SSLerr(SSL_F_SSL3_CTX_CTRL, 2375 ERR_R_DH_LIB); 2376 return 0; 2377 } 2378 DH_free(cert->dh_tmp); 2379 cert->dh_tmp = new; 2380 return 1; 2381 } 2382 /*break; */ 2383 2384 case SSL_CTRL_SET_TMP_DH_CB: 2385 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2386 return (0); 2387 2388 case SSL_CTRL_SET_DH_AUTO: 2389 ctx->cert->dh_tmp_auto = larg; 2390 return (1); 2391 2392 case SSL_CTRL_SET_TMP_ECDH: 2393 { 2394 EC_KEY *ecdh = NULL; 2395 2396 if (parg == NULL) { 2397 SSLerr(SSL_F_SSL3_CTX_CTRL, 2398 ERR_R_ECDH_LIB); 2399 return 0; 2400 } 2401 ecdh = EC_KEY_dup((EC_KEY *)parg); 2402 if (ecdh == NULL) { 2403 SSLerr(SSL_F_SSL3_CTX_CTRL, 2404 ERR_R_EC_LIB); 2405 return 0; 2406 } 2407 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 2408 if (!EC_KEY_generate_key(ecdh)) { 2409 EC_KEY_free(ecdh); 2410 SSLerr(SSL_F_SSL3_CTX_CTRL, 2411 ERR_R_ECDH_LIB); 2412 return 0; 2413 } 2414 } 2415 2416 EC_KEY_free(cert->ecdh_tmp); 2417 cert->ecdh_tmp = ecdh; 2418 return 1; 2419 } 2420 /* break; */ 2421 case SSL_CTRL_SET_TMP_ECDH_CB: 2422 { 2423 SSLerr(SSL_F_SSL3_CTX_CTRL, 2424 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2425 return (0); 2426 } 2427 break; 2428 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2429 ctx->tlsext_servername_arg = parg; 2430 break; 2431 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: 2432 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: 2433 { 2434 unsigned char *keys = parg; 2435 if (!keys) 2436 return 48; 2437 if (larg != 48) { 2438 SSLerr(SSL_F_SSL3_CTX_CTRL, 2439 SSL_R_INVALID_TICKET_KEYS_LENGTH); 2440 return 0; 2441 } 2442 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 2443 memcpy(ctx->tlsext_tick_key_name, keys, 16); 2444 memcpy(ctx->tlsext_tick_hmac_key, 2445 keys + 16, 16); 2446 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 2447 } else { 2448 memcpy(keys, ctx->tlsext_tick_key_name, 16); 2449 memcpy(keys + 16, 2450 ctx->tlsext_tick_hmac_key, 16); 2451 memcpy(keys + 32, 2452 ctx->tlsext_tick_aes_key, 16); 2453 } 2454 return 1; 2455 } 2456 2457 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2458 ctx->tlsext_status_arg = parg; 2459 return 1; 2460 break; 2461 2462 case SSL_CTRL_SET_ECDH_AUTO: 2463 ctx->cert->ecdh_tmp_auto = larg; 2464 return 1; 2465 2466 /* A Thawte special :-) */ 2467 case SSL_CTRL_EXTRA_CHAIN_CERT: 2468 if (ctx->extra_certs == NULL) { 2469 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) 2470 return (0); 2471 } 2472 sk_X509_push(ctx->extra_certs,(X509 *)parg); 2473 break; 2474 2475 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 2476 *(STACK_OF(X509) **)parg = ctx->extra_certs; 2477 break; 2478 2479 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 2480 if (ctx->extra_certs) { 2481 sk_X509_pop_free(ctx->extra_certs, X509_free); 2482 ctx->extra_certs = NULL; 2483 } 2484 break; 2485 2486 default: 2487 return (0); 2488 } 2489 return (1); 2490 } 2491 2492 long 2493 ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 2494 { 2495 CERT *cert; 2496 2497 cert = ctx->cert; 2498 2499 switch (cmd) { 2500 case SSL_CTRL_SET_TMP_RSA_CB: 2501 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2502 return (0); 2503 case SSL_CTRL_SET_TMP_DH_CB: 2504 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2505 break; 2506 case SSL_CTRL_SET_TMP_ECDH_CB: 2507 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2508 break; 2509 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2510 ctx->tlsext_servername_callback = 2511 (int (*)(SSL *, int *, void *))fp; 2512 break; 2513 2514 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2515 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2516 break; 2517 2518 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 2519 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 2520 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2521 break; 2522 2523 default: 2524 return (0); 2525 } 2526 return (1); 2527 } 2528 2529 /* 2530 * This function needs to check if the ciphers required are actually available. 2531 */ 2532 const SSL_CIPHER * 2533 ssl3_get_cipher_by_char(const unsigned char *p) 2534 { 2535 CBS cipher; 2536 uint16_t cipher_value; 2537 2538 /* We have to assume it is at least 2 bytes due to existing API. */ 2539 CBS_init(&cipher, p, 2); 2540 if (!CBS_get_u16(&cipher, &cipher_value)) 2541 return NULL; 2542 2543 return ssl3_get_cipher_by_value(cipher_value); 2544 } 2545 2546 int 2547 ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 2548 { 2549 if (p != NULL) { 2550 if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) 2551 return (0); 2552 s2n(ssl3_cipher_get_value(c), p); 2553 } 2554 return (2); 2555 } 2556 2557 SSL_CIPHER * 2558 ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 2559 STACK_OF(SSL_CIPHER) *srvr) 2560 { 2561 unsigned long alg_k, alg_a, mask_k, mask_a; 2562 STACK_OF(SSL_CIPHER) *prio, *allow; 2563 SSL_CIPHER *c, *ret = NULL; 2564 int i, ii, ok; 2565 CERT *cert; 2566 2567 /* Let's see which ciphers we can support */ 2568 cert = s->cert; 2569 2570 /* 2571 * Do not set the compare functions, because this may lead to a 2572 * reordering by "id". We want to keep the original ordering. 2573 * We may pay a price in performance during sk_SSL_CIPHER_find(), 2574 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 2575 */ 2576 2577 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 2578 prio = srvr; 2579 allow = clnt; 2580 } else { 2581 prio = clnt; 2582 allow = srvr; 2583 } 2584 2585 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 2586 c = sk_SSL_CIPHER_value(prio, i); 2587 2588 /* Skip TLS v1.2 only ciphersuites if not supported. */ 2589 if ((c->algorithm_ssl & SSL_TLSV1_2) && 2590 !SSL_USE_TLS1_2_CIPHERS(s)) 2591 continue; 2592 2593 ssl_set_cert_masks(cert, c); 2594 mask_k = cert->mask_k; 2595 mask_a = cert->mask_a; 2596 2597 alg_k = c->algorithm_mkey; 2598 alg_a = c->algorithm_auth; 2599 2600 2601 ok = (alg_k & mask_k) && (alg_a & mask_a); 2602 2603 /* 2604 * If we are considering an ECC cipher suite that uses our 2605 * certificate check it. 2606 */ 2607 if (alg_a & (SSL_aECDSA|SSL_aECDH)) 2608 ok = ok && tls1_check_ec_server_key(s); 2609 /* 2610 * If we are considering an ECC cipher suite that uses 2611 * an ephemeral EC key check it. 2612 */ 2613 if (alg_k & SSL_kECDHE) 2614 ok = ok && tls1_check_ec_tmp_key(s); 2615 2616 if (!ok) 2617 continue; 2618 ii = sk_SSL_CIPHER_find(allow, c); 2619 if (ii >= 0) { 2620 ret = sk_SSL_CIPHER_value(allow, ii); 2621 break; 2622 } 2623 } 2624 return (ret); 2625 } 2626 2627 int 2628 ssl3_get_req_cert_type(SSL *s, unsigned char *p) 2629 { 2630 int ret = 0; 2631 unsigned long alg_k; 2632 2633 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2634 2635 #ifndef OPENSSL_NO_GOST 2636 if ((alg_k & SSL_kGOST)) { 2637 p[ret++] = TLS_CT_GOST94_SIGN; 2638 p[ret++] = TLS_CT_GOST01_SIGN; 2639 p[ret++] = TLS_CT_GOST12_256_SIGN; 2640 p[ret++] = TLS_CT_GOST12_512_SIGN; 2641 } 2642 #endif 2643 2644 if (alg_k & SSL_kDHE) { 2645 p[ret++] = SSL3_CT_RSA_FIXED_DH; 2646 p[ret++] = SSL3_CT_DSS_FIXED_DH; 2647 } 2648 p[ret++] = SSL3_CT_RSA_SIGN; 2649 p[ret++] = SSL3_CT_DSS_SIGN; 2650 if ((alg_k & (SSL_kECDHr|SSL_kECDHe))) { 2651 p[ret++] = TLS_CT_RSA_FIXED_ECDH; 2652 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; 2653 } 2654 2655 /* 2656 * ECDSA certs can be used with RSA cipher suites as well 2657 * so we don't need to check for SSL_kECDH or SSL_kECDHE 2658 */ 2659 p[ret++] = TLS_CT_ECDSA_SIGN; 2660 2661 return (ret); 2662 } 2663 2664 int 2665 ssl3_shutdown(SSL *s) 2666 { 2667 int ret; 2668 2669 /* 2670 * Don't do anything much if we have not done the handshake or 2671 * we don't want to send messages :-) 2672 */ 2673 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 2674 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2675 return (1); 2676 } 2677 2678 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { 2679 s->shutdown|=SSL_SENT_SHUTDOWN; 2680 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 2681 /* 2682 * Our shutdown alert has been sent now, and if it still needs 2683 * to be written, s->s3->alert_dispatch will be true 2684 */ 2685 if (s->s3->alert_dispatch) 2686 return(-1); /* return WANT_WRITE */ 2687 } else if (s->s3->alert_dispatch) { 2688 /* resend it if not sent */ 2689 ret = s->method->ssl_dispatch_alert(s); 2690 if (ret == -1) { 2691 /* 2692 * We only get to return -1 here the 2nd/Nth 2693 * invocation, we must have already signalled 2694 * return 0 upon a previous invoation, 2695 * return WANT_WRITE 2696 */ 2697 return (ret); 2698 } 2699 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2700 /* If we are waiting for a close from our peer, we are closed */ 2701 s->method->ssl_read_bytes(s, 0, NULL, 0, 0); 2702 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2703 return(-1); /* return WANT_READ */ 2704 } 2705 } 2706 2707 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2708 !s->s3->alert_dispatch) 2709 return (1); 2710 else 2711 return (0); 2712 } 2713 2714 int 2715 ssl3_write(SSL *s, const void *buf, int len) 2716 { 2717 int ret, n; 2718 2719 #if 0 2720 if (s->shutdown & SSL_SEND_SHUTDOWN) { 2721 s->rwstate = SSL_NOTHING; 2722 return (0); 2723 } 2724 #endif 2725 errno = 0; 2726 if (s->s3->renegotiate) 2727 ssl3_renegotiate_check(s); 2728 2729 /* 2730 * This is an experimental flag that sends the 2731 * last handshake message in the same packet as the first 2732 * use data - used to see if it helps the TCP protocol during 2733 * session-id reuse 2734 */ 2735 /* The second test is because the buffer may have been removed */ 2736 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 2737 /* First time through, we write into the buffer */ 2738 if (s->s3->delay_buf_pop_ret == 0) { 2739 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2740 buf, len); 2741 if (ret <= 0) 2742 return (ret); 2743 2744 s->s3->delay_buf_pop_ret = ret; 2745 } 2746 2747 s->rwstate = SSL_WRITING; 2748 n = BIO_flush(s->wbio); 2749 if (n <= 0) 2750 return (n); 2751 s->rwstate = SSL_NOTHING; 2752 2753 /* We have flushed the buffer, so remove it */ 2754 ssl_free_wbio_buffer(s); 2755 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 2756 2757 ret = s->s3->delay_buf_pop_ret; 2758 s->s3->delay_buf_pop_ret = 0; 2759 } else { 2760 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2761 buf, len); 2762 if (ret <= 0) 2763 return (ret); 2764 } 2765 2766 return (ret); 2767 } 2768 2769 static int 2770 ssl3_read_internal(SSL *s, void *buf, int len, int peek) 2771 { 2772 int ret; 2773 2774 errno = 0; 2775 if (s->s3->renegotiate) 2776 ssl3_renegotiate_check(s); 2777 s->s3->in_read_app_data = 1; 2778 ret = s->method->ssl_read_bytes(s, 2779 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2780 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 2781 /* 2782 * ssl3_read_bytes decided to call s->handshake_func, which 2783 * called ssl3_read_bytes to read handshake data. 2784 * However, ssl3_read_bytes actually found application data 2785 * and thinks that application data makes sense here; so disable 2786 * handshake processing and try to read application data again. 2787 */ 2788 s->in_handshake++; 2789 ret = s->method->ssl_read_bytes(s, 2790 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2791 s->in_handshake--; 2792 } else 2793 s->s3->in_read_app_data = 0; 2794 2795 return (ret); 2796 } 2797 2798 int 2799 ssl3_read(SSL *s, void *buf, int len) 2800 { 2801 return ssl3_read_internal(s, buf, len, 0); 2802 } 2803 2804 int 2805 ssl3_peek(SSL *s, void *buf, int len) 2806 { 2807 return ssl3_read_internal(s, buf, len, 1); 2808 } 2809 2810 int 2811 ssl3_renegotiate(SSL *s) 2812 { 2813 if (s->handshake_func == NULL) 2814 return (1); 2815 2816 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 2817 return (0); 2818 2819 s->s3->renegotiate = 1; 2820 return (1); 2821 } 2822 2823 int 2824 ssl3_renegotiate_check(SSL *s) 2825 { 2826 int ret = 0; 2827 2828 if (s->s3->renegotiate) { 2829 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 2830 !SSL_in_init(s)) { 2831 /* 2832 * If we are the server, and we have sent 2833 * a 'RENEGOTIATE' message, we need to go 2834 * to SSL_ST_ACCEPT. 2835 */ 2836 /* SSL_ST_ACCEPT */ 2837 s->state = SSL_ST_RENEGOTIATE; 2838 s->s3->renegotiate = 0; 2839 s->s3->num_renegotiations++; 2840 s->s3->total_renegotiations++; 2841 ret = 1; 2842 } 2843 } 2844 return (ret); 2845 } 2846 /* 2847 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF 2848 * and handshake macs if required. 2849 */ 2850 long 2851 ssl_get_algorithm2(SSL *s) 2852 { 2853 long alg2 = s->s3->tmp.new_cipher->algorithm2; 2854 2855 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && 2856 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 2857 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 2858 return alg2; 2859 } 2860