Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 072334d943ef81d45f75d97cd722b46f1293f773 / . / ssl / s3_lib.c
blob: fa56a9693bc990f188a002241c6a80ad3851df3c [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 *
113 * Portions of the attached software ("Contribution") are developed by
114 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
115 *
116 * The Contribution is licensed pursuant to the OpenSSL open source
117 * license provided above.
118 *
119 * ECC cipher suite support in OpenSSL originally written by
120 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
121 *
122 */
123/* ====================================================================
124 * Copyright 2005 Nokia. All rights reserved.
125 *
126 * The portions of the attached software ("Contribution") is developed by
127 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
128 * license.
129 *
130 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132 * support (see RFC 4279) to OpenSSL.
133 *
134 * No patent licenses or other rights except those expressly stated in
135 * the OpenSSL open source license shall be deemed granted or received
136 * expressly, by implication, estoppel, or otherwise.
137 *
138 * No assurances are provided by Nokia that the Contribution does not
139 * infringe the patent or other intellectual property rights of any third
140 * party or that the license provides you with all the necessary rights
141 * to make use of the Contribution.
142 *
143 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
147 * OTHERWISE. */
148
149#include <stdio.h>
150
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]151#include <openssl/buf.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]152#include <openssl/dh.h>
153#include <openssl/md5.h>
154#include <openssl/mem.h>
155#include <openssl/obj.h>
156
157#include "ssl_locl.h"
158
159#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
160
Adam Langleyd8983ce2014-06-20 12:00:00 -0700[diff] [blame]161/* FIXED_NONCE_LEN is a macro that results in the correct value to set the
162 * fixed nonce length in SSL_CIPHER.algorithms2. It's the inverse of
163 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN. */
164#define FIXED_NONCE_LEN(x) ((x/2)<<24)
165
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]166/* list of available SSLv3 ciphers (sorted by id) */
167SSL_CIPHER ssl3_ciphers[]={
168
169/* The RSA ciphers */
170/* Cipher 01 */
171 {
172 1,
173 SSL3_TXT_RSA_NULL_MD5,
174 SSL3_CK_RSA_NULL_MD5,
175 SSL_kRSA,
176 SSL_aRSA,
177 SSL_eNULL,
178 SSL_MD5,
179 SSL_SSLV3,
180 SSL_NOT_EXP|SSL_STRONG_NONE,
181 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
182 0,
183 0,
184 },
185
186/* Cipher 02 */
187 {
188 1,
189 SSL3_TXT_RSA_NULL_SHA,
190 SSL3_CK_RSA_NULL_SHA,
191 SSL_kRSA,
192 SSL_aRSA,
193 SSL_eNULL,
194 SSL_SHA1,
195 SSL_SSLV3,
196 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
197 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
198 0,
199 0,
200 },
201
202/* Cipher 03 */
203 {
204 1,
205 SSL3_TXT_RSA_RC4_40_MD5,
206 SSL3_CK_RSA_RC4_40_MD5,
207 SSL_kRSA,
208 SSL_aRSA,
209 SSL_RC4,
210 SSL_MD5,
211 SSL_SSLV3,
212 SSL_EXPORT|SSL_EXP40,
213 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
214 40,
215 128,
216 },
217
218/* Cipher 04 */
219 {
220 1,
221 SSL3_TXT_RSA_RC4_128_MD5,
222 SSL3_CK_RSA_RC4_128_MD5,
223 SSL_kRSA,
224 SSL_aRSA,
225 SSL_RC4,
226 SSL_MD5,
227 SSL_SSLV3,
228 SSL_NOT_EXP|SSL_MEDIUM,
Adam Langley9447dff2014-06-24 17:29:06 -0700[diff] [blame]229 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|SSL_CIPHER_ALGORITHM2_STATEFUL_AEAD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]230 128,
231 128,
232 },
233
234/* Cipher 05 */
235 {
236 1,
237 SSL3_TXT_RSA_RC4_128_SHA,
238 SSL3_CK_RSA_RC4_128_SHA,
239 SSL_kRSA,
240 SSL_aRSA,
241 SSL_RC4,
242 SSL_SHA1,
243 SSL_SSLV3,
244 SSL_NOT_EXP|SSL_MEDIUM,
245 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
246 128,
247 128,
248 },
249
250/* Cipher 06 */
251 {
252 1,
253 SSL3_TXT_RSA_RC2_40_MD5,
254 SSL3_CK_RSA_RC2_40_MD5,
255 SSL_kRSA,
256 SSL_aRSA,
257 SSL_RC2,
258 SSL_MD5,
259 SSL_SSLV3,
260 SSL_EXPORT|SSL_EXP40,
261 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
262 40,
263 128,
264 },
265
266/* Cipher 07 */
267#ifndef OPENSSL_NO_IDEA
268 {
269 1,
270 SSL3_TXT_RSA_IDEA_128_SHA,
271 SSL3_CK_RSA_IDEA_128_SHA,
272 SSL_kRSA,
273 SSL_aRSA,
274 SSL_IDEA,
275 SSL_SHA1,
276 SSL_SSLV3,
277 SSL_NOT_EXP|SSL_MEDIUM,
278 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
279 128,
280 128,
281 },
282#endif
283
284/* Cipher 08 */
285 {
286 1,
287 SSL3_TXT_RSA_DES_40_CBC_SHA,
288 SSL3_CK_RSA_DES_40_CBC_SHA,
289 SSL_kRSA,
290 SSL_aRSA,
291 SSL_DES,
292 SSL_SHA1,
293 SSL_SSLV3,
294 SSL_EXPORT|SSL_EXP40,
295 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
296 40,
297 56,
298 },
299
300/* Cipher 09 */
301 {
302 1,
303 SSL3_TXT_RSA_DES_64_CBC_SHA,
304 SSL3_CK_RSA_DES_64_CBC_SHA,
305 SSL_kRSA,
306 SSL_aRSA,
307 SSL_DES,
308 SSL_SHA1,
309 SSL_SSLV3,
310 SSL_NOT_EXP|SSL_LOW,
311 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
312 56,
313 56,
314 },
315
316/* Cipher 0A */
317 {
318 1,
319 SSL3_TXT_RSA_DES_192_CBC3_SHA,
320 SSL3_CK_RSA_DES_192_CBC3_SHA,
321 SSL_kRSA,
322 SSL_aRSA,
323 SSL_3DES,
324 SSL_SHA1,
325 SSL_SSLV3,
326 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
327 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]328 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]329 168,
330 },
331
332/* The DH ciphers */
333/* Cipher 0B */
334 {
335 1,
336 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
337 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
338 SSL_kDHd,
339 SSL_aDH,
340 SSL_DES,
341 SSL_SHA1,
342 SSL_SSLV3,
343 SSL_EXPORT|SSL_EXP40,
344 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
345 40,
346 56,
347 },
348
349/* Cipher 0C */
350 {
351 1,
352 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
353 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
354 SSL_kDHd,
355 SSL_aDH,
356 SSL_DES,
357 SSL_SHA1,
358 SSL_SSLV3,
359 SSL_NOT_EXP|SSL_LOW,
360 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
361 56,
362 56,
363 },
364
365/* Cipher 0D */
366 {
367 1,
368 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
369 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
370 SSL_kDHd,
371 SSL_aDH,
372 SSL_3DES,
373 SSL_SHA1,
374 SSL_SSLV3,
375 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
376 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]377 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]378 168,
379 },
380
381/* Cipher 0E */
382 {
383 1,
384 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
385 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
386 SSL_kDHr,
387 SSL_aDH,
388 SSL_DES,
389 SSL_SHA1,
390 SSL_SSLV3,
391 SSL_EXPORT|SSL_EXP40,
392 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
393 40,
394 56,
395 },
396
397/* Cipher 0F */
398 {
399 1,
400 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
401 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
402 SSL_kDHr,
403 SSL_aDH,
404 SSL_DES,
405 SSL_SHA1,
406 SSL_SSLV3,
407 SSL_NOT_EXP|SSL_LOW,
408 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
409 56,
410 56,
411 },
412
413/* Cipher 10 */
414 {
415 1,
416 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
417 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
418 SSL_kDHr,
419 SSL_aDH,
420 SSL_3DES,
421 SSL_SHA1,
422 SSL_SSLV3,
423 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
424 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]425 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]426 168,
427 },
428
429/* The Ephemeral DH ciphers */
430/* Cipher 11 */
431 {
432 1,
433 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
434 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
435 SSL_kEDH,
436 SSL_aDSS,
437 SSL_DES,
438 SSL_SHA1,
439 SSL_SSLV3,
440 SSL_EXPORT|SSL_EXP40,
441 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
442 40,
443 56,
444 },
445
446/* Cipher 12 */
447 {
448 1,
449 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
450 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
451 SSL_kEDH,
452 SSL_aDSS,
453 SSL_DES,
454 SSL_SHA1,
455 SSL_SSLV3,
456 SSL_NOT_EXP|SSL_LOW,
457 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
458 56,
459 56,
460 },
461
462/* Cipher 13 */
463 {
464 1,
465 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
466 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
467 SSL_kEDH,
468 SSL_aDSS,
469 SSL_3DES,
470 SSL_SHA1,
471 SSL_SSLV3,
472 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
473 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]474 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]475 168,
476 },
477
478/* Cipher 14 */
479 {
480 1,
481 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
482 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
483 SSL_kEDH,
484 SSL_aRSA,
485 SSL_DES,
486 SSL_SHA1,
487 SSL_SSLV3,
488 SSL_EXPORT|SSL_EXP40,
489 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
490 40,
491 56,
492 },
493
494/* Cipher 15 */
495 {
496 1,
497 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
498 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
499 SSL_kEDH,
500 SSL_aRSA,
501 SSL_DES,
502 SSL_SHA1,
503 SSL_SSLV3,
504 SSL_NOT_EXP|SSL_LOW,
505 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
506 56,
507 56,
508 },
509
510/* Cipher 16 */
511 {
512 1,
513 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
514 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
515 SSL_kEDH,
516 SSL_aRSA,
517 SSL_3DES,
518 SSL_SHA1,
519 SSL_SSLV3,
520 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
521 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]522 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]523 168,
524 },
525
526/* Cipher 17 */
527 {
528 1,
529 SSL3_TXT_ADH_RC4_40_MD5,
530 SSL3_CK_ADH_RC4_40_MD5,
531 SSL_kEDH,
532 SSL_aNULL,
533 SSL_RC4,
534 SSL_MD5,
535 SSL_SSLV3,
536 SSL_EXPORT|SSL_EXP40,
537 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
538 40,
539 128,
540 },
541
542/* Cipher 18 */
543 {
544 1,
545 SSL3_TXT_ADH_RC4_128_MD5,
546 SSL3_CK_ADH_RC4_128_MD5,
547 SSL_kEDH,
548 SSL_aNULL,
549 SSL_RC4,
550 SSL_MD5,
551 SSL_SSLV3,
552 SSL_NOT_EXP|SSL_MEDIUM,
553 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
554 128,
555 128,
556 },
557
558/* Cipher 19 */
559 {
560 1,
561 SSL3_TXT_ADH_DES_40_CBC_SHA,
562 SSL3_CK_ADH_DES_40_CBC_SHA,
563 SSL_kEDH,
564 SSL_aNULL,
565 SSL_DES,
566 SSL_SHA1,
567 SSL_SSLV3,
568 SSL_EXPORT|SSL_EXP40,
569 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
570 40,
571 128,
572 },
573
574/* Cipher 1A */
575 {
576 1,
577 SSL3_TXT_ADH_DES_64_CBC_SHA,
578 SSL3_CK_ADH_DES_64_CBC_SHA,
579 SSL_kEDH,
580 SSL_aNULL,
581 SSL_DES,
582 SSL_SHA1,
583 SSL_SSLV3,
584 SSL_NOT_EXP|SSL_LOW,
585 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
586 56,
587 56,
588 },
589
590/* Cipher 1B */
591 {
592 1,
593 SSL3_TXT_ADH_DES_192_CBC_SHA,
594 SSL3_CK_ADH_DES_192_CBC_SHA,
595 SSL_kEDH,
596 SSL_aNULL,
597 SSL_3DES,
598 SSL_SHA1,
599 SSL_SSLV3,
600 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
601 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]602 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]603 168,
604 },
605
606/* Fortezza ciphersuite from SSL 3.0 spec */
607#if 0
608/* Cipher 1C */
609 {
610 0,
611 SSL3_TXT_FZA_DMS_NULL_SHA,
612 SSL3_CK_FZA_DMS_NULL_SHA,
613 SSL_kFZA,
614 SSL_aFZA,
615 SSL_eNULL,
616 SSL_SHA1,
617 SSL_SSLV3,
618 SSL_NOT_EXP|SSL_STRONG_NONE,
619 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
620 0,
621 0,
622 },
623
624/* Cipher 1D */
625 {
626 0,
627 SSL3_TXT_FZA_DMS_FZA_SHA,
628 SSL3_CK_FZA_DMS_FZA_SHA,
629 SSL_kFZA,
630 SSL_aFZA,
631 SSL_eFZA,
632 SSL_SHA1,
633 SSL_SSLV3,
634 SSL_NOT_EXP|SSL_STRONG_NONE,
635 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
636 0,
637 0,
638 },
639
640/* Cipher 1E */
641 {
642 0,
643 SSL3_TXT_FZA_DMS_RC4_SHA,
644 SSL3_CK_FZA_DMS_RC4_SHA,
645 SSL_kFZA,
646 SSL_aFZA,
647 SSL_RC4,
648 SSL_SHA1,
649 SSL_SSLV3,
650 SSL_NOT_EXP|SSL_MEDIUM,
651 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
652 128,
653 128,
654 },
655#endif
656
657/* New AES ciphersuites */
658/* Cipher 2F */
659 {
660 1,
661 TLS1_TXT_RSA_WITH_AES_128_SHA,
662 TLS1_CK_RSA_WITH_AES_128_SHA,
663 SSL_kRSA,
664 SSL_aRSA,
665 SSL_AES128,
666 SSL_SHA1,
667 SSL_TLSV1,
668 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
669 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
670 128,
671 128,
672 },
673/* Cipher 30 */
674 {
675 1,
676 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
677 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
678 SSL_kDHd,
679 SSL_aDH,
680 SSL_AES128,
681 SSL_SHA1,
682 SSL_TLSV1,
683 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
684 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
685 128,
686 128,
687 },
688/* Cipher 31 */
689 {
690 1,
691 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
692 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
693 SSL_kDHr,
694 SSL_aDH,
695 SSL_AES128,
696 SSL_SHA1,
697 SSL_TLSV1,
698 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
699 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
700 128,
701 128,
702 },
703/* Cipher 32 */
704 {
705 1,
706 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
707 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
708 SSL_kEDH,
709 SSL_aDSS,
710 SSL_AES128,
711 SSL_SHA1,
712 SSL_TLSV1,
713 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
714 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
715 128,
716 128,
717 },
718/* Cipher 33 */
719 {
720 1,
721 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
722 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
723 SSL_kEDH,
724 SSL_aRSA,
725 SSL_AES128,
726 SSL_SHA1,
727 SSL_TLSV1,
728 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
729 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
730 128,
731 128,
732 },
733/* Cipher 34 */
734 {
735 1,
736 TLS1_TXT_ADH_WITH_AES_128_SHA,
737 TLS1_CK_ADH_WITH_AES_128_SHA,
738 SSL_kEDH,
739 SSL_aNULL,
740 SSL_AES128,
741 SSL_SHA1,
742 SSL_TLSV1,
743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
744 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
745 128,
746 128,
747 },
748
749/* Cipher 35 */
750 {
751 1,
752 TLS1_TXT_RSA_WITH_AES_256_SHA,
753 TLS1_CK_RSA_WITH_AES_256_SHA,
754 SSL_kRSA,
755 SSL_aRSA,
756 SSL_AES256,
757 SSL_SHA1,
758 SSL_TLSV1,
759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
760 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
761 256,
762 256,
763 },
764/* Cipher 36 */
765 {
766 1,
767 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
768 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
769 SSL_kDHd,
770 SSL_aDH,
771 SSL_AES256,
772 SSL_SHA1,
773 SSL_TLSV1,
774 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
775 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
776 256,
777 256,
778 },
779
780/* Cipher 37 */
781 {
782 1,
783 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
784 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
785 SSL_kDHr,
786 SSL_aDH,
787 SSL_AES256,
788 SSL_SHA1,
789 SSL_TLSV1,
790 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
791 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
792 256,
793 256,
794 },
795
796/* Cipher 38 */
797 {
798 1,
799 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
800 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
801 SSL_kEDH,
802 SSL_aDSS,
803 SSL_AES256,
804 SSL_SHA1,
805 SSL_TLSV1,
806 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
807 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
808 256,
809 256,
810 },
811
812/* Cipher 39 */
813 {
814 1,
815 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
816 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
817 SSL_kEDH,
818 SSL_aRSA,
819 SSL_AES256,
820 SSL_SHA1,
821 SSL_TLSV1,
822 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
823 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
824 256,
825 256,
826 },
827
828 /* Cipher 3A */
829 {
830 1,
831 TLS1_TXT_ADH_WITH_AES_256_SHA,
832 TLS1_CK_ADH_WITH_AES_256_SHA,
833 SSL_kEDH,
834 SSL_aNULL,
835 SSL_AES256,
836 SSL_SHA1,
837 SSL_TLSV1,
838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
839 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
840 256,
841 256,
842 },
843
844 /* TLS v1.2 ciphersuites */
845 /* Cipher 3B */
846 {
847 1,
848 TLS1_TXT_RSA_WITH_NULL_SHA256,
849 TLS1_CK_RSA_WITH_NULL_SHA256,
850 SSL_kRSA,
851 SSL_aRSA,
852 SSL_eNULL,
853 SSL_SHA256,
854 SSL_TLSV1_2,
855 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
856 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
857 0,
858 0,
859 },
860
861 /* Cipher 3C */
862 {
863 1,
864 TLS1_TXT_RSA_WITH_AES_128_SHA256,
865 TLS1_CK_RSA_WITH_AES_128_SHA256,
866 SSL_kRSA,
867 SSL_aRSA,
868 SSL_AES128,
869 SSL_SHA256,
870 SSL_TLSV1_2,
871 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
873 128,
874 128,
875 },
876
877 /* Cipher 3D */
878 {
879 1,
880 TLS1_TXT_RSA_WITH_AES_256_SHA256,
881 TLS1_CK_RSA_WITH_AES_256_SHA256,
882 SSL_kRSA,
883 SSL_aRSA,
884 SSL_AES256,
885 SSL_SHA256,
886 SSL_TLSV1_2,
887 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
888 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
889 256,
890 256,
891 },
892
893 /* Cipher 3E */
894 {
895 1,
896 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
897 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
898 SSL_kDHd,
899 SSL_aDH,
900 SSL_AES128,
901 SSL_SHA256,
902 SSL_TLSV1_2,
903 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
904 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
905 128,
906 128,
907 },
908
909 /* Cipher 3F */
910 {
911 1,
912 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
913 TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
914 SSL_kDHr,
915 SSL_aDH,
916 SSL_AES128,
917 SSL_SHA256,
918 SSL_TLSV1_2,
919 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
920 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
921 128,
922 128,
923 },
924
925 /* Cipher 40 */
926 {
927 1,
928 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
929 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
930 SSL_kEDH,
931 SSL_aDSS,
932 SSL_AES128,
933 SSL_SHA256,
934 SSL_TLSV1_2,
935 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
936 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
937 128,
938 128,
939 },
940
941#ifndef OPENSSL_NO_CAMELLIA
942 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
943
944 /* Cipher 41 */
945 {
946 1,
947 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
948 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
949 SSL_kRSA,
950 SSL_aRSA,
951 SSL_CAMELLIA128,
952 SSL_SHA1,
953 SSL_TLSV1,
954 SSL_NOT_EXP|SSL_HIGH,
955 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
956 128,
957 128,
958 },
959
960 /* Cipher 42 */
961 {
962 1,
963 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
964 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
965 SSL_kDHd,
966 SSL_aDH,
967 SSL_CAMELLIA128,
968 SSL_SHA1,
969 SSL_TLSV1,
970 SSL_NOT_EXP|SSL_HIGH,
971 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
972 128,
973 128,
974 },
975
976 /* Cipher 43 */
977 {
978 1,
979 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
980 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
981 SSL_kDHr,
982 SSL_aDH,
983 SSL_CAMELLIA128,
984 SSL_SHA1,
985 SSL_TLSV1,
986 SSL_NOT_EXP|SSL_HIGH,
987 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
988 128,
989 128,
990 },
991
992 /* Cipher 44 */
993 {
994 1,
995 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
996 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
997 SSL_kEDH,
998 SSL_aDSS,
999 SSL_CAMELLIA128,
1000 SSL_SHA1,
1001 SSL_TLSV1,
1002 SSL_NOT_EXP|SSL_HIGH,
1003 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1004 128,
1005 128,
1006 },
1007
1008 /* Cipher 45 */
1009 {
1010 1,
1011 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1012 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1013 SSL_kEDH,
1014 SSL_aRSA,
1015 SSL_CAMELLIA128,
1016 SSL_SHA1,
1017 SSL_TLSV1,
1018 SSL_NOT_EXP|SSL_HIGH,
1019 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1020 128,
1021 128,
1022 },
1023
1024 /* Cipher 46 */
1025 {
1026 1,
1027 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1028 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1029 SSL_kEDH,
1030 SSL_aNULL,
1031 SSL_CAMELLIA128,
1032 SSL_SHA1,
1033 SSL_TLSV1,
1034 SSL_NOT_EXP|SSL_HIGH,
1035 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1036 128,
1037 128,
1038 },
1039#endif /* OPENSSL_NO_CAMELLIA */
1040
1041#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1042 /* New TLS Export CipherSuites from expired ID */
1043#if 0
1044 /* Cipher 60 */
1045 {
1046 1,
1047 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1048 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1049 SSL_kRSA,
1050 SSL_aRSA,
1051 SSL_RC4,
1052 SSL_MD5,
1053 SSL_TLSV1,
1054 SSL_EXPORT|SSL_EXP56,
1055 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1056 56,
1057 128,
1058 },
1059
1060 /* Cipher 61 */
1061 {
1062 1,
1063 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1064 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1065 SSL_kRSA,
1066 SSL_aRSA,
1067 SSL_RC2,
1068 SSL_MD5,
1069 SSL_TLSV1,
1070 SSL_EXPORT|SSL_EXP56,
1071 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1072 56,
1073 128,
1074 },
1075#endif
1076
1077 /* Cipher 62 */
1078 {
1079 1,
1080 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1081 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1082 SSL_kRSA,
1083 SSL_aRSA,
1084 SSL_DES,
1085 SSL_SHA1,
1086 SSL_TLSV1,
1087 SSL_EXPORT|SSL_EXP56,
1088 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1089 56,
1090 56,
1091 },
1092
1093 /* Cipher 63 */
1094 {
1095 1,
1096 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1097 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1098 SSL_kEDH,
1099 SSL_aDSS,
1100 SSL_DES,
1101 SSL_SHA1,
1102 SSL_TLSV1,
1103 SSL_EXPORT|SSL_EXP56,
1104 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1105 56,
1106 56,
1107 },
1108
1109 /* Cipher 64 */
1110 {
1111 1,
1112 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1113 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1114 SSL_kRSA,
1115 SSL_aRSA,
1116 SSL_RC4,
1117 SSL_SHA1,
1118 SSL_TLSV1,
1119 SSL_EXPORT|SSL_EXP56,
1120 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1121 56,
1122 128,
1123 },
1124
1125 /* Cipher 65 */
1126 {
1127 1,
1128 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1129 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1130 SSL_kEDH,
1131 SSL_aDSS,
1132 SSL_RC4,
1133 SSL_SHA1,
1134 SSL_TLSV1,
1135 SSL_EXPORT|SSL_EXP56,
1136 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1137 56,
1138 128,
1139 },
1140
1141 /* Cipher 66 */
1142 {
1143 1,
1144 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1145 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1146 SSL_kEDH,
1147 SSL_aDSS,
1148 SSL_RC4,
1149 SSL_SHA1,
1150 SSL_TLSV1,
1151 SSL_NOT_EXP|SSL_MEDIUM,
1152 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1153 128,
1154 128,
1155 },
1156#endif
1157
1158 /* TLS v1.2 ciphersuites */
1159 /* Cipher 67 */
1160 {
1161 1,
1162 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1163 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1164 SSL_kEDH,
1165 SSL_aRSA,
1166 SSL_AES128,
1167 SSL_SHA256,
1168 SSL_TLSV1_2,
1169 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1170 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1171 128,
1172 128,
1173 },
1174
1175 /* Cipher 68 */
1176 {
1177 1,
1178 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1179 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1180 SSL_kDHd,
1181 SSL_aDH,
1182 SSL_AES256,
1183 SSL_SHA256,
1184 SSL_TLSV1_2,
1185 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1186 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1187 256,
1188 256,
1189 },
1190
1191 /* Cipher 69 */
1192 {
1193 1,
1194 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1195 TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1196 SSL_kDHr,
1197 SSL_aDH,
1198 SSL_AES256,
1199 SSL_SHA256,
1200 SSL_TLSV1_2,
1201 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1202 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1203 256,
1204 256,
1205 },
1206
1207 /* Cipher 6A */
1208 {
1209 1,
1210 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1211 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1212 SSL_kEDH,
1213 SSL_aDSS,
1214 SSL_AES256,
1215 SSL_SHA256,
1216 SSL_TLSV1_2,
1217 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1218 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1219 256,
1220 256,
1221 },
1222
1223 /* Cipher 6B */
1224 {
1225 1,
1226 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1227 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1228 SSL_kEDH,
1229 SSL_aRSA,
1230 SSL_AES256,
1231 SSL_SHA256,
1232 SSL_TLSV1_2,
1233 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1234 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1235 256,
1236 256,
1237 },
1238
1239 /* Cipher 6C */
1240 {
1241 1,
1242 TLS1_TXT_ADH_WITH_AES_128_SHA256,
1243 TLS1_CK_ADH_WITH_AES_128_SHA256,
1244 SSL_kEDH,
1245 SSL_aNULL,
1246 SSL_AES128,
1247 SSL_SHA256,
1248 SSL_TLSV1_2,
1249 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1250 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1251 128,
1252 128,
1253 },
1254
1255 /* Cipher 6D */
1256 {
1257 1,
1258 TLS1_TXT_ADH_WITH_AES_256_SHA256,
1259 TLS1_CK_ADH_WITH_AES_256_SHA256,
1260 SSL_kEDH,
1261 SSL_aNULL,
1262 SSL_AES256,
1263 SSL_SHA256,
1264 SSL_TLSV1_2,
1265 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1266 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1267 256,
1268 256,
1269 },
1270
1271 /* GOST Ciphersuites */
1272
1273 {
1274 1,
1275 "GOST94-GOST89-GOST89",
1276 0x3000080,
1277 SSL_kGOST,
1278 SSL_aGOST94,
1279 SSL_eGOST2814789CNT,
1280 SSL_GOST89MAC,
1281 SSL_TLSV1,
1282 SSL_NOT_EXP|SSL_HIGH,
1283 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1284 256,
1285 256
1286 },
1287 {
1288 1,
1289 "GOST2001-GOST89-GOST89",
1290 0x3000081,
1291 SSL_kGOST,
1292 SSL_aGOST01,
1293 SSL_eGOST2814789CNT,
1294 SSL_GOST89MAC,
1295 SSL_TLSV1,
1296 SSL_NOT_EXP|SSL_HIGH,
1297 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1298 256,
1299 256
1300 },
1301 {
1302 1,
1303 "GOST94-NULL-GOST94",
1304 0x3000082,
1305 SSL_kGOST,
1306 SSL_aGOST94,
1307 SSL_eNULL,
1308 SSL_GOST94,
1309 SSL_TLSV1,
1310 SSL_NOT_EXP|SSL_STRONG_NONE,
1311 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1312 0,
1313 0
1314 },
1315 {
1316 1,
1317 "GOST2001-NULL-GOST94",
1318 0x3000083,
1319 SSL_kGOST,
1320 SSL_aGOST01,
1321 SSL_eNULL,
1322 SSL_GOST94,
1323 SSL_TLSV1,
1324 SSL_NOT_EXP|SSL_STRONG_NONE,
1325 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1326 0,
1327 0
1328 },
1329
1330#ifndef OPENSSL_NO_CAMELLIA
1331 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1332
1333 /* Cipher 84 */
1334 {
1335 1,
1336 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1337 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1338 SSL_kRSA,
1339 SSL_aRSA,
1340 SSL_CAMELLIA256,
1341 SSL_SHA1,
1342 SSL_TLSV1,
1343 SSL_NOT_EXP|SSL_HIGH,
1344 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1345 256,
1346 256,
1347 },
1348 /* Cipher 85 */
1349 {
1350 1,
1351 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1352 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1353 SSL_kDHd,
1354 SSL_aDH,
1355 SSL_CAMELLIA256,
1356 SSL_SHA1,
1357 SSL_TLSV1,
1358 SSL_NOT_EXP|SSL_HIGH,
1359 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1360 256,
1361 256,
1362 },
1363
1364 /* Cipher 86 */
1365 {
1366 1,
1367 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1368 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1369 SSL_kDHr,
1370 SSL_aDH,
1371 SSL_CAMELLIA256,
1372 SSL_SHA1,
1373 SSL_TLSV1,
1374 SSL_NOT_EXP|SSL_HIGH,
1375 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1376 256,
1377 256,
1378 },
1379
1380 /* Cipher 87 */
1381 {
1382 1,
1383 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1384 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1385 SSL_kEDH,
1386 SSL_aDSS,
1387 SSL_CAMELLIA256,
1388 SSL_SHA1,
1389 SSL_TLSV1,
1390 SSL_NOT_EXP|SSL_HIGH,
1391 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1392 256,
1393 256,
1394 },
1395
1396 /* Cipher 88 */
1397 {
1398 1,
1399 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1400 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1401 SSL_kEDH,
1402 SSL_aRSA,
1403 SSL_CAMELLIA256,
1404 SSL_SHA1,
1405 SSL_TLSV1,
1406 SSL_NOT_EXP|SSL_HIGH,
1407 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1408 256,
1409 256,
1410 },
1411
1412 /* Cipher 89 */
1413 {
1414 1,
1415 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1416 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1417 SSL_kEDH,
1418 SSL_aNULL,
1419 SSL_CAMELLIA256,
1420 SSL_SHA1,
1421 SSL_TLSV1,
1422 SSL_NOT_EXP|SSL_HIGH,
1423 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1424 256,
1425 256,
1426 },
1427#endif /* OPENSSL_NO_CAMELLIA */
1428
1429#ifndef OPENSSL_NO_PSK
1430 /* Cipher 8A */
1431 {
1432 1,
1433 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1434 TLS1_CK_PSK_WITH_RC4_128_SHA,
1435 SSL_kPSK,
1436 SSL_aPSK,
1437 SSL_RC4,
1438 SSL_SHA1,
1439 SSL_TLSV1,
1440 SSL_NOT_EXP|SSL_MEDIUM,
1441 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1442 128,
1443 128,
1444 },
1445
1446 /* Cipher 8B */
1447 {
1448 1,
1449 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1450 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1451 SSL_kPSK,
1452 SSL_aPSK,
1453 SSL_3DES,
1454 SSL_SHA1,
1455 SSL_TLSV1,
1456 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1457 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]1458 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1459 168,
1460 },
1461
1462 /* Cipher 8C */
1463 {
1464 1,
1465 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1466 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1467 SSL_kPSK,
1468 SSL_aPSK,
1469 SSL_AES128,
1470 SSL_SHA1,
1471 SSL_TLSV1,
1472 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1473 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1474 128,
1475 128,
1476 },
1477
1478 /* Cipher 8D */
1479 {
1480 1,
1481 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1482 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1483 SSL_kPSK,
1484 SSL_aPSK,
1485 SSL_AES256,
1486 SSL_SHA1,
1487 SSL_TLSV1,
1488 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1489 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1490 256,
1491 256,
1492 },
1493#endif /* OPENSSL_NO_PSK */
1494
1495#ifndef OPENSSL_NO_SEED
1496 /* SEED ciphersuites from RFC4162 */
1497
1498 /* Cipher 96 */
1499 {
1500 1,
1501 TLS1_TXT_RSA_WITH_SEED_SHA,
1502 TLS1_CK_RSA_WITH_SEED_SHA,
1503 SSL_kRSA,
1504 SSL_aRSA,
1505 SSL_SEED,
1506 SSL_SHA1,
1507 SSL_TLSV1,
1508 SSL_NOT_EXP|SSL_MEDIUM,
1509 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1510 128,
1511 128,
1512 },
1513
1514 /* Cipher 97 */
1515 {
1516 1,
1517 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1518 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1519 SSL_kDHd,
1520 SSL_aDH,
1521 SSL_SEED,
1522 SSL_SHA1,
1523 SSL_TLSV1,
1524 SSL_NOT_EXP|SSL_MEDIUM,
1525 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1526 128,
1527 128,
1528 },
1529
1530 /* Cipher 98 */
1531 {
1532 1,
1533 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1534 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1535 SSL_kDHr,
1536 SSL_aDH,
1537 SSL_SEED,
1538 SSL_SHA1,
1539 SSL_TLSV1,
1540 SSL_NOT_EXP|SSL_MEDIUM,
1541 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1542 128,
1543 128,
1544 },
1545
1546 /* Cipher 99 */
1547 {
1548 1,
1549 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1550 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1551 SSL_kEDH,
1552 SSL_aDSS,
1553 SSL_SEED,
1554 SSL_SHA1,
1555 SSL_TLSV1,
1556 SSL_NOT_EXP|SSL_MEDIUM,
1557 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1558 128,
1559 128,
1560 },
1561
1562 /* Cipher 9A */
1563 {
1564 1,
1565 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1566 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1567 SSL_kEDH,
1568 SSL_aRSA,
1569 SSL_SEED,
1570 SSL_SHA1,
1571 SSL_TLSV1,
1572 SSL_NOT_EXP|SSL_MEDIUM,
1573 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1574 128,
1575 128,
1576 },
1577
1578 /* Cipher 9B */
1579 {
1580 1,
1581 TLS1_TXT_ADH_WITH_SEED_SHA,
1582 TLS1_CK_ADH_WITH_SEED_SHA,
1583 SSL_kEDH,
1584 SSL_aNULL,
1585 SSL_SEED,
1586 SSL_SHA1,
1587 SSL_TLSV1,
1588 SSL_NOT_EXP|SSL_MEDIUM,
1589 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1590 128,
1591 128,
1592 },
1593
1594#endif /* OPENSSL_NO_SEED */
1595
1596 /* GCM ciphersuites from RFC5288 */
1597
1598 /* Cipher 9C */
1599 {
1600 1,
1601 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1602 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1603 SSL_kRSA,
1604 SSL_aRSA,
1605 SSL_AES128GCM,
1606 SSL_AEAD,
1607 SSL_TLSV1_2,
1608 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]1609 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1610 128,
1611 128,
1612 },
1613
1614 /* Cipher 9D */
1615 {
1616 1,
1617 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1618 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1619 SSL_kRSA,
1620 SSL_aRSA,
1621 SSL_AES256GCM,
1622 SSL_AEAD,
1623 SSL_TLSV1_2,
1624 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]1625 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1626 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1627 256,
1628 256,
1629 },
1630
1631 /* Cipher 9E */
1632 {
1633 1,
1634 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1635 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1636 SSL_kEDH,
1637 SSL_aRSA,
1638 SSL_AES128GCM,
1639 SSL_AEAD,
1640 SSL_TLSV1_2,
1641 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]1642 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1643 128,
1644 128,
1645 },
1646
1647 /* Cipher 9F */
1648 {
1649 1,
1650 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1651 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1652 SSL_kEDH,
1653 SSL_aRSA,
1654 SSL_AES256GCM,
1655 SSL_AEAD,
1656 SSL_TLSV1_2,
1657 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]1658 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1659 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1660 256,
1661 256,
1662 },
1663
1664 /* Cipher A0 */
1665 {
1666 1,
1667 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1668 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1669 SSL_kDHr,
1670 SSL_aDH,
1671 SSL_AES128GCM,
1672 SSL_AEAD,
1673 SSL_TLSV1_2,
1674 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]1675 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1676 128,
1677 128,
1678 },
1679
1680 /* Cipher A1 */
1681 {
1682 1,
1683 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1684 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1685 SSL_kDHr,
1686 SSL_aDH,
1687 SSL_AES256GCM,
1688 SSL_AEAD,
1689 SSL_TLSV1_2,
1690 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]1691 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1692 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1693 256,
1694 256,
1695 },
1696
1697 /* Cipher A2 */
1698 {
1699 1,
1700 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1701 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1702 SSL_kEDH,
1703 SSL_aDSS,
1704 SSL_AES128GCM,
1705 SSL_AEAD,
1706 SSL_TLSV1_2,
1707 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]1708 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1709 128,
1710 128,
1711 },
1712
1713 /* Cipher A3 */
1714 {
1715 1,
1716 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1717 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1718 SSL_kEDH,
1719 SSL_aDSS,
1720 SSL_AES256GCM,
1721 SSL_AEAD,
1722 SSL_TLSV1_2,
1723 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]1724 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1725 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1726 256,
1727 256,
1728 },
1729
1730 /* Cipher A4 */
1731 {
1732 1,
1733 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1734 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1735 SSL_kDHd,
1736 SSL_aDH,
1737 SSL_AES128GCM,
1738 SSL_AEAD,
1739 SSL_TLSV1_2,
1740 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]1741 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1742 128,
1743 128,
1744 },
1745
1746 /* Cipher A5 */
1747 {
1748 1,
1749 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1750 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1751 SSL_kDHd,
1752 SSL_aDH,
1753 SSL_AES256GCM,
1754 SSL_AEAD,
1755 SSL_TLSV1_2,
1756 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]1757 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1758 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1759 256,
1760 256,
1761 },
1762
1763 /* Cipher A6 */
1764 {
1765 1,
1766 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1767 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1768 SSL_kEDH,
1769 SSL_aNULL,
1770 SSL_AES128GCM,
1771 SSL_AEAD,
1772 SSL_TLSV1_2,
1773 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]1774 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1775 128,
1776 128,
1777 },
1778
1779 /* Cipher A7 */
1780 {
1781 1,
1782 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
1783 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
1784 SSL_kEDH,
1785 SSL_aNULL,
1786 SSL_AES256GCM,
1787 SSL_AEAD,
1788 SSL_TLSV1_2,
1789 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]1790 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1791 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1792 256,
1793 256,
1794 },
1795#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
1796 {
1797 1,
1798 "SCSV",
1799 SSL3_CK_SCSV,
1800 0,
1801 0,
1802 0,
1803 0,
1804 0,
1805 0,
1806 0,
1807 0,
1808 0
1809 },
1810#endif
1811
1812#ifndef OPENSSL_NO_ECDH
1813 /* Cipher C001 */
1814 {
1815 1,
1816 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1817 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1818 SSL_kECDHe,
1819 SSL_aECDH,
1820 SSL_eNULL,
1821 SSL_SHA1,
1822 SSL_TLSV1,
1823 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1824 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1825 0,
1826 0,
1827 },
1828
1829 /* Cipher C002 */
1830 {
1831 1,
1832 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1833 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1834 SSL_kECDHe,
1835 SSL_aECDH,
1836 SSL_RC4,
1837 SSL_SHA1,
1838 SSL_TLSV1,
1839 SSL_NOT_EXP|SSL_MEDIUM,
1840 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1841 128,
1842 128,
1843 },
1844
1845 /* Cipher C003 */
1846 {
1847 1,
1848 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1849 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1850 SSL_kECDHe,
1851 SSL_aECDH,
1852 SSL_3DES,
1853 SSL_SHA1,
1854 SSL_TLSV1,
1855 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1856 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]1857 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1858 168,
1859 },
1860
1861 /* Cipher C004 */
1862 {
1863 1,
1864 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1865 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1866 SSL_kECDHe,
1867 SSL_aECDH,
1868 SSL_AES128,
1869 SSL_SHA1,
1870 SSL_TLSV1,
1871 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1873 128,
1874 128,
1875 },
1876
1877 /* Cipher C005 */
1878 {
1879 1,
1880 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1881 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1882 SSL_kECDHe,
1883 SSL_aECDH,
1884 SSL_AES256,
1885 SSL_SHA1,
1886 SSL_TLSV1,
1887 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1888 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1889 256,
1890 256,
1891 },
1892
1893 /* Cipher C006 */
1894 {
1895 1,
1896 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1897 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1898 SSL_kEECDH,
1899 SSL_aECDSA,
1900 SSL_eNULL,
1901 SSL_SHA1,
1902 SSL_TLSV1,
1903 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1904 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1905 0,
1906 0,
1907 },
1908
1909 /* Cipher C007 */
1910 {
1911 1,
1912 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1913 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1914 SSL_kEECDH,
1915 SSL_aECDSA,
1916 SSL_RC4,
1917 SSL_SHA1,
1918 SSL_TLSV1,
1919 SSL_NOT_EXP|SSL_MEDIUM,
1920 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1921 128,
1922 128,
1923 },
1924
1925 /* Cipher C008 */
1926 {
1927 1,
1928 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1929 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1930 SSL_kEECDH,
1931 SSL_aECDSA,
1932 SSL_3DES,
1933 SSL_SHA1,
1934 SSL_TLSV1,
1935 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1936 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]1937 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1938 168,
1939 },
1940
1941 /* Cipher C009 */
1942 {
1943 1,
1944 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1945 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1946 SSL_kEECDH,
1947 SSL_aECDSA,
1948 SSL_AES128,
1949 SSL_SHA1,
1950 SSL_TLSV1,
1951 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1952 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1953 128,
1954 128,
1955 },
1956
1957 /* Cipher C00A */
1958 {
1959 1,
1960 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1961 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1962 SSL_kEECDH,
1963 SSL_aECDSA,
1964 SSL_AES256,
1965 SSL_SHA1,
1966 SSL_TLSV1,
1967 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1968 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1969 256,
1970 256,
1971 },
1972
1973 /* Cipher C00B */
1974 {
1975 1,
1976 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1977 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1978 SSL_kECDHr,
1979 SSL_aECDH,
1980 SSL_eNULL,
1981 SSL_SHA1,
1982 SSL_TLSV1,
1983 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1984 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1985 0,
1986 0,
1987 },
1988
1989 /* Cipher C00C */
1990 {
1991 1,
1992 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1993 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1994 SSL_kECDHr,
1995 SSL_aECDH,
1996 SSL_RC4,
1997 SSL_SHA1,
1998 SSL_TLSV1,
1999 SSL_NOT_EXP|SSL_MEDIUM,
2000 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2001 128,
2002 128,
2003 },
2004
2005 /* Cipher C00D */
2006 {
2007 1,
2008 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2009 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2010 SSL_kECDHr,
2011 SSL_aECDH,
2012 SSL_3DES,
2013 SSL_SHA1,
2014 SSL_TLSV1,
2015 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2016 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]2017 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2018 168,
2019 },
2020
2021 /* Cipher C00E */
2022 {
2023 1,
2024 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2025 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2026 SSL_kECDHr,
2027 SSL_aECDH,
2028 SSL_AES128,
2029 SSL_SHA1,
2030 SSL_TLSV1,
2031 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2033 128,
2034 128,
2035 },
2036
2037 /* Cipher C00F */
2038 {
2039 1,
2040 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2041 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2042 SSL_kECDHr,
2043 SSL_aECDH,
2044 SSL_AES256,
2045 SSL_SHA1,
2046 SSL_TLSV1,
2047 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2048 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2049 256,
2050 256,
2051 },
2052
2053 /* Cipher C010 */
2054 {
2055 1,
2056 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2057 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2058 SSL_kEECDH,
2059 SSL_aRSA,
2060 SSL_eNULL,
2061 SSL_SHA1,
2062 SSL_TLSV1,
2063 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2065 0,
2066 0,
2067 },
2068
2069 /* Cipher C011 */
2070 {
2071 1,
2072 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2073 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2074 SSL_kEECDH,
2075 SSL_aRSA,
2076 SSL_RC4,
2077 SSL_SHA1,
2078 SSL_TLSV1,
2079 SSL_NOT_EXP|SSL_MEDIUM,
2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2081 128,
2082 128,
2083 },
2084
2085 /* Cipher C012 */
2086 {
2087 1,
2088 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2089 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2090 SSL_kEECDH,
2091 SSL_aRSA,
2092 SSL_3DES,
2093 SSL_SHA1,
2094 SSL_TLSV1,
2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]2097 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2098 168,
2099 },
2100
2101 /* Cipher C013 */
2102 {
2103 1,
2104 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2105 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2106 SSL_kEECDH,
2107 SSL_aRSA,
2108 SSL_AES128,
2109 SSL_SHA1,
2110 SSL_TLSV1,
2111 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2113 128,
2114 128,
2115 },
2116
2117 /* Cipher C014 */
2118 {
2119 1,
2120 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2121 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2122 SSL_kEECDH,
2123 SSL_aRSA,
2124 SSL_AES256,
2125 SSL_SHA1,
2126 SSL_TLSV1,
2127 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2128 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2129 256,
2130 256,
2131 },
2132
2133 /* Cipher C015 */
2134 {
2135 1,
2136 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2137 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2138 SSL_kEECDH,
2139 SSL_aNULL,
2140 SSL_eNULL,
2141 SSL_SHA1,
2142 SSL_TLSV1,
2143 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2145 0,
2146 0,
2147 },
2148
2149 /* Cipher C016 */
2150 {
2151 1,
2152 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2153 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2154 SSL_kEECDH,
2155 SSL_aNULL,
2156 SSL_RC4,
2157 SSL_SHA1,
2158 SSL_TLSV1,
2159 SSL_NOT_EXP|SSL_MEDIUM,
2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2161 128,
2162 128,
2163 },
2164
2165 /* Cipher C017 */
2166 {
2167 1,
2168 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2169 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2170 SSL_kEECDH,
2171 SSL_aNULL,
2172 SSL_3DES,
2173 SSL_SHA1,
2174 SSL_TLSV1,
2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
Adam Langley83143512014-06-20 12:00:00 -0700[diff] [blame]2177 112,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2178 168,
2179 },
2180
2181 /* Cipher C018 */
2182 {
2183 1,
2184 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2185 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2186 SSL_kEECDH,
2187 SSL_aNULL,
2188 SSL_AES128,
2189 SSL_SHA1,
2190 SSL_TLSV1,
2191 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2193 128,
2194 128,
2195 },
2196
2197 /* Cipher C019 */
2198 {
2199 1,
2200 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2201 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2202 SSL_kEECDH,
2203 SSL_aNULL,
2204 SSL_AES256,
2205 SSL_SHA1,
2206 SSL_TLSV1,
2207 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2208 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2209 256,
2210 256,
2211 },
2212#endif /* OPENSSL_NO_ECDH */
2213
2214#ifndef OPENSSL_NO_ECDH
2215
2216 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2217
2218 /* Cipher C023 */
2219 {
2220 1,
2221 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2222 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2223 SSL_kEECDH,
2224 SSL_aECDSA,
2225 SSL_AES128,
2226 SSL_SHA256,
2227 SSL_TLSV1_2,
2228 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2229 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2230 128,
2231 128,
2232 },
2233
2234 /* Cipher C024 */
2235 {
2236 1,
2237 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2238 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2239 SSL_kEECDH,
2240 SSL_aECDSA,
2241 SSL_AES256,
2242 SSL_SHA384,
2243 SSL_TLSV1_2,
2244 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2245 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2246 256,
2247 256,
2248 },
2249
2250 /* Cipher C025 */
2251 {
2252 1,
2253 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2254 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2255 SSL_kECDHe,
2256 SSL_aECDH,
2257 SSL_AES128,
2258 SSL_SHA256,
2259 SSL_TLSV1_2,
2260 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2261 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2262 128,
2263 128,
2264 },
2265
2266 /* Cipher C026 */
2267 {
2268 1,
2269 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2270 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2271 SSL_kECDHe,
2272 SSL_aECDH,
2273 SSL_AES256,
2274 SSL_SHA384,
2275 SSL_TLSV1_2,
2276 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2277 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2278 256,
2279 256,
2280 },
2281
2282 /* Cipher C027 */
2283 {
2284 1,
2285 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2286 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2287 SSL_kEECDH,
2288 SSL_aRSA,
2289 SSL_AES128,
2290 SSL_SHA256,
2291 SSL_TLSV1_2,
2292 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2293 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2294 128,
2295 128,
2296 },
2297
2298 /* Cipher C028 */
2299 {
2300 1,
2301 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2302 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2303 SSL_kEECDH,
2304 SSL_aRSA,
2305 SSL_AES256,
2306 SSL_SHA384,
2307 SSL_TLSV1_2,
2308 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2309 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2310 256,
2311 256,
2312 },
2313
2314 /* Cipher C029 */
2315 {
2316 1,
2317 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2318 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2319 SSL_kECDHr,
2320 SSL_aECDH,
2321 SSL_AES128,
2322 SSL_SHA256,
2323 SSL_TLSV1_2,
2324 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2325 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2326 128,
2327 128,
2328 },
2329
2330 /* Cipher C02A */
2331 {
2332 1,
2333 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2334 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2335 SSL_kECDHr,
2336 SSL_aECDH,
2337 SSL_AES256,
2338 SSL_SHA384,
2339 SSL_TLSV1_2,
2340 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2341 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2342 256,
2343 256,
2344 },
2345
2346 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2347
2348 /* Cipher C02B */
2349 {
2350 1,
2351 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2352 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2353 SSL_kEECDH,
2354 SSL_aECDSA,
2355 SSL_AES128GCM,
2356 SSL_AEAD,
2357 SSL_TLSV1_2,
2358 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]2359 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2360 128,
2361 128,
2362 },
2363
2364 /* Cipher C02C */
2365 {
2366 1,
2367 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2368 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2369 SSL_kEECDH,
2370 SSL_aECDSA,
2371 SSL_AES256GCM,
2372 SSL_AEAD,
2373 SSL_TLSV1_2,
2374 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]2375 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2376 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2377 256,
2378 256,
2379 },
2380
2381 /* Cipher C02D */
2382 {
2383 1,
2384 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2385 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2386 SSL_kECDHe,
2387 SSL_aECDH,
2388 SSL_AES128GCM,
2389 SSL_AEAD,
2390 SSL_TLSV1_2,
2391 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]2392 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2393 128,
2394 128,
2395 },
2396
2397 /* Cipher C02E */
2398 {
2399 1,
2400 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2401 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2402 SSL_kECDHe,
2403 SSL_aECDH,
2404 SSL_AES256GCM,
2405 SSL_AEAD,
2406 SSL_TLSV1_2,
2407 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]2408 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2409 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2410 256,
2411 256,
2412 },
2413
2414 /* Cipher C02F */
2415 {
2416 1,
2417 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2418 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2419 SSL_kEECDH,
2420 SSL_aRSA,
2421 SSL_AES128GCM,
2422 SSL_AEAD,
2423 SSL_TLSV1_2,
2424 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]2425 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2426 128,
2427 128,
2428 },
2429
2430 /* Cipher C030 */
2431 {
2432 1,
2433 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2434 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2435 SSL_kEECDH,
2436 SSL_aRSA,
2437 SSL_AES256GCM,
2438 SSL_AEAD,
2439 SSL_TLSV1_2,
2440 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]2441 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2442 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2443 256,
2444 256,
2445 },
2446
2447 /* Cipher C031 */
2448 {
2449 1,
2450 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2451 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2452 SSL_kECDHr,
2453 SSL_aECDH,
2454 SSL_AES128GCM,
2455 SSL_AEAD,
2456 SSL_TLSV1_2,
2457 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]2458 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2459 128,
2460 128,
2461 },
2462
2463 /* Cipher C032 */
2464 {
2465 1,
2466 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2467 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2468 SSL_kECDHr,
2469 SSL_aECDH,
2470 SSL_AES256GCM,
2471 SSL_AEAD,
2472 SSL_TLSV1_2,
2473 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
Adam Langley5c270c52014-06-20 12:00:00 -0700[diff] [blame]2474 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2475 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2476 256,
2477 256,
2478 },
2479
Adam Langleyc26c8022014-06-20 12:00:00 -0700[diff] [blame]2480#ifndef OPENSSL_NO_PSK
2481 /* ECDH PSK ciphersuites */
2482 /* Cipher CAFE */
2483 {
2484 1,
2485 TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
2486 TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
2487 SSL_kEECDH,
2488 SSL_aPSK,
2489 SSL_AES128GCM,
2490 SSL_AEAD,
2491 SSL_TLSV1_2,
2492 SSL_NOT_EXP|SSL_HIGH,
2493 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
2494 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
2495 128,
2496 128,
2497 },
2498#endif /* OPENSSL_NO_PSK */
2499
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2500#endif /* OPENSSL_NO_ECDH */
2501
2502
2503#ifdef TEMP_GOST_TLS
2504/* Cipher FF00 */
2505 {
2506 1,
2507 "GOST-MD5",
2508 0x0300ff00,
2509 SSL_kRSA,
2510 SSL_aRSA,
2511 SSL_eGOST2814789CNT,
2512 SSL_MD5,
2513 SSL_TLSV1,
2514 SSL_NOT_EXP|SSL_HIGH,
2515 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2516 256,
2517 256,
2518 },
2519 {
2520 1,
2521 "GOST-GOST94",
2522 0x0300ff01,
2523 SSL_kRSA,
2524 SSL_aRSA,
2525 SSL_eGOST2814789CNT,
2526 SSL_GOST94,
2527 SSL_TLSV1,
2528 SSL_NOT_EXP|SSL_HIGH,
2529 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2530 256,
2531 256
2532 },
2533 {
2534 1,
2535 "GOST-GOST89MAC",
2536 0x0300ff02,
2537 SSL_kRSA,
2538 SSL_aRSA,
2539 SSL_eGOST2814789CNT,
2540 SSL_GOST89MAC,
2541 SSL_TLSV1,
2542 SSL_NOT_EXP|SSL_HIGH,
2543 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2544 256,
2545 256
2546 },
2547 {
2548 1,
2549 "GOST-GOST89STREAM",
2550 0x0300ff03,
2551 SSL_kRSA,
2552 SSL_aRSA,
2553 SSL_eGOST2814789CNT,
2554 SSL_GOST89MAC,
2555 SSL_TLSV1,
2556 SSL_NOT_EXP|SSL_HIGH,
2557 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2558 256,
2559 256
2560 },
2561#endif
2562
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]2563 {
2564 1,
2565 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2566 TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
2567 SSL_kEECDH,
2568 SSL_aRSA,
2569 SSL_CHACHA20POLY1305,
2570 SSL_AEAD,
2571 SSL_TLSV1_2,
2572 SSL_NOT_EXP|SSL_HIGH,
2573 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
2574 256,
2575 0,
2576 },
2577
2578 {
2579 1,
2580 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2581 TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
2582 SSL_kEECDH,
2583 SSL_aECDSA,
2584 SSL_CHACHA20POLY1305,
2585 SSL_AEAD,
2586 SSL_TLSV1_2,
2587 SSL_NOT_EXP|SSL_HIGH,
2588 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
2589 256,
2590 0,
2591 },
2592
2593 {
2594 1,
2595 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2596 TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
2597 SSL_kEDH,
2598 SSL_aRSA,
2599 SSL_CHACHA20POLY1305,
2600 SSL_AEAD,
2601 SSL_TLSV1_2,
2602 SSL_NOT_EXP|SSL_HIGH,
2603 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
2604 256,
2605 0,
2606 },
2607
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2608/* end of list */
2609 };
2610
2611SSL3_ENC_METHOD SSLv3_enc_data={
2612 ssl3_enc,
2613 n_ssl3_mac,
2614 ssl3_setup_key_block,
2615 ssl3_generate_master_secret,
2616 ssl3_change_cipher_state,
2617 ssl3_final_finish_mac,
2618 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2619 ssl3_cert_verify_mac,
2620 SSL3_MD_CLIENT_FINISHED_CONST,4,
2621 SSL3_MD_SERVER_FINISHED_CONST,4,
2622 ssl3_alert_code,
2623 (int (*)(SSL *, unsigned char *, size_t, const char *,
2624 size_t, const unsigned char *, size_t,
2625 int use_context))ssl_undefined_function,
2626 0,
2627 SSL3_HM_HEADER_LENGTH,
2628 ssl3_set_handshake_header,
2629 ssl3_handshake_write
2630 };
2631
2632long ssl3_default_timeout(void)
2633 {
2634 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2635 * is way too long for http, the cache would over fill */
2636 return(60*60*2);
2637 }
2638
2639int ssl3_num_ciphers(void)
2640 {
2641 return(SSL3_NUM_CIPHERS);
2642 }
2643
2644const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2645 {
2646 if (u < SSL3_NUM_CIPHERS)
2647 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2648 else
2649 return(NULL);
2650 }
2651
2652int ssl3_pending(const SSL *s)
2653 {
2654 if (s->rstate == SSL_ST_READ_BODY)
2655 return 0;
2656
2657 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2658 }
2659
2660void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2661 {
2662 unsigned char *p = (unsigned char *)s->init_buf->data;
2663 *(p++) = htype;
2664 l2n3(len, p);
2665 s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2666 s->init_off = 0;
2667 }
2668
2669int ssl3_handshake_write(SSL *s)
2670 {
2671 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2672 }
2673
2674int ssl3_new(SSL *s)
2675 {
2676 SSL3_STATE *s3;
2677
2678 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2679 memset(s3,0,sizeof *s3);
2680 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2681 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2682
2683 s->s3=s3;
2684
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]2685 s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled;
2686 if (s->ctx->tlsext_channel_id_private)
2687 s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2688 s->method->ssl_clear(s);
2689 return(1);
2690err:
2691 return(0);
2692 }
2693
2694void ssl3_free(SSL *s)
2695 {
2696 if(s == NULL)
2697 return;
2698
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2699 ssl3_cleanup_key_block(s);
2700 if (s->s3->rbuf.buf != NULL)
2701 ssl3_release_read_buffer(s);
2702 if (s->s3->wbuf.buf != NULL)
2703 ssl3_release_write_buffer(s);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2704#ifndef OPENSSL_NO_DH
2705 if (s->s3->tmp.dh != NULL)
2706 DH_free(s->s3->tmp.dh);
2707#endif
2708#ifndef OPENSSL_NO_ECDH
2709 if (s->s3->tmp.ecdh != NULL)
2710 EC_KEY_free(s->s3->tmp.ecdh);
2711#endif
2712
2713 if (s->s3->tmp.ca_names != NULL)
2714 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]2715 if (s->s3->tmp.certificate_types != NULL)
2716 OPENSSL_free(s->s3->tmp.certificate_types);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2717 if (s->s3->handshake_buffer) {
2718 BIO_free(s->s3->handshake_buffer);
2719 }
2720 if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2721 if (s->s3->alpn_selected)
2722 OPENSSL_free(s->s3->alpn_selected);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2723
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2724 OPENSSL_cleanse(s->s3,sizeof *s->s3);
2725 OPENSSL_free(s->s3);
2726 s->s3=NULL;
2727 }
2728
2729void ssl3_clear(SSL *s)
2730 {
2731 unsigned char *rp,*wp;
2732 size_t rlen, wlen;
2733 int init_extra;
2734
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2735 ssl3_cleanup_key_block(s);
2736 if (s->s3->tmp.ca_names != NULL)
2737 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]2738 if (s->s3->tmp.certificate_types != NULL)
2739 OPENSSL_free(s->s3->tmp.certificate_types);
2740 s->s3->tmp.num_certificate_types = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2741
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2742#ifndef OPENSSL_NO_DH
2743 if (s->s3->tmp.dh != NULL)
2744 {
2745 DH_free(s->s3->tmp.dh);
2746 s->s3->tmp.dh = NULL;
2747 }
2748#endif
2749#ifndef OPENSSL_NO_ECDH
2750 if (s->s3->tmp.ecdh != NULL)
2751 {
2752 EC_KEY_free(s->s3->tmp.ecdh);
2753 s->s3->tmp.ecdh = NULL;
2754 }
2755#endif
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2756 rp = s->s3->rbuf.buf;
2757 wp = s->s3->wbuf.buf;
2758 rlen = s->s3->rbuf.len;
2759 wlen = s->s3->wbuf.len;
2760 init_extra = s->s3->init_extra;
2761 if (s->s3->handshake_buffer) {
2762 BIO_free(s->s3->handshake_buffer);
2763 s->s3->handshake_buffer = NULL;
2764 }
2765 if (s->s3->handshake_dgst) {
2766 ssl3_free_digest_list(s);
2767 }
2768
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2769 if (s->s3->alpn_selected)
2770 {
2771 free(s->s3->alpn_selected);
2772 s->s3->alpn_selected = NULL;
2773 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2774 memset(s->s3,0,sizeof *s->s3);
2775 s->s3->rbuf.buf = rp;
2776 s->s3->wbuf.buf = wp;
2777 s->s3->rbuf.len = rlen;
2778 s->s3->wbuf.len = wlen;
2779 s->s3->init_extra = init_extra;
2780
2781 ssl_free_wbio_buffer(s);
2782
2783 s->packet_length=0;
2784 s->s3->renegotiate=0;
2785 s->s3->total_renegotiations=0;
2786 s->s3->num_renegotiations=0;
2787 s->s3->in_read_app_data=0;
2788 s->version=SSL3_VERSION;
2789
David Benjamin6dbd73d2014-07-03 15:59:49 -0400[diff] [blame]2790#if !defined(OPENSSL_NO_NEXTPROTONEG)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2791 if (s->next_proto_negotiated)
2792 {
2793 OPENSSL_free(s->next_proto_negotiated);
2794 s->next_proto_negotiated = NULL;
2795 s->next_proto_negotiated_len = 0;
2796 }
2797#endif
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]2798
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]2799 s->s3->tlsext_channel_id_valid = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2800 }
2801
2802static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
2803
2804long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2805 {
2806 int ret=0;
2807
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2808 if (
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2809 cmd == SSL_CTRL_SET_TMP_RSA ||
2810 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2811#ifndef OPENSSL_NO_DSA
2812 cmd == SSL_CTRL_SET_TMP_DH ||
2813 cmd == SSL_CTRL_SET_TMP_DH_CB ||
2814#endif
2815 0)
2816 {
2817 if (!ssl_cert_inst(&s->cert))
2818 {
2819 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_MALLOC_FAILURE);
2820 return(0);
2821 }
2822 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2823
2824 switch (cmd)
2825 {
2826 case SSL_CTRL_GET_SESSION_REUSED:
2827 ret=s->hit;
2828 break;
2829 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2830 break;
2831 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2832 ret=s->s3->num_renegotiations;
2833 break;
2834 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2835 ret=s->s3->num_renegotiations;
2836 s->s3->num_renegotiations=0;
2837 break;
2838 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2839 ret=s->s3->total_renegotiations;
2840 break;
2841 case SSL_CTRL_GET_FLAGS:
2842 ret=(int)(s->s3->flags);
2843 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2844 case SSL_CTRL_NEED_TMP_RSA:
2845 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2846 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2847 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2848 ret = 1;
2849 break;
2850 case SSL_CTRL_SET_TMP_RSA:
2851 {
2852 RSA *rsa = (RSA *)parg;
2853 if (rsa == NULL)
2854 {
2855 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);
2856 return(ret);
2857 }
2858 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2859 {
2860 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_RSA_LIB);
2861 return(ret);
2862 }
2863 if (s->cert->rsa_tmp != NULL)
2864 RSA_free(s->cert->rsa_tmp);
2865 s->cert->rsa_tmp = rsa;
2866 ret = 1;
2867 }
2868 break;
2869 case SSL_CTRL_SET_TMP_RSA_CB:
2870 {
2871 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2872 return(ret);
2873 }
2874 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2875#ifndef OPENSSL_NO_DH
2876 case SSL_CTRL_SET_TMP_DH:
2877 {
2878 DH *dh = (DH *)parg;
2879 if (dh == NULL)
2880 {
2881 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);
2882 return(ret);
2883 }
2884 if ((dh = DHparams_dup(dh)) == NULL)
2885 {
2886 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB);
2887 return(ret);
2888 }
2889 if (!(s->options & SSL_OP_SINGLE_DH_USE))
2890 {
2891 if (!DH_generate_key(dh))
2892 {
2893 DH_free(dh);
2894 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB);
2895 return(ret);
2896 }
2897 }
2898 if (s->cert->dh_tmp != NULL)
2899 DH_free(s->cert->dh_tmp);
2900 s->cert->dh_tmp = dh;
2901 ret = 1;
2902 }
2903 break;
2904 case SSL_CTRL_SET_TMP_DH_CB:
2905 {
2906 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2907 return(ret);
2908 }
2909 break;
2910#endif
2911#ifndef OPENSSL_NO_ECDH
2912 case SSL_CTRL_SET_TMP_ECDH:
2913 {
2914 EC_KEY *ecdh = NULL;
2915
2916 if (parg == NULL)
2917 {
2918 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);
2919 return(ret);
2920 }
2921 if (!EC_KEY_up_ref((EC_KEY *)parg))
2922 {
2923 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB);
2924 return(ret);
2925 }
2926 ecdh = (EC_KEY *)parg;
2927 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2928 {
2929 if (!EC_KEY_generate_key(ecdh))
2930 {
2931 EC_KEY_free(ecdh);
2932 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_ECDH_LIB);
2933 return(ret);
2934 }
2935 }
2936 if (s->cert->ecdh_tmp != NULL)
2937 EC_KEY_free(s->cert->ecdh_tmp);
2938 s->cert->ecdh_tmp = ecdh;
2939 ret = 1;
2940 }
2941 break;
2942 case SSL_CTRL_SET_TMP_ECDH_CB:
2943 {
2944 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2945 return(ret);
2946 }
2947 break;
2948#endif /* !OPENSSL_NO_ECDH */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2949 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2950 if (larg == TLSEXT_NAMETYPE_host_name)
2951 {
2952 if (s->tlsext_hostname != NULL)
2953 OPENSSL_free(s->tlsext_hostname);
2954 s->tlsext_hostname = NULL;
2955
2956 ret = 1;
2957 if (parg == NULL)
2958 break;
2959 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2960 {
2961 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2962 return 0;
2963 }
2964 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2965 {
2966 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_INTERNAL_ERROR);
2967 return 0;
2968 }
2969 }
2970 else
2971 {
2972 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2973 return 0;
2974 }
2975 break;
2976 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2977 s->tlsext_debug_arg=parg;
2978 ret = 1;
2979 break;
2980
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2981 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2982 s->tlsext_status_type=larg;
2983 ret = 1;
2984 break;
2985
2986 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2987 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2988 ret = 1;
2989 break;
2990
2991 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2992 s->tlsext_ocsp_exts = parg;
2993 ret = 1;
2994 break;
2995
2996 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2997 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2998 ret = 1;
2999 break;
3000
3001 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3002 s->tlsext_ocsp_ids = parg;
3003 ret = 1;
3004 break;
3005
3006 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3007 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3008 return s->tlsext_ocsp_resplen;
3009
3010 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3011 if (s->tlsext_ocsp_resp)
3012 OPENSSL_free(s->tlsext_ocsp_resp);
3013 s->tlsext_ocsp_resp = parg;
3014 s->tlsext_ocsp_resplen = larg;
3015 ret = 1;
3016 break;
3017
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3018
3019 case SSL_CTRL_CHAIN:
3020 if (larg)
3021 return ssl_cert_set1_chain(s->cert,
3022 (STACK_OF (X509) *)parg);
3023 else
3024 return ssl_cert_set0_chain(s->cert,
3025 (STACK_OF (X509) *)parg);
3026
3027 case SSL_CTRL_CHAIN_CERT:
3028 if (larg)
3029 return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);
3030 else
3031 return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
3032
3033 case SSL_CTRL_GET_CHAIN_CERTS:
3034 *(STACK_OF(X509) **)parg = s->cert->key->chain;
3035 break;
3036
3037 case SSL_CTRL_SELECT_CURRENT_CERT:
3038 return ssl_cert_select_current(s->cert, (X509 *)parg);
3039
3040#ifndef OPENSSL_NO_EC
3041 case SSL_CTRL_GET_CURVES:
3042 {
David Benjamin072334d2014-07-13 16:24:27 -0400[diff] [blame^]3043 const uint16_t *clist;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3044 size_t clistlen;
3045 if (!s->session)
3046 return 0;
3047 clist = s->session->tlsext_ellipticcurvelist;
David Benjamin072334d2014-07-13 16:24:27 -0400[diff] [blame^]3048 clistlen = s->session->tlsext_ellipticcurvelist_length;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3049 if (parg)
3050 {
3051 size_t i;
3052 int *cptr = parg;
David Benjamin072334d2014-07-13 16:24:27 -0400[diff] [blame^]3053 int nid;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3054 for (i = 0; i < clistlen; i++)
3055 {
David Benjamin072334d2014-07-13 16:24:27 -0400[diff] [blame^]3056 nid = tls1_ec_curve_id2nid(clist[i]);
3057 if (nid != OBJ_undef)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3058 cptr[i] = nid;
3059 else
David Benjamin072334d2014-07-13 16:24:27 -0400[diff] [blame^]3060 cptr[i] = TLSEXT_nid_unknown | clist[i];
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3061 }
3062 }
3063 return (int)clistlen;
3064 }
3065
3066 case SSL_CTRL_SET_CURVES:
3067 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3068 &s->tlsext_ellipticcurvelist_length,
3069 parg, larg);
3070
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3071 case SSL_CTRL_SET_ECDH_AUTO:
3072 s->cert->ecdh_tmp_auto = larg;
3073 return 1;
3074#endif
3075 case SSL_CTRL_SET_SIGALGS:
3076 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3077
3078 case SSL_CTRL_SET_CLIENT_SIGALGS:
3079 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3080
3081 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3082 {
3083 const unsigned char **pctype = parg;
3084 if (s->server || !s->s3->tmp.cert_req)
3085 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3086 if (pctype)
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]3087 *pctype = s->s3->tmp.certificate_types;
3088 return (int)s->s3->tmp.num_certificate_types;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3089 }
3090
3091 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3092 if (!s->server)
3093 return 0;
3094 return ssl3_set_req_cert_type(s->cert, parg, larg);
3095
3096 case SSL_CTRL_BUILD_CERT_CHAIN:
3097 return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);
3098
3099 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3100 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3101
3102 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3103 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3104
3105 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3106 if (SSL_USE_SIGALGS(s))
3107 {
3108 if (s->session && s->session->sess_cert)
3109 {
3110 const EVP_MD *sig;
3111 sig = s->session->sess_cert->peer_key->digest;
3112 if (sig)
3113 {
3114 *(int *)parg = EVP_MD_type(sig);
3115 return 1;
3116 }
3117 }
3118 return 0;
3119 }
3120 /* Might want to do something here for other versions */
3121 else
3122 return 0;
3123
3124 case SSL_CTRL_GET_SERVER_TMP_KEY:
3125 if (s->server || !s->session || !s->session->sess_cert)
3126 return 0;
3127 else
3128 {
3129 SESS_CERT *sc;
3130 EVP_PKEY *ptmp;
3131 int rv = 0;
3132 sc = s->session->sess_cert;
3133#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
3134 if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
3135 && !sc->peer_ecdh_tmp)
3136 return 0;
3137#endif
3138 ptmp = EVP_PKEY_new();
3139 if (!ptmp)
3140 return 0;
3141 if (0);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3142 else if (sc->peer_rsa_tmp)
3143 rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3144#ifndef OPENSSL_NO_DH
3145 else if (sc->peer_dh_tmp)
3146 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
3147#endif
3148#ifndef OPENSSL_NO_ECDH
3149 else if (sc->peer_ecdh_tmp)
3150 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
3151#endif
3152 if (rv)
3153 {
3154 *(EVP_PKEY **)parg = ptmp;
3155 return 1;
3156 }
3157 EVP_PKEY_free(ptmp);
3158 return 0;
3159 }
3160#ifndef OPENSSL_NO_EC
3161 case SSL_CTRL_GET_EC_POINT_FORMATS:
3162 {
3163 SSL_SESSION *sess = s->session;
3164 const unsigned char **pformat = parg;
3165 if (!sess || !sess->tlsext_ecpointformatlist)
3166 return 0;
3167 *pformat = sess->tlsext_ecpointformatlist;
3168 return (int)sess->tlsext_ecpointformatlist_length;
3169 }
3170#endif
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]3171
3172 case SSL_CTRL_CHANNEL_ID:
3173 s->tlsext_channel_id_enabled = 1;
3174 ret = 1;
3175 break;
3176
3177 case SSL_CTRL_SET_CHANNEL_ID:
3178 if (s->server)
3179 break;
3180 s->tlsext_channel_id_enabled = 1;
3181 if (EVP_PKEY_bits(parg) != 256)
3182 {
3183 OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
3184 break;
3185 }
3186 if (s->tlsext_channel_id_private)
3187 EVP_PKEY_free(s->tlsext_channel_id_private);
3188 s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
3189 ret = 1;
3190 break;
3191
3192 case SSL_CTRL_GET_CHANNEL_ID:
3193 if (!s->server)
3194 break;
3195 if (!s->s3->tlsext_channel_id_valid)
3196 break;
3197 memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
3198 return 64;
3199
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]3200 case SSL_CTRL_FALLBACK_SCSV:
3201 if (s->server)
3202 break;
3203 s->fallback_scsv = 1;
3204 ret = 1;
3205 break;
3206
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3207 default:
3208 break;
3209 }
3210 return(ret);
3211 }
3212
3213long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3214 {
3215 int ret=0;
3216
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3217 if (
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3218 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3219#ifndef OPENSSL_NO_DSA
3220 cmd == SSL_CTRL_SET_TMP_DH_CB ||
3221#endif
3222 0)
3223 {
3224 if (!ssl_cert_inst(&s->cert))
3225 {
3226 OPENSSL_PUT_ERROR(SSL, ssl3_callback_ctrl, ERR_R_MALLOC_FAILURE);
3227 return(0);
3228 }
3229 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3230
3231 switch (cmd)
3232 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3233 case SSL_CTRL_SET_TMP_RSA_CB:
3234 {
3235 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3236 }
3237 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3238#ifndef OPENSSL_NO_DH
3239 case SSL_CTRL_SET_TMP_DH_CB:
3240 {
3241 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3242 }
3243 break;
3244#endif
3245#ifndef OPENSSL_NO_ECDH
3246 case SSL_CTRL_SET_TMP_ECDH_CB:
3247 {
3248 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3249 }
3250 break;
3251#endif
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3252 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3253 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
3254 unsigned char *, int, void *))fp;
3255 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3256 default:
3257 break;
3258 }
3259 return(ret);
3260 }
3261
3262long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3263 {
3264 CERT *cert;
3265
3266 cert=ctx->cert;
3267
3268 switch (cmd)
3269 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3270 case SSL_CTRL_NEED_TMP_RSA:
3271 if ( (cert->rsa_tmp == NULL) &&
3272 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3273 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
3274 )
3275 return(1);
3276 else
3277 return(0);
3278 /* break; */
3279 case SSL_CTRL_SET_TMP_RSA:
3280 {
3281 RSA *rsa;
3282 int i;
3283
3284 rsa=(RSA *)parg;
3285 i=1;
3286 if (rsa == NULL)
3287 i=0;
3288 else
3289 {
3290 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
3291 i=0;
3292 }
3293 if (!i)
3294 {
3295 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_RSA_LIB);
3296 return(0);
3297 }
3298 else
3299 {
3300 if (cert->rsa_tmp != NULL)
3301 RSA_free(cert->rsa_tmp);
3302 cert->rsa_tmp=rsa;
3303 return(1);
3304 }
3305 }
3306 /* break; */
3307 case SSL_CTRL_SET_TMP_RSA_CB:
3308 {
3309 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3310 return(0);
3311 }
3312 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3313#ifndef OPENSSL_NO_DH
3314 case SSL_CTRL_SET_TMP_DH:
3315 {
3316 DH *new=NULL,*dh;
3317
3318 dh=(DH *)parg;
3319 if ((new=DHparams_dup(dh)) == NULL)
3320 {
3321 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
3322 return 0;
3323 }
3324 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3325 {
3326 if (!DH_generate_key(new))
3327 {
3328 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
3329 DH_free(new);
3330 return 0;
3331 }
3332 }
3333 if (cert->dh_tmp != NULL)
3334 DH_free(cert->dh_tmp);
3335 cert->dh_tmp=new;
3336 return 1;
3337 }
3338 /*break; */
3339 case SSL_CTRL_SET_TMP_DH_CB:
3340 {
3341 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3342 return(0);
3343 }
3344 break;
3345#endif
3346#ifndef OPENSSL_NO_ECDH
3347 case SSL_CTRL_SET_TMP_ECDH:
3348 {
3349 EC_KEY *ecdh = NULL;
3350
3351 if (parg == NULL)
3352 {
3353 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB);
3354 return 0;
3355 }
3356 ecdh = EC_KEY_dup((EC_KEY *)parg);
3357 if (ecdh == NULL)
3358 {
3359 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_EC_LIB);
3360 return 0;
3361 }
3362 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
3363 {
3364 if (!EC_KEY_generate_key(ecdh))
3365 {
3366 EC_KEY_free(ecdh);
3367 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_ECDH_LIB);
3368 return 0;
3369 }
3370 }
3371
3372 if (cert->ecdh_tmp != NULL)
3373 {
3374 EC_KEY_free(cert->ecdh_tmp);
3375 }
3376 cert->ecdh_tmp = ecdh;
3377 return 1;
3378 }
3379 /* break; */
3380 case SSL_CTRL_SET_TMP_ECDH_CB:
3381 {
3382 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3383 return(0);
3384 }
3385 break;
3386#endif /* !OPENSSL_NO_ECDH */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3387 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3388 ctx->tlsext_servername_arg=parg;
3389 break;
3390 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3391 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3392 {
3393 unsigned char *keys = parg;
3394 if (!keys)
3395 return 48;
3396 if (larg != 48)
3397 {
3398 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3399 return 0;
3400 }
3401 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3402 {
3403 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3404 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3405 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3406 }
3407 else
3408 {
3409 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3410 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3411 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3412 }
3413 return 1;
3414 }
3415
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3416 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3417 ctx->tlsext_status_arg=parg;
3418 return 1;
3419 break;
3420
3421#ifndef OPENSSL_NO_EC
3422 case SSL_CTRL_SET_CURVES:
3423 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3424 &ctx->tlsext_ellipticcurvelist_length,
3425 parg, larg);
3426
3427 case SSL_CTRL_SET_ECDH_AUTO:
3428 ctx->cert->ecdh_tmp_auto = larg;
3429 return 1;
3430#endif
3431 case SSL_CTRL_SET_SIGALGS:
3432 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3433
3434 case SSL_CTRL_SET_CLIENT_SIGALGS:
3435 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3436
3437 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3438 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3439
3440 case SSL_CTRL_BUILD_CERT_CHAIN:
3441 return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);
3442
3443 case SSL_CTRL_SET_VERIFY_CERT_STORE:
3444 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3445
3446 case SSL_CTRL_SET_CHAIN_CERT_STORE:
3447 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3448
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3449
3450 /* A Thawte special :-) */
3451 case SSL_CTRL_EXTRA_CHAIN_CERT:
3452 if (ctx->extra_certs == NULL)
3453 {
3454 if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
3455 return(0);
3456 }
3457 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3458 break;
3459
3460 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
Adam Langleyb6333d62014-06-20 12:00:00 -0700[diff] [blame]3461 if (ctx->extra_certs == NULL && larg == 0)
3462 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3463 else
3464 *(STACK_OF(X509) **)parg = ctx->extra_certs;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3465 break;
3466
3467 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3468 if (ctx->extra_certs)
3469 {
3470 sk_X509_pop_free(ctx->extra_certs, X509_free);
3471 ctx->extra_certs = NULL;
3472 }
3473 break;
3474
3475 case SSL_CTRL_CHAIN:
3476 if (larg)
3477 return ssl_cert_set1_chain(ctx->cert,
3478 (STACK_OF (X509) *)parg);
3479 else
3480 return ssl_cert_set0_chain(ctx->cert,
3481 (STACK_OF (X509) *)parg);
3482
3483 case SSL_CTRL_CHAIN_CERT:
3484 if (larg)
3485 return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);
3486 else
3487 return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
3488
3489 case SSL_CTRL_GET_CHAIN_CERTS:
3490 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3491 break;
3492
3493 case SSL_CTRL_SELECT_CURRENT_CERT:
3494 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3495
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]3496 case SSL_CTRL_CHANNEL_ID:
3497 /* must be called on a server */
3498 if (ctx->method->ssl_accept == ssl_undefined_function)
3499 return 0;
3500 ctx->tlsext_channel_id_enabled=1;
3501 return 1;
3502
3503 case SSL_CTRL_SET_CHANNEL_ID:
3504 ctx->tlsext_channel_id_enabled = 1;
3505 if (EVP_PKEY_bits(parg) != 256)
3506 {
3507 OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
3508 break;
3509 }
3510 if (ctx->tlsext_channel_id_private)
3511 EVP_PKEY_free(ctx->tlsext_channel_id_private);
3512 ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
3513 break;
3514
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3515 default:
3516 return(0);
3517 }
3518 return(1);
3519 }
3520
3521long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3522 {
3523 CERT *cert;
3524
3525 cert=ctx->cert;
3526
3527 switch (cmd)
3528 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3529 case SSL_CTRL_SET_TMP_RSA_CB:
3530 {
3531 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3532 }
3533 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3534#ifndef OPENSSL_NO_DH
3535 case SSL_CTRL_SET_TMP_DH_CB:
3536 {
3537 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3538 }
3539 break;
3540#endif
3541#ifndef OPENSSL_NO_ECDH
3542 case SSL_CTRL_SET_TMP_ECDH_CB:
3543 {
3544 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3545 }
3546 break;
3547#endif
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3548 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3549 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
3550 break;
3551
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3552 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3553 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
3554 break;
3555
3556 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3557 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
3558 unsigned char *,
3559 EVP_CIPHER_CTX *,
3560 HMAC_CTX *, int))fp;
3561 break;
3562
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3563 default:
3564 return(0);
3565 }
3566 return(1);
3567 }
3568
3569/* This function needs to check if the ciphers required are actually
3570 * available */
3571const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3572 {
3573 SSL_CIPHER c;
3574 const SSL_CIPHER *cp;
3575 unsigned long id;
3576
3577 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
3578 c.id=id;
3579 cp = bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER), ssl_cipher_id_cmp);
3580#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3581if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3582#endif
3583 return cp;
3584 }
3585
3586int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3587 {
3588 long l;
3589
3590 if (p != NULL)
3591 {
3592 l=c->id;
3593 if ((l & 0xff000000) != 0x03000000) return(0);
3594 p[0]=((unsigned char)(l>> 8L))&0xFF;
3595 p[1]=((unsigned char)(l ))&0xFF;
3596 }
3597 return(2);
3598 }
3599
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3600struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s)
3601 {
3602 if (s->cipher_list != NULL)
3603 return(s->cipher_list);
3604
3605 if (s->version >= TLS1_1_VERSION)
3606 {
3607 if (s->ctx != NULL && s->ctx->cipher_list_tls11 != NULL)
3608 return s->ctx->cipher_list_tls11;
3609 }
3610
3611 if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL))
3612 return(s->ctx->cipher_list);
3613
3614 return NULL;
3615 }
3616
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3617SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3618 struct ssl_cipher_preference_list_st *server_pref)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3619 {
3620 SSL_CIPHER *c,*ret=NULL;
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3621 STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3622 int i,ok;
3623 size_t cipher_index;
3624 CERT *cert;
3625 unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3626 /* in_group_flags will either be NULL, or will point to an array of
3627 * bytes which indicate equal-preference groups in the |prio| stack.
3628 * See the comment about |in_group_flags| in the
3629 * |ssl_cipher_preference_list_st| struct. */
3630 const unsigned char *in_group_flags;
3631 /* group_min contains the minimal index so far found in a group, or -1
3632 * if no such value exists yet. */
3633 int group_min = -1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3634
3635 /* Let's see which ciphers we can support */
3636 cert=s->cert;
3637
3638#if 0
3639 /* Do not set the compare functions, because this may lead to a
3640 * reordering by "id". We want to keep the original ordering.
3641 * We may pay a price in performance during sk_SSL_CIPHER_find(),
3642 * but would have to pay with the price of sk_SSL_CIPHER_dup().
3643 */
3644 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3645 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3646#endif
3647
3648#ifdef CIPHER_DEBUG
3649 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3650 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
3651 {
3652 c=sk_SSL_CIPHER_value(srvr,i);
3653 printf("%p:%s\n",(void *)c,c->name);
3654 }
3655 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3656 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
3657 {
3658 c=sk_SSL_CIPHER_value(clnt,i);
3659 printf("%p:%s\n",(void *)c,c->name);
3660 }
3661#endif
3662
3663 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s))
3664 {
3665 prio = srvr;
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3666 in_group_flags = server_pref->in_group_flags;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3667 allow = clnt;
3668 }
3669 else
3670 {
3671 prio = clnt;
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3672 in_group_flags = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3673 allow = srvr;
3674 }
3675
3676 tls1_set_cert_validity(s);
3677
3678 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
3679 {
3680 c=sk_SSL_CIPHER_value(prio,i);
3681
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3682 ok = 1;
3683
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3684 /* Skip TLS v1.2 only ciphersuites if not supported */
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3685 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3686 !SSL_USE_TLS1_2_CIPHERS(s))
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3687 ok = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3688
3689 ssl_set_cert_masks(cert,c);
3690 mask_k = cert->mask_k;
3691 mask_a = cert->mask_a;
3692 emask_k = cert->export_mask_k;
3693 emask_a = cert->export_mask_a;
3694
3695#ifdef KSSL_DEBUG
3696/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3697#endif /* KSSL_DEBUG */
3698
3699 alg_k=c->algorithm_mkey;
3700 alg_a=c->algorithm_auth;
3701
3702#ifndef OPENSSL_NO_PSK
3703 /* with PSK there must be server callback set */
Adam Langleyc26c8022014-06-20 12:00:00 -0700[diff] [blame]3704 if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL)
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3705 ok = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3706#endif /* OPENSSL_NO_PSK */
3707
3708 if (SSL_C_IS_EXPORT(c))
3709 {
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3710 ok = ok && (alg_k & emask_k) && (alg_a & emask_a);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3711#ifdef CIPHER_DEBUG
3712 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
3713 (void *)c,c->name);
3714#endif
3715 }
3716 else
3717 {
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3718 ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3719#ifdef CIPHER_DEBUG
3720 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
3721 c->name);
3722#endif
3723 }
3724
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3725#ifndef OPENSSL_NO_EC
3726 /* if we are considering an ECC cipher suite that uses
3727 * an ephemeral EC key check it */
3728 if (alg_k & SSL_kEECDH)
3729 ok = ok && tls1_check_ec_tmp_key(s, c->id);
3730#endif /* OPENSSL_NO_EC */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3731
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3732 if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3733 {
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3734 if (in_group_flags != NULL && in_group_flags[i] == 1)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3735 {
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3736 /* This element of |prio| is in a group. Update
3737 * the minimum index found so far and continue
3738 * looking. */
3739 if (group_min == -1 || group_min > cipher_index)
3740 group_min = cipher_index;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3741 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]3742 else
3743 {
3744 if (group_min != -1 && group_min < cipher_index)
3745 cipher_index = group_min;
3746 ret=sk_SSL_CIPHER_value(allow,cipher_index);
3747 break;
3748 }
3749 }
3750
3751 if (in_group_flags != NULL &&
3752 in_group_flags[i] == 0 &&
3753 group_min != -1)
3754 {
3755 /* We are about to leave a group, but we found a match
3756 * in it, so that's our answer. */
3757 ret=sk_SSL_CIPHER_value(allow,group_min);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3758 break;
3759 }
3760 }
3761 return(ret);
3762 }
3763
3764int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3765 {
3766 int ret=0;
3767 const unsigned char *sig;
3768 size_t i, siglen;
3769 int have_rsa_sign = 0, have_dsa_sign = 0;
3770#ifndef OPENSSL_NO_ECDSA
3771 int have_ecdsa_sign = 0;
3772#endif
3773 int nostrict = 1;
3774 unsigned long alg_k;
3775
3776 /* If we have custom certificate types set, use them */
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]3777 if (s->cert->client_certificate_types)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3778 {
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]3779 memcpy(p, s->cert->client_certificate_types,
3780 s->cert->num_client_certificate_types);
3781 return (int)s->cert->num_client_certificate_types;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3782 }
3783 /* get configured sigalgs */
3784 siglen = tls12_get_psigalgs(s, &sig);
3785 if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
3786 nostrict = 0;
3787 for (i = 0; i < siglen; i+=2, sig+=2)
3788 {
3789 switch(sig[1])
3790 {
3791 case TLSEXT_signature_rsa:
3792 have_rsa_sign = 1;
3793 break;
3794
3795 case TLSEXT_signature_dsa:
3796 have_dsa_sign = 1;
3797 break;
3798#ifndef OPENSSL_NO_ECDSA
3799 case TLSEXT_signature_ecdsa:
3800 have_ecdsa_sign = 1;
3801 break;
3802#endif
3803 }
3804 }
3805
3806 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3807
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3808#ifndef OPENSSL_NO_DH
3809 if (alg_k & (SSL_kDHr|SSL_kEDH))
3810 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3811 /* Since this refers to a certificate signed with an RSA
3812 * algorithm, only check for rsa signing in strict mode.
3813 */
3814 if (nostrict || have_rsa_sign)
3815 p[ret++]=SSL3_CT_RSA_FIXED_DH;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3816# ifndef OPENSSL_NO_DSA
3817 if (nostrict || have_dsa_sign)
3818 p[ret++]=SSL3_CT_DSS_FIXED_DH;
3819# endif
3820 }
3821 if ((s->version == SSL3_VERSION) &&
3822 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
3823 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3824 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3825# ifndef OPENSSL_NO_DSA
3826 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
3827# endif
3828 }
3829#endif /* !OPENSSL_NO_DH */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3830 if (have_rsa_sign)
3831 p[ret++]=SSL3_CT_RSA_SIGN;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3832#ifndef OPENSSL_NO_DSA
3833 if (have_dsa_sign)
3834 p[ret++]=SSL3_CT_DSS_SIGN;
3835#endif
3836#ifndef OPENSSL_NO_ECDH
3837 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
3838 {
3839 if (nostrict || have_rsa_sign)
3840 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
3841 if (nostrict || have_ecdsa_sign)
3842 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
3843 }
3844#endif
3845
3846#ifndef OPENSSL_NO_ECDSA
3847 /* ECDSA certs can be used with RSA cipher suites as well
3848 * so we don't need to check for SSL_kECDH or SSL_kEECDH
3849 */
3850 if (s->version >= TLS1_VERSION)
3851 {
3852 if (have_ecdsa_sign)
3853 p[ret++]=TLS_CT_ECDSA_SIGN;
3854 }
3855#endif
3856 return(ret);
3857 }
3858
3859static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
3860 {
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]3861 if (c->client_certificate_types)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3862 {
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]3863 OPENSSL_free(c->client_certificate_types);
3864 c->client_certificate_types = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3865 }
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]3866 c->num_client_certificate_types = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3867 if (!p || !len)
3868 return 1;
3869 if (len > 0xff)
3870 return 0;
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]3871 c->client_certificate_types = BUF_memdup(p, len);
3872 if (!c->client_certificate_types)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3873 return 0;
David Benjamin676d1e72014-07-08 14:34:10 -0400[diff] [blame]3874 c->num_client_certificate_types = len;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3875 return 1;
3876 }
3877
3878int ssl3_shutdown(SSL *s)
3879 {
3880 int ret;
3881
3882 /* Don't do anything much if we have not done the handshake or
3883 * we don't want to send messages :-) */
3884 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
3885 {
3886 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3887 return(1);
3888 }
3889
3890 if (!(s->shutdown & SSL_SENT_SHUTDOWN))
3891 {
3892 s->shutdown|=SSL_SENT_SHUTDOWN;
3893#if 1
3894 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
3895#endif
3896 /* our shutdown alert has been sent now, and if it still needs
3897 * to be written, s->s3->alert_dispatch will be true */
3898 if (s->s3->alert_dispatch)
3899 return(-1); /* return WANT_WRITE */
3900 }
3901 else if (s->s3->alert_dispatch)
3902 {
3903 /* resend it if not sent */
3904#if 1
3905 ret=s->method->ssl_dispatch_alert(s);
3906 if(ret == -1)
3907 {
3908 /* we only get to return -1 here the 2nd/Nth
3909 * invocation, we must have already signalled
3910 * return 0 upon a previous invoation,
3911 * return WANT_WRITE */
3912 return(ret);
3913 }
3914#endif
3915 }
3916 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3917 {
3918 /* If we are waiting for a close from our peer, we are closed */
3919 s->method->ssl_read_bytes(s,0,NULL,0,0);
3920 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3921 {
3922 return(-1); /* return WANT_READ */
3923 }
3924 }
3925
3926 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
3927 !s->s3->alert_dispatch)
3928 return(1);
3929 else
3930 return(0);
3931 }
3932
3933int ssl3_write(SSL *s, const void *buf, int len)
3934 {
3935 int ret,n;
3936
3937#if 0
3938 if (s->shutdown & SSL_SEND_SHUTDOWN)
3939 {
3940 s->rwstate=SSL_NOTHING;
3941 return(0);
3942 }
3943#endif
3944 ERR_clear_system_error();
3945 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3946
3947 /* This is an experimental flag that sends the
3948 * last handshake message in the same packet as the first
3949 * use data - used to see if it helps the TCP protocol during
3950 * session-id reuse */
3951 /* The second test is because the buffer may have been removed */
3952 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3953 {
3954 /* First time through, we write into the buffer */
3955 if (s->s3->delay_buf_pop_ret == 0)
3956 {
3957 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3958 buf,len);
3959 if (ret <= 0) return(ret);
3960
3961 s->s3->delay_buf_pop_ret=ret;
3962 }
3963
3964 s->rwstate=SSL_WRITING;
3965 n=BIO_flush(s->wbio);
3966 if (n <= 0) return(n);
3967 s->rwstate=SSL_NOTHING;
3968
3969 /* We have flushed the buffer, so remove it */
3970 ssl_free_wbio_buffer(s);
3971 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
3972
3973 ret=s->s3->delay_buf_pop_ret;
3974 s->s3->delay_buf_pop_ret=0;
3975 }
3976 else
3977 {
3978 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3979 buf,len);
3980 if (ret <= 0) return(ret);
3981 }
3982
3983 return(ret);
3984 }
3985
3986static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3987 {
Adam Langleyadb739e2014-06-20 12:00:00 -0700[diff] [blame]3988 int n,ret;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3989
3990 ERR_clear_system_error();
Adam Langleyadb739e2014-06-20 12:00:00 -0700[diff] [blame]3991 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3992 {
3993 /* Deal with an application that calls SSL_read() when handshake data
3994 * is yet to be written.
3995 */
3996 if (BIO_wpending(s->wbio) > 0)
3997 {
3998 s->rwstate=SSL_WRITING;
3999 n=BIO_flush(s->wbio);
4000 if (n <= 0) return(n);
4001 s->rwstate=SSL_NOTHING;
4002 }
4003 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4004 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4005 s->s3->in_read_app_data=1;
4006 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4007 if ((ret == -1) && (s->s3->in_read_app_data == 2))
4008 {
4009 /* ssl3_read_bytes decided to call s->handshake_func, which
4010 * called ssl3_read_bytes to read handshake data.
4011 * However, ssl3_read_bytes actually found application data
4012 * and thinks that application data makes sense here; so disable
4013 * handshake processing and try to read application data again. */
4014 s->in_handshake++;
4015 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4016 s->in_handshake--;
4017 }
4018 else
4019 s->s3->in_read_app_data=0;
4020
4021 return(ret);
4022 }
4023
4024int ssl3_read(SSL *s, void *buf, int len)
4025 {
4026 return ssl3_read_internal(s, buf, len, 0);
4027 }
4028
4029int ssl3_peek(SSL *s, void *buf, int len)
4030 {
4031 return ssl3_read_internal(s, buf, len, 1);
4032 }
4033
4034int ssl3_renegotiate(SSL *s)
4035 {
4036 if (s->handshake_func == NULL)
4037 return(1);
4038
4039 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4040 return(0);
4041
4042 s->s3->renegotiate=1;
4043 return(1);
4044 }
4045
4046int ssl3_renegotiate_check(SSL *s)
4047 {
4048 int ret=0;
4049
4050 if (s->s3->renegotiate)
4051 {
4052 if ( (s->s3->rbuf.left == 0) &&
4053 (s->s3->wbuf.left == 0) &&
4054 !SSL_in_init(s))
4055 {
4056/*
4057if we are the server, and we have sent a 'RENEGOTIATE' message, we
4058need to go to SSL_ST_ACCEPT.
4059*/
4060 /* SSL_ST_ACCEPT */
4061 s->state=SSL_ST_RENEGOTIATE;
4062 s->s3->renegotiate=0;
4063 s->s3->num_renegotiations++;
4064 s->s3->total_renegotiations++;
4065 ret=1;
4066 }
4067 }
4068 return(ret);
4069 }
4070/* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
4071 * and handshake macs if required.
4072 */
4073long ssl_get_algorithm2(SSL *s)
4074 {
Adam Langley9447dff2014-06-24 17:29:06 -0700[diff] [blame]4075 static const unsigned long kMask = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4076 long alg2 = s->s3->tmp.new_cipher->algorithm2;
4077 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
Adam Langley9447dff2014-06-24 17:29:06 -0700[diff] [blame]4078 && (alg2 & kMask) == kMask)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4079 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4080 return alg2;
4081 }
4082