1 /* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
124 /* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
154 #include <openssl/bn.h>
155 #include <openssl/curve25519.h>
156 #include <openssl/dh.h>
157 #include <openssl/md5.h>
158 #include <openssl/objects.h>
159 #include <openssl/opensslconf.h>
161 #include "bytestring.h"
162 #include "dtls_locl.h"
163 #include "ssl_locl.h"
164 #include "ssl_sigalgs.h"
165 #include "ssl_tlsext.h"
167 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
170 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the
171 * fixed nonce length in algorithms2. It is the inverse of the
172 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.
174 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
176 /* list of available SSLv3 ciphers (sorted by id) */
177 const SSL_CIPHER ssl3_ciphers
[] = {
179 /* The RSA ciphers */
183 .name
= SSL3_TXT_RSA_NULL_MD5
,
184 .id
= SSL3_CK_RSA_NULL_MD5
,
185 .algorithm_mkey
= SSL_kRSA
,
186 .algorithm_auth
= SSL_aRSA
,
187 .algorithm_enc
= SSL_eNULL
,
188 .algorithm_mac
= SSL_MD5
,
189 .algorithm_ssl
= SSL_SSLV3
,
190 .algo_strength
= SSL_STRONG_NONE
,
191 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
199 .name
= SSL3_TXT_RSA_NULL_SHA
,
200 .id
= SSL3_CK_RSA_NULL_SHA
,
201 .algorithm_mkey
= SSL_kRSA
,
202 .algorithm_auth
= SSL_aRSA
,
203 .algorithm_enc
= SSL_eNULL
,
204 .algorithm_mac
= SSL_SHA1
,
205 .algorithm_ssl
= SSL_SSLV3
,
206 .algo_strength
= SSL_STRONG_NONE
,
207 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
215 .name
= SSL3_TXT_RSA_RC4_128_MD5
,
216 .id
= SSL3_CK_RSA_RC4_128_MD5
,
217 .algorithm_mkey
= SSL_kRSA
,
218 .algorithm_auth
= SSL_aRSA
,
219 .algorithm_enc
= SSL_RC4
,
220 .algorithm_mac
= SSL_MD5
,
221 .algorithm_ssl
= SSL_SSLV3
,
222 .algo_strength
= SSL_LOW
,
223 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
224 .strength_bits
= 128,
231 .name
= SSL3_TXT_RSA_RC4_128_SHA
,
232 .id
= SSL3_CK_RSA_RC4_128_SHA
,
233 .algorithm_mkey
= SSL_kRSA
,
234 .algorithm_auth
= SSL_aRSA
,
235 .algorithm_enc
= SSL_RC4
,
236 .algorithm_mac
= SSL_SHA1
,
237 .algorithm_ssl
= SSL_SSLV3
,
238 .algo_strength
= SSL_LOW
,
239 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
240 .strength_bits
= 128,
247 .name
= SSL3_TXT_RSA_DES_192_CBC3_SHA
,
248 .id
= SSL3_CK_RSA_DES_192_CBC3_SHA
,
249 .algorithm_mkey
= SSL_kRSA
,
250 .algorithm_auth
= SSL_aRSA
,
251 .algorithm_enc
= SSL_3DES
,
252 .algorithm_mac
= SSL_SHA1
,
253 .algorithm_ssl
= SSL_SSLV3
,
254 .algo_strength
= SSL_MEDIUM
,
255 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
256 .strength_bits
= 112,
261 * Ephemeral DH (DHE) ciphers.
267 .name
= SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
,
268 .id
= SSL3_CK_EDH_RSA_DES_192_CBC3_SHA
,
269 .algorithm_mkey
= SSL_kDHE
,
270 .algorithm_auth
= SSL_aRSA
,
271 .algorithm_enc
= SSL_3DES
,
272 .algorithm_mac
= SSL_SHA1
,
273 .algorithm_ssl
= SSL_SSLV3
,
274 .algo_strength
= SSL_MEDIUM
,
275 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
276 .strength_bits
= 112,
283 .name
= SSL3_TXT_ADH_RC4_128_MD5
,
284 .id
= SSL3_CK_ADH_RC4_128_MD5
,
285 .algorithm_mkey
= SSL_kDHE
,
286 .algorithm_auth
= SSL_aNULL
,
287 .algorithm_enc
= SSL_RC4
,
288 .algorithm_mac
= SSL_MD5
,
289 .algorithm_ssl
= SSL_SSLV3
,
290 .algo_strength
= SSL_LOW
,
291 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
292 .strength_bits
= 128,
299 .name
= SSL3_TXT_ADH_DES_192_CBC_SHA
,
300 .id
= SSL3_CK_ADH_DES_192_CBC_SHA
,
301 .algorithm_mkey
= SSL_kDHE
,
302 .algorithm_auth
= SSL_aNULL
,
303 .algorithm_enc
= SSL_3DES
,
304 .algorithm_mac
= SSL_SHA1
,
305 .algorithm_ssl
= SSL_SSLV3
,
306 .algo_strength
= SSL_MEDIUM
,
307 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
308 .strength_bits
= 112,
319 .name
= TLS1_TXT_RSA_WITH_AES_128_SHA
,
320 .id
= TLS1_CK_RSA_WITH_AES_128_SHA
,
321 .algorithm_mkey
= SSL_kRSA
,
322 .algorithm_auth
= SSL_aRSA
,
323 .algorithm_enc
= SSL_AES128
,
324 .algorithm_mac
= SSL_SHA1
,
325 .algorithm_ssl
= SSL_TLSV1
,
326 .algo_strength
= SSL_HIGH
,
327 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
328 .strength_bits
= 128,
335 .name
= TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
,
336 .id
= TLS1_CK_DHE_RSA_WITH_AES_128_SHA
,
337 .algorithm_mkey
= SSL_kDHE
,
338 .algorithm_auth
= SSL_aRSA
,
339 .algorithm_enc
= SSL_AES128
,
340 .algorithm_mac
= SSL_SHA1
,
341 .algorithm_ssl
= SSL_TLSV1
,
342 .algo_strength
= SSL_HIGH
,
343 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
344 .strength_bits
= 128,
351 .name
= TLS1_TXT_ADH_WITH_AES_128_SHA
,
352 .id
= TLS1_CK_ADH_WITH_AES_128_SHA
,
353 .algorithm_mkey
= SSL_kDHE
,
354 .algorithm_auth
= SSL_aNULL
,
355 .algorithm_enc
= SSL_AES128
,
356 .algorithm_mac
= SSL_SHA1
,
357 .algorithm_ssl
= SSL_TLSV1
,
358 .algo_strength
= SSL_HIGH
,
359 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
360 .strength_bits
= 128,
367 .name
= TLS1_TXT_RSA_WITH_AES_256_SHA
,
368 .id
= TLS1_CK_RSA_WITH_AES_256_SHA
,
369 .algorithm_mkey
= SSL_kRSA
,
370 .algorithm_auth
= SSL_aRSA
,
371 .algorithm_enc
= SSL_AES256
,
372 .algorithm_mac
= SSL_SHA1
,
373 .algorithm_ssl
= SSL_TLSV1
,
374 .algo_strength
= SSL_HIGH
,
375 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
376 .strength_bits
= 256,
383 .name
= TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
,
384 .id
= TLS1_CK_DHE_RSA_WITH_AES_256_SHA
,
385 .algorithm_mkey
= SSL_kDHE
,
386 .algorithm_auth
= SSL_aRSA
,
387 .algorithm_enc
= SSL_AES256
,
388 .algorithm_mac
= SSL_SHA1
,
389 .algorithm_ssl
= SSL_TLSV1
,
390 .algo_strength
= SSL_HIGH
,
391 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
392 .strength_bits
= 256,
399 .name
= TLS1_TXT_ADH_WITH_AES_256_SHA
,
400 .id
= TLS1_CK_ADH_WITH_AES_256_SHA
,
401 .algorithm_mkey
= SSL_kDHE
,
402 .algorithm_auth
= SSL_aNULL
,
403 .algorithm_enc
= SSL_AES256
,
404 .algorithm_mac
= SSL_SHA1
,
405 .algorithm_ssl
= SSL_TLSV1
,
406 .algo_strength
= SSL_HIGH
,
407 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
408 .strength_bits
= 256,
412 /* TLS v1.2 ciphersuites */
416 .name
= TLS1_TXT_RSA_WITH_NULL_SHA256
,
417 .id
= TLS1_CK_RSA_WITH_NULL_SHA256
,
418 .algorithm_mkey
= SSL_kRSA
,
419 .algorithm_auth
= SSL_aRSA
,
420 .algorithm_enc
= SSL_eNULL
,
421 .algorithm_mac
= SSL_SHA256
,
422 .algorithm_ssl
= SSL_TLSV1_2
,
423 .algo_strength
= SSL_STRONG_NONE
,
424 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
432 .name
= TLS1_TXT_RSA_WITH_AES_128_SHA256
,
433 .id
= TLS1_CK_RSA_WITH_AES_128_SHA256
,
434 .algorithm_mkey
= SSL_kRSA
,
435 .algorithm_auth
= SSL_aRSA
,
436 .algorithm_enc
= SSL_AES128
,
437 .algorithm_mac
= SSL_SHA256
,
438 .algorithm_ssl
= SSL_TLSV1_2
,
439 .algo_strength
= SSL_HIGH
,
440 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
441 .strength_bits
= 128,
448 .name
= TLS1_TXT_RSA_WITH_AES_256_SHA256
,
449 .id
= TLS1_CK_RSA_WITH_AES_256_SHA256
,
450 .algorithm_mkey
= SSL_kRSA
,
451 .algorithm_auth
= SSL_aRSA
,
452 .algorithm_enc
= SSL_AES256
,
453 .algorithm_mac
= SSL_SHA256
,
454 .algorithm_ssl
= SSL_TLSV1_2
,
455 .algo_strength
= SSL_HIGH
,
456 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
457 .strength_bits
= 256,
461 #ifndef OPENSSL_NO_CAMELLIA
462 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
467 .name
= TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA
,
468 .id
= TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA
,
469 .algorithm_mkey
= SSL_kRSA
,
470 .algorithm_auth
= SSL_aRSA
,
471 .algorithm_enc
= SSL_CAMELLIA128
,
472 .algorithm_mac
= SSL_SHA1
,
473 .algorithm_ssl
= SSL_TLSV1
,
474 .algo_strength
= SSL_HIGH
,
475 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
476 .strength_bits
= 128,
483 .name
= TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
484 .id
= TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
485 .algorithm_mkey
= SSL_kDHE
,
486 .algorithm_auth
= SSL_aRSA
,
487 .algorithm_enc
= SSL_CAMELLIA128
,
488 .algorithm_mac
= SSL_SHA1
,
489 .algorithm_ssl
= SSL_TLSV1
,
490 .algo_strength
= SSL_HIGH
,
491 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
492 .strength_bits
= 128,
499 .name
= TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA
,
500 .id
= TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA
,
501 .algorithm_mkey
= SSL_kDHE
,
502 .algorithm_auth
= SSL_aNULL
,
503 .algorithm_enc
= SSL_CAMELLIA128
,
504 .algorithm_mac
= SSL_SHA1
,
505 .algorithm_ssl
= SSL_TLSV1
,
506 .algo_strength
= SSL_HIGH
,
507 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
508 .strength_bits
= 128,
511 #endif /* OPENSSL_NO_CAMELLIA */
513 /* TLS v1.2 ciphersuites */
517 .name
= TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
,
518 .id
= TLS1_CK_DHE_RSA_WITH_AES_128_SHA256
,
519 .algorithm_mkey
= SSL_kDHE
,
520 .algorithm_auth
= SSL_aRSA
,
521 .algorithm_enc
= SSL_AES128
,
522 .algorithm_mac
= SSL_SHA256
,
523 .algorithm_ssl
= SSL_TLSV1_2
,
524 .algo_strength
= SSL_HIGH
,
525 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
526 .strength_bits
= 128,
533 .name
= TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
,
534 .id
= TLS1_CK_DHE_RSA_WITH_AES_256_SHA256
,
535 .algorithm_mkey
= SSL_kDHE
,
536 .algorithm_auth
= SSL_aRSA
,
537 .algorithm_enc
= SSL_AES256
,
538 .algorithm_mac
= SSL_SHA256
,
539 .algorithm_ssl
= SSL_TLSV1_2
,
540 .algo_strength
= SSL_HIGH
,
541 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
542 .strength_bits
= 256,
549 .name
= TLS1_TXT_ADH_WITH_AES_128_SHA256
,
550 .id
= TLS1_CK_ADH_WITH_AES_128_SHA256
,
551 .algorithm_mkey
= SSL_kDHE
,
552 .algorithm_auth
= SSL_aNULL
,
553 .algorithm_enc
= SSL_AES128
,
554 .algorithm_mac
= SSL_SHA256
,
555 .algorithm_ssl
= SSL_TLSV1_2
,
556 .algo_strength
= SSL_HIGH
,
557 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
558 .strength_bits
= 128,
565 .name
= TLS1_TXT_ADH_WITH_AES_256_SHA256
,
566 .id
= TLS1_CK_ADH_WITH_AES_256_SHA256
,
567 .algorithm_mkey
= SSL_kDHE
,
568 .algorithm_auth
= SSL_aNULL
,
569 .algorithm_enc
= SSL_AES256
,
570 .algorithm_mac
= SSL_SHA256
,
571 .algorithm_ssl
= SSL_TLSV1_2
,
572 .algo_strength
= SSL_HIGH
,
573 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
574 .strength_bits
= 256,
578 /* GOST Ciphersuites */
583 .name
= "GOST2001-GOST89-GOST89",
585 .algorithm_mkey
= SSL_kGOST
,
586 .algorithm_auth
= SSL_aGOST01
,
587 .algorithm_enc
= SSL_eGOST2814789CNT
,
588 .algorithm_mac
= SSL_GOST89MAC
,
589 .algorithm_ssl
= SSL_TLSV1
,
590 .algo_strength
= SSL_HIGH
,
591 .algorithm2
= SSL_HANDSHAKE_MAC_GOST94
|TLS1_PRF_GOST94
|
593 .strength_bits
= 256,
600 .name
= "GOST2001-NULL-GOST94",
602 .algorithm_mkey
= SSL_kGOST
,
603 .algorithm_auth
= SSL_aGOST01
,
604 .algorithm_enc
= SSL_eNULL
,
605 .algorithm_mac
= SSL_GOST94
,
606 .algorithm_ssl
= SSL_TLSV1
,
607 .algo_strength
= SSL_STRONG_NONE
,
608 .algorithm2
= SSL_HANDSHAKE_MAC_GOST94
|TLS1_PRF_GOST94
,
613 #ifndef OPENSSL_NO_CAMELLIA
614 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
619 .name
= TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA
,
620 .id
= TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA
,
621 .algorithm_mkey
= SSL_kRSA
,
622 .algorithm_auth
= SSL_aRSA
,
623 .algorithm_enc
= SSL_CAMELLIA256
,
624 .algorithm_mac
= SSL_SHA1
,
625 .algorithm_ssl
= SSL_TLSV1
,
626 .algo_strength
= SSL_HIGH
,
627 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
628 .strength_bits
= 256,
635 .name
= TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
636 .id
= TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
637 .algorithm_mkey
= SSL_kDHE
,
638 .algorithm_auth
= SSL_aRSA
,
639 .algorithm_enc
= SSL_CAMELLIA256
,
640 .algorithm_mac
= SSL_SHA1
,
641 .algorithm_ssl
= SSL_TLSV1
,
642 .algo_strength
= SSL_HIGH
,
643 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
644 .strength_bits
= 256,
651 .name
= TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA
,
652 .id
= TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA
,
653 .algorithm_mkey
= SSL_kDHE
,
654 .algorithm_auth
= SSL_aNULL
,
655 .algorithm_enc
= SSL_CAMELLIA256
,
656 .algorithm_mac
= SSL_SHA1
,
657 .algorithm_ssl
= SSL_TLSV1
,
658 .algo_strength
= SSL_HIGH
,
659 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
660 .strength_bits
= 256,
663 #endif /* OPENSSL_NO_CAMELLIA */
666 * GCM ciphersuites from RFC5288.
672 .name
= TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256
,
673 .id
= TLS1_CK_RSA_WITH_AES_128_GCM_SHA256
,
674 .algorithm_mkey
= SSL_kRSA
,
675 .algorithm_auth
= SSL_aRSA
,
676 .algorithm_enc
= SSL_AES128GCM
,
677 .algorithm_mac
= SSL_AEAD
,
678 .algorithm_ssl
= SSL_TLSV1_2
,
679 .algo_strength
= SSL_HIGH
,
680 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
682 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
683 .strength_bits
= 128,
690 .name
= TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384
,
691 .id
= TLS1_CK_RSA_WITH_AES_256_GCM_SHA384
,
692 .algorithm_mkey
= SSL_kRSA
,
693 .algorithm_auth
= SSL_aRSA
,
694 .algorithm_enc
= SSL_AES256GCM
,
695 .algorithm_mac
= SSL_AEAD
,
696 .algorithm_ssl
= SSL_TLSV1_2
,
697 .algo_strength
= SSL_HIGH
,
698 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
700 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
701 .strength_bits
= 256,
708 .name
= TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
,
709 .id
= TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256
,
710 .algorithm_mkey
= SSL_kDHE
,
711 .algorithm_auth
= SSL_aRSA
,
712 .algorithm_enc
= SSL_AES128GCM
,
713 .algorithm_mac
= SSL_AEAD
,
714 .algorithm_ssl
= SSL_TLSV1_2
,
715 .algo_strength
= SSL_HIGH
,
716 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
718 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
719 .strength_bits
= 128,
726 .name
= TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
,
727 .id
= TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384
,
728 .algorithm_mkey
= SSL_kDHE
,
729 .algorithm_auth
= SSL_aRSA
,
730 .algorithm_enc
= SSL_AES256GCM
,
731 .algorithm_mac
= SSL_AEAD
,
732 .algorithm_ssl
= SSL_TLSV1_2
,
733 .algo_strength
= SSL_HIGH
,
734 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
736 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
737 .strength_bits
= 256,
744 .name
= TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256
,
745 .id
= TLS1_CK_ADH_WITH_AES_128_GCM_SHA256
,
746 .algorithm_mkey
= SSL_kDHE
,
747 .algorithm_auth
= SSL_aNULL
,
748 .algorithm_enc
= SSL_AES128GCM
,
749 .algorithm_mac
= SSL_AEAD
,
750 .algorithm_ssl
= SSL_TLSV1_2
,
751 .algo_strength
= SSL_HIGH
,
752 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
754 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
755 .strength_bits
= 128,
762 .name
= TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384
,
763 .id
= TLS1_CK_ADH_WITH_AES_256_GCM_SHA384
,
764 .algorithm_mkey
= SSL_kDHE
,
765 .algorithm_auth
= SSL_aNULL
,
766 .algorithm_enc
= SSL_AES256GCM
,
767 .algorithm_mac
= SSL_AEAD
,
768 .algorithm_ssl
= SSL_TLSV1_2
,
769 .algo_strength
= SSL_HIGH
,
770 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
772 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
773 .strength_bits
= 256,
777 #ifndef OPENSSL_NO_CAMELLIA
778 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
783 .name
= TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
784 .id
= TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
785 .algorithm_mkey
= SSL_kRSA
,
786 .algorithm_auth
= SSL_aRSA
,
787 .algorithm_enc
= SSL_CAMELLIA128
,
788 .algorithm_mac
= SSL_SHA256
,
789 .algorithm_ssl
= SSL_TLSV1_2
,
790 .algo_strength
= SSL_HIGH
,
791 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
792 .strength_bits
= 128,
799 .name
= TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
800 .id
= TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
801 .algorithm_mkey
= SSL_kDHE
,
802 .algorithm_auth
= SSL_aRSA
,
803 .algorithm_enc
= SSL_CAMELLIA128
,
804 .algorithm_mac
= SSL_SHA256
,
805 .algorithm_ssl
= SSL_TLSV1_2
,
806 .algo_strength
= SSL_HIGH
,
807 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
808 .strength_bits
= 128,
815 .name
= TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
816 .id
= TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
817 .algorithm_mkey
= SSL_kDHE
,
818 .algorithm_auth
= SSL_aNULL
,
819 .algorithm_enc
= SSL_CAMELLIA128
,
820 .algorithm_mac
= SSL_SHA256
,
821 .algorithm_ssl
= SSL_TLSV1_2
,
822 .algo_strength
= SSL_HIGH
,
823 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
824 .strength_bits
= 128,
831 .name
= TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
832 .id
= TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
833 .algorithm_mkey
= SSL_kRSA
,
834 .algorithm_auth
= SSL_aRSA
,
835 .algorithm_enc
= SSL_CAMELLIA256
,
836 .algorithm_mac
= SSL_SHA256
,
837 .algorithm_ssl
= SSL_TLSV1_2
,
838 .algo_strength
= SSL_HIGH
,
839 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
840 .strength_bits
= 256,
847 .name
= TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
848 .id
= TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
849 .algorithm_mkey
= SSL_kDHE
,
850 .algorithm_auth
= SSL_aRSA
,
851 .algorithm_enc
= SSL_CAMELLIA256
,
852 .algorithm_mac
= SSL_SHA256
,
853 .algorithm_ssl
= SSL_TLSV1_2
,
854 .algo_strength
= SSL_HIGH
,
855 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
856 .strength_bits
= 256,
863 .name
= TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
864 .id
= TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
865 .algorithm_mkey
= SSL_kDHE
,
866 .algorithm_auth
= SSL_aNULL
,
867 .algorithm_enc
= SSL_CAMELLIA256
,
868 .algorithm_mac
= SSL_SHA256
,
869 .algorithm_ssl
= SSL_TLSV1_2
,
870 .algo_strength
= SSL_HIGH
,
871 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
872 .strength_bits
= 256,
875 #endif /* OPENSSL_NO_CAMELLIA */
878 * TLSv1.3 cipher suites.
881 #ifdef LIBRESSL_HAS_TLS1_3
885 .name
= TLS1_3_RFC_AES_128_GCM_SHA256
,
886 .id
= TLS1_3_CK_AES_128_GCM_SHA256
,
887 .algorithm_mkey
= SSL_kTLS1_3
,
888 .algorithm_auth
= SSL_aTLS1_3
,
889 .algorithm_enc
= SSL_AES128GCM
,
890 .algorithm_mac
= SSL_AEAD
,
891 .algorithm_ssl
= SSL_TLSV1_3
,
892 .algo_strength
= SSL_HIGH
,
893 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
, /* XXX */
894 .strength_bits
= 128,
901 .name
= TLS1_3_RFC_AES_256_GCM_SHA384
,
902 .id
= TLS1_3_CK_AES_256_GCM_SHA384
,
903 .algorithm_mkey
= SSL_kTLS1_3
,
904 .algorithm_auth
= SSL_aTLS1_3
,
905 .algorithm_enc
= SSL_AES256GCM
,
906 .algorithm_mac
= SSL_AEAD
,
907 .algorithm_ssl
= SSL_TLSV1_3
,
908 .algo_strength
= SSL_HIGH
,
909 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
, /* XXX */
910 .strength_bits
= 256,
917 .name
= TLS1_3_RFC_CHACHA20_POLY1305_SHA256
,
918 .id
= TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
919 .algorithm_mkey
= SSL_kTLS1_3
,
920 .algorithm_auth
= SSL_aTLS1_3
,
921 .algorithm_enc
= SSL_CHACHA20POLY1305
,
922 .algorithm_mac
= SSL_AEAD
,
923 .algorithm_ssl
= SSL_TLSV1_3
,
924 .algo_strength
= SSL_HIGH
,
925 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
, /* XXX */
926 .strength_bits
= 256,
934 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA
,
935 .id
= TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA
,
936 .algorithm_mkey
= SSL_kECDHE
,
937 .algorithm_auth
= SSL_aECDSA
,
938 .algorithm_enc
= SSL_eNULL
,
939 .algorithm_mac
= SSL_SHA1
,
940 .algorithm_ssl
= SSL_TLSV1
,
941 .algo_strength
= SSL_STRONG_NONE
,
942 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
950 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA
,
951 .id
= TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA
,
952 .algorithm_mkey
= SSL_kECDHE
,
953 .algorithm_auth
= SSL_aECDSA
,
954 .algorithm_enc
= SSL_RC4
,
955 .algorithm_mac
= SSL_SHA1
,
956 .algorithm_ssl
= SSL_TLSV1
,
957 .algo_strength
= SSL_LOW
,
958 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
959 .strength_bits
= 128,
966 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
967 .id
= TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
968 .algorithm_mkey
= SSL_kECDHE
,
969 .algorithm_auth
= SSL_aECDSA
,
970 .algorithm_enc
= SSL_3DES
,
971 .algorithm_mac
= SSL_SHA1
,
972 .algorithm_ssl
= SSL_TLSV1
,
973 .algo_strength
= SSL_MEDIUM
,
974 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
975 .strength_bits
= 112,
982 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
983 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
984 .algorithm_mkey
= SSL_kECDHE
,
985 .algorithm_auth
= SSL_aECDSA
,
986 .algorithm_enc
= SSL_AES128
,
987 .algorithm_mac
= SSL_SHA1
,
988 .algorithm_ssl
= SSL_TLSV1
,
989 .algo_strength
= SSL_HIGH
,
990 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
991 .strength_bits
= 128,
998 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
999 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
1000 .algorithm_mkey
= SSL_kECDHE
,
1001 .algorithm_auth
= SSL_aECDSA
,
1002 .algorithm_enc
= SSL_AES256
,
1003 .algorithm_mac
= SSL_SHA1
,
1004 .algorithm_ssl
= SSL_TLSV1
,
1005 .algo_strength
= SSL_HIGH
,
1006 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1007 .strength_bits
= 256,
1014 .name
= TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA
,
1015 .id
= TLS1_CK_ECDHE_RSA_WITH_NULL_SHA
,
1016 .algorithm_mkey
= SSL_kECDHE
,
1017 .algorithm_auth
= SSL_aRSA
,
1018 .algorithm_enc
= SSL_eNULL
,
1019 .algorithm_mac
= SSL_SHA1
,
1020 .algorithm_ssl
= SSL_TLSV1
,
1021 .algo_strength
= SSL_STRONG_NONE
,
1022 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1030 .name
= TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA
,
1031 .id
= TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA
,
1032 .algorithm_mkey
= SSL_kECDHE
,
1033 .algorithm_auth
= SSL_aRSA
,
1034 .algorithm_enc
= SSL_RC4
,
1035 .algorithm_mac
= SSL_SHA1
,
1036 .algorithm_ssl
= SSL_TLSV1
,
1037 .algo_strength
= SSL_LOW
,
1038 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1039 .strength_bits
= 128,
1046 .name
= TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1047 .id
= TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1048 .algorithm_mkey
= SSL_kECDHE
,
1049 .algorithm_auth
= SSL_aRSA
,
1050 .algorithm_enc
= SSL_3DES
,
1051 .algorithm_mac
= SSL_SHA1
,
1052 .algorithm_ssl
= SSL_TLSV1
,
1053 .algo_strength
= SSL_MEDIUM
,
1054 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1055 .strength_bits
= 112,
1062 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1063 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1064 .algorithm_mkey
= SSL_kECDHE
,
1065 .algorithm_auth
= SSL_aRSA
,
1066 .algorithm_enc
= SSL_AES128
,
1067 .algorithm_mac
= SSL_SHA1
,
1068 .algorithm_ssl
= SSL_TLSV1
,
1069 .algo_strength
= SSL_HIGH
,
1070 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1071 .strength_bits
= 128,
1078 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1079 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1080 .algorithm_mkey
= SSL_kECDHE
,
1081 .algorithm_auth
= SSL_aRSA
,
1082 .algorithm_enc
= SSL_AES256
,
1083 .algorithm_mac
= SSL_SHA1
,
1084 .algorithm_ssl
= SSL_TLSV1
,
1085 .algo_strength
= SSL_HIGH
,
1086 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1087 .strength_bits
= 256,
1094 .name
= TLS1_TXT_ECDH_anon_WITH_NULL_SHA
,
1095 .id
= TLS1_CK_ECDH_anon_WITH_NULL_SHA
,
1096 .algorithm_mkey
= SSL_kECDHE
,
1097 .algorithm_auth
= SSL_aNULL
,
1098 .algorithm_enc
= SSL_eNULL
,
1099 .algorithm_mac
= SSL_SHA1
,
1100 .algorithm_ssl
= SSL_TLSV1
,
1101 .algo_strength
= SSL_STRONG_NONE
,
1102 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1110 .name
= TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA
,
1111 .id
= TLS1_CK_ECDH_anon_WITH_RC4_128_SHA
,
1112 .algorithm_mkey
= SSL_kECDHE
,
1113 .algorithm_auth
= SSL_aNULL
,
1114 .algorithm_enc
= SSL_RC4
,
1115 .algorithm_mac
= SSL_SHA1
,
1116 .algorithm_ssl
= SSL_TLSV1
,
1117 .algo_strength
= SSL_LOW
,
1118 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1119 .strength_bits
= 128,
1126 .name
= TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1127 .id
= TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1128 .algorithm_mkey
= SSL_kECDHE
,
1129 .algorithm_auth
= SSL_aNULL
,
1130 .algorithm_enc
= SSL_3DES
,
1131 .algorithm_mac
= SSL_SHA1
,
1132 .algorithm_ssl
= SSL_TLSV1
,
1133 .algo_strength
= SSL_MEDIUM
,
1134 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1135 .strength_bits
= 112,
1142 .name
= TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA
,
1143 .id
= TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA
,
1144 .algorithm_mkey
= SSL_kECDHE
,
1145 .algorithm_auth
= SSL_aNULL
,
1146 .algorithm_enc
= SSL_AES128
,
1147 .algorithm_mac
= SSL_SHA1
,
1148 .algorithm_ssl
= SSL_TLSV1
,
1149 .algo_strength
= SSL_HIGH
,
1150 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1151 .strength_bits
= 128,
1158 .name
= TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA
,
1159 .id
= TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA
,
1160 .algorithm_mkey
= SSL_kECDHE
,
1161 .algorithm_auth
= SSL_aNULL
,
1162 .algorithm_enc
= SSL_AES256
,
1163 .algorithm_mac
= SSL_SHA1
,
1164 .algorithm_ssl
= SSL_TLSV1
,
1165 .algo_strength
= SSL_HIGH
,
1166 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1167 .strength_bits
= 256,
1172 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
1177 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1178 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1179 .algorithm_mkey
= SSL_kECDHE
,
1180 .algorithm_auth
= SSL_aECDSA
,
1181 .algorithm_enc
= SSL_AES128
,
1182 .algorithm_mac
= SSL_SHA256
,
1183 .algorithm_ssl
= SSL_TLSV1_2
,
1184 .algo_strength
= SSL_HIGH
,
1185 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
1186 .strength_bits
= 128,
1193 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1194 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1195 .algorithm_mkey
= SSL_kECDHE
,
1196 .algorithm_auth
= SSL_aECDSA
,
1197 .algorithm_enc
= SSL_AES256
,
1198 .algorithm_mac
= SSL_SHA384
,
1199 .algorithm_ssl
= SSL_TLSV1_2
,
1200 .algo_strength
= SSL_HIGH
,
1201 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
,
1202 .strength_bits
= 256,
1209 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256
,
1210 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256
,
1211 .algorithm_mkey
= SSL_kECDHE
,
1212 .algorithm_auth
= SSL_aRSA
,
1213 .algorithm_enc
= SSL_AES128
,
1214 .algorithm_mac
= SSL_SHA256
,
1215 .algorithm_ssl
= SSL_TLSV1_2
,
1216 .algo_strength
= SSL_HIGH
,
1217 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
1218 .strength_bits
= 128,
1225 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384
,
1226 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384
,
1227 .algorithm_mkey
= SSL_kECDHE
,
1228 .algorithm_auth
= SSL_aRSA
,
1229 .algorithm_enc
= SSL_AES256
,
1230 .algorithm_mac
= SSL_SHA384
,
1231 .algorithm_ssl
= SSL_TLSV1_2
,
1232 .algo_strength
= SSL_HIGH
,
1233 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
,
1234 .strength_bits
= 256,
1238 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
1243 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1244 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1245 .algorithm_mkey
= SSL_kECDHE
,
1246 .algorithm_auth
= SSL_aECDSA
,
1247 .algorithm_enc
= SSL_AES128GCM
,
1248 .algorithm_mac
= SSL_AEAD
,
1249 .algorithm_ssl
= SSL_TLSV1_2
,
1250 .algo_strength
= SSL_HIGH
,
1251 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1253 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
1254 .strength_bits
= 128,
1261 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1262 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1263 .algorithm_mkey
= SSL_kECDHE
,
1264 .algorithm_auth
= SSL_aECDSA
,
1265 .algorithm_enc
= SSL_AES256GCM
,
1266 .algorithm_mac
= SSL_AEAD
,
1267 .algorithm_ssl
= SSL_TLSV1_2
,
1268 .algo_strength
= SSL_HIGH
,
1269 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
1271 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
1272 .strength_bits
= 256,
1279 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1280 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1281 .algorithm_mkey
= SSL_kECDHE
,
1282 .algorithm_auth
= SSL_aRSA
,
1283 .algorithm_enc
= SSL_AES128GCM
,
1284 .algorithm_mac
= SSL_AEAD
,
1285 .algorithm_ssl
= SSL_TLSV1_2
,
1286 .algo_strength
= SSL_HIGH
,
1287 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1289 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
1290 .strength_bits
= 128,
1297 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1298 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1299 .algorithm_mkey
= SSL_kECDHE
,
1300 .algorithm_auth
= SSL_aRSA
,
1301 .algorithm_enc
= SSL_AES256GCM
,
1302 .algorithm_mac
= SSL_AEAD
,
1303 .algorithm_ssl
= SSL_TLSV1_2
,
1304 .algo_strength
= SSL_HIGH
,
1305 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
1307 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
1308 .strength_bits
= 256,
1315 .name
= TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
1316 .id
= TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305
,
1317 .algorithm_mkey
= SSL_kECDHE
,
1318 .algorithm_auth
= SSL_aRSA
,
1319 .algorithm_enc
= SSL_CHACHA20POLY1305
,
1320 .algorithm_mac
= SSL_AEAD
,
1321 .algorithm_ssl
= SSL_TLSV1_2
,
1322 .algo_strength
= SSL_HIGH
,
1323 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1324 FIXED_NONCE_LEN(12),
1325 .strength_bits
= 256,
1332 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
1333 .id
= TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305
,
1334 .algorithm_mkey
= SSL_kECDHE
,
1335 .algorithm_auth
= SSL_aECDSA
,
1336 .algorithm_enc
= SSL_CHACHA20POLY1305
,
1337 .algorithm_mac
= SSL_AEAD
,
1338 .algorithm_ssl
= SSL_TLSV1_2
,
1339 .algo_strength
= SSL_HIGH
,
1340 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1341 FIXED_NONCE_LEN(12),
1342 .strength_bits
= 256,
1349 .name
= TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305
,
1350 .id
= TLS1_CK_DHE_RSA_CHACHA20_POLY1305
,
1351 .algorithm_mkey
= SSL_kDHE
,
1352 .algorithm_auth
= SSL_aRSA
,
1353 .algorithm_enc
= SSL_CHACHA20POLY1305
,
1354 .algorithm_mac
= SSL_AEAD
,
1355 .algorithm_ssl
= SSL_TLSV1_2
,
1356 .algo_strength
= SSL_HIGH
,
1357 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1358 FIXED_NONCE_LEN(12),
1359 .strength_bits
= 256,
1363 /* Cipher FF85 FIXME IANA */
1366 .name
= "GOST2012256-GOST89-GOST89",
1367 .id
= 0x300ff85, /* FIXME IANA */
1368 .algorithm_mkey
= SSL_kGOST
,
1369 .algorithm_auth
= SSL_aGOST01
,
1370 .algorithm_enc
= SSL_eGOST2814789CNT
,
1371 .algorithm_mac
= SSL_GOST89MAC
,
1372 .algorithm_ssl
= SSL_TLSV1
,
1373 .algo_strength
= SSL_HIGH
,
1374 .algorithm2
= SSL_HANDSHAKE_MAC_STREEBOG256
|TLS1_PRF_STREEBOG256
|
1376 .strength_bits
= 256,
1380 /* Cipher FF87 FIXME IANA */
1383 .name
= "GOST2012256-NULL-STREEBOG256",
1384 .id
= 0x300ff87, /* FIXME IANA */
1385 .algorithm_mkey
= SSL_kGOST
,
1386 .algorithm_auth
= SSL_aGOST01
,
1387 .algorithm_enc
= SSL_eNULL
,
1388 .algorithm_mac
= SSL_STREEBOG256
,
1389 .algorithm_ssl
= SSL_TLSV1
,
1390 .algo_strength
= SSL_STRONG_NONE
,
1391 .algorithm2
= SSL_HANDSHAKE_MAC_STREEBOG256
|TLS1_PRF_STREEBOG256
,
1401 ssl3_num_ciphers(void)
1403 return (SSL3_NUM_CIPHERS
);
1407 ssl3_get_cipher(unsigned int u
)
1409 if (u
< SSL3_NUM_CIPHERS
)
1410 return (&(ssl3_ciphers
[SSL3_NUM_CIPHERS
- 1 - u
]));
1416 ssl3_get_cipher_by_id(unsigned int id
)
1418 const SSL_CIPHER
*cp
;
1422 cp
= OBJ_bsearch_ssl_cipher_id(&c
, ssl3_ciphers
, SSL3_NUM_CIPHERS
);
1423 if (cp
!= NULL
&& cp
->valid
== 1)
1430 ssl3_get_cipher_by_value(uint16_t value
)
1432 return ssl3_get_cipher_by_id(SSL3_CK_ID
| value
);
1436 ssl3_cipher_get_value(const SSL_CIPHER
*c
)
1438 return (c
->id
& SSL3_CK_VALUE_MASK
);
1442 ssl3_pending(const SSL
*s
)
1444 if (s
->internal
->rstate
== SSL_ST_READ_BODY
)
1447 return (s
->s3
->rrec
.type
== SSL3_RT_APPLICATION_DATA
) ?
1448 s
->s3
->rrec
.length
: 0;
1452 ssl3_handshake_msg_hdr_len(SSL
*s
)
1454 return (SSL_is_dtls(s
) ? DTLS1_HM_HEADER_LENGTH
:
1455 SSL3_HM_HEADER_LENGTH
);
1459 ssl3_handshake_msg_start(SSL
*s
, CBB
*handshake
, CBB
*body
, uint8_t msg_type
)
1463 if (!CBB_init(handshake
, SSL3_RT_MAX_PLAIN_LENGTH
))
1465 if (!CBB_add_u8(handshake
, msg_type
))
1467 if (SSL_is_dtls(s
)) {
1468 unsigned char *data
;
1470 if (!CBB_add_space(handshake
, &data
, DTLS1_HM_HEADER_LENGTH
-
1471 SSL3_HM_HEADER_LENGTH
))
1474 if (!CBB_add_u24_length_prefixed(handshake
, body
))
1484 ssl3_handshake_msg_finish(SSL
*s
, CBB
*handshake
)
1486 unsigned char *data
= NULL
;
1490 if (!CBB_finish(handshake
, &data
, &outlen
))
1493 if (outlen
> INT_MAX
)
1496 if (!BUF_MEM_grow_clean(s
->internal
->init_buf
, outlen
))
1499 memcpy(s
->internal
->init_buf
->data
, data
, outlen
);
1501 s
->internal
->init_num
= (int)outlen
;
1502 s
->internal
->init_off
= 0;
1504 if (SSL_is_dtls(s
)) {
1509 CBS_init(&cbs
, data
, outlen
);
1510 if (!CBS_get_u8(&cbs
, &msg_type
))
1513 len
= outlen
- ssl3_handshake_msg_hdr_len(s
);
1515 dtls1_set_message_header(s
, msg_type
, len
, 0, len
);
1516 dtls1_buffer_message(s
, 0);
1528 ssl3_handshake_write(SSL
*s
)
1530 return ssl3_record_write(s
, SSL3_RT_HANDSHAKE
);
1534 ssl3_record_write(SSL
*s
, int type
)
1537 return dtls1_do_write(s
, type
);
1539 return ssl3_do_write(s
, type
);
1545 if ((s
->s3
= calloc(1, sizeof(*s
->s3
))) == NULL
)
1548 s
->method
->ssl_clear(s
);
1559 tls1_cleanup_key_block(s
);
1560 ssl3_release_read_buffer(s
);
1561 ssl3_release_write_buffer(s
);
1563 freezero(s
->s3
->hs
.sigalgs
, s
->s3
->hs
.sigalgs_len
);
1564 sk_X509_pop_free(s
->s3
->hs
.peer_certs
, X509_free
);
1565 sk_X509_pop_free(s
->s3
->hs
.peer_certs_no_leaf
, X509_free
);
1566 tls_key_share_free(s
->s3
->hs
.key_share
);
1568 tls13_secrets_destroy(s
->s3
->hs
.tls13
.secrets
);
1569 freezero(s
->s3
->hs
.tls13
.cookie
, s
->s3
->hs
.tls13
.cookie_len
);
1570 tls13_clienthello_hash_clear(&s
->s3
->hs
.tls13
);
1572 tls_buffer_free(s
->s3
->hs
.tls13
.quic_read_buffer
);
1574 sk_X509_NAME_pop_free(s
->s3
->hs
.tls12
.ca_names
, X509_NAME_free
);
1575 sk_X509_pop_free(s
->internal
->verified_chain
, X509_free
);
1577 tls1_transcript_free(s
);
1578 tls1_transcript_hash_free(s
);
1580 free(s
->s3
->alpn_selected
);
1582 freezero(s
->s3
->peer_quic_transport_params
,
1583 s
->s3
->peer_quic_transport_params_len
);
1585 freezero(s
->s3
, sizeof(*s
->s3
));
1593 unsigned char *rp
, *wp
;
1596 tls1_cleanup_key_block(s
);
1597 sk_X509_NAME_pop_free(s
->s3
->hs
.tls12
.ca_names
, X509_NAME_free
);
1598 sk_X509_pop_free(s
->internal
->verified_chain
, X509_free
);
1599 s
->internal
->verified_chain
= NULL
;
1601 freezero(s
->s3
->hs
.sigalgs
, s
->s3
->hs
.sigalgs_len
);
1602 s
->s3
->hs
.sigalgs
= NULL
;
1603 s
->s3
->hs
.sigalgs_len
= 0;
1605 sk_X509_pop_free(s
->s3
->hs
.peer_certs
, X509_free
);
1606 s
->s3
->hs
.peer_certs
= NULL
;
1607 sk_X509_pop_free(s
->s3
->hs
.peer_certs_no_leaf
, X509_free
);
1608 s
->s3
->hs
.peer_certs_no_leaf
= NULL
;
1610 tls_key_share_free(s
->s3
->hs
.key_share
);
1611 s
->s3
->hs
.key_share
= NULL
;
1613 tls13_secrets_destroy(s
->s3
->hs
.tls13
.secrets
);
1614 s
->s3
->hs
.tls13
.secrets
= NULL
;
1615 freezero(s
->s3
->hs
.tls13
.cookie
, s
->s3
->hs
.tls13
.cookie_len
);
1616 s
->s3
->hs
.tls13
.cookie
= NULL
;
1617 s
->s3
->hs
.tls13
.cookie_len
= 0;
1618 tls13_clienthello_hash_clear(&s
->s3
->hs
.tls13
);
1620 tls_buffer_free(s
->s3
->hs
.tls13
.quic_read_buffer
);
1621 s
->s3
->hs
.tls13
.quic_read_buffer
= NULL
;
1622 s
->s3
->hs
.tls13
.quic_read_level
= ssl_encryption_initial
;
1623 s
->s3
->hs
.tls13
.quic_write_level
= ssl_encryption_initial
;
1625 s
->s3
->hs
.extensions_seen
= 0;
1627 rp
= s
->s3
->rbuf
.buf
;
1628 wp
= s
->s3
->wbuf
.buf
;
1629 rlen
= s
->s3
->rbuf
.len
;
1630 wlen
= s
->s3
->wbuf
.len
;
1632 tls1_transcript_free(s
);
1633 tls1_transcript_hash_free(s
);
1635 free(s
->s3
->alpn_selected
);
1636 s
->s3
->alpn_selected
= NULL
;
1637 s
->s3
->alpn_selected_len
= 0;
1639 freezero(s
->s3
->peer_quic_transport_params
,
1640 s
->s3
->peer_quic_transport_params_len
);
1641 s
->s3
->peer_quic_transport_params
= NULL
;
1642 s
->s3
->peer_quic_transport_params_len
= 0;
1644 memset(s
->s3
, 0, sizeof(*s
->s3
));
1646 s
->s3
->rbuf
.buf
= rp
;
1647 s
->s3
->wbuf
.buf
= wp
;
1648 s
->s3
->rbuf
.len
= rlen
;
1649 s
->s3
->wbuf
.len
= wlen
;
1651 ssl_free_wbio_buffer(s
);
1654 s
->s3
->renegotiate
= 0;
1655 s
->s3
->total_renegotiations
= 0;
1656 s
->s3
->num_renegotiations
= 0;
1657 s
->s3
->in_read_app_data
= 0;
1659 s
->internal
->packet_length
= 0;
1660 s
->version
= TLS1_VERSION
;
1662 s
->s3
->hs
.state
= SSL_ST_BEFORE
|((s
->server
) ? SSL_ST_ACCEPT
: SSL_ST_CONNECT
);
1666 _SSL_get_shared_group(SSL
*s
, long n
)
1671 /* OpenSSL document that they return -1 for clients. They return 0. */
1676 if (!tls1_count_shared_groups(s
, &count
))
1679 if (count
> LONG_MAX
)
1685 /* Undocumented special case added for Suite B profile support. */
1692 if (!tls1_get_shared_group_by_index(s
, n
, &nid
))
1699 _SSL_get_peer_tmp_key(SSL
*s
, EVP_PKEY
**key
)
1701 EVP_PKEY
*pkey
= NULL
;
1706 if (s
->s3
->hs
.key_share
== NULL
)
1709 if ((pkey
= EVP_PKEY_new()) == NULL
)
1711 if (!tls_key_share_peer_pkey(s
->s3
->hs
.key_share
, pkey
))
1720 EVP_PKEY_free(pkey
);
1726 _SSL_session_reused(SSL
*s
)
1728 return s
->internal
->hit
;
1732 _SSL_num_renegotiations(SSL
*s
)
1734 return s
->s3
->num_renegotiations
;
1738 _SSL_clear_num_renegotiations(SSL
*s
)
1742 renegs
= s
->s3
->num_renegotiations
;
1743 s
->s3
->num_renegotiations
= 0;
1749 _SSL_total_renegotiations(SSL
*s
)
1751 return s
->s3
->total_renegotiations
;
1755 _SSL_set_tmp_dh(SSL
*s
, DH
*dh
)
1760 SSLerror(s
, ERR_R_PASSED_NULL_PARAMETER
);
1764 if (!ssl_security_dh(s
, dh
)) {
1765 SSLerror(s
, SSL_R_DH_KEY_TOO_SMALL
);
1769 if ((dhe_params
= DHparams_dup(dh
)) == NULL
) {
1770 SSLerror(s
, ERR_R_DH_LIB
);
1774 DH_free(s
->cert
->dhe_params
);
1775 s
->cert
->dhe_params
= dhe_params
;
1781 _SSL_set_dh_auto(SSL
*s
, int state
)
1783 s
->cert
->dhe_params_auto
= state
;
1788 _SSL_set_tmp_ecdh(SSL
*s
, EC_KEY
*ecdh
)
1790 const EC_GROUP
*group
;
1795 if ((group
= EC_KEY_get0_group(ecdh
)) == NULL
)
1798 nid
= EC_GROUP_get_curve_name(group
);
1799 return SSL_set1_groups(s
, &nid
, 1);
1803 _SSL_set_ecdh_auto(SSL
*s
, int state
)
1809 _SSL_set_tlsext_host_name(SSL
*s
, const char *name
)
1814 free(s
->tlsext_hostname
);
1815 s
->tlsext_hostname
= NULL
;
1820 CBS_init(&cbs
, name
, strlen(name
));
1822 if (!tlsext_sni_is_valid_hostname(&cbs
, &is_ip
)) {
1823 SSLerror(s
, SSL_R_SSL3_EXT_INVALID_SERVERNAME
);
1826 if ((s
->tlsext_hostname
= strdup(name
)) == NULL
) {
1827 SSLerror(s
, ERR_R_INTERNAL_ERROR
);
1835 _SSL_set_tlsext_debug_arg(SSL
*s
, void *arg
)
1837 s
->internal
->tlsext_debug_arg
= arg
;
1842 _SSL_get_tlsext_status_type(SSL
*s
)
1844 return s
->tlsext_status_type
;
1848 _SSL_set_tlsext_status_type(SSL
*s
, int type
)
1850 s
->tlsext_status_type
= type
;
1855 _SSL_get_tlsext_status_exts(SSL
*s
, STACK_OF(X509_EXTENSION
) **exts
)
1857 *exts
= s
->internal
->tlsext_ocsp_exts
;
1862 _SSL_set_tlsext_status_exts(SSL
*s
, STACK_OF(X509_EXTENSION
) *exts
)
1865 s
->internal
->tlsext_ocsp_exts
= exts
;
1870 _SSL_get_tlsext_status_ids(SSL
*s
, STACK_OF(OCSP_RESPID
) **ids
)
1872 *ids
= s
->internal
->tlsext_ocsp_ids
;
1877 _SSL_set_tlsext_status_ids(SSL
*s
, STACK_OF(OCSP_RESPID
) *ids
)
1880 s
->internal
->tlsext_ocsp_ids
= ids
;
1885 _SSL_get_tlsext_status_ocsp_resp(SSL
*s
, unsigned char **resp
)
1887 if (s
->internal
->tlsext_ocsp_resp
!= NULL
&&
1888 s
->internal
->tlsext_ocsp_resp_len
< INT_MAX
) {
1889 *resp
= s
->internal
->tlsext_ocsp_resp
;
1890 return (int)s
->internal
->tlsext_ocsp_resp_len
;
1899 _SSL_set_tlsext_status_ocsp_resp(SSL
*s
, unsigned char *resp
, int resp_len
)
1901 free(s
->internal
->tlsext_ocsp_resp
);
1902 s
->internal
->tlsext_ocsp_resp
= NULL
;
1903 s
->internal
->tlsext_ocsp_resp_len
= 0;
1908 s
->internal
->tlsext_ocsp_resp
= resp
;
1909 s
->internal
->tlsext_ocsp_resp_len
= (size_t)resp_len
;
1915 SSL_set0_chain(SSL
*ssl
, STACK_OF(X509
) *chain
)
1917 return ssl_cert_set0_chain(NULL
, ssl
, chain
);
1921 SSL_set1_chain(SSL
*ssl
, STACK_OF(X509
) *chain
)
1923 return ssl_cert_set1_chain(NULL
, ssl
, chain
);
1927 SSL_add0_chain_cert(SSL
*ssl
, X509
*x509
)
1929 return ssl_cert_add0_chain_cert(NULL
, ssl
, x509
);
1933 SSL_add1_chain_cert(SSL
*ssl
, X509
*x509
)
1935 return ssl_cert_add1_chain_cert(NULL
, ssl
, x509
);
1939 SSL_get0_chain_certs(const SSL
*ssl
, STACK_OF(X509
) **out_chain
)
1943 if (ssl
->cert
->key
!= NULL
)
1944 *out_chain
= ssl
->cert
->key
->chain
;
1950 SSL_clear_chain_certs(SSL
*ssl
)
1952 return ssl_cert_set0_chain(NULL
, ssl
, NULL
);
1956 SSL_set1_groups(SSL
*s
, const int *groups
, size_t groups_len
)
1958 return tls1_set_groups(&s
->internal
->tlsext_supportedgroups
,
1959 &s
->internal
->tlsext_supportedgroups_length
, groups
, groups_len
);
1963 SSL_set1_groups_list(SSL
*s
, const char *groups
)
1965 return tls1_set_group_list(&s
->internal
->tlsext_supportedgroups
,
1966 &s
->internal
->tlsext_supportedgroups_length
, groups
);
1970 _SSL_get_signature_nid(SSL
*s
, int *nid
)
1972 const struct ssl_sigalg
*sigalg
;
1974 if ((sigalg
= s
->s3
->hs
.our_sigalg
) == NULL
)
1977 *nid
= EVP_MD_type(sigalg
->md());
1983 _SSL_get_peer_signature_nid(SSL
*s
, int *nid
)
1985 const struct ssl_sigalg
*sigalg
;
1987 if ((sigalg
= s
->s3
->hs
.peer_sigalg
) == NULL
)
1990 *nid
= EVP_MD_type(sigalg
->md());
1996 SSL_get_signature_type_nid(const SSL
*s
, int *nid
)
1998 const struct ssl_sigalg
*sigalg
;
2000 if ((sigalg
= s
->s3
->hs
.our_sigalg
) == NULL
)
2003 *nid
= sigalg
->key_type
;
2004 if (sigalg
->key_type
== EVP_PKEY_RSA
&&
2005 (sigalg
->flags
& SIGALG_FLAG_RSA_PSS
))
2006 *nid
= EVP_PKEY_RSA_PSS
;
2012 SSL_get_peer_signature_type_nid(const SSL
*s
, int *nid
)
2014 const struct ssl_sigalg
*sigalg
;
2016 if ((sigalg
= s
->s3
->hs
.peer_sigalg
) == NULL
)
2019 *nid
= sigalg
->key_type
;
2020 if (sigalg
->key_type
== EVP_PKEY_RSA
&&
2021 (sigalg
->flags
& SIGALG_FLAG_RSA_PSS
))
2022 *nid
= EVP_PKEY_RSA_PSS
;
2028 ssl3_ctrl(SSL
*s
, int cmd
, long larg
, void *parg
)
2031 case SSL_CTRL_GET_SESSION_REUSED
:
2032 return _SSL_session_reused(s
);
2034 case SSL_CTRL_GET_NUM_RENEGOTIATIONS
:
2035 return _SSL_num_renegotiations(s
);
2037 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS
:
2038 return _SSL_clear_num_renegotiations(s
);
2040 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS
:
2041 return _SSL_total_renegotiations(s
);
2043 case SSL_CTRL_SET_TMP_DH
:
2044 return _SSL_set_tmp_dh(s
, parg
);
2046 case SSL_CTRL_SET_TMP_DH_CB
:
2047 SSLerror(s
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2050 case SSL_CTRL_SET_DH_AUTO
:
2051 return _SSL_set_dh_auto(s
, larg
);
2053 case SSL_CTRL_SET_TMP_ECDH
:
2054 return _SSL_set_tmp_ecdh(s
, parg
);
2056 case SSL_CTRL_SET_TMP_ECDH_CB
:
2057 SSLerror(s
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2060 case SSL_CTRL_SET_ECDH_AUTO
:
2061 return _SSL_set_ecdh_auto(s
, larg
);
2063 case SSL_CTRL_SET_TLSEXT_HOSTNAME
:
2064 if (larg
!= TLSEXT_NAMETYPE_host_name
) {
2065 SSLerror(s
, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE
);
2068 return _SSL_set_tlsext_host_name(s
, parg
);
2070 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG
:
2071 return _SSL_set_tlsext_debug_arg(s
, parg
);
2073 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
:
2074 return _SSL_get_tlsext_status_type(s
);
2076 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
2077 return _SSL_set_tlsext_status_type(s
, larg
);
2079 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS
:
2080 return _SSL_get_tlsext_status_exts(s
, parg
);
2082 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS
:
2083 return _SSL_set_tlsext_status_exts(s
, parg
);
2085 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS
:
2086 return _SSL_get_tlsext_status_ids(s
, parg
);
2088 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS
:
2089 return _SSL_set_tlsext_status_ids(s
, parg
);
2091 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP
:
2092 return _SSL_get_tlsext_status_ocsp_resp(s
, parg
);
2094 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
:
2095 return _SSL_set_tlsext_status_ocsp_resp(s
, parg
, larg
);
2097 case SSL_CTRL_CHAIN
:
2099 return SSL_set0_chain(s
, (STACK_OF(X509
) *)parg
);
2101 return SSL_set1_chain(s
, (STACK_OF(X509
) *)parg
);
2103 case SSL_CTRL_CHAIN_CERT
:
2105 return SSL_add0_chain_cert(s
, (X509
*)parg
);
2107 return SSL_add1_chain_cert(s
, (X509
*)parg
);
2109 case SSL_CTRL_GET_CHAIN_CERTS
:
2110 return SSL_get0_chain_certs(s
, (STACK_OF(X509
) **)parg
);
2112 case SSL_CTRL_SET_GROUPS
:
2113 return SSL_set1_groups(s
, parg
, larg
);
2115 case SSL_CTRL_SET_GROUPS_LIST
:
2116 return SSL_set1_groups_list(s
, parg
);
2118 case SSL_CTRL_GET_SHARED_GROUP
:
2119 return _SSL_get_shared_group(s
, larg
);
2121 /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */
2122 case SSL_CTRL_GET_SERVER_TMP_KEY
:
2125 return _SSL_get_peer_tmp_key(s
, parg
);
2127 case SSL_CTRL_GET_MIN_PROTO_VERSION
:
2128 return SSL_get_min_proto_version(s
);
2130 case SSL_CTRL_GET_MAX_PROTO_VERSION
:
2131 return SSL_get_max_proto_version(s
);
2133 case SSL_CTRL_SET_MIN_PROTO_VERSION
:
2134 if (larg
< 0 || larg
> UINT16_MAX
)
2136 return SSL_set_min_proto_version(s
, larg
);
2138 case SSL_CTRL_SET_MAX_PROTO_VERSION
:
2139 if (larg
< 0 || larg
> UINT16_MAX
)
2141 return SSL_set_max_proto_version(s
, larg
);
2143 case SSL_CTRL_GET_SIGNATURE_NID
:
2144 return _SSL_get_signature_nid(s
, parg
);
2146 case SSL_CTRL_GET_PEER_SIGNATURE_NID
:
2147 return _SSL_get_peer_signature_nid(s
, parg
);
2150 * Legacy controls that should eventually be removed.
2152 case SSL_CTRL_GET_CLIENT_CERT_REQUEST
:
2155 case SSL_CTRL_GET_FLAGS
:
2156 return (int)(s
->s3
->flags
);
2158 case SSL_CTRL_NEED_TMP_RSA
:
2161 case SSL_CTRL_SET_TMP_RSA
:
2162 case SSL_CTRL_SET_TMP_RSA_CB
:
2163 SSLerror(s
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2171 ssl3_callback_ctrl(SSL
*s
, int cmd
, void (*fp
)(void))
2174 case SSL_CTRL_SET_TMP_RSA_CB
:
2175 SSLerror(s
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2178 case SSL_CTRL_SET_TMP_DH_CB
:
2179 s
->cert
->dhe_params_cb
= (DH
*(*)(SSL
*, int, int))fp
;
2182 case SSL_CTRL_SET_TMP_ECDH_CB
:
2185 case SSL_CTRL_SET_TLSEXT_DEBUG_CB
:
2186 s
->internal
->tlsext_debug_cb
= (void (*)(SSL
*, int , int,
2187 unsigned char *, int, void *))fp
;
2195 _SSL_CTX_set_tmp_dh(SSL_CTX
*ctx
, DH
*dh
)
2200 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER
);
2204 if (!ssl_ctx_security_dh(ctx
, dh
)) {
2205 SSLerrorx(SSL_R_DH_KEY_TOO_SMALL
);
2209 if ((dhe_params
= DHparams_dup(dh
)) == NULL
) {
2210 SSLerrorx(ERR_R_DH_LIB
);
2214 DH_free(ctx
->internal
->cert
->dhe_params
);
2215 ctx
->internal
->cert
->dhe_params
= dhe_params
;
2221 _SSL_CTX_set_dh_auto(SSL_CTX
*ctx
, int state
)
2223 ctx
->internal
->cert
->dhe_params_auto
= state
;
2228 _SSL_CTX_set_tmp_ecdh(SSL_CTX
*ctx
, EC_KEY
*ecdh
)
2230 const EC_GROUP
*group
;
2235 if ((group
= EC_KEY_get0_group(ecdh
)) == NULL
)
2238 nid
= EC_GROUP_get_curve_name(group
);
2239 return SSL_CTX_set1_groups(ctx
, &nid
, 1);
2243 _SSL_CTX_set_ecdh_auto(SSL_CTX
*ctx
, int state
)
2249 _SSL_CTX_set_tlsext_servername_arg(SSL_CTX
*ctx
, void *arg
)
2251 ctx
->internal
->tlsext_servername_arg
= arg
;
2256 _SSL_CTX_get_tlsext_ticket_keys(SSL_CTX
*ctx
, unsigned char *keys
, int keys_len
)
2261 if (keys_len
!= 48) {
2262 SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH
);
2266 memcpy(keys
, ctx
->internal
->tlsext_tick_key_name
, 16);
2267 memcpy(keys
+ 16, ctx
->internal
->tlsext_tick_hmac_key
, 16);
2268 memcpy(keys
+ 32, ctx
->internal
->tlsext_tick_aes_key
, 16);
2274 _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX
*ctx
, unsigned char *keys
, int keys_len
)
2279 if (keys_len
!= 48) {
2280 SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH
);
2284 memcpy(ctx
->internal
->tlsext_tick_key_name
, keys
, 16);
2285 memcpy(ctx
->internal
->tlsext_tick_hmac_key
, keys
+ 16, 16);
2286 memcpy(ctx
->internal
->tlsext_tick_aes_key
, keys
+ 32, 16);
2292 _SSL_CTX_get_tlsext_status_arg(SSL_CTX
*ctx
, void **arg
)
2294 *arg
= ctx
->internal
->tlsext_status_arg
;
2299 _SSL_CTX_set_tlsext_status_arg(SSL_CTX
*ctx
, void *arg
)
2301 ctx
->internal
->tlsext_status_arg
= arg
;
2306 SSL_CTX_set0_chain(SSL_CTX
*ctx
, STACK_OF(X509
) *chain
)
2308 return ssl_cert_set0_chain(ctx
, NULL
, chain
);
2312 SSL_CTX_set1_chain(SSL_CTX
*ctx
, STACK_OF(X509
) *chain
)
2314 return ssl_cert_set1_chain(ctx
, NULL
, chain
);
2318 SSL_CTX_add0_chain_cert(SSL_CTX
*ctx
, X509
*x509
)
2320 return ssl_cert_add0_chain_cert(ctx
, NULL
, x509
);
2324 SSL_CTX_add1_chain_cert(SSL_CTX
*ctx
, X509
*x509
)
2326 return ssl_cert_add1_chain_cert(ctx
, NULL
, x509
);
2330 SSL_CTX_get0_chain_certs(const SSL_CTX
*ctx
, STACK_OF(X509
) **out_chain
)
2334 if (ctx
->internal
->cert
->key
!= NULL
)
2335 *out_chain
= ctx
->internal
->cert
->key
->chain
;
2341 SSL_CTX_clear_chain_certs(SSL_CTX
*ctx
)
2343 return ssl_cert_set0_chain(ctx
, NULL
, NULL
);
2347 _SSL_CTX_add_extra_chain_cert(SSL_CTX
*ctx
, X509
*cert
)
2349 if (ctx
->extra_certs
== NULL
) {
2350 if ((ctx
->extra_certs
= sk_X509_new_null()) == NULL
)
2353 if (sk_X509_push(ctx
->extra_certs
, cert
) == 0)
2360 _SSL_CTX_get_extra_chain_certs(SSL_CTX
*ctx
, STACK_OF(X509
) **certs
)
2362 *certs
= ctx
->extra_certs
;
2364 *certs
= ctx
->internal
->cert
->key
->chain
;
2370 _SSL_CTX_get_extra_chain_certs_only(SSL_CTX
*ctx
, STACK_OF(X509
) **certs
)
2372 *certs
= ctx
->extra_certs
;
2377 _SSL_CTX_clear_extra_chain_certs(SSL_CTX
*ctx
)
2379 sk_X509_pop_free(ctx
->extra_certs
, X509_free
);
2380 ctx
->extra_certs
= NULL
;
2385 SSL_CTX_set1_groups(SSL_CTX
*ctx
, const int *groups
, size_t groups_len
)
2387 return tls1_set_groups(&ctx
->internal
->tlsext_supportedgroups
,
2388 &ctx
->internal
->tlsext_supportedgroups_length
, groups
, groups_len
);
2392 SSL_CTX_set1_groups_list(SSL_CTX
*ctx
, const char *groups
)
2394 return tls1_set_group_list(&ctx
->internal
->tlsext_supportedgroups
,
2395 &ctx
->internal
->tlsext_supportedgroups_length
, groups
);
2399 ssl3_ctx_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
2402 case SSL_CTRL_SET_TMP_DH
:
2403 return _SSL_CTX_set_tmp_dh(ctx
, parg
);
2405 case SSL_CTRL_SET_TMP_DH_CB
:
2406 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2409 case SSL_CTRL_SET_DH_AUTO
:
2410 return _SSL_CTX_set_dh_auto(ctx
, larg
);
2412 case SSL_CTRL_SET_TMP_ECDH
:
2413 return _SSL_CTX_set_tmp_ecdh(ctx
, parg
);
2415 case SSL_CTRL_SET_TMP_ECDH_CB
:
2416 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2419 case SSL_CTRL_SET_ECDH_AUTO
:
2420 return _SSL_CTX_set_ecdh_auto(ctx
, larg
);
2422 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
:
2423 return _SSL_CTX_set_tlsext_servername_arg(ctx
, parg
);
2425 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS
:
2426 return _SSL_CTX_get_tlsext_ticket_keys(ctx
, parg
, larg
);
2428 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS
:
2429 return _SSL_CTX_set_tlsext_ticket_keys(ctx
, parg
, larg
);
2431 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
:
2432 return _SSL_CTX_get_tlsext_status_arg(ctx
, parg
);
2434 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG
:
2435 return _SSL_CTX_set_tlsext_status_arg(ctx
, parg
);
2437 case SSL_CTRL_CHAIN
:
2439 return SSL_CTX_set0_chain(ctx
, (STACK_OF(X509
) *)parg
);
2441 return SSL_CTX_set1_chain(ctx
, (STACK_OF(X509
) *)parg
);
2443 case SSL_CTRL_CHAIN_CERT
:
2445 return SSL_CTX_add0_chain_cert(ctx
, (X509
*)parg
);
2447 return SSL_CTX_add1_chain_cert(ctx
, (X509
*)parg
);
2449 case SSL_CTRL_GET_CHAIN_CERTS
:
2450 return SSL_CTX_get0_chain_certs(ctx
, (STACK_OF(X509
) **)parg
);
2452 case SSL_CTRL_EXTRA_CHAIN_CERT
:
2453 return _SSL_CTX_add_extra_chain_cert(ctx
, parg
);
2455 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS
:
2457 return _SSL_CTX_get_extra_chain_certs(ctx
, parg
);
2459 return _SSL_CTX_get_extra_chain_certs_only(ctx
, parg
);
2461 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS
:
2462 return _SSL_CTX_clear_extra_chain_certs(ctx
);
2464 case SSL_CTRL_SET_GROUPS
:
2465 return SSL_CTX_set1_groups(ctx
, parg
, larg
);
2467 case SSL_CTRL_SET_GROUPS_LIST
:
2468 return SSL_CTX_set1_groups_list(ctx
, parg
);
2470 case SSL_CTRL_GET_MIN_PROTO_VERSION
:
2471 return SSL_CTX_get_min_proto_version(ctx
);
2473 case SSL_CTRL_GET_MAX_PROTO_VERSION
:
2474 return SSL_CTX_get_max_proto_version(ctx
);
2476 case SSL_CTRL_SET_MIN_PROTO_VERSION
:
2477 if (larg
< 0 || larg
> UINT16_MAX
)
2479 return SSL_CTX_set_min_proto_version(ctx
, larg
);
2481 case SSL_CTRL_SET_MAX_PROTO_VERSION
:
2482 if (larg
< 0 || larg
> UINT16_MAX
)
2484 return SSL_CTX_set_max_proto_version(ctx
, larg
);
2487 * Legacy controls that should eventually be removed.
2489 case SSL_CTRL_NEED_TMP_RSA
:
2492 case SSL_CTRL_SET_TMP_RSA
:
2493 case SSL_CTRL_SET_TMP_RSA_CB
:
2494 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2502 ssl3_ctx_callback_ctrl(SSL_CTX
*ctx
, int cmd
, void (*fp
)(void))
2505 case SSL_CTRL_SET_TMP_RSA_CB
:
2506 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2509 case SSL_CTRL_SET_TMP_DH_CB
:
2510 ctx
->internal
->cert
->dhe_params_cb
=
2511 (DH
*(*)(SSL
*, int, int))fp
;
2514 case SSL_CTRL_SET_TMP_ECDH_CB
:
2517 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
:
2518 ctx
->internal
->tlsext_servername_callback
=
2519 (int (*)(SSL
*, int *, void *))fp
;
2522 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
:
2523 *(int (**)(SSL
*, void *))fp
= ctx
->internal
->tlsext_status_cb
;
2526 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
:
2527 ctx
->internal
->tlsext_status_cb
= (int (*)(SSL
*, void *))fp
;
2530 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
:
2531 ctx
->internal
->tlsext_ticket_key_cb
= (int (*)(SSL
*, unsigned char *,
2532 unsigned char *, EVP_CIPHER_CTX
*, HMAC_CTX
*, int))fp
;
2540 ssl3_choose_cipher(SSL
*s
, STACK_OF(SSL_CIPHER
) *clnt
,
2541 STACK_OF(SSL_CIPHER
) *srvr
)
2543 unsigned long alg_k
, alg_a
, mask_k
, mask_a
;
2544 STACK_OF(SSL_CIPHER
) *prio
, *allow
;
2545 SSL_CIPHER
*c
, *ret
= NULL
;
2550 /* Let's see which ciphers we can support */
2553 can_use_ecc
= tls1_get_supported_group(s
, &nid
);
2556 * Do not set the compare functions, because this may lead to a
2557 * reordering by "id". We want to keep the original ordering.
2558 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2559 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2562 if (s
->internal
->options
& SSL_OP_CIPHER_SERVER_PREFERENCE
) {
2570 for (i
= 0; i
< sk_SSL_CIPHER_num(prio
); i
++) {
2571 c
= sk_SSL_CIPHER_value(prio
, i
);
2573 /* Skip TLS v1.2 only ciphersuites if not supported. */
2574 if ((c
->algorithm_ssl
& SSL_TLSV1_2
) &&
2575 !SSL_USE_TLS1_2_CIPHERS(s
))
2578 /* Skip TLS v1.3 only ciphersuites if not supported. */
2579 if ((c
->algorithm_ssl
& SSL_TLSV1_3
) &&
2580 !SSL_USE_TLS1_3_CIPHERS(s
))
2583 /* If TLS v1.3, only allow TLS v1.3 ciphersuites. */
2584 if (SSL_USE_TLS1_3_CIPHERS(s
) &&
2585 !(c
->algorithm_ssl
& SSL_TLSV1_3
))
2588 if (!ssl_security_shared_cipher(s
, c
))
2591 ssl_set_cert_masks(cert
, c
);
2592 mask_k
= cert
->mask_k
;
2593 mask_a
= cert
->mask_a
;
2595 alg_k
= c
->algorithm_mkey
;
2596 alg_a
= c
->algorithm_auth
;
2598 ok
= (alg_k
& mask_k
) && (alg_a
& mask_a
);
2601 * If we are considering an ECC cipher suite that uses our
2602 * certificate check it.
2604 if (alg_a
& SSL_aECDSA
)
2605 ok
= ok
&& tls1_check_ec_server_key(s
);
2607 * If we are considering an ECC cipher suite that uses
2608 * an ephemeral EC key check it.
2610 if (alg_k
& SSL_kECDHE
)
2611 ok
= ok
&& can_use_ecc
;
2615 ii
= sk_SSL_CIPHER_find(allow
, c
);
2617 ret
= sk_SSL_CIPHER_value(allow
, ii
);
2625 ssl3_get_req_cert_types(SSL
*s
, CBB
*cbb
)
2627 unsigned long alg_k
;
2629 alg_k
= s
->s3
->hs
.cipher
->algorithm_mkey
;
2631 #ifndef OPENSSL_NO_GOST
2632 if ((alg_k
& SSL_kGOST
) != 0) {
2633 if (!CBB_add_u8(cbb
, TLS_CT_GOST01_SIGN
))
2635 if (!CBB_add_u8(cbb
, TLS_CT_GOST12_256_SIGN
))
2637 if (!CBB_add_u8(cbb
, TLS_CT_GOST12_512_SIGN
))
2639 if (!CBB_add_u8(cbb
, TLS_CT_GOST12_256_SIGN_COMPAT
))
2641 if (!CBB_add_u8(cbb
, TLS_CT_GOST12_512_SIGN_COMPAT
))
2646 if ((alg_k
& SSL_kDHE
) != 0) {
2647 if (!CBB_add_u8(cbb
, SSL3_CT_RSA_FIXED_DH
))
2651 if (!CBB_add_u8(cbb
, SSL3_CT_RSA_SIGN
))
2655 * ECDSA certs can be used with RSA cipher suites as well
2656 * so we don't need to check for SSL_kECDH or SSL_kECDHE.
2658 if (!CBB_add_u8(cbb
, TLS_CT_ECDSA_SIGN
))
2665 ssl3_shutdown(SSL
*s
)
2670 * Don't do anything much if we have not done the handshake or
2671 * we don't want to send messages :-)
2673 if ((s
->internal
->quiet_shutdown
) || (s
->s3
->hs
.state
== SSL_ST_BEFORE
)) {
2674 s
->internal
->shutdown
= (SSL_SENT_SHUTDOWN
|SSL_RECEIVED_SHUTDOWN
);
2678 if (!(s
->internal
->shutdown
& SSL_SENT_SHUTDOWN
)) {
2679 s
->internal
->shutdown
|=SSL_SENT_SHUTDOWN
;
2680 ssl3_send_alert(s
, SSL3_AL_WARNING
, SSL_AD_CLOSE_NOTIFY
);
2682 * Our shutdown alert has been sent now, and if it still needs
2683 * to be written, s->s3->alert_dispatch will be true
2685 if (s
->s3
->alert_dispatch
)
2686 return (-1); /* return WANT_WRITE */
2687 } else if (s
->s3
->alert_dispatch
) {
2688 /* resend it if not sent */
2689 ret
= ssl3_dispatch_alert(s
);
2692 * We only get to return -1 here the 2nd/Nth
2693 * invocation, we must have already signalled
2694 * return 0 upon a previous invoation,
2699 } else if (!(s
->internal
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
2700 /* If we are waiting for a close from our peer, we are closed */
2701 s
->method
->ssl_read_bytes(s
, 0, NULL
, 0, 0);
2702 if (!(s
->internal
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
2703 return (-1); /* return WANT_READ */
2707 if ((s
->internal
->shutdown
== (SSL_SENT_SHUTDOWN
|SSL_RECEIVED_SHUTDOWN
)) &&
2708 !s
->s3
->alert_dispatch
)
2715 ssl3_write(SSL
*s
, const void *buf
, int len
)
2719 if (s
->s3
->renegotiate
)
2720 ssl3_renegotiate_check(s
);
2722 return s
->method
->ssl_write_bytes(s
, SSL3_RT_APPLICATION_DATA
,
2727 ssl3_read_internal(SSL
*s
, void *buf
, int len
, int peek
)
2732 if (s
->s3
->renegotiate
)
2733 ssl3_renegotiate_check(s
);
2734 s
->s3
->in_read_app_data
= 1;
2736 ret
= s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
, buf
, len
,
2738 if ((ret
== -1) && (s
->s3
->in_read_app_data
== 2)) {
2740 * ssl3_read_bytes decided to call s->internal->handshake_func,
2741 * which called ssl3_read_bytes to read handshake data.
2742 * However, ssl3_read_bytes actually found application data
2743 * and thinks that application data makes sense here; so disable
2744 * handshake processing and try to read application data again.
2746 s
->internal
->in_handshake
++;
2747 ret
= s
->method
->ssl_read_bytes(s
, SSL3_RT_APPLICATION_DATA
,
2749 s
->internal
->in_handshake
--;
2751 s
->s3
->in_read_app_data
= 0;
2757 ssl3_read(SSL
*s
, void *buf
, int len
)
2759 return ssl3_read_internal(s
, buf
, len
, 0);
2763 ssl3_peek(SSL
*s
, void *buf
, int len
)
2765 return ssl3_read_internal(s
, buf
, len
, 1);
2769 ssl3_renegotiate(SSL
*s
)
2771 if (s
->internal
->handshake_func
== NULL
)
2774 if (s
->s3
->flags
& SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
)
2777 s
->s3
->renegotiate
= 1;
2783 ssl3_renegotiate_check(SSL
*s
)
2785 if (!s
->s3
->renegotiate
)
2787 if (SSL_in_init(s
) || s
->s3
->rbuf
.left
!= 0 || s
->s3
->wbuf
.left
!= 0)
2790 s
->s3
->hs
.state
= SSL_ST_RENEGOTIATE
;
2791 s
->s3
->renegotiate
= 0;
2792 s
->s3
->num_renegotiations
++;
2793 s
->s3
->total_renegotiations
++;