1 /* $OpenBSD: s3_lib.c,v 1.165 2018/03/15 12:27:00 jca Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
124 /* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
154 #include <openssl/bn.h>
155 #include <openssl/curve25519.h>
156 #include <openssl/dh.h>
157 #include <openssl/md5.h>
158 #include <openssl/objects.h>
160 #include "ssl_locl.h"
161 #include "bytestring.h"
163 #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
166 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the
167 * fixed nonce length in algorithms2. It is the inverse of the
168 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.
170 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
172 /* list of available SSLv3 ciphers (sorted by id) */
173 SSL_CIPHER ssl3_ciphers
[] = {
175 /* The RSA ciphers */
179 .name
= SSL3_TXT_RSA_NULL_MD5
,
180 .id
= SSL3_CK_RSA_NULL_MD5
,
181 .algorithm_mkey
= SSL_kRSA
,
182 .algorithm_auth
= SSL_aRSA
,
183 .algorithm_enc
= SSL_eNULL
,
184 .algorithm_mac
= SSL_MD5
,
185 .algorithm_ssl
= SSL_SSLV3
,
186 .algo_strength
= SSL_STRONG_NONE
,
187 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
195 .name
= SSL3_TXT_RSA_NULL_SHA
,
196 .id
= SSL3_CK_RSA_NULL_SHA
,
197 .algorithm_mkey
= SSL_kRSA
,
198 .algorithm_auth
= SSL_aRSA
,
199 .algorithm_enc
= SSL_eNULL
,
200 .algorithm_mac
= SSL_SHA1
,
201 .algorithm_ssl
= SSL_SSLV3
,
202 .algo_strength
= SSL_STRONG_NONE
,
203 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
211 .name
= SSL3_TXT_RSA_RC4_128_MD5
,
212 .id
= SSL3_CK_RSA_RC4_128_MD5
,
213 .algorithm_mkey
= SSL_kRSA
,
214 .algorithm_auth
= SSL_aRSA
,
215 .algorithm_enc
= SSL_RC4
,
216 .algorithm_mac
= SSL_MD5
,
217 .algorithm_ssl
= SSL_SSLV3
,
218 .algo_strength
= SSL_LOW
,
219 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
220 .strength_bits
= 128,
227 .name
= SSL3_TXT_RSA_RC4_128_SHA
,
228 .id
= SSL3_CK_RSA_RC4_128_SHA
,
229 .algorithm_mkey
= SSL_kRSA
,
230 .algorithm_auth
= SSL_aRSA
,
231 .algorithm_enc
= SSL_RC4
,
232 .algorithm_mac
= SSL_SHA1
,
233 .algorithm_ssl
= SSL_SSLV3
,
234 .algo_strength
= SSL_LOW
,
235 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
236 .strength_bits
= 128,
243 .name
= SSL3_TXT_RSA_DES_64_CBC_SHA
,
244 .id
= SSL3_CK_RSA_DES_64_CBC_SHA
,
245 .algorithm_mkey
= SSL_kRSA
,
246 .algorithm_auth
= SSL_aRSA
,
247 .algorithm_enc
= SSL_DES
,
248 .algorithm_mac
= SSL_SHA1
,
249 .algorithm_ssl
= SSL_SSLV3
,
250 .algo_strength
= SSL_LOW
,
251 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
259 .name
= SSL3_TXT_RSA_DES_192_CBC3_SHA
,
260 .id
= SSL3_CK_RSA_DES_192_CBC3_SHA
,
261 .algorithm_mkey
= SSL_kRSA
,
262 .algorithm_auth
= SSL_aRSA
,
263 .algorithm_enc
= SSL_3DES
,
264 .algorithm_mac
= SSL_SHA1
,
265 .algorithm_ssl
= SSL_SSLV3
,
266 .algo_strength
= SSL_MEDIUM
,
267 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
268 .strength_bits
= 112,
273 * Ephemeral DH (DHE) ciphers.
279 .name
= SSL3_TXT_EDH_RSA_DES_64_CBC_SHA
,
280 .id
= SSL3_CK_EDH_RSA_DES_64_CBC_SHA
,
281 .algorithm_mkey
= SSL_kDHE
,
282 .algorithm_auth
= SSL_aRSA
,
283 .algorithm_enc
= SSL_DES
,
284 .algorithm_mac
= SSL_SHA1
,
285 .algorithm_ssl
= SSL_SSLV3
,
286 .algo_strength
= SSL_LOW
,
287 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
295 .name
= SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
,
296 .id
= SSL3_CK_EDH_RSA_DES_192_CBC3_SHA
,
297 .algorithm_mkey
= SSL_kDHE
,
298 .algorithm_auth
= SSL_aRSA
,
299 .algorithm_enc
= SSL_3DES
,
300 .algorithm_mac
= SSL_SHA1
,
301 .algorithm_ssl
= SSL_SSLV3
,
302 .algo_strength
= SSL_MEDIUM
,
303 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
304 .strength_bits
= 112,
311 .name
= SSL3_TXT_ADH_RC4_128_MD5
,
312 .id
= SSL3_CK_ADH_RC4_128_MD5
,
313 .algorithm_mkey
= SSL_kDHE
,
314 .algorithm_auth
= SSL_aNULL
,
315 .algorithm_enc
= SSL_RC4
,
316 .algorithm_mac
= SSL_MD5
,
317 .algorithm_ssl
= SSL_SSLV3
,
318 .algo_strength
= SSL_LOW
,
319 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
320 .strength_bits
= 128,
327 .name
= SSL3_TXT_ADH_DES_64_CBC_SHA
,
328 .id
= SSL3_CK_ADH_DES_64_CBC_SHA
,
329 .algorithm_mkey
= SSL_kDHE
,
330 .algorithm_auth
= SSL_aNULL
,
331 .algorithm_enc
= SSL_DES
,
332 .algorithm_mac
= SSL_SHA1
,
333 .algorithm_ssl
= SSL_SSLV3
,
334 .algo_strength
= SSL_LOW
,
335 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
343 .name
= SSL3_TXT_ADH_DES_192_CBC_SHA
,
344 .id
= SSL3_CK_ADH_DES_192_CBC_SHA
,
345 .algorithm_mkey
= SSL_kDHE
,
346 .algorithm_auth
= SSL_aNULL
,
347 .algorithm_enc
= SSL_3DES
,
348 .algorithm_mac
= SSL_SHA1
,
349 .algorithm_ssl
= SSL_SSLV3
,
350 .algo_strength
= SSL_MEDIUM
,
351 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
352 .strength_bits
= 112,
363 .name
= TLS1_TXT_RSA_WITH_AES_128_SHA
,
364 .id
= TLS1_CK_RSA_WITH_AES_128_SHA
,
365 .algorithm_mkey
= SSL_kRSA
,
366 .algorithm_auth
= SSL_aRSA
,
367 .algorithm_enc
= SSL_AES128
,
368 .algorithm_mac
= SSL_SHA1
,
369 .algorithm_ssl
= SSL_TLSV1
,
370 .algo_strength
= SSL_HIGH
,
371 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
372 .strength_bits
= 128,
379 .name
= TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
,
380 .id
= TLS1_CK_DHE_RSA_WITH_AES_128_SHA
,
381 .algorithm_mkey
= SSL_kDHE
,
382 .algorithm_auth
= SSL_aRSA
,
383 .algorithm_enc
= SSL_AES128
,
384 .algorithm_mac
= SSL_SHA1
,
385 .algorithm_ssl
= SSL_TLSV1
,
386 .algo_strength
= SSL_HIGH
,
387 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
388 .strength_bits
= 128,
395 .name
= TLS1_TXT_ADH_WITH_AES_128_SHA
,
396 .id
= TLS1_CK_ADH_WITH_AES_128_SHA
,
397 .algorithm_mkey
= SSL_kDHE
,
398 .algorithm_auth
= SSL_aNULL
,
399 .algorithm_enc
= SSL_AES128
,
400 .algorithm_mac
= SSL_SHA1
,
401 .algorithm_ssl
= SSL_TLSV1
,
402 .algo_strength
= SSL_HIGH
,
403 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
404 .strength_bits
= 128,
411 .name
= TLS1_TXT_RSA_WITH_AES_256_SHA
,
412 .id
= TLS1_CK_RSA_WITH_AES_256_SHA
,
413 .algorithm_mkey
= SSL_kRSA
,
414 .algorithm_auth
= SSL_aRSA
,
415 .algorithm_enc
= SSL_AES256
,
416 .algorithm_mac
= SSL_SHA1
,
417 .algorithm_ssl
= SSL_TLSV1
,
418 .algo_strength
= SSL_HIGH
,
419 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
420 .strength_bits
= 256,
427 .name
= TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
,
428 .id
= TLS1_CK_DHE_RSA_WITH_AES_256_SHA
,
429 .algorithm_mkey
= SSL_kDHE
,
430 .algorithm_auth
= SSL_aRSA
,
431 .algorithm_enc
= SSL_AES256
,
432 .algorithm_mac
= SSL_SHA1
,
433 .algorithm_ssl
= SSL_TLSV1
,
434 .algo_strength
= SSL_HIGH
,
435 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
436 .strength_bits
= 256,
443 .name
= TLS1_TXT_ADH_WITH_AES_256_SHA
,
444 .id
= TLS1_CK_ADH_WITH_AES_256_SHA
,
445 .algorithm_mkey
= SSL_kDHE
,
446 .algorithm_auth
= SSL_aNULL
,
447 .algorithm_enc
= SSL_AES256
,
448 .algorithm_mac
= SSL_SHA1
,
449 .algorithm_ssl
= SSL_TLSV1
,
450 .algo_strength
= SSL_HIGH
,
451 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
452 .strength_bits
= 256,
456 /* TLS v1.2 ciphersuites */
460 .name
= TLS1_TXT_RSA_WITH_NULL_SHA256
,
461 .id
= TLS1_CK_RSA_WITH_NULL_SHA256
,
462 .algorithm_mkey
= SSL_kRSA
,
463 .algorithm_auth
= SSL_aRSA
,
464 .algorithm_enc
= SSL_eNULL
,
465 .algorithm_mac
= SSL_SHA256
,
466 .algorithm_ssl
= SSL_TLSV1_2
,
467 .algo_strength
= SSL_STRONG_NONE
,
468 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
476 .name
= TLS1_TXT_RSA_WITH_AES_128_SHA256
,
477 .id
= TLS1_CK_RSA_WITH_AES_128_SHA256
,
478 .algorithm_mkey
= SSL_kRSA
,
479 .algorithm_auth
= SSL_aRSA
,
480 .algorithm_enc
= SSL_AES128
,
481 .algorithm_mac
= SSL_SHA256
,
482 .algorithm_ssl
= SSL_TLSV1_2
,
483 .algo_strength
= SSL_HIGH
,
484 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
485 .strength_bits
= 128,
492 .name
= TLS1_TXT_RSA_WITH_AES_256_SHA256
,
493 .id
= TLS1_CK_RSA_WITH_AES_256_SHA256
,
494 .algorithm_mkey
= SSL_kRSA
,
495 .algorithm_auth
= SSL_aRSA
,
496 .algorithm_enc
= SSL_AES256
,
497 .algorithm_mac
= SSL_SHA256
,
498 .algorithm_ssl
= SSL_TLSV1_2
,
499 .algo_strength
= SSL_HIGH
,
500 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
501 .strength_bits
= 256,
505 #ifndef OPENSSL_NO_CAMELLIA
506 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
511 .name
= TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA
,
512 .id
= TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA
,
513 .algorithm_mkey
= SSL_kRSA
,
514 .algorithm_auth
= SSL_aRSA
,
515 .algorithm_enc
= SSL_CAMELLIA128
,
516 .algorithm_mac
= SSL_SHA1
,
517 .algorithm_ssl
= SSL_TLSV1
,
518 .algo_strength
= SSL_HIGH
,
519 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
520 .strength_bits
= 128,
527 .name
= TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
528 .id
= TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
,
529 .algorithm_mkey
= SSL_kDHE
,
530 .algorithm_auth
= SSL_aRSA
,
531 .algorithm_enc
= SSL_CAMELLIA128
,
532 .algorithm_mac
= SSL_SHA1
,
533 .algorithm_ssl
= SSL_TLSV1
,
534 .algo_strength
= SSL_HIGH
,
535 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
536 .strength_bits
= 128,
543 .name
= TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA
,
544 .id
= TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA
,
545 .algorithm_mkey
= SSL_kDHE
,
546 .algorithm_auth
= SSL_aNULL
,
547 .algorithm_enc
= SSL_CAMELLIA128
,
548 .algorithm_mac
= SSL_SHA1
,
549 .algorithm_ssl
= SSL_TLSV1
,
550 .algo_strength
= SSL_HIGH
,
551 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
552 .strength_bits
= 128,
555 #endif /* OPENSSL_NO_CAMELLIA */
557 /* TLS v1.2 ciphersuites */
561 .name
= TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
,
562 .id
= TLS1_CK_DHE_RSA_WITH_AES_128_SHA256
,
563 .algorithm_mkey
= SSL_kDHE
,
564 .algorithm_auth
= SSL_aRSA
,
565 .algorithm_enc
= SSL_AES128
,
566 .algorithm_mac
= SSL_SHA256
,
567 .algorithm_ssl
= SSL_TLSV1_2
,
568 .algo_strength
= SSL_HIGH
,
569 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
570 .strength_bits
= 128,
577 .name
= TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
,
578 .id
= TLS1_CK_DHE_RSA_WITH_AES_256_SHA256
,
579 .algorithm_mkey
= SSL_kDHE
,
580 .algorithm_auth
= SSL_aRSA
,
581 .algorithm_enc
= SSL_AES256
,
582 .algorithm_mac
= SSL_SHA256
,
583 .algorithm_ssl
= SSL_TLSV1_2
,
584 .algo_strength
= SSL_HIGH
,
585 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
586 .strength_bits
= 256,
593 .name
= TLS1_TXT_ADH_WITH_AES_128_SHA256
,
594 .id
= TLS1_CK_ADH_WITH_AES_128_SHA256
,
595 .algorithm_mkey
= SSL_kDHE
,
596 .algorithm_auth
= SSL_aNULL
,
597 .algorithm_enc
= SSL_AES128
,
598 .algorithm_mac
= SSL_SHA256
,
599 .algorithm_ssl
= SSL_TLSV1_2
,
600 .algo_strength
= SSL_HIGH
,
601 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
602 .strength_bits
= 128,
609 .name
= TLS1_TXT_ADH_WITH_AES_256_SHA256
,
610 .id
= TLS1_CK_ADH_WITH_AES_256_SHA256
,
611 .algorithm_mkey
= SSL_kDHE
,
612 .algorithm_auth
= SSL_aNULL
,
613 .algorithm_enc
= SSL_AES256
,
614 .algorithm_mac
= SSL_SHA256
,
615 .algorithm_ssl
= SSL_TLSV1_2
,
616 .algo_strength
= SSL_HIGH
,
617 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
618 .strength_bits
= 256,
622 /* GOST Ciphersuites */
627 .name
= "GOST2001-GOST89-GOST89",
629 .algorithm_mkey
= SSL_kGOST
,
630 .algorithm_auth
= SSL_aGOST01
,
631 .algorithm_enc
= SSL_eGOST2814789CNT
,
632 .algorithm_mac
= SSL_GOST89MAC
,
633 .algorithm_ssl
= SSL_TLSV1
,
634 .algo_strength
= SSL_HIGH
,
635 .algorithm2
= SSL_HANDSHAKE_MAC_GOST94
|TLS1_PRF_GOST94
|
637 .strength_bits
= 256,
644 .name
= "GOST2001-NULL-GOST94",
646 .algorithm_mkey
= SSL_kGOST
,
647 .algorithm_auth
= SSL_aGOST01
,
648 .algorithm_enc
= SSL_eNULL
,
649 .algorithm_mac
= SSL_GOST94
,
650 .algorithm_ssl
= SSL_TLSV1
,
651 .algo_strength
= SSL_STRONG_NONE
,
652 .algorithm2
= SSL_HANDSHAKE_MAC_GOST94
|TLS1_PRF_GOST94
,
657 #ifndef OPENSSL_NO_CAMELLIA
658 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
663 .name
= TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA
,
664 .id
= TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA
,
665 .algorithm_mkey
= SSL_kRSA
,
666 .algorithm_auth
= SSL_aRSA
,
667 .algorithm_enc
= SSL_CAMELLIA256
,
668 .algorithm_mac
= SSL_SHA1
,
669 .algorithm_ssl
= SSL_TLSV1
,
670 .algo_strength
= SSL_HIGH
,
671 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
672 .strength_bits
= 256,
679 .name
= TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
680 .id
= TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
,
681 .algorithm_mkey
= SSL_kDHE
,
682 .algorithm_auth
= SSL_aRSA
,
683 .algorithm_enc
= SSL_CAMELLIA256
,
684 .algorithm_mac
= SSL_SHA1
,
685 .algorithm_ssl
= SSL_TLSV1
,
686 .algo_strength
= SSL_HIGH
,
687 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
688 .strength_bits
= 256,
695 .name
= TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA
,
696 .id
= TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA
,
697 .algorithm_mkey
= SSL_kDHE
,
698 .algorithm_auth
= SSL_aNULL
,
699 .algorithm_enc
= SSL_CAMELLIA256
,
700 .algorithm_mac
= SSL_SHA1
,
701 .algorithm_ssl
= SSL_TLSV1
,
702 .algo_strength
= SSL_HIGH
,
703 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
704 .strength_bits
= 256,
707 #endif /* OPENSSL_NO_CAMELLIA */
710 * GCM ciphersuites from RFC5288.
716 .name
= TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256
,
717 .id
= TLS1_CK_RSA_WITH_AES_128_GCM_SHA256
,
718 .algorithm_mkey
= SSL_kRSA
,
719 .algorithm_auth
= SSL_aRSA
,
720 .algorithm_enc
= SSL_AES128GCM
,
721 .algorithm_mac
= SSL_AEAD
,
722 .algorithm_ssl
= SSL_TLSV1_2
,
723 .algo_strength
= SSL_HIGH
,
724 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
725 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
726 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
727 .strength_bits
= 128,
734 .name
= TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384
,
735 .id
= TLS1_CK_RSA_WITH_AES_256_GCM_SHA384
,
736 .algorithm_mkey
= SSL_kRSA
,
737 .algorithm_auth
= SSL_aRSA
,
738 .algorithm_enc
= SSL_AES256GCM
,
739 .algorithm_mac
= SSL_AEAD
,
740 .algorithm_ssl
= SSL_TLSV1_2
,
741 .algo_strength
= SSL_HIGH
,
742 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
743 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
744 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
745 .strength_bits
= 256,
752 .name
= TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
,
753 .id
= TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256
,
754 .algorithm_mkey
= SSL_kDHE
,
755 .algorithm_auth
= SSL_aRSA
,
756 .algorithm_enc
= SSL_AES128GCM
,
757 .algorithm_mac
= SSL_AEAD
,
758 .algorithm_ssl
= SSL_TLSV1_2
,
759 .algo_strength
= SSL_HIGH
,
760 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
761 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
762 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
763 .strength_bits
= 128,
770 .name
= TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
,
771 .id
= TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384
,
772 .algorithm_mkey
= SSL_kDHE
,
773 .algorithm_auth
= SSL_aRSA
,
774 .algorithm_enc
= SSL_AES256GCM
,
775 .algorithm_mac
= SSL_AEAD
,
776 .algorithm_ssl
= SSL_TLSV1_2
,
777 .algo_strength
= SSL_HIGH
,
778 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
779 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
780 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
781 .strength_bits
= 256,
788 .name
= TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256
,
789 .id
= TLS1_CK_ADH_WITH_AES_128_GCM_SHA256
,
790 .algorithm_mkey
= SSL_kDHE
,
791 .algorithm_auth
= SSL_aNULL
,
792 .algorithm_enc
= SSL_AES128GCM
,
793 .algorithm_mac
= SSL_AEAD
,
794 .algorithm_ssl
= SSL_TLSV1_2
,
795 .algo_strength
= SSL_HIGH
,
796 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
797 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
798 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
799 .strength_bits
= 128,
806 .name
= TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384
,
807 .id
= TLS1_CK_ADH_WITH_AES_256_GCM_SHA384
,
808 .algorithm_mkey
= SSL_kDHE
,
809 .algorithm_auth
= SSL_aNULL
,
810 .algorithm_enc
= SSL_AES256GCM
,
811 .algorithm_mac
= SSL_AEAD
,
812 .algorithm_ssl
= SSL_TLSV1_2
,
813 .algo_strength
= SSL_HIGH
,
814 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
815 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
816 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
817 .strength_bits
= 256,
821 #ifndef OPENSSL_NO_CAMELLIA
822 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
827 .name
= TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
828 .id
= TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
829 .algorithm_mkey
= SSL_kRSA
,
830 .algorithm_auth
= SSL_aRSA
,
831 .algorithm_enc
= SSL_CAMELLIA128
,
832 .algorithm_mac
= SSL_SHA256
,
833 .algorithm_ssl
= SSL_TLSV1_2
,
834 .algo_strength
= SSL_HIGH
,
835 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
836 .strength_bits
= 128,
843 .name
= TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
844 .id
= TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
,
845 .algorithm_mkey
= SSL_kDHE
,
846 .algorithm_auth
= SSL_aRSA
,
847 .algorithm_enc
= SSL_CAMELLIA128
,
848 .algorithm_mac
= SSL_SHA256
,
849 .algorithm_ssl
= SSL_TLSV1_2
,
850 .algo_strength
= SSL_HIGH
,
851 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
852 .strength_bits
= 128,
859 .name
= TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
860 .id
= TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256
,
861 .algorithm_mkey
= SSL_kDHE
,
862 .algorithm_auth
= SSL_aNULL
,
863 .algorithm_enc
= SSL_CAMELLIA128
,
864 .algorithm_mac
= SSL_SHA256
,
865 .algorithm_ssl
= SSL_TLSV1_2
,
866 .algo_strength
= SSL_HIGH
,
867 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
868 .strength_bits
= 128,
875 .name
= TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
876 .id
= TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
877 .algorithm_mkey
= SSL_kRSA
,
878 .algorithm_auth
= SSL_aRSA
,
879 .algorithm_enc
= SSL_CAMELLIA256
,
880 .algorithm_mac
= SSL_SHA256
,
881 .algorithm_ssl
= SSL_TLSV1_2
,
882 .algo_strength
= SSL_HIGH
,
883 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
884 .strength_bits
= 256,
891 .name
= TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
892 .id
= TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
,
893 .algorithm_mkey
= SSL_kDHE
,
894 .algorithm_auth
= SSL_aRSA
,
895 .algorithm_enc
= SSL_CAMELLIA256
,
896 .algorithm_mac
= SSL_SHA256
,
897 .algorithm_ssl
= SSL_TLSV1_2
,
898 .algo_strength
= SSL_HIGH
,
899 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
900 .strength_bits
= 256,
907 .name
= TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
908 .id
= TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256
,
909 .algorithm_mkey
= SSL_kDHE
,
910 .algorithm_auth
= SSL_aNULL
,
911 .algorithm_enc
= SSL_CAMELLIA256
,
912 .algorithm_mac
= SSL_SHA256
,
913 .algorithm_ssl
= SSL_TLSV1_2
,
914 .algo_strength
= SSL_HIGH
,
915 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
916 .strength_bits
= 256,
919 #endif /* OPENSSL_NO_CAMELLIA */
924 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA
,
925 .id
= TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA
,
926 .algorithm_mkey
= SSL_kECDHE
,
927 .algorithm_auth
= SSL_aECDSA
,
928 .algorithm_enc
= SSL_eNULL
,
929 .algorithm_mac
= SSL_SHA1
,
930 .algorithm_ssl
= SSL_TLSV1
,
931 .algo_strength
= SSL_STRONG_NONE
,
932 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
940 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA
,
941 .id
= TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA
,
942 .algorithm_mkey
= SSL_kECDHE
,
943 .algorithm_auth
= SSL_aECDSA
,
944 .algorithm_enc
= SSL_RC4
,
945 .algorithm_mac
= SSL_SHA1
,
946 .algorithm_ssl
= SSL_TLSV1
,
947 .algo_strength
= SSL_LOW
,
948 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
949 .strength_bits
= 128,
956 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
957 .id
= TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA
,
958 .algorithm_mkey
= SSL_kECDHE
,
959 .algorithm_auth
= SSL_aECDSA
,
960 .algorithm_enc
= SSL_3DES
,
961 .algorithm_mac
= SSL_SHA1
,
962 .algorithm_ssl
= SSL_TLSV1
,
963 .algo_strength
= SSL_MEDIUM
,
964 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
965 .strength_bits
= 112,
972 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
973 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
974 .algorithm_mkey
= SSL_kECDHE
,
975 .algorithm_auth
= SSL_aECDSA
,
976 .algorithm_enc
= SSL_AES128
,
977 .algorithm_mac
= SSL_SHA1
,
978 .algorithm_ssl
= SSL_TLSV1
,
979 .algo_strength
= SSL_HIGH
,
980 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
981 .strength_bits
= 128,
988 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
989 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
990 .algorithm_mkey
= SSL_kECDHE
,
991 .algorithm_auth
= SSL_aECDSA
,
992 .algorithm_enc
= SSL_AES256
,
993 .algorithm_mac
= SSL_SHA1
,
994 .algorithm_ssl
= SSL_TLSV1
,
995 .algo_strength
= SSL_HIGH
,
996 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
997 .strength_bits
= 256,
1004 .name
= TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA
,
1005 .id
= TLS1_CK_ECDHE_RSA_WITH_NULL_SHA
,
1006 .algorithm_mkey
= SSL_kECDHE
,
1007 .algorithm_auth
= SSL_aRSA
,
1008 .algorithm_enc
= SSL_eNULL
,
1009 .algorithm_mac
= SSL_SHA1
,
1010 .algorithm_ssl
= SSL_TLSV1
,
1011 .algo_strength
= SSL_STRONG_NONE
,
1012 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1020 .name
= TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA
,
1021 .id
= TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA
,
1022 .algorithm_mkey
= SSL_kECDHE
,
1023 .algorithm_auth
= SSL_aRSA
,
1024 .algorithm_enc
= SSL_RC4
,
1025 .algorithm_mac
= SSL_SHA1
,
1026 .algorithm_ssl
= SSL_TLSV1
,
1027 .algo_strength
= SSL_LOW
,
1028 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1029 .strength_bits
= 128,
1036 .name
= TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1037 .id
= TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA
,
1038 .algorithm_mkey
= SSL_kECDHE
,
1039 .algorithm_auth
= SSL_aRSA
,
1040 .algorithm_enc
= SSL_3DES
,
1041 .algorithm_mac
= SSL_SHA1
,
1042 .algorithm_ssl
= SSL_TLSV1
,
1043 .algo_strength
= SSL_MEDIUM
,
1044 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1045 .strength_bits
= 112,
1052 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1053 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
1054 .algorithm_mkey
= SSL_kECDHE
,
1055 .algorithm_auth
= SSL_aRSA
,
1056 .algorithm_enc
= SSL_AES128
,
1057 .algorithm_mac
= SSL_SHA1
,
1058 .algorithm_ssl
= SSL_TLSV1
,
1059 .algo_strength
= SSL_HIGH
,
1060 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1061 .strength_bits
= 128,
1068 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1069 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
1070 .algorithm_mkey
= SSL_kECDHE
,
1071 .algorithm_auth
= SSL_aRSA
,
1072 .algorithm_enc
= SSL_AES256
,
1073 .algorithm_mac
= SSL_SHA1
,
1074 .algorithm_ssl
= SSL_TLSV1
,
1075 .algo_strength
= SSL_HIGH
,
1076 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1077 .strength_bits
= 256,
1084 .name
= TLS1_TXT_ECDH_anon_WITH_NULL_SHA
,
1085 .id
= TLS1_CK_ECDH_anon_WITH_NULL_SHA
,
1086 .algorithm_mkey
= SSL_kECDHE
,
1087 .algorithm_auth
= SSL_aNULL
,
1088 .algorithm_enc
= SSL_eNULL
,
1089 .algorithm_mac
= SSL_SHA1
,
1090 .algorithm_ssl
= SSL_TLSV1
,
1091 .algo_strength
= SSL_STRONG_NONE
,
1092 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1100 .name
= TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA
,
1101 .id
= TLS1_CK_ECDH_anon_WITH_RC4_128_SHA
,
1102 .algorithm_mkey
= SSL_kECDHE
,
1103 .algorithm_auth
= SSL_aNULL
,
1104 .algorithm_enc
= SSL_RC4
,
1105 .algorithm_mac
= SSL_SHA1
,
1106 .algorithm_ssl
= SSL_TLSV1
,
1107 .algo_strength
= SSL_LOW
,
1108 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1109 .strength_bits
= 128,
1116 .name
= TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1117 .id
= TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA
,
1118 .algorithm_mkey
= SSL_kECDHE
,
1119 .algorithm_auth
= SSL_aNULL
,
1120 .algorithm_enc
= SSL_3DES
,
1121 .algorithm_mac
= SSL_SHA1
,
1122 .algorithm_ssl
= SSL_TLSV1
,
1123 .algo_strength
= SSL_MEDIUM
,
1124 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1125 .strength_bits
= 112,
1132 .name
= TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA
,
1133 .id
= TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA
,
1134 .algorithm_mkey
= SSL_kECDHE
,
1135 .algorithm_auth
= SSL_aNULL
,
1136 .algorithm_enc
= SSL_AES128
,
1137 .algorithm_mac
= SSL_SHA1
,
1138 .algorithm_ssl
= SSL_TLSV1
,
1139 .algo_strength
= SSL_HIGH
,
1140 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1141 .strength_bits
= 128,
1148 .name
= TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA
,
1149 .id
= TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA
,
1150 .algorithm_mkey
= SSL_kECDHE
,
1151 .algorithm_auth
= SSL_aNULL
,
1152 .algorithm_enc
= SSL_AES256
,
1153 .algorithm_mac
= SSL_SHA1
,
1154 .algorithm_ssl
= SSL_TLSV1
,
1155 .algo_strength
= SSL_HIGH
,
1156 .algorithm2
= SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
,
1157 .strength_bits
= 256,
1162 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
1167 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1168 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256
,
1169 .algorithm_mkey
= SSL_kECDHE
,
1170 .algorithm_auth
= SSL_aECDSA
,
1171 .algorithm_enc
= SSL_AES128
,
1172 .algorithm_mac
= SSL_SHA256
,
1173 .algorithm_ssl
= SSL_TLSV1_2
,
1174 .algo_strength
= SSL_HIGH
,
1175 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
1176 .strength_bits
= 128,
1183 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1184 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384
,
1185 .algorithm_mkey
= SSL_kECDHE
,
1186 .algorithm_auth
= SSL_aECDSA
,
1187 .algorithm_enc
= SSL_AES256
,
1188 .algorithm_mac
= SSL_SHA384
,
1189 .algorithm_ssl
= SSL_TLSV1_2
,
1190 .algo_strength
= SSL_HIGH
,
1191 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
,
1192 .strength_bits
= 256,
1199 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256
,
1200 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256
,
1201 .algorithm_mkey
= SSL_kECDHE
,
1202 .algorithm_auth
= SSL_aRSA
,
1203 .algorithm_enc
= SSL_AES128
,
1204 .algorithm_mac
= SSL_SHA256
,
1205 .algorithm_ssl
= SSL_TLSV1_2
,
1206 .algo_strength
= SSL_HIGH
,
1207 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
,
1208 .strength_bits
= 128,
1215 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384
,
1216 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384
,
1217 .algorithm_mkey
= SSL_kECDHE
,
1218 .algorithm_auth
= SSL_aRSA
,
1219 .algorithm_enc
= SSL_AES256
,
1220 .algorithm_mac
= SSL_SHA384
,
1221 .algorithm_ssl
= SSL_TLSV1_2
,
1222 .algo_strength
= SSL_HIGH
,
1223 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
,
1224 .strength_bits
= 256,
1228 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
1233 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1234 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
1235 .algorithm_mkey
= SSL_kECDHE
,
1236 .algorithm_auth
= SSL_aECDSA
,
1237 .algorithm_enc
= SSL_AES128GCM
,
1238 .algorithm_mac
= SSL_AEAD
,
1239 .algorithm_ssl
= SSL_TLSV1_2
,
1240 .algo_strength
= SSL_HIGH
,
1241 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1242 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
1243 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
1244 .strength_bits
= 128,
1251 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1252 .id
= TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
1253 .algorithm_mkey
= SSL_kECDHE
,
1254 .algorithm_auth
= SSL_aECDSA
,
1255 .algorithm_enc
= SSL_AES256GCM
,
1256 .algorithm_mac
= SSL_AEAD
,
1257 .algorithm_ssl
= SSL_TLSV1_2
,
1258 .algo_strength
= SSL_HIGH
,
1259 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
1260 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
1261 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
1262 .strength_bits
= 256,
1269 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1270 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
1271 .algorithm_mkey
= SSL_kECDHE
,
1272 .algorithm_auth
= SSL_aRSA
,
1273 .algorithm_enc
= SSL_AES128GCM
,
1274 .algorithm_mac
= SSL_AEAD
,
1275 .algorithm_ssl
= SSL_TLSV1_2
,
1276 .algo_strength
= SSL_HIGH
,
1277 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1278 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
1279 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
1280 .strength_bits
= 128,
1287 .name
= TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1288 .id
= TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
1289 .algorithm_mkey
= SSL_kECDHE
,
1290 .algorithm_auth
= SSL_aRSA
,
1291 .algorithm_enc
= SSL_AES256GCM
,
1292 .algorithm_mac
= SSL_AEAD
,
1293 .algorithm_ssl
= SSL_TLSV1_2
,
1294 .algo_strength
= SSL_HIGH
,
1295 .algorithm2
= SSL_HANDSHAKE_MAC_SHA384
|TLS1_PRF_SHA384
|
1296 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(4)|
1297 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD
,
1298 .strength_bits
= 256,
1305 .name
= TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
1306 .id
= TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305
,
1307 .algorithm_mkey
= SSL_kECDHE
,
1308 .algorithm_auth
= SSL_aRSA
,
1309 .algorithm_enc
= SSL_CHACHA20POLY1305
,
1310 .algorithm_mac
= SSL_AEAD
,
1311 .algorithm_ssl
= SSL_TLSV1_2
,
1312 .algo_strength
= SSL_HIGH
,
1313 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1314 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(12),
1315 .strength_bits
= 256,
1322 .name
= TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
1323 .id
= TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305
,
1324 .algorithm_mkey
= SSL_kECDHE
,
1325 .algorithm_auth
= SSL_aECDSA
,
1326 .algorithm_enc
= SSL_CHACHA20POLY1305
,
1327 .algorithm_mac
= SSL_AEAD
,
1328 .algorithm_ssl
= SSL_TLSV1_2
,
1329 .algo_strength
= SSL_HIGH
,
1330 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1331 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(12),
1332 .strength_bits
= 256,
1339 .name
= TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305
,
1340 .id
= TLS1_CK_DHE_RSA_CHACHA20_POLY1305
,
1341 .algorithm_mkey
= SSL_kDHE
,
1342 .algorithm_auth
= SSL_aRSA
,
1343 .algorithm_enc
= SSL_CHACHA20POLY1305
,
1344 .algorithm_mac
= SSL_AEAD
,
1345 .algorithm_ssl
= SSL_TLSV1_2
,
1346 .algo_strength
= SSL_HIGH
,
1347 .algorithm2
= SSL_HANDSHAKE_MAC_SHA256
|TLS1_PRF_SHA256
|
1348 SSL_CIPHER_ALGORITHM2_AEAD
|FIXED_NONCE_LEN(12),
1349 .strength_bits
= 256,
1353 /* Cipher FF85 FIXME IANA */
1356 .name
= "GOST2012256-GOST89-GOST89",
1357 .id
= 0x300ff85, /* FIXME IANA */
1358 .algorithm_mkey
= SSL_kGOST
,
1359 .algorithm_auth
= SSL_aGOST01
,
1360 .algorithm_enc
= SSL_eGOST2814789CNT
,
1361 .algorithm_mac
= SSL_GOST89MAC
,
1362 .algorithm_ssl
= SSL_TLSV1
,
1363 .algo_strength
= SSL_HIGH
,
1364 .algorithm2
= SSL_HANDSHAKE_MAC_STREEBOG256
|TLS1_PRF_STREEBOG256
|
1366 .strength_bits
= 256,
1370 /* Cipher FF87 FIXME IANA */
1373 .name
= "GOST2012256-NULL-STREEBOG256",
1374 .id
= 0x300ff87, /* FIXME IANA */
1375 .algorithm_mkey
= SSL_kGOST
,
1376 .algorithm_auth
= SSL_aGOST01
,
1377 .algorithm_enc
= SSL_eNULL
,
1378 .algorithm_mac
= SSL_STREEBOG256
,
1379 .algorithm_ssl
= SSL_TLSV1
,
1380 .algo_strength
= SSL_STRONG_NONE
,
1381 .algorithm2
= SSL_HANDSHAKE_MAC_STREEBOG256
|TLS1_PRF_STREEBOG256
,
1391 ssl3_num_ciphers(void)
1393 return (SSL3_NUM_CIPHERS
);
1397 ssl3_get_cipher(unsigned int u
)
1399 if (u
< SSL3_NUM_CIPHERS
)
1400 return (&(ssl3_ciphers
[SSL3_NUM_CIPHERS
- 1 - u
]));
1406 ssl3_get_cipher_by_id(unsigned int id
)
1408 const SSL_CIPHER
*cp
;
1412 cp
= OBJ_bsearch_ssl_cipher_id(&c
, ssl3_ciphers
, SSL3_NUM_CIPHERS
);
1413 if (cp
!= NULL
&& cp
->valid
== 1)
1420 ssl3_get_cipher_by_value(uint16_t value
)
1422 return ssl3_get_cipher_by_id(SSL3_CK_ID
| value
);
1426 ssl3_cipher_get_value(const SSL_CIPHER
*c
)
1428 return (c
->id
& SSL3_CK_VALUE_MASK
);
1432 ssl3_pending(const SSL
*s
)
1434 if (s
->internal
->rstate
== SSL_ST_READ_BODY
)
1437 return (S3I(s
)->rrec
.type
== SSL3_RT_APPLICATION_DATA
) ?
1438 S3I(s
)->rrec
.length
: 0;
1442 ssl3_handshake_msg_hdr_len(SSL
*s
)
1444 return (SSL_IS_DTLS(s
) ? DTLS1_HM_HEADER_LENGTH
:
1445 SSL3_HM_HEADER_LENGTH
);
1449 ssl3_handshake_msg_start(SSL
*s
, uint8_t msg_type
)
1451 unsigned char *d
, *p
;
1453 d
= p
= (unsigned char *)s
->internal
->init_buf
->data
;
1455 /* Handshake message type and length. */
1459 return (d
+ ssl3_handshake_msg_hdr_len(s
));
1463 ssl3_handshake_msg_finish(SSL
*s
, unsigned int len
)
1468 p
= (unsigned char *)s
->internal
->init_buf
->data
;
1470 /* Handshake message length. */
1474 s
->internal
->init_num
= ssl3_handshake_msg_hdr_len(s
) + (int)len
;
1475 s
->internal
->init_off
= 0;
1477 if (SSL_IS_DTLS(s
)) {
1478 dtls1_set_message_header(s
, msg_type
, len
, 0, len
);
1479 dtls1_buffer_message(s
, 0);
1484 ssl3_handshake_msg_start_cbb(SSL
*s
, CBB
*handshake
, CBB
*body
,
1489 if (!CBB_init(handshake
, SSL3_RT_MAX_PLAIN_LENGTH
))
1491 if (!CBB_add_u8(handshake
, msg_type
))
1493 if (SSL_IS_DTLS(s
)) {
1494 unsigned char *data
;
1496 if (!CBB_add_space(handshake
, &data
, DTLS1_HM_HEADER_LENGTH
-
1497 SSL3_HM_HEADER_LENGTH
))
1500 if (!CBB_add_u24_length_prefixed(handshake
, body
))
1510 ssl3_handshake_msg_finish_cbb(SSL
*s
, CBB
*handshake
)
1512 unsigned char *data
= NULL
;
1516 if (!CBB_finish(handshake
, &data
, &outlen
))
1519 if (outlen
> INT_MAX
)
1522 if (!BUF_MEM_grow_clean(s
->internal
->init_buf
, outlen
))
1525 memcpy(s
->internal
->init_buf
->data
, data
, outlen
);
1527 s
->internal
->init_num
= (int)outlen
;
1528 s
->internal
->init_off
= 0;
1530 if (SSL_IS_DTLS(s
)) {
1535 CBS_init(&cbs
, data
, outlen
);
1536 if (!CBS_get_u8(&cbs
, &msg_type
))
1539 len
= outlen
- ssl3_handshake_msg_hdr_len(s
);
1541 dtls1_set_message_header(s
, msg_type
, len
, 0, len
);
1542 dtls1_buffer_message(s
, 0);
1554 ssl3_handshake_write(SSL
*s
)
1556 return ssl3_record_write(s
, SSL3_RT_HANDSHAKE
);
1560 ssl3_record_write(SSL
*s
, int type
)
1563 return dtls1_do_write(s
, type
);
1565 return ssl3_do_write(s
, type
);
1571 if ((s
->s3
= calloc(1, sizeof(*s
->s3
))) == NULL
)
1573 if ((S3I(s
) = calloc(1, sizeof(*S3I(s
)))) == NULL
) {
1578 s
->method
->internal
->ssl_clear(s
);
1589 tls1_cleanup_key_block(s
);
1590 ssl3_release_read_buffer(s
);
1591 ssl3_release_write_buffer(s
);
1593 DH_free(S3I(s
)->tmp
.dh
);
1594 EC_KEY_free(S3I(s
)->tmp
.ecdh
);
1596 freezero(S3I(s
)->tmp
.x25519
, X25519_KEY_LENGTH
);
1598 sk_X509_NAME_pop_free(S3I(s
)->tmp
.ca_names
, X509_NAME_free
);
1600 BIO_free(S3I(s
)->handshake_buffer
);
1602 tls1_handshake_hash_free(s
);
1604 free(S3I(s
)->alpn_selected
);
1606 freezero(S3I(s
), sizeof(*S3I(s
)));
1607 freezero(s
->s3
, sizeof(*s
->s3
));
1615 struct ssl3_state_internal_st
*internal
;
1616 unsigned char *rp
, *wp
;
1619 tls1_cleanup_key_block(s
);
1620 sk_X509_NAME_pop_free(S3I(s
)->tmp
.ca_names
, X509_NAME_free
);
1622 DH_free(S3I(s
)->tmp
.dh
);
1623 S3I(s
)->tmp
.dh
= NULL
;
1624 EC_KEY_free(S3I(s
)->tmp
.ecdh
);
1625 S3I(s
)->tmp
.ecdh
= NULL
;
1627 freezero(S3I(s
)->tmp
.x25519
, X25519_KEY_LENGTH
);
1628 S3I(s
)->tmp
.x25519
= NULL
;
1630 rp
= s
->s3
->rbuf
.buf
;
1631 wp
= s
->s3
->wbuf
.buf
;
1632 rlen
= s
->s3
->rbuf
.len
;
1633 wlen
= s
->s3
->wbuf
.len
;
1635 BIO_free(S3I(s
)->handshake_buffer
);
1636 S3I(s
)->handshake_buffer
= NULL
;
1638 tls1_handshake_hash_free(s
);
1640 free(S3I(s
)->alpn_selected
);
1641 S3I(s
)->alpn_selected
= NULL
;
1643 memset(S3I(s
), 0, sizeof(*S3I(s
)));
1645 memset(s
->s3
, 0, sizeof(*s
->s3
));
1648 s
->s3
->rbuf
.buf
= rp
;
1649 s
->s3
->wbuf
.buf
= wp
;
1650 s
->s3
->rbuf
.len
= rlen
;
1651 s
->s3
->wbuf
.len
= wlen
;
1653 ssl_free_wbio_buffer(s
);
1656 S3I(s
)->renegotiate
= 0;
1657 S3I(s
)->total_renegotiations
= 0;
1658 S3I(s
)->num_renegotiations
= 0;
1659 S3I(s
)->in_read_app_data
= 0;
1661 s
->internal
->packet_length
= 0;
1662 s
->version
= TLS1_VERSION
;
1666 ssl_ctrl_get_server_tmp_key(SSL
*s
, EVP_PKEY
**pkey_tmp
)
1668 EVP_PKEY
*pkey
= NULL
;
1669 EC_GROUP
*group
= NULL
;
1670 EC_POINT
*point
= NULL
;
1671 EC_KEY
*ec_key
= NULL
;
1672 BIGNUM
*order
= NULL
;
1680 if (s
->session
== NULL
|| SSI(s
)->sess_cert
== NULL
)
1683 sc
= SSI(s
)->sess_cert
;
1685 if ((pkey
= EVP_PKEY_new()) == NULL
)
1688 if (sc
->peer_dh_tmp
!= NULL
) {
1689 ret
= EVP_PKEY_set1_DH(pkey
, sc
->peer_dh_tmp
);
1690 } else if (sc
->peer_ecdh_tmp
) {
1691 ret
= EVP_PKEY_set1_EC_KEY(pkey
, sc
->peer_ecdh_tmp
);
1692 } else if (sc
->peer_x25519_tmp
!= NULL
) {
1693 /* Fudge up an EC_KEY that looks like X25519... */
1694 if ((group
= EC_GROUP_new(EC_GFp_mont_method())) == NULL
)
1696 if ((point
= EC_POINT_new(group
)) == NULL
)
1698 if ((order
= BN_new()) == NULL
)
1700 if (!BN_set_bit(order
, 252))
1702 if (!EC_GROUP_set_generator(group
, point
, order
, NULL
))
1704 EC_GROUP_set_curve_name(group
, NID_X25519
);
1705 if ((ec_key
= EC_KEY_new()) == NULL
)
1707 if (!EC_KEY_set_group(ec_key
, group
))
1709 ret
= EVP_PKEY_set1_EC_KEY(pkey
, ec_key
);
1718 EVP_PKEY_free(pkey
);
1719 EC_GROUP_free(group
);
1720 EC_POINT_free(point
);
1721 EC_KEY_free(ec_key
);
1728 _SSL_session_reused(SSL
*s
)
1730 return s
->internal
->hit
;
1734 _SSL_num_renegotiations(SSL
*s
)
1736 return S3I(s
)->num_renegotiations
;
1740 _SSL_clear_num_renegotiations(SSL
*s
)
1744 renegs
= S3I(s
)->num_renegotiations
;
1745 S3I(s
)->num_renegotiations
= 0;
1751 _SSL_total_renegotiations(SSL
*s
)
1753 return S3I(s
)->total_renegotiations
;
1757 _SSL_set_tmp_dh(SSL
*s
, DH
*dh
)
1761 if (!ssl_cert_inst(&s
->cert
)) {
1762 SSLerror(s
, ERR_R_MALLOC_FAILURE
);
1767 SSLerror(s
, ERR_R_PASSED_NULL_PARAMETER
);
1771 if ((dh_tmp
= DHparams_dup(dh
)) == NULL
) {
1772 SSLerror(s
, ERR_R_DH_LIB
);
1776 DH_free(s
->cert
->dh_tmp
);
1777 s
->cert
->dh_tmp
= dh_tmp
;
1783 _SSL_set_dh_auto(SSL
*s
, int state
)
1785 s
->cert
->dh_tmp_auto
= state
;
1790 _SSL_set_tmp_ecdh(SSL
*s
, EC_KEY
*ecdh
)
1792 const EC_GROUP
*group
;
1795 if (!ssl_cert_inst(&s
->cert
)) {
1796 SSLerror(s
, ERR_R_MALLOC_FAILURE
);
1802 if ((group
= EC_KEY_get0_group(ecdh
)) == NULL
)
1805 nid
= EC_GROUP_get_curve_name(group
);
1806 return SSL_set1_groups(s
, &nid
, 1);
1810 _SSL_set_ecdh_auto(SSL
*s
, int state
)
1816 _SSL_set_tlsext_host_name(SSL
*s
, const char *name
)
1818 free(s
->tlsext_hostname
);
1819 s
->tlsext_hostname
= NULL
;
1824 if (strlen(name
) > TLSEXT_MAXLEN_host_name
) {
1825 SSLerror(s
, SSL_R_SSL3_EXT_INVALID_SERVERNAME
);
1829 if ((s
->tlsext_hostname
= strdup(name
)) == NULL
) {
1830 SSLerror(s
, ERR_R_INTERNAL_ERROR
);
1838 _SSL_set_tlsext_debug_arg(SSL
*s
, void *arg
)
1840 s
->internal
->tlsext_debug_arg
= arg
;
1845 _SSL_set_tlsext_status_type(SSL
*s
, int type
)
1847 s
->tlsext_status_type
= type
;
1852 _SSL_get_tlsext_status_exts(SSL
*s
, STACK_OF(X509_EXTENSION
) **exts
)
1854 *exts
= s
->internal
->tlsext_ocsp_exts
;
1859 _SSL_set_tlsext_status_exts(SSL
*s
, STACK_OF(X509_EXTENSION
) *exts
)
1862 s
->internal
->tlsext_ocsp_exts
= exts
;
1867 _SSL_get_tlsext_status_ids(SSL
*s
, STACK_OF(OCSP_RESPID
) **ids
)
1869 *ids
= s
->internal
->tlsext_ocsp_ids
;
1874 _SSL_set_tlsext_status_ids(SSL
*s
, STACK_OF(OCSP_RESPID
) *ids
)
1877 s
->internal
->tlsext_ocsp_ids
= ids
;
1882 _SSL_get_tlsext_status_ocsp_resp(SSL
*s
, unsigned char **resp
)
1884 *resp
= s
->internal
->tlsext_ocsp_resp
;
1885 return s
->internal
->tlsext_ocsp_resplen
;
1889 _SSL_set_tlsext_status_ocsp_resp(SSL
*s
, unsigned char *resp
, int resp_len
)
1891 free(s
->internal
->tlsext_ocsp_resp
);
1892 s
->internal
->tlsext_ocsp_resp
= resp
;
1893 s
->internal
->tlsext_ocsp_resplen
= resp_len
;
1898 SSL_set1_groups(SSL
*s
, const int *groups
, size_t groups_len
)
1900 return tls1_set_groups(&s
->internal
->tlsext_supportedgroups
,
1901 &s
->internal
->tlsext_supportedgroups_length
, groups
, groups_len
);
1905 SSL_set1_groups_list(SSL
*s
, const char *groups
)
1907 return tls1_set_groups_list(&s
->internal
->tlsext_supportedgroups
,
1908 &s
->internal
->tlsext_supportedgroups_length
, groups
);
1912 ssl3_ctrl(SSL
*s
, int cmd
, long larg
, void *parg
)
1915 case SSL_CTRL_GET_SESSION_REUSED
:
1916 return _SSL_session_reused(s
);
1918 case SSL_CTRL_GET_NUM_RENEGOTIATIONS
:
1919 return _SSL_num_renegotiations(s
);
1921 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS
:
1922 return _SSL_clear_num_renegotiations(s
);
1924 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS
:
1925 return _SSL_total_renegotiations(s
);
1927 case SSL_CTRL_SET_TMP_DH
:
1928 return _SSL_set_tmp_dh(s
, parg
);
1930 case SSL_CTRL_SET_TMP_DH_CB
:
1931 SSLerror(s
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
1934 case SSL_CTRL_SET_DH_AUTO
:
1935 return _SSL_set_dh_auto(s
, larg
);
1937 case SSL_CTRL_SET_TMP_ECDH
:
1938 return _SSL_set_tmp_ecdh(s
, parg
);
1940 case SSL_CTRL_SET_TMP_ECDH_CB
:
1941 SSLerror(s
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
1944 case SSL_CTRL_SET_ECDH_AUTO
:
1945 return _SSL_set_ecdh_auto(s
, larg
);
1947 case SSL_CTRL_SET_TLSEXT_HOSTNAME
:
1948 if (larg
!= TLSEXT_NAMETYPE_host_name
) {
1949 SSLerror(s
, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE
);
1952 return _SSL_set_tlsext_host_name(s
, parg
);
1954 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG
:
1955 return _SSL_set_tlsext_debug_arg(s
, parg
);
1957 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE
:
1958 return _SSL_set_tlsext_status_type(s
, larg
);
1960 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS
:
1961 return _SSL_get_tlsext_status_exts(s
, parg
);
1963 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS
:
1964 return _SSL_set_tlsext_status_exts(s
, parg
);
1966 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS
:
1967 return _SSL_get_tlsext_status_ids(s
, parg
);
1969 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS
:
1970 return _SSL_set_tlsext_status_ids(s
, parg
);
1972 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP
:
1973 return _SSL_get_tlsext_status_ocsp_resp(s
, parg
);
1975 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
:
1976 return _SSL_set_tlsext_status_ocsp_resp(s
, parg
, larg
);
1978 case SSL_CTRL_SET_GROUPS
:
1979 return SSL_set1_groups(s
, parg
, larg
);
1981 case SSL_CTRL_SET_GROUPS_LIST
:
1982 return SSL_set1_groups_list(s
, parg
);
1984 case SSL_CTRL_GET_SERVER_TMP_KEY
:
1985 return ssl_ctrl_get_server_tmp_key(s
, parg
);
1987 case SSL_CTRL_GET_MIN_PROTO_VERSION
:
1988 return SSL_get_min_proto_version(s
);
1990 case SSL_CTRL_GET_MAX_PROTO_VERSION
:
1991 return SSL_get_max_proto_version(s
);
1993 case SSL_CTRL_SET_MIN_PROTO_VERSION
:
1994 if (larg
< 0 || larg
> UINT16_MAX
)
1996 return SSL_set_min_proto_version(s
, larg
);
1998 case SSL_CTRL_SET_MAX_PROTO_VERSION
:
1999 if (larg
< 0 || larg
> UINT16_MAX
)
2001 return SSL_set_max_proto_version(s
, larg
);
2004 * Legacy controls that should eventually be removed.
2006 case SSL_CTRL_GET_CLIENT_CERT_REQUEST
:
2009 case SSL_CTRL_GET_FLAGS
:
2010 return (int)(s
->s3
->flags
);
2012 case SSL_CTRL_NEED_TMP_RSA
:
2015 case SSL_CTRL_SET_TMP_RSA
:
2016 case SSL_CTRL_SET_TMP_RSA_CB
:
2017 SSLerror(s
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2025 ssl3_callback_ctrl(SSL
*s
, int cmd
, void (*fp
)(void))
2027 if (cmd
== SSL_CTRL_SET_TMP_DH_CB
|| cmd
== SSL_CTRL_SET_TMP_ECDH_CB
) {
2028 if (!ssl_cert_inst(&s
->cert
)) {
2029 SSLerror(s
, ERR_R_MALLOC_FAILURE
);
2035 case SSL_CTRL_SET_TMP_RSA_CB
:
2036 SSLerror(s
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2039 case SSL_CTRL_SET_TMP_DH_CB
:
2040 s
->cert
->dh_tmp_cb
= (DH
*(*)(SSL
*, int, int))fp
;
2043 case SSL_CTRL_SET_TMP_ECDH_CB
:
2046 case SSL_CTRL_SET_TLSEXT_DEBUG_CB
:
2047 s
->internal
->tlsext_debug_cb
= (void (*)(SSL
*, int , int,
2048 unsigned char *, int, void *))fp
;
2056 _SSL_CTX_set_tmp_dh(SSL_CTX
*ctx
, DH
*dh
)
2060 if ((dh_tmp
= DHparams_dup(dh
)) == NULL
) {
2061 SSLerrorx(ERR_R_DH_LIB
);
2065 DH_free(ctx
->internal
->cert
->dh_tmp
);
2066 ctx
->internal
->cert
->dh_tmp
= dh_tmp
;
2072 _SSL_CTX_set_dh_auto(SSL_CTX
*ctx
, int state
)
2074 ctx
->internal
->cert
->dh_tmp_auto
= state
;
2079 _SSL_CTX_set_tmp_ecdh(SSL_CTX
*ctx
, EC_KEY
*ecdh
)
2081 const EC_GROUP
*group
;
2086 if ((group
= EC_KEY_get0_group(ecdh
)) == NULL
)
2089 nid
= EC_GROUP_get_curve_name(group
);
2090 return SSL_CTX_set1_groups(ctx
, &nid
, 1);
2094 _SSL_CTX_set_ecdh_auto(SSL_CTX
*ctx
, int state
)
2100 _SSL_CTX_set_tlsext_servername_arg(SSL_CTX
*ctx
, void *arg
)
2102 ctx
->internal
->tlsext_servername_arg
= arg
;
2107 _SSL_CTX_get_tlsext_ticket_keys(SSL_CTX
*ctx
, unsigned char *keys
, int keys_len
)
2112 if (keys_len
!= 48) {
2113 SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH
);
2117 memcpy(keys
, ctx
->internal
->tlsext_tick_key_name
, 16);
2118 memcpy(keys
+ 16, ctx
->internal
->tlsext_tick_hmac_key
, 16);
2119 memcpy(keys
+ 32, ctx
->internal
->tlsext_tick_aes_key
, 16);
2125 _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX
*ctx
, unsigned char *keys
, int keys_len
)
2130 if (keys_len
!= 48) {
2131 SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH
);
2135 memcpy(ctx
->internal
->tlsext_tick_key_name
, keys
, 16);
2136 memcpy(ctx
->internal
->tlsext_tick_hmac_key
, keys
+ 16, 16);
2137 memcpy(ctx
->internal
->tlsext_tick_aes_key
, keys
+ 32, 16);
2143 _SSL_CTX_get_tlsext_status_arg(SSL_CTX
*ctx
, void **arg
)
2145 *arg
= ctx
->internal
->tlsext_status_arg
;
2150 _SSL_CTX_set_tlsext_status_arg(SSL_CTX
*ctx
, void *arg
)
2152 ctx
->internal
->tlsext_status_arg
= arg
;
2157 _SSL_CTX_add_extra_chain_cert(SSL_CTX
*ctx
, X509
*cert
)
2159 if (ctx
->extra_certs
== NULL
) {
2160 if ((ctx
->extra_certs
= sk_X509_new_null()) == NULL
)
2163 if (sk_X509_push(ctx
->extra_certs
, cert
) == 0)
2170 _SSL_CTX_get_extra_chain_certs(SSL_CTX
*ctx
, STACK_OF(X509
) **certs
)
2172 *certs
= ctx
->extra_certs
;
2177 _SSL_CTX_clear_extra_chain_certs(SSL_CTX
*ctx
)
2179 sk_X509_pop_free(ctx
->extra_certs
, X509_free
);
2180 ctx
->extra_certs
= NULL
;
2185 SSL_CTX_set1_groups(SSL_CTX
*ctx
, const int *groups
, size_t groups_len
)
2187 return tls1_set_groups(&ctx
->internal
->tlsext_supportedgroups
,
2188 &ctx
->internal
->tlsext_supportedgroups_length
, groups
, groups_len
);
2192 SSL_CTX_set1_groups_list(SSL_CTX
*ctx
, const char *groups
)
2194 return tls1_set_groups_list(&ctx
->internal
->tlsext_supportedgroups
,
2195 &ctx
->internal
->tlsext_supportedgroups_length
, groups
);
2199 ssl3_ctx_ctrl(SSL_CTX
*ctx
, int cmd
, long larg
, void *parg
)
2202 case SSL_CTRL_SET_TMP_DH
:
2203 return _SSL_CTX_set_tmp_dh(ctx
, parg
);
2205 case SSL_CTRL_SET_TMP_DH_CB
:
2206 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2209 case SSL_CTRL_SET_DH_AUTO
:
2210 return _SSL_CTX_set_dh_auto(ctx
, larg
);
2212 case SSL_CTRL_SET_TMP_ECDH
:
2213 return _SSL_CTX_set_tmp_ecdh(ctx
, parg
);
2215 case SSL_CTRL_SET_TMP_ECDH_CB
:
2216 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2219 case SSL_CTRL_SET_ECDH_AUTO
:
2220 return _SSL_CTX_set_ecdh_auto(ctx
, larg
);
2222 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
:
2223 return _SSL_CTX_set_tlsext_servername_arg(ctx
, parg
);
2225 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS
:
2226 return _SSL_CTX_get_tlsext_ticket_keys(ctx
, parg
, larg
);
2228 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS
:
2229 return _SSL_CTX_set_tlsext_ticket_keys(ctx
, parg
, larg
);
2231 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
:
2232 return _SSL_CTX_get_tlsext_status_arg(ctx
, parg
);
2234 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG
:
2235 return _SSL_CTX_set_tlsext_status_arg(ctx
, parg
);
2237 case SSL_CTRL_EXTRA_CHAIN_CERT
:
2238 return _SSL_CTX_add_extra_chain_cert(ctx
, parg
);
2240 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS
:
2241 return _SSL_CTX_get_extra_chain_certs(ctx
, parg
);
2243 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS
:
2244 return _SSL_CTX_clear_extra_chain_certs(ctx
);
2246 case SSL_CTRL_SET_GROUPS
:
2247 return SSL_CTX_set1_groups(ctx
, parg
, larg
);
2249 case SSL_CTRL_SET_GROUPS_LIST
:
2250 return SSL_CTX_set1_groups_list(ctx
, parg
);
2252 case SSL_CTRL_GET_MIN_PROTO_VERSION
:
2253 return SSL_CTX_get_min_proto_version(ctx
);
2255 case SSL_CTRL_GET_MAX_PROTO_VERSION
:
2256 return SSL_CTX_get_max_proto_version(ctx
);
2258 case SSL_CTRL_SET_MIN_PROTO_VERSION
:
2259 if (larg
< 0 || larg
> UINT16_MAX
)
2261 return SSL_CTX_set_min_proto_version(ctx
, larg
);
2263 case SSL_CTRL_SET_MAX_PROTO_VERSION
:
2264 if (larg
< 0 || larg
> UINT16_MAX
)
2266 return SSL_CTX_set_max_proto_version(ctx
, larg
);
2269 * Legacy controls that should eventually be removed.
2271 case SSL_CTRL_NEED_TMP_RSA
:
2274 case SSL_CTRL_SET_TMP_RSA
:
2275 case SSL_CTRL_SET_TMP_RSA_CB
:
2276 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2284 ssl3_ctx_callback_ctrl(SSL_CTX
*ctx
, int cmd
, void (*fp
)(void))
2287 case SSL_CTRL_SET_TMP_RSA_CB
:
2288 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
2291 case SSL_CTRL_SET_TMP_DH_CB
:
2292 ctx
->internal
->cert
->dh_tmp_cb
=
2293 (DH
*(*)(SSL
*, int, int))fp
;
2296 case SSL_CTRL_SET_TMP_ECDH_CB
:
2299 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
:
2300 ctx
->internal
->tlsext_servername_callback
=
2301 (int (*)(SSL
*, int *, void *))fp
;
2304 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
:
2305 *(int (**)(SSL
*, void *))fp
= ctx
->internal
->tlsext_status_cb
;
2308 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
:
2309 ctx
->internal
->tlsext_status_cb
= (int (*)(SSL
*, void *))fp
;
2312 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
:
2313 ctx
->internal
->tlsext_ticket_key_cb
= (int (*)(SSL
*, unsigned char *,
2314 unsigned char *, EVP_CIPHER_CTX
*, HMAC_CTX
*, int))fp
;
2322 * This function needs to check if the ciphers required are actually available.
2325 ssl3_get_cipher_by_char(const unsigned char *p
)
2327 uint16_t cipher_value
;
2330 /* We have to assume it is at least 2 bytes due to existing API. */
2331 CBS_init(&cbs
, p
, 2);
2332 if (!CBS_get_u16(&cbs
, &cipher_value
))
2335 return ssl3_get_cipher_by_value(cipher_value
);
2339 ssl3_put_cipher_by_char(const SSL_CIPHER
*c
, unsigned char *p
)
2346 if ((c
->id
& ~SSL3_CK_VALUE_MASK
) != SSL3_CK_ID
)
2349 memset(&cbb
, 0, sizeof(cbb
));
2351 /* We have to assume it is at least 2 bytes due to existing API. */
2352 if (!CBB_init_fixed(&cbb
, p
, 2))
2354 if (!CBB_add_u16(&cbb
, ssl3_cipher_get_value(c
)))
2356 if (!CBB_finish(&cbb
, NULL
, NULL
))
2367 ssl3_choose_cipher(SSL
*s
, STACK_OF(SSL_CIPHER
) *clnt
,
2368 STACK_OF(SSL_CIPHER
) *srvr
)
2370 unsigned long alg_k
, alg_a
, mask_k
, mask_a
;
2371 STACK_OF(SSL_CIPHER
) *prio
, *allow
;
2372 SSL_CIPHER
*c
, *ret
= NULL
;
2376 /* Let's see which ciphers we can support */
2380 * Do not set the compare functions, because this may lead to a
2381 * reordering by "id". We want to keep the original ordering.
2382 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2383 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2386 if (s
->internal
->options
& SSL_OP_CIPHER_SERVER_PREFERENCE
) {
2394 for (i
= 0; i
< sk_SSL_CIPHER_num(prio
); i
++) {
2395 c
= sk_SSL_CIPHER_value(prio
, i
);
2397 /* Skip TLS v1.2 only ciphersuites if not supported. */
2398 if ((c
->algorithm_ssl
& SSL_TLSV1_2
) &&
2399 !SSL_USE_TLS1_2_CIPHERS(s
))
2402 ssl_set_cert_masks(cert
, c
);
2403 mask_k
= cert
->mask_k
;
2404 mask_a
= cert
->mask_a
;
2406 alg_k
= c
->algorithm_mkey
;
2407 alg_a
= c
->algorithm_auth
;
2410 ok
= (alg_k
& mask_k
) && (alg_a
& mask_a
);
2413 * If we are considering an ECC cipher suite that uses our
2414 * certificate check it.
2416 if (alg_a
& SSL_aECDSA
)
2417 ok
= ok
&& tls1_check_ec_server_key(s
);
2419 * If we are considering an ECC cipher suite that uses
2420 * an ephemeral EC key check it.
2422 if (alg_k
& SSL_kECDHE
)
2423 ok
= ok
&& tls1_check_ec_tmp_key(s
);
2427 ii
= sk_SSL_CIPHER_find(allow
, c
);
2429 ret
= sk_SSL_CIPHER_value(allow
, ii
);
2437 ssl3_get_req_cert_types(SSL
*s
, CBB
*cbb
)
2439 unsigned long alg_k
;
2441 alg_k
= S3I(s
)->hs
.new_cipher
->algorithm_mkey
;
2443 #ifndef OPENSSL_NO_GOST
2444 if ((alg_k
& SSL_kGOST
) != 0) {
2445 if (!CBB_add_u8(cbb
, TLS_CT_GOST94_SIGN
))
2447 if (!CBB_add_u8(cbb
, TLS_CT_GOST01_SIGN
))
2449 if (!CBB_add_u8(cbb
, TLS_CT_GOST12_256_SIGN
))
2451 if (!CBB_add_u8(cbb
, TLS_CT_GOST12_512_SIGN
))
2456 if ((alg_k
& SSL_kDHE
) != 0) {
2457 if (!CBB_add_u8(cbb
, SSL3_CT_RSA_FIXED_DH
))
2461 if (!CBB_add_u8(cbb
, SSL3_CT_RSA_SIGN
))
2465 * ECDSA certs can be used with RSA cipher suites as well
2466 * so we don't need to check for SSL_kECDH or SSL_kECDHE.
2468 if (!CBB_add_u8(cbb
, TLS_CT_ECDSA_SIGN
))
2475 ssl3_shutdown(SSL
*s
)
2480 * Don't do anything much if we have not done the handshake or
2481 * we don't want to send messages :-)
2483 if ((s
->internal
->quiet_shutdown
) || (S3I(s
)->hs
.state
== SSL_ST_BEFORE
)) {
2484 s
->internal
->shutdown
= (SSL_SENT_SHUTDOWN
|SSL_RECEIVED_SHUTDOWN
);
2488 if (!(s
->internal
->shutdown
& SSL_SENT_SHUTDOWN
)) {
2489 s
->internal
->shutdown
|=SSL_SENT_SHUTDOWN
;
2490 ssl3_send_alert(s
, SSL3_AL_WARNING
, SSL_AD_CLOSE_NOTIFY
);
2492 * Our shutdown alert has been sent now, and if it still needs
2493 * to be written, s->s3->alert_dispatch will be true
2495 if (s
->s3
->alert_dispatch
)
2496 return(-1); /* return WANT_WRITE */
2497 } else if (s
->s3
->alert_dispatch
) {
2498 /* resend it if not sent */
2499 ret
= s
->method
->ssl_dispatch_alert(s
);
2502 * We only get to return -1 here the 2nd/Nth
2503 * invocation, we must have already signalled
2504 * return 0 upon a previous invoation,
2509 } else if (!(s
->internal
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
2510 /* If we are waiting for a close from our peer, we are closed */
2511 s
->method
->internal
->ssl_read_bytes(s
, 0, NULL
, 0, 0);
2512 if (!(s
->internal
->shutdown
& SSL_RECEIVED_SHUTDOWN
)) {
2513 return(-1); /* return WANT_READ */
2517 if ((s
->internal
->shutdown
== (SSL_SENT_SHUTDOWN
|SSL_RECEIVED_SHUTDOWN
)) &&
2518 !s
->s3
->alert_dispatch
)
2525 ssl3_write(SSL
*s
, const void *buf
, int len
)
2530 if (s
->internal
->shutdown
& SSL_SEND_SHUTDOWN
) {
2531 s
->internal
->rwstate
= SSL_NOTHING
;
2536 if (S3I(s
)->renegotiate
)
2537 ssl3_renegotiate_check(s
);
2540 * This is an experimental flag that sends the
2541 * last handshake message in the same packet as the first
2542 * use data - used to see if it helps the TCP protocol during
2545 /* The second test is because the buffer may have been removed */
2546 if ((s
->s3
->flags
& SSL3_FLAGS_POP_BUFFER
) && (s
->wbio
== s
->bbio
)) {
2547 /* First time through, we write into the buffer */
2548 if (S3I(s
)->delay_buf_pop_ret
== 0) {
2549 ret
= ssl3_write_bytes(s
, SSL3_RT_APPLICATION_DATA
,
2554 S3I(s
)->delay_buf_pop_ret
= ret
;
2557 s
->internal
->rwstate
= SSL_WRITING
;
2558 n
= BIO_flush(s
->wbio
);
2561 s
->internal
->rwstate
= SSL_NOTHING
;
2563 /* We have flushed the buffer, so remove it */
2564 ssl_free_wbio_buffer(s
);
2565 s
->s3
->flags
&= ~SSL3_FLAGS_POP_BUFFER
;
2567 ret
= S3I(s
)->delay_buf_pop_ret
;
2568 S3I(s
)->delay_buf_pop_ret
= 0;
2570 ret
= s
->method
->internal
->ssl_write_bytes(s
,
2571 SSL3_RT_APPLICATION_DATA
, buf
, len
);
2580 ssl3_read_internal(SSL
*s
, void *buf
, int len
, int peek
)
2585 if (S3I(s
)->renegotiate
)
2586 ssl3_renegotiate_check(s
);
2587 S3I(s
)->in_read_app_data
= 1;
2588 ret
= s
->method
->internal
->ssl_read_bytes(s
,
2589 SSL3_RT_APPLICATION_DATA
, buf
, len
, peek
);
2590 if ((ret
== -1) && (S3I(s
)->in_read_app_data
== 2)) {
2592 * ssl3_read_bytes decided to call s->internal->handshake_func, which
2593 * called ssl3_read_bytes to read handshake data.
2594 * However, ssl3_read_bytes actually found application data
2595 * and thinks that application data makes sense here; so disable
2596 * handshake processing and try to read application data again.
2598 s
->internal
->in_handshake
++;
2599 ret
= s
->method
->internal
->ssl_read_bytes(s
,
2600 SSL3_RT_APPLICATION_DATA
, buf
, len
, peek
);
2601 s
->internal
->in_handshake
--;
2603 S3I(s
)->in_read_app_data
= 0;
2609 ssl3_read(SSL
*s
, void *buf
, int len
)
2611 return ssl3_read_internal(s
, buf
, len
, 0);
2615 ssl3_peek(SSL
*s
, void *buf
, int len
)
2617 return ssl3_read_internal(s
, buf
, len
, 1);
2621 ssl3_renegotiate(SSL
*s
)
2623 if (s
->internal
->handshake_func
== NULL
)
2626 if (s
->s3
->flags
& SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
)
2629 S3I(s
)->renegotiate
= 1;
2634 ssl3_renegotiate_check(SSL
*s
)
2638 if (S3I(s
)->renegotiate
) {
2639 if ((s
->s3
->rbuf
.left
== 0) && (s
->s3
->wbuf
.left
== 0) &&
2642 * If we are the server, and we have sent
2643 * a 'RENEGOTIATE' message, we need to go
2647 S3I(s
)->hs
.state
= SSL_ST_RENEGOTIATE
;
2648 S3I(s
)->renegotiate
= 0;
2649 S3I(s
)->num_renegotiations
++;
2650 S3I(s
)->total_renegotiations
++;
2657 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
2658 * and handshake macs if required.
2661 ssl_get_algorithm2(SSL
*s
)
2663 long alg2
= S3I(s
)->hs
.new_cipher
->algorithm2
;
2665 if (s
->method
->internal
->ssl3_enc
->enc_flags
& SSL_ENC_FLAG_SHA256_PRF
&&
2666 alg2
== (SSL_HANDSHAKE_MAC_DEFAULT
|TLS1_PRF
))
2667 return SSL_HANDSHAKE_MAC_SHA256
| TLS1_PRF_SHA256
;