CoCalc -- s3

GitHub Repository: freebsd/freebsd-src
Path: blob/main/crypto/openssl/ssl/s3_lib.c
¹⁰⁶¹⁰⁹ views
1
/*
2
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4
 * Copyright 2005 Nokia. All rights reserved.
5
 *
6
 * Licensed under the Apache License 2.0 (the "License").  You may not use
7
 * this file except in compliance with the License.  You can obtain a copy
8
 * in the file LICENSE in the source distribution or at
9
 * https://www.openssl.org/source/license.html
10
 */
11

12
#include "internal/e_os.h"
13

14
#include <openssl/objects.h>
15
#include "internal/nelem.h"
16
#include "ssl_local.h"
17
#include <openssl/md5.h>
18
#include <openssl/dh.h>
19
#include <openssl/rand.h>
20
#include <openssl/trace.h>
21
#include <openssl/x509v3.h>
22
#include <openssl/core_names.h>
23
#include "internal/cryptlib.h"
24
#include "internal/ssl_unwrap.h"
25

26
#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
27
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
28
#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
29

30
/* TLSv1.3 downgrade protection sentinel values */
31
const unsigned char tls11downgrade[] = {
32
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
33
};
34
const unsigned char tls12downgrade[] = {
35
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
36
};
37

38
/* The list of available TLSv1.3 ciphers */
39
static SSL_CIPHER tls13_ciphers[] = {
40
    {
41
        1,
42
        TLS1_3_RFC_AES_128_GCM_SHA256,
43
        TLS1_3_RFC_AES_128_GCM_SHA256,
44
        TLS1_3_CK_AES_128_GCM_SHA256,
45
        SSL_kANY,
46
        SSL_aANY,
47
        SSL_AES128GCM,
48
        SSL_AEAD,
49
        TLS1_3_VERSION,
50
        TLS1_3_VERSION,
51
        0,
52
        0,
53
        SSL_HIGH,
54
        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
55
        128,
56
        128,
57
    },
58
    {
59
        1,
60
        TLS1_3_RFC_AES_256_GCM_SHA384,
61
        TLS1_3_RFC_AES_256_GCM_SHA384,
62
        TLS1_3_CK_AES_256_GCM_SHA384,
63
        SSL_kANY,
64
        SSL_aANY,
65
        SSL_AES256GCM,
66
        SSL_AEAD,
67
        TLS1_3_VERSION,
68
        TLS1_3_VERSION,
69
        0,
70
        0,
71
        SSL_HIGH,
72
        SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
73
        256,
74
        256,
75
    },
76
    {
77
        1,
78
        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
79
        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
80
        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
81
        SSL_kANY,
82
        SSL_aANY,
83
        SSL_CHACHA20POLY1305,
84
        SSL_AEAD,
85
        TLS1_3_VERSION,
86
        TLS1_3_VERSION,
87
        0,
88
        0,
89
        SSL_HIGH,
90
        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
91
        256,
92
        256,
93
    },
94
    {
95
        1,
96
        TLS1_3_RFC_AES_128_CCM_SHA256,
97
        TLS1_3_RFC_AES_128_CCM_SHA256,
98
        TLS1_3_CK_AES_128_CCM_SHA256,
99
        SSL_kANY,
100
        SSL_aANY,
101
        SSL_AES128CCM,
102
        SSL_AEAD,
103
        TLS1_3_VERSION,
104
        TLS1_3_VERSION,
105
        0,
106
        0,
107
        SSL_NOT_DEFAULT | SSL_HIGH,
108
        SSL_HANDSHAKE_MAC_SHA256,
109
        128,
110
        128,
111
    },
112
    {
113
        1,
114
        TLS1_3_RFC_AES_128_CCM_8_SHA256,
115
        TLS1_3_RFC_AES_128_CCM_8_SHA256,
116
        TLS1_3_CK_AES_128_CCM_8_SHA256,
117
        SSL_kANY,
118
        SSL_aANY,
119
        SSL_AES128CCM8,
120
        SSL_AEAD,
121
        TLS1_3_VERSION,
122
        TLS1_3_VERSION,
123
        0,
124
        0,
125
        SSL_NOT_DEFAULT | SSL_MEDIUM,
126
        SSL_HANDSHAKE_MAC_SHA256,
127
        64, /* CCM8 uses a short tag, so we have a low security strength */
128
        128,
129
    },
130
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
131
    {
132
        1,
133
        TLS1_3_RFC_SHA256_SHA256,
134
        TLS1_3_RFC_SHA256_SHA256,
135
        TLS1_3_CK_SHA256_SHA256,
136
        SSL_kANY,
137
        SSL_aANY,
138
        SSL_eNULL,
139
        SSL_SHA256,
140
        TLS1_3_VERSION,
141
        TLS1_3_VERSION,
142
        0,
143
        0,
144
        SSL_NOT_DEFAULT | SSL_STRONG_NONE,
145
        SSL_HANDSHAKE_MAC_SHA256,
146
        0,
147
        256,
148
    },
149
    {
150
        1,
151
        TLS1_3_RFC_SHA384_SHA384,
152
        TLS1_3_RFC_SHA384_SHA384,
153
        TLS1_3_CK_SHA384_SHA384,
154
        SSL_kANY,
155
        SSL_aANY,
156
        SSL_eNULL,
157
        SSL_SHA384,
158
        TLS1_3_VERSION,
159
        TLS1_3_VERSION,
160
        0,
161
        0,
162
        SSL_NOT_DEFAULT | SSL_STRONG_NONE,
163
        SSL_HANDSHAKE_MAC_SHA384,
164
        0,
165
        384,
166
    },
167
#endif
168
};
169

170
/*
171
 * The list of available ciphers, mostly organized into the following
172
 * groups:
173
 *      Always there
174
 *      EC
175
 *      PSK
176
 *      SRP (within that: RSA EC PSK)
177
 *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
178
 *      Weak ciphers
179
 */
180
static SSL_CIPHER ssl3_ciphers[] = {
181
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
182
    {
183
        1,
184
        SSL3_TXT_RSA_NULL_MD5,
185
        SSL3_RFC_RSA_NULL_MD5,
186
        SSL3_CK_RSA_NULL_MD5,
187
        SSL_kRSA,
188
        SSL_aRSA,
189
        SSL_eNULL,
190
        SSL_MD5,
191
        SSL3_VERSION,
192
        TLS1_2_VERSION,
193
        DTLS1_BAD_VER,
194
        DTLS1_2_VERSION,
195
        SSL_STRONG_NONE,
196
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
197
        0,
198
        0,
199
    },
200
    {
201
        1,
202
        SSL3_TXT_RSA_NULL_SHA,
203
        SSL3_RFC_RSA_NULL_SHA,
204
        SSL3_CK_RSA_NULL_SHA,
205
        SSL_kRSA,
206
        SSL_aRSA,
207
        SSL_eNULL,
208
        SSL_SHA1,
209
        SSL3_VERSION,
210
        TLS1_2_VERSION,
211
        DTLS1_BAD_VER,
212
        DTLS1_2_VERSION,
213
        SSL_STRONG_NONE | SSL_FIPS,
214
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
215
        0,
216
        0,
217
    },
218
#endif
219
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
220
    {
221
        1,
222
        SSL3_TXT_RSA_DES_192_CBC3_SHA,
223
        SSL3_RFC_RSA_DES_192_CBC3_SHA,
224
        SSL3_CK_RSA_DES_192_CBC3_SHA,
225
        SSL_kRSA,
226
        SSL_aRSA,
227
        SSL_3DES,
228
        SSL_SHA1,
229
        SSL3_VERSION,
230
        TLS1_2_VERSION,
231
        DTLS1_BAD_VER,
232
        DTLS1_2_VERSION,
233
        SSL_NOT_DEFAULT | SSL_MEDIUM,
234
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
235
        112,
236
        168,
237
    },
238
    {
239
        1,
240
        SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
241
        SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
242
        SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
243
        SSL_kDHE,
244
        SSL_aDSS,
245
        SSL_3DES,
246
        SSL_SHA1,
247
        SSL3_VERSION,
248
        TLS1_2_VERSION,
249
        DTLS1_BAD_VER,
250
        DTLS1_2_VERSION,
251
        SSL_NOT_DEFAULT | SSL_MEDIUM,
252
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
253
        112,
254
        168,
255
    },
256
    {
257
        1,
258
        SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
259
        SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
260
        SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
261
        SSL_kDHE,
262
        SSL_aRSA,
263
        SSL_3DES,
264
        SSL_SHA1,
265
        SSL3_VERSION,
266
        TLS1_2_VERSION,
267
        DTLS1_BAD_VER,
268
        DTLS1_2_VERSION,
269
        SSL_NOT_DEFAULT | SSL_MEDIUM,
270
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
271
        112,
272
        168,
273
    },
274
    {
275
        1,
276
        SSL3_TXT_ADH_DES_192_CBC_SHA,
277
        SSL3_RFC_ADH_DES_192_CBC_SHA,
278
        SSL3_CK_ADH_DES_192_CBC_SHA,
279
        SSL_kDHE,
280
        SSL_aNULL,
281
        SSL_3DES,
282
        SSL_SHA1,
283
        SSL3_VERSION,
284
        TLS1_2_VERSION,
285
        DTLS1_BAD_VER,
286
        DTLS1_2_VERSION,
287
        SSL_NOT_DEFAULT | SSL_MEDIUM,
288
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
289
        112,
290
        168,
291
    },
292
#endif
293
    {
294
        1,
295
        TLS1_TXT_RSA_WITH_AES_128_SHA,
296
        TLS1_RFC_RSA_WITH_AES_128_SHA,
297
        TLS1_CK_RSA_WITH_AES_128_SHA,
298
        SSL_kRSA,
299
        SSL_aRSA,
300
        SSL_AES128,
301
        SSL_SHA1,
302
        SSL3_VERSION,
303
        TLS1_2_VERSION,
304
        DTLS1_BAD_VER,
305
        DTLS1_2_VERSION,
306
        SSL_HIGH | SSL_FIPS,
307
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
308
        128,
309
        128,
310
    },
311
    {
312
        1,
313
        TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
314
        TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
315
        TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
316
        SSL_kDHE,
317
        SSL_aDSS,
318
        SSL_AES128,
319
        SSL_SHA1,
320
        SSL3_VERSION,
321
        TLS1_2_VERSION,
322
        DTLS1_BAD_VER,
323
        DTLS1_2_VERSION,
324
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
325
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
326
        128,
327
        128,
328
    },
329
    {
330
        1,
331
        TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
332
        TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
333
        TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
334
        SSL_kDHE,
335
        SSL_aRSA,
336
        SSL_AES128,
337
        SSL_SHA1,
338
        SSL3_VERSION,
339
        TLS1_2_VERSION,
340
        DTLS1_BAD_VER,
341
        DTLS1_2_VERSION,
342
        SSL_HIGH | SSL_FIPS,
343
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
344
        128,
345
        128,
346
    },
347
    {
348
        1,
349
        TLS1_TXT_ADH_WITH_AES_128_SHA,
350
        TLS1_RFC_ADH_WITH_AES_128_SHA,
351
        TLS1_CK_ADH_WITH_AES_128_SHA,
352
        SSL_kDHE,
353
        SSL_aNULL,
354
        SSL_AES128,
355
        SSL_SHA1,
356
        SSL3_VERSION,
357
        TLS1_2_VERSION,
358
        DTLS1_BAD_VER,
359
        DTLS1_2_VERSION,
360
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
361
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
362
        128,
363
        128,
364
    },
365
    {
366
        1,
367
        TLS1_TXT_RSA_WITH_AES_256_SHA,
368
        TLS1_RFC_RSA_WITH_AES_256_SHA,
369
        TLS1_CK_RSA_WITH_AES_256_SHA,
370
        SSL_kRSA,
371
        SSL_aRSA,
372
        SSL_AES256,
373
        SSL_SHA1,
374
        SSL3_VERSION,
375
        TLS1_2_VERSION,
376
        DTLS1_BAD_VER,
377
        DTLS1_2_VERSION,
378
        SSL_HIGH | SSL_FIPS,
379
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
380
        256,
381
        256,
382
    },
383
    {
384
        1,
385
        TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
386
        TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
387
        TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
388
        SSL_kDHE,
389
        SSL_aDSS,
390
        SSL_AES256,
391
        SSL_SHA1,
392
        SSL3_VERSION,
393
        TLS1_2_VERSION,
394
        DTLS1_BAD_VER,
395
        DTLS1_2_VERSION,
396
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
397
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
398
        256,
399
        256,
400
    },
401
    {
402
        1,
403
        TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
404
        TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
405
        TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
406
        SSL_kDHE,
407
        SSL_aRSA,
408
        SSL_AES256,
409
        SSL_SHA1,
410
        SSL3_VERSION,
411
        TLS1_2_VERSION,
412
        DTLS1_BAD_VER,
413
        DTLS1_2_VERSION,
414
        SSL_HIGH | SSL_FIPS,
415
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
416
        256,
417
        256,
418
    },
419
    {
420
        1,
421
        TLS1_TXT_ADH_WITH_AES_256_SHA,
422
        TLS1_RFC_ADH_WITH_AES_256_SHA,
423
        TLS1_CK_ADH_WITH_AES_256_SHA,
424
        SSL_kDHE,
425
        SSL_aNULL,
426
        SSL_AES256,
427
        SSL_SHA1,
428
        SSL3_VERSION,
429
        TLS1_2_VERSION,
430
        DTLS1_BAD_VER,
431
        DTLS1_2_VERSION,
432
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
433
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
434
        256,
435
        256,
436
    },
437
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
438
    {
439
        1,
440
        TLS1_TXT_RSA_WITH_NULL_SHA256,
441
        TLS1_RFC_RSA_WITH_NULL_SHA256,
442
        TLS1_CK_RSA_WITH_NULL_SHA256,
443
        SSL_kRSA,
444
        SSL_aRSA,
445
        SSL_eNULL,
446
        SSL_SHA256,
447
        TLS1_2_VERSION,
448
        TLS1_2_VERSION,
449
        DTLS1_2_VERSION,
450
        DTLS1_2_VERSION,
451
        SSL_STRONG_NONE | SSL_FIPS,
452
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
453
        0,
454
        0,
455
    },
456
#endif
457
    {
458
        1,
459
        TLS1_TXT_RSA_WITH_AES_128_SHA256,
460
        TLS1_RFC_RSA_WITH_AES_128_SHA256,
461
        TLS1_CK_RSA_WITH_AES_128_SHA256,
462
        SSL_kRSA,
463
        SSL_aRSA,
464
        SSL_AES128,
465
        SSL_SHA256,
466
        TLS1_2_VERSION,
467
        TLS1_2_VERSION,
468
        DTLS1_2_VERSION,
469
        DTLS1_2_VERSION,
470
        SSL_HIGH | SSL_FIPS,
471
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
472
        128,
473
        128,
474
    },
475
    {
476
        1,
477
        TLS1_TXT_RSA_WITH_AES_256_SHA256,
478
        TLS1_RFC_RSA_WITH_AES_256_SHA256,
479
        TLS1_CK_RSA_WITH_AES_256_SHA256,
480
        SSL_kRSA,
481
        SSL_aRSA,
482
        SSL_AES256,
483
        SSL_SHA256,
484
        TLS1_2_VERSION,
485
        TLS1_2_VERSION,
486
        DTLS1_2_VERSION,
487
        DTLS1_2_VERSION,
488
        SSL_HIGH | SSL_FIPS,
489
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
490
        256,
491
        256,
492
    },
493
    {
494
        1,
495
        TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
496
        TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
497
        TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
498
        SSL_kDHE,
499
        SSL_aDSS,
500
        SSL_AES128,
501
        SSL_SHA256,
502
        TLS1_2_VERSION,
503
        TLS1_2_VERSION,
504
        DTLS1_2_VERSION,
505
        DTLS1_2_VERSION,
506
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
507
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
508
        128,
509
        128,
510
    },
511
    {
512
        1,
513
        TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
514
        TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
515
        TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
516
        SSL_kDHE,
517
        SSL_aRSA,
518
        SSL_AES128,
519
        SSL_SHA256,
520
        TLS1_2_VERSION,
521
        TLS1_2_VERSION,
522
        DTLS1_2_VERSION,
523
        DTLS1_2_VERSION,
524
        SSL_HIGH | SSL_FIPS,
525
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
526
        128,
527
        128,
528
    },
529
    {
530
        1,
531
        TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
532
        TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
533
        TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
534
        SSL_kDHE,
535
        SSL_aDSS,
536
        SSL_AES256,
537
        SSL_SHA256,
538
        TLS1_2_VERSION,
539
        TLS1_2_VERSION,
540
        DTLS1_2_VERSION,
541
        DTLS1_2_VERSION,
542
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
543
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
544
        256,
545
        256,
546
    },
547
    {
548
        1,
549
        TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
550
        TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
551
        TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
552
        SSL_kDHE,
553
        SSL_aRSA,
554
        SSL_AES256,
555
        SSL_SHA256,
556
        TLS1_2_VERSION,
557
        TLS1_2_VERSION,
558
        DTLS1_2_VERSION,
559
        DTLS1_2_VERSION,
560
        SSL_HIGH | SSL_FIPS,
561
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
562
        256,
563
        256,
564
    },
565
    {
566
        1,
567
        TLS1_TXT_ADH_WITH_AES_128_SHA256,
568
        TLS1_RFC_ADH_WITH_AES_128_SHA256,
569
        TLS1_CK_ADH_WITH_AES_128_SHA256,
570
        SSL_kDHE,
571
        SSL_aNULL,
572
        SSL_AES128,
573
        SSL_SHA256,
574
        TLS1_2_VERSION,
575
        TLS1_2_VERSION,
576
        DTLS1_2_VERSION,
577
        DTLS1_2_VERSION,
578
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
579
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
580
        128,
581
        128,
582
    },
583
    {
584
        1,
585
        TLS1_TXT_ADH_WITH_AES_256_SHA256,
586
        TLS1_RFC_ADH_WITH_AES_256_SHA256,
587
        TLS1_CK_ADH_WITH_AES_256_SHA256,
588
        SSL_kDHE,
589
        SSL_aNULL,
590
        SSL_AES256,
591
        SSL_SHA256,
592
        TLS1_2_VERSION,
593
        TLS1_2_VERSION,
594
        DTLS1_2_VERSION,
595
        DTLS1_2_VERSION,
596
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
597
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
598
        256,
599
        256,
600
    },
601
    {
602
        1,
603
        TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
604
        TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
605
        TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
606
        SSL_kRSA,
607
        SSL_aRSA,
608
        SSL_AES128GCM,
609
        SSL_AEAD,
610
        TLS1_2_VERSION,
611
        TLS1_2_VERSION,
612
        DTLS1_2_VERSION,
613
        DTLS1_2_VERSION,
614
        SSL_HIGH | SSL_FIPS,
615
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
616
        128,
617
        128,
618
    },
619
    {
620
        1,
621
        TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
622
        TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
623
        TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
624
        SSL_kRSA,
625
        SSL_aRSA,
626
        SSL_AES256GCM,
627
        SSL_AEAD,
628
        TLS1_2_VERSION,
629
        TLS1_2_VERSION,
630
        DTLS1_2_VERSION,
631
        DTLS1_2_VERSION,
632
        SSL_HIGH | SSL_FIPS,
633
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
634
        256,
635
        256,
636
    },
637
    {
638
        1,
639
        TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
640
        TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
641
        TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
642
        SSL_kDHE,
643
        SSL_aRSA,
644
        SSL_AES128GCM,
645
        SSL_AEAD,
646
        TLS1_2_VERSION,
647
        TLS1_2_VERSION,
648
        DTLS1_2_VERSION,
649
        DTLS1_2_VERSION,
650
        SSL_HIGH | SSL_FIPS,
651
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
652
        128,
653
        128,
654
    },
655
    {
656
        1,
657
        TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
658
        TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
659
        TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
660
        SSL_kDHE,
661
        SSL_aRSA,
662
        SSL_AES256GCM,
663
        SSL_AEAD,
664
        TLS1_2_VERSION,
665
        TLS1_2_VERSION,
666
        DTLS1_2_VERSION,
667
        DTLS1_2_VERSION,
668
        SSL_HIGH | SSL_FIPS,
669
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
670
        256,
671
        256,
672
    },
673
    {
674
        1,
675
        TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
676
        TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
677
        TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
678
        SSL_kDHE,
679
        SSL_aDSS,
680
        SSL_AES128GCM,
681
        SSL_AEAD,
682
        TLS1_2_VERSION,
683
        TLS1_2_VERSION,
684
        DTLS1_2_VERSION,
685
        DTLS1_2_VERSION,
686
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
687
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
688
        128,
689
        128,
690
    },
691
    {
692
        1,
693
        TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
694
        TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
695
        TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
696
        SSL_kDHE,
697
        SSL_aDSS,
698
        SSL_AES256GCM,
699
        SSL_AEAD,
700
        TLS1_2_VERSION,
701
        TLS1_2_VERSION,
702
        DTLS1_2_VERSION,
703
        DTLS1_2_VERSION,
704
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
705
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
706
        256,
707
        256,
708
    },
709
    {
710
        1,
711
        TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
712
        TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
713
        TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
714
        SSL_kDHE,
715
        SSL_aNULL,
716
        SSL_AES128GCM,
717
        SSL_AEAD,
718
        TLS1_2_VERSION,
719
        TLS1_2_VERSION,
720
        DTLS1_2_VERSION,
721
        DTLS1_2_VERSION,
722
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
723
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
724
        128,
725
        128,
726
    },
727
    {
728
        1,
729
        TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
730
        TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
731
        TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
732
        SSL_kDHE,
733
        SSL_aNULL,
734
        SSL_AES256GCM,
735
        SSL_AEAD,
736
        TLS1_2_VERSION,
737
        TLS1_2_VERSION,
738
        DTLS1_2_VERSION,
739
        DTLS1_2_VERSION,
740
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
741
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
742
        256,
743
        256,
744
    },
745
    {
746
        1,
747
        TLS1_TXT_RSA_WITH_AES_128_CCM,
748
        TLS1_RFC_RSA_WITH_AES_128_CCM,
749
        TLS1_CK_RSA_WITH_AES_128_CCM,
750
        SSL_kRSA,
751
        SSL_aRSA,
752
        SSL_AES128CCM,
753
        SSL_AEAD,
754
        TLS1_2_VERSION,
755
        TLS1_2_VERSION,
756
        DTLS1_2_VERSION,
757
        DTLS1_2_VERSION,
758
        SSL_NOT_DEFAULT | SSL_HIGH,
759
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
760
        128,
761
        128,
762
    },
763
    {
764
        1,
765
        TLS1_TXT_RSA_WITH_AES_256_CCM,
766
        TLS1_RFC_RSA_WITH_AES_256_CCM,
767
        TLS1_CK_RSA_WITH_AES_256_CCM,
768
        SSL_kRSA,
769
        SSL_aRSA,
770
        SSL_AES256CCM,
771
        SSL_AEAD,
772
        TLS1_2_VERSION,
773
        TLS1_2_VERSION,
774
        DTLS1_2_VERSION,
775
        DTLS1_2_VERSION,
776
        SSL_NOT_DEFAULT | SSL_HIGH,
777
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
778
        256,
779
        256,
780
    },
781
    {
782
        1,
783
        TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
784
        TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
785
        TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
786
        SSL_kDHE,
787
        SSL_aRSA,
788
        SSL_AES128CCM,
789
        SSL_AEAD,
790
        TLS1_2_VERSION,
791
        TLS1_2_VERSION,
792
        DTLS1_2_VERSION,
793
        DTLS1_2_VERSION,
794
        SSL_NOT_DEFAULT | SSL_HIGH,
795
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
796
        128,
797
        128,
798
    },
799
    {
800
        1,
801
        TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
802
        TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
803
        TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
804
        SSL_kDHE,
805
        SSL_aRSA,
806
        SSL_AES256CCM,
807
        SSL_AEAD,
808
        TLS1_2_VERSION,
809
        TLS1_2_VERSION,
810
        DTLS1_2_VERSION,
811
        DTLS1_2_VERSION,
812
        SSL_NOT_DEFAULT | SSL_HIGH,
813
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
814
        256,
815
        256,
816
    },
817
    {
818
        1,
819
        TLS1_TXT_RSA_WITH_AES_128_CCM_8,
820
        TLS1_RFC_RSA_WITH_AES_128_CCM_8,
821
        TLS1_CK_RSA_WITH_AES_128_CCM_8,
822
        SSL_kRSA,
823
        SSL_aRSA,
824
        SSL_AES128CCM8,
825
        SSL_AEAD,
826
        TLS1_2_VERSION,
827
        TLS1_2_VERSION,
828
        DTLS1_2_VERSION,
829
        DTLS1_2_VERSION,
830
        SSL_NOT_DEFAULT | SSL_MEDIUM,
831
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
832
        64, /* CCM8 uses a short tag, so we have a low security strength */
833
        128,
834
    },
835
    {
836
        1,
837
        TLS1_TXT_RSA_WITH_AES_256_CCM_8,
838
        TLS1_RFC_RSA_WITH_AES_256_CCM_8,
839
        TLS1_CK_RSA_WITH_AES_256_CCM_8,
840
        SSL_kRSA,
841
        SSL_aRSA,
842
        SSL_AES256CCM8,
843
        SSL_AEAD,
844
        TLS1_2_VERSION,
845
        TLS1_2_VERSION,
846
        DTLS1_2_VERSION,
847
        DTLS1_2_VERSION,
848
        SSL_NOT_DEFAULT | SSL_MEDIUM,
849
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
850
        64, /* CCM8 uses a short tag, so we have a low security strength */
851
        256,
852
    },
853
    {
854
        1,
855
        TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
856
        TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
857
        TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
858
        SSL_kDHE,
859
        SSL_aRSA,
860
        SSL_AES128CCM8,
861
        SSL_AEAD,
862
        TLS1_2_VERSION,
863
        TLS1_2_VERSION,
864
        DTLS1_2_VERSION,
865
        DTLS1_2_VERSION,
866
        SSL_NOT_DEFAULT | SSL_MEDIUM,
867
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
868
        64, /* CCM8 uses a short tag, so we have a low security strength */
869
        128,
870
    },
871
    {
872
        1,
873
        TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
874
        TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
875
        TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
876
        SSL_kDHE,
877
        SSL_aRSA,
878
        SSL_AES256CCM8,
879
        SSL_AEAD,
880
        TLS1_2_VERSION,
881
        TLS1_2_VERSION,
882
        DTLS1_2_VERSION,
883
        DTLS1_2_VERSION,
884
        SSL_NOT_DEFAULT | SSL_MEDIUM,
885
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
886
        64, /* CCM8 uses a short tag, so we have a low security strength */
887
        256,
888
    },
889
    {
890
        1,
891
        TLS1_TXT_PSK_WITH_AES_128_CCM,
892
        TLS1_RFC_PSK_WITH_AES_128_CCM,
893
        TLS1_CK_PSK_WITH_AES_128_CCM,
894
        SSL_kPSK,
895
        SSL_aPSK,
896
        SSL_AES128CCM,
897
        SSL_AEAD,
898
        TLS1_2_VERSION,
899
        TLS1_2_VERSION,
900
        DTLS1_2_VERSION,
901
        DTLS1_2_VERSION,
902
        SSL_NOT_DEFAULT | SSL_HIGH,
903
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
904
        128,
905
        128,
906
    },
907
    {
908
        1,
909
        TLS1_TXT_PSK_WITH_AES_256_CCM,
910
        TLS1_RFC_PSK_WITH_AES_256_CCM,
911
        TLS1_CK_PSK_WITH_AES_256_CCM,
912
        SSL_kPSK,
913
        SSL_aPSK,
914
        SSL_AES256CCM,
915
        SSL_AEAD,
916
        TLS1_2_VERSION,
917
        TLS1_2_VERSION,
918
        DTLS1_2_VERSION,
919
        DTLS1_2_VERSION,
920
        SSL_NOT_DEFAULT | SSL_HIGH,
921
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
922
        256,
923
        256,
924
    },
925
    {
926
        1,
927
        TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
928
        TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
929
        TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
930
        SSL_kDHEPSK,
931
        SSL_aPSK,
932
        SSL_AES128CCM,
933
        SSL_AEAD,
934
        TLS1_2_VERSION,
935
        TLS1_2_VERSION,
936
        DTLS1_2_VERSION,
937
        DTLS1_2_VERSION,
938
        SSL_NOT_DEFAULT | SSL_HIGH,
939
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
940
        128,
941
        128,
942
    },
943
    {
944
        1,
945
        TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
946
        TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
947
        TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
948
        SSL_kDHEPSK,
949
        SSL_aPSK,
950
        SSL_AES256CCM,
951
        SSL_AEAD,
952
        TLS1_2_VERSION,
953
        TLS1_2_VERSION,
954
        DTLS1_2_VERSION,
955
        DTLS1_2_VERSION,
956
        SSL_NOT_DEFAULT | SSL_HIGH,
957
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
958
        256,
959
        256,
960
    },
961
    {
962
        1,
963
        TLS1_TXT_PSK_WITH_AES_128_CCM_8,
964
        TLS1_RFC_PSK_WITH_AES_128_CCM_8,
965
        TLS1_CK_PSK_WITH_AES_128_CCM_8,
966
        SSL_kPSK,
967
        SSL_aPSK,
968
        SSL_AES128CCM8,
969
        SSL_AEAD,
970
        TLS1_2_VERSION,
971
        TLS1_2_VERSION,
972
        DTLS1_2_VERSION,
973
        DTLS1_2_VERSION,
974
        SSL_NOT_DEFAULT | SSL_MEDIUM,
975
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
976
        64, /* CCM8 uses a short tag, so we have a low security strength */
977
        128,
978
    },
979
    {
980
        1,
981
        TLS1_TXT_PSK_WITH_AES_256_CCM_8,
982
        TLS1_RFC_PSK_WITH_AES_256_CCM_8,
983
        TLS1_CK_PSK_WITH_AES_256_CCM_8,
984
        SSL_kPSK,
985
        SSL_aPSK,
986
        SSL_AES256CCM8,
987
        SSL_AEAD,
988
        TLS1_2_VERSION,
989
        TLS1_2_VERSION,
990
        DTLS1_2_VERSION,
991
        DTLS1_2_VERSION,
992
        SSL_NOT_DEFAULT | SSL_MEDIUM,
993
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
994
        64, /* CCM8 uses a short tag, so we have a low security strength */
995
        256,
996
    },
997
    {
998
        1,
999
        TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
1000
        TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
1001
        TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
1002
        SSL_kDHEPSK,
1003
        SSL_aPSK,
1004
        SSL_AES128CCM8,
1005
        SSL_AEAD,
1006
        TLS1_2_VERSION,
1007
        TLS1_2_VERSION,
1008
        DTLS1_2_VERSION,
1009
        DTLS1_2_VERSION,
1010
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1011
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1012
        64, /* CCM8 uses a short tag, so we have a low security strength */
1013
        128,
1014
    },
1015
    {
1016
        1,
1017
        TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
1018
        TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
1019
        TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
1020
        SSL_kDHEPSK,
1021
        SSL_aPSK,
1022
        SSL_AES256CCM8,
1023
        SSL_AEAD,
1024
        TLS1_2_VERSION,
1025
        TLS1_2_VERSION,
1026
        DTLS1_2_VERSION,
1027
        DTLS1_2_VERSION,
1028
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1029
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1030
        64, /* CCM8 uses a short tag, so we have a low security strength */
1031
        256,
1032
    },
1033
    {
1034
        1,
1035
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
1036
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
1037
        TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
1038
        SSL_kECDHE,
1039
        SSL_aECDSA,
1040
        SSL_AES128CCM,
1041
        SSL_AEAD,
1042
        TLS1_2_VERSION,
1043
        TLS1_2_VERSION,
1044
        DTLS1_2_VERSION,
1045
        DTLS1_2_VERSION,
1046
        SSL_NOT_DEFAULT | SSL_HIGH,
1047
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1048
        128,
1049
        128,
1050
    },
1051
    {
1052
        1,
1053
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
1054
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
1055
        TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
1056
        SSL_kECDHE,
1057
        SSL_aECDSA,
1058
        SSL_AES256CCM,
1059
        SSL_AEAD,
1060
        TLS1_2_VERSION,
1061
        TLS1_2_VERSION,
1062
        DTLS1_2_VERSION,
1063
        DTLS1_2_VERSION,
1064
        SSL_NOT_DEFAULT | SSL_HIGH,
1065
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1066
        256,
1067
        256,
1068
    },
1069
    {
1070
        1,
1071
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
1072
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
1073
        TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
1074
        SSL_kECDHE,
1075
        SSL_aECDSA,
1076
        SSL_AES128CCM8,
1077
        SSL_AEAD,
1078
        TLS1_2_VERSION,
1079
        TLS1_2_VERSION,
1080
        DTLS1_2_VERSION,
1081
        DTLS1_2_VERSION,
1082
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1083
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1084
        64, /* CCM8 uses a short tag, so we have a low security strength */
1085
        128,
1086
    },
1087
    {
1088
        1,
1089
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
1090
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
1091
        TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
1092
        SSL_kECDHE,
1093
        SSL_aECDSA,
1094
        SSL_AES256CCM8,
1095
        SSL_AEAD,
1096
        TLS1_2_VERSION,
1097
        TLS1_2_VERSION,
1098
        DTLS1_2_VERSION,
1099
        DTLS1_2_VERSION,
1100
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1101
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1102
        64, /* CCM8 uses a short tag, so we have a low security strength */
1103
        256,
1104
    },
1105
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1106
    {
1107
        1,
1108
        TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1109
        TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
1110
        TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1111
        SSL_kECDHE,
1112
        SSL_aECDSA,
1113
        SSL_eNULL,
1114
        SSL_SHA1,
1115
        TLS1_VERSION,
1116
        TLS1_2_VERSION,
1117
        DTLS1_BAD_VER,
1118
        DTLS1_2_VERSION,
1119
        SSL_STRONG_NONE | SSL_FIPS,
1120
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1121
        0,
1122
        0,
1123
    },
1124
#endif
1125
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1126
    {
1127
        1,
1128
        TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1129
        TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1130
        TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1131
        SSL_kECDHE,
1132
        SSL_aECDSA,
1133
        SSL_3DES,
1134
        SSL_SHA1,
1135
        TLS1_VERSION,
1136
        TLS1_2_VERSION,
1137
        DTLS1_BAD_VER,
1138
        DTLS1_2_VERSION,
1139
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1140
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1141
        112,
1142
        168,
1143
    },
1144
#endif
1145
    {
1146
        1,
1147
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1148
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1149
        TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1150
        SSL_kECDHE,
1151
        SSL_aECDSA,
1152
        SSL_AES128,
1153
        SSL_SHA1,
1154
        TLS1_VERSION,
1155
        TLS1_2_VERSION,
1156
        DTLS1_BAD_VER,
1157
        DTLS1_2_VERSION,
1158
        SSL_HIGH | SSL_FIPS,
1159
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1160
        128,
1161
        128,
1162
    },
1163
    {
1164
        1,
1165
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1166
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1167
        TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1168
        SSL_kECDHE,
1169
        SSL_aECDSA,
1170
        SSL_AES256,
1171
        SSL_SHA1,
1172
        TLS1_VERSION,
1173
        TLS1_2_VERSION,
1174
        DTLS1_BAD_VER,
1175
        DTLS1_2_VERSION,
1176
        SSL_HIGH | SSL_FIPS,
1177
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1178
        256,
1179
        256,
1180
    },
1181
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1182
    {
1183
        1,
1184
        TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1185
        TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1186
        TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1187
        SSL_kECDHE,
1188
        SSL_aRSA,
1189
        SSL_eNULL,
1190
        SSL_SHA1,
1191
        TLS1_VERSION,
1192
        TLS1_2_VERSION,
1193
        DTLS1_BAD_VER,
1194
        DTLS1_2_VERSION,
1195
        SSL_STRONG_NONE | SSL_FIPS,
1196
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1197
        0,
1198
        0,
1199
    },
1200
#endif
1201
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1202
    {
1203
        1,
1204
        TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1205
        TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1206
        TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1207
        SSL_kECDHE,
1208
        SSL_aRSA,
1209
        SSL_3DES,
1210
        SSL_SHA1,
1211
        TLS1_VERSION,
1212
        TLS1_2_VERSION,
1213
        DTLS1_BAD_VER,
1214
        DTLS1_2_VERSION,
1215
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1216
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1217
        112,
1218
        168,
1219
    },
1220
#endif
1221
    {
1222
        1,
1223
        TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1224
        TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1225
        TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1226
        SSL_kECDHE,
1227
        SSL_aRSA,
1228
        SSL_AES128,
1229
        SSL_SHA1,
1230
        TLS1_VERSION,
1231
        TLS1_2_VERSION,
1232
        DTLS1_BAD_VER,
1233
        DTLS1_2_VERSION,
1234
        SSL_HIGH | SSL_FIPS,
1235
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1236
        128,
1237
        128,
1238
    },
1239
    {
1240
        1,
1241
        TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1242
        TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1243
        TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1244
        SSL_kECDHE,
1245
        SSL_aRSA,
1246
        SSL_AES256,
1247
        SSL_SHA1,
1248
        TLS1_VERSION,
1249
        TLS1_2_VERSION,
1250
        DTLS1_BAD_VER,
1251
        DTLS1_2_VERSION,
1252
        SSL_HIGH | SSL_FIPS,
1253
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1254
        256,
1255
        256,
1256
    },
1257
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1258
    {
1259
        1,
1260
        TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1261
        TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1262
        TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1263
        SSL_kECDHE,
1264
        SSL_aNULL,
1265
        SSL_eNULL,
1266
        SSL_SHA1,
1267
        TLS1_VERSION,
1268
        TLS1_2_VERSION,
1269
        DTLS1_BAD_VER,
1270
        DTLS1_2_VERSION,
1271
        SSL_STRONG_NONE | SSL_FIPS,
1272
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1273
        0,
1274
        0,
1275
    },
1276
#endif
1277
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1278
    {
1279
        1,
1280
        TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1281
        TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1282
        TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1283
        SSL_kECDHE,
1284
        SSL_aNULL,
1285
        SSL_3DES,
1286
        SSL_SHA1,
1287
        TLS1_VERSION,
1288
        TLS1_2_VERSION,
1289
        DTLS1_BAD_VER,
1290
        DTLS1_2_VERSION,
1291
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1292
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1293
        112,
1294
        168,
1295
    },
1296
#endif
1297
    {
1298
        1,
1299
        TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1300
        TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1301
        TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1302
        SSL_kECDHE,
1303
        SSL_aNULL,
1304
        SSL_AES128,
1305
        SSL_SHA1,
1306
        TLS1_VERSION,
1307
        TLS1_2_VERSION,
1308
        DTLS1_BAD_VER,
1309
        DTLS1_2_VERSION,
1310
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1311
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1312
        128,
1313
        128,
1314
    },
1315
    {
1316
        1,
1317
        TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1318
        TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1319
        TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1320
        SSL_kECDHE,
1321
        SSL_aNULL,
1322
        SSL_AES256,
1323
        SSL_SHA1,
1324
        TLS1_VERSION,
1325
        TLS1_2_VERSION,
1326
        DTLS1_BAD_VER,
1327
        DTLS1_2_VERSION,
1328
        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1329
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1330
        256,
1331
        256,
1332
    },
1333
    {
1334
        1,
1335
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1336
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1337
        TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1338
        SSL_kECDHE,
1339
        SSL_aECDSA,
1340
        SSL_AES128,
1341
        SSL_SHA256,
1342
        TLS1_2_VERSION,
1343
        TLS1_2_VERSION,
1344
        DTLS1_2_VERSION,
1345
        DTLS1_2_VERSION,
1346
        SSL_HIGH | SSL_FIPS,
1347
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1348
        128,
1349
        128,
1350
    },
1351
    {
1352
        1,
1353
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1354
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1355
        TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1356
        SSL_kECDHE,
1357
        SSL_aECDSA,
1358
        SSL_AES256,
1359
        SSL_SHA384,
1360
        TLS1_2_VERSION,
1361
        TLS1_2_VERSION,
1362
        DTLS1_2_VERSION,
1363
        DTLS1_2_VERSION,
1364
        SSL_HIGH | SSL_FIPS,
1365
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1366
        256,
1367
        256,
1368
    },
1369
    {
1370
        1,
1371
        TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1372
        TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1373
        TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1374
        SSL_kECDHE,
1375
        SSL_aRSA,
1376
        SSL_AES128,
1377
        SSL_SHA256,
1378
        TLS1_2_VERSION,
1379
        TLS1_2_VERSION,
1380
        DTLS1_2_VERSION,
1381
        DTLS1_2_VERSION,
1382
        SSL_HIGH | SSL_FIPS,
1383
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1384
        128,
1385
        128,
1386
    },
1387
    {
1388
        1,
1389
        TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1390
        TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1391
        TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1392
        SSL_kECDHE,
1393
        SSL_aRSA,
1394
        SSL_AES256,
1395
        SSL_SHA384,
1396
        TLS1_2_VERSION,
1397
        TLS1_2_VERSION,
1398
        DTLS1_2_VERSION,
1399
        DTLS1_2_VERSION,
1400
        SSL_HIGH | SSL_FIPS,
1401
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1402
        256,
1403
        256,
1404
    },
1405
    {
1406
        1,
1407
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1408
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1409
        TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1410
        SSL_kECDHE,
1411
        SSL_aECDSA,
1412
        SSL_AES128GCM,
1413
        SSL_AEAD,
1414
        TLS1_2_VERSION,
1415
        TLS1_2_VERSION,
1416
        DTLS1_2_VERSION,
1417
        DTLS1_2_VERSION,
1418
        SSL_HIGH | SSL_FIPS,
1419
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1420
        128,
1421
        128,
1422
    },
1423
    {
1424
        1,
1425
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1426
        TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1427
        TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1428
        SSL_kECDHE,
1429
        SSL_aECDSA,
1430
        SSL_AES256GCM,
1431
        SSL_AEAD,
1432
        TLS1_2_VERSION,
1433
        TLS1_2_VERSION,
1434
        DTLS1_2_VERSION,
1435
        DTLS1_2_VERSION,
1436
        SSL_HIGH | SSL_FIPS,
1437
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1438
        256,
1439
        256,
1440
    },
1441
    {
1442
        1,
1443
        TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1444
        TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1445
        TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1446
        SSL_kECDHE,
1447
        SSL_aRSA,
1448
        SSL_AES128GCM,
1449
        SSL_AEAD,
1450
        TLS1_2_VERSION,
1451
        TLS1_2_VERSION,
1452
        DTLS1_2_VERSION,
1453
        DTLS1_2_VERSION,
1454
        SSL_HIGH | SSL_FIPS,
1455
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1456
        128,
1457
        128,
1458
    },
1459
    {
1460
        1,
1461
        TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1462
        TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1463
        TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1464
        SSL_kECDHE,
1465
        SSL_aRSA,
1466
        SSL_AES256GCM,
1467
        SSL_AEAD,
1468
        TLS1_2_VERSION,
1469
        TLS1_2_VERSION,
1470
        DTLS1_2_VERSION,
1471
        DTLS1_2_VERSION,
1472
        SSL_HIGH | SSL_FIPS,
1473
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1474
        256,
1475
        256,
1476
    },
1477
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1478
    {
1479
        1,
1480
        TLS1_TXT_PSK_WITH_NULL_SHA,
1481
        TLS1_RFC_PSK_WITH_NULL_SHA,
1482
        TLS1_CK_PSK_WITH_NULL_SHA,
1483
        SSL_kPSK,
1484
        SSL_aPSK,
1485
        SSL_eNULL,
1486
        SSL_SHA1,
1487
        SSL3_VERSION,
1488
        TLS1_2_VERSION,
1489
        DTLS1_BAD_VER,
1490
        DTLS1_2_VERSION,
1491
        SSL_STRONG_NONE | SSL_FIPS,
1492
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1493
        0,
1494
        0,
1495
    },
1496
    {
1497
        1,
1498
        TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1499
        TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1500
        TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1501
        SSL_kDHEPSK,
1502
        SSL_aPSK,
1503
        SSL_eNULL,
1504
        SSL_SHA1,
1505
        SSL3_VERSION,
1506
        TLS1_2_VERSION,
1507
        DTLS1_BAD_VER,
1508
        DTLS1_2_VERSION,
1509
        SSL_STRONG_NONE | SSL_FIPS,
1510
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1511
        0,
1512
        0,
1513
    },
1514
    {
1515
        1,
1516
        TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1517
        TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1518
        TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1519
        SSL_kRSAPSK,
1520
        SSL_aRSA,
1521
        SSL_eNULL,
1522
        SSL_SHA1,
1523
        SSL3_VERSION,
1524
        TLS1_2_VERSION,
1525
        DTLS1_BAD_VER,
1526
        DTLS1_2_VERSION,
1527
        SSL_STRONG_NONE | SSL_FIPS,
1528
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1529
        0,
1530
        0,
1531
    },
1532
#endif
1533
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1534
    {
1535
        1,
1536
        TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1537
        TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1538
        TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1539
        SSL_kPSK,
1540
        SSL_aPSK,
1541
        SSL_3DES,
1542
        SSL_SHA1,
1543
        SSL3_VERSION,
1544
        TLS1_2_VERSION,
1545
        DTLS1_BAD_VER,
1546
        DTLS1_2_VERSION,
1547
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1548
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1549
        112,
1550
        168,
1551
    },
1552
#endif
1553
    {
1554
        1,
1555
        TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1556
        TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1557
        TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1558
        SSL_kPSK,
1559
        SSL_aPSK,
1560
        SSL_AES128,
1561
        SSL_SHA1,
1562
        SSL3_VERSION,
1563
        TLS1_2_VERSION,
1564
        DTLS1_BAD_VER,
1565
        DTLS1_2_VERSION,
1566
        SSL_HIGH | SSL_FIPS,
1567
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1568
        128,
1569
        128,
1570
    },
1571
    {
1572
        1,
1573
        TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1574
        TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1575
        TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1576
        SSL_kPSK,
1577
        SSL_aPSK,
1578
        SSL_AES256,
1579
        SSL_SHA1,
1580
        SSL3_VERSION,
1581
        TLS1_2_VERSION,
1582
        DTLS1_BAD_VER,
1583
        DTLS1_2_VERSION,
1584
        SSL_HIGH | SSL_FIPS,
1585
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1586
        256,
1587
        256,
1588
    },
1589
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1590
    {
1591
        1,
1592
        TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1593
        TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1594
        TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1595
        SSL_kDHEPSK,
1596
        SSL_aPSK,
1597
        SSL_3DES,
1598
        SSL_SHA1,
1599
        SSL3_VERSION,
1600
        TLS1_2_VERSION,
1601
        DTLS1_BAD_VER,
1602
        DTLS1_2_VERSION,
1603
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1604
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1605
        112,
1606
        168,
1607
    },
1608
#endif
1609
    {
1610
        1,
1611
        TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1612
        TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1613
        TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1614
        SSL_kDHEPSK,
1615
        SSL_aPSK,
1616
        SSL_AES128,
1617
        SSL_SHA1,
1618
        SSL3_VERSION,
1619
        TLS1_2_VERSION,
1620
        DTLS1_BAD_VER,
1621
        DTLS1_2_VERSION,
1622
        SSL_HIGH | SSL_FIPS,
1623
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1624
        128,
1625
        128,
1626
    },
1627
    {
1628
        1,
1629
        TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1630
        TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1631
        TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1632
        SSL_kDHEPSK,
1633
        SSL_aPSK,
1634
        SSL_AES256,
1635
        SSL_SHA1,
1636
        SSL3_VERSION,
1637
        TLS1_2_VERSION,
1638
        DTLS1_BAD_VER,
1639
        DTLS1_2_VERSION,
1640
        SSL_HIGH | SSL_FIPS,
1641
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1642
        256,
1643
        256,
1644
    },
1645
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1646
    {
1647
        1,
1648
        TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1649
        TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1650
        TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1651
        SSL_kRSAPSK,
1652
        SSL_aRSA,
1653
        SSL_3DES,
1654
        SSL_SHA1,
1655
        SSL3_VERSION,
1656
        TLS1_2_VERSION,
1657
        DTLS1_BAD_VER,
1658
        DTLS1_2_VERSION,
1659
        SSL_NOT_DEFAULT | SSL_MEDIUM,
1660
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1661
        112,
1662
        168,
1663
    },
1664
#endif
1665
    {
1666
        1,
1667
        TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1668
        TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1669
        TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1670
        SSL_kRSAPSK,
1671
        SSL_aRSA,
1672
        SSL_AES128,
1673
        SSL_SHA1,
1674
        SSL3_VERSION,
1675
        TLS1_2_VERSION,
1676
        DTLS1_BAD_VER,
1677
        DTLS1_2_VERSION,
1678
        SSL_HIGH | SSL_FIPS,
1679
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1680
        128,
1681
        128,
1682
    },
1683
    {
1684
        1,
1685
        TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1686
        TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1687
        TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1688
        SSL_kRSAPSK,
1689
        SSL_aRSA,
1690
        SSL_AES256,
1691
        SSL_SHA1,
1692
        SSL3_VERSION,
1693
        TLS1_2_VERSION,
1694
        DTLS1_BAD_VER,
1695
        DTLS1_2_VERSION,
1696
        SSL_HIGH | SSL_FIPS,
1697
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1698
        256,
1699
        256,
1700
    },
1701
    {
1702
        1,
1703
        TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1704
        TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1705
        TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1706
        SSL_kPSK,
1707
        SSL_aPSK,
1708
        SSL_AES128GCM,
1709
        SSL_AEAD,
1710
        TLS1_2_VERSION,
1711
        TLS1_2_VERSION,
1712
        DTLS1_2_VERSION,
1713
        DTLS1_2_VERSION,
1714
        SSL_HIGH | SSL_FIPS,
1715
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1716
        128,
1717
        128,
1718
    },
1719
    {
1720
        1,
1721
        TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1722
        TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1723
        TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1724
        SSL_kPSK,
1725
        SSL_aPSK,
1726
        SSL_AES256GCM,
1727
        SSL_AEAD,
1728
        TLS1_2_VERSION,
1729
        TLS1_2_VERSION,
1730
        DTLS1_2_VERSION,
1731
        DTLS1_2_VERSION,
1732
        SSL_HIGH | SSL_FIPS,
1733
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1734
        256,
1735
        256,
1736
    },
1737
    {
1738
        1,
1739
        TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1740
        TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1741
        TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1742
        SSL_kDHEPSK,
1743
        SSL_aPSK,
1744
        SSL_AES128GCM,
1745
        SSL_AEAD,
1746
        TLS1_2_VERSION,
1747
        TLS1_2_VERSION,
1748
        DTLS1_2_VERSION,
1749
        DTLS1_2_VERSION,
1750
        SSL_HIGH | SSL_FIPS,
1751
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1752
        128,
1753
        128,
1754
    },
1755
    {
1756
        1,
1757
        TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1758
        TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1759
        TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1760
        SSL_kDHEPSK,
1761
        SSL_aPSK,
1762
        SSL_AES256GCM,
1763
        SSL_AEAD,
1764
        TLS1_2_VERSION,
1765
        TLS1_2_VERSION,
1766
        DTLS1_2_VERSION,
1767
        DTLS1_2_VERSION,
1768
        SSL_HIGH | SSL_FIPS,
1769
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1770
        256,
1771
        256,
1772
    },
1773
    {
1774
        1,
1775
        TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1776
        TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1777
        TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1778
        SSL_kRSAPSK,
1779
        SSL_aRSA,
1780
        SSL_AES128GCM,
1781
        SSL_AEAD,
1782
        TLS1_2_VERSION,
1783
        TLS1_2_VERSION,
1784
        DTLS1_2_VERSION,
1785
        DTLS1_2_VERSION,
1786
        SSL_HIGH | SSL_FIPS,
1787
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1788
        128,
1789
        128,
1790
    },
1791
    {
1792
        1,
1793
        TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1794
        TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1795
        TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1796
        SSL_kRSAPSK,
1797
        SSL_aRSA,
1798
        SSL_AES256GCM,
1799
        SSL_AEAD,
1800
        TLS1_2_VERSION,
1801
        TLS1_2_VERSION,
1802
        DTLS1_2_VERSION,
1803
        DTLS1_2_VERSION,
1804
        SSL_HIGH | SSL_FIPS,
1805
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1806
        256,
1807
        256,
1808
    },
1809
    {
1810
        1,
1811
        TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1812
        TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1813
        TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1814
        SSL_kPSK,
1815
        SSL_aPSK,
1816
        SSL_AES128,
1817
        SSL_SHA256,
1818
        TLS1_VERSION,
1819
        TLS1_2_VERSION,
1820
        DTLS1_BAD_VER,
1821
        DTLS1_2_VERSION,
1822
        SSL_HIGH | SSL_FIPS,
1823
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1824
        128,
1825
        128,
1826
    },
1827
    {
1828
        1,
1829
        TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1830
        TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1831
        TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1832
        SSL_kPSK,
1833
        SSL_aPSK,
1834
        SSL_AES256,
1835
        SSL_SHA384,
1836
        TLS1_VERSION,
1837
        TLS1_2_VERSION,
1838
        DTLS1_BAD_VER,
1839
        DTLS1_2_VERSION,
1840
        SSL_HIGH | SSL_FIPS,
1841
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1842
        256,
1843
        256,
1844
    },
1845
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1846
    {
1847
        1,
1848
        TLS1_TXT_PSK_WITH_NULL_SHA256,
1849
        TLS1_RFC_PSK_WITH_NULL_SHA256,
1850
        TLS1_CK_PSK_WITH_NULL_SHA256,
1851
        SSL_kPSK,
1852
        SSL_aPSK,
1853
        SSL_eNULL,
1854
        SSL_SHA256,
1855
        TLS1_VERSION,
1856
        TLS1_2_VERSION,
1857
        DTLS1_BAD_VER,
1858
        DTLS1_2_VERSION,
1859
        SSL_STRONG_NONE | SSL_FIPS,
1860
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1861
        0,
1862
        0,
1863
    },
1864
    {
1865
        1,
1866
        TLS1_TXT_PSK_WITH_NULL_SHA384,
1867
        TLS1_RFC_PSK_WITH_NULL_SHA384,
1868
        TLS1_CK_PSK_WITH_NULL_SHA384,
1869
        SSL_kPSK,
1870
        SSL_aPSK,
1871
        SSL_eNULL,
1872
        SSL_SHA384,
1873
        TLS1_VERSION,
1874
        TLS1_2_VERSION,
1875
        DTLS1_BAD_VER,
1876
        DTLS1_2_VERSION,
1877
        SSL_STRONG_NONE | SSL_FIPS,
1878
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1879
        0,
1880
        0,
1881
    },
1882
#endif
1883
    {
1884
        1,
1885
        TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1886
        TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1887
        TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1888
        SSL_kDHEPSK,
1889
        SSL_aPSK,
1890
        SSL_AES128,
1891
        SSL_SHA256,
1892
        TLS1_VERSION,
1893
        TLS1_2_VERSION,
1894
        DTLS1_BAD_VER,
1895
        DTLS1_2_VERSION,
1896
        SSL_HIGH | SSL_FIPS,
1897
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1898
        128,
1899
        128,
1900
    },
1901
    {
1902
        1,
1903
        TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1904
        TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1905
        TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1906
        SSL_kDHEPSK,
1907
        SSL_aPSK,
1908
        SSL_AES256,
1909
        SSL_SHA384,
1910
        TLS1_VERSION,
1911
        TLS1_2_VERSION,
1912
        DTLS1_BAD_VER,
1913
        DTLS1_2_VERSION,
1914
        SSL_HIGH | SSL_FIPS,
1915
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1916
        256,
1917
        256,
1918
    },
1919
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1920
    {
1921
        1,
1922
        TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1923
        TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1924
        TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1925
        SSL_kDHEPSK,
1926
        SSL_aPSK,
1927
        SSL_eNULL,
1928
        SSL_SHA256,
1929
        TLS1_VERSION,
1930
        TLS1_2_VERSION,
1931
        DTLS1_BAD_VER,
1932
        DTLS1_2_VERSION,
1933
        SSL_STRONG_NONE | SSL_FIPS,
1934
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1935
        0,
1936
        0,
1937
    },
1938
    {
1939
        1,
1940
        TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1941
        TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1942
        TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1943
        SSL_kDHEPSK,
1944
        SSL_aPSK,
1945
        SSL_eNULL,
1946
        SSL_SHA384,
1947
        TLS1_VERSION,
1948
        TLS1_2_VERSION,
1949
        DTLS1_BAD_VER,
1950
        DTLS1_2_VERSION,
1951
        SSL_STRONG_NONE | SSL_FIPS,
1952
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1953
        0,
1954
        0,
1955
    },
1956
#endif
1957
    {
1958
        1,
1959
        TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1960
        TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1961
        TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1962
        SSL_kRSAPSK,
1963
        SSL_aRSA,
1964
        SSL_AES128,
1965
        SSL_SHA256,
1966
        TLS1_VERSION,
1967
        TLS1_2_VERSION,
1968
        DTLS1_BAD_VER,
1969
        DTLS1_2_VERSION,
1970
        SSL_HIGH | SSL_FIPS,
1971
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1972
        128,
1973
        128,
1974
    },
1975
    {
1976
        1,
1977
        TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1978
        TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1979
        TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1980
        SSL_kRSAPSK,
1981
        SSL_aRSA,
1982
        SSL_AES256,
1983
        SSL_SHA384,
1984
        TLS1_VERSION,
1985
        TLS1_2_VERSION,
1986
        DTLS1_BAD_VER,
1987
        DTLS1_2_VERSION,
1988
        SSL_HIGH | SSL_FIPS,
1989
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1990
        256,
1991
        256,
1992
    },
1993
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1994
    {
1995
        1,
1996
        TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1997
        TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1998
        TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1999
        SSL_kRSAPSK,
2000
        SSL_aRSA,
2001
        SSL_eNULL,
2002
        SSL_SHA256,
2003
        TLS1_VERSION,
2004
        TLS1_2_VERSION,
2005
        DTLS1_BAD_VER,
2006
        DTLS1_2_VERSION,
2007
        SSL_STRONG_NONE | SSL_FIPS,
2008
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2009
        0,
2010
        0,
2011
    },
2012
    {
2013
        1,
2014
        TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
2015
        TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
2016
        TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
2017
        SSL_kRSAPSK,
2018
        SSL_aRSA,
2019
        SSL_eNULL,
2020
        SSL_SHA384,
2021
        TLS1_VERSION,
2022
        TLS1_2_VERSION,
2023
        DTLS1_BAD_VER,
2024
        DTLS1_2_VERSION,
2025
        SSL_STRONG_NONE | SSL_FIPS,
2026
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2027
        0,
2028
        0,
2029
    },
2030
#endif
2031
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2032
    {
2033
        1,
2034
        TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2035
        TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2036
        TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
2037
        SSL_kECDHEPSK,
2038
        SSL_aPSK,
2039
        SSL_3DES,
2040
        SSL_SHA1,
2041
        TLS1_VERSION,
2042
        TLS1_2_VERSION,
2043
        DTLS1_BAD_VER,
2044
        DTLS1_2_VERSION,
2045
        SSL_NOT_DEFAULT | SSL_MEDIUM,
2046
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2047
        112,
2048
        168,
2049
    },
2050
#endif
2051
    {
2052
        1,
2053
        TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2054
        TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2055
        TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
2056
        SSL_kECDHEPSK,
2057
        SSL_aPSK,
2058
        SSL_AES128,
2059
        SSL_SHA1,
2060
        TLS1_VERSION,
2061
        TLS1_2_VERSION,
2062
        DTLS1_BAD_VER,
2063
        DTLS1_2_VERSION,
2064
        SSL_HIGH | SSL_FIPS,
2065
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2066
        128,
2067
        128,
2068
    },
2069
    {
2070
        1,
2071
        TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2072
        TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2073
        TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
2074
        SSL_kECDHEPSK,
2075
        SSL_aPSK,
2076
        SSL_AES256,
2077
        SSL_SHA1,
2078
        TLS1_VERSION,
2079
        TLS1_2_VERSION,
2080
        DTLS1_BAD_VER,
2081
        DTLS1_2_VERSION,
2082
        SSL_HIGH | SSL_FIPS,
2083
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2084
        256,
2085
        256,
2086
    },
2087
    {
2088
        1,
2089
        TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2090
        TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2091
        TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
2092
        SSL_kECDHEPSK,
2093
        SSL_aPSK,
2094
        SSL_AES128,
2095
        SSL_SHA256,
2096
        TLS1_VERSION,
2097
        TLS1_2_VERSION,
2098
        DTLS1_BAD_VER,
2099
        DTLS1_2_VERSION,
2100
        SSL_HIGH | SSL_FIPS,
2101
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2102
        128,
2103
        128,
2104
    },
2105
    {
2106
        1,
2107
        TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2108
        TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2109
        TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
2110
        SSL_kECDHEPSK,
2111
        SSL_aPSK,
2112
        SSL_AES256,
2113
        SSL_SHA384,
2114
        TLS1_VERSION,
2115
        TLS1_2_VERSION,
2116
        DTLS1_BAD_VER,
2117
        DTLS1_2_VERSION,
2118
        SSL_HIGH | SSL_FIPS,
2119
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2120
        256,
2121
        256,
2122
    },
2123
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2124
    {
2125
        1,
2126
        TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
2127
        TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
2128
        TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
2129
        SSL_kECDHEPSK,
2130
        SSL_aPSK,
2131
        SSL_eNULL,
2132
        SSL_SHA1,
2133
        TLS1_VERSION,
2134
        TLS1_2_VERSION,
2135
        DTLS1_BAD_VER,
2136
        DTLS1_2_VERSION,
2137
        SSL_STRONG_NONE | SSL_FIPS,
2138
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2139
        0,
2140
        0,
2141
    },
2142
    {
2143
        1,
2144
        TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
2145
        TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
2146
        TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
2147
        SSL_kECDHEPSK,
2148
        SSL_aPSK,
2149
        SSL_eNULL,
2150
        SSL_SHA256,
2151
        TLS1_VERSION,
2152
        TLS1_2_VERSION,
2153
        DTLS1_BAD_VER,
2154
        DTLS1_2_VERSION,
2155
        SSL_STRONG_NONE | SSL_FIPS,
2156
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2157
        0,
2158
        0,
2159
    },
2160
    {
2161
        1,
2162
        TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
2163
        TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
2164
        TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
2165
        SSL_kECDHEPSK,
2166
        SSL_aPSK,
2167
        SSL_eNULL,
2168
        SSL_SHA384,
2169
        TLS1_VERSION,
2170
        TLS1_2_VERSION,
2171
        DTLS1_BAD_VER,
2172
        DTLS1_2_VERSION,
2173
        SSL_STRONG_NONE | SSL_FIPS,
2174
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2175
        0,
2176
        0,
2177
    },
2178
#endif
2179
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2180
    {
2181
        1,
2182
        TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2183
        TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2184
        TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2185
        SSL_kSRP,
2186
        SSL_aSRP,
2187
        SSL_3DES,
2188
        SSL_SHA1,
2189
        SSL3_VERSION,
2190
        TLS1_2_VERSION,
2191
        DTLS1_BAD_VER,
2192
        DTLS1_2_VERSION,
2193
        SSL_NOT_DEFAULT | SSL_MEDIUM,
2194
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2195
        112,
2196
        168,
2197
    },
2198
    {
2199
        1,
2200
        TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2201
        TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2202
        TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2203
        SSL_kSRP,
2204
        SSL_aRSA,
2205
        SSL_3DES,
2206
        SSL_SHA1,
2207
        SSL3_VERSION,
2208
        TLS1_2_VERSION,
2209
        DTLS1_BAD_VER,
2210
        DTLS1_2_VERSION,
2211
        SSL_NOT_DEFAULT | SSL_MEDIUM,
2212
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2213
        112,
2214
        168,
2215
    },
2216
    {
2217
        1,
2218
        TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2219
        TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2220
        TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2221
        SSL_kSRP,
2222
        SSL_aDSS,
2223
        SSL_3DES,
2224
        SSL_SHA1,
2225
        SSL3_VERSION,
2226
        TLS1_2_VERSION,
2227
        DTLS1_BAD_VER,
2228
        DTLS1_2_VERSION,
2229
        SSL_NOT_DEFAULT | SSL_MEDIUM,
2230
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2231
        112,
2232
        168,
2233
    },
2234
#endif
2235
    {
2236
        1,
2237
        TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2238
        TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
2239
        TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2240
        SSL_kSRP,
2241
        SSL_aSRP,
2242
        SSL_AES128,
2243
        SSL_SHA1,
2244
        SSL3_VERSION,
2245
        TLS1_2_VERSION,
2246
        DTLS1_BAD_VER,
2247
        DTLS1_2_VERSION,
2248
        SSL_HIGH,
2249
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2250
        128,
2251
        128,
2252
    },
2253
    {
2254
        1,
2255
        TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2256
        TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2257
        TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2258
        SSL_kSRP,
2259
        SSL_aRSA,
2260
        SSL_AES128,
2261
        SSL_SHA1,
2262
        SSL3_VERSION,
2263
        TLS1_2_VERSION,
2264
        DTLS1_BAD_VER,
2265
        DTLS1_2_VERSION,
2266
        SSL_HIGH,
2267
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2268
        128,
2269
        128,
2270
    },
2271
    {
2272
        1,
2273
        TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2274
        TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2275
        TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2276
        SSL_kSRP,
2277
        SSL_aDSS,
2278
        SSL_AES128,
2279
        SSL_SHA1,
2280
        SSL3_VERSION,
2281
        TLS1_2_VERSION,
2282
        DTLS1_BAD_VER,
2283
        DTLS1_2_VERSION,
2284
        SSL_NOT_DEFAULT | SSL_HIGH,
2285
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2286
        128,
2287
        128,
2288
    },
2289
    {
2290
        1,
2291
        TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2292
        TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2293
        TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2294
        SSL_kSRP,
2295
        SSL_aSRP,
2296
        SSL_AES256,
2297
        SSL_SHA1,
2298
        SSL3_VERSION,
2299
        TLS1_2_VERSION,
2300
        DTLS1_BAD_VER,
2301
        DTLS1_2_VERSION,
2302
        SSL_HIGH,
2303
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2304
        256,
2305
        256,
2306
    },
2307
    {
2308
        1,
2309
        TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2310
        TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2311
        TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2312
        SSL_kSRP,
2313
        SSL_aRSA,
2314
        SSL_AES256,
2315
        SSL_SHA1,
2316
        SSL3_VERSION,
2317
        TLS1_2_VERSION,
2318
        DTLS1_BAD_VER,
2319
        DTLS1_2_VERSION,
2320
        SSL_HIGH,
2321
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2322
        256,
2323
        256,
2324
    },
2325
    {
2326
        1,
2327
        TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2328
        TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2329
        TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2330
        SSL_kSRP,
2331
        SSL_aDSS,
2332
        SSL_AES256,
2333
        SSL_SHA1,
2334
        SSL3_VERSION,
2335
        TLS1_2_VERSION,
2336
        DTLS1_BAD_VER,
2337
        DTLS1_2_VERSION,
2338
        SSL_NOT_DEFAULT | SSL_HIGH,
2339
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2340
        256,
2341
        256,
2342
    },
2343

2344
    {
2345
        1,
2346
        TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2347
        TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2348
        TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2349
        SSL_kDHE,
2350
        SSL_aRSA,
2351
        SSL_CHACHA20POLY1305,
2352
        SSL_AEAD,
2353
        TLS1_2_VERSION,
2354
        TLS1_2_VERSION,
2355
        DTLS1_2_VERSION,
2356
        DTLS1_2_VERSION,
2357
        SSL_HIGH,
2358
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2359
        256,
2360
        256,
2361
    },
2362
    {
2363
        1,
2364
        TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2365
        TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2366
        TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2367
        SSL_kECDHE,
2368
        SSL_aRSA,
2369
        SSL_CHACHA20POLY1305,
2370
        SSL_AEAD,
2371
        TLS1_2_VERSION,
2372
        TLS1_2_VERSION,
2373
        DTLS1_2_VERSION,
2374
        DTLS1_2_VERSION,
2375
        SSL_HIGH,
2376
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2377
        256,
2378
        256,
2379
    },
2380
    {
2381
        1,
2382
        TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2383
        TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2384
        TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2385
        SSL_kECDHE,
2386
        SSL_aECDSA,
2387
        SSL_CHACHA20POLY1305,
2388
        SSL_AEAD,
2389
        TLS1_2_VERSION,
2390
        TLS1_2_VERSION,
2391
        DTLS1_2_VERSION,
2392
        DTLS1_2_VERSION,
2393
        SSL_HIGH,
2394
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2395
        256,
2396
        256,
2397
    },
2398
    {
2399
        1,
2400
        TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2401
        TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2402
        TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2403
        SSL_kPSK,
2404
        SSL_aPSK,
2405
        SSL_CHACHA20POLY1305,
2406
        SSL_AEAD,
2407
        TLS1_2_VERSION,
2408
        TLS1_2_VERSION,
2409
        DTLS1_2_VERSION,
2410
        DTLS1_2_VERSION,
2411
        SSL_HIGH,
2412
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2413
        256,
2414
        256,
2415
    },
2416
    {
2417
        1,
2418
        TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2419
        TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2420
        TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2421
        SSL_kECDHEPSK,
2422
        SSL_aPSK,
2423
        SSL_CHACHA20POLY1305,
2424
        SSL_AEAD,
2425
        TLS1_2_VERSION,
2426
        TLS1_2_VERSION,
2427
        DTLS1_2_VERSION,
2428
        DTLS1_2_VERSION,
2429
        SSL_HIGH,
2430
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2431
        256,
2432
        256,
2433
    },
2434
    {
2435
        1,
2436
        TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2437
        TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2438
        TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2439
        SSL_kDHEPSK,
2440
        SSL_aPSK,
2441
        SSL_CHACHA20POLY1305,
2442
        SSL_AEAD,
2443
        TLS1_2_VERSION,
2444
        TLS1_2_VERSION,
2445
        DTLS1_2_VERSION,
2446
        DTLS1_2_VERSION,
2447
        SSL_HIGH,
2448
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2449
        256,
2450
        256,
2451
    },
2452
    {
2453
        1,
2454
        TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2455
        TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2456
        TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2457
        SSL_kRSAPSK,
2458
        SSL_aRSA,
2459
        SSL_CHACHA20POLY1305,
2460
        SSL_AEAD,
2461
        TLS1_2_VERSION,
2462
        TLS1_2_VERSION,
2463
        DTLS1_2_VERSION,
2464
        DTLS1_2_VERSION,
2465
        SSL_HIGH,
2466
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2467
        256,
2468
        256,
2469
    },
2470

2471
    {
2472
        1,
2473
        TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2474
        TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2475
        TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2476
        SSL_kRSA,
2477
        SSL_aRSA,
2478
        SSL_CAMELLIA128,
2479
        SSL_SHA256,
2480
        TLS1_2_VERSION,
2481
        TLS1_2_VERSION,
2482
        DTLS1_2_VERSION,
2483
        DTLS1_2_VERSION,
2484
        SSL_NOT_DEFAULT | SSL_HIGH,
2485
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2486
        128,
2487
        128,
2488
    },
2489
    {
2490
        1,
2491
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2492
        TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2493
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2494
        SSL_kDHE,
2495
        SSL_aDSS,
2496
        SSL_CAMELLIA128,
2497
        SSL_SHA256,
2498
        TLS1_2_VERSION,
2499
        TLS1_2_VERSION,
2500
        DTLS1_2_VERSION,
2501
        DTLS1_2_VERSION,
2502
        SSL_NOT_DEFAULT | SSL_HIGH,
2503
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2504
        128,
2505
        128,
2506
    },
2507
    {
2508
        1,
2509
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2510
        TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2511
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2512
        SSL_kDHE,
2513
        SSL_aRSA,
2514
        SSL_CAMELLIA128,
2515
        SSL_SHA256,
2516
        TLS1_2_VERSION,
2517
        TLS1_2_VERSION,
2518
        DTLS1_2_VERSION,
2519
        DTLS1_2_VERSION,
2520
        SSL_NOT_DEFAULT | SSL_HIGH,
2521
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2522
        128,
2523
        128,
2524
    },
2525
    {
2526
        1,
2527
        TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2528
        TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2529
        TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2530
        SSL_kDHE,
2531
        SSL_aNULL,
2532
        SSL_CAMELLIA128,
2533
        SSL_SHA256,
2534
        TLS1_2_VERSION,
2535
        TLS1_2_VERSION,
2536
        DTLS1_2_VERSION,
2537
        DTLS1_2_VERSION,
2538
        SSL_NOT_DEFAULT | SSL_HIGH,
2539
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2540
        128,
2541
        128,
2542
    },
2543
    {
2544
        1,
2545
        TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2546
        TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2547
        TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2548
        SSL_kRSA,
2549
        SSL_aRSA,
2550
        SSL_CAMELLIA256,
2551
        SSL_SHA256,
2552
        TLS1_2_VERSION,
2553
        TLS1_2_VERSION,
2554
        DTLS1_2_VERSION,
2555
        DTLS1_2_VERSION,
2556
        SSL_NOT_DEFAULT | SSL_HIGH,
2557
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2558
        256,
2559
        256,
2560
    },
2561
    {
2562
        1,
2563
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2564
        TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2565
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2566
        SSL_kDHE,
2567
        SSL_aDSS,
2568
        SSL_CAMELLIA256,
2569
        SSL_SHA256,
2570
        TLS1_2_VERSION,
2571
        TLS1_2_VERSION,
2572
        DTLS1_2_VERSION,
2573
        DTLS1_2_VERSION,
2574
        SSL_NOT_DEFAULT | SSL_HIGH,
2575
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2576
        256,
2577
        256,
2578
    },
2579
    {
2580
        1,
2581
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2582
        TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2583
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2584
        SSL_kDHE,
2585
        SSL_aRSA,
2586
        SSL_CAMELLIA256,
2587
        SSL_SHA256,
2588
        TLS1_2_VERSION,
2589
        TLS1_2_VERSION,
2590
        DTLS1_2_VERSION,
2591
        DTLS1_2_VERSION,
2592
        SSL_NOT_DEFAULT | SSL_HIGH,
2593
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2594
        256,
2595
        256,
2596
    },
2597
    {
2598
        1,
2599
        TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2600
        TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2601
        TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2602
        SSL_kDHE,
2603
        SSL_aNULL,
2604
        SSL_CAMELLIA256,
2605
        SSL_SHA256,
2606
        TLS1_2_VERSION,
2607
        TLS1_2_VERSION,
2608
        DTLS1_2_VERSION,
2609
        DTLS1_2_VERSION,
2610
        SSL_NOT_DEFAULT | SSL_HIGH,
2611
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2612
        256,
2613
        256,
2614
    },
2615
    {
2616
        1,
2617
        TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2618
        TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2619
        TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2620
        SSL_kRSA,
2621
        SSL_aRSA,
2622
        SSL_CAMELLIA256,
2623
        SSL_SHA1,
2624
        SSL3_VERSION,
2625
        TLS1_2_VERSION,
2626
        DTLS1_BAD_VER,
2627
        DTLS1_2_VERSION,
2628
        SSL_NOT_DEFAULT | SSL_HIGH,
2629
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2630
        256,
2631
        256,
2632
    },
2633
    {
2634
        1,
2635
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2636
        TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2637
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2638
        SSL_kDHE,
2639
        SSL_aDSS,
2640
        SSL_CAMELLIA256,
2641
        SSL_SHA1,
2642
        SSL3_VERSION,
2643
        TLS1_2_VERSION,
2644
        DTLS1_BAD_VER,
2645
        DTLS1_2_VERSION,
2646
        SSL_NOT_DEFAULT | SSL_HIGH,
2647
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2648
        256,
2649
        256,
2650
    },
2651
    {
2652
        1,
2653
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2654
        TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2655
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2656
        SSL_kDHE,
2657
        SSL_aRSA,
2658
        SSL_CAMELLIA256,
2659
        SSL_SHA1,
2660
        SSL3_VERSION,
2661
        TLS1_2_VERSION,
2662
        DTLS1_BAD_VER,
2663
        DTLS1_2_VERSION,
2664
        SSL_NOT_DEFAULT | SSL_HIGH,
2665
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2666
        256,
2667
        256,
2668
    },
2669
    {
2670
        1,
2671
        TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2672
        TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2673
        TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2674
        SSL_kDHE,
2675
        SSL_aNULL,
2676
        SSL_CAMELLIA256,
2677
        SSL_SHA1,
2678
        SSL3_VERSION,
2679
        TLS1_2_VERSION,
2680
        DTLS1_BAD_VER,
2681
        DTLS1_2_VERSION,
2682
        SSL_NOT_DEFAULT | SSL_HIGH,
2683
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2684
        256,
2685
        256,
2686
    },
2687
    {
2688
        1,
2689
        TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2690
        TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2691
        TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2692
        SSL_kRSA,
2693
        SSL_aRSA,
2694
        SSL_CAMELLIA128,
2695
        SSL_SHA1,
2696
        SSL3_VERSION,
2697
        TLS1_2_VERSION,
2698
        DTLS1_BAD_VER,
2699
        DTLS1_2_VERSION,
2700
        SSL_NOT_DEFAULT | SSL_HIGH,
2701
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2702
        128,
2703
        128,
2704
    },
2705
    {
2706
        1,
2707
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2708
        TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2709
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2710
        SSL_kDHE,
2711
        SSL_aDSS,
2712
        SSL_CAMELLIA128,
2713
        SSL_SHA1,
2714
        SSL3_VERSION,
2715
        TLS1_2_VERSION,
2716
        DTLS1_BAD_VER,
2717
        DTLS1_2_VERSION,
2718
        SSL_NOT_DEFAULT | SSL_HIGH,
2719
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2720
        128,
2721
        128,
2722
    },
2723
    {
2724
        1,
2725
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2726
        TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2727
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2728
        SSL_kDHE,
2729
        SSL_aRSA,
2730
        SSL_CAMELLIA128,
2731
        SSL_SHA1,
2732
        SSL3_VERSION,
2733
        TLS1_2_VERSION,
2734
        DTLS1_BAD_VER,
2735
        DTLS1_2_VERSION,
2736
        SSL_NOT_DEFAULT | SSL_HIGH,
2737
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2738
        128,
2739
        128,
2740
    },
2741
    {
2742
        1,
2743
        TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2744
        TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2745
        TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2746
        SSL_kDHE,
2747
        SSL_aNULL,
2748
        SSL_CAMELLIA128,
2749
        SSL_SHA1,
2750
        SSL3_VERSION,
2751
        TLS1_2_VERSION,
2752
        DTLS1_BAD_VER,
2753
        DTLS1_2_VERSION,
2754
        SSL_NOT_DEFAULT | SSL_HIGH,
2755
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2756
        128,
2757
        128,
2758
    },
2759
    {
2760
        1,
2761
        TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2762
        TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2763
        TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2764
        SSL_kECDHE,
2765
        SSL_aECDSA,
2766
        SSL_CAMELLIA128,
2767
        SSL_SHA256,
2768
        TLS1_2_VERSION,
2769
        TLS1_2_VERSION,
2770
        DTLS1_2_VERSION,
2771
        DTLS1_2_VERSION,
2772
        SSL_NOT_DEFAULT | SSL_HIGH,
2773
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2774
        128,
2775
        128,
2776
    },
2777
    {
2778
        1,
2779
        TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2780
        TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2781
        TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2782
        SSL_kECDHE,
2783
        SSL_aECDSA,
2784
        SSL_CAMELLIA256,
2785
        SSL_SHA384,
2786
        TLS1_2_VERSION,
2787
        TLS1_2_VERSION,
2788
        DTLS1_2_VERSION,
2789
        DTLS1_2_VERSION,
2790
        SSL_NOT_DEFAULT | SSL_HIGH,
2791
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2792
        256,
2793
        256,
2794
    },
2795
    {
2796
        1,
2797
        TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2798
        TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2799
        TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2800
        SSL_kECDHE,
2801
        SSL_aRSA,
2802
        SSL_CAMELLIA128,
2803
        SSL_SHA256,
2804
        TLS1_2_VERSION,
2805
        TLS1_2_VERSION,
2806
        DTLS1_2_VERSION,
2807
        DTLS1_2_VERSION,
2808
        SSL_NOT_DEFAULT | SSL_HIGH,
2809
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2810
        128,
2811
        128,
2812
    },
2813
    {
2814
        1,
2815
        TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2816
        TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2817
        TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2818
        SSL_kECDHE,
2819
        SSL_aRSA,
2820
        SSL_CAMELLIA256,
2821
        SSL_SHA384,
2822
        TLS1_2_VERSION,
2823
        TLS1_2_VERSION,
2824
        DTLS1_2_VERSION,
2825
        DTLS1_2_VERSION,
2826
        SSL_NOT_DEFAULT | SSL_HIGH,
2827
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2828
        256,
2829
        256,
2830
    },
2831
    {
2832
        1,
2833
        TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2834
        TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2835
        TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2836
        SSL_kPSK,
2837
        SSL_aPSK,
2838
        SSL_CAMELLIA128,
2839
        SSL_SHA256,
2840
        TLS1_VERSION,
2841
        TLS1_2_VERSION,
2842
        DTLS1_BAD_VER,
2843
        DTLS1_2_VERSION,
2844
        SSL_NOT_DEFAULT | SSL_HIGH,
2845
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2846
        128,
2847
        128,
2848
    },
2849
    {
2850
        1,
2851
        TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2852
        TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2853
        TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2854
        SSL_kPSK,
2855
        SSL_aPSK,
2856
        SSL_CAMELLIA256,
2857
        SSL_SHA384,
2858
        TLS1_VERSION,
2859
        TLS1_2_VERSION,
2860
        DTLS1_BAD_VER,
2861
        DTLS1_2_VERSION,
2862
        SSL_NOT_DEFAULT | SSL_HIGH,
2863
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2864
        256,
2865
        256,
2866
    },
2867
    {
2868
        1,
2869
        TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2870
        TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2871
        TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2872
        SSL_kDHEPSK,
2873
        SSL_aPSK,
2874
        SSL_CAMELLIA128,
2875
        SSL_SHA256,
2876
        TLS1_VERSION,
2877
        TLS1_2_VERSION,
2878
        DTLS1_BAD_VER,
2879
        DTLS1_2_VERSION,
2880
        SSL_NOT_DEFAULT | SSL_HIGH,
2881
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2882
        128,
2883
        128,
2884
    },
2885
    {
2886
        1,
2887
        TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2888
        TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2889
        TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2890
        SSL_kDHEPSK,
2891
        SSL_aPSK,
2892
        SSL_CAMELLIA256,
2893
        SSL_SHA384,
2894
        TLS1_VERSION,
2895
        TLS1_2_VERSION,
2896
        DTLS1_BAD_VER,
2897
        DTLS1_2_VERSION,
2898
        SSL_NOT_DEFAULT | SSL_HIGH,
2899
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2900
        256,
2901
        256,
2902
    },
2903
    {
2904
        1,
2905
        TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2906
        TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2907
        TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2908
        SSL_kRSAPSK,
2909
        SSL_aRSA,
2910
        SSL_CAMELLIA128,
2911
        SSL_SHA256,
2912
        TLS1_VERSION,
2913
        TLS1_2_VERSION,
2914
        DTLS1_BAD_VER,
2915
        DTLS1_2_VERSION,
2916
        SSL_NOT_DEFAULT | SSL_HIGH,
2917
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2918
        128,
2919
        128,
2920
    },
2921
    {
2922
        1,
2923
        TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2924
        TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2925
        TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2926
        SSL_kRSAPSK,
2927
        SSL_aRSA,
2928
        SSL_CAMELLIA256,
2929
        SSL_SHA384,
2930
        TLS1_VERSION,
2931
        TLS1_2_VERSION,
2932
        DTLS1_BAD_VER,
2933
        DTLS1_2_VERSION,
2934
        SSL_NOT_DEFAULT | SSL_HIGH,
2935
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2936
        256,
2937
        256,
2938
    },
2939
    {
2940
        1,
2941
        TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2942
        TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2943
        TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2944
        SSL_kECDHEPSK,
2945
        SSL_aPSK,
2946
        SSL_CAMELLIA128,
2947
        SSL_SHA256,
2948
        TLS1_VERSION,
2949
        TLS1_2_VERSION,
2950
        DTLS1_BAD_VER,
2951
        DTLS1_2_VERSION,
2952
        SSL_NOT_DEFAULT | SSL_HIGH,
2953
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2954
        128,
2955
        128,
2956
    },
2957
    {
2958
        1,
2959
        TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2960
        TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2961
        TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2962
        SSL_kECDHEPSK,
2963
        SSL_aPSK,
2964
        SSL_CAMELLIA256,
2965
        SSL_SHA384,
2966
        TLS1_VERSION,
2967
        TLS1_2_VERSION,
2968
        DTLS1_BAD_VER,
2969
        DTLS1_2_VERSION,
2970
        SSL_NOT_DEFAULT | SSL_HIGH,
2971
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2972
        256,
2973
        256,
2974
    },
2975

2976
#ifndef OPENSSL_NO_GOST
2977
    {
2978
        1,
2979
        "GOST2001-GOST89-GOST89",
2980
        "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2981
        0x3000081,
2982
        SSL_kGOST,
2983
        SSL_aGOST01,
2984
        SSL_eGOST2814789CNT,
2985
        SSL_GOST89MAC,
2986
        TLS1_VERSION,
2987
        TLS1_2_VERSION,
2988
        0,
2989
        0,
2990
        SSL_HIGH,
2991
        SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2992
        256,
2993
        256,
2994
    },
2995
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2996
    {
2997
        1,
2998
        "GOST2001-NULL-GOST94",
2999
        "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
3000
        0x3000083,
3001
        SSL_kGOST,
3002
        SSL_aGOST01,
3003
        SSL_eNULL,
3004
        SSL_GOST94,
3005
        TLS1_VERSION,
3006
        TLS1_2_VERSION,
3007
        0,
3008
        0,
3009
        SSL_STRONG_NONE,
3010
        SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
3011
        0,
3012
        0,
3013
    },
3014
#endif
3015
    {
3016
        1,
3017
        "IANA-GOST2012-GOST8912-GOST8912",
3018
        NULL,
3019
        0x0300c102,
3020
        SSL_kGOST,
3021
        SSL_aGOST12 | SSL_aGOST01,
3022
        SSL_eGOST2814789CNT12,
3023
        SSL_GOST89MAC12,
3024
        TLS1_VERSION,
3025
        TLS1_2_VERSION,
3026
        0,
3027
        0,
3028
        SSL_HIGH,
3029
        SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
3030
        256,
3031
        256,
3032
    },
3033
    {
3034
        1,
3035
        "LEGACY-GOST2012-GOST8912-GOST8912",
3036
        NULL,
3037
        0x0300ff85,
3038
        SSL_kGOST,
3039
        SSL_aGOST12 | SSL_aGOST01,
3040
        SSL_eGOST2814789CNT12,
3041
        SSL_GOST89MAC12,
3042
        TLS1_VERSION,
3043
        TLS1_2_VERSION,
3044
        0,
3045
        0,
3046
        SSL_HIGH,
3047
        SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
3048
        256,
3049
        256,
3050
    },
3051
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
3052
    {
3053
        1,
3054
        "GOST2012-NULL-GOST12",
3055
        NULL,
3056
        0x0300ff87,
3057
        SSL_kGOST,
3058
        SSL_aGOST12 | SSL_aGOST01,
3059
        SSL_eNULL,
3060
        SSL_GOST12_256,
3061
        TLS1_VERSION,
3062
        TLS1_2_VERSION,
3063
        0,
3064
        0,
3065
        SSL_STRONG_NONE,
3066
        SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
3067
        0,
3068
        0,
3069
    },
3070
#endif
3071
    {
3072
        1,
3073
        "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
3074
        NULL,
3075
        0x0300C100,
3076
        SSL_kGOST18,
3077
        SSL_aGOST12,
3078
        SSL_KUZNYECHIK,
3079
        SSL_KUZNYECHIKOMAC,
3080
        TLS1_2_VERSION,
3081
        TLS1_2_VERSION,
3082
        0,
3083
        0,
3084
        SSL_HIGH,
3085
        SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
3086
        256,
3087
        256,
3088
    },
3089
    {
3090
        1,
3091
        "GOST2012-MAGMA-MAGMAOMAC",
3092
        NULL,
3093
        0x0300C101,
3094
        SSL_kGOST18,
3095
        SSL_aGOST12,
3096
        SSL_MAGMA,
3097
        SSL_MAGMAOMAC,
3098
        TLS1_2_VERSION,
3099
        TLS1_2_VERSION,
3100
        0,
3101
        0,
3102
        SSL_HIGH,
3103
        SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
3104
        256,
3105
        256,
3106
    },
3107
#endif /* OPENSSL_NO_GOST */
3108

3109
    {
3110
        1,
3111
        SSL3_TXT_RSA_IDEA_128_SHA,
3112
        SSL3_RFC_RSA_IDEA_128_SHA,
3113
        SSL3_CK_RSA_IDEA_128_SHA,
3114
        SSL_kRSA,
3115
        SSL_aRSA,
3116
        SSL_IDEA,
3117
        SSL_SHA1,
3118
        SSL3_VERSION,
3119
        TLS1_1_VERSION,
3120
        DTLS1_BAD_VER,
3121
        DTLS1_VERSION,
3122
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3123
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3124
        128,
3125
        128,
3126
    },
3127

3128
    {
3129
        1,
3130
        TLS1_TXT_RSA_WITH_SEED_SHA,
3131
        TLS1_RFC_RSA_WITH_SEED_SHA,
3132
        TLS1_CK_RSA_WITH_SEED_SHA,
3133
        SSL_kRSA,
3134
        SSL_aRSA,
3135
        SSL_SEED,
3136
        SSL_SHA1,
3137
        SSL3_VERSION,
3138
        TLS1_2_VERSION,
3139
        DTLS1_BAD_VER,
3140
        DTLS1_2_VERSION,
3141
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3142
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3143
        128,
3144
        128,
3145
    },
3146
    {
3147
        1,
3148
        TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
3149
        TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
3150
        TLS1_CK_DHE_DSS_WITH_SEED_SHA,
3151
        SSL_kDHE,
3152
        SSL_aDSS,
3153
        SSL_SEED,
3154
        SSL_SHA1,
3155
        SSL3_VERSION,
3156
        TLS1_2_VERSION,
3157
        DTLS1_BAD_VER,
3158
        DTLS1_2_VERSION,
3159
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3160
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3161
        128,
3162
        128,
3163
    },
3164
    {
3165
        1,
3166
        TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
3167
        TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
3168
        TLS1_CK_DHE_RSA_WITH_SEED_SHA,
3169
        SSL_kDHE,
3170
        SSL_aRSA,
3171
        SSL_SEED,
3172
        SSL_SHA1,
3173
        SSL3_VERSION,
3174
        TLS1_2_VERSION,
3175
        DTLS1_BAD_VER,
3176
        DTLS1_2_VERSION,
3177
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3178
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3179
        128,
3180
        128,
3181
    },
3182
    {
3183
        1,
3184
        TLS1_TXT_ADH_WITH_SEED_SHA,
3185
        TLS1_RFC_ADH_WITH_SEED_SHA,
3186
        TLS1_CK_ADH_WITH_SEED_SHA,
3187
        SSL_kDHE,
3188
        SSL_aNULL,
3189
        SSL_SEED,
3190
        SSL_SHA1,
3191
        SSL3_VERSION,
3192
        TLS1_2_VERSION,
3193
        DTLS1_BAD_VER,
3194
        DTLS1_2_VERSION,
3195
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3196
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3197
        128,
3198
        128,
3199
    },
3200

3201
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
3202
    {
3203
        1,
3204
        SSL3_TXT_RSA_RC4_128_MD5,
3205
        SSL3_RFC_RSA_RC4_128_MD5,
3206
        SSL3_CK_RSA_RC4_128_MD5,
3207
        SSL_kRSA,
3208
        SSL_aRSA,
3209
        SSL_RC4,
3210
        SSL_MD5,
3211
        SSL3_VERSION,
3212
        TLS1_2_VERSION,
3213
        0,
3214
        0,
3215
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3216
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3217
        80,
3218
        128,
3219
    },
3220
    {
3221
        1,
3222
        SSL3_TXT_RSA_RC4_128_SHA,
3223
        SSL3_RFC_RSA_RC4_128_SHA,
3224
        SSL3_CK_RSA_RC4_128_SHA,
3225
        SSL_kRSA,
3226
        SSL_aRSA,
3227
        SSL_RC4,
3228
        SSL_SHA1,
3229
        SSL3_VERSION,
3230
        TLS1_2_VERSION,
3231
        0,
3232
        0,
3233
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3234
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3235
        80,
3236
        128,
3237
    },
3238
    {
3239
        1,
3240
        SSL3_TXT_ADH_RC4_128_MD5,
3241
        SSL3_RFC_ADH_RC4_128_MD5,
3242
        SSL3_CK_ADH_RC4_128_MD5,
3243
        SSL_kDHE,
3244
        SSL_aNULL,
3245
        SSL_RC4,
3246
        SSL_MD5,
3247
        SSL3_VERSION,
3248
        TLS1_2_VERSION,
3249
        0,
3250
        0,
3251
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3252
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3253
        80,
3254
        128,
3255
    },
3256
    {
3257
        1,
3258
        TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
3259
        TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
3260
        TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
3261
        SSL_kECDHEPSK,
3262
        SSL_aPSK,
3263
        SSL_RC4,
3264
        SSL_SHA1,
3265
        TLS1_VERSION,
3266
        TLS1_2_VERSION,
3267
        0,
3268
        0,
3269
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3270
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3271
        80,
3272
        128,
3273
    },
3274
    {
3275
        1,
3276
        TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
3277
        TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
3278
        TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
3279
        SSL_kECDHE,
3280
        SSL_aNULL,
3281
        SSL_RC4,
3282
        SSL_SHA1,
3283
        TLS1_VERSION,
3284
        TLS1_2_VERSION,
3285
        0,
3286
        0,
3287
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3288
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3289
        80,
3290
        128,
3291
    },
3292
    {
3293
        1,
3294
        TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
3295
        TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
3296
        TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
3297
        SSL_kECDHE,
3298
        SSL_aECDSA,
3299
        SSL_RC4,
3300
        SSL_SHA1,
3301
        TLS1_VERSION,
3302
        TLS1_2_VERSION,
3303
        0,
3304
        0,
3305
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3306
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3307
        80,
3308
        128,
3309
    },
3310
    {
3311
        1,
3312
        TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
3313
        TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
3314
        TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
3315
        SSL_kECDHE,
3316
        SSL_aRSA,
3317
        SSL_RC4,
3318
        SSL_SHA1,
3319
        TLS1_VERSION,
3320
        TLS1_2_VERSION,
3321
        0,
3322
        0,
3323
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3324
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3325
        80,
3326
        128,
3327
    },
3328
    {
3329
        1,
3330
        TLS1_TXT_PSK_WITH_RC4_128_SHA,
3331
        TLS1_RFC_PSK_WITH_RC4_128_SHA,
3332
        TLS1_CK_PSK_WITH_RC4_128_SHA,
3333
        SSL_kPSK,
3334
        SSL_aPSK,
3335
        SSL_RC4,
3336
        SSL_SHA1,
3337
        SSL3_VERSION,
3338
        TLS1_2_VERSION,
3339
        0,
3340
        0,
3341
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3342
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3343
        80,
3344
        128,
3345
    },
3346
    {
3347
        1,
3348
        TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
3349
        TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
3350
        TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
3351
        SSL_kRSAPSK,
3352
        SSL_aRSA,
3353
        SSL_RC4,
3354
        SSL_SHA1,
3355
        SSL3_VERSION,
3356
        TLS1_2_VERSION,
3357
        0,
3358
        0,
3359
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3360
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3361
        80,
3362
        128,
3363
    },
3364
    {
3365
        1,
3366
        TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3367
        TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3368
        TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3369
        SSL_kDHEPSK,
3370
        SSL_aPSK,
3371
        SSL_RC4,
3372
        SSL_SHA1,
3373
        SSL3_VERSION,
3374
        TLS1_2_VERSION,
3375
        0,
3376
        0,
3377
        SSL_NOT_DEFAULT | SSL_MEDIUM,
3378
        SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3379
        80,
3380
        128,
3381
    },
3382
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3383

3384
    {
3385
        1,
3386
        TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3387
        TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3388
        TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3389
        SSL_kRSA,
3390
        SSL_aRSA,
3391
        SSL_ARIA128GCM,
3392
        SSL_AEAD,
3393
        TLS1_2_VERSION,
3394
        TLS1_2_VERSION,
3395
        DTLS1_2_VERSION,
3396
        DTLS1_2_VERSION,
3397
        SSL_NOT_DEFAULT | SSL_HIGH,
3398
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3399
        128,
3400
        128,
3401
    },
3402
    {
3403
        1,
3404
        TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3405
        TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3406
        TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3407
        SSL_kRSA,
3408
        SSL_aRSA,
3409
        SSL_ARIA256GCM,
3410
        SSL_AEAD,
3411
        TLS1_2_VERSION,
3412
        TLS1_2_VERSION,
3413
        DTLS1_2_VERSION,
3414
        DTLS1_2_VERSION,
3415
        SSL_NOT_DEFAULT | SSL_HIGH,
3416
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3417
        256,
3418
        256,
3419
    },
3420
    {
3421
        1,
3422
        TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3423
        TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3424
        TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3425
        SSL_kDHE,
3426
        SSL_aRSA,
3427
        SSL_ARIA128GCM,
3428
        SSL_AEAD,
3429
        TLS1_2_VERSION,
3430
        TLS1_2_VERSION,
3431
        DTLS1_2_VERSION,
3432
        DTLS1_2_VERSION,
3433
        SSL_NOT_DEFAULT | SSL_HIGH,
3434
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3435
        128,
3436
        128,
3437
    },
3438
    {
3439
        1,
3440
        TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3441
        TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3442
        TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3443
        SSL_kDHE,
3444
        SSL_aRSA,
3445
        SSL_ARIA256GCM,
3446
        SSL_AEAD,
3447
        TLS1_2_VERSION,
3448
        TLS1_2_VERSION,
3449
        DTLS1_2_VERSION,
3450
        DTLS1_2_VERSION,
3451
        SSL_NOT_DEFAULT | SSL_HIGH,
3452
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3453
        256,
3454
        256,
3455
    },
3456
    {
3457
        1,
3458
        TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3459
        TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3460
        TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3461
        SSL_kDHE,
3462
        SSL_aDSS,
3463
        SSL_ARIA128GCM,
3464
        SSL_AEAD,
3465
        TLS1_2_VERSION,
3466
        TLS1_2_VERSION,
3467
        DTLS1_2_VERSION,
3468
        DTLS1_2_VERSION,
3469
        SSL_NOT_DEFAULT | SSL_HIGH,
3470
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3471
        128,
3472
        128,
3473
    },
3474
    {
3475
        1,
3476
        TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3477
        TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3478
        TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3479
        SSL_kDHE,
3480
        SSL_aDSS,
3481
        SSL_ARIA256GCM,
3482
        SSL_AEAD,
3483
        TLS1_2_VERSION,
3484
        TLS1_2_VERSION,
3485
        DTLS1_2_VERSION,
3486
        DTLS1_2_VERSION,
3487
        SSL_NOT_DEFAULT | SSL_HIGH,
3488
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3489
        256,
3490
        256,
3491
    },
3492
    {
3493
        1,
3494
        TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3495
        TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3496
        TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3497
        SSL_kECDHE,
3498
        SSL_aECDSA,
3499
        SSL_ARIA128GCM,
3500
        SSL_AEAD,
3501
        TLS1_2_VERSION,
3502
        TLS1_2_VERSION,
3503
        DTLS1_2_VERSION,
3504
        DTLS1_2_VERSION,
3505
        SSL_NOT_DEFAULT | SSL_HIGH,
3506
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3507
        128,
3508
        128,
3509
    },
3510
    {
3511
        1,
3512
        TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3513
        TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3514
        TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3515
        SSL_kECDHE,
3516
        SSL_aECDSA,
3517
        SSL_ARIA256GCM,
3518
        SSL_AEAD,
3519
        TLS1_2_VERSION,
3520
        TLS1_2_VERSION,
3521
        DTLS1_2_VERSION,
3522
        DTLS1_2_VERSION,
3523
        SSL_NOT_DEFAULT | SSL_HIGH,
3524
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3525
        256,
3526
        256,
3527
    },
3528
    {
3529
        1,
3530
        TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3531
        TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3532
        TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3533
        SSL_kECDHE,
3534
        SSL_aRSA,
3535
        SSL_ARIA128GCM,
3536
        SSL_AEAD,
3537
        TLS1_2_VERSION,
3538
        TLS1_2_VERSION,
3539
        DTLS1_2_VERSION,
3540
        DTLS1_2_VERSION,
3541
        SSL_NOT_DEFAULT | SSL_HIGH,
3542
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3543
        128,
3544
        128,
3545
    },
3546
    {
3547
        1,
3548
        TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3549
        TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3550
        TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3551
        SSL_kECDHE,
3552
        SSL_aRSA,
3553
        SSL_ARIA256GCM,
3554
        SSL_AEAD,
3555
        TLS1_2_VERSION,
3556
        TLS1_2_VERSION,
3557
        DTLS1_2_VERSION,
3558
        DTLS1_2_VERSION,
3559
        SSL_NOT_DEFAULT | SSL_HIGH,
3560
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3561
        256,
3562
        256,
3563
    },
3564
    {
3565
        1,
3566
        TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3567
        TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3568
        TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3569
        SSL_kPSK,
3570
        SSL_aPSK,
3571
        SSL_ARIA128GCM,
3572
        SSL_AEAD,
3573
        TLS1_2_VERSION,
3574
        TLS1_2_VERSION,
3575
        DTLS1_2_VERSION,
3576
        DTLS1_2_VERSION,
3577
        SSL_NOT_DEFAULT | SSL_HIGH,
3578
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3579
        128,
3580
        128,
3581
    },
3582
    {
3583
        1,
3584
        TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3585
        TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3586
        TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3587
        SSL_kPSK,
3588
        SSL_aPSK,
3589
        SSL_ARIA256GCM,
3590
        SSL_AEAD,
3591
        TLS1_2_VERSION,
3592
        TLS1_2_VERSION,
3593
        DTLS1_2_VERSION,
3594
        DTLS1_2_VERSION,
3595
        SSL_NOT_DEFAULT | SSL_HIGH,
3596
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3597
        256,
3598
        256,
3599
    },
3600
    {
3601
        1,
3602
        TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3603
        TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3604
        TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3605
        SSL_kDHEPSK,
3606
        SSL_aPSK,
3607
        SSL_ARIA128GCM,
3608
        SSL_AEAD,
3609
        TLS1_2_VERSION,
3610
        TLS1_2_VERSION,
3611
        DTLS1_2_VERSION,
3612
        DTLS1_2_VERSION,
3613
        SSL_NOT_DEFAULT | SSL_HIGH,
3614
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3615
        128,
3616
        128,
3617
    },
3618
    {
3619
        1,
3620
        TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3621
        TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3622
        TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3623
        SSL_kDHEPSK,
3624
        SSL_aPSK,
3625
        SSL_ARIA256GCM,
3626
        SSL_AEAD,
3627
        TLS1_2_VERSION,
3628
        TLS1_2_VERSION,
3629
        DTLS1_2_VERSION,
3630
        DTLS1_2_VERSION,
3631
        SSL_NOT_DEFAULT | SSL_HIGH,
3632
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3633
        256,
3634
        256,
3635
    },
3636
    {
3637
        1,
3638
        TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3639
        TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3640
        TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3641
        SSL_kRSAPSK,
3642
        SSL_aRSA,
3643
        SSL_ARIA128GCM,
3644
        SSL_AEAD,
3645
        TLS1_2_VERSION,
3646
        TLS1_2_VERSION,
3647
        DTLS1_2_VERSION,
3648
        DTLS1_2_VERSION,
3649
        SSL_NOT_DEFAULT | SSL_HIGH,
3650
        SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3651
        128,
3652
        128,
3653
    },
3654
    {
3655
        1,
3656
        TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3657
        TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3658
        TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3659
        SSL_kRSAPSK,
3660
        SSL_aRSA,
3661
        SSL_ARIA256GCM,
3662
        SSL_AEAD,
3663
        TLS1_2_VERSION,
3664
        TLS1_2_VERSION,
3665
        DTLS1_2_VERSION,
3666
        DTLS1_2_VERSION,
3667
        SSL_NOT_DEFAULT | SSL_HIGH,
3668
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3669
        256,
3670
        256,
3671
    },
3672
};
3673

3674
/*
3675
 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3676
 * values stuffed into the ciphers field of the wire protocol for signalling
3677
 * purposes.
3678
 */
3679
static SSL_CIPHER ssl3_scsvs[] = {
3680
    {
3681
        0,
3682
        "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3683
        "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3684
        SSL3_CK_SCSV,
3685
        0,
3686
        0,
3687
        0,
3688
        0,
3689
        0,
3690
        0,
3691
        0,
3692
        0,
3693
        0,
3694
        0,
3695
        0,
3696
        0,
3697
    },
3698
    {
3699
        0,
3700
        "TLS_FALLBACK_SCSV",
3701
        "TLS_FALLBACK_SCSV",
3702
        SSL3_CK_FALLBACK_SCSV,
3703
        0,
3704
        0,
3705
        0,
3706
        0,
3707
        0,
3708
        0,
3709
        0,
3710
        0,
3711
        0,
3712
        0,
3713
        0,
3714
        0,
3715
    },
3716
};
3717

3718
static int cipher_compare(const void *a, const void *b)
3719
{
3720
    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3721
    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3722

3723
    if (ap->id == bp->id)
3724
        return 0;
3725
    return ap->id < bp->id ? -1 : 1;
3726
}
3727

3728
void ssl_sort_cipher_list(void)
3729
{
3730
    qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3731
        cipher_compare);
3732
    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3733
        cipher_compare);
3734
    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3735
}
3736

3737
static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3738
    size_t s, const char *t, size_t u,
3739
    const unsigned char *v, size_t w, int x)
3740
{
3741
    (void)r;
3742
    (void)s;
3743
    (void)t;
3744
    (void)u;
3745
    (void)v;
3746
    (void)w;
3747
    (void)x;
3748
    return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3749
}
3750

3751
const SSL3_ENC_METHOD SSLv3_enc_data = {
3752
    ssl3_setup_key_block,
3753
    ssl3_generate_master_secret,
3754
    ssl3_change_cipher_state,
3755
    ssl3_final_finish_mac,
3756
    SSL3_MD_CLIENT_FINISHED_CONST, 4,
3757
    SSL3_MD_SERVER_FINISHED_CONST, 4,
3758
    ssl3_alert_code,
3759
    sslcon_undefined_function_1,
3760
    0,
3761
    ssl3_set_handshake_header,
3762
    tls_close_construct_packet,
3763
    ssl3_handshake_write
3764
};
3765

3766
OSSL_TIME ssl3_default_timeout(void)
3767
{
3768
    /*
3769
     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3770
     * http, the cache would over fill
3771
     */
3772
    return ossl_seconds2time(60 * 60 * 2);
3773
}
3774

3775
int ssl3_num_ciphers(void)
3776
{
3777
    return SSL3_NUM_CIPHERS;
3778
}
3779

3780
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3781
{
3782
    if (u < SSL3_NUM_CIPHERS)
3783
        return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3784
    else
3785
        return NULL;
3786
}
3787

3788
int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3789
{
3790
    /* No header in the event of a CCS */
3791
    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3792
        return 1;
3793

3794
    /* Set the content type and 3 bytes for the message len */
3795
    if (!WPACKET_put_bytes_u8(pkt, htype)
3796
        || !WPACKET_start_sub_packet_u24(pkt))
3797
        return 0;
3798

3799
    return 1;
3800
}
3801

3802
int ssl3_handshake_write(SSL_CONNECTION *s)
3803
{
3804
    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3805
}
3806

3807
int ssl3_new(SSL *s)
3808
{
3809
#ifndef OPENSSL_NO_SRP
3810
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3811

3812
    if (sc == NULL)
3813
        return 0;
3814

3815
    if (!ssl_srp_ctx_init_intern(sc))
3816
        return 0;
3817
#endif
3818

3819
    if (!s->method->ssl_clear(s))
3820
        return 0;
3821

3822
    return 1;
3823
}
3824

3825
void ssl3_free(SSL *s)
3826
{
3827
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3828
    size_t i;
3829

3830
    if (sc == NULL)
3831
        return;
3832

3833
    ssl3_cleanup_key_block(sc);
3834

3835
    EVP_PKEY_free(sc->s3.peer_tmp);
3836
    sc->s3.peer_tmp = NULL;
3837

3838
    for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3839
        if (sc->s3.tmp.ks_pkey[i] != NULL) {
3840
            if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3841
                sc->s3.tmp.pkey = NULL;
3842

3843
            EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3844
            sc->s3.tmp.ks_pkey[i] = NULL;
3845
        }
3846
    sc->s3.tmp.num_ks_pkey = 0;
3847

3848
    if (sc->s3.tmp.pkey != NULL) {
3849
        EVP_PKEY_free(sc->s3.tmp.pkey);
3850
        sc->s3.tmp.pkey = NULL;
3851
    }
3852

3853
    ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3854
    ssl_evp_md_free(sc->s3.tmp.new_hash);
3855

3856
    OPENSSL_free(sc->s3.tmp.ctype);
3857
    sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3858
    OPENSSL_free(sc->s3.tmp.ciphers_raw);
3859
    OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3860
    OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3861
    OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3862
    OPENSSL_free(sc->s3.tmp.valid_flags);
3863
    ssl3_free_digest_list(sc);
3864
    OPENSSL_free(sc->s3.alpn_selected);
3865
    OPENSSL_free(sc->s3.alpn_proposed);
3866
    ossl_quic_tls_free(sc->qtls);
3867

3868
#ifndef OPENSSL_NO_PSK
3869
    OPENSSL_free(sc->s3.tmp.psk);
3870
#endif
3871

3872
#ifndef OPENSSL_NO_SRP
3873
    ssl_srp_ctx_free_intern(sc);
3874
#endif
3875
    memset(&sc->s3, 0, sizeof(sc->s3));
3876
}
3877

3878
int ssl3_clear(SSL *s)
3879
{
3880
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3881
    int flags;
3882
    size_t i;
3883

3884
    if (sc == NULL)
3885
        return 0;
3886

3887
    ssl3_cleanup_key_block(sc);
3888
    OPENSSL_free(sc->s3.tmp.ctype);
3889
    sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3890
    OPENSSL_free(sc->s3.tmp.ciphers_raw);
3891
    OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3892
    OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3893
    OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3894
    OPENSSL_free(sc->s3.tmp.valid_flags);
3895

3896
    EVP_PKEY_free(sc->s3.peer_tmp);
3897

3898
    for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3899
        if (sc->s3.tmp.ks_pkey[i] != NULL) {
3900
            if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3901
                sc->s3.tmp.pkey = NULL;
3902

3903
            EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3904
            sc->s3.tmp.ks_pkey[i] = NULL;
3905
        }
3906
    sc->s3.tmp.num_ks_pkey = 0;
3907

3908
    if (sc->s3.tmp.pkey != NULL) {
3909
        EVP_PKEY_free(sc->s3.tmp.pkey);
3910
        sc->s3.tmp.pkey = NULL;
3911
    }
3912

3913
    ssl3_free_digest_list(sc);
3914

3915
    OPENSSL_free(sc->s3.alpn_selected);
3916
    OPENSSL_free(sc->s3.alpn_proposed);
3917

3918
    /*
3919
     * NULL/zero-out everything in the s3 struct, but remember if we are doing
3920
     * QUIC.
3921
     */
3922
    flags = sc->s3.flags & (TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL);
3923
    memset(&sc->s3, 0, sizeof(sc->s3));
3924
    sc->s3.flags |= flags;
3925

3926
    if (!ssl_free_wbio_buffer(sc))
3927
        return 0;
3928

3929
    sc->version = SSL3_VERSION;
3930

3931
#if !defined(OPENSSL_NO_NEXTPROTONEG)
3932
    OPENSSL_free(sc->ext.npn);
3933
    sc->ext.npn = NULL;
3934
    sc->ext.npn_len = 0;
3935
#endif
3936

3937
    return 1;
3938
}
3939

3940
#ifndef OPENSSL_NO_SRP
3941
static char *srp_password_from_info_cb(SSL *s, void *arg)
3942
{
3943
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3944

3945
    if (sc == NULL)
3946
        return NULL;
3947

3948
    return OPENSSL_strdup(sc->srp_ctx.info);
3949
}
3950
#endif
3951

3952
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3953

3954
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3955
{
3956
    int ret = 0;
3957
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3958

3959
    if (sc == NULL)
3960
        return ret;
3961

3962
    switch (cmd) {
3963
    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3964
        break;
3965
    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3966
        ret = sc->s3.num_renegotiations;
3967
        break;
3968
    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3969
        ret = sc->s3.num_renegotiations;
3970
        sc->s3.num_renegotiations = 0;
3971
        break;
3972
    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3973
        ret = sc->s3.total_renegotiations;
3974
        break;
3975
    case SSL_CTRL_GET_FLAGS:
3976
        ret = (int)(sc->s3.flags);
3977
        break;
3978
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3979
    case SSL_CTRL_SET_TMP_DH: {
3980
        EVP_PKEY *pkdh = NULL;
3981
        if (parg == NULL) {
3982
            ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3983
            return 0;
3984
        }
3985
        pkdh = ssl_dh_to_pkey(parg);
3986
        if (pkdh == NULL) {
3987
            ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3988
            return 0;
3989
        }
3990
        if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3991
            EVP_PKEY_free(pkdh);
3992
            return 0;
3993
        }
3994
        return 1;
3995
    } break;
3996
    case SSL_CTRL_SET_TMP_DH_CB: {
3997
        ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3998
        return ret;
3999
    }
4000
#endif
4001
    case SSL_CTRL_SET_DH_AUTO:
4002
        sc->cert->dh_tmp_auto = larg;
4003
        return 1;
4004
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4005
    case SSL_CTRL_SET_TMP_ECDH: {
4006
        if (parg == NULL) {
4007
            ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
4008
            return 0;
4009
        }
4010
        return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
4011
            &sc->ext.supportedgroups_len,
4012
            &sc->ext.keyshares,
4013
            &sc->ext.keyshares_len,
4014
            &sc->ext.tuples,
4015
            &sc->ext.tuples_len,
4016
            parg);
4017
    }
4018
#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
4019
    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
4020
        /*
4021
         * This API is only used for a client to set what SNI it will request
4022
         * from the server, but we currently allow it to be used on servers
4023
         * as well, which is a programming error.  Currently we just clear
4024
         * the field in SSL_do_handshake() for server SSLs, but when we can
4025
         * make ABI-breaking changes, we may want to make use of this API
4026
         * an error on server SSLs.
4027
         */
4028
        if (larg == TLSEXT_NAMETYPE_host_name) {
4029
            size_t len;
4030

4031
            OPENSSL_free(sc->ext.hostname);
4032
            sc->ext.hostname = NULL;
4033

4034
            ret = 1;
4035
            if (parg == NULL)
4036
                break;
4037
            len = strlen((char *)parg);
4038
            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
4039
                ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
4040
                return 0;
4041
            }
4042
            if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
4043
                ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4044
                return 0;
4045
            }
4046
        } else {
4047
            ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
4048
            return 0;
4049
        }
4050
        break;
4051
    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
4052
        sc->ext.debug_arg = parg;
4053
        ret = 1;
4054
        break;
4055

4056
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
4057
        ret = sc->ext.status_type;
4058
        break;
4059

4060
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
4061
        sc->ext.status_type = larg;
4062
        ret = 1;
4063
        break;
4064

4065
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
4066
        *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
4067
        ret = 1;
4068
        break;
4069

4070
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
4071
        sc->ext.ocsp.exts = parg;
4072
        ret = 1;
4073
        break;
4074

4075
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
4076
        *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
4077
        ret = 1;
4078
        break;
4079

4080
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
4081
        sc->ext.ocsp.ids = parg;
4082
        ret = 1;
4083
        break;
4084

4085
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
4086
        *(unsigned char **)parg = sc->ext.ocsp.resp;
4087
        if (sc->ext.ocsp.resp_len == 0
4088
            || sc->ext.ocsp.resp_len > LONG_MAX)
4089
            return -1;
4090
        return (long)sc->ext.ocsp.resp_len;
4091

4092
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
4093
        OPENSSL_free(sc->ext.ocsp.resp);
4094
        sc->ext.ocsp.resp = parg;
4095
        sc->ext.ocsp.resp_len = larg;
4096
        ret = 1;
4097
        break;
4098

4099
    case SSL_CTRL_CHAIN:
4100
        if (larg)
4101
            return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
4102
        else
4103
            return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
4104

4105
    case SSL_CTRL_CHAIN_CERT:
4106
        if (larg)
4107
            return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
4108
        else
4109
            return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
4110

4111
    case SSL_CTRL_GET_CHAIN_CERTS:
4112
        *(STACK_OF(X509) **)parg = sc->cert->key->chain;
4113
        ret = 1;
4114
        break;
4115

4116
    case SSL_CTRL_SELECT_CURRENT_CERT:
4117
        return ssl_cert_select_current(sc->cert, (X509 *)parg);
4118

4119
    case SSL_CTRL_SET_CURRENT_CERT:
4120
        if (larg == SSL_CERT_SET_SERVER) {
4121
            const SSL_CIPHER *cipher;
4122
            if (!sc->server)
4123
                return 0;
4124
            cipher = sc->s3.tmp.new_cipher;
4125
            if (cipher == NULL)
4126
                return 0;
4127
            /*
4128
             * No certificate for unauthenticated ciphersuites or using SRP
4129
             * authentication
4130
             */
4131
            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
4132
                return 2;
4133
            if (sc->s3.tmp.cert == NULL)
4134
                return 0;
4135
            sc->cert->key = sc->s3.tmp.cert;
4136
            return 1;
4137
        }
4138
        return ssl_cert_set_current(sc->cert, larg);
4139

4140
    case SSL_CTRL_GET_GROUPS: {
4141
        uint16_t *clist;
4142
        size_t clistlen;
4143

4144
        if (!sc->session)
4145
            return 0;
4146
        clist = sc->ext.peer_supportedgroups;
4147
        clistlen = sc->ext.peer_supportedgroups_len;
4148
        if (parg) {
4149
            size_t i;
4150
            int *cptr = parg;
4151

4152
            for (i = 0; i < clistlen; i++) {
4153
                const TLS_GROUP_INFO *cinf
4154
                    = tls1_group_id_lookup(s->ctx, clist[i]);
4155

4156
                if (cinf != NULL)
4157
                    cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
4158
                else
4159
                    cptr[i] = TLSEXT_nid_unknown | clist[i];
4160
            }
4161
        }
4162
        return (int)clistlen;
4163
    }
4164

4165
    case SSL_CTRL_SET_GROUPS:
4166
        return tls1_set_groups(&sc->ext.supportedgroups,
4167
            &sc->ext.supportedgroups_len,
4168
            &sc->ext.keyshares,
4169
            &sc->ext.keyshares_len,
4170
            &sc->ext.tuples,
4171
            &sc->ext.tuples_len,
4172
            parg, larg);
4173

4174
    case SSL_CTRL_SET_GROUPS_LIST:
4175
        return tls1_set_groups_list(s->ctx,
4176
            &sc->ext.supportedgroups,
4177
            &sc->ext.supportedgroups_len,
4178
            &sc->ext.keyshares,
4179
            &sc->ext.keyshares_len,
4180
            &sc->ext.tuples,
4181
            &sc->ext.tuples_len,
4182
            parg);
4183

4184
    case SSL_CTRL_GET_SHARED_GROUP: {
4185
        uint16_t id = tls1_shared_group(sc, larg);
4186

4187
        if (larg != -1)
4188
            return tls1_group_id2nid(id, 1);
4189
        return id;
4190
    }
4191
    case SSL_CTRL_GET_NEGOTIATED_GROUP: {
4192
        unsigned int id;
4193

4194
        if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
4195
            id = sc->s3.group_id;
4196
        else
4197
            id = (sc->session != NULL) ? sc->session->kex_group : NID_undef;
4198
        ret = tls1_group_id2nid(id, 1);
4199
        break;
4200
    }
4201
    case SSL_CTRL_SET_SIGALGS:
4202
        return tls1_set_sigalgs(sc->cert, parg, larg, 0);
4203

4204
    case SSL_CTRL_SET_SIGALGS_LIST:
4205
        return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
4206

4207
    case SSL_CTRL_SET_CLIENT_SIGALGS:
4208
        return tls1_set_sigalgs(sc->cert, parg, larg, 1);
4209

4210
    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4211
        return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
4212

4213
    case SSL_CTRL_GET_CLIENT_CERT_TYPES: {
4214
        const unsigned char **pctype = parg;
4215
        if (sc->server || !sc->s3.tmp.cert_req)
4216
            return 0;
4217
        if (pctype)
4218
            *pctype = sc->s3.tmp.ctype;
4219
        return sc->s3.tmp.ctype_len;
4220
    }
4221

4222
    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4223
        if (!sc->server)
4224
            return 0;
4225
        return ssl3_set_req_cert_type(sc->cert, parg, larg);
4226

4227
    case SSL_CTRL_BUILD_CERT_CHAIN:
4228
        return ssl_build_cert_chain(sc, NULL, larg);
4229

4230
    case SSL_CTRL_SET_VERIFY_CERT_STORE:
4231
        return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
4232

4233
    case SSL_CTRL_SET_CHAIN_CERT_STORE:
4234
        return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
4235

4236
    case SSL_CTRL_GET_VERIFY_CERT_STORE:
4237
        return ssl_cert_get_cert_store(sc->cert, parg, 0);
4238

4239
    case SSL_CTRL_GET_CHAIN_CERT_STORE:
4240
        return ssl_cert_get_cert_store(sc->cert, parg, 1);
4241

4242
    case SSL_CTRL_GET_PEER_SIGNATURE_NAME:
4243
        if (parg == NULL || sc->s3.tmp.peer_sigalg == NULL)
4244
            return 0;
4245
        *(const char **)parg = sc->s3.tmp.peer_sigalg->name;
4246
        return 1;
4247

4248
    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
4249
        if (sc->s3.tmp.peer_sigalg == NULL)
4250
            return 0;
4251
        *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
4252
        return 1;
4253

4254
    case SSL_CTRL_GET_SIGNATURE_NAME:
4255
        if (parg == NULL || sc->s3.tmp.sigalg == NULL)
4256
            return 0;
4257
        *(const char **)parg = sc->s3.tmp.sigalg->name;
4258
        return 1;
4259

4260
    case SSL_CTRL_GET_SIGNATURE_NID:
4261
        if (sc->s3.tmp.sigalg == NULL)
4262
            return 0;
4263
        *(int *)parg = sc->s3.tmp.sigalg->hash;
4264
        return 1;
4265

4266
    case SSL_CTRL_GET_PEER_TMP_KEY:
4267
        if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
4268
            return 0;
4269
        } else {
4270
            if (!EVP_PKEY_up_ref(sc->s3.peer_tmp))
4271
                return 0;
4272

4273
            *(EVP_PKEY **)parg = sc->s3.peer_tmp;
4274
            return 1;
4275
        }
4276

4277
    case SSL_CTRL_GET_TMP_KEY:
4278
        if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
4279
            return 0;
4280
        } else {
4281
            if (!EVP_PKEY_up_ref(sc->s3.tmp.pkey))
4282
                return 0;
4283

4284
            *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
4285
            return 1;
4286
        }
4287

4288
    case SSL_CTRL_GET_EC_POINT_FORMATS: {
4289
        const unsigned char **pformat = parg;
4290

4291
        if (sc->ext.peer_ecpointformats == NULL)
4292
            return 0;
4293
        *pformat = sc->ext.peer_ecpointformats;
4294
        return (int)sc->ext.peer_ecpointformats_len;
4295
    }
4296

4297
    case SSL_CTRL_GET_IANA_GROUPS: {
4298
        if (parg != NULL) {
4299
            *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
4300
        }
4301
        return (int)sc->ext.peer_supportedgroups_len;
4302
    }
4303

4304
    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
4305
        sc->msg_callback_arg = parg;
4306
        return 1;
4307

4308
    default:
4309
        break;
4310
    }
4311
    return ret;
4312
}
4313

4314
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
4315
{
4316
    int ret = 0;
4317
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4318

4319
    if (sc == NULL)
4320
        return ret;
4321

4322
    switch (cmd) {
4323
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4324
    case SSL_CTRL_SET_TMP_DH_CB:
4325
        sc->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
4326
        ret = 1;
4327
        break;
4328
#endif
4329
    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
4330
        sc->ext.debug_cb = (void (*)(SSL *, int, int,
4331
            const unsigned char *, int, void *))fp;
4332
        ret = 1;
4333
        break;
4334

4335
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4336
        sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4337
        ret = 1;
4338
        break;
4339

4340
    case SSL_CTRL_SET_MSG_CALLBACK:
4341
        sc->msg_callback = (ossl_msg_cb)fp;
4342
        return 1;
4343
    default:
4344
        break;
4345
    }
4346
    return ret;
4347
}
4348

4349
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
4350
{
4351
    switch (cmd) {
4352
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4353
    case SSL_CTRL_SET_TMP_DH: {
4354
        EVP_PKEY *pkdh = NULL;
4355
        if (parg == NULL) {
4356
            ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
4357
            return 0;
4358
        }
4359
        pkdh = ssl_dh_to_pkey(parg);
4360
        if (pkdh == NULL) {
4361
            ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
4362
            return 0;
4363
        }
4364
        if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
4365
            EVP_PKEY_free(pkdh);
4366
            return 0;
4367
        }
4368
        return 1;
4369
    }
4370
    case SSL_CTRL_SET_TMP_DH_CB: {
4371
        ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
4372
        return 0;
4373
    }
4374
#endif
4375
    case SSL_CTRL_SET_DH_AUTO:
4376
        ctx->cert->dh_tmp_auto = larg;
4377
        return 1;
4378
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4379
    case SSL_CTRL_SET_TMP_ECDH: {
4380
        if (parg == NULL) {
4381
            ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
4382
            return 0;
4383
        }
4384
        return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
4385
            &ctx->ext.supportedgroups_len,
4386
            &ctx->ext.keyshares,
4387
            &ctx->ext.keyshares_len,
4388
            &ctx->ext.tuples,
4389
            &ctx->ext.tuples_len,
4390
            parg);
4391
    }
4392
#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
4393
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
4394
        ctx->ext.servername_arg = parg;
4395
        break;
4396
    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
4397
    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: {
4398
        unsigned char *keys = parg;
4399
        long tick_keylen = (sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key) + sizeof(ctx->ext.secure->tick_aes_key));
4400
        if (keys == NULL)
4401
            return tick_keylen;
4402
        if (larg != tick_keylen) {
4403
            ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
4404
            return 0;
4405
        }
4406
        if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
4407
            memcpy(ctx->ext.tick_key_name, keys,
4408
                sizeof(ctx->ext.tick_key_name));
4409
            memcpy(ctx->ext.secure->tick_hmac_key,
4410
                keys + sizeof(ctx->ext.tick_key_name),
4411
                sizeof(ctx->ext.secure->tick_hmac_key));
4412
            memcpy(ctx->ext.secure->tick_aes_key,
4413
                keys + sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key),
4414
                sizeof(ctx->ext.secure->tick_aes_key));
4415
        } else {
4416
            memcpy(keys, ctx->ext.tick_key_name,
4417
                sizeof(ctx->ext.tick_key_name));
4418
            memcpy(keys + sizeof(ctx->ext.tick_key_name),
4419
                ctx->ext.secure->tick_hmac_key,
4420
                sizeof(ctx->ext.secure->tick_hmac_key));
4421
            memcpy(keys + sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key),
4422
                ctx->ext.secure->tick_aes_key,
4423
                sizeof(ctx->ext.secure->tick_aes_key));
4424
        }
4425
        return 1;
4426
    }
4427

4428
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
4429
        return ctx->ext.status_type;
4430

4431
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
4432
        ctx->ext.status_type = larg;
4433
        break;
4434

4435
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
4436
        ctx->ext.status_arg = parg;
4437
        return 1;
4438

4439
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
4440
        *(void **)parg = ctx->ext.status_arg;
4441
        break;
4442

4443
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
4444
        *(int (**)(SSL *, void *))parg = ctx->ext.status_cb;
4445
        break;
4446

4447
#ifndef OPENSSL_NO_SRP
4448
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
4449
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4450
        OPENSSL_free(ctx->srp_ctx.login);
4451
        ctx->srp_ctx.login = NULL;
4452
        if (parg == NULL)
4453
            break;
4454
        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
4455
            ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
4456
            return 0;
4457
        }
4458
        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
4459
            ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4460
            return 0;
4461
        }
4462
        break;
4463
    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
4464
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb;
4465
        if (ctx->srp_ctx.info != NULL)
4466
            OPENSSL_free(ctx->srp_ctx.info);
4467
        if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
4468
            ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4469
            return 0;
4470
        }
4471
        break;
4472
    case SSL_CTRL_SET_SRP_ARG:
4473
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4474
        ctx->srp_ctx.SRP_cb_arg = parg;
4475
        break;
4476

4477
    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4478
        ctx->srp_ctx.strength = larg;
4479
        break;
4480
#endif
4481

4482
    case SSL_CTRL_SET_GROUPS:
4483
        return tls1_set_groups(&ctx->ext.supportedgroups,
4484
            &ctx->ext.supportedgroups_len,
4485
            &ctx->ext.keyshares,
4486
            &ctx->ext.keyshares_len,
4487
            &ctx->ext.tuples,
4488
            &ctx->ext.tuples_len,
4489
            parg, larg);
4490

4491
    case SSL_CTRL_SET_GROUPS_LIST:
4492
        return tls1_set_groups_list(ctx,
4493
            &ctx->ext.supportedgroups,
4494
            &ctx->ext.supportedgroups_len,
4495
            &ctx->ext.keyshares,
4496
            &ctx->ext.keyshares_len,
4497
            &ctx->ext.tuples,
4498
            &ctx->ext.tuples_len,
4499
            parg);
4500

4501
    case SSL_CTRL_GET0_IMPLEMENTED_GROUPS:
4502
        return tls1_get0_implemented_groups(ctx->min_proto_version,
4503
            ctx->max_proto_version,
4504
            ctx->group_list,
4505
            ctx->group_list_len, larg, parg);
4506

4507
    case SSL_CTRL_SET_SIGALGS:
4508
        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4509

4510
    case SSL_CTRL_SET_SIGALGS_LIST:
4511
        return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4512

4513
    case SSL_CTRL_SET_CLIENT_SIGALGS:
4514
        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4515

4516
    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4517
        return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4518

4519
    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4520
        return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4521

4522
    case SSL_CTRL_BUILD_CERT_CHAIN:
4523
        return ssl_build_cert_chain(NULL, ctx, larg);
4524

4525
    case SSL_CTRL_SET_VERIFY_CERT_STORE:
4526
        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4527

4528
    case SSL_CTRL_SET_CHAIN_CERT_STORE:
4529
        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4530

4531
    case SSL_CTRL_GET_VERIFY_CERT_STORE:
4532
        return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4533

4534
    case SSL_CTRL_GET_CHAIN_CERT_STORE:
4535
        return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4536

4537
        /* A Thawte special :-) */
4538
    case SSL_CTRL_EXTRA_CHAIN_CERT:
4539
        if (ctx->extra_certs == NULL) {
4540
            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4541
                ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4542
                return 0;
4543
            }
4544
        }
4545
        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4546
            ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4547
            return 0;
4548
        }
4549
        break;
4550

4551
    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4552
        if (ctx->extra_certs == NULL && larg == 0)
4553
            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4554
        else
4555
            *(STACK_OF(X509) **)parg = ctx->extra_certs;
4556
        break;
4557

4558
    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4559
        OSSL_STACK_OF_X509_free(ctx->extra_certs);
4560
        ctx->extra_certs = NULL;
4561
        break;
4562

4563
    case SSL_CTRL_CHAIN:
4564
        if (larg)
4565
            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4566
        else
4567
            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4568

4569
    case SSL_CTRL_CHAIN_CERT:
4570
        if (larg)
4571
            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4572
        else
4573
            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4574

4575
    case SSL_CTRL_GET_CHAIN_CERTS:
4576
        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4577
        break;
4578

4579
    case SSL_CTRL_SELECT_CURRENT_CERT:
4580
        return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4581

4582
    case SSL_CTRL_SET_CURRENT_CERT:
4583
        return ssl_cert_set_current(ctx->cert, larg);
4584

4585
    default:
4586
        return 0;
4587
    }
4588
    return 1;
4589
}
4590

4591
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
4592
{
4593
    switch (cmd) {
4594
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4595
    case SSL_CTRL_SET_TMP_DH_CB: {
4596
        ctx->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
4597
    } break;
4598
#endif
4599
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4600
        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4601
        break;
4602

4603
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4604
        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4605
        break;
4606

4607
#ifndef OPENSSL_NO_DEPRECATED_3_0
4608
    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4609
        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4610
            unsigned char *,
4611
            EVP_CIPHER_CTX *,
4612
            HMAC_CTX *, int))fp;
4613
        break;
4614
#endif
4615

4616
#ifndef OPENSSL_NO_SRP
4617
    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4618
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4619
        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4620
        break;
4621
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4622
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4623
        ctx->srp_ctx.TLS_ext_srp_username_callback = (int (*)(SSL *, int *, void *))fp;
4624
        break;
4625
    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4626
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4627
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback = (char *(*)(SSL *, void *))fp;
4628
        break;
4629
#endif
4630
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: {
4631
        ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4632
    } break;
4633
    default:
4634
        return 0;
4635
    }
4636
    return 1;
4637
}
4638

4639
int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4640
{
4641
    ctx->ext.ticket_key_evp_cb = fp;
4642
    return 1;
4643
}
4644

4645
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4646
{
4647
    SSL_CIPHER c;
4648
    const SSL_CIPHER *cp;
4649

4650
    c.id = id;
4651
    cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4652
    if (cp != NULL)
4653
        return cp;
4654
    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4655
    if (cp != NULL)
4656
        return cp;
4657
    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4658
}
4659

4660
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4661
{
4662
    SSL_CIPHER *tbl;
4663
    SSL_CIPHER *alltabs[] = { tls13_ciphers, ssl3_ciphers, ssl3_scsvs };
4664
    size_t i, j, tblsize[] = { TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, SSL3_NUM_SCSVS };
4665

4666
    /* this is not efficient, necessary to optimize this? */
4667
    for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4668
        for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4669
            if (tbl->stdname == NULL)
4670
                continue;
4671
            if (strcmp(stdname, tbl->stdname) == 0) {
4672
                return tbl;
4673
            }
4674
        }
4675
    }
4676
    return NULL;
4677
}
4678

4679
/*
4680
 * This function needs to check if the ciphers required are actually
4681
 * available
4682
 */
4683
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4684
{
4685
    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4686
        | ((uint32_t)p[0] << 8L)
4687
        | (uint32_t)p[1]);
4688
}
4689

4690
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4691
{
4692
    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4693
        *len = 0;
4694
        return 1;
4695
    }
4696

4697
    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4698
        return 0;
4699

4700
    *len = 2;
4701
    return 1;
4702
}
4703

4704
/*
4705
 * ssl3_choose_cipher - choose a cipher from those offered by the client
4706
 * @s: SSL connection
4707
 * @clnt: ciphers offered by the client
4708
 * @srvr: ciphers enabled on the server?
4709
 *
4710
 * Returns the selected cipher or NULL when no common ciphers.
4711
 */
4712
const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4713
    STACK_OF(SSL_CIPHER) *srvr)
4714
{
4715
    const SSL_CIPHER *c, *ret = NULL;
4716
    STACK_OF(SSL_CIPHER) *prio, *allow;
4717
    int i, ii, ok, prefer_sha256 = 0;
4718
    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4719
    STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4720

4721
    /* Let's see which ciphers we can support */
4722

4723
    /*
4724
     * Do not set the compare functions, because this may lead to a
4725
     * reordering by "id". We want to keep the original ordering. We may pay
4726
     * a price in performance during sk_SSL_CIPHER_find(), but would have to
4727
     * pay with the price of sk_SSL_CIPHER_dup().
4728
     */
4729

4730
    OSSL_TRACE_BEGIN(TLS_CIPHER)
4731
    {
4732
        BIO_printf(trc_out, "Server has %d from %p:\n",
4733
            sk_SSL_CIPHER_num(srvr), (void *)srvr);
4734
        for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4735
            c = sk_SSL_CIPHER_value(srvr, i);
4736
            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4737
        }
4738
        BIO_printf(trc_out, "Client sent %d from %p:\n",
4739
            sk_SSL_CIPHER_num(clnt), (void *)clnt);
4740
        for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4741
            c = sk_SSL_CIPHER_value(clnt, i);
4742
            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4743
        }
4744
    }
4745
    OSSL_TRACE_END(TLS_CIPHER);
4746

4747
    /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4748
    if (tls1_suiteb(s)) {
4749
        prio = srvr;
4750
        allow = clnt;
4751
    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4752
        prio = srvr;
4753
        allow = clnt;
4754

4755
        /* If ChaCha20 is at the top of the client preference list,
4756
           and there are ChaCha20 ciphers in the server list, then
4757
           temporarily prioritize all ChaCha20 ciphers in the servers list. */
4758
        if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4759
            c = sk_SSL_CIPHER_value(clnt, 0);
4760
            if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4761
                /* ChaCha20 is client preferred, check server... */
4762
                int num = sk_SSL_CIPHER_num(srvr);
4763
                int found = 0;
4764
                for (i = 0; i < num; i++) {
4765
                    c = sk_SSL_CIPHER_value(srvr, i);
4766
                    if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4767
                        found = 1;
4768
                        break;
4769
                    }
4770
                }
4771
                if (found) {
4772
                    prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4773
                    /* if reserve fails, then there's likely a memory issue */
4774
                    if (prio_chacha != NULL) {
4775
                        /* Put all ChaCha20 at the top, starting with the one we just found */
4776
                        sk_SSL_CIPHER_push(prio_chacha, c);
4777
                        for (i++; i < num; i++) {
4778
                            c = sk_SSL_CIPHER_value(srvr, i);
4779
                            if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4780
                                sk_SSL_CIPHER_push(prio_chacha, c);
4781
                        }
4782
                        /* Pull in the rest */
4783
                        for (i = 0; i < num; i++) {
4784
                            c = sk_SSL_CIPHER_value(srvr, i);
4785
                            if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4786
                                sk_SSL_CIPHER_push(prio_chacha, c);
4787
                        }
4788
                        prio = prio_chacha;
4789
                    }
4790
                }
4791
            }
4792
        }
4793
    } else {
4794
        prio = clnt;
4795
        allow = srvr;
4796
    }
4797

4798
    if (SSL_CONNECTION_IS_TLS13(s)) {
4799
#ifndef OPENSSL_NO_PSK
4800
        size_t j;
4801

4802
        /*
4803
         * If we allow "old" style PSK callbacks, and we have no certificate (so
4804
         * we're not going to succeed without a PSK anyway), and we're in
4805
         * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4806
         * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4807
         * that.
4808
         */
4809
        if (s->psk_server_callback != NULL) {
4810
            for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, j); j++)
4811
                ;
4812
            if (j == s->ssl_pkey_num) {
4813
                /* There are no certificates */
4814
                prefer_sha256 = 1;
4815
            }
4816
        }
4817
#endif
4818
    } else {
4819
        tls1_set_cert_validity(s);
4820
        ssl_set_masks(s);
4821
    }
4822

4823
    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4824
        int minversion, maxversion;
4825

4826
        c = sk_SSL_CIPHER_value(prio, i);
4827
        minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4828
        maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4829

4830
        /* Skip ciphers not supported by the protocol version */
4831
        if (ssl_version_cmp(s, s->version, minversion) < 0
4832
            || ssl_version_cmp(s, s->version, maxversion) > 0)
4833
            continue;
4834

4835
        /*
4836
         * Since TLS 1.3 ciphersuites can be used with any auth or
4837
         * key exchange scheme skip tests.
4838
         */
4839
        if (!SSL_CONNECTION_IS_TLS13(s)) {
4840
            mask_k = s->s3.tmp.mask_k;
4841
            mask_a = s->s3.tmp.mask_a;
4842
#ifndef OPENSSL_NO_SRP
4843
            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4844
                mask_k |= SSL_kSRP;
4845
                mask_a |= SSL_aSRP;
4846
            }
4847
#endif
4848

4849
            alg_k = c->algorithm_mkey;
4850
            alg_a = c->algorithm_auth;
4851

4852
#ifndef OPENSSL_NO_PSK
4853
            /* with PSK there must be server callback set */
4854
            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4855
                continue;
4856
#endif /* OPENSSL_NO_PSK */
4857

4858
            ok = (alg_k & mask_k) && (alg_a & mask_a);
4859
            OSSL_TRACE7(TLS_CIPHER,
4860
                "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4861
                ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4862

4863
            /*
4864
             * if we are considering an ECC cipher suite that uses an ephemeral
4865
             * EC key check it
4866
             */
4867
            if (alg_k & SSL_kECDHE)
4868
                ok = ok && tls1_check_ec_tmp_key(s, c->id);
4869

4870
            if (!ok)
4871
                continue;
4872
        }
4873
        ii = sk_SSL_CIPHER_find(allow, c);
4874
        if (ii >= 0) {
4875
            /* Check security callback permits this cipher */
4876
            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4877
                    c->strength_bits, 0, (void *)c))
4878
                continue;
4879

4880
            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4881
                && s->s3.is_probably_safari) {
4882
                if (!ret)
4883
                    ret = sk_SSL_CIPHER_value(allow, ii);
4884
                continue;
4885
            }
4886

4887
            if (prefer_sha256) {
4888
                const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4889
                const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4890
                    tmp->algorithm2);
4891

4892
                if (md != NULL
4893
                    && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4894
                    ret = tmp;
4895
                    break;
4896
                }
4897
                if (ret == NULL)
4898
                    ret = tmp;
4899
                continue;
4900
            }
4901
            ret = sk_SSL_CIPHER_value(allow, ii);
4902
            break;
4903
        }
4904
    }
4905

4906
    sk_SSL_CIPHER_free(prio_chacha);
4907

4908
    return ret;
4909
}
4910

4911
int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4912
{
4913
    uint32_t alg_k, alg_a = 0;
4914

4915
    /* If we have custom certificate types set, use them */
4916
    if (s->cert->ctype)
4917
        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4918
    /* Get mask of algorithms disabled by signature list */
4919
    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4920

4921
    alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4922

4923
#ifndef OPENSSL_NO_GOST
4924
    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4925
        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4926
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4927
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4928
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4929
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4930
            return 0;
4931

4932
    if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4933
        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4934
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4935
            return 0;
4936
#endif
4937

4938
    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4939
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4940
            return 0;
4941
        if (!(alg_a & SSL_aDSS)
4942
            && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4943
            return 0;
4944
    }
4945
    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4946
        return 0;
4947
    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4948
        return 0;
4949

4950
    /*
4951
     * ECDSA certs can be used with RSA cipher suites too so we don't
4952
     * need to check for SSL_kECDH or SSL_kECDHE
4953
     */
4954
    if (s->version >= TLS1_VERSION
4955
        && !(alg_a & SSL_aECDSA)
4956
        && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4957
        return 0;
4958

4959
    return 1;
4960
}
4961

4962
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4963
{
4964
    OPENSSL_free(c->ctype);
4965
    c->ctype = NULL;
4966
    c->ctype_len = 0;
4967
    if (p == NULL || len == 0)
4968
        return 1;
4969
    if (len > 0xff)
4970
        return 0;
4971
    c->ctype = OPENSSL_memdup(p, len);
4972
    if (c->ctype == NULL)
4973
        return 0;
4974
    c->ctype_len = len;
4975
    return 1;
4976
}
4977

4978
int ssl3_shutdown(SSL *s)
4979
{
4980
    int ret;
4981
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4982

4983
    if (sc == NULL)
4984
        return 0;
4985

4986
    /*
4987
     * Don't do anything much if we have not done the handshake or we don't
4988
     * want to send messages :-)
4989
     */
4990
    if (sc->quiet_shutdown || SSL_in_before(s)) {
4991
        sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4992
        return 1;
4993
    }
4994

4995
    if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4996
        sc->shutdown |= SSL_SENT_SHUTDOWN;
4997
        ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4998
        /*
4999
         * our shutdown alert has been sent now, and if it still needs to be
5000
         * written, s->s3.alert_dispatch will be > 0
5001
         */
5002
        if (sc->s3.alert_dispatch > 0)
5003
            return -1; /* return WANT_WRITE */
5004
    } else if (sc->s3.alert_dispatch > 0) {
5005
        /* resend it if not sent */
5006
        ret = s->method->ssl_dispatch_alert(s);
5007
        if (ret == -1) {
5008
            /*
5009
             * we only get to return -1 here the 2nd/Nth invocation, we must
5010
             * have already signalled return 0 upon a previous invocation,
5011
             * return WANT_WRITE
5012
             */
5013
            return ret;
5014
        }
5015
    } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
5016
        size_t readbytes;
5017
        /*
5018
         * If we are waiting for a close from our peer, we are closed
5019
         */
5020
        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
5021
        if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
5022
            return -1; /* return WANT_READ */
5023
        }
5024
    }
5025

5026
    if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
5027
        && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
5028
        return 1;
5029
    else
5030
        return 0;
5031
}
5032

5033
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
5034
{
5035
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
5036

5037
    if (sc == NULL)
5038
        return 0;
5039

5040
    clear_sys_error();
5041
    if (sc->s3.renegotiate)
5042
        ssl3_renegotiate_check(s, 0);
5043

5044
    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
5045
        written);
5046
}
5047

5048
static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
5049
    size_t *readbytes)
5050
{
5051
    int ret;
5052
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
5053

5054
    if (sc == NULL)
5055
        return 0;
5056

5057
    clear_sys_error();
5058
    if (sc->s3.renegotiate)
5059
        ssl3_renegotiate_check(s, 0);
5060
    sc->s3.in_read_app_data = 1;
5061
    ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
5062
        peek, readbytes);
5063
    if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
5064
        /*
5065
         * ssl3_read_bytes decided to call s->handshake_func, which called
5066
         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
5067
         * actually found application data and thinks that application data
5068
         * makes sense here; so disable handshake processing and try to read
5069
         * application data again.
5070
         */
5071
        ossl_statem_set_in_handshake(sc, 1);
5072
        ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
5073
            len, peek, readbytes);
5074
        ossl_statem_set_in_handshake(sc, 0);
5075
    } else
5076
        sc->s3.in_read_app_data = 0;
5077

5078
    return ret;
5079
}
5080

5081
int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
5082
{
5083
    return ssl3_read_internal(s, buf, len, 0, readbytes);
5084
}
5085

5086
int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
5087
{
5088
    return ssl3_read_internal(s, buf, len, 1, readbytes);
5089
}
5090

5091
int ssl3_renegotiate(SSL *s)
5092
{
5093
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
5094

5095
    if (sc == NULL)
5096
        return 0;
5097

5098
    if (sc->handshake_func == NULL)
5099
        return 1;
5100

5101
    sc->s3.renegotiate = 1;
5102
    return 1;
5103
}
5104

5105
/*
5106
 * Check if we are waiting to do a renegotiation and if so whether now is a
5107
 * good time to do it. If |initok| is true then we are being called from inside
5108
 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
5109
 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
5110
 * should do a renegotiation now and sets up the state machine for it. Otherwise
5111
 * returns 0.
5112
 */
5113
int ssl3_renegotiate_check(SSL *s, int initok)
5114
{
5115
    int ret = 0;
5116
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
5117

5118
    if (sc == NULL)
5119
        return 0;
5120

5121
    if (sc->s3.renegotiate) {
5122
        if (!RECORD_LAYER_read_pending(&sc->rlayer)
5123
            && !RECORD_LAYER_write_pending(&sc->rlayer)
5124
            && (initok || !SSL_in_init(s))) {
5125
            /*
5126
             * if we are the server, and we have sent a 'RENEGOTIATE'
5127
             * message, we need to set the state machine into the renegotiate
5128
             * state.
5129
             */
5130
            ossl_statem_set_renegotiate(sc);
5131
            sc->s3.renegotiate = 0;
5132
            sc->s3.num_renegotiations++;
5133
            sc->s3.total_renegotiations++;
5134
            ret = 1;
5135
        }
5136
    }
5137
    return ret;
5138
}
5139

5140
/*
5141
 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
5142
 * handshake macs if required.
5143
 *
5144
 * If PSK and using SHA384 for TLS < 1.2 switch to default.
5145
 */
5146
long ssl_get_algorithm2(SSL_CONNECTION *s)
5147
{
5148
    long alg2;
5149
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
5150

5151
    if (s->s3.tmp.new_cipher == NULL)
5152
        return -1;
5153
    alg2 = s->s3.tmp.new_cipher->algorithm2;
5154
    if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
5155
        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
5156
            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
5157
    } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
5158
        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
5159
            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
5160
    }
5161
    return alg2;
5162
}
5163

5164
/*
5165
 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
5166
 * failure, 1 on success.
5167
 */
5168
int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
5169
    unsigned char *result, size_t len,
5170
    DOWNGRADE dgrd)
5171
{
5172
    int send_time = 0, ret;
5173

5174
    if (len < 4)
5175
        return 0;
5176
    if (server)
5177
        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
5178
    else
5179
        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
5180
    if (send_time) {
5181
        unsigned long Time = (unsigned long)time(NULL);
5182
        unsigned char *p = result;
5183

5184
        l2n(Time, p);
5185
        ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
5186
    } else {
5187
        ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
5188
    }
5189

5190
    if (ret > 0) {
5191
        if (!ossl_assert(sizeof(tls11downgrade) < len)
5192
            || !ossl_assert(sizeof(tls12downgrade) < len))
5193
            return 0;
5194
        if (dgrd == DOWNGRADE_TO_1_2)
5195
            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
5196
                sizeof(tls12downgrade));
5197
        else if (dgrd == DOWNGRADE_TO_1_1)
5198
            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
5199
                sizeof(tls11downgrade));
5200
    }
5201

5202
    return ret;
5203
}
5204

5205
int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
5206
    size_t pmslen, int free_pms)
5207
{
5208
    unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
5209
    int ret = 0;
5210
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
5211

5212
    if (alg_k & SSL_PSK) {
5213
#ifndef OPENSSL_NO_PSK
5214
        unsigned char *pskpms, *t;
5215
        size_t psklen = s->s3.tmp.psklen;
5216
        size_t pskpmslen;
5217

5218
        /* create PSK premaster_secret */
5219

5220
        /* For plain PSK "other_secret" is psklen zeroes */
5221
        if (alg_k & SSL_kPSK)
5222
            pmslen = psklen;
5223

5224
        pskpmslen = 4 + pmslen + psklen;
5225
        pskpms = OPENSSL_malloc(pskpmslen);
5226
        if (pskpms == NULL)
5227
            goto err;
5228
        t = pskpms;
5229
        s2n(pmslen, t);
5230
        if (alg_k & SSL_kPSK)
5231
            memset(t, 0, pmslen);
5232
        else
5233
            memcpy(t, pms, pmslen);
5234
        t += pmslen;
5235
        s2n(psklen, t);
5236
        memcpy(t, s->s3.tmp.psk, psklen);
5237

5238
        OPENSSL_clear_free(s->s3.tmp.psk, psklen);
5239
        s->s3.tmp.psk = NULL;
5240
        s->s3.tmp.psklen = 0;
5241
        if (!ssl->method->ssl3_enc->generate_master_secret(s,
5242
                s->session->master_key, pskpms, pskpmslen,
5243
                &s->session->master_key_length)) {
5244
            OPENSSL_clear_free(pskpms, pskpmslen);
5245
            /* SSLfatal() already called */
5246
            goto err;
5247
        }
5248
        OPENSSL_clear_free(pskpms, pskpmslen);
5249
#else
5250
        /* Should never happen */
5251
        goto err;
5252
#endif
5253
    } else {
5254
        if (!ssl->method->ssl3_enc->generate_master_secret(s,
5255
                s->session->master_key, pms, pmslen,
5256
                &s->session->master_key_length)) {
5257
            /* SSLfatal() already called */
5258
            goto err;
5259
        }
5260
    }
5261

5262
    ret = 1;
5263
err:
5264
    if (pms) {
5265
        if (free_pms)
5266
            OPENSSL_clear_free(pms, pmslen);
5267
        else
5268
            OPENSSL_cleanse(pms, pmslen);
5269
    }
5270
    if (s->server == 0) {
5271
        s->s3.tmp.pms = NULL;
5272
        s->s3.tmp.pmslen = 0;
5273
    }
5274
    return ret;
5275
}
5276

5277
/* Generate a private key from parameters */
5278
EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
5279
{
5280
    EVP_PKEY_CTX *pctx = NULL;
5281
    EVP_PKEY *pkey = NULL;
5282
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5283

5284
    if (pm == NULL)
5285
        return NULL;
5286
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
5287
    if (pctx == NULL)
5288
        goto err;
5289
    if (EVP_PKEY_keygen_init(pctx) <= 0)
5290
        goto err;
5291
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
5292
        EVP_PKEY_free(pkey);
5293
        pkey = NULL;
5294
    }
5295

5296
err:
5297
    EVP_PKEY_CTX_free(pctx);
5298
    return pkey;
5299
}
5300

5301
/* Generate a private key from a group ID */
5302
EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
5303
{
5304
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5305
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
5306
    EVP_PKEY_CTX *pctx = NULL;
5307
    EVP_PKEY *pkey = NULL;
5308

5309
    if (ginf == NULL) {
5310
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5311
        goto err;
5312
    }
5313

5314
    pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
5315
        sctx->propq);
5316

5317
    if (pctx == NULL) {
5318
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5319
        goto err;
5320
    }
5321
    if (EVP_PKEY_keygen_init(pctx) <= 0) {
5322
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5323
        goto err;
5324
    }
5325
    if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
5326
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5327
        goto err;
5328
    }
5329
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
5330
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5331
        EVP_PKEY_free(pkey);
5332
        pkey = NULL;
5333
    }
5334

5335
err:
5336
    EVP_PKEY_CTX_free(pctx);
5337
    return pkey;
5338
}
5339

5340
/*
5341
 * Generate parameters from a group ID
5342
 */
5343
EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
5344
{
5345
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5346
    EVP_PKEY_CTX *pctx = NULL;
5347
    EVP_PKEY *pkey = NULL;
5348
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
5349

5350
    if (ginf == NULL)
5351
        goto err;
5352

5353
    pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
5354
        sctx->propq);
5355

5356
    if (pctx == NULL)
5357
        goto err;
5358
    if (EVP_PKEY_paramgen_init(pctx) <= 0)
5359
        goto err;
5360
    if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
5361
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
5362
        goto err;
5363
    }
5364
    if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
5365
        EVP_PKEY_free(pkey);
5366
        pkey = NULL;
5367
    }
5368

5369
err:
5370
    EVP_PKEY_CTX_free(pctx);
5371
    return pkey;
5372
}
5373

5374
/* Generate secrets from pms */
5375
int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
5376
{
5377
    int rv = 0;
5378

5379
    /* SSLfatal() called as appropriate in the below functions */
5380
    if (SSL_CONNECTION_IS_TLS13(s)) {
5381
        /*
5382
         * If we are resuming then we already generated the early secret
5383
         * when we created the ClientHello, so don't recreate it.
5384
         */
5385
        if (!s->hit)
5386
            rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
5387
                0,
5388
                (unsigned char *)&s->early_secret);
5389
        else
5390
            rv = 1;
5391

5392
        rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
5393
    } else {
5394
        rv = ssl_generate_master_secret(s, pms, pmslen, 0);
5395
    }
5396

5397
    return rv;
5398
}
5399

5400
/* Derive secrets for ECDH/DH */
5401
int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
5402
{
5403
    int rv = 0;
5404
    unsigned char *pms = NULL;
5405
    size_t pmslen = 0;
5406
    EVP_PKEY_CTX *pctx;
5407
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5408

5409
    if (privkey == NULL || pubkey == NULL) {
5410
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5411
        return 0;
5412
    }
5413

5414
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5415

5416
    if (EVP_PKEY_derive_init(pctx) <= 0
5417
        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
5418
        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
5419
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5420
        goto err;
5421
    }
5422

5423
    if (SSL_CONNECTION_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
5424
        EVP_PKEY_CTX_set_dh_pad(pctx, 1);
5425

5426
    pms = OPENSSL_malloc(pmslen);
5427
    if (pms == NULL) {
5428
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5429
        goto err;
5430
    }
5431

5432
    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
5433
        /*
5434
         * the public key was probably a weak key
5435
         */
5436
        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5437
        goto err;
5438
    }
5439

5440
    if (gensecret) {
5441
        /* SSLfatal() called as appropriate in the below functions */
5442
        rv = ssl_gensecret(s, pms, pmslen);
5443
    } else {
5444
        /* Save premaster secret */
5445
        s->s3.tmp.pms = pms;
5446
        s->s3.tmp.pmslen = pmslen;
5447
        pms = NULL;
5448
        rv = 1;
5449
    }
5450

5451
err:
5452
    OPENSSL_clear_free(pms, pmslen);
5453
    EVP_PKEY_CTX_free(pctx);
5454
    return rv;
5455
}
5456

5457
/* Decapsulate secrets for KEM */
5458
int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
5459
    const unsigned char *ct, size_t ctlen,
5460
    int gensecret)
5461
{
5462
    int rv = 0;
5463
    unsigned char *pms = NULL;
5464
    size_t pmslen = 0;
5465
    EVP_PKEY_CTX *pctx;
5466
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5467

5468
    if (privkey == NULL) {
5469
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5470
        return 0;
5471
    }
5472

5473
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5474

5475
    if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
5476
        || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
5477
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5478
        goto err;
5479
    }
5480

5481
    pms = OPENSSL_malloc(pmslen);
5482
    if (pms == NULL) {
5483
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5484
        goto err;
5485
    }
5486

5487
    if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5488
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5489
        goto err;
5490
    }
5491

5492
    if (gensecret) {
5493
        /* SSLfatal() called as appropriate in the below functions */
5494
        rv = ssl_gensecret(s, pms, pmslen);
5495
    } else {
5496
        /* Save premaster secret */
5497
        s->s3.tmp.pms = pms;
5498
        s->s3.tmp.pmslen = pmslen;
5499
        pms = NULL;
5500
        rv = 1;
5501
    }
5502

5503
err:
5504
    OPENSSL_clear_free(pms, pmslen);
5505
    EVP_PKEY_CTX_free(pctx);
5506
    return rv;
5507
}
5508

5509
int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5510
    unsigned char **ctp, size_t *ctlenp,
5511
    int gensecret)
5512
{
5513
    int rv = 0;
5514
    unsigned char *pms = NULL, *ct = NULL;
5515
    size_t pmslen = 0, ctlen = 0;
5516
    EVP_PKEY_CTX *pctx;
5517
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5518

5519
    if (pubkey == NULL) {
5520
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5521
        return 0;
5522
    }
5523

5524
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5525

5526
    if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5527
        || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5528
        || pmslen == 0 || ctlen == 0) {
5529
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5530
        goto err;
5531
    }
5532

5533
    pms = OPENSSL_malloc(pmslen);
5534
    ct = OPENSSL_malloc(ctlen);
5535
    if (pms == NULL || ct == NULL) {
5536
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5537
        goto err;
5538
    }
5539

5540
    if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5541
        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5542
        goto err;
5543
    }
5544

5545
    if (gensecret) {
5546
        /* SSLfatal() called as appropriate in the below functions */
5547
        rv = ssl_gensecret(s, pms, pmslen);
5548
    } else {
5549
        /* Save premaster secret */
5550
        s->s3.tmp.pms = pms;
5551
        s->s3.tmp.pmslen = pmslen;
5552
        pms = NULL;
5553
        rv = 1;
5554
    }
5555

5556
    if (rv > 0) {
5557
        /* Pass ownership of ct to caller */
5558
        *ctp = ct;
5559
        *ctlenp = ctlen;
5560
        ct = NULL;
5561
    }
5562

5563
err:
5564
    OPENSSL_clear_free(pms, pmslen);
5565
    OPENSSL_free(ct);
5566
    EVP_PKEY_CTX_free(pctx);
5567
    return rv;
5568
}
5569

5570
const char *SSL_get0_group_name(SSL *s)
5571
{
5572
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5573
    unsigned int id;
5574

5575
    if (sc == NULL)
5576
        return NULL;
5577

5578
    if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5579
        id = sc->s3.group_id;
5580
    else
5581
        id = sc->session->kex_group;
5582

5583
    return tls1_group_id2name(s->ctx, id);
5584
}
5585

5586
const char *SSL_group_to_name(SSL *s, int nid)
5587
{
5588
    int group_id = 0;
5589
    const TLS_GROUP_INFO *cinf = NULL;
5590

5591
    /* first convert to real group id for internal and external IDs */
5592
    if (nid & TLSEXT_nid_unknown)
5593
        group_id = nid & 0xFFFF;
5594
    else
5595
        group_id = tls1_nid2group_id(nid);
5596

5597
    /* then look up */
5598
    cinf = tls1_group_id_lookup(s->ctx, group_id);
5599

5600
    if (cinf != NULL)
5601
        return cinf->tlsname;
5602
    return NULL;
5603
}
5604

5605
Product

Resources

Company
