CoCalc -- s3

GitHub Repository: freebsd/freebsd-src
Path: blob/main/crypto/openssl/ssl/s3_lib.c
⁴⁸¹⁵⁰ views
1
/*
2
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4
 * Copyright 2005 Nokia. All rights reserved.
5
 *
6
 * Licensed under the Apache License 2.0 (the "License").  You may not use
7
 * this file except in compliance with the License.  You can obtain a copy
8
 * in the file LICENSE in the source distribution or at
9
 * https://www.openssl.org/source/license.html
10
 */
11

12
#include "internal/e_os.h"
13

14
#include <openssl/objects.h>
15
#include "internal/nelem.h"
16
#include "ssl_local.h"
17
#include <openssl/md5.h>
18
#include <openssl/dh.h>
19
#include <openssl/rand.h>
20
#include <openssl/trace.h>
21
#include <openssl/x509v3.h>
22
#include <openssl/core_names.h>
23
#include "internal/cryptlib.h"
24
#include "internal/ssl_unwrap.h"
25

26
#define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
27
#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
28
#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
29

30
/* TLSv1.3 downgrade protection sentinel values */
31
const unsigned char tls11downgrade[] = {
32
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
33
};
34
const unsigned char tls12downgrade[] = {
35
    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
36
};
37

38
/* The list of available TLSv1.3 ciphers */
39
static SSL_CIPHER tls13_ciphers[] = {
40
    {
41
        1,
42
        TLS1_3_RFC_AES_128_GCM_SHA256,
43
        TLS1_3_RFC_AES_128_GCM_SHA256,
44
        TLS1_3_CK_AES_128_GCM_SHA256,
45
        SSL_kANY,
46
        SSL_aANY,
47
        SSL_AES128GCM,
48
        SSL_AEAD,
49
        TLS1_3_VERSION, TLS1_3_VERSION,
50
        0, 0,
51
        SSL_HIGH,
52
        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
53
        128,
54
        128,
55
    }, {
56
        1,
57
        TLS1_3_RFC_AES_256_GCM_SHA384,
58
        TLS1_3_RFC_AES_256_GCM_SHA384,
59
        TLS1_3_CK_AES_256_GCM_SHA384,
60
        SSL_kANY,
61
        SSL_aANY,
62
        SSL_AES256GCM,
63
        SSL_AEAD,
64
        TLS1_3_VERSION, TLS1_3_VERSION,
65
        0, 0,
66
        SSL_HIGH,
67
        SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC,
68
        256,
69
        256,
70
    },
71
    {
72
        1,
73
        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
74
        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
75
        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
76
        SSL_kANY,
77
        SSL_aANY,
78
        SSL_CHACHA20POLY1305,
79
        SSL_AEAD,
80
        TLS1_3_VERSION, TLS1_3_VERSION,
81
        0, 0,
82
        SSL_HIGH,
83
        SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC,
84
        256,
85
        256,
86
    },
87
    {
88
        1,
89
        TLS1_3_RFC_AES_128_CCM_SHA256,
90
        TLS1_3_RFC_AES_128_CCM_SHA256,
91
        TLS1_3_CK_AES_128_CCM_SHA256,
92
        SSL_kANY,
93
        SSL_aANY,
94
        SSL_AES128CCM,
95
        SSL_AEAD,
96
        TLS1_3_VERSION, TLS1_3_VERSION,
97
        0, 0,
98
        SSL_NOT_DEFAULT | SSL_HIGH,
99
        SSL_HANDSHAKE_MAC_SHA256,
100
        128,
101
        128,
102
    }, {
103
        1,
104
        TLS1_3_RFC_AES_128_CCM_8_SHA256,
105
        TLS1_3_RFC_AES_128_CCM_8_SHA256,
106
        TLS1_3_CK_AES_128_CCM_8_SHA256,
107
        SSL_kANY,
108
        SSL_aANY,
109
        SSL_AES128CCM8,
110
        SSL_AEAD,
111
        TLS1_3_VERSION, TLS1_3_VERSION,
112
        0, 0,
113
        SSL_NOT_DEFAULT | SSL_MEDIUM,
114
        SSL_HANDSHAKE_MAC_SHA256,
115
        64, /* CCM8 uses a short tag, so we have a low security strength */
116
        128,
117
    },
118
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
119
    {
120
        1,
121
        TLS1_3_RFC_SHA256_SHA256,
122
        TLS1_3_RFC_SHA256_SHA256,
123
        TLS1_3_CK_SHA256_SHA256,
124
        SSL_kANY,
125
        SSL_aANY,
126
        SSL_eNULL,
127
        SSL_SHA256,
128
        TLS1_3_VERSION, TLS1_3_VERSION,
129
        0, 0,
130
        SSL_NOT_DEFAULT | SSL_STRONG_NONE,
131
        SSL_HANDSHAKE_MAC_SHA256,
132
        0,
133
        256,
134
    }, {
135
        1,
136
        TLS1_3_RFC_SHA384_SHA384,
137
        TLS1_3_RFC_SHA384_SHA384,
138
        TLS1_3_CK_SHA384_SHA384,
139
        SSL_kANY,
140
        SSL_aANY,
141
        SSL_eNULL,
142
        SSL_SHA384,
143
        TLS1_3_VERSION, TLS1_3_VERSION,
144
        0, 0,
145
        SSL_NOT_DEFAULT | SSL_STRONG_NONE,
146
        SSL_HANDSHAKE_MAC_SHA384,
147
        0,
148
        384,
149
    },
150
#endif
151
};
152

153
/*
154
 * The list of available ciphers, mostly organized into the following
155
 * groups:
156
 *      Always there
157
 *      EC
158
 *      PSK
159
 *      SRP (within that: RSA EC PSK)
160
 *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
161
 *      Weak ciphers
162
 */
163
static SSL_CIPHER ssl3_ciphers[] = {
164
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
165
    {
166
     1,
167
     SSL3_TXT_RSA_NULL_MD5,
168
     SSL3_RFC_RSA_NULL_MD5,
169
     SSL3_CK_RSA_NULL_MD5,
170
     SSL_kRSA,
171
     SSL_aRSA,
172
     SSL_eNULL,
173
     SSL_MD5,
174
     SSL3_VERSION, TLS1_2_VERSION,
175
     DTLS1_BAD_VER, DTLS1_2_VERSION,
176
     SSL_STRONG_NONE,
177
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
178
     0,
179
     0,
180
     },
181
    {
182
     1,
183
     SSL3_TXT_RSA_NULL_SHA,
184
     SSL3_RFC_RSA_NULL_SHA,
185
     SSL3_CK_RSA_NULL_SHA,
186
     SSL_kRSA,
187
     SSL_aRSA,
188
     SSL_eNULL,
189
     SSL_SHA1,
190
     SSL3_VERSION, TLS1_2_VERSION,
191
     DTLS1_BAD_VER, DTLS1_2_VERSION,
192
     SSL_STRONG_NONE | SSL_FIPS,
193
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
194
     0,
195
     0,
196
     },
197
#endif
198
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
199
    {
200
     1,
201
     SSL3_TXT_RSA_DES_192_CBC3_SHA,
202
     SSL3_RFC_RSA_DES_192_CBC3_SHA,
203
     SSL3_CK_RSA_DES_192_CBC3_SHA,
204
     SSL_kRSA,
205
     SSL_aRSA,
206
     SSL_3DES,
207
     SSL_SHA1,
208
     SSL3_VERSION, TLS1_2_VERSION,
209
     DTLS1_BAD_VER, DTLS1_2_VERSION,
210
     SSL_NOT_DEFAULT | SSL_MEDIUM,
211
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
212
     112,
213
     168,
214
     },
215
    {
216
     1,
217
     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
218
     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
219
     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
220
     SSL_kDHE,
221
     SSL_aDSS,
222
     SSL_3DES,
223
     SSL_SHA1,
224
     SSL3_VERSION, TLS1_2_VERSION,
225
     DTLS1_BAD_VER, DTLS1_2_VERSION,
226
     SSL_NOT_DEFAULT | SSL_MEDIUM,
227
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228
     112,
229
     168,
230
     },
231
    {
232
     1,
233
     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
234
     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
235
     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
236
     SSL_kDHE,
237
     SSL_aRSA,
238
     SSL_3DES,
239
     SSL_SHA1,
240
     SSL3_VERSION, TLS1_2_VERSION,
241
     DTLS1_BAD_VER, DTLS1_2_VERSION,
242
     SSL_NOT_DEFAULT | SSL_MEDIUM,
243
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
244
     112,
245
     168,
246
     },
247
    {
248
     1,
249
     SSL3_TXT_ADH_DES_192_CBC_SHA,
250
     SSL3_RFC_ADH_DES_192_CBC_SHA,
251
     SSL3_CK_ADH_DES_192_CBC_SHA,
252
     SSL_kDHE,
253
     SSL_aNULL,
254
     SSL_3DES,
255
     SSL_SHA1,
256
     SSL3_VERSION, TLS1_2_VERSION,
257
     DTLS1_BAD_VER, DTLS1_2_VERSION,
258
     SSL_NOT_DEFAULT | SSL_MEDIUM,
259
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
260
     112,
261
     168,
262
     },
263
#endif
264
    {
265
     1,
266
     TLS1_TXT_RSA_WITH_AES_128_SHA,
267
     TLS1_RFC_RSA_WITH_AES_128_SHA,
268
     TLS1_CK_RSA_WITH_AES_128_SHA,
269
     SSL_kRSA,
270
     SSL_aRSA,
271
     SSL_AES128,
272
     SSL_SHA1,
273
     SSL3_VERSION, TLS1_2_VERSION,
274
     DTLS1_BAD_VER, DTLS1_2_VERSION,
275
     SSL_HIGH | SSL_FIPS,
276
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
277
     128,
278
     128,
279
     },
280
    {
281
     1,
282
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
283
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
284
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
285
     SSL_kDHE,
286
     SSL_aDSS,
287
     SSL_AES128,
288
     SSL_SHA1,
289
     SSL3_VERSION, TLS1_2_VERSION,
290
     DTLS1_BAD_VER, DTLS1_2_VERSION,
291
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
292
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
293
     128,
294
     128,
295
     },
296
    {
297
     1,
298
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
299
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
300
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
301
     SSL_kDHE,
302
     SSL_aRSA,
303
     SSL_AES128,
304
     SSL_SHA1,
305
     SSL3_VERSION, TLS1_2_VERSION,
306
     DTLS1_BAD_VER, DTLS1_2_VERSION,
307
     SSL_HIGH | SSL_FIPS,
308
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
309
     128,
310
     128,
311
     },
312
    {
313
     1,
314
     TLS1_TXT_ADH_WITH_AES_128_SHA,
315
     TLS1_RFC_ADH_WITH_AES_128_SHA,
316
     TLS1_CK_ADH_WITH_AES_128_SHA,
317
     SSL_kDHE,
318
     SSL_aNULL,
319
     SSL_AES128,
320
     SSL_SHA1,
321
     SSL3_VERSION, TLS1_2_VERSION,
322
     DTLS1_BAD_VER, DTLS1_2_VERSION,
323
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
324
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
325
     128,
326
     128,
327
     },
328
    {
329
     1,
330
     TLS1_TXT_RSA_WITH_AES_256_SHA,
331
     TLS1_RFC_RSA_WITH_AES_256_SHA,
332
     TLS1_CK_RSA_WITH_AES_256_SHA,
333
     SSL_kRSA,
334
     SSL_aRSA,
335
     SSL_AES256,
336
     SSL_SHA1,
337
     SSL3_VERSION, TLS1_2_VERSION,
338
     DTLS1_BAD_VER, DTLS1_2_VERSION,
339
     SSL_HIGH | SSL_FIPS,
340
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
341
     256,
342
     256,
343
     },
344
    {
345
     1,
346
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
347
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
348
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
349
     SSL_kDHE,
350
     SSL_aDSS,
351
     SSL_AES256,
352
     SSL_SHA1,
353
     SSL3_VERSION, TLS1_2_VERSION,
354
     DTLS1_BAD_VER, DTLS1_2_VERSION,
355
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
356
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
357
     256,
358
     256,
359
     },
360
    {
361
     1,
362
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
363
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
364
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
365
     SSL_kDHE,
366
     SSL_aRSA,
367
     SSL_AES256,
368
     SSL_SHA1,
369
     SSL3_VERSION, TLS1_2_VERSION,
370
     DTLS1_BAD_VER, DTLS1_2_VERSION,
371
     SSL_HIGH | SSL_FIPS,
372
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
373
     256,
374
     256,
375
     },
376
    {
377
     1,
378
     TLS1_TXT_ADH_WITH_AES_256_SHA,
379
     TLS1_RFC_ADH_WITH_AES_256_SHA,
380
     TLS1_CK_ADH_WITH_AES_256_SHA,
381
     SSL_kDHE,
382
     SSL_aNULL,
383
     SSL_AES256,
384
     SSL_SHA1,
385
     SSL3_VERSION, TLS1_2_VERSION,
386
     DTLS1_BAD_VER, DTLS1_2_VERSION,
387
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
388
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
389
     256,
390
     256,
391
     },
392
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
393
    {
394
     1,
395
     TLS1_TXT_RSA_WITH_NULL_SHA256,
396
     TLS1_RFC_RSA_WITH_NULL_SHA256,
397
     TLS1_CK_RSA_WITH_NULL_SHA256,
398
     SSL_kRSA,
399
     SSL_aRSA,
400
     SSL_eNULL,
401
     SSL_SHA256,
402
     TLS1_2_VERSION, TLS1_2_VERSION,
403
     DTLS1_2_VERSION, DTLS1_2_VERSION,
404
     SSL_STRONG_NONE | SSL_FIPS,
405
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
406
     0,
407
     0,
408
     },
409
#endif
410
    {
411
     1,
412
     TLS1_TXT_RSA_WITH_AES_128_SHA256,
413
     TLS1_RFC_RSA_WITH_AES_128_SHA256,
414
     TLS1_CK_RSA_WITH_AES_128_SHA256,
415
     SSL_kRSA,
416
     SSL_aRSA,
417
     SSL_AES128,
418
     SSL_SHA256,
419
     TLS1_2_VERSION, TLS1_2_VERSION,
420
     DTLS1_2_VERSION, DTLS1_2_VERSION,
421
     SSL_HIGH | SSL_FIPS,
422
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
423
     128,
424
     128,
425
     },
426
    {
427
     1,
428
     TLS1_TXT_RSA_WITH_AES_256_SHA256,
429
     TLS1_RFC_RSA_WITH_AES_256_SHA256,
430
     TLS1_CK_RSA_WITH_AES_256_SHA256,
431
     SSL_kRSA,
432
     SSL_aRSA,
433
     SSL_AES256,
434
     SSL_SHA256,
435
     TLS1_2_VERSION, TLS1_2_VERSION,
436
     DTLS1_2_VERSION, DTLS1_2_VERSION,
437
     SSL_HIGH | SSL_FIPS,
438
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
439
     256,
440
     256,
441
     },
442
    {
443
     1,
444
     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
445
     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
446
     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
447
     SSL_kDHE,
448
     SSL_aDSS,
449
     SSL_AES128,
450
     SSL_SHA256,
451
     TLS1_2_VERSION, TLS1_2_VERSION,
452
     DTLS1_2_VERSION, DTLS1_2_VERSION,
453
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
454
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
455
     128,
456
     128,
457
     },
458
    {
459
     1,
460
     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
461
     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
462
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
463
     SSL_kDHE,
464
     SSL_aRSA,
465
     SSL_AES128,
466
     SSL_SHA256,
467
     TLS1_2_VERSION, TLS1_2_VERSION,
468
     DTLS1_2_VERSION, DTLS1_2_VERSION,
469
     SSL_HIGH | SSL_FIPS,
470
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
471
     128,
472
     128,
473
     },
474
    {
475
     1,
476
     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
477
     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
478
     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
479
     SSL_kDHE,
480
     SSL_aDSS,
481
     SSL_AES256,
482
     SSL_SHA256,
483
     TLS1_2_VERSION, TLS1_2_VERSION,
484
     DTLS1_2_VERSION, DTLS1_2_VERSION,
485
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
486
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
487
     256,
488
     256,
489
     },
490
    {
491
     1,
492
     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
493
     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
494
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
495
     SSL_kDHE,
496
     SSL_aRSA,
497
     SSL_AES256,
498
     SSL_SHA256,
499
     TLS1_2_VERSION, TLS1_2_VERSION,
500
     DTLS1_2_VERSION, DTLS1_2_VERSION,
501
     SSL_HIGH | SSL_FIPS,
502
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
503
     256,
504
     256,
505
     },
506
    {
507
     1,
508
     TLS1_TXT_ADH_WITH_AES_128_SHA256,
509
     TLS1_RFC_ADH_WITH_AES_128_SHA256,
510
     TLS1_CK_ADH_WITH_AES_128_SHA256,
511
     SSL_kDHE,
512
     SSL_aNULL,
513
     SSL_AES128,
514
     SSL_SHA256,
515
     TLS1_2_VERSION, TLS1_2_VERSION,
516
     DTLS1_2_VERSION, DTLS1_2_VERSION,
517
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
518
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
519
     128,
520
     128,
521
     },
522
    {
523
     1,
524
     TLS1_TXT_ADH_WITH_AES_256_SHA256,
525
     TLS1_RFC_ADH_WITH_AES_256_SHA256,
526
     TLS1_CK_ADH_WITH_AES_256_SHA256,
527
     SSL_kDHE,
528
     SSL_aNULL,
529
     SSL_AES256,
530
     SSL_SHA256,
531
     TLS1_2_VERSION, TLS1_2_VERSION,
532
     DTLS1_2_VERSION, DTLS1_2_VERSION,
533
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
534
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
535
     256,
536
     256,
537
     },
538
    {
539
     1,
540
     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
541
     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
542
     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
543
     SSL_kRSA,
544
     SSL_aRSA,
545
     SSL_AES128GCM,
546
     SSL_AEAD,
547
     TLS1_2_VERSION, TLS1_2_VERSION,
548
     DTLS1_2_VERSION, DTLS1_2_VERSION,
549
     SSL_HIGH | SSL_FIPS,
550
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
551
     128,
552
     128,
553
     },
554
    {
555
     1,
556
     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
557
     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
558
     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
559
     SSL_kRSA,
560
     SSL_aRSA,
561
     SSL_AES256GCM,
562
     SSL_AEAD,
563
     TLS1_2_VERSION, TLS1_2_VERSION,
564
     DTLS1_2_VERSION, DTLS1_2_VERSION,
565
     SSL_HIGH | SSL_FIPS,
566
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
567
     256,
568
     256,
569
     },
570
    {
571
     1,
572
     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
573
     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
574
     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
575
     SSL_kDHE,
576
     SSL_aRSA,
577
     SSL_AES128GCM,
578
     SSL_AEAD,
579
     TLS1_2_VERSION, TLS1_2_VERSION,
580
     DTLS1_2_VERSION, DTLS1_2_VERSION,
581
     SSL_HIGH | SSL_FIPS,
582
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
583
     128,
584
     128,
585
     },
586
    {
587
     1,
588
     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
589
     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
590
     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
591
     SSL_kDHE,
592
     SSL_aRSA,
593
     SSL_AES256GCM,
594
     SSL_AEAD,
595
     TLS1_2_VERSION, TLS1_2_VERSION,
596
     DTLS1_2_VERSION, DTLS1_2_VERSION,
597
     SSL_HIGH | SSL_FIPS,
598
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
599
     256,
600
     256,
601
     },
602
    {
603
     1,
604
     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
605
     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
606
     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
607
     SSL_kDHE,
608
     SSL_aDSS,
609
     SSL_AES128GCM,
610
     SSL_AEAD,
611
     TLS1_2_VERSION, TLS1_2_VERSION,
612
     DTLS1_2_VERSION, DTLS1_2_VERSION,
613
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
614
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
615
     128,
616
     128,
617
     },
618
    {
619
     1,
620
     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
621
     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
622
     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
623
     SSL_kDHE,
624
     SSL_aDSS,
625
     SSL_AES256GCM,
626
     SSL_AEAD,
627
     TLS1_2_VERSION, TLS1_2_VERSION,
628
     DTLS1_2_VERSION, DTLS1_2_VERSION,
629
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
630
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
631
     256,
632
     256,
633
     },
634
    {
635
     1,
636
     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
637
     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
638
     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
639
     SSL_kDHE,
640
     SSL_aNULL,
641
     SSL_AES128GCM,
642
     SSL_AEAD,
643
     TLS1_2_VERSION, TLS1_2_VERSION,
644
     DTLS1_2_VERSION, DTLS1_2_VERSION,
645
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
646
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
647
     128,
648
     128,
649
     },
650
    {
651
     1,
652
     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
653
     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
654
     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
655
     SSL_kDHE,
656
     SSL_aNULL,
657
     SSL_AES256GCM,
658
     SSL_AEAD,
659
     TLS1_2_VERSION, TLS1_2_VERSION,
660
     DTLS1_2_VERSION, DTLS1_2_VERSION,
661
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
662
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
663
     256,
664
     256,
665
     },
666
    {
667
     1,
668
     TLS1_TXT_RSA_WITH_AES_128_CCM,
669
     TLS1_RFC_RSA_WITH_AES_128_CCM,
670
     TLS1_CK_RSA_WITH_AES_128_CCM,
671
     SSL_kRSA,
672
     SSL_aRSA,
673
     SSL_AES128CCM,
674
     SSL_AEAD,
675
     TLS1_2_VERSION, TLS1_2_VERSION,
676
     DTLS1_2_VERSION, DTLS1_2_VERSION,
677
     SSL_NOT_DEFAULT | SSL_HIGH,
678
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
679
     128,
680
     128,
681
     },
682
    {
683
     1,
684
     TLS1_TXT_RSA_WITH_AES_256_CCM,
685
     TLS1_RFC_RSA_WITH_AES_256_CCM,
686
     TLS1_CK_RSA_WITH_AES_256_CCM,
687
     SSL_kRSA,
688
     SSL_aRSA,
689
     SSL_AES256CCM,
690
     SSL_AEAD,
691
     TLS1_2_VERSION, TLS1_2_VERSION,
692
     DTLS1_2_VERSION, DTLS1_2_VERSION,
693
     SSL_NOT_DEFAULT | SSL_HIGH,
694
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
695
     256,
696
     256,
697
     },
698
    {
699
     1,
700
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
701
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
702
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
703
     SSL_kDHE,
704
     SSL_aRSA,
705
     SSL_AES128CCM,
706
     SSL_AEAD,
707
     TLS1_2_VERSION, TLS1_2_VERSION,
708
     DTLS1_2_VERSION, DTLS1_2_VERSION,
709
     SSL_NOT_DEFAULT | SSL_HIGH,
710
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
711
     128,
712
     128,
713
     },
714
    {
715
     1,
716
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
717
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
718
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
719
     SSL_kDHE,
720
     SSL_aRSA,
721
     SSL_AES256CCM,
722
     SSL_AEAD,
723
     TLS1_2_VERSION, TLS1_2_VERSION,
724
     DTLS1_2_VERSION, DTLS1_2_VERSION,
725
     SSL_NOT_DEFAULT | SSL_HIGH,
726
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
727
     256,
728
     256,
729
     },
730
    {
731
     1,
732
     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
733
     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
734
     TLS1_CK_RSA_WITH_AES_128_CCM_8,
735
     SSL_kRSA,
736
     SSL_aRSA,
737
     SSL_AES128CCM8,
738
     SSL_AEAD,
739
     TLS1_2_VERSION, TLS1_2_VERSION,
740
     DTLS1_2_VERSION, DTLS1_2_VERSION,
741
     SSL_NOT_DEFAULT | SSL_MEDIUM,
742
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
743
     64, /* CCM8 uses a short tag, so we have a low security strength */
744
     128,
745
     },
746
    {
747
     1,
748
     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
749
     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
750
     TLS1_CK_RSA_WITH_AES_256_CCM_8,
751
     SSL_kRSA,
752
     SSL_aRSA,
753
     SSL_AES256CCM8,
754
     SSL_AEAD,
755
     TLS1_2_VERSION, TLS1_2_VERSION,
756
     DTLS1_2_VERSION, DTLS1_2_VERSION,
757
     SSL_NOT_DEFAULT | SSL_MEDIUM,
758
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
759
     64, /* CCM8 uses a short tag, so we have a low security strength */
760
     256,
761
     },
762
    {
763
     1,
764
     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
765
     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
766
     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
767
     SSL_kDHE,
768
     SSL_aRSA,
769
     SSL_AES128CCM8,
770
     SSL_AEAD,
771
     TLS1_2_VERSION, TLS1_2_VERSION,
772
     DTLS1_2_VERSION, DTLS1_2_VERSION,
773
     SSL_NOT_DEFAULT | SSL_MEDIUM,
774
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
775
     64, /* CCM8 uses a short tag, so we have a low security strength */
776
     128,
777
     },
778
    {
779
     1,
780
     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
781
     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
782
     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
783
     SSL_kDHE,
784
     SSL_aRSA,
785
     SSL_AES256CCM8,
786
     SSL_AEAD,
787
     TLS1_2_VERSION, TLS1_2_VERSION,
788
     DTLS1_2_VERSION, DTLS1_2_VERSION,
789
     SSL_NOT_DEFAULT | SSL_MEDIUM,
790
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
791
     64, /* CCM8 uses a short tag, so we have a low security strength */
792
     256,
793
     },
794
    {
795
     1,
796
     TLS1_TXT_PSK_WITH_AES_128_CCM,
797
     TLS1_RFC_PSK_WITH_AES_128_CCM,
798
     TLS1_CK_PSK_WITH_AES_128_CCM,
799
     SSL_kPSK,
800
     SSL_aPSK,
801
     SSL_AES128CCM,
802
     SSL_AEAD,
803
     TLS1_2_VERSION, TLS1_2_VERSION,
804
     DTLS1_2_VERSION, DTLS1_2_VERSION,
805
     SSL_NOT_DEFAULT | SSL_HIGH,
806
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
807
     128,
808
     128,
809
     },
810
    {
811
     1,
812
     TLS1_TXT_PSK_WITH_AES_256_CCM,
813
     TLS1_RFC_PSK_WITH_AES_256_CCM,
814
     TLS1_CK_PSK_WITH_AES_256_CCM,
815
     SSL_kPSK,
816
     SSL_aPSK,
817
     SSL_AES256CCM,
818
     SSL_AEAD,
819
     TLS1_2_VERSION, TLS1_2_VERSION,
820
     DTLS1_2_VERSION, DTLS1_2_VERSION,
821
     SSL_NOT_DEFAULT | SSL_HIGH,
822
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
823
     256,
824
     256,
825
     },
826
    {
827
     1,
828
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
829
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
830
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
831
     SSL_kDHEPSK,
832
     SSL_aPSK,
833
     SSL_AES128CCM,
834
     SSL_AEAD,
835
     TLS1_2_VERSION, TLS1_2_VERSION,
836
     DTLS1_2_VERSION, DTLS1_2_VERSION,
837
     SSL_NOT_DEFAULT | SSL_HIGH,
838
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
839
     128,
840
     128,
841
     },
842
    {
843
     1,
844
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
845
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
846
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
847
     SSL_kDHEPSK,
848
     SSL_aPSK,
849
     SSL_AES256CCM,
850
     SSL_AEAD,
851
     TLS1_2_VERSION, TLS1_2_VERSION,
852
     DTLS1_2_VERSION, DTLS1_2_VERSION,
853
     SSL_NOT_DEFAULT | SSL_HIGH,
854
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
855
     256,
856
     256,
857
     },
858
    {
859
     1,
860
     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
861
     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
862
     TLS1_CK_PSK_WITH_AES_128_CCM_8,
863
     SSL_kPSK,
864
     SSL_aPSK,
865
     SSL_AES128CCM8,
866
     SSL_AEAD,
867
     TLS1_2_VERSION, TLS1_2_VERSION,
868
     DTLS1_2_VERSION, DTLS1_2_VERSION,
869
     SSL_NOT_DEFAULT | SSL_MEDIUM,
870
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
871
     64, /* CCM8 uses a short tag, so we have a low security strength */
872
     128,
873
     },
874
    {
875
     1,
876
     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
877
     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
878
     TLS1_CK_PSK_WITH_AES_256_CCM_8,
879
     SSL_kPSK,
880
     SSL_aPSK,
881
     SSL_AES256CCM8,
882
     SSL_AEAD,
883
     TLS1_2_VERSION, TLS1_2_VERSION,
884
     DTLS1_2_VERSION, DTLS1_2_VERSION,
885
     SSL_NOT_DEFAULT | SSL_MEDIUM,
886
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
887
     64, /* CCM8 uses a short tag, so we have a low security strength */
888
     256,
889
     },
890
    {
891
     1,
892
     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
893
     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
894
     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
895
     SSL_kDHEPSK,
896
     SSL_aPSK,
897
     SSL_AES128CCM8,
898
     SSL_AEAD,
899
     TLS1_2_VERSION, TLS1_2_VERSION,
900
     DTLS1_2_VERSION, DTLS1_2_VERSION,
901
     SSL_NOT_DEFAULT | SSL_MEDIUM,
902
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
903
     64, /* CCM8 uses a short tag, so we have a low security strength */
904
     128,
905
     },
906
    {
907
     1,
908
     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
909
     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
910
     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
911
     SSL_kDHEPSK,
912
     SSL_aPSK,
913
     SSL_AES256CCM8,
914
     SSL_AEAD,
915
     TLS1_2_VERSION, TLS1_2_VERSION,
916
     DTLS1_2_VERSION, DTLS1_2_VERSION,
917
     SSL_NOT_DEFAULT | SSL_MEDIUM,
918
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
919
     64, /* CCM8 uses a short tag, so we have a low security strength */
920
     256,
921
     },
922
    {
923
     1,
924
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
925
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
926
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
927
     SSL_kECDHE,
928
     SSL_aECDSA,
929
     SSL_AES128CCM,
930
     SSL_AEAD,
931
     TLS1_2_VERSION, TLS1_2_VERSION,
932
     DTLS1_2_VERSION, DTLS1_2_VERSION,
933
     SSL_NOT_DEFAULT | SSL_HIGH,
934
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
935
     128,
936
     128,
937
     },
938
    {
939
     1,
940
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
941
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
942
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
943
     SSL_kECDHE,
944
     SSL_aECDSA,
945
     SSL_AES256CCM,
946
     SSL_AEAD,
947
     TLS1_2_VERSION, TLS1_2_VERSION,
948
     DTLS1_2_VERSION, DTLS1_2_VERSION,
949
     SSL_NOT_DEFAULT | SSL_HIGH,
950
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
951
     256,
952
     256,
953
     },
954
    {
955
     1,
956
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
957
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
958
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
959
     SSL_kECDHE,
960
     SSL_aECDSA,
961
     SSL_AES128CCM8,
962
     SSL_AEAD,
963
     TLS1_2_VERSION, TLS1_2_VERSION,
964
     DTLS1_2_VERSION, DTLS1_2_VERSION,
965
     SSL_NOT_DEFAULT | SSL_MEDIUM,
966
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
967
     64, /* CCM8 uses a short tag, so we have a low security strength */
968
     128,
969
     },
970
    {
971
     1,
972
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
973
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
974
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
975
     SSL_kECDHE,
976
     SSL_aECDSA,
977
     SSL_AES256CCM8,
978
     SSL_AEAD,
979
     TLS1_2_VERSION, TLS1_2_VERSION,
980
     DTLS1_2_VERSION, DTLS1_2_VERSION,
981
     SSL_NOT_DEFAULT | SSL_MEDIUM,
982
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
983
     64, /* CCM8 uses a short tag, so we have a low security strength */
984
     256,
985
     },
986
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
987
    {
988
     1,
989
     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
990
     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
991
     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
992
     SSL_kECDHE,
993
     SSL_aECDSA,
994
     SSL_eNULL,
995
     SSL_SHA1,
996
     TLS1_VERSION, TLS1_2_VERSION,
997
     DTLS1_BAD_VER, DTLS1_2_VERSION,
998
     SSL_STRONG_NONE | SSL_FIPS,
999
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1000
     0,
1001
     0,
1002
     },
1003
#endif
1004
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1005
    {
1006
     1,
1007
     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1008
     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1009
     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1010
     SSL_kECDHE,
1011
     SSL_aECDSA,
1012
     SSL_3DES,
1013
     SSL_SHA1,
1014
     TLS1_VERSION, TLS1_2_VERSION,
1015
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1016
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1017
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1018
     112,
1019
     168,
1020
     },
1021
# endif
1022
    {
1023
     1,
1024
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1025
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1026
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1027
     SSL_kECDHE,
1028
     SSL_aECDSA,
1029
     SSL_AES128,
1030
     SSL_SHA1,
1031
     TLS1_VERSION, TLS1_2_VERSION,
1032
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1033
     SSL_HIGH | SSL_FIPS,
1034
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1035
     128,
1036
     128,
1037
     },
1038
    {
1039
     1,
1040
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1041
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1042
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1043
     SSL_kECDHE,
1044
     SSL_aECDSA,
1045
     SSL_AES256,
1046
     SSL_SHA1,
1047
     TLS1_VERSION, TLS1_2_VERSION,
1048
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1049
     SSL_HIGH | SSL_FIPS,
1050
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1051
     256,
1052
     256,
1053
     },
1054
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1055
    {
1056
     1,
1057
     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1058
     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
1059
     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1060
     SSL_kECDHE,
1061
     SSL_aRSA,
1062
     SSL_eNULL,
1063
     SSL_SHA1,
1064
     TLS1_VERSION, TLS1_2_VERSION,
1065
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1066
     SSL_STRONG_NONE | SSL_FIPS,
1067
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1068
     0,
1069
     0,
1070
     },
1071
#endif
1072
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1073
    {
1074
     1,
1075
     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1076
     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1077
     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1078
     SSL_kECDHE,
1079
     SSL_aRSA,
1080
     SSL_3DES,
1081
     SSL_SHA1,
1082
     TLS1_VERSION, TLS1_2_VERSION,
1083
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1084
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1085
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1086
     112,
1087
     168,
1088
     },
1089
# endif
1090
    {
1091
     1,
1092
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1093
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1094
     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1095
     SSL_kECDHE,
1096
     SSL_aRSA,
1097
     SSL_AES128,
1098
     SSL_SHA1,
1099
     TLS1_VERSION, TLS1_2_VERSION,
1100
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1101
     SSL_HIGH | SSL_FIPS,
1102
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1103
     128,
1104
     128,
1105
     },
1106
    {
1107
     1,
1108
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1109
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1110
     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1111
     SSL_kECDHE,
1112
     SSL_aRSA,
1113
     SSL_AES256,
1114
     SSL_SHA1,
1115
     TLS1_VERSION, TLS1_2_VERSION,
1116
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1117
     SSL_HIGH | SSL_FIPS,
1118
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1119
     256,
1120
     256,
1121
     },
1122
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1123
    {
1124
     1,
1125
     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1126
     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
1127
     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1128
     SSL_kECDHE,
1129
     SSL_aNULL,
1130
     SSL_eNULL,
1131
     SSL_SHA1,
1132
     TLS1_VERSION, TLS1_2_VERSION,
1133
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1134
     SSL_STRONG_NONE | SSL_FIPS,
1135
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1136
     0,
1137
     0,
1138
     },
1139
#endif
1140
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1141
    {
1142
     1,
1143
     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1144
     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
1145
     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1146
     SSL_kECDHE,
1147
     SSL_aNULL,
1148
     SSL_3DES,
1149
     SSL_SHA1,
1150
     TLS1_VERSION, TLS1_2_VERSION,
1151
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1152
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1153
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1154
     112,
1155
     168,
1156
     },
1157
# endif
1158
    {
1159
     1,
1160
     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1161
     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
1162
     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1163
     SSL_kECDHE,
1164
     SSL_aNULL,
1165
     SSL_AES128,
1166
     SSL_SHA1,
1167
     TLS1_VERSION, TLS1_2_VERSION,
1168
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1169
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1170
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1171
     128,
1172
     128,
1173
     },
1174
    {
1175
     1,
1176
     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1177
     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
1178
     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1179
     SSL_kECDHE,
1180
     SSL_aNULL,
1181
     SSL_AES256,
1182
     SSL_SHA1,
1183
     TLS1_VERSION, TLS1_2_VERSION,
1184
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1185
     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
1186
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1187
     256,
1188
     256,
1189
     },
1190
    {
1191
     1,
1192
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1193
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
1194
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1195
     SSL_kECDHE,
1196
     SSL_aECDSA,
1197
     SSL_AES128,
1198
     SSL_SHA256,
1199
     TLS1_2_VERSION, TLS1_2_VERSION,
1200
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1201
     SSL_HIGH | SSL_FIPS,
1202
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1203
     128,
1204
     128,
1205
     },
1206
    {
1207
     1,
1208
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1209
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
1210
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1211
     SSL_kECDHE,
1212
     SSL_aECDSA,
1213
     SSL_AES256,
1214
     SSL_SHA384,
1215
     TLS1_2_VERSION, TLS1_2_VERSION,
1216
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1217
     SSL_HIGH | SSL_FIPS,
1218
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1219
     256,
1220
     256,
1221
     },
1222
    {
1223
     1,
1224
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1225
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
1226
     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1227
     SSL_kECDHE,
1228
     SSL_aRSA,
1229
     SSL_AES128,
1230
     SSL_SHA256,
1231
     TLS1_2_VERSION, TLS1_2_VERSION,
1232
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1233
     SSL_HIGH | SSL_FIPS,
1234
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1235
     128,
1236
     128,
1237
     },
1238
    {
1239
     1,
1240
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1241
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
1242
     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1243
     SSL_kECDHE,
1244
     SSL_aRSA,
1245
     SSL_AES256,
1246
     SSL_SHA384,
1247
     TLS1_2_VERSION, TLS1_2_VERSION,
1248
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1249
     SSL_HIGH | SSL_FIPS,
1250
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1251
     256,
1252
     256,
1253
     },
1254
    {
1255
     1,
1256
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1257
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1258
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1259
     SSL_kECDHE,
1260
     SSL_aECDSA,
1261
     SSL_AES128GCM,
1262
     SSL_AEAD,
1263
     TLS1_2_VERSION, TLS1_2_VERSION,
1264
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1265
     SSL_HIGH | SSL_FIPS,
1266
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1267
     128,
1268
     128,
1269
     },
1270
    {
1271
     1,
1272
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1273
     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1274
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1275
     SSL_kECDHE,
1276
     SSL_aECDSA,
1277
     SSL_AES256GCM,
1278
     SSL_AEAD,
1279
     TLS1_2_VERSION, TLS1_2_VERSION,
1280
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1281
     SSL_HIGH | SSL_FIPS,
1282
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1283
     256,
1284
     256,
1285
     },
1286
    {
1287
     1,
1288
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1289
     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1290
     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1291
     SSL_kECDHE,
1292
     SSL_aRSA,
1293
     SSL_AES128GCM,
1294
     SSL_AEAD,
1295
     TLS1_2_VERSION, TLS1_2_VERSION,
1296
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1297
     SSL_HIGH | SSL_FIPS,
1298
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1299
     128,
1300
     128,
1301
     },
1302
    {
1303
     1,
1304
     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1305
     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1306
     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1307
     SSL_kECDHE,
1308
     SSL_aRSA,
1309
     SSL_AES256GCM,
1310
     SSL_AEAD,
1311
     TLS1_2_VERSION, TLS1_2_VERSION,
1312
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1313
     SSL_HIGH | SSL_FIPS,
1314
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1315
     256,
1316
     256,
1317
     },
1318
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1319
    {
1320
     1,
1321
     TLS1_TXT_PSK_WITH_NULL_SHA,
1322
     TLS1_RFC_PSK_WITH_NULL_SHA,
1323
     TLS1_CK_PSK_WITH_NULL_SHA,
1324
     SSL_kPSK,
1325
     SSL_aPSK,
1326
     SSL_eNULL,
1327
     SSL_SHA1,
1328
     SSL3_VERSION, TLS1_2_VERSION,
1329
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1330
     SSL_STRONG_NONE | SSL_FIPS,
1331
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1332
     0,
1333
     0,
1334
     },
1335
    {
1336
     1,
1337
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
1338
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
1339
     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
1340
     SSL_kDHEPSK,
1341
     SSL_aPSK,
1342
     SSL_eNULL,
1343
     SSL_SHA1,
1344
     SSL3_VERSION, TLS1_2_VERSION,
1345
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1346
     SSL_STRONG_NONE | SSL_FIPS,
1347
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1348
     0,
1349
     0,
1350
     },
1351
    {
1352
     1,
1353
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
1354
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
1355
     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
1356
     SSL_kRSAPSK,
1357
     SSL_aRSA,
1358
     SSL_eNULL,
1359
     SSL_SHA1,
1360
     SSL3_VERSION, TLS1_2_VERSION,
1361
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1362
     SSL_STRONG_NONE | SSL_FIPS,
1363
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1364
     0,
1365
     0,
1366
     },
1367
#endif
1368
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1369
    {
1370
     1,
1371
     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1372
     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
1373
     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1374
     SSL_kPSK,
1375
     SSL_aPSK,
1376
     SSL_3DES,
1377
     SSL_SHA1,
1378
     SSL3_VERSION, TLS1_2_VERSION,
1379
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1380
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1381
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1382
     112,
1383
     168,
1384
     },
1385
# endif
1386
    {
1387
     1,
1388
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1389
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
1390
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1391
     SSL_kPSK,
1392
     SSL_aPSK,
1393
     SSL_AES128,
1394
     SSL_SHA1,
1395
     SSL3_VERSION, TLS1_2_VERSION,
1396
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1397
     SSL_HIGH | SSL_FIPS,
1398
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1399
     128,
1400
     128,
1401
     },
1402
    {
1403
     1,
1404
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1405
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
1406
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1407
     SSL_kPSK,
1408
     SSL_aPSK,
1409
     SSL_AES256,
1410
     SSL_SHA1,
1411
     SSL3_VERSION, TLS1_2_VERSION,
1412
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1413
     SSL_HIGH | SSL_FIPS,
1414
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1415
     256,
1416
     256,
1417
     },
1418
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1419
    {
1420
     1,
1421
     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1422
     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1423
     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
1424
     SSL_kDHEPSK,
1425
     SSL_aPSK,
1426
     SSL_3DES,
1427
     SSL_SHA1,
1428
     SSL3_VERSION, TLS1_2_VERSION,
1429
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1430
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1431
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1432
     112,
1433
     168,
1434
     },
1435
# endif
1436
    {
1437
     1,
1438
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
1439
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
1440
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
1441
     SSL_kDHEPSK,
1442
     SSL_aPSK,
1443
     SSL_AES128,
1444
     SSL_SHA1,
1445
     SSL3_VERSION, TLS1_2_VERSION,
1446
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1447
     SSL_HIGH | SSL_FIPS,
1448
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1449
     128,
1450
     128,
1451
     },
1452
    {
1453
     1,
1454
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
1455
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
1456
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
1457
     SSL_kDHEPSK,
1458
     SSL_aPSK,
1459
     SSL_AES256,
1460
     SSL_SHA1,
1461
     SSL3_VERSION, TLS1_2_VERSION,
1462
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1463
     SSL_HIGH | SSL_FIPS,
1464
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1465
     256,
1466
     256,
1467
     },
1468
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1469
    {
1470
     1,
1471
     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1472
     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1473
     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
1474
     SSL_kRSAPSK,
1475
     SSL_aRSA,
1476
     SSL_3DES,
1477
     SSL_SHA1,
1478
     SSL3_VERSION, TLS1_2_VERSION,
1479
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1480
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1481
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1482
     112,
1483
     168,
1484
     },
1485
# endif
1486
    {
1487
     1,
1488
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
1489
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
1490
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
1491
     SSL_kRSAPSK,
1492
     SSL_aRSA,
1493
     SSL_AES128,
1494
     SSL_SHA1,
1495
     SSL3_VERSION, TLS1_2_VERSION,
1496
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1497
     SSL_HIGH | SSL_FIPS,
1498
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1499
     128,
1500
     128,
1501
     },
1502
    {
1503
     1,
1504
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
1505
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
1506
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
1507
     SSL_kRSAPSK,
1508
     SSL_aRSA,
1509
     SSL_AES256,
1510
     SSL_SHA1,
1511
     SSL3_VERSION, TLS1_2_VERSION,
1512
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1513
     SSL_HIGH | SSL_FIPS,
1514
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1515
     256,
1516
     256,
1517
     },
1518
    {
1519
     1,
1520
     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
1521
     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
1522
     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
1523
     SSL_kPSK,
1524
     SSL_aPSK,
1525
     SSL_AES128GCM,
1526
     SSL_AEAD,
1527
     TLS1_2_VERSION, TLS1_2_VERSION,
1528
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1529
     SSL_HIGH | SSL_FIPS,
1530
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1531
     128,
1532
     128,
1533
     },
1534
    {
1535
     1,
1536
     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
1537
     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
1538
     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
1539
     SSL_kPSK,
1540
     SSL_aPSK,
1541
     SSL_AES256GCM,
1542
     SSL_AEAD,
1543
     TLS1_2_VERSION, TLS1_2_VERSION,
1544
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1545
     SSL_HIGH | SSL_FIPS,
1546
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1547
     256,
1548
     256,
1549
     },
1550
    {
1551
     1,
1552
     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
1553
     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
1554
     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
1555
     SSL_kDHEPSK,
1556
     SSL_aPSK,
1557
     SSL_AES128GCM,
1558
     SSL_AEAD,
1559
     TLS1_2_VERSION, TLS1_2_VERSION,
1560
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1561
     SSL_HIGH | SSL_FIPS,
1562
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1563
     128,
1564
     128,
1565
     },
1566
    {
1567
     1,
1568
     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
1569
     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
1570
     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
1571
     SSL_kDHEPSK,
1572
     SSL_aPSK,
1573
     SSL_AES256GCM,
1574
     SSL_AEAD,
1575
     TLS1_2_VERSION, TLS1_2_VERSION,
1576
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1577
     SSL_HIGH | SSL_FIPS,
1578
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1579
     256,
1580
     256,
1581
     },
1582
    {
1583
     1,
1584
     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
1585
     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
1586
     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
1587
     SSL_kRSAPSK,
1588
     SSL_aRSA,
1589
     SSL_AES128GCM,
1590
     SSL_AEAD,
1591
     TLS1_2_VERSION, TLS1_2_VERSION,
1592
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1593
     SSL_HIGH | SSL_FIPS,
1594
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1595
     128,
1596
     128,
1597
     },
1598
    {
1599
     1,
1600
     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
1601
     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
1602
     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
1603
     SSL_kRSAPSK,
1604
     SSL_aRSA,
1605
     SSL_AES256GCM,
1606
     SSL_AEAD,
1607
     TLS1_2_VERSION, TLS1_2_VERSION,
1608
     DTLS1_2_VERSION, DTLS1_2_VERSION,
1609
     SSL_HIGH | SSL_FIPS,
1610
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1611
     256,
1612
     256,
1613
     },
1614
    {
1615
     1,
1616
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
1617
     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
1618
     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
1619
     SSL_kPSK,
1620
     SSL_aPSK,
1621
     SSL_AES128,
1622
     SSL_SHA256,
1623
     TLS1_VERSION, TLS1_2_VERSION,
1624
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1625
     SSL_HIGH | SSL_FIPS,
1626
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1627
     128,
1628
     128,
1629
     },
1630
    {
1631
     1,
1632
     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
1633
     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
1634
     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
1635
     SSL_kPSK,
1636
     SSL_aPSK,
1637
     SSL_AES256,
1638
     SSL_SHA384,
1639
     TLS1_VERSION, TLS1_2_VERSION,
1640
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1641
     SSL_HIGH | SSL_FIPS,
1642
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1643
     256,
1644
     256,
1645
     },
1646
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1647
    {
1648
     1,
1649
     TLS1_TXT_PSK_WITH_NULL_SHA256,
1650
     TLS1_RFC_PSK_WITH_NULL_SHA256,
1651
     TLS1_CK_PSK_WITH_NULL_SHA256,
1652
     SSL_kPSK,
1653
     SSL_aPSK,
1654
     SSL_eNULL,
1655
     SSL_SHA256,
1656
     TLS1_VERSION, TLS1_2_VERSION,
1657
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1658
     SSL_STRONG_NONE | SSL_FIPS,
1659
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1660
     0,
1661
     0,
1662
     },
1663
    {
1664
     1,
1665
     TLS1_TXT_PSK_WITH_NULL_SHA384,
1666
     TLS1_RFC_PSK_WITH_NULL_SHA384,
1667
     TLS1_CK_PSK_WITH_NULL_SHA384,
1668
     SSL_kPSK,
1669
     SSL_aPSK,
1670
     SSL_eNULL,
1671
     SSL_SHA384,
1672
     TLS1_VERSION, TLS1_2_VERSION,
1673
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1674
     SSL_STRONG_NONE | SSL_FIPS,
1675
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1676
     0,
1677
     0,
1678
     },
1679
#endif
1680
    {
1681
     1,
1682
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
1683
     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
1684
     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
1685
     SSL_kDHEPSK,
1686
     SSL_aPSK,
1687
     SSL_AES128,
1688
     SSL_SHA256,
1689
     TLS1_VERSION, TLS1_2_VERSION,
1690
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1691
     SSL_HIGH | SSL_FIPS,
1692
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1693
     128,
1694
     128,
1695
     },
1696
    {
1697
     1,
1698
     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
1699
     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
1700
     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
1701
     SSL_kDHEPSK,
1702
     SSL_aPSK,
1703
     SSL_AES256,
1704
     SSL_SHA384,
1705
     TLS1_VERSION, TLS1_2_VERSION,
1706
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1707
     SSL_HIGH | SSL_FIPS,
1708
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1709
     256,
1710
     256,
1711
     },
1712
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1713
    {
1714
     1,
1715
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
1716
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
1717
     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
1718
     SSL_kDHEPSK,
1719
     SSL_aPSK,
1720
     SSL_eNULL,
1721
     SSL_SHA256,
1722
     TLS1_VERSION, TLS1_2_VERSION,
1723
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1724
     SSL_STRONG_NONE | SSL_FIPS,
1725
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1726
     0,
1727
     0,
1728
     },
1729
    {
1730
     1,
1731
     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
1732
     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
1733
     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
1734
     SSL_kDHEPSK,
1735
     SSL_aPSK,
1736
     SSL_eNULL,
1737
     SSL_SHA384,
1738
     TLS1_VERSION, TLS1_2_VERSION,
1739
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1740
     SSL_STRONG_NONE | SSL_FIPS,
1741
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1742
     0,
1743
     0,
1744
     },
1745
#endif
1746
    {
1747
     1,
1748
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
1749
     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
1750
     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
1751
     SSL_kRSAPSK,
1752
     SSL_aRSA,
1753
     SSL_AES128,
1754
     SSL_SHA256,
1755
     TLS1_VERSION, TLS1_2_VERSION,
1756
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1757
     SSL_HIGH | SSL_FIPS,
1758
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1759
     128,
1760
     128,
1761
     },
1762
    {
1763
     1,
1764
     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
1765
     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
1766
     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
1767
     SSL_kRSAPSK,
1768
     SSL_aRSA,
1769
     SSL_AES256,
1770
     SSL_SHA384,
1771
     TLS1_VERSION, TLS1_2_VERSION,
1772
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1773
     SSL_HIGH | SSL_FIPS,
1774
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1775
     256,
1776
     256,
1777
     },
1778
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1779
    {
1780
     1,
1781
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
1782
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
1783
     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
1784
     SSL_kRSAPSK,
1785
     SSL_aRSA,
1786
     SSL_eNULL,
1787
     SSL_SHA256,
1788
     TLS1_VERSION, TLS1_2_VERSION,
1789
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1790
     SSL_STRONG_NONE | SSL_FIPS,
1791
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1792
     0,
1793
     0,
1794
     },
1795
    {
1796
     1,
1797
     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
1798
     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
1799
     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
1800
     SSL_kRSAPSK,
1801
     SSL_aRSA,
1802
     SSL_eNULL,
1803
     SSL_SHA384,
1804
     TLS1_VERSION, TLS1_2_VERSION,
1805
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1806
     SSL_STRONG_NONE | SSL_FIPS,
1807
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1808
     0,
1809
     0,
1810
     },
1811
#endif
1812
#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1813
    {
1814
     1,
1815
     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1816
     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1817
     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
1818
     SSL_kECDHEPSK,
1819
     SSL_aPSK,
1820
     SSL_3DES,
1821
     SSL_SHA1,
1822
     TLS1_VERSION, TLS1_2_VERSION,
1823
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1824
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1825
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1826
     112,
1827
     168,
1828
     },
1829
#  endif
1830
    {
1831
     1,
1832
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1833
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1834
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1835
     SSL_kECDHEPSK,
1836
     SSL_aPSK,
1837
     SSL_AES128,
1838
     SSL_SHA1,
1839
     TLS1_VERSION, TLS1_2_VERSION,
1840
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1841
     SSL_HIGH | SSL_FIPS,
1842
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1843
     128,
1844
     128,
1845
     },
1846
    {
1847
     1,
1848
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1849
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1850
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1851
     SSL_kECDHEPSK,
1852
     SSL_aPSK,
1853
     SSL_AES256,
1854
     SSL_SHA1,
1855
     TLS1_VERSION, TLS1_2_VERSION,
1856
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1857
     SSL_HIGH | SSL_FIPS,
1858
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1859
     256,
1860
     256,
1861
     },
1862
    {
1863
     1,
1864
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1865
     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1866
     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1867
     SSL_kECDHEPSK,
1868
     SSL_aPSK,
1869
     SSL_AES128,
1870
     SSL_SHA256,
1871
     TLS1_VERSION, TLS1_2_VERSION,
1872
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1873
     SSL_HIGH | SSL_FIPS,
1874
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1875
     128,
1876
     128,
1877
     },
1878
    {
1879
     1,
1880
     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1881
     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1882
     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1883
     SSL_kECDHEPSK,
1884
     SSL_aPSK,
1885
     SSL_AES256,
1886
     SSL_SHA384,
1887
     TLS1_VERSION, TLS1_2_VERSION,
1888
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1889
     SSL_HIGH | SSL_FIPS,
1890
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1891
     256,
1892
     256,
1893
     },
1894
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
1895
    {
1896
     1,
1897
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
1898
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
1899
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
1900
     SSL_kECDHEPSK,
1901
     SSL_aPSK,
1902
     SSL_eNULL,
1903
     SSL_SHA1,
1904
     TLS1_VERSION, TLS1_2_VERSION,
1905
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1906
     SSL_STRONG_NONE | SSL_FIPS,
1907
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1908
     0,
1909
     0,
1910
     },
1911
    {
1912
     1,
1913
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
1914
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
1915
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
1916
     SSL_kECDHEPSK,
1917
     SSL_aPSK,
1918
     SSL_eNULL,
1919
     SSL_SHA256,
1920
     TLS1_VERSION, TLS1_2_VERSION,
1921
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1922
     SSL_STRONG_NONE | SSL_FIPS,
1923
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1924
     0,
1925
     0,
1926
     },
1927
    {
1928
     1,
1929
     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
1930
     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
1931
     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
1932
     SSL_kECDHEPSK,
1933
     SSL_aPSK,
1934
     SSL_eNULL,
1935
     SSL_SHA384,
1936
     TLS1_VERSION, TLS1_2_VERSION,
1937
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1938
     SSL_STRONG_NONE | SSL_FIPS,
1939
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1940
     0,
1941
     0,
1942
     },
1943
#endif
1944
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1945
    {
1946
     1,
1947
     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1948
     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1949
     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
1950
     SSL_kSRP,
1951
     SSL_aSRP,
1952
     SSL_3DES,
1953
     SSL_SHA1,
1954
     SSL3_VERSION, TLS1_2_VERSION,
1955
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1956
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1957
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1958
     112,
1959
     168,
1960
     },
1961
    {
1962
     1,
1963
     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1964
     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1965
     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
1966
     SSL_kSRP,
1967
     SSL_aRSA,
1968
     SSL_3DES,
1969
     SSL_SHA1,
1970
     SSL3_VERSION, TLS1_2_VERSION,
1971
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1972
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1973
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1974
     112,
1975
     168,
1976
     },
1977
    {
1978
     1,
1979
     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1980
     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1981
     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
1982
     SSL_kSRP,
1983
     SSL_aDSS,
1984
     SSL_3DES,
1985
     SSL_SHA1,
1986
     SSL3_VERSION, TLS1_2_VERSION,
1987
     DTLS1_BAD_VER, DTLS1_2_VERSION,
1988
     SSL_NOT_DEFAULT | SSL_MEDIUM,
1989
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1990
     112,
1991
     168,
1992
     },
1993
# endif
1994
    {
1995
     1,
1996
     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
1997
     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
1998
     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
1999
     SSL_kSRP,
2000
     SSL_aSRP,
2001
     SSL_AES128,
2002
     SSL_SHA1,
2003
     SSL3_VERSION, TLS1_2_VERSION,
2004
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2005
     SSL_HIGH,
2006
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2007
     128,
2008
     128,
2009
     },
2010
    {
2011
     1,
2012
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2013
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2014
     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2015
     SSL_kSRP,
2016
     SSL_aRSA,
2017
     SSL_AES128,
2018
     SSL_SHA1,
2019
     SSL3_VERSION, TLS1_2_VERSION,
2020
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2021
     SSL_HIGH,
2022
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2023
     128,
2024
     128,
2025
     },
2026
    {
2027
     1,
2028
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2029
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2030
     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2031
     SSL_kSRP,
2032
     SSL_aDSS,
2033
     SSL_AES128,
2034
     SSL_SHA1,
2035
     SSL3_VERSION, TLS1_2_VERSION,
2036
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2037
     SSL_NOT_DEFAULT | SSL_HIGH,
2038
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2039
     128,
2040
     128,
2041
     },
2042
    {
2043
     1,
2044
     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2045
     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
2046
     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2047
     SSL_kSRP,
2048
     SSL_aSRP,
2049
     SSL_AES256,
2050
     SSL_SHA1,
2051
     SSL3_VERSION, TLS1_2_VERSION,
2052
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2053
     SSL_HIGH,
2054
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2055
     256,
2056
     256,
2057
     },
2058
    {
2059
     1,
2060
     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2061
     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2062
     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2063
     SSL_kSRP,
2064
     SSL_aRSA,
2065
     SSL_AES256,
2066
     SSL_SHA1,
2067
     SSL3_VERSION, TLS1_2_VERSION,
2068
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2069
     SSL_HIGH,
2070
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2071
     256,
2072
     256,
2073
     },
2074
    {
2075
     1,
2076
     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2077
     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2078
     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2079
     SSL_kSRP,
2080
     SSL_aDSS,
2081
     SSL_AES256,
2082
     SSL_SHA1,
2083
     SSL3_VERSION, TLS1_2_VERSION,
2084
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2085
     SSL_NOT_DEFAULT | SSL_HIGH,
2086
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2087
     256,
2088
     256,
2089
     },
2090

2091
    {
2092
     1,
2093
     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2094
     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
2095
     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
2096
     SSL_kDHE,
2097
     SSL_aRSA,
2098
     SSL_CHACHA20POLY1305,
2099
     SSL_AEAD,
2100
     TLS1_2_VERSION, TLS1_2_VERSION,
2101
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2102
     SSL_HIGH,
2103
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2104
     256,
2105
     256,
2106
     },
2107
    {
2108
     1,
2109
     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2110
     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2111
     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2112
     SSL_kECDHE,
2113
     SSL_aRSA,
2114
     SSL_CHACHA20POLY1305,
2115
     SSL_AEAD,
2116
     TLS1_2_VERSION, TLS1_2_VERSION,
2117
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2118
     SSL_HIGH,
2119
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2120
     256,
2121
     256,
2122
     },
2123
    {
2124
     1,
2125
     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2126
     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2127
     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2128
     SSL_kECDHE,
2129
     SSL_aECDSA,
2130
     SSL_CHACHA20POLY1305,
2131
     SSL_AEAD,
2132
     TLS1_2_VERSION, TLS1_2_VERSION,
2133
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2134
     SSL_HIGH,
2135
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2136
     256,
2137
     256,
2138
     },
2139
    {
2140
     1,
2141
     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
2142
     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
2143
     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
2144
     SSL_kPSK,
2145
     SSL_aPSK,
2146
     SSL_CHACHA20POLY1305,
2147
     SSL_AEAD,
2148
     TLS1_2_VERSION, TLS1_2_VERSION,
2149
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2150
     SSL_HIGH,
2151
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2152
     256,
2153
     256,
2154
     },
2155
    {
2156
     1,
2157
     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2158
     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2159
     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
2160
     SSL_kECDHEPSK,
2161
     SSL_aPSK,
2162
     SSL_CHACHA20POLY1305,
2163
     SSL_AEAD,
2164
     TLS1_2_VERSION, TLS1_2_VERSION,
2165
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2166
     SSL_HIGH,
2167
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2168
     256,
2169
     256,
2170
     },
2171
    {
2172
     1,
2173
     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
2174
     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
2175
     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
2176
     SSL_kDHEPSK,
2177
     SSL_aPSK,
2178
     SSL_CHACHA20POLY1305,
2179
     SSL_AEAD,
2180
     TLS1_2_VERSION, TLS1_2_VERSION,
2181
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2182
     SSL_HIGH,
2183
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2184
     256,
2185
     256,
2186
     },
2187
    {
2188
     1,
2189
     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
2190
     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
2191
     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
2192
     SSL_kRSAPSK,
2193
     SSL_aRSA,
2194
     SSL_CHACHA20POLY1305,
2195
     SSL_AEAD,
2196
     TLS1_2_VERSION, TLS1_2_VERSION,
2197
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2198
     SSL_HIGH,
2199
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2200
     256,
2201
     256,
2202
     },
2203

2204
    {
2205
     1,
2206
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2207
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2208
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2209
     SSL_kRSA,
2210
     SSL_aRSA,
2211
     SSL_CAMELLIA128,
2212
     SSL_SHA256,
2213
     TLS1_2_VERSION, TLS1_2_VERSION,
2214
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2215
     SSL_NOT_DEFAULT | SSL_HIGH,
2216
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2217
     128,
2218
     128,
2219
     },
2220
    {
2221
     1,
2222
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2223
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2224
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
2225
     SSL_kDHE,
2226
     SSL_aDSS,
2227
     SSL_CAMELLIA128,
2228
     SSL_SHA256,
2229
     TLS1_2_VERSION, TLS1_2_VERSION,
2230
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2231
     SSL_NOT_DEFAULT | SSL_HIGH,
2232
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2233
     128,
2234
     128,
2235
     },
2236
    {
2237
     1,
2238
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2239
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2240
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2241
     SSL_kDHE,
2242
     SSL_aRSA,
2243
     SSL_CAMELLIA128,
2244
     SSL_SHA256,
2245
     TLS1_2_VERSION, TLS1_2_VERSION,
2246
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2247
     SSL_NOT_DEFAULT | SSL_HIGH,
2248
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2249
     128,
2250
     128,
2251
     },
2252
    {
2253
     1,
2254
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2255
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2256
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
2257
     SSL_kDHE,
2258
     SSL_aNULL,
2259
     SSL_CAMELLIA128,
2260
     SSL_SHA256,
2261
     TLS1_2_VERSION, TLS1_2_VERSION,
2262
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2263
     SSL_NOT_DEFAULT | SSL_HIGH,
2264
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2265
     128,
2266
     128,
2267
     },
2268
    {
2269
     1,
2270
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2271
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2272
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2273
     SSL_kRSA,
2274
     SSL_aRSA,
2275
     SSL_CAMELLIA256,
2276
     SSL_SHA256,
2277
     TLS1_2_VERSION, TLS1_2_VERSION,
2278
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2279
     SSL_NOT_DEFAULT | SSL_HIGH,
2280
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2281
     256,
2282
     256,
2283
     },
2284
    {
2285
     1,
2286
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2287
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2288
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
2289
     SSL_kDHE,
2290
     SSL_aDSS,
2291
     SSL_CAMELLIA256,
2292
     SSL_SHA256,
2293
     TLS1_2_VERSION, TLS1_2_VERSION,
2294
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2295
     SSL_NOT_DEFAULT | SSL_HIGH,
2296
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2297
     256,
2298
     256,
2299
     },
2300
    {
2301
     1,
2302
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2303
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2304
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
2305
     SSL_kDHE,
2306
     SSL_aRSA,
2307
     SSL_CAMELLIA256,
2308
     SSL_SHA256,
2309
     TLS1_2_VERSION, TLS1_2_VERSION,
2310
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2311
     SSL_NOT_DEFAULT | SSL_HIGH,
2312
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2313
     256,
2314
     256,
2315
     },
2316
    {
2317
     1,
2318
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2319
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2320
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
2321
     SSL_kDHE,
2322
     SSL_aNULL,
2323
     SSL_CAMELLIA256,
2324
     SSL_SHA256,
2325
     TLS1_2_VERSION, TLS1_2_VERSION,
2326
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2327
     SSL_NOT_DEFAULT | SSL_HIGH,
2328
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2329
     256,
2330
     256,
2331
     },
2332
    {
2333
     1,
2334
     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
2335
     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
2336
     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
2337
     SSL_kRSA,
2338
     SSL_aRSA,
2339
     SSL_CAMELLIA256,
2340
     SSL_SHA1,
2341
     SSL3_VERSION, TLS1_2_VERSION,
2342
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2343
     SSL_NOT_DEFAULT | SSL_HIGH,
2344
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2345
     256,
2346
     256,
2347
     },
2348
    {
2349
     1,
2350
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2351
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2352
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
2353
     SSL_kDHE,
2354
     SSL_aDSS,
2355
     SSL_CAMELLIA256,
2356
     SSL_SHA1,
2357
     SSL3_VERSION, TLS1_2_VERSION,
2358
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2359
     SSL_NOT_DEFAULT | SSL_HIGH,
2360
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2361
     256,
2362
     256,
2363
     },
2364
    {
2365
     1,
2366
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2367
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2368
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
2369
     SSL_kDHE,
2370
     SSL_aRSA,
2371
     SSL_CAMELLIA256,
2372
     SSL_SHA1,
2373
     SSL3_VERSION, TLS1_2_VERSION,
2374
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2375
     SSL_NOT_DEFAULT | SSL_HIGH,
2376
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2377
     256,
2378
     256,
2379
     },
2380
    {
2381
     1,
2382
     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
2383
     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
2384
     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
2385
     SSL_kDHE,
2386
     SSL_aNULL,
2387
     SSL_CAMELLIA256,
2388
     SSL_SHA1,
2389
     SSL3_VERSION, TLS1_2_VERSION,
2390
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2391
     SSL_NOT_DEFAULT | SSL_HIGH,
2392
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2393
     256,
2394
     256,
2395
     },
2396
    {
2397
     1,
2398
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
2399
     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
2400
     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
2401
     SSL_kRSA,
2402
     SSL_aRSA,
2403
     SSL_CAMELLIA128,
2404
     SSL_SHA1,
2405
     SSL3_VERSION, TLS1_2_VERSION,
2406
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2407
     SSL_NOT_DEFAULT | SSL_HIGH,
2408
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2409
     128,
2410
     128,
2411
     },
2412
    {
2413
     1,
2414
     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2415
     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2416
     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
2417
     SSL_kDHE,
2418
     SSL_aDSS,
2419
     SSL_CAMELLIA128,
2420
     SSL_SHA1,
2421
     SSL3_VERSION, TLS1_2_VERSION,
2422
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2423
     SSL_NOT_DEFAULT | SSL_HIGH,
2424
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2425
     128,
2426
     128,
2427
     },
2428
    {
2429
     1,
2430
     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2431
     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2432
     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
2433
     SSL_kDHE,
2434
     SSL_aRSA,
2435
     SSL_CAMELLIA128,
2436
     SSL_SHA1,
2437
     SSL3_VERSION, TLS1_2_VERSION,
2438
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2439
     SSL_NOT_DEFAULT | SSL_HIGH,
2440
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2441
     128,
2442
     128,
2443
     },
2444
    {
2445
     1,
2446
     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
2447
     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
2448
     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
2449
     SSL_kDHE,
2450
     SSL_aNULL,
2451
     SSL_CAMELLIA128,
2452
     SSL_SHA1,
2453
     SSL3_VERSION, TLS1_2_VERSION,
2454
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2455
     SSL_NOT_DEFAULT | SSL_HIGH,
2456
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2457
     128,
2458
     128,
2459
     },
2460
    {
2461
     1,
2462
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2463
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2464
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
2465
     SSL_kECDHE,
2466
     SSL_aECDSA,
2467
     SSL_CAMELLIA128,
2468
     SSL_SHA256,
2469
     TLS1_2_VERSION, TLS1_2_VERSION,
2470
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2471
     SSL_NOT_DEFAULT | SSL_HIGH,
2472
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2473
     128,
2474
     128,
2475
     },
2476
    {
2477
     1,
2478
     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2479
     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2480
     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
2481
     SSL_kECDHE,
2482
     SSL_aECDSA,
2483
     SSL_CAMELLIA256,
2484
     SSL_SHA384,
2485
     TLS1_2_VERSION, TLS1_2_VERSION,
2486
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2487
     SSL_NOT_DEFAULT | SSL_HIGH,
2488
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2489
     256,
2490
     256,
2491
     },
2492
    {
2493
     1,
2494
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2495
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2496
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
2497
     SSL_kECDHE,
2498
     SSL_aRSA,
2499
     SSL_CAMELLIA128,
2500
     SSL_SHA256,
2501
     TLS1_2_VERSION, TLS1_2_VERSION,
2502
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2503
     SSL_NOT_DEFAULT | SSL_HIGH,
2504
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2505
     128,
2506
     128,
2507
     },
2508
    {
2509
     1,
2510
     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2511
     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2512
     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
2513
     SSL_kECDHE,
2514
     SSL_aRSA,
2515
     SSL_CAMELLIA256,
2516
     SSL_SHA384,
2517
     TLS1_2_VERSION, TLS1_2_VERSION,
2518
     DTLS1_2_VERSION, DTLS1_2_VERSION,
2519
     SSL_NOT_DEFAULT | SSL_HIGH,
2520
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2521
     256,
2522
     256,
2523
     },
2524
    {
2525
     1,
2526
     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2527
     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2528
     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2529
     SSL_kPSK,
2530
     SSL_aPSK,
2531
     SSL_CAMELLIA128,
2532
     SSL_SHA256,
2533
     TLS1_VERSION, TLS1_2_VERSION,
2534
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2535
     SSL_NOT_DEFAULT | SSL_HIGH,
2536
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2537
     128,
2538
     128,
2539
     },
2540
    {
2541
     1,
2542
     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2543
     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2544
     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2545
     SSL_kPSK,
2546
     SSL_aPSK,
2547
     SSL_CAMELLIA256,
2548
     SSL_SHA384,
2549
     TLS1_VERSION, TLS1_2_VERSION,
2550
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2551
     SSL_NOT_DEFAULT | SSL_HIGH,
2552
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2553
     256,
2554
     256,
2555
     },
2556
    {
2557
     1,
2558
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2559
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2560
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2561
     SSL_kDHEPSK,
2562
     SSL_aPSK,
2563
     SSL_CAMELLIA128,
2564
     SSL_SHA256,
2565
     TLS1_VERSION, TLS1_2_VERSION,
2566
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2567
     SSL_NOT_DEFAULT | SSL_HIGH,
2568
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2569
     128,
2570
     128,
2571
     },
2572
    {
2573
     1,
2574
     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2575
     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2576
     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2577
     SSL_kDHEPSK,
2578
     SSL_aPSK,
2579
     SSL_CAMELLIA256,
2580
     SSL_SHA384,
2581
     TLS1_VERSION, TLS1_2_VERSION,
2582
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2583
     SSL_NOT_DEFAULT | SSL_HIGH,
2584
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2585
     256,
2586
     256,
2587
     },
2588
    {
2589
     1,
2590
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2591
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2592
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2593
     SSL_kRSAPSK,
2594
     SSL_aRSA,
2595
     SSL_CAMELLIA128,
2596
     SSL_SHA256,
2597
     TLS1_VERSION, TLS1_2_VERSION,
2598
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2599
     SSL_NOT_DEFAULT | SSL_HIGH,
2600
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2601
     128,
2602
     128,
2603
     },
2604
    {
2605
     1,
2606
     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2607
     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2608
     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2609
     SSL_kRSAPSK,
2610
     SSL_aRSA,
2611
     SSL_CAMELLIA256,
2612
     SSL_SHA384,
2613
     TLS1_VERSION, TLS1_2_VERSION,
2614
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2615
     SSL_NOT_DEFAULT | SSL_HIGH,
2616
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2617
     256,
2618
     256,
2619
     },
2620
    {
2621
     1,
2622
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2623
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2624
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
2625
     SSL_kECDHEPSK,
2626
     SSL_aPSK,
2627
     SSL_CAMELLIA128,
2628
     SSL_SHA256,
2629
     TLS1_VERSION, TLS1_2_VERSION,
2630
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2631
     SSL_NOT_DEFAULT | SSL_HIGH,
2632
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2633
     128,
2634
     128,
2635
     },
2636
    {
2637
     1,
2638
     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2639
     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2640
     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
2641
     SSL_kECDHEPSK,
2642
     SSL_aPSK,
2643
     SSL_CAMELLIA256,
2644
     SSL_SHA384,
2645
     TLS1_VERSION, TLS1_2_VERSION,
2646
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2647
     SSL_NOT_DEFAULT | SSL_HIGH,
2648
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2649
     256,
2650
     256,
2651
     },
2652

2653
#ifndef OPENSSL_NO_GOST
2654
    {
2655
     1,
2656
     "GOST2001-GOST89-GOST89",
2657
     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
2658
     0x3000081,
2659
     SSL_kGOST,
2660
     SSL_aGOST01,
2661
     SSL_eGOST2814789CNT,
2662
     SSL_GOST89MAC,
2663
     TLS1_VERSION, TLS1_2_VERSION,
2664
     0, 0,
2665
     SSL_HIGH,
2666
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
2667
     256,
2668
     256,
2669
     },
2670
# ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2671
    {
2672
     1,
2673
     "GOST2001-NULL-GOST94",
2674
     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
2675
     0x3000083,
2676
     SSL_kGOST,
2677
     SSL_aGOST01,
2678
     SSL_eNULL,
2679
     SSL_GOST94,
2680
     TLS1_VERSION, TLS1_2_VERSION,
2681
     0, 0,
2682
     SSL_STRONG_NONE,
2683
     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
2684
     0,
2685
     0,
2686
     },
2687
# endif
2688
    {
2689
     1,
2690
     "IANA-GOST2012-GOST8912-GOST8912",
2691
     NULL,
2692
     0x0300c102,
2693
     SSL_kGOST,
2694
     SSL_aGOST12 | SSL_aGOST01,
2695
     SSL_eGOST2814789CNT12,
2696
     SSL_GOST89MAC12,
2697
     TLS1_VERSION, TLS1_2_VERSION,
2698
     0, 0,
2699
     SSL_HIGH,
2700
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2701
     256,
2702
     256,
2703
     },
2704
    {
2705
     1,
2706
     "LEGACY-GOST2012-GOST8912-GOST8912",
2707
     NULL,
2708
     0x0300ff85,
2709
     SSL_kGOST,
2710
     SSL_aGOST12 | SSL_aGOST01,
2711
     SSL_eGOST2814789CNT12,
2712
     SSL_GOST89MAC12,
2713
     TLS1_VERSION, TLS1_2_VERSION,
2714
     0, 0,
2715
     SSL_HIGH,
2716
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2717
     256,
2718
     256,
2719
     },
2720
# ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
2721
    {
2722
     1,
2723
     "GOST2012-NULL-GOST12",
2724
     NULL,
2725
     0x0300ff87,
2726
     SSL_kGOST,
2727
     SSL_aGOST12 | SSL_aGOST01,
2728
     SSL_eNULL,
2729
     SSL_GOST12_256,
2730
     TLS1_VERSION, TLS1_2_VERSION,
2731
     0, 0,
2732
     SSL_STRONG_NONE,
2733
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
2734
     0,
2735
     0,
2736
     },
2737
# endif
2738
    {
2739
     1,
2740
     "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
2741
     NULL,
2742
     0x0300C100,
2743
     SSL_kGOST18,
2744
     SSL_aGOST12,
2745
     SSL_KUZNYECHIK,
2746
     SSL_KUZNYECHIKOMAC,
2747
     TLS1_2_VERSION, TLS1_2_VERSION,
2748
     0, 0,
2749
     SSL_HIGH,
2750
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2751
     256,
2752
     256,
2753
     },
2754
    {
2755
     1,
2756
     "GOST2012-MAGMA-MAGMAOMAC",
2757
     NULL,
2758
     0x0300C101,
2759
     SSL_kGOST18,
2760
     SSL_aGOST12,
2761
     SSL_MAGMA,
2762
     SSL_MAGMAOMAC,
2763
     TLS1_2_VERSION, TLS1_2_VERSION,
2764
     0, 0,
2765
     SSL_HIGH,
2766
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
2767
     256,
2768
     256,
2769
     },
2770
#endif                          /* OPENSSL_NO_GOST */
2771

2772
    {
2773
     1,
2774
     SSL3_TXT_RSA_IDEA_128_SHA,
2775
     SSL3_RFC_RSA_IDEA_128_SHA,
2776
     SSL3_CK_RSA_IDEA_128_SHA,
2777
     SSL_kRSA,
2778
     SSL_aRSA,
2779
     SSL_IDEA,
2780
     SSL_SHA1,
2781
     SSL3_VERSION, TLS1_1_VERSION,
2782
     DTLS1_BAD_VER, DTLS1_VERSION,
2783
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2784
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2785
     128,
2786
     128,
2787
     },
2788

2789
    {
2790
     1,
2791
     TLS1_TXT_RSA_WITH_SEED_SHA,
2792
     TLS1_RFC_RSA_WITH_SEED_SHA,
2793
     TLS1_CK_RSA_WITH_SEED_SHA,
2794
     SSL_kRSA,
2795
     SSL_aRSA,
2796
     SSL_SEED,
2797
     SSL_SHA1,
2798
     SSL3_VERSION, TLS1_2_VERSION,
2799
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2800
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2801
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2802
     128,
2803
     128,
2804
     },
2805
    {
2806
     1,
2807
     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
2808
     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
2809
     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
2810
     SSL_kDHE,
2811
     SSL_aDSS,
2812
     SSL_SEED,
2813
     SSL_SHA1,
2814
     SSL3_VERSION, TLS1_2_VERSION,
2815
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2816
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2817
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2818
     128,
2819
     128,
2820
     },
2821
    {
2822
     1,
2823
     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
2824
     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
2825
     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
2826
     SSL_kDHE,
2827
     SSL_aRSA,
2828
     SSL_SEED,
2829
     SSL_SHA1,
2830
     SSL3_VERSION, TLS1_2_VERSION,
2831
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2832
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2833
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2834
     128,
2835
     128,
2836
     },
2837
    {
2838
     1,
2839
     TLS1_TXT_ADH_WITH_SEED_SHA,
2840
     TLS1_RFC_ADH_WITH_SEED_SHA,
2841
     TLS1_CK_ADH_WITH_SEED_SHA,
2842
     SSL_kDHE,
2843
     SSL_aNULL,
2844
     SSL_SEED,
2845
     SSL_SHA1,
2846
     SSL3_VERSION, TLS1_2_VERSION,
2847
     DTLS1_BAD_VER, DTLS1_2_VERSION,
2848
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2849
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2850
     128,
2851
     128,
2852
     },
2853

2854
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
2855
    {
2856
     1,
2857
     SSL3_TXT_RSA_RC4_128_MD5,
2858
     SSL3_RFC_RSA_RC4_128_MD5,
2859
     SSL3_CK_RSA_RC4_128_MD5,
2860
     SSL_kRSA,
2861
     SSL_aRSA,
2862
     SSL_RC4,
2863
     SSL_MD5,
2864
     SSL3_VERSION, TLS1_2_VERSION,
2865
     0, 0,
2866
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2867
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2868
     80,
2869
     128,
2870
     },
2871
    {
2872
     1,
2873
     SSL3_TXT_RSA_RC4_128_SHA,
2874
     SSL3_RFC_RSA_RC4_128_SHA,
2875
     SSL3_CK_RSA_RC4_128_SHA,
2876
     SSL_kRSA,
2877
     SSL_aRSA,
2878
     SSL_RC4,
2879
     SSL_SHA1,
2880
     SSL3_VERSION, TLS1_2_VERSION,
2881
     0, 0,
2882
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2883
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2884
     80,
2885
     128,
2886
     },
2887
    {
2888
     1,
2889
     SSL3_TXT_ADH_RC4_128_MD5,
2890
     SSL3_RFC_ADH_RC4_128_MD5,
2891
     SSL3_CK_ADH_RC4_128_MD5,
2892
     SSL_kDHE,
2893
     SSL_aNULL,
2894
     SSL_RC4,
2895
     SSL_MD5,
2896
     SSL3_VERSION, TLS1_2_VERSION,
2897
     0, 0,
2898
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2899
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2900
     80,
2901
     128,
2902
     },
2903
    {
2904
     1,
2905
     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
2906
     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
2907
     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
2908
     SSL_kECDHEPSK,
2909
     SSL_aPSK,
2910
     SSL_RC4,
2911
     SSL_SHA1,
2912
     TLS1_VERSION, TLS1_2_VERSION,
2913
     0, 0,
2914
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2915
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2916
     80,
2917
     128,
2918
     },
2919
    {
2920
     1,
2921
     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2922
     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
2923
     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2924
     SSL_kECDHE,
2925
     SSL_aNULL,
2926
     SSL_RC4,
2927
     SSL_SHA1,
2928
     TLS1_VERSION, TLS1_2_VERSION,
2929
     0, 0,
2930
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2931
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2932
     80,
2933
     128,
2934
     },
2935
    {
2936
     1,
2937
     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2938
     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
2939
     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2940
     SSL_kECDHE,
2941
     SSL_aECDSA,
2942
     SSL_RC4,
2943
     SSL_SHA1,
2944
     TLS1_VERSION, TLS1_2_VERSION,
2945
     0, 0,
2946
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2947
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2948
     80,
2949
     128,
2950
     },
2951
    {
2952
     1,
2953
     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2954
     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
2955
     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2956
     SSL_kECDHE,
2957
     SSL_aRSA,
2958
     SSL_RC4,
2959
     SSL_SHA1,
2960
     TLS1_VERSION, TLS1_2_VERSION,
2961
     0, 0,
2962
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2963
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2964
     80,
2965
     128,
2966
     },
2967
    {
2968
     1,
2969
     TLS1_TXT_PSK_WITH_RC4_128_SHA,
2970
     TLS1_RFC_PSK_WITH_RC4_128_SHA,
2971
     TLS1_CK_PSK_WITH_RC4_128_SHA,
2972
     SSL_kPSK,
2973
     SSL_aPSK,
2974
     SSL_RC4,
2975
     SSL_SHA1,
2976
     SSL3_VERSION, TLS1_2_VERSION,
2977
     0, 0,
2978
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2979
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2980
     80,
2981
     128,
2982
     },
2983
    {
2984
     1,
2985
     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
2986
     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
2987
     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
2988
     SSL_kRSAPSK,
2989
     SSL_aRSA,
2990
     SSL_RC4,
2991
     SSL_SHA1,
2992
     SSL3_VERSION, TLS1_2_VERSION,
2993
     0, 0,
2994
     SSL_NOT_DEFAULT | SSL_MEDIUM,
2995
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2996
     80,
2997
     128,
2998
     },
2999
    {
3000
     1,
3001
     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
3002
     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
3003
     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
3004
     SSL_kDHEPSK,
3005
     SSL_aPSK,
3006
     SSL_RC4,
3007
     SSL_SHA1,
3008
     SSL3_VERSION, TLS1_2_VERSION,
3009
     0, 0,
3010
     SSL_NOT_DEFAULT | SSL_MEDIUM,
3011
     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
3012
     80,
3013
     128,
3014
     },
3015
#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
3016

3017
    {
3018
     1,
3019
     TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
3020
     TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
3021
     TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
3022
     SSL_kRSA,
3023
     SSL_aRSA,
3024
     SSL_ARIA128GCM,
3025
     SSL_AEAD,
3026
     TLS1_2_VERSION, TLS1_2_VERSION,
3027
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3028
     SSL_NOT_DEFAULT | SSL_HIGH,
3029
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3030
     128,
3031
     128,
3032
     },
3033
    {
3034
     1,
3035
     TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
3036
     TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
3037
     TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
3038
     SSL_kRSA,
3039
     SSL_aRSA,
3040
     SSL_ARIA256GCM,
3041
     SSL_AEAD,
3042
     TLS1_2_VERSION, TLS1_2_VERSION,
3043
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3044
     SSL_NOT_DEFAULT | SSL_HIGH,
3045
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3046
     256,
3047
     256,
3048
     },
3049
    {
3050
     1,
3051
     TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3052
     TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3053
     TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
3054
     SSL_kDHE,
3055
     SSL_aRSA,
3056
     SSL_ARIA128GCM,
3057
     SSL_AEAD,
3058
     TLS1_2_VERSION, TLS1_2_VERSION,
3059
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3060
     SSL_NOT_DEFAULT | SSL_HIGH,
3061
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3062
     128,
3063
     128,
3064
     },
3065
    {
3066
     1,
3067
     TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3068
     TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3069
     TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
3070
     SSL_kDHE,
3071
     SSL_aRSA,
3072
     SSL_ARIA256GCM,
3073
     SSL_AEAD,
3074
     TLS1_2_VERSION, TLS1_2_VERSION,
3075
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3076
     SSL_NOT_DEFAULT | SSL_HIGH,
3077
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3078
     256,
3079
     256,
3080
     },
3081
    {
3082
     1,
3083
     TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3084
     TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3085
     TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
3086
     SSL_kDHE,
3087
     SSL_aDSS,
3088
     SSL_ARIA128GCM,
3089
     SSL_AEAD,
3090
     TLS1_2_VERSION, TLS1_2_VERSION,
3091
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3092
     SSL_NOT_DEFAULT | SSL_HIGH,
3093
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3094
     128,
3095
     128,
3096
     },
3097
    {
3098
     1,
3099
     TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3100
     TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3101
     TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
3102
     SSL_kDHE,
3103
     SSL_aDSS,
3104
     SSL_ARIA256GCM,
3105
     SSL_AEAD,
3106
     TLS1_2_VERSION, TLS1_2_VERSION,
3107
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3108
     SSL_NOT_DEFAULT | SSL_HIGH,
3109
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3110
     256,
3111
     256,
3112
     },
3113
    {
3114
     1,
3115
     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3116
     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3117
     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
3118
     SSL_kECDHE,
3119
     SSL_aECDSA,
3120
     SSL_ARIA128GCM,
3121
     SSL_AEAD,
3122
     TLS1_2_VERSION, TLS1_2_VERSION,
3123
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3124
     SSL_NOT_DEFAULT | SSL_HIGH,
3125
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3126
     128,
3127
     128,
3128
     },
3129
    {
3130
     1,
3131
     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3132
     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3133
     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
3134
     SSL_kECDHE,
3135
     SSL_aECDSA,
3136
     SSL_ARIA256GCM,
3137
     SSL_AEAD,
3138
     TLS1_2_VERSION, TLS1_2_VERSION,
3139
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3140
     SSL_NOT_DEFAULT | SSL_HIGH,
3141
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3142
     256,
3143
     256,
3144
     },
3145
    {
3146
     1,
3147
     TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3148
     TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3149
     TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
3150
     SSL_kECDHE,
3151
     SSL_aRSA,
3152
     SSL_ARIA128GCM,
3153
     SSL_AEAD,
3154
     TLS1_2_VERSION, TLS1_2_VERSION,
3155
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3156
     SSL_NOT_DEFAULT | SSL_HIGH,
3157
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3158
     128,
3159
     128,
3160
     },
3161
    {
3162
     1,
3163
     TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3164
     TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3165
     TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
3166
     SSL_kECDHE,
3167
     SSL_aRSA,
3168
     SSL_ARIA256GCM,
3169
     SSL_AEAD,
3170
     TLS1_2_VERSION, TLS1_2_VERSION,
3171
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3172
     SSL_NOT_DEFAULT | SSL_HIGH,
3173
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3174
     256,
3175
     256,
3176
     },
3177
    {
3178
     1,
3179
     TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
3180
     TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
3181
     TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
3182
     SSL_kPSK,
3183
     SSL_aPSK,
3184
     SSL_ARIA128GCM,
3185
     SSL_AEAD,
3186
     TLS1_2_VERSION, TLS1_2_VERSION,
3187
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3188
     SSL_NOT_DEFAULT | SSL_HIGH,
3189
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3190
     128,
3191
     128,
3192
     },
3193
    {
3194
     1,
3195
     TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
3196
     TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
3197
     TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
3198
     SSL_kPSK,
3199
     SSL_aPSK,
3200
     SSL_ARIA256GCM,
3201
     SSL_AEAD,
3202
     TLS1_2_VERSION, TLS1_2_VERSION,
3203
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3204
     SSL_NOT_DEFAULT | SSL_HIGH,
3205
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3206
     256,
3207
     256,
3208
     },
3209
    {
3210
     1,
3211
     TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3212
     TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3213
     TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
3214
     SSL_kDHEPSK,
3215
     SSL_aPSK,
3216
     SSL_ARIA128GCM,
3217
     SSL_AEAD,
3218
     TLS1_2_VERSION, TLS1_2_VERSION,
3219
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3220
     SSL_NOT_DEFAULT | SSL_HIGH,
3221
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3222
     128,
3223
     128,
3224
     },
3225
    {
3226
     1,
3227
     TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3228
     TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3229
     TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
3230
     SSL_kDHEPSK,
3231
     SSL_aPSK,
3232
     SSL_ARIA256GCM,
3233
     SSL_AEAD,
3234
     TLS1_2_VERSION, TLS1_2_VERSION,
3235
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3236
     SSL_NOT_DEFAULT | SSL_HIGH,
3237
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3238
     256,
3239
     256,
3240
     },
3241
    {
3242
     1,
3243
     TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3244
     TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3245
     TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
3246
     SSL_kRSAPSK,
3247
     SSL_aRSA,
3248
     SSL_ARIA128GCM,
3249
     SSL_AEAD,
3250
     TLS1_2_VERSION, TLS1_2_VERSION,
3251
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3252
     SSL_NOT_DEFAULT | SSL_HIGH,
3253
     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
3254
     128,
3255
     128,
3256
     },
3257
    {
3258
     1,
3259
     TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3260
     TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3261
     TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
3262
     SSL_kRSAPSK,
3263
     SSL_aRSA,
3264
     SSL_ARIA256GCM,
3265
     SSL_AEAD,
3266
     TLS1_2_VERSION, TLS1_2_VERSION,
3267
     DTLS1_2_VERSION, DTLS1_2_VERSION,
3268
     SSL_NOT_DEFAULT | SSL_HIGH,
3269
     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
3270
     256,
3271
     256,
3272
     },
3273
};
3274

3275
/*
3276
 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
3277
 * values stuffed into the ciphers field of the wire protocol for signalling
3278
 * purposes.
3279
 */
3280
static SSL_CIPHER ssl3_scsvs[] = {
3281
    {
3282
     0,
3283
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3284
     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
3285
     SSL3_CK_SCSV,
3286
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3287
    },
3288
    {
3289
     0,
3290
     "TLS_FALLBACK_SCSV",
3291
     "TLS_FALLBACK_SCSV",
3292
     SSL3_CK_FALLBACK_SCSV,
3293
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3294
    },
3295
};
3296

3297
static int cipher_compare(const void *a, const void *b)
3298
{
3299
    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
3300
    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
3301

3302
    if (ap->id == bp->id)
3303
        return 0;
3304
    return ap->id < bp->id ? -1 : 1;
3305
}
3306

3307
void ssl_sort_cipher_list(void)
3308
{
3309
    qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
3310
          cipher_compare);
3311
    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
3312
          cipher_compare);
3313
    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
3314
}
3315

3316
static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r,
3317
                                       size_t s, const char *t, size_t u,
3318
                                       const unsigned char *v, size_t w, int x)
3319
{
3320
    (void)r;
3321
    (void)s;
3322
    (void)t;
3323
    (void)u;
3324
    (void)v;
3325
    (void)w;
3326
    (void)x;
3327
    return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
3328
}
3329

3330
const SSL3_ENC_METHOD SSLv3_enc_data = {
3331
    ssl3_setup_key_block,
3332
    ssl3_generate_master_secret,
3333
    ssl3_change_cipher_state,
3334
    ssl3_final_finish_mac,
3335
    SSL3_MD_CLIENT_FINISHED_CONST, 4,
3336
    SSL3_MD_SERVER_FINISHED_CONST, 4,
3337
    ssl3_alert_code,
3338
    sslcon_undefined_function_1,
3339
    0,
3340
    ssl3_set_handshake_header,
3341
    tls_close_construct_packet,
3342
    ssl3_handshake_write
3343
};
3344

3345
OSSL_TIME ssl3_default_timeout(void)
3346
{
3347
    /*
3348
     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
3349
     * http, the cache would over fill
3350
     */
3351
    return ossl_seconds2time(60 * 60 * 2);
3352
}
3353

3354
int ssl3_num_ciphers(void)
3355
{
3356
    return SSL3_NUM_CIPHERS;
3357
}
3358

3359
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
3360
{
3361
    if (u < SSL3_NUM_CIPHERS)
3362
        return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
3363
    else
3364
        return NULL;
3365
}
3366

3367
int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
3368
{
3369
    /* No header in the event of a CCS */
3370
    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
3371
        return 1;
3372

3373
    /* Set the content type and 3 bytes for the message len */
3374
    if (!WPACKET_put_bytes_u8(pkt, htype)
3375
            || !WPACKET_start_sub_packet_u24(pkt))
3376
        return 0;
3377

3378
    return 1;
3379
}
3380

3381
int ssl3_handshake_write(SSL_CONNECTION *s)
3382
{
3383
    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3384
}
3385

3386
int ssl3_new(SSL *s)
3387
{
3388
#ifndef OPENSSL_NO_SRP
3389
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3390

3391
    if (sc == NULL)
3392
        return 0;
3393

3394
    if (!ssl_srp_ctx_init_intern(sc))
3395
        return 0;
3396
#endif
3397

3398
    if (!s->method->ssl_clear(s))
3399
        return 0;
3400

3401
    return 1;
3402
}
3403

3404
void ssl3_free(SSL *s)
3405
{
3406
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3407
    size_t i;
3408

3409
    if (sc == NULL)
3410
        return;
3411

3412
    ssl3_cleanup_key_block(sc);
3413

3414
    EVP_PKEY_free(sc->s3.peer_tmp);
3415
    sc->s3.peer_tmp = NULL;
3416

3417
    for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3418
        if (sc->s3.tmp.ks_pkey[i] != NULL) {
3419
            if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3420
                sc->s3.tmp.pkey = NULL;
3421

3422
            EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3423
            sc->s3.tmp.ks_pkey[i] = NULL;
3424
        }
3425
    sc->s3.tmp.num_ks_pkey = 0;
3426

3427
    if (sc->s3.tmp.pkey != NULL) {
3428
        EVP_PKEY_free(sc->s3.tmp.pkey);
3429
        sc->s3.tmp.pkey = NULL;
3430
    }
3431

3432
    ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);
3433
    ssl_evp_md_free(sc->s3.tmp.new_hash);
3434

3435
    OPENSSL_free(sc->s3.tmp.ctype);
3436
    sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3437
    OPENSSL_free(sc->s3.tmp.ciphers_raw);
3438
    OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3439
    OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3440
    OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3441
    OPENSSL_free(sc->s3.tmp.valid_flags);
3442
    ssl3_free_digest_list(sc);
3443
    OPENSSL_free(sc->s3.alpn_selected);
3444
    OPENSSL_free(sc->s3.alpn_proposed);
3445
    ossl_quic_tls_free(sc->qtls);
3446

3447
#ifndef OPENSSL_NO_PSK
3448
    OPENSSL_free(sc->s3.tmp.psk);
3449
#endif
3450

3451
#ifndef OPENSSL_NO_SRP
3452
    ssl_srp_ctx_free_intern(sc);
3453
#endif
3454
    memset(&sc->s3, 0, sizeof(sc->s3));
3455
}
3456

3457
int ssl3_clear(SSL *s)
3458
{
3459
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3460
    int flags;
3461
    size_t i;
3462

3463
    if (sc == NULL)
3464
        return 0;
3465

3466
    ssl3_cleanup_key_block(sc);
3467
    OPENSSL_free(sc->s3.tmp.ctype);
3468
    sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);
3469
    OPENSSL_free(sc->s3.tmp.ciphers_raw);
3470
    OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);
3471
    OPENSSL_free(sc->s3.tmp.peer_sigalgs);
3472
    OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);
3473
    OPENSSL_free(sc->s3.tmp.valid_flags);
3474

3475
    EVP_PKEY_free(sc->s3.peer_tmp);
3476

3477
    for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)
3478
        if (sc->s3.tmp.ks_pkey[i] != NULL) {
3479
            if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])
3480
                sc->s3.tmp.pkey = NULL;
3481

3482
            EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);
3483
            sc->s3.tmp.ks_pkey[i] = NULL;
3484
        }
3485
    sc->s3.tmp.num_ks_pkey = 0;
3486

3487
    if (sc->s3.tmp.pkey != NULL) {
3488
        EVP_PKEY_free(sc->s3.tmp.pkey);
3489
        sc->s3.tmp.pkey = NULL;
3490
    }
3491

3492
    ssl3_free_digest_list(sc);
3493

3494
    OPENSSL_free(sc->s3.alpn_selected);
3495
    OPENSSL_free(sc->s3.alpn_proposed);
3496

3497
    /*
3498
     * NULL/zero-out everything in the s3 struct, but remember if we are doing
3499
     * QUIC.
3500
     */
3501
    flags = sc->s3.flags & (TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL);
3502
    memset(&sc->s3, 0, sizeof(sc->s3));
3503
    sc->s3.flags |= flags;
3504

3505
    if (!ssl_free_wbio_buffer(sc))
3506
        return 0;
3507

3508
    sc->version = SSL3_VERSION;
3509

3510
#if !defined(OPENSSL_NO_NEXTPROTONEG)
3511
    OPENSSL_free(sc->ext.npn);
3512
    sc->ext.npn = NULL;
3513
    sc->ext.npn_len = 0;
3514
#endif
3515

3516
    return 1;
3517
}
3518

3519
#ifndef OPENSSL_NO_SRP
3520
static char *srp_password_from_info_cb(SSL *s, void *arg)
3521
{
3522
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3523

3524
    if (sc == NULL)
3525
        return NULL;
3526

3527
    return OPENSSL_strdup(sc->srp_ctx.info);
3528
}
3529
#endif
3530

3531
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3532

3533
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3534
{
3535
    int ret = 0;
3536
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3537

3538
    if (sc == NULL)
3539
        return ret;
3540

3541
    switch (cmd) {
3542
    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3543
        break;
3544
    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3545
        ret = sc->s3.num_renegotiations;
3546
        break;
3547
    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3548
        ret = sc->s3.num_renegotiations;
3549
        sc->s3.num_renegotiations = 0;
3550
        break;
3551
    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3552
        ret = sc->s3.total_renegotiations;
3553
        break;
3554
    case SSL_CTRL_GET_FLAGS:
3555
        ret = (int)(sc->s3.flags);
3556
        break;
3557
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3558
    case SSL_CTRL_SET_TMP_DH:
3559
        {
3560
            EVP_PKEY *pkdh = NULL;
3561
            if (parg == NULL) {
3562
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3563
                return 0;
3564
            }
3565
            pkdh = ssl_dh_to_pkey(parg);
3566
            if (pkdh == NULL) {
3567
                ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3568
                return 0;
3569
            }
3570
            if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
3571
                EVP_PKEY_free(pkdh);
3572
                return 0;
3573
            }
3574
            return 1;
3575
        }
3576
        break;
3577
    case SSL_CTRL_SET_TMP_DH_CB:
3578
        {
3579
            ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3580
            return ret;
3581
        }
3582
#endif
3583
    case SSL_CTRL_SET_DH_AUTO:
3584
        sc->cert->dh_tmp_auto = larg;
3585
        return 1;
3586
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3587
    case SSL_CTRL_SET_TMP_ECDH:
3588
        {
3589
            if (parg == NULL) {
3590
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3591
                return 0;
3592
            }
3593
            return ssl_set_tmp_ecdh_groups(&sc->ext.supportedgroups,
3594
                                           &sc->ext.supportedgroups_len,
3595
                                           &sc->ext.keyshares,
3596
                                           &sc->ext.keyshares_len,
3597
                                           &sc->ext.tuples,
3598
                                           &sc->ext.tuples_len,
3599
                                           parg);
3600
        }
3601
#endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
3602
    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3603
        /*
3604
         * This API is only used for a client to set what SNI it will request
3605
         * from the server, but we currently allow it to be used on servers
3606
         * as well, which is a programming error.  Currently we just clear
3607
         * the field in SSL_do_handshake() for server SSLs, but when we can
3608
         * make ABI-breaking changes, we may want to make use of this API
3609
         * an error on server SSLs.
3610
         */
3611
        if (larg == TLSEXT_NAMETYPE_host_name) {
3612
            size_t len;
3613

3614
            OPENSSL_free(sc->ext.hostname);
3615
            sc->ext.hostname = NULL;
3616

3617
            ret = 1;
3618
            if (parg == NULL)
3619
                break;
3620
            len = strlen((char *)parg);
3621
            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3622
                ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3623
                return 0;
3624
            }
3625
            if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
3626
                ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
3627
                return 0;
3628
            }
3629
        } else {
3630
            ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3631
            return 0;
3632
        }
3633
        break;
3634
    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3635
        sc->ext.debug_arg = parg;
3636
        ret = 1;
3637
        break;
3638

3639
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
3640
        ret = sc->ext.status_type;
3641
        break;
3642

3643
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3644
        sc->ext.status_type = larg;
3645
        ret = 1;
3646
        break;
3647

3648
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3649
        *(STACK_OF(X509_EXTENSION) **)parg = sc->ext.ocsp.exts;
3650
        ret = 1;
3651
        break;
3652

3653
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3654
        sc->ext.ocsp.exts = parg;
3655
        ret = 1;
3656
        break;
3657

3658
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3659
        *(STACK_OF(OCSP_RESPID) **)parg = sc->ext.ocsp.ids;
3660
        ret = 1;
3661
        break;
3662

3663
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3664
        sc->ext.ocsp.ids = parg;
3665
        ret = 1;
3666
        break;
3667

3668
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3669
        *(unsigned char **)parg = sc->ext.ocsp.resp;
3670
        if (sc->ext.ocsp.resp_len == 0
3671
                || sc->ext.ocsp.resp_len > LONG_MAX)
3672
            return -1;
3673
        return (long)sc->ext.ocsp.resp_len;
3674

3675
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3676
        OPENSSL_free(sc->ext.ocsp.resp);
3677
        sc->ext.ocsp.resp = parg;
3678
        sc->ext.ocsp.resp_len = larg;
3679
        ret = 1;
3680
        break;
3681

3682
    case SSL_CTRL_CHAIN:
3683
        if (larg)
3684
            return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
3685
        else
3686
            return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
3687

3688
    case SSL_CTRL_CHAIN_CERT:
3689
        if (larg)
3690
            return ssl_cert_add1_chain_cert(sc, NULL, (X509 *)parg);
3691
        else
3692
            return ssl_cert_add0_chain_cert(sc, NULL, (X509 *)parg);
3693

3694
    case SSL_CTRL_GET_CHAIN_CERTS:
3695
        *(STACK_OF(X509) **)parg = sc->cert->key->chain;
3696
        ret = 1;
3697
        break;
3698

3699
    case SSL_CTRL_SELECT_CURRENT_CERT:
3700
        return ssl_cert_select_current(sc->cert, (X509 *)parg);
3701

3702
    case SSL_CTRL_SET_CURRENT_CERT:
3703
        if (larg == SSL_CERT_SET_SERVER) {
3704
            const SSL_CIPHER *cipher;
3705
            if (!sc->server)
3706
                return 0;
3707
            cipher = sc->s3.tmp.new_cipher;
3708
            if (cipher == NULL)
3709
                return 0;
3710
            /*
3711
             * No certificate for unauthenticated ciphersuites or using SRP
3712
             * authentication
3713
             */
3714
            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3715
                return 2;
3716
            if (sc->s3.tmp.cert == NULL)
3717
                return 0;
3718
            sc->cert->key = sc->s3.tmp.cert;
3719
            return 1;
3720
        }
3721
        return ssl_cert_set_current(sc->cert, larg);
3722

3723
    case SSL_CTRL_GET_GROUPS:
3724
        {
3725
            uint16_t *clist;
3726
            size_t clistlen;
3727

3728
            if (!sc->session)
3729
                return 0;
3730
            clist = sc->ext.peer_supportedgroups;
3731
            clistlen = sc->ext.peer_supportedgroups_len;
3732
            if (parg) {
3733
                size_t i;
3734
                int *cptr = parg;
3735

3736
                for (i = 0; i < clistlen; i++) {
3737
                    const TLS_GROUP_INFO *cinf
3738
                        = tls1_group_id_lookup(s->ctx, clist[i]);
3739

3740
                    if (cinf != NULL)
3741
                        cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
3742
                    else
3743
                        cptr[i] = TLSEXT_nid_unknown | clist[i];
3744
                }
3745
            }
3746
            return (int)clistlen;
3747
        }
3748

3749
    case SSL_CTRL_SET_GROUPS:
3750
        return tls1_set_groups(&sc->ext.supportedgroups,
3751
                               &sc->ext.supportedgroups_len,
3752
                               &sc->ext.keyshares,
3753
                               &sc->ext.keyshares_len,
3754
                               &sc->ext.tuples,
3755
                               &sc->ext.tuples_len,
3756
                               parg, larg);
3757

3758
    case SSL_CTRL_SET_GROUPS_LIST:
3759
        return tls1_set_groups_list(s->ctx,
3760
                                    &sc->ext.supportedgroups,
3761
                                    &sc->ext.supportedgroups_len,
3762
                                    &sc->ext.keyshares,
3763
                                    &sc->ext.keyshares_len,
3764
                                    &sc->ext.tuples,
3765
                                    &sc->ext.tuples_len,
3766
                                    parg);
3767

3768
    case SSL_CTRL_GET_SHARED_GROUP:
3769
        {
3770
            uint16_t id = tls1_shared_group(sc, larg);
3771

3772
            if (larg != -1)
3773
                return tls1_group_id2nid(id, 1);
3774
            return id;
3775
        }
3776
    case SSL_CTRL_GET_NEGOTIATED_GROUP:
3777
        {
3778
            unsigned int id;
3779

3780
            if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
3781
                id = sc->s3.group_id;
3782
            else
3783
                id = (sc->session != NULL) ? sc->session->kex_group : NID_undef;
3784
            ret = tls1_group_id2nid(id, 1);
3785
            break;
3786
        }
3787
    case SSL_CTRL_SET_SIGALGS:
3788
        return tls1_set_sigalgs(sc->cert, parg, larg, 0);
3789

3790
    case SSL_CTRL_SET_SIGALGS_LIST:
3791
        return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0);
3792

3793
    case SSL_CTRL_SET_CLIENT_SIGALGS:
3794
        return tls1_set_sigalgs(sc->cert, parg, larg, 1);
3795

3796
    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3797
        return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1);
3798

3799
    case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3800
        {
3801
            const unsigned char **pctype = parg;
3802
            if (sc->server || !sc->s3.tmp.cert_req)
3803
                return 0;
3804
            if (pctype)
3805
                *pctype = sc->s3.tmp.ctype;
3806
            return sc->s3.tmp.ctype_len;
3807
        }
3808

3809
    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3810
        if (!sc->server)
3811
            return 0;
3812
        return ssl3_set_req_cert_type(sc->cert, parg, larg);
3813

3814
    case SSL_CTRL_BUILD_CERT_CHAIN:
3815
        return ssl_build_cert_chain(sc, NULL, larg);
3816

3817
    case SSL_CTRL_SET_VERIFY_CERT_STORE:
3818
        return ssl_cert_set_cert_store(sc->cert, parg, 0, larg);
3819

3820
    case SSL_CTRL_SET_CHAIN_CERT_STORE:
3821
        return ssl_cert_set_cert_store(sc->cert, parg, 1, larg);
3822

3823
    case SSL_CTRL_GET_VERIFY_CERT_STORE:
3824
        return ssl_cert_get_cert_store(sc->cert, parg, 0);
3825

3826
    case SSL_CTRL_GET_CHAIN_CERT_STORE:
3827
        return ssl_cert_get_cert_store(sc->cert, parg, 1);
3828

3829
    case SSL_CTRL_GET_PEER_SIGNATURE_NAME:
3830
        if (parg == NULL || sc->s3.tmp.peer_sigalg == NULL)
3831
            return 0;
3832
        *(const char **)parg = sc->s3.tmp.peer_sigalg->name;
3833
        return 1;
3834

3835
    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3836
        if (sc->s3.tmp.peer_sigalg == NULL)
3837
            return 0;
3838
        *(int *)parg = sc->s3.tmp.peer_sigalg->hash;
3839
        return 1;
3840

3841
    case SSL_CTRL_GET_SIGNATURE_NAME:
3842
        if (parg == NULL || sc->s3.tmp.sigalg == NULL)
3843
            return 0;
3844
        *(const char **)parg = sc->s3.tmp.sigalg->name;
3845
        return 1;
3846

3847
    case SSL_CTRL_GET_SIGNATURE_NID:
3848
        if (sc->s3.tmp.sigalg == NULL)
3849
            return 0;
3850
        *(int *)parg = sc->s3.tmp.sigalg->hash;
3851
        return 1;
3852

3853
    case SSL_CTRL_GET_PEER_TMP_KEY:
3854
        if (sc->session == NULL || sc->s3.peer_tmp == NULL) {
3855
            return 0;
3856
        } else {
3857
            if (!EVP_PKEY_up_ref(sc->s3.peer_tmp))
3858
                return 0;
3859

3860
            *(EVP_PKEY **)parg = sc->s3.peer_tmp;
3861
            return 1;
3862
        }
3863

3864
    case SSL_CTRL_GET_TMP_KEY:
3865
        if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {
3866
            return 0;
3867
        } else {
3868
            if (!EVP_PKEY_up_ref(sc->s3.tmp.pkey))
3869
                return 0;
3870

3871
            *(EVP_PKEY **)parg = sc->s3.tmp.pkey;
3872
            return 1;
3873
        }
3874

3875
    case SSL_CTRL_GET_EC_POINT_FORMATS:
3876
        {
3877
            const unsigned char **pformat = parg;
3878

3879
            if (sc->ext.peer_ecpointformats == NULL)
3880
                return 0;
3881
            *pformat = sc->ext.peer_ecpointformats;
3882
            return (int)sc->ext.peer_ecpointformats_len;
3883
        }
3884

3885
    case SSL_CTRL_GET_IANA_GROUPS:
3886
        {
3887
            if (parg != NULL) {
3888
                *(uint16_t **)parg = (uint16_t *)sc->ext.peer_supportedgroups;
3889
            }
3890
            return (int)sc->ext.peer_supportedgroups_len;
3891
        }
3892

3893
    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
3894
        sc->msg_callback_arg = parg;
3895
        return 1;
3896

3897
    default:
3898
        break;
3899
    }
3900
    return ret;
3901
}
3902

3903
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3904
{
3905
    int ret = 0;
3906
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3907

3908
    if (sc == NULL)
3909
        return ret;
3910

3911
    switch (cmd) {
3912
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3913
    case SSL_CTRL_SET_TMP_DH_CB:
3914
        sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3915
        ret = 1;
3916
        break;
3917
#endif
3918
    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3919
        sc->ext.debug_cb = (void (*)(SSL *, int, int,
3920
                                     const unsigned char *, int, void *))fp;
3921
        ret = 1;
3922
        break;
3923

3924
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3925
        sc->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3926
        ret = 1;
3927
        break;
3928

3929
    case SSL_CTRL_SET_MSG_CALLBACK:
3930
        sc->msg_callback = (ossl_msg_cb)fp;
3931
        return 1;
3932
    default:
3933
        break;
3934
    }
3935
    return ret;
3936
}
3937

3938
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3939
{
3940
    switch (cmd) {
3941
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3942
    case SSL_CTRL_SET_TMP_DH:
3943
        {
3944
            EVP_PKEY *pkdh = NULL;
3945
            if (parg == NULL) {
3946
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3947
                return 0;
3948
            }
3949
            pkdh = ssl_dh_to_pkey(parg);
3950
            if (pkdh == NULL) {
3951
                ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB);
3952
                return 0;
3953
            }
3954
            if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
3955
                EVP_PKEY_free(pkdh);
3956
                return 0;
3957
            }
3958
            return 1;
3959
        }
3960
    case SSL_CTRL_SET_TMP_DH_CB:
3961
        {
3962
            ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3963
            return 0;
3964
        }
3965
#endif
3966
    case SSL_CTRL_SET_DH_AUTO:
3967
        ctx->cert->dh_tmp_auto = larg;
3968
        return 1;
3969
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
3970
    case SSL_CTRL_SET_TMP_ECDH:
3971
        {
3972
            if (parg == NULL) {
3973
                ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
3974
                return 0;
3975
            }
3976
            return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
3977
                                           &ctx->ext.supportedgroups_len,
3978
                                           &ctx->ext.keyshares,
3979
                                           &ctx->ext.keyshares_len,
3980
                                           &ctx->ext.tuples,
3981
                                           &ctx->ext.tuples_len,
3982
                                           parg);
3983
        }
3984
#endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
3985
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3986
        ctx->ext.servername_arg = parg;
3987
        break;
3988
    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3989
    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3990
        {
3991
            unsigned char *keys = parg;
3992
            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
3993
                                sizeof(ctx->ext.secure->tick_hmac_key) +
3994
                                sizeof(ctx->ext.secure->tick_aes_key));
3995
            if (keys == NULL)
3996
                return tick_keylen;
3997
            if (larg != tick_keylen) {
3998
                ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3999
                return 0;
4000
            }
4001
            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
4002
                memcpy(ctx->ext.tick_key_name, keys,
4003
                       sizeof(ctx->ext.tick_key_name));
4004
                memcpy(ctx->ext.secure->tick_hmac_key,
4005
                       keys + sizeof(ctx->ext.tick_key_name),
4006
                       sizeof(ctx->ext.secure->tick_hmac_key));
4007
                memcpy(ctx->ext.secure->tick_aes_key,
4008
                       keys + sizeof(ctx->ext.tick_key_name) +
4009
                       sizeof(ctx->ext.secure->tick_hmac_key),
4010
                       sizeof(ctx->ext.secure->tick_aes_key));
4011
            } else {
4012
                memcpy(keys, ctx->ext.tick_key_name,
4013
                       sizeof(ctx->ext.tick_key_name));
4014
                memcpy(keys + sizeof(ctx->ext.tick_key_name),
4015
                       ctx->ext.secure->tick_hmac_key,
4016
                       sizeof(ctx->ext.secure->tick_hmac_key));
4017
                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
4018
                       sizeof(ctx->ext.secure->tick_hmac_key),
4019
                       ctx->ext.secure->tick_aes_key,
4020
                       sizeof(ctx->ext.secure->tick_aes_key));
4021
            }
4022
            return 1;
4023
        }
4024

4025
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
4026
        return ctx->ext.status_type;
4027

4028
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
4029
        ctx->ext.status_type = larg;
4030
        break;
4031

4032
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
4033
        ctx->ext.status_arg = parg;
4034
        return 1;
4035

4036
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
4037
        *(void**)parg = ctx->ext.status_arg;
4038
        break;
4039

4040
    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
4041
        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
4042
        break;
4043

4044
#ifndef OPENSSL_NO_SRP
4045
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
4046
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4047
        OPENSSL_free(ctx->srp_ctx.login);
4048
        ctx->srp_ctx.login = NULL;
4049
        if (parg == NULL)
4050
            break;
4051
        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
4052
            ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
4053
            return 0;
4054
        }
4055
        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
4056
            ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4057
            return 0;
4058
        }
4059
        break;
4060
    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
4061
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4062
            srp_password_from_info_cb;
4063
        if (ctx->srp_ctx.info != NULL)
4064
            OPENSSL_free(ctx->srp_ctx.info);
4065
        if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
4066
            ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
4067
            return 0;
4068
        }
4069
        break;
4070
    case SSL_CTRL_SET_SRP_ARG:
4071
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4072
        ctx->srp_ctx.SRP_cb_arg = parg;
4073
        break;
4074

4075
    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
4076
        ctx->srp_ctx.strength = larg;
4077
        break;
4078
#endif
4079

4080
    case SSL_CTRL_SET_GROUPS:
4081
        return tls1_set_groups(&ctx->ext.supportedgroups,
4082
                               &ctx->ext.supportedgroups_len,
4083
                               &ctx->ext.keyshares,
4084
                               &ctx->ext.keyshares_len,
4085
                               &ctx->ext.tuples,
4086
                               &ctx->ext.tuples_len,
4087
                               parg, larg);
4088

4089
    case SSL_CTRL_SET_GROUPS_LIST:
4090
        return tls1_set_groups_list(ctx,
4091
                                    &ctx->ext.supportedgroups,
4092
                                    &ctx->ext.supportedgroups_len,
4093
                                    &ctx->ext.keyshares,
4094
                                    &ctx->ext.keyshares_len,
4095
                                    &ctx->ext.tuples,
4096
                                    &ctx->ext.tuples_len,
4097
                                    parg);
4098

4099
    case SSL_CTRL_GET0_IMPLEMENTED_GROUPS:
4100
        return tls1_get0_implemented_groups(ctx->min_proto_version,
4101
                                            ctx->max_proto_version,
4102
                                            ctx->group_list,
4103
                                            ctx->group_list_len, larg, parg);
4104

4105
    case SSL_CTRL_SET_SIGALGS:
4106
        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
4107

4108
    case SSL_CTRL_SET_SIGALGS_LIST:
4109
        return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0);
4110

4111
    case SSL_CTRL_SET_CLIENT_SIGALGS:
4112
        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
4113

4114
    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
4115
        return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1);
4116

4117
    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
4118
        return ssl3_set_req_cert_type(ctx->cert, parg, larg);
4119

4120
    case SSL_CTRL_BUILD_CERT_CHAIN:
4121
        return ssl_build_cert_chain(NULL, ctx, larg);
4122

4123
    case SSL_CTRL_SET_VERIFY_CERT_STORE:
4124
        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
4125

4126
    case SSL_CTRL_SET_CHAIN_CERT_STORE:
4127
        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
4128

4129
    case SSL_CTRL_GET_VERIFY_CERT_STORE:
4130
        return ssl_cert_get_cert_store(ctx->cert, parg, 0);
4131

4132
    case SSL_CTRL_GET_CHAIN_CERT_STORE:
4133
        return ssl_cert_get_cert_store(ctx->cert, parg, 1);
4134

4135
        /* A Thawte special :-) */
4136
    case SSL_CTRL_EXTRA_CHAIN_CERT:
4137
        if (ctx->extra_certs == NULL) {
4138
            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
4139
                ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4140
                return 0;
4141
            }
4142
        }
4143
        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
4144
            ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
4145
            return 0;
4146
        }
4147
        break;
4148

4149
    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
4150
        if (ctx->extra_certs == NULL && larg == 0)
4151
            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4152
        else
4153
            *(STACK_OF(X509) **)parg = ctx->extra_certs;
4154
        break;
4155

4156
    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
4157
        OSSL_STACK_OF_X509_free(ctx->extra_certs);
4158
        ctx->extra_certs = NULL;
4159
        break;
4160

4161
    case SSL_CTRL_CHAIN:
4162
        if (larg)
4163
            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4164
        else
4165
            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
4166

4167
    case SSL_CTRL_CHAIN_CERT:
4168
        if (larg)
4169
            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
4170
        else
4171
            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
4172

4173
    case SSL_CTRL_GET_CHAIN_CERTS:
4174
        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
4175
        break;
4176

4177
    case SSL_CTRL_SELECT_CURRENT_CERT:
4178
        return ssl_cert_select_current(ctx->cert, (X509 *)parg);
4179

4180
    case SSL_CTRL_SET_CURRENT_CERT:
4181
        return ssl_cert_set_current(ctx->cert, larg);
4182

4183
    default:
4184
        return 0;
4185
    }
4186
    return 1;
4187
}
4188

4189
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
4190
{
4191
    switch (cmd) {
4192
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
4193
    case SSL_CTRL_SET_TMP_DH_CB:
4194
        {
4195
            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
4196
        }
4197
        break;
4198
#endif
4199
    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4200
        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
4201
        break;
4202

4203
    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4204
        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
4205
        break;
4206

4207
# ifndef OPENSSL_NO_DEPRECATED_3_0
4208
    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4209
        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
4210
                                          unsigned char *,
4211
                                          EVP_CIPHER_CTX *,
4212
                                          HMAC_CTX *, int))fp;
4213
        break;
4214
#endif
4215

4216
#ifndef OPENSSL_NO_SRP
4217
    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4218
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4219
        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4220
        break;
4221
    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4222
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4223
        ctx->srp_ctx.TLS_ext_srp_username_callback =
4224
            (int (*)(SSL *, int *, void *))fp;
4225
        break;
4226
    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4227
        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4228
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4229
            (char *(*)(SSL *, void *))fp;
4230
        break;
4231
#endif
4232
    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
4233
        {
4234
            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
4235
        }
4236
        break;
4237
    default:
4238
        return 0;
4239
    }
4240
    return 1;
4241
}
4242

4243
int SSL_CTX_set_tlsext_ticket_key_evp_cb
4244
    (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
4245
                             EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
4246
{
4247
    ctx->ext.ticket_key_evp_cb = fp;
4248
    return 1;
4249
}
4250

4251
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
4252
{
4253
    SSL_CIPHER c;
4254
    const SSL_CIPHER *cp;
4255

4256
    c.id = id;
4257
    cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
4258
    if (cp != NULL)
4259
        return cp;
4260
    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4261
    if (cp != NULL)
4262
        return cp;
4263
    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
4264
}
4265

4266
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
4267
{
4268
    SSL_CIPHER *tbl;
4269
    SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
4270
    size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
4271
                              SSL3_NUM_SCSVS};
4272

4273
    /* this is not efficient, necessary to optimize this? */
4274
    for (j = 0; j < OSSL_NELEM(alltabs); j++) {
4275
        for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
4276
            if (tbl->stdname == NULL)
4277
                continue;
4278
            if (strcmp(stdname, tbl->stdname) == 0) {
4279
                return tbl;
4280
            }
4281
        }
4282
    }
4283
    return NULL;
4284
}
4285

4286
/*
4287
 * This function needs to check if the ciphers required are actually
4288
 * available
4289
 */
4290
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4291
{
4292
    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
4293
                                 | ((uint32_t)p[0] << 8L)
4294
                                 | (uint32_t)p[1]);
4295
}
4296

4297
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
4298
{
4299
    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
4300
        *len = 0;
4301
        return 1;
4302
    }
4303

4304
    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
4305
        return 0;
4306

4307
    *len = 2;
4308
    return 1;
4309
}
4310

4311
/*
4312
 * ssl3_choose_cipher - choose a cipher from those offered by the client
4313
 * @s: SSL connection
4314
 * @clnt: ciphers offered by the client
4315
 * @srvr: ciphers enabled on the server?
4316
 *
4317
 * Returns the selected cipher or NULL when no common ciphers.
4318
 */
4319
const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *clnt,
4320
                                     STACK_OF(SSL_CIPHER) *srvr)
4321
{
4322
    const SSL_CIPHER *c, *ret = NULL;
4323
    STACK_OF(SSL_CIPHER) *prio, *allow;
4324
    int i, ii, ok, prefer_sha256 = 0;
4325
    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
4326
    STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
4327

4328
    /* Let's see which ciphers we can support */
4329

4330
    /*
4331
     * Do not set the compare functions, because this may lead to a
4332
     * reordering by "id". We want to keep the original ordering. We may pay
4333
     * a price in performance during sk_SSL_CIPHER_find(), but would have to
4334
     * pay with the price of sk_SSL_CIPHER_dup().
4335
     */
4336

4337
    OSSL_TRACE_BEGIN(TLS_CIPHER) {
4338
        BIO_printf(trc_out, "Server has %d from %p:\n",
4339
                   sk_SSL_CIPHER_num(srvr), (void *)srvr);
4340
        for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4341
            c = sk_SSL_CIPHER_value(srvr, i);
4342
            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4343
        }
4344
        BIO_printf(trc_out, "Client sent %d from %p:\n",
4345
                   sk_SSL_CIPHER_num(clnt), (void *)clnt);
4346
        for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4347
            c = sk_SSL_CIPHER_value(clnt, i);
4348
            BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
4349
        }
4350
    } OSSL_TRACE_END(TLS_CIPHER);
4351

4352
    /* SUITE-B takes precedence over server preference and ChaCha priortiy */
4353
    if (tls1_suiteb(s)) {
4354
        prio = srvr;
4355
        allow = clnt;
4356
    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
4357
        prio = srvr;
4358
        allow = clnt;
4359

4360
        /* If ChaCha20 is at the top of the client preference list,
4361
           and there are ChaCha20 ciphers in the server list, then
4362
           temporarily prioritize all ChaCha20 ciphers in the servers list. */
4363
        if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
4364
            c = sk_SSL_CIPHER_value(clnt, 0);
4365
            if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4366
                /* ChaCha20 is client preferred, check server... */
4367
                int num = sk_SSL_CIPHER_num(srvr);
4368
                int found = 0;
4369
                for (i = 0; i < num; i++) {
4370
                    c = sk_SSL_CIPHER_value(srvr, i);
4371
                    if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
4372
                        found = 1;
4373
                        break;
4374
                    }
4375
                }
4376
                if (found) {
4377
                    prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
4378
                    /* if reserve fails, then there's likely a memory issue */
4379
                    if (prio_chacha != NULL) {
4380
                        /* Put all ChaCha20 at the top, starting with the one we just found */
4381
                        sk_SSL_CIPHER_push(prio_chacha, c);
4382
                        for (i++; i < num; i++) {
4383
                            c = sk_SSL_CIPHER_value(srvr, i);
4384
                            if (c->algorithm_enc == SSL_CHACHA20POLY1305)
4385
                                sk_SSL_CIPHER_push(prio_chacha, c);
4386
                        }
4387
                        /* Pull in the rest */
4388
                        for (i = 0; i < num; i++) {
4389
                            c = sk_SSL_CIPHER_value(srvr, i);
4390
                            if (c->algorithm_enc != SSL_CHACHA20POLY1305)
4391
                                sk_SSL_CIPHER_push(prio_chacha, c);
4392
                        }
4393
                        prio = prio_chacha;
4394
                    }
4395
                }
4396
            }
4397
        }
4398
    } else {
4399
        prio = clnt;
4400
        allow = srvr;
4401
    }
4402

4403
    if (SSL_CONNECTION_IS_TLS13(s)) {
4404
#ifndef OPENSSL_NO_PSK
4405
        size_t j;
4406

4407
        /*
4408
         * If we allow "old" style PSK callbacks, and we have no certificate (so
4409
         * we're not going to succeed without a PSK anyway), and we're in
4410
         * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
4411
         * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
4412
         * that.
4413
         */
4414
        if (s->psk_server_callback != NULL) {
4415
            for (j = 0; j < s->ssl_pkey_num && !ssl_has_cert(s, j); j++);
4416
            if (j == s->ssl_pkey_num) {
4417
                /* There are no certificates */
4418
                prefer_sha256 = 1;
4419
            }
4420
        }
4421
#endif
4422
    } else {
4423
        tls1_set_cert_validity(s);
4424
        ssl_set_masks(s);
4425
    }
4426

4427
    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4428
        int minversion, maxversion;
4429

4430
        c = sk_SSL_CIPHER_value(prio, i);
4431
        minversion = SSL_CONNECTION_IS_DTLS(s) ? c->min_dtls : c->min_tls;
4432
        maxversion = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls;
4433

4434
        /* Skip ciphers not supported by the protocol version */
4435
        if (ssl_version_cmp(s, s->version, minversion) < 0
4436
            || ssl_version_cmp(s, s->version, maxversion) > 0)
4437
            continue;
4438

4439
        /*
4440
         * Since TLS 1.3 ciphersuites can be used with any auth or
4441
         * key exchange scheme skip tests.
4442
         */
4443
        if (!SSL_CONNECTION_IS_TLS13(s)) {
4444
            mask_k = s->s3.tmp.mask_k;
4445
            mask_a = s->s3.tmp.mask_a;
4446
#ifndef OPENSSL_NO_SRP
4447
            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4448
                mask_k |= SSL_kSRP;
4449
                mask_a |= SSL_aSRP;
4450
            }
4451
#endif
4452

4453
            alg_k = c->algorithm_mkey;
4454
            alg_a = c->algorithm_auth;
4455

4456
#ifndef OPENSSL_NO_PSK
4457
            /* with PSK there must be server callback set */
4458
            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
4459
                continue;
4460
#endif                          /* OPENSSL_NO_PSK */
4461

4462
            ok = (alg_k & mask_k) && (alg_a & mask_a);
4463
            OSSL_TRACE7(TLS_CIPHER,
4464
                        "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
4465
                        ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
4466

4467
            /*
4468
             * if we are considering an ECC cipher suite that uses an ephemeral
4469
             * EC key check it
4470
             */
4471
            if (alg_k & SSL_kECDHE)
4472
                ok = ok && tls1_check_ec_tmp_key(s, c->id);
4473

4474
            if (!ok)
4475
                continue;
4476
        }
4477
        ii = sk_SSL_CIPHER_find(allow, c);
4478
        if (ii >= 0) {
4479
            /* Check security callback permits this cipher */
4480
            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
4481
                              c->strength_bits, 0, (void *)c))
4482
                continue;
4483

4484
            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
4485
                && s->s3.is_probably_safari) {
4486
                if (!ret)
4487
                    ret = sk_SSL_CIPHER_value(allow, ii);
4488
                continue;
4489
            }
4490

4491
            if (prefer_sha256) {
4492
                const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
4493
                const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
4494
                                          tmp->algorithm2);
4495

4496
                if (md != NULL
4497
                        && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) {
4498
                    ret = tmp;
4499
                    break;
4500
                }
4501
                if (ret == NULL)
4502
                    ret = tmp;
4503
                continue;
4504
            }
4505
            ret = sk_SSL_CIPHER_value(allow, ii);
4506
            break;
4507
        }
4508
    }
4509

4510
    sk_SSL_CIPHER_free(prio_chacha);
4511

4512
    return ret;
4513
}
4514

4515
int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt)
4516
{
4517
    uint32_t alg_k, alg_a = 0;
4518

4519
    /* If we have custom certificate types set, use them */
4520
    if (s->cert->ctype)
4521
        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
4522
    /* Get mask of algorithms disabled by signature list */
4523
    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
4524

4525
    alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4526

4527
#ifndef OPENSSL_NO_GOST
4528
    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
4529
        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
4530
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4531
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
4532
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
4533
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
4534
            return 0;
4535

4536
    if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
4537
        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
4538
            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
4539
            return 0;
4540
#endif
4541

4542
    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
4543
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
4544
            return 0;
4545
        if (!(alg_a & SSL_aDSS)
4546
                && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
4547
            return 0;
4548
    }
4549
    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
4550
        return 0;
4551
    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
4552
        return 0;
4553

4554
    /*
4555
     * ECDSA certs can be used with RSA cipher suites too so we don't
4556
     * need to check for SSL_kECDH or SSL_kECDHE
4557
     */
4558
    if (s->version >= TLS1_VERSION
4559
            && !(alg_a & SSL_aECDSA)
4560
            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
4561
        return 0;
4562

4563
    return 1;
4564
}
4565

4566
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4567
{
4568
    OPENSSL_free(c->ctype);
4569
    c->ctype = NULL;
4570
    c->ctype_len = 0;
4571
    if (p == NULL || len == 0)
4572
        return 1;
4573
    if (len > 0xff)
4574
        return 0;
4575
    c->ctype = OPENSSL_memdup(p, len);
4576
    if (c->ctype == NULL)
4577
        return 0;
4578
    c->ctype_len = len;
4579
    return 1;
4580
}
4581

4582
int ssl3_shutdown(SSL *s)
4583
{
4584
    int ret;
4585
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4586

4587
    if (sc == NULL)
4588
        return 0;
4589

4590
    /*
4591
     * Don't do anything much if we have not done the handshake or we don't
4592
     * want to send messages :-)
4593
     */
4594
    if (sc->quiet_shutdown || SSL_in_before(s)) {
4595
        sc->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4596
        return 1;
4597
    }
4598

4599
    if (!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
4600
        sc->shutdown |= SSL_SENT_SHUTDOWN;
4601
        ssl3_send_alert(sc, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4602
        /*
4603
         * our shutdown alert has been sent now, and if it still needs to be
4604
         * written, s->s3.alert_dispatch will be > 0
4605
         */
4606
        if (sc->s3.alert_dispatch > 0)
4607
            return -1;        /* return WANT_WRITE */
4608
    } else if (sc->s3.alert_dispatch > 0) {
4609
        /* resend it if not sent */
4610
        ret = s->method->ssl_dispatch_alert(s);
4611
        if (ret == -1) {
4612
            /*
4613
             * we only get to return -1 here the 2nd/Nth invocation, we must
4614
             * have already signalled return 0 upon a previous invocation,
4615
             * return WANT_WRITE
4616
             */
4617
            return ret;
4618
        }
4619
    } else if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4620
        size_t readbytes;
4621
        /*
4622
         * If we are waiting for a close from our peer, we are closed
4623
         */
4624
        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
4625
        if (!(sc->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4626
            return -1;        /* return WANT_READ */
4627
        }
4628
    }
4629

4630
    if ((sc->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
4631
            && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)
4632
        return 1;
4633
    else
4634
        return 0;
4635
}
4636

4637
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
4638
{
4639
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4640

4641
    if (sc == NULL)
4642
        return 0;
4643

4644
    clear_sys_error();
4645
    if (sc->s3.renegotiate)
4646
        ssl3_renegotiate_check(s, 0);
4647

4648
    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4649
                                      written);
4650
}
4651

4652
static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
4653
                              size_t *readbytes)
4654
{
4655
    int ret;
4656
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4657

4658
    if (sc == NULL)
4659
        return 0;
4660

4661
    clear_sys_error();
4662
    if (sc->s3.renegotiate)
4663
        ssl3_renegotiate_check(s, 0);
4664
    sc->s3.in_read_app_data = 1;
4665
    ret =
4666
        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
4667
                                  peek, readbytes);
4668
    if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {
4669
        /*
4670
         * ssl3_read_bytes decided to call s->handshake_func, which called
4671
         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4672
         * actually found application data and thinks that application data
4673
         * makes sense here; so disable handshake processing and try to read
4674
         * application data again.
4675
         */
4676
        ossl_statem_set_in_handshake(sc, 1);
4677
        ret =
4678
            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
4679
                                      len, peek, readbytes);
4680
        ossl_statem_set_in_handshake(sc, 0);
4681
    } else
4682
        sc->s3.in_read_app_data = 0;
4683

4684
    return ret;
4685
}
4686

4687
int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
4688
{
4689
    return ssl3_read_internal(s, buf, len, 0, readbytes);
4690
}
4691

4692
int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
4693
{
4694
    return ssl3_read_internal(s, buf, len, 1, readbytes);
4695
}
4696

4697
int ssl3_renegotiate(SSL *s)
4698
{
4699
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4700

4701
    if (sc == NULL)
4702
        return 0;
4703

4704
    if (sc->handshake_func == NULL)
4705
        return 1;
4706

4707
    sc->s3.renegotiate = 1;
4708
    return 1;
4709
}
4710

4711
/*
4712
 * Check if we are waiting to do a renegotiation and if so whether now is a
4713
 * good time to do it. If |initok| is true then we are being called from inside
4714
 * the state machine so ignore the result of SSL_in_init(s). Otherwise we
4715
 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
4716
 * should do a renegotiation now and sets up the state machine for it. Otherwise
4717
 * returns 0.
4718
 */
4719
int ssl3_renegotiate_check(SSL *s, int initok)
4720
{
4721
    int ret = 0;
4722
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4723

4724
    if (sc == NULL)
4725
        return 0;
4726

4727
    if (sc->s3.renegotiate) {
4728
        if (!RECORD_LAYER_read_pending(&sc->rlayer)
4729
            && !RECORD_LAYER_write_pending(&sc->rlayer)
4730
            && (initok || !SSL_in_init(s))) {
4731
            /*
4732
             * if we are the server, and we have sent a 'RENEGOTIATE'
4733
             * message, we need to set the state machine into the renegotiate
4734
             * state.
4735
             */
4736
            ossl_statem_set_renegotiate(sc);
4737
            sc->s3.renegotiate = 0;
4738
            sc->s3.num_renegotiations++;
4739
            sc->s3.total_renegotiations++;
4740
            ret = 1;
4741
        }
4742
    }
4743
    return ret;
4744
}
4745

4746
/*
4747
 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4748
 * handshake macs if required.
4749
 *
4750
 * If PSK and using SHA384 for TLS < 1.2 switch to default.
4751
 */
4752
long ssl_get_algorithm2(SSL_CONNECTION *s)
4753
{
4754
    long alg2;
4755
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4756

4757
    if (s->s3.tmp.new_cipher == NULL)
4758
        return -1;
4759
    alg2 = s->s3.tmp.new_cipher->algorithm2;
4760
    if (ssl->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
4761
        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4762
            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4763
    } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
4764
        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
4765
            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
4766
    }
4767
    return alg2;
4768
}
4769

4770
/*
4771
 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
4772
 * failure, 1 on success.
4773
 */
4774
int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
4775
                          unsigned char *result, size_t len,
4776
                          DOWNGRADE dgrd)
4777
{
4778
    int send_time = 0, ret;
4779

4780
    if (len < 4)
4781
        return 0;
4782
    if (server)
4783
        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
4784
    else
4785
        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
4786
    if (send_time) {
4787
        unsigned long Time = (unsigned long)time(NULL);
4788
        unsigned char *p = result;
4789

4790
        l2n(Time, p);
4791
        ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, p, len - 4, 0);
4792
    } else {
4793
        ret = RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, result, len, 0);
4794
    }
4795

4796
    if (ret > 0) {
4797
        if (!ossl_assert(sizeof(tls11downgrade) < len)
4798
                || !ossl_assert(sizeof(tls12downgrade) < len))
4799
             return 0;
4800
        if (dgrd == DOWNGRADE_TO_1_2)
4801
            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
4802
                   sizeof(tls12downgrade));
4803
        else if (dgrd == DOWNGRADE_TO_1_1)
4804
            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
4805
                   sizeof(tls11downgrade));
4806
    }
4807

4808
    return ret;
4809
}
4810

4811
int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
4812
                               size_t pmslen, int free_pms)
4813
{
4814
    unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
4815
    int ret = 0;
4816
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
4817

4818
    if (alg_k & SSL_PSK) {
4819
#ifndef OPENSSL_NO_PSK
4820
        unsigned char *pskpms, *t;
4821
        size_t psklen = s->s3.tmp.psklen;
4822
        size_t pskpmslen;
4823

4824
        /* create PSK premaster_secret */
4825

4826
        /* For plain PSK "other_secret" is psklen zeroes */
4827
        if (alg_k & SSL_kPSK)
4828
            pmslen = psklen;
4829

4830
        pskpmslen = 4 + pmslen + psklen;
4831
        pskpms = OPENSSL_malloc(pskpmslen);
4832
        if (pskpms == NULL)
4833
            goto err;
4834
        t = pskpms;
4835
        s2n(pmslen, t);
4836
        if (alg_k & SSL_kPSK)
4837
            memset(t, 0, pmslen);
4838
        else
4839
            memcpy(t, pms, pmslen);
4840
        t += pmslen;
4841
        s2n(psklen, t);
4842
        memcpy(t, s->s3.tmp.psk, psklen);
4843

4844
        OPENSSL_clear_free(s->s3.tmp.psk, psklen);
4845
        s->s3.tmp.psk = NULL;
4846
        s->s3.tmp.psklen = 0;
4847
        if (!ssl->method->ssl3_enc->generate_master_secret(s,
4848
                    s->session->master_key, pskpms, pskpmslen,
4849
                    &s->session->master_key_length)) {
4850
            OPENSSL_clear_free(pskpms, pskpmslen);
4851
            /* SSLfatal() already called */
4852
            goto err;
4853
        }
4854
        OPENSSL_clear_free(pskpms, pskpmslen);
4855
#else
4856
        /* Should never happen */
4857
        goto err;
4858
#endif
4859
    } else {
4860
        if (!ssl->method->ssl3_enc->generate_master_secret(s,
4861
                s->session->master_key, pms, pmslen,
4862
                &s->session->master_key_length)) {
4863
            /* SSLfatal() already called */
4864
            goto err;
4865
        }
4866
    }
4867

4868
    ret = 1;
4869
 err:
4870
    if (pms) {
4871
        if (free_pms)
4872
            OPENSSL_clear_free(pms, pmslen);
4873
        else
4874
            OPENSSL_cleanse(pms, pmslen);
4875
    }
4876
    if (s->server == 0) {
4877
        s->s3.tmp.pms = NULL;
4878
        s->s3.tmp.pmslen = 0;
4879
    }
4880
    return ret;
4881
}
4882

4883
/* Generate a private key from parameters */
4884
EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm)
4885
{
4886
    EVP_PKEY_CTX *pctx = NULL;
4887
    EVP_PKEY *pkey = NULL;
4888
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4889

4890
    if (pm == NULL)
4891
        return NULL;
4892
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pm, sctx->propq);
4893
    if (pctx == NULL)
4894
        goto err;
4895
    if (EVP_PKEY_keygen_init(pctx) <= 0)
4896
        goto err;
4897
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4898
        EVP_PKEY_free(pkey);
4899
        pkey = NULL;
4900
    }
4901

4902
    err:
4903
    EVP_PKEY_CTX_free(pctx);
4904
    return pkey;
4905
}
4906

4907
/* Generate a private key from a group ID */
4908
EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id)
4909
{
4910
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4911
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4912
    EVP_PKEY_CTX *pctx = NULL;
4913
    EVP_PKEY *pkey = NULL;
4914

4915
    if (ginf == NULL) {
4916
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
4917
        goto err;
4918
    }
4919

4920
    pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4921
                                      sctx->propq);
4922

4923
    if (pctx == NULL) {
4924
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4925
        goto err;
4926
    }
4927
    if (EVP_PKEY_keygen_init(pctx) <= 0) {
4928
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4929
        goto err;
4930
    }
4931
    if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4932
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4933
        goto err;
4934
    }
4935
    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
4936
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4937
        EVP_PKEY_free(pkey);
4938
        pkey = NULL;
4939
    }
4940

4941
 err:
4942
    EVP_PKEY_CTX_free(pctx);
4943
    return pkey;
4944
}
4945

4946
/*
4947
 * Generate parameters from a group ID
4948
 */
4949
EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id)
4950
{
4951
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
4952
    EVP_PKEY_CTX *pctx = NULL;
4953
    EVP_PKEY *pkey = NULL;
4954
    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(sctx, id);
4955

4956
    if (ginf == NULL)
4957
        goto err;
4958

4959
    pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, ginf->algorithm,
4960
                                      sctx->propq);
4961

4962
    if (pctx == NULL)
4963
        goto err;
4964
    if (EVP_PKEY_paramgen_init(pctx) <= 0)
4965
        goto err;
4966
    if (EVP_PKEY_CTX_set_group_name(pctx, ginf->realname) <= 0) {
4967
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
4968
        goto err;
4969
    }
4970
    if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
4971
        EVP_PKEY_free(pkey);
4972
        pkey = NULL;
4973
    }
4974

4975
 err:
4976
    EVP_PKEY_CTX_free(pctx);
4977
    return pkey;
4978
}
4979

4980
/* Generate secrets from pms */
4981
int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen)
4982
{
4983
    int rv = 0;
4984

4985
    /* SSLfatal() called as appropriate in the below functions */
4986
    if (SSL_CONNECTION_IS_TLS13(s)) {
4987
        /*
4988
         * If we are resuming then we already generated the early secret
4989
         * when we created the ClientHello, so don't recreate it.
4990
         */
4991
        if (!s->hit)
4992
            rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
4993
                    0,
4994
                    (unsigned char *)&s->early_secret);
4995
        else
4996
            rv = 1;
4997

4998
        rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
4999
    } else {
5000
        rv = ssl_generate_master_secret(s, pms, pmslen, 0);
5001
    }
5002

5003
    return rv;
5004
}
5005

5006
/* Derive secrets for ECDH/DH */
5007
int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
5008
{
5009
    int rv = 0;
5010
    unsigned char *pms = NULL;
5011
    size_t pmslen = 0;
5012
    EVP_PKEY_CTX *pctx;
5013
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5014

5015
    if (privkey == NULL || pubkey == NULL) {
5016
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5017
        return 0;
5018
    }
5019

5020
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5021

5022
    if (EVP_PKEY_derive_init(pctx) <= 0
5023
        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
5024
        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
5025
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5026
        goto err;
5027
    }
5028

5029
    if (SSL_CONNECTION_IS_TLS13(s) &&  EVP_PKEY_is_a(privkey, "DH"))
5030
        EVP_PKEY_CTX_set_dh_pad(pctx, 1);
5031

5032
    pms = OPENSSL_malloc(pmslen);
5033
    if (pms == NULL) {
5034
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5035
        goto err;
5036
    }
5037

5038
    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
5039
        /*
5040
         * the public key was probably a weak key
5041
         */
5042
        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5043
        goto err;
5044
    }
5045

5046
    if (gensecret) {
5047
        /* SSLfatal() called as appropriate in the below functions */
5048
        rv = ssl_gensecret(s, pms, pmslen);
5049
    } else {
5050
        /* Save premaster secret */
5051
        s->s3.tmp.pms = pms;
5052
        s->s3.tmp.pmslen = pmslen;
5053
        pms = NULL;
5054
        rv = 1;
5055
    }
5056

5057
 err:
5058
    OPENSSL_clear_free(pms, pmslen);
5059
    EVP_PKEY_CTX_free(pctx);
5060
    return rv;
5061
}
5062

5063
/* Decapsulate secrets for KEM */
5064
int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
5065
                    const unsigned char *ct, size_t ctlen,
5066
                    int gensecret)
5067
{
5068
    int rv = 0;
5069
    unsigned char *pms = NULL;
5070
    size_t pmslen = 0;
5071
    EVP_PKEY_CTX *pctx;
5072
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5073

5074
    if (privkey == NULL) {
5075
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5076
        return 0;
5077
    }
5078

5079
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, privkey, sctx->propq);
5080

5081
    if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
5082
            || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
5083
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5084
        goto err;
5085
    }
5086

5087
    pms = OPENSSL_malloc(pmslen);
5088
    if (pms == NULL) {
5089
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5090
        goto err;
5091
    }
5092

5093
    if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
5094
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5095
        goto err;
5096
    }
5097

5098
    if (gensecret) {
5099
        /* SSLfatal() called as appropriate in the below functions */
5100
        rv = ssl_gensecret(s, pms, pmslen);
5101
    } else {
5102
        /* Save premaster secret */
5103
        s->s3.tmp.pms = pms;
5104
        s->s3.tmp.pmslen = pmslen;
5105
        pms = NULL;
5106
        rv = 1;
5107
    }
5108

5109
 err:
5110
    OPENSSL_clear_free(pms, pmslen);
5111
    EVP_PKEY_CTX_free(pctx);
5112
    return rv;
5113
}
5114

5115
int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
5116
                    unsigned char **ctp, size_t *ctlenp,
5117
                    int gensecret)
5118
{
5119
    int rv = 0;
5120
    unsigned char *pms = NULL, *ct = NULL;
5121
    size_t pmslen = 0, ctlen = 0;
5122
    EVP_PKEY_CTX *pctx;
5123
    SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
5124

5125
    if (pubkey == NULL) {
5126
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5127
        return 0;
5128
    }
5129

5130
    pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pubkey, sctx->propq);
5131

5132
    if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
5133
            || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
5134
            || pmslen == 0 || ctlen == 0) {
5135
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
5136
        goto err;
5137
    }
5138

5139
    pms = OPENSSL_malloc(pmslen);
5140
    ct = OPENSSL_malloc(ctlen);
5141
    if (pms == NULL || ct == NULL) {
5142
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
5143
        goto err;
5144
    }
5145

5146
    if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
5147
        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
5148
        goto err;
5149
    }
5150

5151
    if (gensecret) {
5152
        /* SSLfatal() called as appropriate in the below functions */
5153
        rv = ssl_gensecret(s, pms, pmslen);
5154
    } else {
5155
        /* Save premaster secret */
5156
        s->s3.tmp.pms = pms;
5157
        s->s3.tmp.pmslen = pmslen;
5158
        pms = NULL;
5159
        rv = 1;
5160
    }
5161

5162
    if (rv > 0) {
5163
        /* Pass ownership of ct to caller */
5164
        *ctp = ct;
5165
        *ctlenp = ctlen;
5166
        ct = NULL;
5167
    }
5168

5169
 err:
5170
    OPENSSL_clear_free(pms, pmslen);
5171
    OPENSSL_free(ct);
5172
    EVP_PKEY_CTX_free(pctx);
5173
    return rv;
5174
}
5175

5176
const char *SSL_get0_group_name(SSL *s)
5177
{
5178
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5179
    unsigned int id;
5180

5181
    if (sc == NULL)
5182
        return NULL;
5183

5184
    if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)
5185
        id = sc->s3.group_id;
5186
    else
5187
        id = sc->session->kex_group;
5188

5189
    return tls1_group_id2name(s->ctx, id);
5190
}
5191

5192
const char *SSL_group_to_name(SSL *s, int nid) {
5193
    int group_id = 0;
5194
    const TLS_GROUP_INFO *cinf = NULL;
5195

5196
    /* first convert to real group id for internal and external IDs */
5197
    if (nid & TLSEXT_nid_unknown)
5198
        group_id = nid & 0xFFFF;
5199
    else
5200
        group_id = tls1_nid2group_id(nid);
5201

5202
    /* then look up */
5203
    cinf = tls1_group_id_lookup(s->ctx, group_id);
5204

5205
    if (cinf != NULL)
5206
        return cinf->tlsname;
5207
    return NULL;
5208
}
5209

5210
Product

Resources

Company
