OpenCoverage

s3_lib.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/ssl/s3_lib.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved-
4 * Copyright 2005 Nokia. All rights reserved.-
5 *-
6 * Licensed under the OpenSSL license (the "License"). You may not use-
7 * this file except in compliance with the License. You can obtain a copy-
8 * in the file LICENSE in the source distribution or at-
9 * https://www.openssl.org/source/license.html-
10 */-
11-
12#include <stdio.h>-
13#include <openssl/objects.h>-
14#include "internal/nelem.h"-
15#include "ssl_locl.h"-
16#include <openssl/md5.h>-
17#include <openssl/dh.h>-
18#include <openssl/rand.h>-
19#include "internal/cryptlib.h"-
20-
21#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)-
22#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)-
23#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)-
24-
25/* TLSv1.3 downgrade protection sentinel values */-
26const unsigned char tls11downgrade[] = {-
27 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00-
28};-
29const unsigned char tls12downgrade[] = {-
30 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01-
31};-
32-
33/* The list of available TLSv1.3 ciphers */-
34static SSL_CIPHER tls13_ciphers[] = {-
35 {-
36 1,-
37 TLS1_3_RFC_AES_128_GCM_SHA256,-
38 TLS1_3_RFC_AES_128_GCM_SHA256,-
39 TLS1_3_CK_AES_128_GCM_SHA256,-
40 SSL_kANY,-
41 SSL_aANY,-
42 SSL_AES128GCM,-
43 SSL_AEAD,-
44 TLS1_3_VERSION, TLS1_3_VERSION,-
45 0, 0,-
46 SSL_HIGH,-
47 SSL_HANDSHAKE_MAC_SHA256,-
48 128,-
49 128,-
50 }, {-
51 1,-
52 TLS1_3_RFC_AES_256_GCM_SHA384,-
53 TLS1_3_RFC_AES_256_GCM_SHA384,-
54 TLS1_3_CK_AES_256_GCM_SHA384,-
55 SSL_kANY,-
56 SSL_aANY,-
57 SSL_AES256GCM,-
58 SSL_AEAD,-
59 TLS1_3_VERSION, TLS1_3_VERSION,-
60 0, 0,-
61 SSL_HIGH,-
62 SSL_HANDSHAKE_MAC_SHA384,-
63 256,-
64 256,-
65 },-
66#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)-
67 {-
68 1,-
69 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,-
70 TLS1_3_RFC_CHACHA20_POLY1305_SHA256,-
71 TLS1_3_CK_CHACHA20_POLY1305_SHA256,-
72 SSL_kANY,-
73 SSL_aANY,-
74 SSL_CHACHA20POLY1305,-
75 SSL_AEAD,-
76 TLS1_3_VERSION, TLS1_3_VERSION,-
77 0, 0,-
78 SSL_HIGH,-
79 SSL_HANDSHAKE_MAC_SHA256,-
80 256,-
81 256,-
82 },-
83#endif-
84 {-
85 1,-
86 TLS1_3_RFC_AES_128_CCM_SHA256,-
87 TLS1_3_RFC_AES_128_CCM_SHA256,-
88 TLS1_3_CK_AES_128_CCM_SHA256,-
89 SSL_kANY,-
90 SSL_aANY,-
91 SSL_AES128CCM,-
92 SSL_AEAD,-
93 TLS1_3_VERSION, TLS1_3_VERSION,-
94 0, 0,-
95 SSL_NOT_DEFAULT | SSL_HIGH,-
96 SSL_HANDSHAKE_MAC_SHA256,-
97 128,-
98 128,-
99 }, {-
100 1,-
101 TLS1_3_RFC_AES_128_CCM_8_SHA256,-
102 TLS1_3_RFC_AES_128_CCM_8_SHA256,-
103 TLS1_3_CK_AES_128_CCM_8_SHA256,-
104 SSL_kANY,-
105 SSL_aANY,-
106 SSL_AES128CCM8,-
107 SSL_AEAD,-
108 TLS1_3_VERSION, TLS1_3_VERSION,-
109 0, 0,-
110 SSL_NOT_DEFAULT | SSL_HIGH,-
111 SSL_HANDSHAKE_MAC_SHA256,-
112 128,-
113 128,-
114 }-
115};-
116-
117/*-
118 * The list of available ciphers, mostly organized into the following-
119 * groups:-
120 * Always there-
121 * EC-
122 * PSK-
123 * SRP (within that: RSA EC PSK)-
124 * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED-
125 * Weak ciphers-
126 */-
127static SSL_CIPHER ssl3_ciphers[] = {-
128 {-
129 1,-
130 SSL3_TXT_RSA_NULL_MD5,-
131 SSL3_RFC_RSA_NULL_MD5,-
132 SSL3_CK_RSA_NULL_MD5,-
133 SSL_kRSA,-
134 SSL_aRSA,-
135 SSL_eNULL,-
136 SSL_MD5,-
137 SSL3_VERSION, TLS1_2_VERSION,-
138 DTLS1_BAD_VER, DTLS1_2_VERSION,-
139 SSL_STRONG_NONE,-
140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
141 0,-
142 0,-
143 },-
144 {-
145 1,-
146 SSL3_TXT_RSA_NULL_SHA,-
147 SSL3_RFC_RSA_NULL_SHA,-
148 SSL3_CK_RSA_NULL_SHA,-
149 SSL_kRSA,-
150 SSL_aRSA,-
151 SSL_eNULL,-
152 SSL_SHA1,-
153 SSL3_VERSION, TLS1_2_VERSION,-
154 DTLS1_BAD_VER, DTLS1_2_VERSION,-
155 SSL_STRONG_NONE | SSL_FIPS,-
156 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
157 0,-
158 0,-
159 },-
160#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
161 {-
162 1,-
163 SSL3_TXT_RSA_DES_192_CBC3_SHA,-
164 SSL3_RFC_RSA_DES_192_CBC3_SHA,-
165 SSL3_CK_RSA_DES_192_CBC3_SHA,-
166 SSL_kRSA,-
167 SSL_aRSA,-
168 SSL_3DES,-
169 SSL_SHA1,-
170 SSL3_VERSION, TLS1_2_VERSION,-
171 DTLS1_BAD_VER, DTLS1_2_VERSION,-
172 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
173 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
174 112,-
175 168,-
176 },-
177 {-
178 1,-
179 SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,-
180 SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,-
181 SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,-
182 SSL_kDHE,-
183 SSL_aDSS,-
184 SSL_3DES,-
185 SSL_SHA1,-
186 SSL3_VERSION, TLS1_2_VERSION,-
187 DTLS1_BAD_VER, DTLS1_2_VERSION,-
188 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
189 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
190 112,-
191 168,-
192 },-
193 {-
194 1,-
195 SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,-
196 SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,-
197 SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,-
198 SSL_kDHE,-
199 SSL_aRSA,-
200 SSL_3DES,-
201 SSL_SHA1,-
202 SSL3_VERSION, TLS1_2_VERSION,-
203 DTLS1_BAD_VER, DTLS1_2_VERSION,-
204 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
205 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
206 112,-
207 168,-
208 },-
209 {-
210 1,-
211 SSL3_TXT_ADH_DES_192_CBC_SHA,-
212 SSL3_RFC_ADH_DES_192_CBC_SHA,-
213 SSL3_CK_ADH_DES_192_CBC_SHA,-
214 SSL_kDHE,-
215 SSL_aNULL,-
216 SSL_3DES,-
217 SSL_SHA1,-
218 SSL3_VERSION, TLS1_2_VERSION,-
219 DTLS1_BAD_VER, DTLS1_2_VERSION,-
220 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
221 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
222 112,-
223 168,-
224 },-
225#endif-
226 {-
227 1,-
228 TLS1_TXT_RSA_WITH_AES_128_SHA,-
229 TLS1_RFC_RSA_WITH_AES_128_SHA,-
230 TLS1_CK_RSA_WITH_AES_128_SHA,-
231 SSL_kRSA,-
232 SSL_aRSA,-
233 SSL_AES128,-
234 SSL_SHA1,-
235 SSL3_VERSION, TLS1_2_VERSION,-
236 DTLS1_BAD_VER, DTLS1_2_VERSION,-
237 SSL_HIGH | SSL_FIPS,-
238 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
239 128,-
240 128,-
241 },-
242 {-
243 1,-
244 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,-
245 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,-
246 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,-
247 SSL_kDHE,-
248 SSL_aDSS,-
249 SSL_AES128,-
250 SSL_SHA1,-
251 SSL3_VERSION, TLS1_2_VERSION,-
252 DTLS1_BAD_VER, DTLS1_2_VERSION,-
253 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
254 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
255 128,-
256 128,-
257 },-
258 {-
259 1,-
260 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,-
261 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,-
262 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,-
263 SSL_kDHE,-
264 SSL_aRSA,-
265 SSL_AES128,-
266 SSL_SHA1,-
267 SSL3_VERSION, TLS1_2_VERSION,-
268 DTLS1_BAD_VER, DTLS1_2_VERSION,-
269 SSL_HIGH | SSL_FIPS,-
270 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
271 128,-
272 128,-
273 },-
274 {-
275 1,-
276 TLS1_TXT_ADH_WITH_AES_128_SHA,-
277 TLS1_RFC_ADH_WITH_AES_128_SHA,-
278 TLS1_CK_ADH_WITH_AES_128_SHA,-
279 SSL_kDHE,-
280 SSL_aNULL,-
281 SSL_AES128,-
282 SSL_SHA1,-
283 SSL3_VERSION, TLS1_2_VERSION,-
284 DTLS1_BAD_VER, DTLS1_2_VERSION,-
285 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
286 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
287 128,-
288 128,-
289 },-
290 {-
291 1,-
292 TLS1_TXT_RSA_WITH_AES_256_SHA,-
293 TLS1_RFC_RSA_WITH_AES_256_SHA,-
294 TLS1_CK_RSA_WITH_AES_256_SHA,-
295 SSL_kRSA,-
296 SSL_aRSA,-
297 SSL_AES256,-
298 SSL_SHA1,-
299 SSL3_VERSION, TLS1_2_VERSION,-
300 DTLS1_BAD_VER, DTLS1_2_VERSION,-
301 SSL_HIGH | SSL_FIPS,-
302 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
303 256,-
304 256,-
305 },-
306 {-
307 1,-
308 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,-
309 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,-
310 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,-
311 SSL_kDHE,-
312 SSL_aDSS,-
313 SSL_AES256,-
314 SSL_SHA1,-
315 SSL3_VERSION, TLS1_2_VERSION,-
316 DTLS1_BAD_VER, DTLS1_2_VERSION,-
317 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
318 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
319 256,-
320 256,-
321 },-
322 {-
323 1,-
324 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,-
325 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,-
326 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,-
327 SSL_kDHE,-
328 SSL_aRSA,-
329 SSL_AES256,-
330 SSL_SHA1,-
331 SSL3_VERSION, TLS1_2_VERSION,-
332 DTLS1_BAD_VER, DTLS1_2_VERSION,-
333 SSL_HIGH | SSL_FIPS,-
334 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
335 256,-
336 256,-
337 },-
338 {-
339 1,-
340 TLS1_TXT_ADH_WITH_AES_256_SHA,-
341 TLS1_RFC_ADH_WITH_AES_256_SHA,-
342 TLS1_CK_ADH_WITH_AES_256_SHA,-
343 SSL_kDHE,-
344 SSL_aNULL,-
345 SSL_AES256,-
346 SSL_SHA1,-
347 SSL3_VERSION, TLS1_2_VERSION,-
348 DTLS1_BAD_VER, DTLS1_2_VERSION,-
349 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
351 256,-
352 256,-
353 },-
354 {-
355 1,-
356 TLS1_TXT_RSA_WITH_NULL_SHA256,-
357 TLS1_RFC_RSA_WITH_NULL_SHA256,-
358 TLS1_CK_RSA_WITH_NULL_SHA256,-
359 SSL_kRSA,-
360 SSL_aRSA,-
361 SSL_eNULL,-
362 SSL_SHA256,-
363 TLS1_2_VERSION, TLS1_2_VERSION,-
364 DTLS1_2_VERSION, DTLS1_2_VERSION,-
365 SSL_STRONG_NONE | SSL_FIPS,-
366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
367 0,-
368 0,-
369 },-
370 {-
371 1,-
372 TLS1_TXT_RSA_WITH_AES_128_SHA256,-
373 TLS1_RFC_RSA_WITH_AES_128_SHA256,-
374 TLS1_CK_RSA_WITH_AES_128_SHA256,-
375 SSL_kRSA,-
376 SSL_aRSA,-
377 SSL_AES128,-
378 SSL_SHA256,-
379 TLS1_2_VERSION, TLS1_2_VERSION,-
380 DTLS1_2_VERSION, DTLS1_2_VERSION,-
381 SSL_HIGH | SSL_FIPS,-
382 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
383 128,-
384 128,-
385 },-
386 {-
387 1,-
388 TLS1_TXT_RSA_WITH_AES_256_SHA256,-
389 TLS1_RFC_RSA_WITH_AES_256_SHA256,-
390 TLS1_CK_RSA_WITH_AES_256_SHA256,-
391 SSL_kRSA,-
392 SSL_aRSA,-
393 SSL_AES256,-
394 SSL_SHA256,-
395 TLS1_2_VERSION, TLS1_2_VERSION,-
396 DTLS1_2_VERSION, DTLS1_2_VERSION,-
397 SSL_HIGH | SSL_FIPS,-
398 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
399 256,-
400 256,-
401 },-
402 {-
403 1,-
404 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,-
405 TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,-
406 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,-
407 SSL_kDHE,-
408 SSL_aDSS,-
409 SSL_AES128,-
410 SSL_SHA256,-
411 TLS1_2_VERSION, TLS1_2_VERSION,-
412 DTLS1_2_VERSION, DTLS1_2_VERSION,-
413 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
414 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
415 128,-
416 128,-
417 },-
418 {-
419 1,-
420 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,-
421 TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,-
422 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,-
423 SSL_kDHE,-
424 SSL_aRSA,-
425 SSL_AES128,-
426 SSL_SHA256,-
427 TLS1_2_VERSION, TLS1_2_VERSION,-
428 DTLS1_2_VERSION, DTLS1_2_VERSION,-
429 SSL_HIGH | SSL_FIPS,-
430 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
431 128,-
432 128,-
433 },-
434 {-
435 1,-
436 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,-
437 TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,-
438 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,-
439 SSL_kDHE,-
440 SSL_aDSS,-
441 SSL_AES256,-
442 SSL_SHA256,-
443 TLS1_2_VERSION, TLS1_2_VERSION,-
444 DTLS1_2_VERSION, DTLS1_2_VERSION,-
445 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
446 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
447 256,-
448 256,-
449 },-
450 {-
451 1,-
452 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,-
453 TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,-
454 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,-
455 SSL_kDHE,-
456 SSL_aRSA,-
457 SSL_AES256,-
458 SSL_SHA256,-
459 TLS1_2_VERSION, TLS1_2_VERSION,-
460 DTLS1_2_VERSION, DTLS1_2_VERSION,-
461 SSL_HIGH | SSL_FIPS,-
462 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
463 256,-
464 256,-
465 },-
466 {-
467 1,-
468 TLS1_TXT_ADH_WITH_AES_128_SHA256,-
469 TLS1_RFC_ADH_WITH_AES_128_SHA256,-
470 TLS1_CK_ADH_WITH_AES_128_SHA256,-
471 SSL_kDHE,-
472 SSL_aNULL,-
473 SSL_AES128,-
474 SSL_SHA256,-
475 TLS1_2_VERSION, TLS1_2_VERSION,-
476 DTLS1_2_VERSION, DTLS1_2_VERSION,-
477 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
478 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
479 128,-
480 128,-
481 },-
482 {-
483 1,-
484 TLS1_TXT_ADH_WITH_AES_256_SHA256,-
485 TLS1_RFC_ADH_WITH_AES_256_SHA256,-
486 TLS1_CK_ADH_WITH_AES_256_SHA256,-
487 SSL_kDHE,-
488 SSL_aNULL,-
489 SSL_AES256,-
490 SSL_SHA256,-
491 TLS1_2_VERSION, TLS1_2_VERSION,-
492 DTLS1_2_VERSION, DTLS1_2_VERSION,-
493 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
494 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
495 256,-
496 256,-
497 },-
498 {-
499 1,-
500 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,-
501 TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,-
502 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,-
503 SSL_kRSA,-
504 SSL_aRSA,-
505 SSL_AES128GCM,-
506 SSL_AEAD,-
507 TLS1_2_VERSION, TLS1_2_VERSION,-
508 DTLS1_2_VERSION, DTLS1_2_VERSION,-
509 SSL_HIGH | SSL_FIPS,-
510 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
511 128,-
512 128,-
513 },-
514 {-
515 1,-
516 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,-
517 TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,-
518 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,-
519 SSL_kRSA,-
520 SSL_aRSA,-
521 SSL_AES256GCM,-
522 SSL_AEAD,-
523 TLS1_2_VERSION, TLS1_2_VERSION,-
524 DTLS1_2_VERSION, DTLS1_2_VERSION,-
525 SSL_HIGH | SSL_FIPS,-
526 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
527 256,-
528 256,-
529 },-
530 {-
531 1,-
532 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,-
533 TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,-
534 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,-
535 SSL_kDHE,-
536 SSL_aRSA,-
537 SSL_AES128GCM,-
538 SSL_AEAD,-
539 TLS1_2_VERSION, TLS1_2_VERSION,-
540 DTLS1_2_VERSION, DTLS1_2_VERSION,-
541 SSL_HIGH | SSL_FIPS,-
542 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
543 128,-
544 128,-
545 },-
546 {-
547 1,-
548 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,-
549 TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,-
550 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,-
551 SSL_kDHE,-
552 SSL_aRSA,-
553 SSL_AES256GCM,-
554 SSL_AEAD,-
555 TLS1_2_VERSION, TLS1_2_VERSION,-
556 DTLS1_2_VERSION, DTLS1_2_VERSION,-
557 SSL_HIGH | SSL_FIPS,-
558 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
559 256,-
560 256,-
561 },-
562 {-
563 1,-
564 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,-
565 TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,-
566 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,-
567 SSL_kDHE,-
568 SSL_aDSS,-
569 SSL_AES128GCM,-
570 SSL_AEAD,-
571 TLS1_2_VERSION, TLS1_2_VERSION,-
572 DTLS1_2_VERSION, DTLS1_2_VERSION,-
573 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
574 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
575 128,-
576 128,-
577 },-
578 {-
579 1,-
580 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,-
581 TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,-
582 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,-
583 SSL_kDHE,-
584 SSL_aDSS,-
585 SSL_AES256GCM,-
586 SSL_AEAD,-
587 TLS1_2_VERSION, TLS1_2_VERSION,-
588 DTLS1_2_VERSION, DTLS1_2_VERSION,-
589 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
590 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
591 256,-
592 256,-
593 },-
594 {-
595 1,-
596 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,-
597 TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,-
598 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,-
599 SSL_kDHE,-
600 SSL_aNULL,-
601 SSL_AES128GCM,-
602 SSL_AEAD,-
603 TLS1_2_VERSION, TLS1_2_VERSION,-
604 DTLS1_2_VERSION, DTLS1_2_VERSION,-
605 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
606 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
607 128,-
608 128,-
609 },-
610 {-
611 1,-
612 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,-
613 TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,-
614 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,-
615 SSL_kDHE,-
616 SSL_aNULL,-
617 SSL_AES256GCM,-
618 SSL_AEAD,-
619 TLS1_2_VERSION, TLS1_2_VERSION,-
620 DTLS1_2_VERSION, DTLS1_2_VERSION,-
621 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
622 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
623 256,-
624 256,-
625 },-
626 {-
627 1,-
628 TLS1_TXT_RSA_WITH_AES_128_CCM,-
629 TLS1_RFC_RSA_WITH_AES_128_CCM,-
630 TLS1_CK_RSA_WITH_AES_128_CCM,-
631 SSL_kRSA,-
632 SSL_aRSA,-
633 SSL_AES128CCM,-
634 SSL_AEAD,-
635 TLS1_2_VERSION, TLS1_2_VERSION,-
636 DTLS1_2_VERSION, DTLS1_2_VERSION,-
637 SSL_NOT_DEFAULT | SSL_HIGH,-
638 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
639 128,-
640 128,-
641 },-
642 {-
643 1,-
644 TLS1_TXT_RSA_WITH_AES_256_CCM,-
645 TLS1_RFC_RSA_WITH_AES_256_CCM,-
646 TLS1_CK_RSA_WITH_AES_256_CCM,-
647 SSL_kRSA,-
648 SSL_aRSA,-
649 SSL_AES256CCM,-
650 SSL_AEAD,-
651 TLS1_2_VERSION, TLS1_2_VERSION,-
652 DTLS1_2_VERSION, DTLS1_2_VERSION,-
653 SSL_NOT_DEFAULT | SSL_HIGH,-
654 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
655 256,-
656 256,-
657 },-
658 {-
659 1,-
660 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,-
661 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,-
662 TLS1_CK_DHE_RSA_WITH_AES_128_CCM,-
663 SSL_kDHE,-
664 SSL_aRSA,-
665 SSL_AES128CCM,-
666 SSL_AEAD,-
667 TLS1_2_VERSION, TLS1_2_VERSION,-
668 DTLS1_2_VERSION, DTLS1_2_VERSION,-
669 SSL_NOT_DEFAULT | SSL_HIGH,-
670 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
671 128,-
672 128,-
673 },-
674 {-
675 1,-
676 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,-
677 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,-
678 TLS1_CK_DHE_RSA_WITH_AES_256_CCM,-
679 SSL_kDHE,-
680 SSL_aRSA,-
681 SSL_AES256CCM,-
682 SSL_AEAD,-
683 TLS1_2_VERSION, TLS1_2_VERSION,-
684 DTLS1_2_VERSION, DTLS1_2_VERSION,-
685 SSL_NOT_DEFAULT | SSL_HIGH,-
686 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
687 256,-
688 256,-
689 },-
690 {-
691 1,-
692 TLS1_TXT_RSA_WITH_AES_128_CCM_8,-
693 TLS1_RFC_RSA_WITH_AES_128_CCM_8,-
694 TLS1_CK_RSA_WITH_AES_128_CCM_8,-
695 SSL_kRSA,-
696 SSL_aRSA,-
697 SSL_AES128CCM8,-
698 SSL_AEAD,-
699 TLS1_2_VERSION, TLS1_2_VERSION,-
700 DTLS1_2_VERSION, DTLS1_2_VERSION,-
701 SSL_NOT_DEFAULT | SSL_HIGH,-
702 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
703 128,-
704 128,-
705 },-
706 {-
707 1,-
708 TLS1_TXT_RSA_WITH_AES_256_CCM_8,-
709 TLS1_RFC_RSA_WITH_AES_256_CCM_8,-
710 TLS1_CK_RSA_WITH_AES_256_CCM_8,-
711 SSL_kRSA,-
712 SSL_aRSA,-
713 SSL_AES256CCM8,-
714 SSL_AEAD,-
715 TLS1_2_VERSION, TLS1_2_VERSION,-
716 DTLS1_2_VERSION, DTLS1_2_VERSION,-
717 SSL_NOT_DEFAULT | SSL_HIGH,-
718 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
719 256,-
720 256,-
721 },-
722 {-
723 1,-
724 TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,-
725 TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,-
726 TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,-
727 SSL_kDHE,-
728 SSL_aRSA,-
729 SSL_AES128CCM8,-
730 SSL_AEAD,-
731 TLS1_2_VERSION, TLS1_2_VERSION,-
732 DTLS1_2_VERSION, DTLS1_2_VERSION,-
733 SSL_NOT_DEFAULT | SSL_HIGH,-
734 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
735 128,-
736 128,-
737 },-
738 {-
739 1,-
740 TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,-
741 TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,-
742 TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,-
743 SSL_kDHE,-
744 SSL_aRSA,-
745 SSL_AES256CCM8,-
746 SSL_AEAD,-
747 TLS1_2_VERSION, TLS1_2_VERSION,-
748 DTLS1_2_VERSION, DTLS1_2_VERSION,-
749 SSL_NOT_DEFAULT | SSL_HIGH,-
750 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
751 256,-
752 256,-
753 },-
754 {-
755 1,-
756 TLS1_TXT_PSK_WITH_AES_128_CCM,-
757 TLS1_RFC_PSK_WITH_AES_128_CCM,-
758 TLS1_CK_PSK_WITH_AES_128_CCM,-
759 SSL_kPSK,-
760 SSL_aPSK,-
761 SSL_AES128CCM,-
762 SSL_AEAD,-
763 TLS1_2_VERSION, TLS1_2_VERSION,-
764 DTLS1_2_VERSION, DTLS1_2_VERSION,-
765 SSL_NOT_DEFAULT | SSL_HIGH,-
766 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
767 128,-
768 128,-
769 },-
770 {-
771 1,-
772 TLS1_TXT_PSK_WITH_AES_256_CCM,-
773 TLS1_RFC_PSK_WITH_AES_256_CCM,-
774 TLS1_CK_PSK_WITH_AES_256_CCM,-
775 SSL_kPSK,-
776 SSL_aPSK,-
777 SSL_AES256CCM,-
778 SSL_AEAD,-
779 TLS1_2_VERSION, TLS1_2_VERSION,-
780 DTLS1_2_VERSION, DTLS1_2_VERSION,-
781 SSL_NOT_DEFAULT | SSL_HIGH,-
782 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
783 256,-
784 256,-
785 },-
786 {-
787 1,-
788 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,-
789 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,-
790 TLS1_CK_DHE_PSK_WITH_AES_128_CCM,-
791 SSL_kDHEPSK,-
792 SSL_aPSK,-
793 SSL_AES128CCM,-
794 SSL_AEAD,-
795 TLS1_2_VERSION, TLS1_2_VERSION,-
796 DTLS1_2_VERSION, DTLS1_2_VERSION,-
797 SSL_NOT_DEFAULT | SSL_HIGH,-
798 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
799 128,-
800 128,-
801 },-
802 {-
803 1,-
804 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,-
805 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,-
806 TLS1_CK_DHE_PSK_WITH_AES_256_CCM,-
807 SSL_kDHEPSK,-
808 SSL_aPSK,-
809 SSL_AES256CCM,-
810 SSL_AEAD,-
811 TLS1_2_VERSION, TLS1_2_VERSION,-
812 DTLS1_2_VERSION, DTLS1_2_VERSION,-
813 SSL_NOT_DEFAULT | SSL_HIGH,-
814 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
815 256,-
816 256,-
817 },-
818 {-
819 1,-
820 TLS1_TXT_PSK_WITH_AES_128_CCM_8,-
821 TLS1_RFC_PSK_WITH_AES_128_CCM_8,-
822 TLS1_CK_PSK_WITH_AES_128_CCM_8,-
823 SSL_kPSK,-
824 SSL_aPSK,-
825 SSL_AES128CCM8,-
826 SSL_AEAD,-
827 TLS1_2_VERSION, TLS1_2_VERSION,-
828 DTLS1_2_VERSION, DTLS1_2_VERSION,-
829 SSL_NOT_DEFAULT | SSL_HIGH,-
830 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
831 128,-
832 128,-
833 },-
834 {-
835 1,-
836 TLS1_TXT_PSK_WITH_AES_256_CCM_8,-
837 TLS1_RFC_PSK_WITH_AES_256_CCM_8,-
838 TLS1_CK_PSK_WITH_AES_256_CCM_8,-
839 SSL_kPSK,-
840 SSL_aPSK,-
841 SSL_AES256CCM8,-
842 SSL_AEAD,-
843 TLS1_2_VERSION, TLS1_2_VERSION,-
844 DTLS1_2_VERSION, DTLS1_2_VERSION,-
845 SSL_NOT_DEFAULT | SSL_HIGH,-
846 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
847 256,-
848 256,-
849 },-
850 {-
851 1,-
852 TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,-
853 TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,-
854 TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,-
855 SSL_kDHEPSK,-
856 SSL_aPSK,-
857 SSL_AES128CCM8,-
858 SSL_AEAD,-
859 TLS1_2_VERSION, TLS1_2_VERSION,-
860 DTLS1_2_VERSION, DTLS1_2_VERSION,-
861 SSL_NOT_DEFAULT | SSL_HIGH,-
862 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
863 128,-
864 128,-
865 },-
866 {-
867 1,-
868 TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,-
869 TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,-
870 TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,-
871 SSL_kDHEPSK,-
872 SSL_aPSK,-
873 SSL_AES256CCM8,-
874 SSL_AEAD,-
875 TLS1_2_VERSION, TLS1_2_VERSION,-
876 DTLS1_2_VERSION, DTLS1_2_VERSION,-
877 SSL_NOT_DEFAULT | SSL_HIGH,-
878 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
879 256,-
880 256,-
881 },-
882 {-
883 1,-
884 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,-
885 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,-
886 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,-
887 SSL_kECDHE,-
888 SSL_aECDSA,-
889 SSL_AES128CCM,-
890 SSL_AEAD,-
891 TLS1_2_VERSION, TLS1_2_VERSION,-
892 DTLS1_2_VERSION, DTLS1_2_VERSION,-
893 SSL_NOT_DEFAULT | SSL_HIGH,-
894 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
895 128,-
896 128,-
897 },-
898 {-
899 1,-
900 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,-
901 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,-
902 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,-
903 SSL_kECDHE,-
904 SSL_aECDSA,-
905 SSL_AES256CCM,-
906 SSL_AEAD,-
907 TLS1_2_VERSION, TLS1_2_VERSION,-
908 DTLS1_2_VERSION, DTLS1_2_VERSION,-
909 SSL_NOT_DEFAULT | SSL_HIGH,-
910 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
911 256,-
912 256,-
913 },-
914 {-
915 1,-
916 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,-
917 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,-
918 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,-
919 SSL_kECDHE,-
920 SSL_aECDSA,-
921 SSL_AES128CCM8,-
922 SSL_AEAD,-
923 TLS1_2_VERSION, TLS1_2_VERSION,-
924 DTLS1_2_VERSION, DTLS1_2_VERSION,-
925 SSL_NOT_DEFAULT | SSL_HIGH,-
926 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
927 128,-
928 128,-
929 },-
930 {-
931 1,-
932 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,-
933 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,-
934 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,-
935 SSL_kECDHE,-
936 SSL_aECDSA,-
937 SSL_AES256CCM8,-
938 SSL_AEAD,-
939 TLS1_2_VERSION, TLS1_2_VERSION,-
940 DTLS1_2_VERSION, DTLS1_2_VERSION,-
941 SSL_NOT_DEFAULT | SSL_HIGH,-
942 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
943 256,-
944 256,-
945 },-
946 {-
947 1,-
948 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,-
949 TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,-
950 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,-
951 SSL_kECDHE,-
952 SSL_aECDSA,-
953 SSL_eNULL,-
954 SSL_SHA1,-
955 TLS1_VERSION, TLS1_2_VERSION,-
956 DTLS1_BAD_VER, DTLS1_2_VERSION,-
957 SSL_STRONG_NONE | SSL_FIPS,-
958 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
959 0,-
960 0,-
961 },-
962# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
963 {-
964 1,-
965 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,-
966 TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,-
967 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,-
968 SSL_kECDHE,-
969 SSL_aECDSA,-
970 SSL_3DES,-
971 SSL_SHA1,-
972 TLS1_VERSION, TLS1_2_VERSION,-
973 DTLS1_BAD_VER, DTLS1_2_VERSION,-
974 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
975 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
976 112,-
977 168,-
978 },-
979# endif-
980 {-
981 1,-
982 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-
983 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-
984 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-
985 SSL_kECDHE,-
986 SSL_aECDSA,-
987 SSL_AES128,-
988 SSL_SHA1,-
989 TLS1_VERSION, TLS1_2_VERSION,-
990 DTLS1_BAD_VER, DTLS1_2_VERSION,-
991 SSL_HIGH | SSL_FIPS,-
992 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
993 128,-
994 128,-
995 },-
996 {-
997 1,-
998 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-
999 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-
1000 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-
1001 SSL_kECDHE,-
1002 SSL_aECDSA,-
1003 SSL_AES256,-
1004 SSL_SHA1,-
1005 TLS1_VERSION, TLS1_2_VERSION,-
1006 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1007 SSL_HIGH | SSL_FIPS,-
1008 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1009 256,-
1010 256,-
1011 },-
1012 {-
1013 1,-
1014 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,-
1015 TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,-
1016 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,-
1017 SSL_kECDHE,-
1018 SSL_aRSA,-
1019 SSL_eNULL,-
1020 SSL_SHA1,-
1021 TLS1_VERSION, TLS1_2_VERSION,-
1022 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1023 SSL_STRONG_NONE | SSL_FIPS,-
1024 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1025 0,-
1026 0,-
1027 },-
1028# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
1029 {-
1030 1,-
1031 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,-
1032 TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,-
1033 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,-
1034 SSL_kECDHE,-
1035 SSL_aRSA,-
1036 SSL_3DES,-
1037 SSL_SHA1,-
1038 TLS1_VERSION, TLS1_2_VERSION,-
1039 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1040 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
1041 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1042 112,-
1043 168,-
1044 },-
1045# endif-
1046 {-
1047 1,-
1048 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,-
1049 TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,-
1050 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,-
1051 SSL_kECDHE,-
1052 SSL_aRSA,-
1053 SSL_AES128,-
1054 SSL_SHA1,-
1055 TLS1_VERSION, TLS1_2_VERSION,-
1056 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1057 SSL_HIGH | SSL_FIPS,-
1058 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1059 128,-
1060 128,-
1061 },-
1062 {-
1063 1,-
1064 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,-
1065 TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,-
1066 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,-
1067 SSL_kECDHE,-
1068 SSL_aRSA,-
1069 SSL_AES256,-
1070 SSL_SHA1,-
1071 TLS1_VERSION, TLS1_2_VERSION,-
1072 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1073 SSL_HIGH | SSL_FIPS,-
1074 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1075 256,-
1076 256,-
1077 },-
1078 {-
1079 1,-
1080 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,-
1081 TLS1_RFC_ECDH_anon_WITH_NULL_SHA,-
1082 TLS1_CK_ECDH_anon_WITH_NULL_SHA,-
1083 SSL_kECDHE,-
1084 SSL_aNULL,-
1085 SSL_eNULL,-
1086 SSL_SHA1,-
1087 TLS1_VERSION, TLS1_2_VERSION,-
1088 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1089 SSL_STRONG_NONE | SSL_FIPS,-
1090 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1091 0,-
1092 0,-
1093 },-
1094# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
1095 {-
1096 1,-
1097 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,-
1098 TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,-
1099 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,-
1100 SSL_kECDHE,-
1101 SSL_aNULL,-
1102 SSL_3DES,-
1103 SSL_SHA1,-
1104 TLS1_VERSION, TLS1_2_VERSION,-
1105 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1106 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
1107 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1108 112,-
1109 168,-
1110 },-
1111# endif-
1112 {-
1113 1,-
1114 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,-
1115 TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,-
1116 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,-
1117 SSL_kECDHE,-
1118 SSL_aNULL,-
1119 SSL_AES128,-
1120 SSL_SHA1,-
1121 TLS1_VERSION, TLS1_2_VERSION,-
1122 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1123 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
1124 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1125 128,-
1126 128,-
1127 },-
1128 {-
1129 1,-
1130 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,-
1131 TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,-
1132 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,-
1133 SSL_kECDHE,-
1134 SSL_aNULL,-
1135 SSL_AES256,-
1136 SSL_SHA1,-
1137 TLS1_VERSION, TLS1_2_VERSION,-
1138 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1139 SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,-
1140 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1141 256,-
1142 256,-
1143 },-
1144 {-
1145 1,-
1146 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,-
1147 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,-
1148 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,-
1149 SSL_kECDHE,-
1150 SSL_aECDSA,-
1151 SSL_AES128,-
1152 SSL_SHA256,-
1153 TLS1_2_VERSION, TLS1_2_VERSION,-
1154 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1155 SSL_HIGH | SSL_FIPS,-
1156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
1157 128,-
1158 128,-
1159 },-
1160 {-
1161 1,-
1162 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,-
1163 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,-
1164 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,-
1165 SSL_kECDHE,-
1166 SSL_aECDSA,-
1167 SSL_AES256,-
1168 SSL_SHA384,-
1169 TLS1_2_VERSION, TLS1_2_VERSION,-
1170 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1171 SSL_HIGH | SSL_FIPS,-
1172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1173 256,-
1174 256,-
1175 },-
1176 {-
1177 1,-
1178 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,-
1179 TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,-
1180 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,-
1181 SSL_kECDHE,-
1182 SSL_aRSA,-
1183 SSL_AES128,-
1184 SSL_SHA256,-
1185 TLS1_2_VERSION, TLS1_2_VERSION,-
1186 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1187 SSL_HIGH | SSL_FIPS,-
1188 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
1189 128,-
1190 128,-
1191 },-
1192 {-
1193 1,-
1194 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,-
1195 TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,-
1196 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,-
1197 SSL_kECDHE,-
1198 SSL_aRSA,-
1199 SSL_AES256,-
1200 SSL_SHA384,-
1201 TLS1_2_VERSION, TLS1_2_VERSION,-
1202 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1203 SSL_HIGH | SSL_FIPS,-
1204 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1205 256,-
1206 256,-
1207 },-
1208 {-
1209 1,-
1210 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-
1211 TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-
1212 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-
1213 SSL_kECDHE,-
1214 SSL_aECDSA,-
1215 SSL_AES128GCM,-
1216 SSL_AEAD,-
1217 TLS1_2_VERSION, TLS1_2_VERSION,-
1218 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1219 SSL_HIGH | SSL_FIPS,-
1220 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
1221 128,-
1222 128,-
1223 },-
1224 {-
1225 1,-
1226 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,-
1227 TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,-
1228 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,-
1229 SSL_kECDHE,-
1230 SSL_aECDSA,-
1231 SSL_AES256GCM,-
1232 SSL_AEAD,-
1233 TLS1_2_VERSION, TLS1_2_VERSION,-
1234 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1235 SSL_HIGH | SSL_FIPS,-
1236 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1237 256,-
1238 256,-
1239 },-
1240 {-
1241 1,-
1242 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-
1243 TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-
1244 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-
1245 SSL_kECDHE,-
1246 SSL_aRSA,-
1247 SSL_AES128GCM,-
1248 SSL_AEAD,-
1249 TLS1_2_VERSION, TLS1_2_VERSION,-
1250 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1251 SSL_HIGH | SSL_FIPS,-
1252 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
1253 128,-
1254 128,-
1255 },-
1256 {-
1257 1,-
1258 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,-
1259 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,-
1260 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,-
1261 SSL_kECDHE,-
1262 SSL_aRSA,-
1263 SSL_AES256GCM,-
1264 SSL_AEAD,-
1265 TLS1_2_VERSION, TLS1_2_VERSION,-
1266 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1267 SSL_HIGH | SSL_FIPS,-
1268 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1269 256,-
1270 256,-
1271 },-
1272 {-
1273 1,-
1274 TLS1_TXT_PSK_WITH_NULL_SHA,-
1275 TLS1_RFC_PSK_WITH_NULL_SHA,-
1276 TLS1_CK_PSK_WITH_NULL_SHA,-
1277 SSL_kPSK,-
1278 SSL_aPSK,-
1279 SSL_eNULL,-
1280 SSL_SHA1,-
1281 SSL3_VERSION, TLS1_2_VERSION,-
1282 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1283 SSL_STRONG_NONE | SSL_FIPS,-
1284 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1285 0,-
1286 0,-
1287 },-
1288 {-
1289 1,-
1290 TLS1_TXT_DHE_PSK_WITH_NULL_SHA,-
1291 TLS1_RFC_DHE_PSK_WITH_NULL_SHA,-
1292 TLS1_CK_DHE_PSK_WITH_NULL_SHA,-
1293 SSL_kDHEPSK,-
1294 SSL_aPSK,-
1295 SSL_eNULL,-
1296 SSL_SHA1,-
1297 SSL3_VERSION, TLS1_2_VERSION,-
1298 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1299 SSL_STRONG_NONE | SSL_FIPS,-
1300 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1301 0,-
1302 0,-
1303 },-
1304 {-
1305 1,-
1306 TLS1_TXT_RSA_PSK_WITH_NULL_SHA,-
1307 TLS1_RFC_RSA_PSK_WITH_NULL_SHA,-
1308 TLS1_CK_RSA_PSK_WITH_NULL_SHA,-
1309 SSL_kRSAPSK,-
1310 SSL_aRSA,-
1311 SSL_eNULL,-
1312 SSL_SHA1,-
1313 SSL3_VERSION, TLS1_2_VERSION,-
1314 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1315 SSL_STRONG_NONE | SSL_FIPS,-
1316 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1317 0,-
1318 0,-
1319 },-
1320# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
1321 {-
1322 1,-
1323 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,-
1324 TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,-
1325 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,-
1326 SSL_kPSK,-
1327 SSL_aPSK,-
1328 SSL_3DES,-
1329 SSL_SHA1,-
1330 SSL3_VERSION, TLS1_2_VERSION,-
1331 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1332 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
1333 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1334 112,-
1335 168,-
1336 },-
1337# endif-
1338 {-
1339 1,-
1340 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,-
1341 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,-
1342 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,-
1343 SSL_kPSK,-
1344 SSL_aPSK,-
1345 SSL_AES128,-
1346 SSL_SHA1,-
1347 SSL3_VERSION, TLS1_2_VERSION,-
1348 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1349 SSL_HIGH | SSL_FIPS,-
1350 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1351 128,-
1352 128,-
1353 },-
1354 {-
1355 1,-
1356 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,-
1357 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,-
1358 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,-
1359 SSL_kPSK,-
1360 SSL_aPSK,-
1361 SSL_AES256,-
1362 SSL_SHA1,-
1363 SSL3_VERSION, TLS1_2_VERSION,-
1364 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1365 SSL_HIGH | SSL_FIPS,-
1366 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1367 256,-
1368 256,-
1369 },-
1370# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
1371 {-
1372 1,-
1373 TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,-
1374 TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,-
1375 TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,-
1376 SSL_kDHEPSK,-
1377 SSL_aPSK,-
1378 SSL_3DES,-
1379 SSL_SHA1,-
1380 SSL3_VERSION, TLS1_2_VERSION,-
1381 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1382 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
1383 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1384 112,-
1385 168,-
1386 },-
1387# endif-
1388 {-
1389 1,-
1390 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,-
1391 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,-
1392 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,-
1393 SSL_kDHEPSK,-
1394 SSL_aPSK,-
1395 SSL_AES128,-
1396 SSL_SHA1,-
1397 SSL3_VERSION, TLS1_2_VERSION,-
1398 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1399 SSL_HIGH | SSL_FIPS,-
1400 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1401 128,-
1402 128,-
1403 },-
1404 {-
1405 1,-
1406 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,-
1407 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,-
1408 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,-
1409 SSL_kDHEPSK,-
1410 SSL_aPSK,-
1411 SSL_AES256,-
1412 SSL_SHA1,-
1413 SSL3_VERSION, TLS1_2_VERSION,-
1414 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1415 SSL_HIGH | SSL_FIPS,-
1416 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1417 256,-
1418 256,-
1419 },-
1420# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
1421 {-
1422 1,-
1423 TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,-
1424 TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,-
1425 TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,-
1426 SSL_kRSAPSK,-
1427 SSL_aRSA,-
1428 SSL_3DES,-
1429 SSL_SHA1,-
1430 SSL3_VERSION, TLS1_2_VERSION,-
1431 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1432 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
1433 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1434 112,-
1435 168,-
1436 },-
1437# endif-
1438 {-
1439 1,-
1440 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,-
1441 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,-
1442 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,-
1443 SSL_kRSAPSK,-
1444 SSL_aRSA,-
1445 SSL_AES128,-
1446 SSL_SHA1,-
1447 SSL3_VERSION, TLS1_2_VERSION,-
1448 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1449 SSL_HIGH | SSL_FIPS,-
1450 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1451 128,-
1452 128,-
1453 },-
1454 {-
1455 1,-
1456 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,-
1457 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,-
1458 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,-
1459 SSL_kRSAPSK,-
1460 SSL_aRSA,-
1461 SSL_AES256,-
1462 SSL_SHA1,-
1463 SSL3_VERSION, TLS1_2_VERSION,-
1464 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1465 SSL_HIGH | SSL_FIPS,-
1466 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1467 256,-
1468 256,-
1469 },-
1470 {-
1471 1,-
1472 TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,-
1473 TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,-
1474 TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,-
1475 SSL_kPSK,-
1476 SSL_aPSK,-
1477 SSL_AES128GCM,-
1478 SSL_AEAD,-
1479 TLS1_2_VERSION, TLS1_2_VERSION,-
1480 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1481 SSL_HIGH | SSL_FIPS,-
1482 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
1483 128,-
1484 128,-
1485 },-
1486 {-
1487 1,-
1488 TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,-
1489 TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,-
1490 TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,-
1491 SSL_kPSK,-
1492 SSL_aPSK,-
1493 SSL_AES256GCM,-
1494 SSL_AEAD,-
1495 TLS1_2_VERSION, TLS1_2_VERSION,-
1496 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1497 SSL_HIGH | SSL_FIPS,-
1498 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1499 256,-
1500 256,-
1501 },-
1502 {-
1503 1,-
1504 TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,-
1505 TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,-
1506 TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,-
1507 SSL_kDHEPSK,-
1508 SSL_aPSK,-
1509 SSL_AES128GCM,-
1510 SSL_AEAD,-
1511 TLS1_2_VERSION, TLS1_2_VERSION,-
1512 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1513 SSL_HIGH | SSL_FIPS,-
1514 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
1515 128,-
1516 128,-
1517 },-
1518 {-
1519 1,-
1520 TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,-
1521 TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,-
1522 TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,-
1523 SSL_kDHEPSK,-
1524 SSL_aPSK,-
1525 SSL_AES256GCM,-
1526 SSL_AEAD,-
1527 TLS1_2_VERSION, TLS1_2_VERSION,-
1528 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1529 SSL_HIGH | SSL_FIPS,-
1530 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1531 256,-
1532 256,-
1533 },-
1534 {-
1535 1,-
1536 TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,-
1537 TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,-
1538 TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,-
1539 SSL_kRSAPSK,-
1540 SSL_aRSA,-
1541 SSL_AES128GCM,-
1542 SSL_AEAD,-
1543 TLS1_2_VERSION, TLS1_2_VERSION,-
1544 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1545 SSL_HIGH | SSL_FIPS,-
1546 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
1547 128,-
1548 128,-
1549 },-
1550 {-
1551 1,-
1552 TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,-
1553 TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,-
1554 TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,-
1555 SSL_kRSAPSK,-
1556 SSL_aRSA,-
1557 SSL_AES256GCM,-
1558 SSL_AEAD,-
1559 TLS1_2_VERSION, TLS1_2_VERSION,-
1560 DTLS1_2_VERSION, DTLS1_2_VERSION,-
1561 SSL_HIGH | SSL_FIPS,-
1562 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1563 256,-
1564 256,-
1565 },-
1566 {-
1567 1,-
1568 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,-
1569 TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,-
1570 TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,-
1571 SSL_kPSK,-
1572 SSL_aPSK,-
1573 SSL_AES128,-
1574 SSL_SHA256,-
1575 TLS1_VERSION, TLS1_2_VERSION,-
1576 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1577 SSL_HIGH | SSL_FIPS,-
1578 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1579 128,-
1580 128,-
1581 },-
1582 {-
1583 1,-
1584 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,-
1585 TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,-
1586 TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,-
1587 SSL_kPSK,-
1588 SSL_aPSK,-
1589 SSL_AES256,-
1590 SSL_SHA384,-
1591 TLS1_VERSION, TLS1_2_VERSION,-
1592 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1593 SSL_HIGH | SSL_FIPS,-
1594 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1595 256,-
1596 256,-
1597 },-
1598 {-
1599 1,-
1600 TLS1_TXT_PSK_WITH_NULL_SHA256,-
1601 TLS1_RFC_PSK_WITH_NULL_SHA256,-
1602 TLS1_CK_PSK_WITH_NULL_SHA256,-
1603 SSL_kPSK,-
1604 SSL_aPSK,-
1605 SSL_eNULL,-
1606 SSL_SHA256,-
1607 TLS1_VERSION, TLS1_2_VERSION,-
1608 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1609 SSL_STRONG_NONE | SSL_FIPS,-
1610 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1611 0,-
1612 0,-
1613 },-
1614 {-
1615 1,-
1616 TLS1_TXT_PSK_WITH_NULL_SHA384,-
1617 TLS1_RFC_PSK_WITH_NULL_SHA384,-
1618 TLS1_CK_PSK_WITH_NULL_SHA384,-
1619 SSL_kPSK,-
1620 SSL_aPSK,-
1621 SSL_eNULL,-
1622 SSL_SHA384,-
1623 TLS1_VERSION, TLS1_2_VERSION,-
1624 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1625 SSL_STRONG_NONE | SSL_FIPS,-
1626 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1627 0,-
1628 0,-
1629 },-
1630 {-
1631 1,-
1632 TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,-
1633 TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,-
1634 TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,-
1635 SSL_kDHEPSK,-
1636 SSL_aPSK,-
1637 SSL_AES128,-
1638 SSL_SHA256,-
1639 TLS1_VERSION, TLS1_2_VERSION,-
1640 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1641 SSL_HIGH | SSL_FIPS,-
1642 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1643 128,-
1644 128,-
1645 },-
1646 {-
1647 1,-
1648 TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,-
1649 TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,-
1650 TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,-
1651 SSL_kDHEPSK,-
1652 SSL_aPSK,-
1653 SSL_AES256,-
1654 SSL_SHA384,-
1655 TLS1_VERSION, TLS1_2_VERSION,-
1656 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1657 SSL_HIGH | SSL_FIPS,-
1658 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1659 256,-
1660 256,-
1661 },-
1662 {-
1663 1,-
1664 TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,-
1665 TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,-
1666 TLS1_CK_DHE_PSK_WITH_NULL_SHA256,-
1667 SSL_kDHEPSK,-
1668 SSL_aPSK,-
1669 SSL_eNULL,-
1670 SSL_SHA256,-
1671 TLS1_VERSION, TLS1_2_VERSION,-
1672 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1673 SSL_STRONG_NONE | SSL_FIPS,-
1674 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1675 0,-
1676 0,-
1677 },-
1678 {-
1679 1,-
1680 TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,-
1681 TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,-
1682 TLS1_CK_DHE_PSK_WITH_NULL_SHA384,-
1683 SSL_kDHEPSK,-
1684 SSL_aPSK,-
1685 SSL_eNULL,-
1686 SSL_SHA384,-
1687 TLS1_VERSION, TLS1_2_VERSION,-
1688 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1689 SSL_STRONG_NONE | SSL_FIPS,-
1690 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1691 0,-
1692 0,-
1693 },-
1694 {-
1695 1,-
1696 TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,-
1697 TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,-
1698 TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,-
1699 SSL_kRSAPSK,-
1700 SSL_aRSA,-
1701 SSL_AES128,-
1702 SSL_SHA256,-
1703 TLS1_VERSION, TLS1_2_VERSION,-
1704 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1705 SSL_HIGH | SSL_FIPS,-
1706 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1707 128,-
1708 128,-
1709 },-
1710 {-
1711 1,-
1712 TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,-
1713 TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,-
1714 TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,-
1715 SSL_kRSAPSK,-
1716 SSL_aRSA,-
1717 SSL_AES256,-
1718 SSL_SHA384,-
1719 TLS1_VERSION, TLS1_2_VERSION,-
1720 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1721 SSL_HIGH | SSL_FIPS,-
1722 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1723 256,-
1724 256,-
1725 },-
1726 {-
1727 1,-
1728 TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,-
1729 TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,-
1730 TLS1_CK_RSA_PSK_WITH_NULL_SHA256,-
1731 SSL_kRSAPSK,-
1732 SSL_aRSA,-
1733 SSL_eNULL,-
1734 SSL_SHA256,-
1735 TLS1_VERSION, TLS1_2_VERSION,-
1736 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1737 SSL_STRONG_NONE | SSL_FIPS,-
1738 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1739 0,-
1740 0,-
1741 },-
1742 {-
1743 1,-
1744 TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,-
1745 TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,-
1746 TLS1_CK_RSA_PSK_WITH_NULL_SHA384,-
1747 SSL_kRSAPSK,-
1748 SSL_aRSA,-
1749 SSL_eNULL,-
1750 SSL_SHA384,-
1751 TLS1_VERSION, TLS1_2_VERSION,-
1752 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1753 SSL_STRONG_NONE | SSL_FIPS,-
1754 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1755 0,-
1756 0,-
1757 },-
1758# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
1759 {-
1760 1,-
1761 TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,-
1762 TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,-
1763 TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,-
1764 SSL_kECDHEPSK,-
1765 SSL_aPSK,-
1766 SSL_3DES,-
1767 SSL_SHA1,-
1768 TLS1_VERSION, TLS1_2_VERSION,-
1769 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1770 SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,-
1771 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1772 112,-
1773 168,-
1774 },-
1775# endif-
1776 {-
1777 1,-
1778 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,-
1779 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,-
1780 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,-
1781 SSL_kECDHEPSK,-
1782 SSL_aPSK,-
1783 SSL_AES128,-
1784 SSL_SHA1,-
1785 TLS1_VERSION, TLS1_2_VERSION,-
1786 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1787 SSL_HIGH | SSL_FIPS,-
1788 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1789 128,-
1790 128,-
1791 },-
1792 {-
1793 1,-
1794 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,-
1795 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,-
1796 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,-
1797 SSL_kECDHEPSK,-
1798 SSL_aPSK,-
1799 SSL_AES256,-
1800 SSL_SHA1,-
1801 TLS1_VERSION, TLS1_2_VERSION,-
1802 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1803 SSL_HIGH | SSL_FIPS,-
1804 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1805 256,-
1806 256,-
1807 },-
1808 {-
1809 1,-
1810 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,-
1811 TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,-
1812 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,-
1813 SSL_kECDHEPSK,-
1814 SSL_aPSK,-
1815 SSL_AES128,-
1816 SSL_SHA256,-
1817 TLS1_VERSION, TLS1_2_VERSION,-
1818 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1819 SSL_HIGH | SSL_FIPS,-
1820 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1821 128,-
1822 128,-
1823 },-
1824 {-
1825 1,-
1826 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,-
1827 TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,-
1828 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,-
1829 SSL_kECDHEPSK,-
1830 SSL_aPSK,-
1831 SSL_AES256,-
1832 SSL_SHA384,-
1833 TLS1_VERSION, TLS1_2_VERSION,-
1834 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1835 SSL_HIGH | SSL_FIPS,-
1836 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1837 256,-
1838 256,-
1839 },-
1840 {-
1841 1,-
1842 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,-
1843 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,-
1844 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,-
1845 SSL_kECDHEPSK,-
1846 SSL_aPSK,-
1847 SSL_eNULL,-
1848 SSL_SHA1,-
1849 TLS1_VERSION, TLS1_2_VERSION,-
1850 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1851 SSL_STRONG_NONE | SSL_FIPS,-
1852 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1853 0,-
1854 0,-
1855 },-
1856 {-
1857 1,-
1858 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,-
1859 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,-
1860 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,-
1861 SSL_kECDHEPSK,-
1862 SSL_aPSK,-
1863 SSL_eNULL,-
1864 SSL_SHA256,-
1865 TLS1_VERSION, TLS1_2_VERSION,-
1866 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1867 SSL_STRONG_NONE | SSL_FIPS,-
1868 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1869 0,-
1870 0,-
1871 },-
1872 {-
1873 1,-
1874 TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,-
1875 TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,-
1876 TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,-
1877 SSL_kECDHEPSK,-
1878 SSL_aPSK,-
1879 SSL_eNULL,-
1880 SSL_SHA384,-
1881 TLS1_VERSION, TLS1_2_VERSION,-
1882 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1883 SSL_STRONG_NONE | SSL_FIPS,-
1884 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
1885 0,-
1886 0,-
1887 },-
1888-
1889# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
1890 {-
1891 1,-
1892 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,-
1893 TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,-
1894 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,-
1895 SSL_kSRP,-
1896 SSL_aSRP,-
1897 SSL_3DES,-
1898 SSL_SHA1,-
1899 SSL3_VERSION, TLS1_2_VERSION,-
1900 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1901 SSL_NOT_DEFAULT | SSL_MEDIUM,-
1902 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1903 112,-
1904 168,-
1905 },-
1906 {-
1907 1,-
1908 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,-
1909 TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,-
1910 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,-
1911 SSL_kSRP,-
1912 SSL_aRSA,-
1913 SSL_3DES,-
1914 SSL_SHA1,-
1915 SSL3_VERSION, TLS1_2_VERSION,-
1916 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1917 SSL_NOT_DEFAULT | SSL_MEDIUM,-
1918 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1919 112,-
1920 168,-
1921 },-
1922 {-
1923 1,-
1924 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,-
1925 TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,-
1926 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,-
1927 SSL_kSRP,-
1928 SSL_aDSS,-
1929 SSL_3DES,-
1930 SSL_SHA1,-
1931 SSL3_VERSION, TLS1_2_VERSION,-
1932 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1933 SSL_NOT_DEFAULT | SSL_MEDIUM,-
1934 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1935 112,-
1936 168,-
1937 },-
1938# endif-
1939 {-
1940 1,-
1941 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,-
1942 TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,-
1943 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,-
1944 SSL_kSRP,-
1945 SSL_aSRP,-
1946 SSL_AES128,-
1947 SSL_SHA1,-
1948 SSL3_VERSION, TLS1_2_VERSION,-
1949 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1950 SSL_HIGH,-
1951 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1952 128,-
1953 128,-
1954 },-
1955 {-
1956 1,-
1957 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,-
1958 TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,-
1959 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,-
1960 SSL_kSRP,-
1961 SSL_aRSA,-
1962 SSL_AES128,-
1963 SSL_SHA1,-
1964 SSL3_VERSION, TLS1_2_VERSION,-
1965 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1966 SSL_HIGH,-
1967 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1968 128,-
1969 128,-
1970 },-
1971 {-
1972 1,-
1973 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,-
1974 TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,-
1975 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,-
1976 SSL_kSRP,-
1977 SSL_aDSS,-
1978 SSL_AES128,-
1979 SSL_SHA1,-
1980 SSL3_VERSION, TLS1_2_VERSION,-
1981 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1982 SSL_NOT_DEFAULT | SSL_HIGH,-
1983 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
1984 128,-
1985 128,-
1986 },-
1987 {-
1988 1,-
1989 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,-
1990 TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,-
1991 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,-
1992 SSL_kSRP,-
1993 SSL_aSRP,-
1994 SSL_AES256,-
1995 SSL_SHA1,-
1996 SSL3_VERSION, TLS1_2_VERSION,-
1997 DTLS1_BAD_VER, DTLS1_2_VERSION,-
1998 SSL_HIGH,-
1999 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2000 256,-
2001 256,-
2002 },-
2003 {-
2004 1,-
2005 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,-
2006 TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,-
2007 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,-
2008 SSL_kSRP,-
2009 SSL_aRSA,-
2010 SSL_AES256,-
2011 SSL_SHA1,-
2012 SSL3_VERSION, TLS1_2_VERSION,-
2013 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2014 SSL_HIGH,-
2015 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2016 256,-
2017 256,-
2018 },-
2019 {-
2020 1,-
2021 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,-
2022 TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,-
2023 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,-
2024 SSL_kSRP,-
2025 SSL_aDSS,-
2026 SSL_AES256,-
2027 SSL_SHA1,-
2028 SSL3_VERSION, TLS1_2_VERSION,-
2029 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2030 SSL_NOT_DEFAULT | SSL_HIGH,-
2031 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2032 256,-
2033 256,-
2034 },-
2035-
2036#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)-
2037 {-
2038 1,-
2039 TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,-
2040 TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,-
2041 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,-
2042 SSL_kDHE,-
2043 SSL_aRSA,-
2044 SSL_CHACHA20POLY1305,-
2045 SSL_AEAD,-
2046 TLS1_2_VERSION, TLS1_2_VERSION,-
2047 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2048 SSL_HIGH,-
2049 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2050 256,-
2051 256,-
2052 },-
2053 {-
2054 1,-
2055 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,-
2056 TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,-
2057 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,-
2058 SSL_kECDHE,-
2059 SSL_aRSA,-
2060 SSL_CHACHA20POLY1305,-
2061 SSL_AEAD,-
2062 TLS1_2_VERSION, TLS1_2_VERSION,-
2063 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2064 SSL_HIGH,-
2065 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2066 256,-
2067 256,-
2068 },-
2069 {-
2070 1,-
2071 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,-
2072 TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,-
2073 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,-
2074 SSL_kECDHE,-
2075 SSL_aECDSA,-
2076 SSL_CHACHA20POLY1305,-
2077 SSL_AEAD,-
2078 TLS1_2_VERSION, TLS1_2_VERSION,-
2079 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2080 SSL_HIGH,-
2081 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2082 256,-
2083 256,-
2084 },-
2085 {-
2086 1,-
2087 TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,-
2088 TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,-
2089 TLS1_CK_PSK_WITH_CHACHA20_POLY1305,-
2090 SSL_kPSK,-
2091 SSL_aPSK,-
2092 SSL_CHACHA20POLY1305,-
2093 SSL_AEAD,-
2094 TLS1_2_VERSION, TLS1_2_VERSION,-
2095 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2096 SSL_HIGH,-
2097 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2098 256,-
2099 256,-
2100 },-
2101 {-
2102 1,-
2103 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,-
2104 TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,-
2105 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,-
2106 SSL_kECDHEPSK,-
2107 SSL_aPSK,-
2108 SSL_CHACHA20POLY1305,-
2109 SSL_AEAD,-
2110 TLS1_2_VERSION, TLS1_2_VERSION,-
2111 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2112 SSL_HIGH,-
2113 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2114 256,-
2115 256,-
2116 },-
2117 {-
2118 1,-
2119 TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,-
2120 TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,-
2121 TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,-
2122 SSL_kDHEPSK,-
2123 SSL_aPSK,-
2124 SSL_CHACHA20POLY1305,-
2125 SSL_AEAD,-
2126 TLS1_2_VERSION, TLS1_2_VERSION,-
2127 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2128 SSL_HIGH,-
2129 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2130 256,-
2131 256,-
2132 },-
2133 {-
2134 1,-
2135 TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,-
2136 TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,-
2137 TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,-
2138 SSL_kRSAPSK,-
2139 SSL_aRSA,-
2140 SSL_CHACHA20POLY1305,-
2141 SSL_AEAD,-
2142 TLS1_2_VERSION, TLS1_2_VERSION,-
2143 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2144 SSL_HIGH,-
2145 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2146 256,-
2147 256,-
2148 },-
2149#endif /* !defined(OPENSSL_NO_CHACHA) &&-
2150 * !defined(OPENSSL_NO_POLY1305) */-
2151-
2152#ifndef OPENSSL_NO_CAMELLIA-
2153 {-
2154 1,-
2155 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
2156 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
2157 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
2158 SSL_kRSA,-
2159 SSL_aRSA,-
2160 SSL_CAMELLIA128,-
2161 SSL_SHA256,-
2162 TLS1_2_VERSION, TLS1_2_VERSION,-
2163 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2164 SSL_NOT_DEFAULT | SSL_HIGH,-
2165 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2166 128,-
2167 128,-
2168 },-
2169 {-
2170 1,-
2171 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,-
2172 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,-
2173 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,-
2174 SSL_kEDH,-
2175 SSL_aDSS,-
2176 SSL_CAMELLIA128,-
2177 SSL_SHA256,-
2178 TLS1_2_VERSION, TLS1_2_VERSION,-
2179 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2180 SSL_NOT_DEFAULT | SSL_HIGH,-
2181 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2182 128,-
2183 128,-
2184 },-
2185 {-
2186 1,-
2187 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
2188 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
2189 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
2190 SSL_kEDH,-
2191 SSL_aRSA,-
2192 SSL_CAMELLIA128,-
2193 SSL_SHA256,-
2194 TLS1_2_VERSION, TLS1_2_VERSION,-
2195 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2196 SSL_NOT_DEFAULT | SSL_HIGH,-
2197 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2198 128,-
2199 128,-
2200 },-
2201 {-
2202 1,-
2203 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,-
2204 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,-
2205 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,-
2206 SSL_kEDH,-
2207 SSL_aNULL,-
2208 SSL_CAMELLIA128,-
2209 SSL_SHA256,-
2210 TLS1_2_VERSION, TLS1_2_VERSION,-
2211 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2212 SSL_NOT_DEFAULT | SSL_HIGH,-
2213 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2214 128,-
2215 128,-
2216 },-
2217 {-
2218 1,-
2219 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
2220 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
2221 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
2222 SSL_kRSA,-
2223 SSL_aRSA,-
2224 SSL_CAMELLIA256,-
2225 SSL_SHA256,-
2226 TLS1_2_VERSION, TLS1_2_VERSION,-
2227 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2228 SSL_NOT_DEFAULT | SSL_HIGH,-
2229 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2230 256,-
2231 256,-
2232 },-
2233 {-
2234 1,-
2235 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,-
2236 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,-
2237 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,-
2238 SSL_kEDH,-
2239 SSL_aDSS,-
2240 SSL_CAMELLIA256,-
2241 SSL_SHA256,-
2242 TLS1_2_VERSION, TLS1_2_VERSION,-
2243 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2244 SSL_NOT_DEFAULT | SSL_HIGH,-
2245 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2246 256,-
2247 256,-
2248 },-
2249 {-
2250 1,-
2251 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
2252 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
2253 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,-
2254 SSL_kEDH,-
2255 SSL_aRSA,-
2256 SSL_CAMELLIA256,-
2257 SSL_SHA256,-
2258 TLS1_2_VERSION, TLS1_2_VERSION,-
2259 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2260 SSL_NOT_DEFAULT | SSL_HIGH,-
2261 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2262 256,-
2263 256,-
2264 },-
2265 {-
2266 1,-
2267 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,-
2268 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,-
2269 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,-
2270 SSL_kEDH,-
2271 SSL_aNULL,-
2272 SSL_CAMELLIA256,-
2273 SSL_SHA256,-
2274 TLS1_2_VERSION, TLS1_2_VERSION,-
2275 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2276 SSL_NOT_DEFAULT | SSL_HIGH,-
2277 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2278 256,-
2279 256,-
2280 },-
2281 {-
2282 1,-
2283 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,-
2284 TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,-
2285 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,-
2286 SSL_kRSA,-
2287 SSL_aRSA,-
2288 SSL_CAMELLIA256,-
2289 SSL_SHA1,-
2290 SSL3_VERSION, TLS1_2_VERSION,-
2291 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2292 SSL_NOT_DEFAULT | SSL_HIGH,-
2293 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2294 256,-
2295 256,-
2296 },-
2297 {-
2298 1,-
2299 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,-
2300 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,-
2301 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,-
2302 SSL_kDHE,-
2303 SSL_aDSS,-
2304 SSL_CAMELLIA256,-
2305 SSL_SHA1,-
2306 SSL3_VERSION, TLS1_2_VERSION,-
2307 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2308 SSL_NOT_DEFAULT | SSL_HIGH,-
2309 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2310 256,-
2311 256,-
2312 },-
2313 {-
2314 1,-
2315 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,-
2316 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,-
2317 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,-
2318 SSL_kDHE,-
2319 SSL_aRSA,-
2320 SSL_CAMELLIA256,-
2321 SSL_SHA1,-
2322 SSL3_VERSION, TLS1_2_VERSION,-
2323 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2324 SSL_NOT_DEFAULT | SSL_HIGH,-
2325 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2326 256,-
2327 256,-
2328 },-
2329 {-
2330 1,-
2331 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,-
2332 TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,-
2333 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,-
2334 SSL_kDHE,-
2335 SSL_aNULL,-
2336 SSL_CAMELLIA256,-
2337 SSL_SHA1,-
2338 SSL3_VERSION, TLS1_2_VERSION,-
2339 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2340 SSL_NOT_DEFAULT | SSL_HIGH,-
2341 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2342 256,-
2343 256,-
2344 },-
2345 {-
2346 1,-
2347 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,-
2348 TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,-
2349 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,-
2350 SSL_kRSA,-
2351 SSL_aRSA,-
2352 SSL_CAMELLIA128,-
2353 SSL_SHA1,-
2354 SSL3_VERSION, TLS1_2_VERSION,-
2355 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2356 SSL_NOT_DEFAULT | SSL_HIGH,-
2357 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2358 128,-
2359 128,-
2360 },-
2361 {-
2362 1,-
2363 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,-
2364 TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,-
2365 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,-
2366 SSL_kDHE,-
2367 SSL_aDSS,-
2368 SSL_CAMELLIA128,-
2369 SSL_SHA1,-
2370 SSL3_VERSION, TLS1_2_VERSION,-
2371 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2372 SSL_NOT_DEFAULT | SSL_HIGH,-
2373 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2374 128,-
2375 128,-
2376 },-
2377 {-
2378 1,-
2379 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,-
2380 TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,-
2381 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,-
2382 SSL_kDHE,-
2383 SSL_aRSA,-
2384 SSL_CAMELLIA128,-
2385 SSL_SHA1,-
2386 SSL3_VERSION, TLS1_2_VERSION,-
2387 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2388 SSL_NOT_DEFAULT | SSL_HIGH,-
2389 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2390 128,-
2391 128,-
2392 },-
2393 {-
2394 1,-
2395 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,-
2396 TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,-
2397 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,-
2398 SSL_kDHE,-
2399 SSL_aNULL,-
2400 SSL_CAMELLIA128,-
2401 SSL_SHA1,-
2402 SSL3_VERSION, TLS1_2_VERSION,-
2403 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2404 SSL_NOT_DEFAULT | SSL_HIGH,-
2405 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2406 128,-
2407 128,-
2408 },-
2409 {-
2410 1,-
2411 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,-
2412 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,-
2413 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,-
2414 SSL_kECDHE,-
2415 SSL_aECDSA,-
2416 SSL_CAMELLIA128,-
2417 SSL_SHA256,-
2418 TLS1_2_VERSION, TLS1_2_VERSION,-
2419 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2420 SSL_NOT_DEFAULT | SSL_HIGH,-
2421 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2422 128,-
2423 128,-
2424 },-
2425 {-
2426 1,-
2427 TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,-
2428 TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,-
2429 TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,-
2430 SSL_kECDHE,-
2431 SSL_aECDSA,-
2432 SSL_CAMELLIA256,-
2433 SSL_SHA384,-
2434 TLS1_2_VERSION, TLS1_2_VERSION,-
2435 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2436 SSL_NOT_DEFAULT | SSL_HIGH,-
2437 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
2438 256,-
2439 256,-
2440 },-
2441 {-
2442 1,-
2443 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
2444 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
2445 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,-
2446 SSL_kECDHE,-
2447 SSL_aRSA,-
2448 SSL_CAMELLIA128,-
2449 SSL_SHA256,-
2450 TLS1_2_VERSION, TLS1_2_VERSION,-
2451 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2452 SSL_NOT_DEFAULT | SSL_HIGH,-
2453 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2454 128,-
2455 128,-
2456 },-
2457 {-
2458 1,-
2459 TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,-
2460 TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,-
2461 TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,-
2462 SSL_kECDHE,-
2463 SSL_aRSA,-
2464 SSL_CAMELLIA256,-
2465 SSL_SHA384,-
2466 TLS1_2_VERSION, TLS1_2_VERSION,-
2467 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2468 SSL_NOT_DEFAULT | SSL_HIGH,-
2469 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
2470 256,-
2471 256,-
2472 },-
2473 {-
2474 1,-
2475 TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2476 TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2477 TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2478 SSL_kPSK,-
2479 SSL_aPSK,-
2480 SSL_CAMELLIA128,-
2481 SSL_SHA256,-
2482 TLS1_VERSION, TLS1_2_VERSION,-
2483 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2484 SSL_NOT_DEFAULT | SSL_HIGH,-
2485 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2486 128,-
2487 128,-
2488 },-
2489 {-
2490 1,-
2491 TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2492 TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2493 TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2494 SSL_kPSK,-
2495 SSL_aPSK,-
2496 SSL_CAMELLIA256,-
2497 SSL_SHA384,-
2498 TLS1_VERSION, TLS1_2_VERSION,-
2499 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2500 SSL_NOT_DEFAULT | SSL_HIGH,-
2501 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
2502 256,-
2503 256,-
2504 },-
2505 {-
2506 1,-
2507 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2508 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2509 TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2510 SSL_kDHEPSK,-
2511 SSL_aPSK,-
2512 SSL_CAMELLIA128,-
2513 SSL_SHA256,-
2514 TLS1_VERSION, TLS1_2_VERSION,-
2515 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2516 SSL_NOT_DEFAULT | SSL_HIGH,-
2517 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2518 128,-
2519 128,-
2520 },-
2521 {-
2522 1,-
2523 TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2524 TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2525 TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2526 SSL_kDHEPSK,-
2527 SSL_aPSK,-
2528 SSL_CAMELLIA256,-
2529 SSL_SHA384,-
2530 TLS1_VERSION, TLS1_2_VERSION,-
2531 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2532 SSL_NOT_DEFAULT | SSL_HIGH,-
2533 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
2534 256,-
2535 256,-
2536 },-
2537 {-
2538 1,-
2539 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2540 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2541 TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2542 SSL_kRSAPSK,-
2543 SSL_aRSA,-
2544 SSL_CAMELLIA128,-
2545 SSL_SHA256,-
2546 TLS1_VERSION, TLS1_2_VERSION,-
2547 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2548 SSL_NOT_DEFAULT | SSL_HIGH,-
2549 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2550 128,-
2551 128,-
2552 },-
2553 {-
2554 1,-
2555 TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2556 TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2557 TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2558 SSL_kRSAPSK,-
2559 SSL_aRSA,-
2560 SSL_CAMELLIA256,-
2561 SSL_SHA384,-
2562 TLS1_VERSION, TLS1_2_VERSION,-
2563 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2564 SSL_NOT_DEFAULT | SSL_HIGH,-
2565 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
2566 256,-
2567 256,-
2568 },-
2569 {-
2570 1,-
2571 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2572 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2573 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,-
2574 SSL_kECDHEPSK,-
2575 SSL_aPSK,-
2576 SSL_CAMELLIA128,-
2577 SSL_SHA256,-
2578 TLS1_VERSION, TLS1_2_VERSION,-
2579 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2580 SSL_NOT_DEFAULT | SSL_HIGH,-
2581 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2582 128,-
2583 128,-
2584 },-
2585 {-
2586 1,-
2587 TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2588 TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2589 TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,-
2590 SSL_kECDHEPSK,-
2591 SSL_aPSK,-
2592 SSL_CAMELLIA256,-
2593 SSL_SHA384,-
2594 TLS1_VERSION, TLS1_2_VERSION,-
2595 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2596 SSL_NOT_DEFAULT | SSL_HIGH,-
2597 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
2598 256,-
2599 256,-
2600 },-
2601#endif /* OPENSSL_NO_CAMELLIA */-
2602-
2603#ifndef OPENSSL_NO_GOST-
2604 {-
2605 1,-
2606 "GOST2001-GOST89-GOST89",-
2607 "TLS_GOSTR341001_WITH_28147_CNT_IMIT",-
2608 0x3000081,-
2609 SSL_kGOST,-
2610 SSL_aGOST01,-
2611 SSL_eGOST2814789CNT,-
2612 SSL_GOST89MAC,-
2613 TLS1_VERSION, TLS1_2_VERSION,-
2614 0, 0,-
2615 SSL_HIGH,-
2616 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,-
2617 256,-
2618 256,-
2619 },-
2620 {-
2621 1,-
2622 "GOST2001-NULL-GOST94",-
2623 "TLS_GOSTR341001_WITH_NULL_GOSTR3411",-
2624 0x3000083,-
2625 SSL_kGOST,-
2626 SSL_aGOST01,-
2627 SSL_eNULL,-
2628 SSL_GOST94,-
2629 TLS1_VERSION, TLS1_2_VERSION,-
2630 0, 0,-
2631 SSL_STRONG_NONE,-
2632 SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,-
2633 0,-
2634 0,-
2635 },-
2636 {-
2637 1,-
2638 "GOST2012-GOST8912-GOST8912",-
2639 NULL,-
2640 0x0300ff85,-
2641 SSL_kGOST,-
2642 SSL_aGOST12 | SSL_aGOST01,-
2643 SSL_eGOST2814789CNT12,-
2644 SSL_GOST89MAC12,-
2645 TLS1_VERSION, TLS1_2_VERSION,-
2646 0, 0,-
2647 SSL_HIGH,-
2648 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,-
2649 256,-
2650 256,-
2651 },-
2652 {-
2653 1,-
2654 "GOST2012-NULL-GOST12",-
2655 NULL,-
2656 0x0300ff87,-
2657 SSL_kGOST,-
2658 SSL_aGOST12 | SSL_aGOST01,-
2659 SSL_eNULL,-
2660 SSL_GOST12_256,-
2661 TLS1_VERSION, TLS1_2_VERSION,-
2662 0, 0,-
2663 SSL_STRONG_NONE,-
2664 SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,-
2665 0,-
2666 0,-
2667 },-
2668#endif /* OPENSSL_NO_GOST */-
2669-
2670#ifndef OPENSSL_NO_IDEA-
2671 {-
2672 1,-
2673 SSL3_TXT_RSA_IDEA_128_SHA,-
2674 SSL3_RFC_RSA_IDEA_128_SHA,-
2675 SSL3_CK_RSA_IDEA_128_SHA,-
2676 SSL_kRSA,-
2677 SSL_aRSA,-
2678 SSL_IDEA,-
2679 SSL_SHA1,-
2680 SSL3_VERSION, TLS1_1_VERSION,-
2681 DTLS1_BAD_VER, DTLS1_VERSION,-
2682 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2683 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2684 128,-
2685 128,-
2686 },-
2687#endif-
2688-
2689#ifndef OPENSSL_NO_SEED-
2690 {-
2691 1,-
2692 TLS1_TXT_RSA_WITH_SEED_SHA,-
2693 TLS1_RFC_RSA_WITH_SEED_SHA,-
2694 TLS1_CK_RSA_WITH_SEED_SHA,-
2695 SSL_kRSA,-
2696 SSL_aRSA,-
2697 SSL_SEED,-
2698 SSL_SHA1,-
2699 SSL3_VERSION, TLS1_2_VERSION,-
2700 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2701 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2702 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2703 128,-
2704 128,-
2705 },-
2706 {-
2707 1,-
2708 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,-
2709 TLS1_RFC_DHE_DSS_WITH_SEED_SHA,-
2710 TLS1_CK_DHE_DSS_WITH_SEED_SHA,-
2711 SSL_kDHE,-
2712 SSL_aDSS,-
2713 SSL_SEED,-
2714 SSL_SHA1,-
2715 SSL3_VERSION, TLS1_2_VERSION,-
2716 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2717 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2718 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2719 128,-
2720 128,-
2721 },-
2722 {-
2723 1,-
2724 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,-
2725 TLS1_RFC_DHE_RSA_WITH_SEED_SHA,-
2726 TLS1_CK_DHE_RSA_WITH_SEED_SHA,-
2727 SSL_kDHE,-
2728 SSL_aRSA,-
2729 SSL_SEED,-
2730 SSL_SHA1,-
2731 SSL3_VERSION, TLS1_2_VERSION,-
2732 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2733 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2734 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2735 128,-
2736 128,-
2737 },-
2738 {-
2739 1,-
2740 TLS1_TXT_ADH_WITH_SEED_SHA,-
2741 TLS1_RFC_ADH_WITH_SEED_SHA,-
2742 TLS1_CK_ADH_WITH_SEED_SHA,-
2743 SSL_kDHE,-
2744 SSL_aNULL,-
2745 SSL_SEED,-
2746 SSL_SHA1,-
2747 SSL3_VERSION, TLS1_2_VERSION,-
2748 DTLS1_BAD_VER, DTLS1_2_VERSION,-
2749 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2750 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2751 128,-
2752 128,-
2753 },-
2754#endif /* OPENSSL_NO_SEED */-
2755-
2756#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS-
2757 {-
2758 1,-
2759 SSL3_TXT_RSA_RC4_128_MD5,-
2760 SSL3_RFC_RSA_RC4_128_MD5,-
2761 SSL3_CK_RSA_RC4_128_MD5,-
2762 SSL_kRSA,-
2763 SSL_aRSA,-
2764 SSL_RC4,-
2765 SSL_MD5,-
2766 SSL3_VERSION, TLS1_2_VERSION,-
2767 0, 0,-
2768 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2769 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2770 128,-
2771 128,-
2772 },-
2773 {-
2774 1,-
2775 SSL3_TXT_RSA_RC4_128_SHA,-
2776 SSL3_RFC_RSA_RC4_128_SHA,-
2777 SSL3_CK_RSA_RC4_128_SHA,-
2778 SSL_kRSA,-
2779 SSL_aRSA,-
2780 SSL_RC4,-
2781 SSL_SHA1,-
2782 SSL3_VERSION, TLS1_2_VERSION,-
2783 0, 0,-
2784 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2785 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2786 128,-
2787 128,-
2788 },-
2789 {-
2790 1,-
2791 SSL3_TXT_ADH_RC4_128_MD5,-
2792 SSL3_RFC_ADH_RC4_128_MD5,-
2793 SSL3_CK_ADH_RC4_128_MD5,-
2794 SSL_kDHE,-
2795 SSL_aNULL,-
2796 SSL_RC4,-
2797 SSL_MD5,-
2798 SSL3_VERSION, TLS1_2_VERSION,-
2799 0, 0,-
2800 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2801 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2802 128,-
2803 128,-
2804 },-
2805 {-
2806 1,-
2807 TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,-
2808 TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,-
2809 TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,-
2810 SSL_kECDHEPSK,-
2811 SSL_aPSK,-
2812 SSL_RC4,-
2813 SSL_SHA1,-
2814 TLS1_VERSION, TLS1_2_VERSION,-
2815 0, 0,-
2816 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2817 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2818 128,-
2819 128,-
2820 },-
2821 {-
2822 1,-
2823 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,-
2824 TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,-
2825 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,-
2826 SSL_kECDHE,-
2827 SSL_aNULL,-
2828 SSL_RC4,-
2829 SSL_SHA1,-
2830 TLS1_VERSION, TLS1_2_VERSION,-
2831 0, 0,-
2832 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2833 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2834 128,-
2835 128,-
2836 },-
2837 {-
2838 1,-
2839 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,-
2840 TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,-
2841 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,-
2842 SSL_kECDHE,-
2843 SSL_aECDSA,-
2844 SSL_RC4,-
2845 SSL_SHA1,-
2846 TLS1_VERSION, TLS1_2_VERSION,-
2847 0, 0,-
2848 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2849 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2850 128,-
2851 128,-
2852 },-
2853 {-
2854 1,-
2855 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,-
2856 TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,-
2857 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,-
2858 SSL_kECDHE,-
2859 SSL_aRSA,-
2860 SSL_RC4,-
2861 SSL_SHA1,-
2862 TLS1_VERSION, TLS1_2_VERSION,-
2863 0, 0,-
2864 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2865 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2866 128,-
2867 128,-
2868 },-
2869 {-
2870 1,-
2871 TLS1_TXT_PSK_WITH_RC4_128_SHA,-
2872 TLS1_RFC_PSK_WITH_RC4_128_SHA,-
2873 TLS1_CK_PSK_WITH_RC4_128_SHA,-
2874 SSL_kPSK,-
2875 SSL_aPSK,-
2876 SSL_RC4,-
2877 SSL_SHA1,-
2878 SSL3_VERSION, TLS1_2_VERSION,-
2879 0, 0,-
2880 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2881 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2882 128,-
2883 128,-
2884 },-
2885 {-
2886 1,-
2887 TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,-
2888 TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,-
2889 TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,-
2890 SSL_kRSAPSK,-
2891 SSL_aRSA,-
2892 SSL_RC4,-
2893 SSL_SHA1,-
2894 SSL3_VERSION, TLS1_2_VERSION,-
2895 0, 0,-
2896 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2897 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2898 128,-
2899 128,-
2900 },-
2901 {-
2902 1,-
2903 TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,-
2904 TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,-
2905 TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,-
2906 SSL_kDHEPSK,-
2907 SSL_aPSK,-
2908 SSL_RC4,-
2909 SSL_SHA1,-
2910 SSL3_VERSION, TLS1_2_VERSION,-
2911 0, 0,-
2912 SSL_NOT_DEFAULT | SSL_MEDIUM,-
2913 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,-
2914 128,-
2915 128,-
2916 },-
2917#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */-
2918-
2919#ifndef OPENSSL_NO_ARIA-
2920 {-
2921 1,-
2922 TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,-
2923 TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,-
2924 TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,-
2925 SSL_kRSA,-
2926 SSL_aRSA,-
2927 SSL_ARIA128GCM,-
2928 SSL_AEAD,-
2929 TLS1_2_VERSION, TLS1_2_VERSION,-
2930 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2931 SSL_NOT_DEFAULT | SSL_HIGH,-
2932 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2933 128,-
2934 128,-
2935 },-
2936 {-
2937 1,-
2938 TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,-
2939 TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,-
2940 TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,-
2941 SSL_kRSA,-
2942 SSL_aRSA,-
2943 SSL_ARIA256GCM,-
2944 SSL_AEAD,-
2945 TLS1_2_VERSION, TLS1_2_VERSION,-
2946 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2947 SSL_NOT_DEFAULT | SSL_HIGH,-
2948 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
2949 256,-
2950 256,-
2951 },-
2952 {-
2953 1,-
2954 TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,-
2955 TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,-
2956 TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,-
2957 SSL_kDHE,-
2958 SSL_aRSA,-
2959 SSL_ARIA128GCM,-
2960 SSL_AEAD,-
2961 TLS1_2_VERSION, TLS1_2_VERSION,-
2962 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2963 SSL_NOT_DEFAULT | SSL_HIGH,-
2964 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2965 128,-
2966 128,-
2967 },-
2968 {-
2969 1,-
2970 TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,-
2971 TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,-
2972 TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,-
2973 SSL_kDHE,-
2974 SSL_aRSA,-
2975 SSL_ARIA256GCM,-
2976 SSL_AEAD,-
2977 TLS1_2_VERSION, TLS1_2_VERSION,-
2978 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2979 SSL_NOT_DEFAULT | SSL_HIGH,-
2980 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
2981 256,-
2982 256,-
2983 },-
2984 {-
2985 1,-
2986 TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,-
2987 TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,-
2988 TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,-
2989 SSL_kDHE,-
2990 SSL_aDSS,-
2991 SSL_ARIA128GCM,-
2992 SSL_AEAD,-
2993 TLS1_2_VERSION, TLS1_2_VERSION,-
2994 DTLS1_2_VERSION, DTLS1_2_VERSION,-
2995 SSL_NOT_DEFAULT | SSL_HIGH,-
2996 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
2997 128,-
2998 128,-
2999 },-
3000 {-
3001 1,-
3002 TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,-
3003 TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,-
3004 TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,-
3005 SSL_kDHE,-
3006 SSL_aDSS,-
3007 SSL_ARIA256GCM,-
3008 SSL_AEAD,-
3009 TLS1_2_VERSION, TLS1_2_VERSION,-
3010 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3011 SSL_NOT_DEFAULT | SSL_HIGH,-
3012 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
3013 256,-
3014 256,-
3015 },-
3016 {-
3017 1,-
3018 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,-
3019 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,-
3020 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,-
3021 SSL_kECDHE,-
3022 SSL_aECDSA,-
3023 SSL_ARIA128GCM,-
3024 SSL_AEAD,-
3025 TLS1_2_VERSION, TLS1_2_VERSION,-
3026 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3027 SSL_NOT_DEFAULT | SSL_HIGH,-
3028 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
3029 128,-
3030 128,-
3031 },-
3032 {-
3033 1,-
3034 TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,-
3035 TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,-
3036 TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,-
3037 SSL_kECDHE,-
3038 SSL_aECDSA,-
3039 SSL_ARIA256GCM,-
3040 SSL_AEAD,-
3041 TLS1_2_VERSION, TLS1_2_VERSION,-
3042 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3043 SSL_NOT_DEFAULT | SSL_HIGH,-
3044 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
3045 256,-
3046 256,-
3047 },-
3048 {-
3049 1,-
3050 TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,-
3051 TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,-
3052 TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,-
3053 SSL_kECDHE,-
3054 SSL_aRSA,-
3055 SSL_ARIA128GCM,-
3056 SSL_AEAD,-
3057 TLS1_2_VERSION, TLS1_2_VERSION,-
3058 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3059 SSL_NOT_DEFAULT | SSL_HIGH,-
3060 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
3061 128,-
3062 128,-
3063 },-
3064 {-
3065 1,-
3066 TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,-
3067 TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,-
3068 TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,-
3069 SSL_kECDHE,-
3070 SSL_aRSA,-
3071 SSL_ARIA256GCM,-
3072 SSL_AEAD,-
3073 TLS1_2_VERSION, TLS1_2_VERSION,-
3074 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3075 SSL_NOT_DEFAULT | SSL_HIGH,-
3076 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
3077 256,-
3078 256,-
3079 },-
3080 {-
3081 1,-
3082 TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,-
3083 TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,-
3084 TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,-
3085 SSL_kPSK,-
3086 SSL_aPSK,-
3087 SSL_ARIA128GCM,-
3088 SSL_AEAD,-
3089 TLS1_2_VERSION, TLS1_2_VERSION,-
3090 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3091 SSL_NOT_DEFAULT | SSL_HIGH,-
3092 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
3093 128,-
3094 128,-
3095 },-
3096 {-
3097 1,-
3098 TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,-
3099 TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,-
3100 TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,-
3101 SSL_kPSK,-
3102 SSL_aPSK,-
3103 SSL_ARIA256GCM,-
3104 SSL_AEAD,-
3105 TLS1_2_VERSION, TLS1_2_VERSION,-
3106 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3107 SSL_NOT_DEFAULT | SSL_HIGH,-
3108 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
3109 256,-
3110 256,-
3111 },-
3112 {-
3113 1,-
3114 TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,-
3115 TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,-
3116 TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,-
3117 SSL_kDHEPSK,-
3118 SSL_aPSK,-
3119 SSL_ARIA128GCM,-
3120 SSL_AEAD,-
3121 TLS1_2_VERSION, TLS1_2_VERSION,-
3122 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3123 SSL_NOT_DEFAULT | SSL_HIGH,-
3124 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
3125 128,-
3126 128,-
3127 },-
3128 {-
3129 1,-
3130 TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,-
3131 TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,-
3132 TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,-
3133 SSL_kDHEPSK,-
3134 SSL_aPSK,-
3135 SSL_ARIA256GCM,-
3136 SSL_AEAD,-
3137 TLS1_2_VERSION, TLS1_2_VERSION,-
3138 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3139 SSL_NOT_DEFAULT | SSL_HIGH,-
3140 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
3141 256,-
3142 256,-
3143 },-
3144 {-
3145 1,-
3146 TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,-
3147 TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,-
3148 TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,-
3149 SSL_kRSAPSK,-
3150 SSL_aRSA,-
3151 SSL_ARIA128GCM,-
3152 SSL_AEAD,-
3153 TLS1_2_VERSION, TLS1_2_VERSION,-
3154 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3155 SSL_NOT_DEFAULT | SSL_HIGH,-
3156 SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,-
3157 128,-
3158 128,-
3159 },-
3160 {-
3161 1,-
3162 TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,-
3163 TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,-
3164 TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,-
3165 SSL_kRSAPSK,-
3166 SSL_aRSA,-
3167 SSL_ARIA256GCM,-
3168 SSL_AEAD,-
3169 TLS1_2_VERSION, TLS1_2_VERSION,-
3170 DTLS1_2_VERSION, DTLS1_2_VERSION,-
3171 SSL_NOT_DEFAULT | SSL_HIGH,-
3172 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,-
3173 256,-
3174 256,-
3175 },-
3176#endif /* OPENSSL_NO_ARIA */-
3177};-
3178-
3179/*-
3180 * The list of known Signalling Cipher-Suite Value "ciphers", non-valid-
3181 * values stuffed into the ciphers field of the wire protocol for signalling-
3182 * purposes.-
3183 */-
3184static SSL_CIPHER ssl3_scsvs[] = {-
3185 {-
3186 0,-
3187 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",-
3188 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",-
3189 SSL3_CK_SCSV,-
3190 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,-
3191 },-
3192 {-
3193 0,-
3194 "TLS_FALLBACK_SCSV",-
3195 "TLS_FALLBACK_SCSV",-
3196 SSL3_CK_FALLBACK_SCSV,-
3197 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,-
3198 },-
3199};-
3200-
3201static int cipher_compare(const void *a, const void *b)-
3202{-
3203 const SSL_CIPHER *ap = (const SSL_CIPHER *)a;-
3204 const SSL_CIPHER *bp = (const SSL_CIPHER *)b;-
3205-
3206 if (ap->id == bp->id)
ap->id == bp->idDescription
TRUEnever evaluated
FALSEevaluated 1587938 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-1587938
3207 return 0;
never executed: return 0;
0
3208 return ap->id < bp->id ? -1 : 1;
executed 1587938 times by 2 tests: return ap->id < bp->id ? -1 : 1;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
ap->id < bp->idDescription
TRUEevaluated 1029908 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 558030 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
558030-1587938
3209}-
3210-
3211void ssl_sort_cipher_list(void)-
3212{-
3213 qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),-
3214 cipher_compare);-
3215 qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),-
3216 cipher_compare);-
3217 qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);-
3218}
executed 1958 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
1958
3219-
3220static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,-
3221 const char * t, size_t u,-
3222 const unsigned char * v, size_t w, int x)-
3223{-
3224 (void)r;-
3225 (void)s;-
3226 (void)t;-
3227 (void)u;-
3228 (void)v;-
3229 (void)w;-
3230 (void)x;-
3231 return ssl_undefined_function(ssl);
never executed: return ssl_undefined_function(ssl);
0
3232}-
3233-
3234const SSL3_ENC_METHOD SSLv3_enc_data = {-
3235 ssl3_enc,-
3236 n_ssl3_mac,-
3237 ssl3_setup_key_block,-
3238 ssl3_generate_master_secret,-
3239 ssl3_change_cipher_state,-
3240 ssl3_final_finish_mac,-
3241 SSL3_MD_CLIENT_FINISHED_CONST, 4,-
3242 SSL3_MD_SERVER_FINISHED_CONST, 4,-
3243 ssl3_alert_code,-
3244 ssl_undefined_function_1,-
3245 0,-
3246 ssl3_set_handshake_header,-
3247 tls_close_construct_packet,-
3248 ssl3_handshake_write-
3249};-
3250-
3251long ssl3_default_timeout(void)-
3252{-
3253 /*-
3254 * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for-
3255 * http, the cache would over fill-
3256 */-
3257 return (60 * 60 * 2);
never executed: return (60 * 60 * 2);
0
3258}-
3259-
3260int ssl3_num_ciphers(void)-
3261{-
3262 return SSL3_NUM_CIPHERS;
executed 15196 times by 2 tests: return (sizeof(ssl3_ciphers)/sizeof((ssl3_ciphers)[0]));
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
15196
3263}-
3264-
3265const SSL_CIPHER *ssl3_get_cipher(unsigned int u)-
3266{-
3267 if (u < SSL3_NUM_CIPHERS)
u < (sizeof(ss..._ciphers)[0]))Description
TRUEevaluated 2492144 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEnever evaluated
0-2492144
3268 return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
executed 2492144 times by 2 tests: return &(ssl3_ciphers[(sizeof(ssl3_ciphers)/sizeof((ssl3_ciphers)[0])) - 1 - u]);
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
2492144
3269 else-
3270 return NULL;
never executed: return ((void *)0) ;
0
3271}-
3272-
3273int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)-
3274{-
3275 /* No header in the event of a CCS */-
3276 if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
htype == 0x0101Description
TRUEevaluated 4316 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 19811 times by 1 test
Evaluated by:
  • libssl.so.1.1
4316-19811
3277 return 1;
executed 4316 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
4316
3278-
3279 /* Set the content type and 3 bytes for the message len */-
3280 if (!WPACKET_put_bytes_u8(pkt, htype)
!WPACKET_put_b...), (htype), 1)Description
TRUEnever evaluated
FALSEevaluated 19811 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-19811
3281 || !WPACKET_start_sub_packet_u24(pkt))
!WPACKET_start...en__((pkt), 3)Description
TRUEnever evaluated
FALSEevaluated 19811 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-19811
3282 return 0;
never executed: return 0;
0
3283-
3284 return 1;
executed 19811 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
19811
3285}-
3286-
3287int ssl3_handshake_write(SSL *s)-
3288{-
3289 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
executed 19718 times by 1 test: return ssl3_do_write(s, 22);
Executed by:
  • libssl.so.1.1
19718
3290}-
3291-
3292int ssl3_new(SSL *s)-
3293{-
3294 SSL3_STATE *s3;-
3295-
3296 if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
(s3 = CRYPTO_z...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8322 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8322
3297 goto err;
never executed: goto err;
0
3298 s->s3 = s3;-
3299-
3300#ifndef OPENSSL_NO_SRP-
3301 if (!SSL_SRP_CTX_init(s))
!SSL_SRP_CTX_init(s)Description
TRUEnever evaluated
FALSEevaluated 8322 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8322
3302 goto err;
never executed: goto err;
0
3303#endif-
3304-
3305 if (!s->method->ssl_clear(s))
!s->method->ssl_clear(s)Description
TRUEnever evaluated
FALSEevaluated 8322 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8322
3306 return 0;
never executed: return 0;
0
3307-
3308 return 1;
executed 8322 times by 2 tests: return 1;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8322
3309 err:-
3310 return 0;
never executed: return 0;
0
3311}-
3312-
3313void ssl3_free(SSL *s)-
3314{-
3315 if (s == NULL || s->s3 == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8322 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
s->s3 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8322 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-8322
3316 return;
never executed: return;
0
3317-
3318 ssl3_cleanup_key_block(s);-
3319-
3320#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)-
3321 EVP_PKEY_free(s->s3->peer_tmp);-
3322 s->s3->peer_tmp = NULL;-
3323 EVP_PKEY_free(s->s3->tmp.pkey);-
3324 s->s3->tmp.pkey = NULL;-
3325#endif-
3326-
3327 OPENSSL_free(s->s3->tmp.ctype);-
3328 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);-
3329 OPENSSL_free(s->s3->tmp.ciphers_raw);-
3330 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);-
3331 OPENSSL_free(s->s3->tmp.peer_sigalgs);-
3332 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);-
3333 ssl3_free_digest_list(s);-
3334 OPENSSL_free(s->s3->alpn_selected);-
3335 OPENSSL_free(s->s3->alpn_proposed);-
3336-
3337#ifndef OPENSSL_NO_SRP-
3338 SSL_SRP_CTX_free(s);-
3339#endif-
3340 OPENSSL_clear_free(s->s3, sizeof(*s->s3));-
3341 s->s3 = NULL;-
3342}
executed 8322 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
8322
3343-
3344int ssl3_clear(SSL *s)-
3345{-
3346 ssl3_cleanup_key_block(s);-
3347 OPENSSL_free(s->s3->tmp.ctype);-
3348 sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);-
3349 OPENSSL_free(s->s3->tmp.ciphers_raw);-
3350 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);-
3351 OPENSSL_free(s->s3->tmp.peer_sigalgs);-
3352 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);-
3353-
3354#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)-
3355 EVP_PKEY_free(s->s3->tmp.pkey);-
3356 EVP_PKEY_free(s->s3->peer_tmp);-
3357#endif /* !OPENSSL_NO_EC */-
3358-
3359 ssl3_free_digest_list(s);-
3360-
3361 OPENSSL_free(s->s3->alpn_selected);-
3362 OPENSSL_free(s->s3->alpn_proposed);-
3363-
3364 /* NULL/zero-out everything in the s3 struct */-
3365 memset(s->s3, 0, sizeof(*s->s3));-
3366-
3367 if (!ssl_free_wbio_buffer(s))
!ssl_free_wbio_buffer(s)Description
TRUEnever evaluated
FALSEevaluated 32878 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
0-32878
3368 return 0;
never executed: return 0;
0
3369-
3370 s->version = SSL3_VERSION;-
3371-
3372#if !defined(OPENSSL_NO_NEXTPROTONEG)-
3373 OPENSSL_free(s->ext.npn);-
3374 s->ext.npn = NULL;-
3375 s->ext.npn_len = 0;-
3376#endif-
3377-
3378 return 1;
executed 32878 times by 2 tests: return 1;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
32878
3379}-
3380-
3381#ifndef OPENSSL_NO_SRP-
3382static char *srp_password_from_info_cb(SSL *s, void *arg)-
3383{-
3384 return OPENSSL_strdup(s->srp_ctx.info);
executed 6 times by 1 test: return CRYPTO_strdup(s->srp_ctx.info, __FILE__, 3384);
Executed by:
  • libssl.so.1.1
6
3385}-
3386#endif-
3387-
3388static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);-
3389-
3390long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)-
3391{-
3392 int ret = 0;-
3393-
3394 switch (cmd) {-
3395 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
never executed: case 9:
0
3396 break;
never executed: break;
0
3397 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
never executed: case 10:
0
3398 ret = s->s3->num_renegotiations;-
3399 break;
never executed: break;
0
3400 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
never executed: case 11:
0
3401 ret = s->s3->num_renegotiations;-
3402 s->s3->num_renegotiations = 0;-
3403 break;
never executed: break;
0
3404 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
executed 191 times by 1 test: case 12:
Executed by:
  • libssl.so.1.1
191
3405 ret = s->s3->total_renegotiations;-
3406 break;
executed 191 times by 1 test: break;
Executed by:
  • libssl.so.1.1
191
3407 case SSL_CTRL_GET_FLAGS:
never executed: case 13:
0
3408 ret = (int)(s->s3->flags);-
3409 break;
never executed: break;
0
3410#ifndef OPENSSL_NO_DH-
3411 case SSL_CTRL_SET_TMP_DH:
never executed: case 3:
0
3412 {-
3413 DH *dh = (DH *)parg;-
3414 EVP_PKEY *pkdh = NULL;-
3415 if (dh == NULL) {
dh == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3416 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);-
3417 return ret;
never executed: return ret;
0
3418 }-
3419 pkdh = ssl_dh_to_pkey(dh);-
3420 if (pkdh == NULL) {
pkdh == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3421 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);-
3422 return 0;
never executed: return 0;
0
3423 }-
3424 if (!ssl_security(s, SSL_SECOP_TMP_DH,
!ssl_security(...kdh), 0, pkdh)Description
TRUEnever evaluated
FALSEnever evaluated
0
3425 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
!ssl_security(...kdh), 0, pkdh)Description
TRUEnever evaluated
FALSEnever evaluated
0
3426 SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);-
3427 EVP_PKEY_free(pkdh);-
3428 return ret;
never executed: return ret;
0
3429 }-
3430 EVP_PKEY_free(s->cert->dh_tmp);-
3431 s->cert->dh_tmp = pkdh;-
3432 ret = 1;-
3433 }-
3434 break;
never executed: break;
0
3435 case SSL_CTRL_SET_TMP_DH_CB:
never executed: case 6:
0
3436 {-
3437 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
3438 return ret;
never executed: return ret;
0
3439 }-
3440 case SSL_CTRL_SET_DH_AUTO:
never executed: case 118:
0
3441 s->cert->dh_tmp_auto = larg;-
3442 return 1;
never executed: return 1;
0
3443#endif-
3444#ifndef OPENSSL_NO_EC-
3445 case SSL_CTRL_SET_TMP_ECDH:
never executed: case 4:
0
3446 {-
3447 const EC_GROUP *group = NULL;-
3448 int nid;-
3449-
3450 if (parg == NULL) {
parg == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3451 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);-
3452 return 0;
never executed: return 0;
0
3453 }-
3454 group = EC_KEY_get0_group((const EC_KEY *)parg);-
3455 if (group == NULL) {
group == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3456 SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);-
3457 return 0;
never executed: return 0;
0
3458 }-
3459 nid = EC_GROUP_get_curve_name(group);-
3460 if (nid == NID_undef)
nid == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
3461 return 0;
never executed: return 0;
0
3462 return tls1_set_groups(&s->ext.supportedgroups,
never executed: return tls1_set_groups(&s->ext.supportedgroups, &s->ext.supportedgroups_len, &nid, 1);
0
3463 &s->ext.supportedgroups_len,
never executed: return tls1_set_groups(&s->ext.supportedgroups, &s->ext.supportedgroups_len, &nid, 1);
0
3464 &nid, 1);
never executed: return tls1_set_groups(&s->ext.supportedgroups, &s->ext.supportedgroups_len, &nid, 1);
0
3465 }-
3466 break;
dead code: break;
-
3467#endif /* !OPENSSL_NO_EC */-
3468 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
executed 2603 times by 1 test: case 55:
Executed by:
  • libssl.so.1.1
2603
3469 /*-
3470 * TODO(OpenSSL1.2)-
3471 * This API is only used for a client to set what SNI it will request-
3472 * from the server, but we currently allow it to be used on servers-
3473 * as well, which is a programming error. Currently we just clear-
3474 * the field in SSL_do_handshake() for server SSLs, but when we can-
3475 * make ABI-breaking changes, we may want to make use of this API-
3476 * an error on server SSLs.-
3477 */-
3478 if (larg == TLSEXT_NAMETYPE_host_name) {
larg == 0Description
TRUEevaluated 2603 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2603
3479 size_t len;-
3480-
3481 OPENSSL_free(s->ext.hostname);-
3482 s->ext.hostname = NULL;-
3483-
3484 ret = 1;-
3485 if (parg == NULL)
parg == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2603 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2603
3486 break;
never executed: break;
0
3487 len = strlen((char *)parg);-
3488 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
len == 0Description
TRUEnever evaluated
FALSEevaluated 2603 times by 1 test
Evaluated by:
  • libssl.so.1.1
len > 255Description
TRUEnever evaluated
FALSEevaluated 2603 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2603
3489 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);-
3490 return 0;
never executed: return 0;
0
3491 }-
3492 if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
(s->ext.hostna...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2603 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2603
3493 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);-
3494 return 0;
never executed: return 0;
0
3495 }-
3496 } else {
executed 2603 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2603
3497 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);-
3498 return 0;
never executed: return 0;
0
3499 }-
3500 break;
executed 2603 times by 1 test: break;
Executed by:
  • libssl.so.1.1
2603
3501 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
never executed: case 57:
0
3502 s->ext.debug_arg = parg;-
3503 ret = 1;-
3504 break;
never executed: break;
0
3505-
3506 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
executed 3 times by 1 test: case 127:
Executed by:
  • libssl.so.1.1
3
3507 ret = s->ext.status_type;-
3508 break;
executed 3 times by 1 test: break;
Executed by:
  • libssl.so.1.1
3
3509-
3510 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
executed 17 times by 1 test: case 65:
Executed by:
  • libssl.so.1.1
17
3511 s->ext.status_type = larg;-
3512 ret = 1;-
3513 break;
executed 17 times by 1 test: break;
Executed by:
  • libssl.so.1.1
17
3514-
3515 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
never executed: case 66:
0
3516 *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;-
3517 ret = 1;-
3518 break;
never executed: break;
0
3519-
3520 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
never executed: case 67:
0
3521 s->ext.ocsp.exts = parg;-
3522 ret = 1;-
3523 break;
never executed: break;
0
3524-
3525 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
executed 1 time by 1 test: case 68:
Executed by:
  • libssl.so.1.1
1
3526 *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;-
3527 ret = 1;-
3528 break;
executed 1 time by 1 test: break;
Executed by:
  • libssl.so.1.1
1
3529-
3530 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
executed 1 time by 1 test: case 69:
Executed by:
  • libssl.so.1.1
1
3531 s->ext.ocsp.ids = parg;-
3532 ret = 1;-
3533 break;
executed 1 time by 1 test: break;
Executed by:
  • libssl.so.1.1
1
3534-
3535 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
executed 11 times by 1 test: case 70:
Executed by:
  • libssl.so.1.1
11
3536 *(unsigned char **)parg = s->ext.ocsp.resp;-
3537 if (s->ext.ocsp.resp_len == 0
s->ext.ocsp.resp_len == 0Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
3-8
3538 || s->ext.ocsp.resp_len > LONG_MAX)
s->ext.ocsp.re...fffffffffffffLDescription
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-8
3539 return -1;
executed 3 times by 1 test: return -1;
Executed by:
  • libssl.so.1.1
3
3540 return (long)s->ext.ocsp.resp_len;
executed 8 times by 1 test: return (long)s->ext.ocsp.resp_len;
Executed by:
  • libssl.so.1.1
8
3541-
3542 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
executed 11 times by 1 test: case 71:
Executed by:
  • libssl.so.1.1
11
3543 OPENSSL_free(s->ext.ocsp.resp);-
3544 s->ext.ocsp.resp = parg;-
3545 s->ext.ocsp.resp_len = larg;-
3546 ret = 1;-
3547 break;
executed 11 times by 1 test: break;
Executed by:
  • libssl.so.1.1
11
3548-
3549#ifndef OPENSSL_NO_HEARTBEATS-
3550 case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:-
3551 case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:-
3552 case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:-
3553 break;-
3554#endif-
3555-
3556 case SSL_CTRL_CHAIN:
never executed: case 88:
0
3557 if (larg)
largDescription
TRUEnever evaluated
FALSEnever evaluated
0
3558 return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
never executed: return ssl_cert_set1_chain(s, ((void *)0) , (struct stack_st_X509 *)parg);
0
3559 else-
3560 return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
never executed: return ssl_cert_set0_chain(s, ((void *)0) , (struct stack_st_X509 *)parg);
0
3561-
3562 case SSL_CTRL_CHAIN_CERT:
never executed: case 89:
0
3563 if (larg)
largDescription
TRUEnever evaluated
FALSEnever evaluated
0
3564 return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
never executed: return ssl_cert_add1_chain_cert(s, ((void *)0) , (X509 *)parg);
0
3565 else-
3566 return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
never executed: return ssl_cert_add0_chain_cert(s, ((void *)0) , (X509 *)parg);
0
3567-
3568 case SSL_CTRL_GET_CHAIN_CERTS:
never executed: case 115:
0
3569 *(STACK_OF(X509) **)parg = s->cert->key->chain;-
3570 break;
never executed: break;
0
3571-
3572 case SSL_CTRL_SELECT_CURRENT_CERT:
never executed: case 116:
0
3573 return ssl_cert_select_current(s->cert, (X509 *)parg);
never executed: return ssl_cert_select_current(s->cert, (X509 *)parg);
0
3574-
3575 case SSL_CTRL_SET_CURRENT_CERT:
never executed: case 117:
0
3576 if (larg == SSL_CERT_SET_SERVER) {
larg == 3Description
TRUEnever evaluated
FALSEnever evaluated
0
3577 const SSL_CIPHER *cipher;-
3578 if (!s->server)
!s->serverDescription
TRUEnever evaluated
FALSEnever evaluated
0
3579 return 0;
never executed: return 0;
0
3580 cipher = s->s3->tmp.new_cipher;-
3581 if (cipher == NULL)
cipher == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3582 return 0;
never executed: return 0;
0
3583 /*-
3584 * No certificate for unauthenticated ciphersuites or using SRP-
3585 * authentication-
3586 */-
3587 if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
cipher->algori...| 0x00000040U)Description
TRUEnever evaluated
FALSEnever evaluated
0
3588 return 2;
never executed: return 2;
0
3589 if (s->s3->tmp.cert == NULL)
s->s3->tmp.cert == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3590 return 0;
never executed: return 0;
0
3591 s->cert->key = s->s3->tmp.cert;-
3592 return 1;
never executed: return 1;
0
3593 }-
3594 return ssl_cert_set_current(s->cert, larg);
never executed: return ssl_cert_set_current(s->cert, larg);
0
3595-
3596#ifndef OPENSSL_NO_EC-
3597 case SSL_CTRL_GET_GROUPS:
executed 231 times by 1 test: case 90:
Executed by:
  • libssl.so.1.1
231
3598 {-
3599 uint16_t *clist;-
3600 size_t clistlen;-
3601-
3602 if (!s->session)
!s->sessionDescription
TRUEnever evaluated
FALSEevaluated 231 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-231
3603 return 0;
never executed: return 0;
0
3604 clist = s->session->ext.supportedgroups;-
3605 clistlen = s->session->ext.supportedgroups_len;-
3606 if (parg) {
pargDescription
TRUEevaluated 111 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 120 times by 1 test
Evaluated by:
  • libssl.so.1.1
111-120
3607 size_t i;-
3608 int *cptr = parg;-
3609-
3610 for (i = 0; i < clistlen; i++) {
i < clistlenDescription
TRUEevaluated 530 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 111 times by 1 test
Evaluated by:
  • libssl.so.1.1
111-530
3611 const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);-
3612-
3613 if (cinf != NULL)
cinf != ((void *)0)Description
TRUEevaluated 526 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-526
3614 cptr[i] = cinf->nid;
executed 526 times by 1 test: cptr[i] = cinf->nid;
Executed by:
  • libssl.so.1.1
526
3615 else-
3616 cptr[i] = TLSEXT_nid_unknown | clist[i];
executed 4 times by 1 test: cptr[i] = 0x1000000 | clist[i];
Executed by:
  • libssl.so.1.1
4
3617 }-
3618 }
executed 111 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
111
3619 return (int)clistlen;
executed 231 times by 1 test: return (int)clistlen;
Executed by:
  • libssl.so.1.1
231
3620 }-
3621-
3622 case SSL_CTRL_SET_GROUPS:
never executed: case 91:
0
3623 return tls1_set_groups(&s->ext.supportedgroups,
never executed: return tls1_set_groups(&s->ext.supportedgroups, &s->ext.supportedgroups_len, parg, larg);
0
3624 &s->ext.supportedgroups_len, parg, larg);
never executed: return tls1_set_groups(&s->ext.supportedgroups, &s->ext.supportedgroups_len, parg, larg);
0
3625-
3626 case SSL_CTRL_SET_GROUPS_LIST:
executed 10 times by 1 test: case 92:
Executed by:
  • libssl.so.1.1
10
3627 return tls1_set_groups_list(&s->ext.supportedgroups,
executed 10 times by 1 test: return tls1_set_groups_list(&s->ext.supportedgroups, &s->ext.supportedgroups_len, parg);
Executed by:
  • libssl.so.1.1
10
3628 &s->ext.supportedgroups_len, parg);
executed 10 times by 1 test: return tls1_set_groups_list(&s->ext.supportedgroups, &s->ext.supportedgroups_len, parg);
Executed by:
  • libssl.so.1.1
10
3629-
3630 case SSL_CTRL_GET_SHARED_GROUP:
never executed: case 93:
0
3631 {-
3632 uint16_t id = tls1_shared_group(s, larg);-
3633-
3634 if (larg != -1) {
larg != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
3635 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);-
3636-
3637 return ginf == NULL ? 0 : ginf->nid;
never executed: return ginf == ((void *)0) ? 0 : ginf->nid;
ginf == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3638 }-
3639 return id;
never executed: return id;
0
3640 }-
3641#endif-
3642 case SSL_CTRL_SET_SIGALGS:
executed 7 times by 1 test: case 97:
Executed by:
  • libssl.so.1.1
7
3643 return tls1_set_sigalgs(s->cert, parg, larg, 0);
executed 7 times by 1 test: return tls1_set_sigalgs(s->cert, parg, larg, 0);
Executed by:
  • libssl.so.1.1
7
3644-
3645 case SSL_CTRL_SET_SIGALGS_LIST:
executed 7 times by 1 test: case 98:
Executed by:
  • libssl.so.1.1
7
3646 return tls1_set_sigalgs_list(s->cert, parg, 0);
executed 7 times by 1 test: return tls1_set_sigalgs_list(s->cert, parg, 0);
Executed by:
  • libssl.so.1.1
7
3647-
3648 case SSL_CTRL_SET_CLIENT_SIGALGS:
never executed: case 101:
0
3649 return tls1_set_sigalgs(s->cert, parg, larg, 1);
never executed: return tls1_set_sigalgs(s->cert, parg, larg, 1);
0
3650-
3651 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
never executed: case 102:
0
3652 return tls1_set_sigalgs_list(s->cert, parg, 1);
never executed: return tls1_set_sigalgs_list(s->cert, parg, 1);
0
3653-
3654 case SSL_CTRL_GET_CLIENT_CERT_TYPES:
executed 191 times by 1 test: case 103:
Executed by:
  • libssl.so.1.1
191
3655 {-
3656 const unsigned char **pctype = parg;-
3657 if (s->server || !s->s3->tmp.cert_req)
s->serverDescription
TRUEnever evaluated
FALSEevaluated 191 times by 1 test
Evaluated by:
  • libssl.so.1.1
!s->s3->tmp.cert_reqDescription
TRUEevaluated 188 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-191
3658 return 0;
executed 188 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
188
3659 if (pctype)
pctypeDescription
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3
3660 *pctype = s->s3->tmp.ctype;
executed 3 times by 1 test: *pctype = s->s3->tmp.ctype;
Executed by:
  • libssl.so.1.1
3
3661 return s->s3->tmp.ctype_len;
executed 3 times by 1 test: return s->s3->tmp.ctype_len;
Executed by:
  • libssl.so.1.1
3
3662 }-
3663-
3664 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
never executed: case 104:
0
3665 if (!s->server)
!s->serverDescription
TRUEnever evaluated
FALSEnever evaluated
0
3666 return 0;
never executed: return 0;
0
3667 return ssl3_set_req_cert_type(s->cert, parg, larg);
never executed: return ssl3_set_req_cert_type(s->cert, parg, larg);
0
3668-
3669 case SSL_CTRL_BUILD_CERT_CHAIN:
never executed: case 105:
0
3670 return ssl_build_cert_chain(s, NULL, larg);
never executed: return ssl_build_cert_chain(s, ((void *)0) , larg);
0
3671-
3672 case SSL_CTRL_SET_VERIFY_CERT_STORE:
never executed: case 106:
0
3673 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
never executed: return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
0
3674-
3675 case SSL_CTRL_SET_CHAIN_CERT_STORE:
never executed: case 107:
0
3676 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
never executed: return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
0
3677-
3678 case SSL_CTRL_GET_PEER_SIGNATURE_NID:
executed 2759 times by 1 test: case 108:
Executed by:
  • libssl.so.1.1
2759
3679 if (s->s3->tmp.peer_sigalg == NULL)
s->s3->tmp.pee...== ((void *)0)Description
TRUEevaluated 1672 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1087 times by 1 test
Evaluated by:
  • libssl.so.1.1
1087-1672
3680 return 0;
executed 1672 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
1672
3681 *(int *)parg = s->s3->tmp.peer_sigalg->hash;-
3682 return 1;
executed 1087 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
1087
3683-
3684 case SSL_CTRL_GET_SERVER_TMP_KEY:
executed 1547 times by 1 test: case 109:
Executed by:
  • libssl.so.1.1
1547
3685#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)-
3686 if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
s->serverDescription
TRUEnever evaluated
FALSEevaluated 1547 times by 1 test
Evaluated by:
  • libssl.so.1.1
s->session == ((void *)0)Description
TRUEevaluated 52 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1495 times by 1 test
Evaluated by:
  • libssl.so.1.1
s->s3->peer_tmp == ((void *)0)Description
TRUEevaluated 395 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1100 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1547
3687 return 0;
executed 447 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
447
3688 } else {-
3689 EVP_PKEY_up_ref(s->s3->peer_tmp);-
3690 *(EVP_PKEY **)parg = s->s3->peer_tmp;-
3691 return 1;
executed 1100 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
1100
3692 }-
3693#else-
3694 return 0;-
3695#endif-
3696#ifndef OPENSSL_NO_EC-
3697 case SSL_CTRL_GET_EC_POINT_FORMATS:
executed 120 times by 1 test: case 111:
Executed by:
  • libssl.so.1.1
120
3698 {-
3699 SSL_SESSION *sess = s->session;-
3700 const unsigned char **pformat = parg;-
3701-
3702 if (sess == NULL || sess->ext.ecpointformats == NULL)
sess == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 120 times by 1 test
Evaluated by:
  • libssl.so.1.1
sess->ext.ecpo...== ((void *)0)Description
TRUEevaluated 58 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 62 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-120
3703 return 0;
executed 58 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
58
3704 *pformat = sess->ext.ecpointformats;-
3705 return (int)sess->ext.ecpointformats_len;
executed 62 times by 1 test: return (int)sess->ext.ecpointformats_len;
Executed by:
  • libssl.so.1.1
62
3706 }-
3707#endif-
3708-
3709 default:
never executed: default:
0
3710 break;
never executed: break;
0
3711 }-
3712 return ret;
executed 2827 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
2827
3713}-
3714-
3715long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))-
3716{-
3717 int ret = 0;-
3718-
3719 switch (cmd) {-
3720#ifndef OPENSSL_NO_DH-
3721 case SSL_CTRL_SET_TMP_DH_CB:
never executed: case 6:
0
3722 {-
3723 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;-
3724 }-
3725 break;
never executed: break;
0
3726#endif-
3727 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
never executed: case 56:
0
3728 s->ext.debug_cb = (void (*)(SSL *, int, int,-
3729 const unsigned char *, int, void *))fp;-
3730 break;
never executed: break;
0
3731-
3732 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
never executed: case 79:
0
3733 {-
3734 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;-
3735 }-
3736 break;
never executed: break;
0
3737 default:
never executed: default:
0
3738 break;
never executed: break;
0
3739 }-
3740 return ret;
never executed: return ret;
0
3741}-
3742-
3743long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)-
3744{-
3745 switch (cmd) {-
3746#ifndef OPENSSL_NO_DH-
3747 case SSL_CTRL_SET_TMP_DH:
executed 235 times by 1 test: case 3:
Executed by:
  • libssl.so.1.1
235
3748 {-
3749 DH *dh = (DH *)parg;-
3750 EVP_PKEY *pkdh = NULL;-
3751 if (dh == NULL) {
dh == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 235 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-235
3752 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);-
3753 return 0;
never executed: return 0;
0
3754 }-
3755 pkdh = ssl_dh_to_pkey(dh);-
3756 if (pkdh == NULL) {
pkdh == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 235 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-235
3757 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);-
3758 return 0;
never executed: return 0;
0
3759 }-
3760 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
!ssl_ctx_secur...kdh), 0, pkdh)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 231 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-231
3761 EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
!ssl_ctx_secur...kdh), 0, pkdh)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 231 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-231
3762 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);-
3763 EVP_PKEY_free(pkdh);-
3764 return 1;
executed 4 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
4
3765 }-
3766 EVP_PKEY_free(ctx->cert->dh_tmp);-
3767 ctx->cert->dh_tmp = pkdh;-
3768 return 1;
executed 231 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
231
3769 }-
3770 case SSL_CTRL_SET_TMP_DH_CB:
never executed: case 6:
0
3771 {-
3772 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);-
3773 return 0;
never executed: return 0;
0
3774 }-
3775 case SSL_CTRL_SET_DH_AUTO:
executed 517 times by 1 test: case 118:
Executed by:
  • libssl.so.1.1
517
3776 ctx->cert->dh_tmp_auto = larg;-
3777 return 1;
executed 517 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
517
3778#endif-
3779#ifndef OPENSSL_NO_EC-
3780 case SSL_CTRL_SET_TMP_ECDH:
never executed: case 4:
0
3781 {-
3782 const EC_GROUP *group = NULL;-
3783 int nid;-
3784-
3785 if (parg == NULL) {
parg == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3786 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);-
3787 return 0;
never executed: return 0;
0
3788 }-
3789 group = EC_KEY_get0_group((const EC_KEY *)parg);-
3790 if (group == NULL) {
group == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3791 SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);-
3792 return 0;
never executed: return 0;
0
3793 }-
3794 nid = EC_GROUP_get_curve_name(group);-
3795 if (nid == NID_undef)
nid == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
3796 return 0;
never executed: return 0;
0
3797 return tls1_set_groups(&ctx->ext.supportedgroups,
never executed: return tls1_set_groups(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, &nid, 1);
0
3798 &ctx->ext.supportedgroups_len,
never executed: return tls1_set_groups(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, &nid, 1);
0
3799 &nid, 1);
never executed: return tls1_set_groups(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, &nid, 1);
0
3800 }-
3801#endif /* !OPENSSL_NO_EC */-
3802 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
executed 228 times by 1 test: case 54:
Executed by:
  • libssl.so.1.1
228
3803 ctx->ext.servername_arg = parg;-
3804 break;
executed 228 times by 1 test: break;
Executed by:
  • libssl.so.1.1
228
3805 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
executed 2420 times by 1 test: case 59:
Executed by:
  • libssl.so.1.1
2420
3806 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
never executed: case 58:
0
3807 {-
3808 unsigned char *keys = parg;-
3809 long tick_keylen = (sizeof(ctx->ext.tick_key_name) +-
3810 sizeof(ctx->ext.secure->tick_hmac_key) +-
3811 sizeof(ctx->ext.secure->tick_aes_key));-
3812 if (keys == NULL)
keys == ((void *)0)Description
TRUEevaluated 1210 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1210 times by 1 test
Evaluated by:
  • libssl.so.1.1
1210
3813 return tick_keylen;
executed 1210 times by 1 test: return tick_keylen;
Executed by:
  • libssl.so.1.1
1210
3814 if (larg != tick_keylen) {
larg != tick_keylenDescription
TRUEnever evaluated
FALSEevaluated 1210 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1210
3815 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);-
3816 return 0;
never executed: return 0;
0
3817 }-
3818 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
cmd == 59Description
TRUEevaluated 1210 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1210
3819 memcpy(ctx->ext.tick_key_name, keys,-
3820 sizeof(ctx->ext.tick_key_name));-
3821 memcpy(ctx->ext.secure->tick_hmac_key,-
3822 keys + sizeof(ctx->ext.tick_key_name),-
3823 sizeof(ctx->ext.secure->tick_hmac_key));-
3824 memcpy(ctx->ext.secure->tick_aes_key,-
3825 keys + sizeof(ctx->ext.tick_key_name) +-
3826 sizeof(ctx->ext.secure->tick_hmac_key),-
3827 sizeof(ctx->ext.secure->tick_aes_key));-
3828 } else {
executed 1210 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1210
3829 memcpy(keys, ctx->ext.tick_key_name,-
3830 sizeof(ctx->ext.tick_key_name));-
3831 memcpy(keys + sizeof(ctx->ext.tick_key_name),-
3832 ctx->ext.secure->tick_hmac_key,-
3833 sizeof(ctx->ext.secure->tick_hmac_key));-
3834 memcpy(keys + sizeof(ctx->ext.tick_key_name) +-
3835 sizeof(ctx->ext.secure->tick_hmac_key),-
3836 ctx->ext.secure->tick_aes_key,-
3837 sizeof(ctx->ext.secure->tick_aes_key));-
3838 }
never executed: end of block
0
3839 return 1;
executed 1210 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
1210
3840 }-
3841-
3842 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
executed 2 times by 1 test: case 127:
Executed by:
  • libssl.so.1.1
2
3843 return ctx->ext.status_type;
executed 2 times by 1 test: return ctx->ext.status_type;
Executed by:
  • libssl.so.1.1
2
3844-
3845 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
executed 5 times by 1 test: case 65:
Executed by:
  • libssl.so.1.1
5
3846 ctx->ext.status_type = larg;-
3847 break;
executed 5 times by 1 test: break;
Executed by:
  • libssl.so.1.1
5
3848-
3849 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
executed 23 times by 1 test: case 64:
Executed by:
  • libssl.so.1.1
23
3850 ctx->ext.status_arg = parg;-
3851 return 1;
executed 23 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
23
3852-
3853 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
never executed: case 129:
0
3854 *(void**)parg = ctx->ext.status_arg;-
3855 break;
never executed: break;
0
3856-
3857 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
never executed: case 128:
0
3858 *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;-
3859 break;
never executed: break;
0
3860-
3861#ifndef OPENSSL_NO_SRP-
3862 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
executed 11 times by 1 test: case 79:
Executed by:
  • libssl.so.1.1
11
3863 ctx->srp_ctx.srp_Mask |= SSL_kSRP;-
3864 OPENSSL_free(ctx->srp_ctx.login);-
3865 ctx->srp_ctx.login = NULL;-
3866 if (parg == NULL)
parg == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-11
3867 break;
never executed: break;
0
3868 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
strlen((const ... *)parg) > 255Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
strlen((const char *)parg) < 1Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-11
3869 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);-
3870 return 0;
never executed: return 0;
0
3871 }-
3872 if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
(ctx->srp_ctx....== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 11 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-11
3873 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);-
3874 return 0;
never executed: return 0;
0
3875 }-
3876 break;
executed 11 times by 1 test: break;
Executed by:
  • libssl.so.1.1
11
3877 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
executed 6 times by 1 test: case 81:
Executed by:
  • libssl.so.1.1
6
3878 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =-
3879 srp_password_from_info_cb;-
3880 if (ctx->srp_ctx.info != NULL)
ctx->srp_ctx.i...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
3881 OPENSSL_free(ctx->srp_ctx.info);
never executed: CRYPTO_free(ctx->srp_ctx.info, __FILE__, 3881);
0
3882 if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
(ctx->srp_ctx....== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6
3883 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);-
3884 return 0;
never executed: return 0;
0
3885 }-
3886 break;
executed 6 times by 1 test: break;
Executed by:
  • libssl.so.1.1
6
3887 case SSL_CTRL_SET_SRP_ARG:
executed 9 times by 1 test: case 78:
Executed by:
  • libssl.so.1.1
9
3888 ctx->srp_ctx.srp_Mask |= SSL_kSRP;-
3889 ctx->srp_ctx.SRP_cb_arg = parg;-
3890 break;
executed 9 times by 1 test: break;
Executed by:
  • libssl.so.1.1
9
3891-
3892 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
executed 1 time by 1 test: case 80:
Executed by:
  • libssl.so.1.1
1
3893 ctx->srp_ctx.strength = larg;-
3894 break;
executed 1 time by 1 test: break;
Executed by:
  • libssl.so.1.1
1
3895#endif-
3896-
3897#ifndef OPENSSL_NO_EC-
3898 case SSL_CTRL_SET_GROUPS:
never executed: case 91:
0
3899 return tls1_set_groups(&ctx->ext.supportedgroups,
never executed: return tls1_set_groups(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, parg, larg);
0
3900 &ctx->ext.supportedgroups_len,
never executed: return tls1_set_groups(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, parg, larg);
0
3901 parg, larg);
never executed: return tls1_set_groups(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, parg, larg);
0
3902-
3903 case SSL_CTRL_SET_GROUPS_LIST:
executed 101 times by 1 test: case 92:
Executed by:
  • libssl.so.1.1
101
3904 return tls1_set_groups_list(&ctx->ext.supportedgroups,
executed 101 times by 1 test: return tls1_set_groups_list(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, parg);
Executed by:
  • libssl.so.1.1
101
3905 &ctx->ext.supportedgroups_len,
executed 101 times by 1 test: return tls1_set_groups_list(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, parg);
Executed by:
  • libssl.so.1.1
101
3906 parg);
executed 101 times by 1 test: return tls1_set_groups_list(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, parg);
Executed by:
  • libssl.so.1.1
101
3907#endif-
3908 case SSL_CTRL_SET_SIGALGS:
executed 7 times by 1 test: case 97:
Executed by:
  • libssl.so.1.1
7
3909 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
executed 7 times by 1 test: return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
Executed by:
  • libssl.so.1.1
7
3910-
3911 case SSL_CTRL_SET_SIGALGS_LIST:
executed 42 times by 1 test: case 98:
Executed by:
  • libssl.so.1.1
42
3912 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
executed 42 times by 1 test: return tls1_set_sigalgs_list(ctx->cert, parg, 0);
Executed by:
  • libssl.so.1.1
42
3913-
3914 case SSL_CTRL_SET_CLIENT_SIGALGS:
never executed: case 101:
0
3915 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
never executed: return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
0
3916-
3917 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
executed 11 times by 1 test: case 102:
Executed by:
  • libssl.so.1.1
11
3918 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
executed 11 times by 1 test: return tls1_set_sigalgs_list(ctx->cert, parg, 1);
Executed by:
  • libssl.so.1.1
11
3919-
3920 case SSL_CTRL_SET_CLIENT_CERT_TYPES:
never executed: case 104:
0
3921 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
never executed: return ssl3_set_req_cert_type(ctx->cert, parg, larg);
0
3922-
3923 case SSL_CTRL_BUILD_CERT_CHAIN:
never executed: case 105:
0
3924 return ssl_build_cert_chain(NULL, ctx, larg);
never executed: return ssl_build_cert_chain( ((void *)0) , ctx, larg);
0
3925-
3926 case SSL_CTRL_SET_VERIFY_CERT_STORE:
never executed: case 106:
0
3927 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
never executed: return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
0
3928-
3929 case SSL_CTRL_SET_CHAIN_CERT_STORE:
never executed: case 107:
0
3930 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
never executed: return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
0
3931-
3932 /* A Thawte special :-) */-
3933 case SSL_CTRL_EXTRA_CHAIN_CERT:
executed 120 times by 1 test: case 14:
Executed by:
  • libssl.so.1.1
120
3934 if (ctx->extra_certs == NULL) {
ctx->extra_cer...== ((void *)0)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 117 times by 1 test
Evaluated by:
  • libssl.so.1.1
3-117
3935 if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
(ctx->extra_ce...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3
3936 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);-
3937 return 0;
never executed: return 0;
0
3938 }-
3939 }
executed 3 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
3
3940 if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
!sk_X509_push(... (X509 *)parg)Description
TRUEnever evaluated
FALSEevaluated 120 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-120
3941 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);-
3942 return 0;
never executed: return 0;
0
3943 }-
3944 break;
executed 120 times by 1 test: break;
Executed by:
  • libssl.so.1.1
120
3945-
3946 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
never executed: case 82:
0
3947 if (ctx->extra_certs == NULL && larg == 0)
ctx->extra_cer...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
larg == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
3948 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
never executed: *(struct stack_st_X509 **)parg = ctx->cert->key->chain;
0
3949 else-
3950 *(STACK_OF(X509) **)parg = ctx->extra_certs;
never executed: *(struct stack_st_X509 **)parg = ctx->extra_certs;
0
3951 break;
never executed: break;
0
3952-
3953 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
never executed: case 83:
0
3954 sk_X509_pop_free(ctx->extra_certs, X509_free);-
3955 ctx->extra_certs = NULL;-
3956 break;
never executed: break;
0
3957-
3958 case SSL_CTRL_CHAIN:
executed 2111 times by 1 test: case 88:
Executed by:
  • libssl.so.1.1
2111
3959 if (larg)
largDescription
TRUEnever evaluated
FALSEevaluated 2111 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2111
3960 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
never executed: return ssl_cert_set1_chain( ((void *)0) , ctx, (struct stack_st_X509 *)parg);
0
3961 else-
3962 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
executed 2111 times by 1 test: return ssl_cert_set0_chain( ((void *)0) , ctx, (struct stack_st_X509 *)parg);
Executed by:
  • libssl.so.1.1
2111
3963-
3964 case SSL_CTRL_CHAIN_CERT:
executed 36 times by 1 test: case 89:
Executed by:
  • libssl.so.1.1
36
3965 if (larg)
largDescription
TRUEnever evaluated
FALSEevaluated 36 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-36
3966 return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
never executed: return ssl_cert_add1_chain_cert( ((void *)0) , ctx, (X509 *)parg);
0
3967 else-
3968 return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
executed 36 times by 1 test: return ssl_cert_add0_chain_cert( ((void *)0) , ctx, (X509 *)parg);
Executed by:
  • libssl.so.1.1
36
3969-
3970 case SSL_CTRL_GET_CHAIN_CERTS:
never executed: case 115:
0
3971 *(STACK_OF(X509) **)parg = ctx->cert->key->chain;-
3972 break;
never executed: break;
0
3973-
3974 case SSL_CTRL_SELECT_CURRENT_CERT:
never executed: case 116:
0
3975 return ssl_cert_select_current(ctx->cert, (X509 *)parg);
never executed: return ssl_cert_select_current(ctx->cert, (X509 *)parg);
0
3976-
3977 case SSL_CTRL_SET_CURRENT_CERT:
never executed: case 117:
0
3978 return ssl_cert_set_current(ctx->cert, larg);
never executed: return ssl_cert_set_current(ctx->cert, larg);
0
3979-
3980 default:
never executed: default:
0
3981 return 0;
never executed: return 0;
0
3982 }-
3983 return 1;
executed 380 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
380
3984}-
3985-
3986long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))-
3987{-
3988 switch (cmd) {-
3989#ifndef OPENSSL_NO_DH-
3990 case SSL_CTRL_SET_TMP_DH_CB:
never executed: case 6:
0
3991 {-
3992 ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;-
3993 }-
3994 break;
never executed: break;
0
3995#endif-
3996 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
executed 230 times by 1 test: case 53:
Executed by:
  • libssl.so.1.1
230
3997 ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;-
3998 break;
executed 230 times by 1 test: break;
Executed by:
  • libssl.so.1.1
230
3999-
4000 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
executed 23 times by 1 test: case 63:
Executed by:
  • libssl.so.1.1
23
4001 ctx->ext.status_cb = (int (*)(SSL *, void *))fp;-
4002 break;
executed 23 times by 1 test: break;
Executed by:
  • libssl.so.1.1
23
4003-
4004 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
executed 38 times by 1 test: case 72:
Executed by:
  • libssl.so.1.1
38
4005 ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,-
4006 unsigned char *,-
4007 EVP_CIPHER_CTX *,-
4008 HMAC_CTX *, int))fp;-
4009 break;
executed 38 times by 1 test: break;
Executed by:
  • libssl.so.1.1
38
4010-
4011#ifndef OPENSSL_NO_SRP-
4012 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
executed 1 time by 1 test: case 76:
Executed by:
  • libssl.so.1.1
1
4013 ctx->srp_ctx.srp_Mask |= SSL_kSRP;-
4014 ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;-
4015 break;
executed 1 time by 1 test: break;
Executed by:
  • libssl.so.1.1
1
4016 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
executed 10 times by 1 test: case 75:
Executed by:
  • libssl.so.1.1
10
4017 ctx->srp_ctx.srp_Mask |= SSL_kSRP;-
4018 ctx->srp_ctx.TLS_ext_srp_username_callback =-
4019 (int (*)(SSL *, int *, void *))fp;-
4020 break;
executed 10 times by 1 test: break;
Executed by:
  • libssl.so.1.1
10
4021 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
executed 5 times by 1 test: case 77:
Executed by:
  • libssl.so.1.1
5
4022 ctx->srp_ctx.srp_Mask |= SSL_kSRP;-
4023 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =-
4024 (char *(*)(SSL *, void *))fp;-
4025 break;
executed 5 times by 1 test: break;
Executed by:
  • libssl.so.1.1
5
4026#endif-
4027 case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
never executed: case 79:
0
4028 {-
4029 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;-
4030 }-
4031 break;
never executed: break;
0
4032 default:
never executed: default:
0
4033 return 0;
never executed: return 0;
0
4034 }-
4035 return 1;
executed 307 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
307
4036}-
4037-
4038const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)-
4039{-
4040 SSL_CIPHER c;-
4041 const SSL_CIPHER *cp;-
4042-
4043 c.id = id;-
4044 cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);-
4045 if (cp != NULL)
cp != ((void *)0)Description
TRUEevaluated 5453 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 79835 times by 1 test
Evaluated by:
  • libssl.so.1.1
5453-79835
4046 return cp;
executed 5453 times by 2 tests: return cp;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
5453
4047 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);-
4048 if (cp != NULL)
cp != ((void *)0)Description
TRUEevaluated 59852 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 19983 times by 1 test
Evaluated by:
  • libssl.so.1.1
19983-59852
4049 return cp;
executed 59852 times by 1 test: return cp;
Executed by:
  • libssl.so.1.1
59852
4050 return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
executed 19983 times by 1 test: return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, (sizeof(ssl3_scsvs)/sizeof((ssl3_scsvs)[0])));
Executed by:
  • libssl.so.1.1
19983
4051}-
4052-
4053const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)-
4054{-
4055 SSL_CIPHER *c = NULL, *tbl;-
4056 SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};-
4057 size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};-
4058-
4059 /* this is not efficient, necessary to optimize this? */-
4060 for (j = 0; j < OSSL_NELEM(alltabs); j++) {
j < (sizeof(al...(alltabs)[0]))Description
TRUEevaluated 48914 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 24457 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
24457-48914
4061 for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
i < tblsize[j]Description
TRUEevaluated 4047076 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 24458 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
24458-4047076
4062 if (tbl->stdname == NULL)
tbl->stdname == ((void *)0)Description
TRUEevaluated 48594 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 3998482 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
48594-3998482
4063 continue;
executed 48594 times by 2 tests: continue;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
48594
4064 if (strcmp(stdname, tbl->stdname) == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( stdname ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( tbl->stdname ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEevaluated 24456 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
FALSEevaluated 3974026 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-3974026
4065 c = tbl;-
4066 break;
executed 24456 times by 2 tests: break;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
24456
4067 }-
4068 }
executed 3974026 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
3974026
4069 }
executed 48914 times by 2 tests: end of block
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
48914
4070 if (c == NULL) {
c == ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 24456 times by 2 tests
Evaluated by:
  • libssl.so.1.1
  • tls13encryptiontest
1-24456
4071 tbl = ssl3_scsvs;-
4072 for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
i < (sizeof(ss...l3_scsvs)[0]))Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
1-2
4073 if (strcmp(stdname, tbl->stdname) == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( stdname ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( tbl->stdname ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-2
4074 c = tbl;-
4075 break;
never executed: break;
0
4076 }-
4077 }
executed 2 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2
4078 }
executed 1 time by 1 test: end of block
Executed by:
  • libssl.so.1.1
1
4079 return c;
executed 24457 times by 2 tests: return c;
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
24457
4080}-
4081-
4082/*-
4083 * This function needs to check if the ciphers required are actually-
4084 * available-
4085 */-
4086const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)-
4087{-
4088 return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
executed 83277 times by 2 tests: return ssl3_get_cipher_by_id(0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1]);
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
83277
4089 | ((uint32_t)p[0] << 8L)
executed 83277 times by 2 tests: return ssl3_get_cipher_by_id(0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1]);
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
83277
4090 | (uint32_t)p[1]);
executed 83277 times by 2 tests: return ssl3_get_cipher_by_id(0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1]);
Executed by:
  • libssl.so.1.1
  • tls13encryptiontest
83277
4091}-
4092-
4093int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)-
4094{-
4095 if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
(c->id & 0xff0... != 0x03000000Description
TRUEnever evaluated
FALSEevaluated 336483 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-336483
4096 *len = 0;-
4097 return 1;
never executed: return 1;
0
4098 }-
4099-
4100 if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
!WPACKET_put_b... & 0xffff), 2)Description
TRUEnever evaluated
FALSEevaluated 336483 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-336483
4101 return 0;
never executed: return 0;
0
4102-
4103 *len = 2;-
4104 return 1;
executed 336483 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
336483
4105}-
4106-
4107/*-
4108 * ssl3_choose_cipher - choose a cipher from those offered by the client-
4109 * @s: SSL connection-
4110 * @clnt: ciphers offered by the client-
4111 * @srvr: ciphers enabled on the server?-
4112 *-
4113 * Returns the selected cipher or NULL when no common ciphers.-
4114 */-
4115const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,-
4116 STACK_OF(SSL_CIPHER) *srvr)-
4117{-
4118 const SSL_CIPHER *c, *ret = NULL;-
4119 STACK_OF(SSL_CIPHER) *prio, *allow;-
4120 int i, ii, ok, prefer_sha256 = 0;-
4121 unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;-
4122 const EVP_MD *mdsha256 = EVP_sha256();-
4123#ifndef OPENSSL_NO_CHACHA-
4124 STACK_OF(SSL_CIPHER) *prio_chacha = NULL;-
4125#endif-
4126-
4127 /* Let's see which ciphers we can support */-
4128-
4129 /*-
4130 * Do not set the compare functions, because this may lead to a-
4131 * reordering by "id". We want to keep the original ordering. We may pay-
4132 * a price in performance during sk_SSL_CIPHER_find(), but would have to-
4133 * pay with the price of sk_SSL_CIPHER_dup().-
4134 */-
4135-
4136#ifdef CIPHER_DEBUG-
4137 fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),-
4138 (void *)srvr);-
4139 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {-
4140 c = sk_SSL_CIPHER_value(srvr, i);-
4141 fprintf(stderr, "%p:%s\n", (void *)c, c->name);-
4142 }-
4143 fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),-
4144 (void *)clnt);-
4145 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {-
4146 c = sk_SSL_CIPHER_value(clnt, i);-
4147 fprintf(stderr, "%p:%s\n", (void *)c, c->name);-
4148 }-
4149#endif-
4150-
4151 /* SUITE-B takes precedence over server preference and ChaCha priortiy */-
4152 if (tls1_suiteb(s)) {
(s->cert->cert...ags & 0x30000)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2760 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-2760
4153 prio = srvr;-
4154 allow = clnt;-
4155 } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
executed 2 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
s->options & 0x00400000UDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2754 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-2754
4156 prio = srvr;-
4157 allow = clnt;-
4158#ifndef OPENSSL_NO_CHACHA-
4159 /* If ChaCha20 is at the top of the client preference list,-
4160 and there are ChaCha20 ciphers in the server list, then-
4161 temporarily prioritize all ChaCha20 ciphers in the servers list. */-
4162 if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
s->options & 0x00200000UDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
sk_SSL_CIPHER_num(clnt) > 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-4
4163 c = sk_SSL_CIPHER_value(clnt, 0);-
4164 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
c->algorithm_e...== 0x00080000UDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
1
4165 /* ChaCha20 is client preferred, check server... */-
4166 int num = sk_SSL_CIPHER_num(srvr);-
4167 int found = 0;-
4168 for (i = 0; i < num; i++) {
i < numDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2
4169 c = sk_SSL_CIPHER_value(srvr, i);-
4170 if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
c->algorithm_e...== 0x00080000UDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
1
4171 found = 1;-
4172 break;
executed 1 time by 1 test: break;
Executed by:
  • libssl.so.1.1
1
4173 }-
4174 }
executed 1 time by 1 test: end of block
Executed by:
  • libssl.so.1.1
1
4175 if (found) {
foundDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1
4176 prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);-
4177 /* if reserve fails, then there's likely a memory issue */-
4178 if (prio_chacha != NULL) {
prio_chacha != ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1
4179 /* Put all ChaCha20 at the top, starting with the one we just found */-
4180 sk_SSL_CIPHER_push(prio_chacha, c);-
4181 for (i++; i < num; i++) {
i < numDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
1-4
4182 c = sk_SSL_CIPHER_value(srvr, i);-
4183 if (c->algorithm_enc == SSL_CHACHA20POLY1305)
c->algorithm_e...== 0x00080000UDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-3
4184 sk_SSL_CIPHER_push(prio_chacha, c);
executed 1 time by 1 test: sk_SSL_CIPHER_push(prio_chacha, c);
Executed by:
  • libssl.so.1.1
1
4185 }
executed 4 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
4
4186 /* Pull in the rest */-
4187 for (i = 0; i < num; i++) {
i < numDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
1-6
4188 c = sk_SSL_CIPHER_value(srvr, i);-
4189 if (c->algorithm_enc != SSL_CHACHA20POLY1305)
c->algorithm_e...!= 0x00080000UDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-4
4190 sk_SSL_CIPHER_push(prio_chacha, c);
executed 4 times by 1 test: sk_SSL_CIPHER_push(prio_chacha, c);
Executed by:
  • libssl.so.1.1
4
4191 }
executed 6 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
6
4192 prio = prio_chacha;-
4193 }
executed 1 time by 1 test: end of block
Executed by:
  • libssl.so.1.1
1
4194 }
executed 1 time by 1 test: end of block
Executed by:
  • libssl.so.1.1
1
4195 }
executed 1 time by 1 test: end of block
Executed by:
  • libssl.so.1.1
1
4196 }
executed 2 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2
4197# endif-
4198 } else {
executed 6 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
6
4199 prio = clnt;-
4200 allow = srvr;-
4201 }
executed 2754 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2754
4202-
4203 if (SSL_IS_TLS13(s)) {
!(s->method->s...c_flags & 0x8)Description
TRUEevaluated 2592 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 170 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->version >= 0x0304Description
TRUEevaluated 1140 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1452 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->v...ion != 0x10000Description
TRUEevaluated 1140 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2592
4204#ifndef OPENSSL_NO_PSK-
4205 int j;-
4206-
4207 /*-
4208 * If we allow "old" style PSK callbacks, and we have no certificate (so-
4209 * we're not going to succeed without a PSK anyway), and we're in-
4210 * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the-
4211 * TLSv1.3 spec). Therefore we should prioritise ciphersuites using-
4212 * that.-
4213 */-
4214 if (s->psk_server_callback != NULL) {
s->psk_server_...!= ((void *)0)Description
TRUEevaluated 13 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1127 times by 1 test
Evaluated by:
  • libssl.so.1.1
13-1127
4215 for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
executed 27 times by 1 test: ;
Executed by:
  • libssl.so.1.1
j < 9Description
TRUEevaluated 37 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
!ssl_has_cert(s, j)Description
TRUEevaluated 27 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 10 times by 1 test
Evaluated by:
  • libssl.so.1.1
3-37
4216 if (j == SSL_PKEY_NUM) {
j == 9Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 10 times by 1 test
Evaluated by:
  • libssl.so.1.1
3-10
4217 /* There are no certificates */-
4218 prefer_sha256 = 1;-
4219 }
executed 3 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
3
4220 }
executed 13 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
13
4221#endif-
4222 } else {
executed 1140 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1140
4223 tls1_set_cert_validity(s);-
4224 ssl_set_masks(s);-
4225 }
executed 1622 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1622
4226-
4227 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
i < sk_SSL_CIPHER_num(prio)Description
TRUEevaluated 19107 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 131 times by 1 test
Evaluated by:
  • libssl.so.1.1
131-19107
4228 c = sk_SSL_CIPHER_value(prio, i);-
4229-
4230 /* Skip ciphers not supported by the protocol version */-
4231 if (!SSL_IS_DTLS(s) &&
!(s->method->s...c_flags & 0x8)Description
TRUEevaluated 18534 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 573 times by 1 test
Evaluated by:
  • libssl.so.1.1
573-18534
4232 ((s->version < c->min_tls) || (s->version > c->max_tls)))
(s->version < c->min_tls)Description
TRUEevaluated 2953 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 15581 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s->version > c->max_tls)Description
TRUEevaluated 3921 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 11660 times by 1 test
Evaluated by:
  • libssl.so.1.1
2953-15581
4233 continue;
executed 6874 times by 1 test: continue;
Executed by:
  • libssl.so.1.1
6874
4234 if (SSL_IS_DTLS(s) &&
(s->method->ss...c_flags & 0x8)Description
TRUEevaluated 573 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 11660 times by 1 test
Evaluated by:
  • libssl.so.1.1
573-11660
4235 (DTLS_VERSION_LT(s->version, c->min_dtls) ||
((s->version) == 0x0100)Description
TRUEnever evaluated
FALSEevaluated 573 times by 1 test
Evaluated by:
  • libssl.so.1.1
((((s->version...c->min_dtls)))Description
TRUEevaluated 270 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 303 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-573
4236 DTLS_VERSION_GT(s->version, c->max_dtls)))
((s->version) == 0x0100)Description
TRUEnever evaluated
FALSEevaluated 303 times by 1 test
Evaluated by:
  • libssl.so.1.1
((((s->version...c->max_dtls)))Description
TRUEnever evaluated
FALSEevaluated 303 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-303
4237 continue;
executed 270 times by 1 test: continue;
Executed by:
  • libssl.so.1.1
270
4238-
4239 /*-
4240 * Since TLS 1.3 ciphersuites can be used with any auth or-
4241 * key exchange scheme skip tests.-
4242 */-
4243 if (!SSL_IS_TLS13(s)) {
!(s->method->s...c_flags & 0x8)Description
TRUEevaluated 11660 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 303 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->version >= 0x0304Description
TRUEevaluated 1362 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 10298 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->v...ion != 0x10000Description
TRUEevaluated 1362 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-11660
4244 mask_k = s->s3->tmp.mask_k;-
4245 mask_a = s->s3->tmp.mask_a;-
4246#ifndef OPENSSL_NO_SRP-
4247 if (s->srp_ctx.srp_Mask & SSL_kSRP) {
s->srp_ctx.srp... & 0x00000020UDescription
TRUEevaluated 12 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 10589 times by 1 test
Evaluated by:
  • libssl.so.1.1
12-10589
4248 mask_k |= SSL_kSRP;-
4249 mask_a |= SSL_aSRP;-
4250 }
executed 12 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
12
4251#endif-
4252-
4253 alg_k = c->algorithm_mkey;-
4254 alg_a = c->algorithm_auth;-
4255-
4256#ifndef OPENSSL_NO_PSK-
4257 /* with PSK there must be server callback set */-
4258 if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
(alg_k & (0x00... 0x00000100U))Description
TRUEevaluated 535 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 10066 times by 1 test
Evaluated by:
  • libssl.so.1.1
s->psk_server_...== ((void *)0)Description
TRUEevaluated 506 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 29 times by 1 test
Evaluated by:
  • libssl.so.1.1
29-10066
4259 continue;
executed 506 times by 1 test: continue;
Executed by:
  • libssl.so.1.1
506
4260#endif /* OPENSSL_NO_PSK */-
4261-
4262 ok = (alg_k & mask_k) && (alg_a & mask_a);
(alg_k & mask_k)Description
TRUEevaluated 8773 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1322 times by 1 test
Evaluated by:
  • libssl.so.1.1
(alg_a & mask_a)Description
TRUEevaluated 7191 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1582 times by 1 test
Evaluated by:
  • libssl.so.1.1
1322-8773
4263#ifdef CIPHER_DEBUG-
4264 fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,-
4265 alg_a, mask_k, mask_a, (void *)c, c->name);-
4266#endif-
4267-
4268#ifndef OPENSSL_NO_EC-
4269 /*-
4270 * if we are considering an ECC cipher suite that uses an ephemeral-
4271 * EC key check it-
4272 */-
4273 if (alg_k & SSL_kECDHE)
alg_k & 0x00000004UDescription
TRUEevaluated 7525 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2570 times by 1 test
Evaluated by:
  • libssl.so.1.1
2570-7525
4274 ok = ok && tls1_check_ec_tmp_key(s, c->id);
executed 7525 times by 1 test: ok = ok && tls1_check_ec_tmp_key(s, c->id);
Executed by:
  • libssl.so.1.1
okDescription
TRUEevaluated 5951 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1574 times by 1 test
Evaluated by:
  • libssl.so.1.1
tls1_check_ec_..._key(s, c->id)Description
TRUEevaluated 1599 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4352 times by 1 test
Evaluated by:
  • libssl.so.1.1
1574-7525
4275#endif /* OPENSSL_NO_EC */-
4276-
4277 if (!ok)
!okDescription
TRUEevaluated 7256 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2839 times by 1 test
Evaluated by:
  • libssl.so.1.1
2839-7256
4278 continue;
executed 7256 times by 1 test: continue;
Executed by:
  • libssl.so.1.1
7256
4279 }
executed 2839 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2839
4280 ii = sk_SSL_CIPHER_find(allow, c);-
4281 if (ii >= 0) {
ii >= 0Description
TRUEevaluated 2634 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1567 times by 1 test
Evaluated by:
  • libssl.so.1.1
1567-2634
4282 /* Check security callback permits this cipher */-
4283 if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
!ssl_security(... 0, (void *)c)Description
TRUEnever evaluated
FALSEevaluated 2634 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2634
4284 c->strength_bits, 0, (void *)c))
!ssl_security(... 0, (void *)c)Description
TRUEnever evaluated
FALSEevaluated 2634 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2634
4285 continue;
never executed: continue;
0
4286#if !defined(OPENSSL_NO_EC)-
4287 if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
(alg_k & 0x00000004U)Description
TRUEevaluated 1094 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1540 times by 1 test
Evaluated by:
  • libssl.so.1.1
(alg_a & 0x00000008U)Description
TRUEevaluated 128 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 966 times by 1 test
Evaluated by:
  • libssl.so.1.1
128-1540
4288 && s->s3->is_probably_safari) {
s->s3->is_probably_safariDescription
TRUEnever evaluated
FALSEevaluated 128 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-128
4289 if (!ret)
!retDescription
TRUEnever evaluated
FALSEnever evaluated
0
4290 ret = sk_SSL_CIPHER_value(allow, ii);
never executed: ret = sk_SSL_CIPHER_value(allow, ii);
0
4291 continue;
never executed: continue;
0
4292 }-
4293#endif-
4294 if (prefer_sha256) {
prefer_sha256Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2628 times by 1 test
Evaluated by:
  • libssl.so.1.1
6-2628
4295 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);-
4296-
4297 if (ssl_md(tmp->algorithm2) == mdsha256) {
ssl_md(tmp->al...2) == mdsha256Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
3
4298 ret = tmp;-
4299 break;
executed 3 times by 1 test: break;
Executed by:
  • libssl.so.1.1
3
4300 }-
4301 if (ret == NULL)
ret == ((void *)0)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-3
4302 ret = tmp;
executed 3 times by 1 test: ret = tmp;
Executed by:
  • libssl.so.1.1
3
4303 continue;
executed 3 times by 1 test: continue;
Executed by:
  • libssl.so.1.1
3
4304 }-
4305 ret = sk_SSL_CIPHER_value(allow, ii);-
4306 break;
executed 2628 times by 1 test: break;
Executed by:
  • libssl.so.1.1
2628
4307 }-
4308 }
executed 1567 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1567
4309#ifndef OPENSSL_NO_CHACHA-
4310 sk_SSL_CIPHER_free(prio_chacha);-
4311#endif-
4312 return ret;
executed 2762 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
2762
4313}-
4314-
4315int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)-
4316{-
4317 uint32_t alg_k, alg_a = 0;-
4318-
4319 /* If we have custom certificate types set, use them */-
4320 if (s->cert->ctype)
s->cert->ctypeDescription
TRUEnever evaluated
FALSEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-35
4321 return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
never executed: return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
0
4322 /* Get mask of algorithms disabled by signature list */-
4323 ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);-
4324-
4325 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;-
4326-
4327#ifndef OPENSSL_NO_GOST-
4328 if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
s->version >= 0x0301Description
TRUEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
(alg_k & 0x00000010U)Description
TRUEnever evaluated
FALSEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-35
4329 return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
never executed: return WPACKET_put_bytes__((pkt), (22), 1) && WPACKET_put_bytes__((pkt), (238), 1) && WPACKET_put_bytes__((pkt), (239), 1);
WPACKET_put_by...pkt), (22), 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
4330 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
never executed: return WPACKET_put_bytes__((pkt), (22), 1) && WPACKET_put_bytes__((pkt), (238), 1) && WPACKET_put_bytes__((pkt), (239), 1);
WPACKET_put_by...kt), (238), 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
4331 && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
never executed: return WPACKET_put_bytes__((pkt), (22), 1) && WPACKET_put_bytes__((pkt), (238), 1) && WPACKET_put_bytes__((pkt), (239), 1);
WPACKET_put_by...kt), (239), 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
4332#endif-
4333-
4334 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
(s->version == 0x0300)Description
TRUEnever evaluated
FALSEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
(alg_k & 0x00000002U)Description
TRUEnever evaluated
FALSEnever evaluated
0-35
4335#ifndef OPENSSL_NO_DH-
4336# ifndef OPENSSL_NO_RSA-
4337 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
!WPACKET_put_b...(pkt), (5), 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
4338 return 0;
never executed: return 0;
0
4339# endif-
4340# ifndef OPENSSL_NO_DSA-
4341 if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
!WPACKET_put_b...(pkt), (6), 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
4342 return 0;
never executed: return 0;
0
4343# endif-
4344#endif /* !OPENSSL_NO_DH */-
4345 }
never executed: end of block
0
4346#ifndef OPENSSL_NO_RSA-
4347 if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
!(alg_a & 0x00000001U)Description
TRUEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
!WPACKET_put_b...(pkt), (1), 1)Description
TRUEnever evaluated
FALSEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-35
4348 return 0;
never executed: return 0;
0
4349#endif-
4350#ifndef OPENSSL_NO_DSA-
4351 if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
!(alg_a & 0x00000002U)Description
TRUEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
!WPACKET_put_b...(pkt), (2), 1)Description
TRUEnever evaluated
FALSEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-33
4352 return 0;
never executed: return 0;
0
4353#endif-
4354#ifndef OPENSSL_NO_EC-
4355 /*-
4356 * ECDSA certs can be used with RSA cipher suites too so we don't-
4357 * need to check for SSL_kECDH or SSL_kECDHE-
4358 */-
4359 if (s->version >= TLS1_VERSION
s->version >= 0x0301Description
TRUEevaluated 35 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-35
4360 && !(alg_a & SSL_aECDSA)
!(alg_a & 0x00000008U)Description
TRUEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libssl.so.1.1
2-33
4361 && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
!WPACKET_put_b...pkt), (64), 1)Description
TRUEnever evaluated
FALSEevaluated 33 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-33
4362 return 0;
never executed: return 0;
0
4363#endif-
4364 return 1;
executed 35 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
35
4365}-
4366-
4367static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)-
4368{-
4369 OPENSSL_free(c->ctype);-
4370 c->ctype = NULL;-
4371 c->ctype_len = 0;-
4372 if (p == NULL || len == 0)
p == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
len == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
4373 return 1;
never executed: return 1;
0
4374 if (len > 0xff)
len > 0xffDescription
TRUEnever evaluated
FALSEnever evaluated
0
4375 return 0;
never executed: return 0;
0
4376 c->ctype = OPENSSL_memdup(p, len);-
4377 if (c->ctype == NULL)
c->ctype == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
4378 return 0;
never executed: return 0;
0
4379 c->ctype_len = len;-
4380 return 1;
never executed: return 1;
0
4381}-
4382-
4383int ssl3_shutdown(SSL *s)-
4384{-
4385 int ret;-
4386-
4387 /*-
4388 * Don't do anything much if we have not done the handshake or we don't-
4389 * want to send messages :-)-
4390 */-
4391 if (s->quiet_shutdown || SSL_in_before(s)) {
s->quiet_shutdownDescription
TRUEevaluated 113 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4478 times by 1 test
Evaluated by:
  • libssl.so.1.1
SSL_in_before(s)Description
TRUEnever evaluated
FALSEevaluated 4478 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4478
4392 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);-
4393 return 1;
executed 113 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
113
4394 }-
4395-
4396 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
!(s->shutdown & 1)Description
TRUEevaluated 2587 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1891 times by 1 test
Evaluated by:
  • libssl.so.1.1
1891-2587
4397 s->shutdown |= SSL_SENT_SHUTDOWN;-
4398 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);-
4399 /*-
4400 * our shutdown alert has been sent now, and if it still needs to be-
4401 * written, s->s3->alert_dispatch will be true-
4402 */-
4403 if (s->s3->alert_dispatch)
s->s3->alert_dispatchDescription
TRUEevaluated 88 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2499 times by 1 test
Evaluated by:
  • libssl.so.1.1
88-2499
4404 return -1; /* return WANT_WRITE */
executed 88 times by 1 test: return -1;
Executed by:
  • libssl.so.1.1
88
4405 } else if (s->s3->alert_dispatch) {
executed 2499 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
s->s3->alert_dispatchDescription
TRUEnever evaluated
FALSEevaluated 1891 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2499
4406 /* resend it if not sent */-
4407 ret = s->method->ssl_dispatch_alert(s);-
4408 if (ret == -1) {
ret == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
4409 /*-
4410 * we only get to return -1 here the 2nd/Nth invocation, we must-
4411 * have already signalled return 0 upon a previous invocation,-
4412 * return WANT_WRITE-
4413 */-
4414 return ret;
never executed: return ret;
0
4415 }-
4416 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
never executed: end of block
!(s->shutdown & 2)Description
TRUEevaluated 1891 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1891
4417 size_t readbytes;-
4418 /*-
4419 * If we are waiting for a close from our peer, we are closed-
4420 */-
4421 s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);-
4422 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
!(s->shutdown & 2)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1890 times by 1 test
Evaluated by:
  • libssl.so.1.1
1-1890
4423 return -1; /* return WANT_READ */
executed 1 time by 1 test: return -1;
Executed by:
  • libssl.so.1.1
1
4424 }-
4425 }
executed 1890 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1890
4426-
4427 if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
(s->shutdown == (1 | 2))Description
TRUEevaluated 1893 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2496 times by 1 test
Evaluated by:
  • libssl.so.1.1
1893-2496
4428 !s->s3->alert_dispatch)
!s->s3->alert_dispatchDescription
TRUEevaluated 1893 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1893
4429 return 1;
executed 1893 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
1893
4430 else-
4431 return 0;
executed 2496 times by 1 test: return 0;
Executed by:
  • libssl.so.1.1
2496
4432}-
4433-
4434int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)-
4435{-
4436 clear_sys_error();-
4437 if (s->s3->renegotiate)
s->s3->renegotiateDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6401 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-6401
4438 ssl3_renegotiate_check(s, 0);
executed 4 times by 1 test: ssl3_renegotiate_check(s, 0);
Executed by:
  • libssl.so.1.1
4
4439-
4440 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
executed 6405 times by 1 test: return s->method->ssl_write_bytes(s, 23, buf, len, written);
Executed by:
  • libssl.so.1.1
6405
4441 written);
executed 6405 times by 1 test: return s->method->ssl_write_bytes(s, 23, buf, len, written);
Executed by:
  • libssl.so.1.1
6405
4442}-
4443-
4444static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,-
4445 size_t *readbytes)-
4446{-
4447 int ret;-
4448-
4449 clear_sys_error();-
4450 if (s->s3->renegotiate)
s->s3->renegotiateDescription
TRUEnever evaluated
FALSEevaluated 21546 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-21546
4451 ssl3_renegotiate_check(s, 0);
never executed: ssl3_renegotiate_check(s, 0);
0
4452 s->s3->in_read_app_data = 1;-
4453 ret =-
4454 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,-
4455 peek, readbytes);-
4456 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
(ret == -1)Description
TRUEevaluated 11649 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 9897 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s->s3->in_read_app_data == 2)Description
TRUEnever evaluated
FALSEevaluated 11649 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-11649
4457 /*-
4458 * ssl3_read_bytes decided to call s->handshake_func, which called-
4459 * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes-
4460 * actually found application data and thinks that application data-
4461 * makes sense here; so disable handshake processing and try to read-
4462 * application data again.-
4463 */-
4464 ossl_statem_set_in_handshake(s, 1);-
4465 ret =-
4466 s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,-
4467 len, peek, readbytes);-
4468 ossl_statem_set_in_handshake(s, 0);-
4469 } else
never executed: end of block
0
4470 s->s3->in_read_app_data = 0;
executed 21546 times by 1 test: s->s3->in_read_app_data = 0;
Executed by:
  • libssl.so.1.1
21546
4471-
4472 return ret;
executed 21546 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
21546
4473}-
4474-
4475int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)-
4476{-
4477 return ssl3_read_internal(s, buf, len, 0, readbytes);
executed 21546 times by 1 test: return ssl3_read_internal(s, buf, len, 0, readbytes);
Executed by:
  • libssl.so.1.1
21546
4478}-
4479-
4480int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)-
4481{-
4482 return ssl3_read_internal(s, buf, len, 1, readbytes);
never executed: return ssl3_read_internal(s, buf, len, 1, readbytes);
0
4483}-
4484-
4485int ssl3_renegotiate(SSL *s)-
4486{-
4487 if (s->handshake_func == NULL)
s->handshake_f...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 32 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-32
4488 return 1;
never executed: return 1;
0
4489-
4490 s->s3->renegotiate = 1;-
4491 return 1;
executed 32 times by 1 test: return 1;
Executed by:
  • libssl.so.1.1
32
4492}-
4493-
4494/*-
4495 * Check if we are waiting to do a renegotiation and if so whether now is a-
4496 * good time to do it. If |initok| is true then we are being called from inside-
4497 * the state machine so ignore the result of SSL_in_init(s). Otherwise we-
4498 * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we-
4499 * should do a renegotiation now and sets up the state machine for it. Otherwise-
4500 * returns 0.-
4501 */-
4502int ssl3_renegotiate_check(SSL *s, int initok)-
4503{-
4504 int ret = 0;-
4505-
4506 if (s->s3->renegotiate) {
s->s3->renegotiateDescription
TRUEevaluated 32 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 24071 times by 1 test
Evaluated by:
  • libssl.so.1.1
32-24071
4507 if (!RECORD_LAYER_read_pending(&s->rlayer)
!RECORD_LAYER_...ng(&s->rlayer)Description
TRUEevaluated 32 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-32
4508 && !RECORD_LAYER_write_pending(&s->rlayer)
!RECORD_LAYER_...ng(&s->rlayer)Description
TRUEevaluated 32 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-32
4509 && (initok || !SSL_in_init(s))) {
initokDescription
TRUEevaluated 7 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 25 times by 1 test
Evaluated by:
  • libssl.so.1.1
!SSL_in_init(s)Description
TRUEevaluated 25 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-25
4510 /*-
4511 * if we are the server, and we have sent a 'RENEGOTIATE'-
4512 * message, we need to set the state machine into the renegotiate-
4513 * state.-
4514 */-
4515 ossl_statem_set_renegotiate(s);-
4516 s->s3->renegotiate = 0;-
4517 s->s3->num_renegotiations++;-
4518 s->s3->total_renegotiations++;-
4519 ret = 1;-
4520 }
executed 32 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
32
4521 }
executed 32 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
32
4522 return ret;
executed 24103 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
24103
4523}-
4524-
4525/*-
4526 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and-
4527 * handshake macs if required.-
4528 *-
4529 * If PSK and using SHA384 for TLS < 1.2 switch to default.-
4530 */-
4531long ssl_get_algorithm2(SSL *s)-
4532{-
4533 long alg2;-
4534 if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
s->s3 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 38462 times by 1 test
Evaluated by:
  • libssl.so.1.1
s->s3->tmp.new...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 38462 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-38462
4535 return -1;
never executed: return -1;
0
4536 alg2 = s->s3->tmp.new_cipher->algorithm2;-
4537 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
s->method->ssl...nc_flags & 0x4Description
TRUEevaluated 33846 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4616 times by 1 test
Evaluated by:
  • libssl.so.1.1
4616-33846
4538 if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
alg2 == (9 | (9 << 8))Description
TRUEevaluated 3101 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 30745 times by 1 test
Evaluated by:
  • libssl.so.1.1
3101-30745
4539 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
executed 3101 times by 1 test: return 4 | (4 << 8);
Executed by:
  • libssl.so.1.1
3101
4540 } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
executed 30745 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
s->s3->tmp.new...| 0x00000100U)Description
TRUEevaluated 20 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4596 times by 1 test
Evaluated by:
  • libssl.so.1.1
20-30745
4541 if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
alg2 == (5 | (5 << 8))Description
TRUEevaluated 20 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-20
4542 return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
executed 20 times by 1 test: return 9 | (9 << 8);
Executed by:
  • libssl.so.1.1
20
4543 }
never executed: end of block
0
4544 return alg2;
executed 35341 times by 1 test: return alg2;
Executed by:
  • libssl.so.1.1
35341
4545}-
4546-
4547/*-
4548 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on-
4549 * failure, 1 on success.-
4550 */-
4551int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,-
4552 DOWNGRADE dgrd)-
4553{-
4554 int send_time = 0, ret;-
4555-
4556 if (len < 4)
len < 4Description
TRUEnever evaluated
FALSEevaluated 6981 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6981
4557 return 0;
never executed: return 0;
0
4558 if (server)
serverDescription
TRUEevaluated 2720 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4261 times by 1 test
Evaluated by:
  • libssl.so.1.1
2720-4261
4559 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
executed 2720 times by 1 test: send_time = (s->mode & 0x00000040U) != 0;
Executed by:
  • libssl.so.1.1
2720
4560 else-
4561 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
executed 4261 times by 1 test: send_time = (s->mode & 0x00000020U) != 0;
Executed by:
  • libssl.so.1.1
4261
4562 if (send_time) {
send_timeDescription
TRUEnever evaluated
FALSEevaluated 6981 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6981
4563 unsigned long Time = (unsigned long)time(NULL);-
4564 unsigned char *p = result;-
4565-
4566 l2n(Time, p);-
4567 ret = RAND_bytes(p, len - 4);-
4568 } else {
never executed: end of block
0
4569 ret = RAND_bytes(result, len);-
4570 }
executed 6981 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
6981
4571-
4572 if (ret > 0) {
ret > 0Description
TRUEevaluated 6981 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-6981
4573 if (!ossl_assert(sizeof(tls11downgrade) < len)
!((sizeof(tls1...) < len) != 0)Description
TRUEnever evaluated
FALSEevaluated 6981 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6981
4574 || !ossl_assert(sizeof(tls12downgrade) < len))
!((sizeof(tls1...) < len) != 0)Description
TRUEnever evaluated
FALSEevaluated 6981 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-6981
4575 return 0;
never executed: return 0;
0
4576 if (dgrd == DOWNGRADE_TO_1_2)
dgrd == DOWNGRADE_TO_1_2Description
TRUEevaluated 748 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6233 times by 1 test
Evaluated by:
  • libssl.so.1.1
748-6233
4577 memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
executed 748 times by 1 test: memcpy(result + len - sizeof(tls12downgrade), tls12downgrade, sizeof(tls12downgrade));
Executed by:
  • libssl.so.1.1
748
4578 sizeof(tls12downgrade));
executed 748 times by 1 test: memcpy(result + len - sizeof(tls12downgrade), tls12downgrade, sizeof(tls12downgrade));
Executed by:
  • libssl.so.1.1
748
4579 else if (dgrd == DOWNGRADE_TO_1_1)
dgrd == DOWNGRADE_TO_1_1Description
TRUEevaluated 224 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 6009 times by 1 test
Evaluated by:
  • libssl.so.1.1
224-6009
4580 memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
executed 224 times by 1 test: memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, sizeof(tls11downgrade));
Executed by:
  • libssl.so.1.1
224
4581 sizeof(tls11downgrade));
executed 224 times by 1 test: memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, sizeof(tls11downgrade));
Executed by:
  • libssl.so.1.1
224
4582 }
executed 6981 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
6981
4583-
4584 return ret;
executed 6981 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
6981
4585}-
4586-
4587int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,-
4588 int free_pms)-
4589{-
4590 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;-
4591 int ret = 0;-
4592-
4593 if (alg_k & SSL_PSK) {
alg_k & (0x000...| 0x00000100U)Description
TRUEevaluated 58 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 2524 times by 1 test
Evaluated by:
  • libssl.so.1.1
58-2524
4594#ifndef OPENSSL_NO_PSK-
4595 unsigned char *pskpms, *t;-
4596 size_t psklen = s->s3->tmp.psklen;-
4597 size_t pskpmslen;-
4598-
4599 /* create PSK premaster_secret */-
4600-
4601 /* For plain PSK "other_secret" is psklen zeroes */-
4602 if (alg_k & SSL_kPSK)
alg_k & 0x00000008UDescription
TRUEevaluated 54 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-54
4603 pmslen = psklen;
executed 54 times by 1 test: pmslen = psklen;
Executed by:
  • libssl.so.1.1
54
4604-
4605 pskpmslen = 4 + pmslen + psklen;-
4606 pskpms = OPENSSL_malloc(pskpmslen);-
4607 if (pskpms == NULL)
pskpms == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 58 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-58
4608 goto err;
never executed: goto err;
0
4609 t = pskpms;-
4610 s2n(pmslen, t);-
4611 if (alg_k & SSL_kPSK)
alg_k & 0x00000008UDescription
TRUEevaluated 54 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4 times by 1 test
Evaluated by:
  • libssl.so.1.1
4-54
4612 memset(t, 0, pmslen);
executed 54 times by 1 test: memset(t, 0, pmslen);
Executed by:
  • libssl.so.1.1
54
4613 else-
4614 memcpy(t, pms, pmslen);
executed 4 times by 1 test: memcpy(t, pms, pmslen);
Executed by:
  • libssl.so.1.1
4
4615 t += pmslen;-
4616 s2n(psklen, t);-
4617 memcpy(t, s->s3->tmp.psk, psklen);-
4618-
4619 OPENSSL_clear_free(s->s3->tmp.psk, psklen);-
4620 s->s3->tmp.psk = NULL;-
4621 if (!s->method->ssl3_enc->generate_master_secret(s,
!s->method->ss...er_key_length)Description
TRUEnever evaluated
FALSEevaluated 58 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-58
4622 s->session->master_key,pskpms, pskpmslen,
!s->method->ss...er_key_length)Description
TRUEnever evaluated
FALSEevaluated 58 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-58
4623 &s->session->master_key_length)) {
!s->method->ss...er_key_length)Description
TRUEnever evaluated
FALSEevaluated 58 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-58
4624 OPENSSL_clear_free(pskpms, pskpmslen);-
4625 /* SSLfatal() already called */-
4626 goto err;
never executed: goto err;
0
4627 }-
4628 OPENSSL_clear_free(pskpms, pskpmslen);-
4629#else-
4630 /* Should never happen */-
4631 goto err;-
4632#endif-
4633 } else {
executed 58 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
58
4634 if (!s->method->ssl3_enc->generate_master_secret(s,
!s->method->ss...er_key_length)Description
TRUEnever evaluated
FALSEevaluated 2524 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2524
4635 s->session->master_key, pms, pmslen,
!s->method->ss...er_key_length)Description
TRUEnever evaluated
FALSEevaluated 2524 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2524
4636 &s->session->master_key_length)) {
!s->method->ss...er_key_length)Description
TRUEnever evaluated
FALSEevaluated 2524 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2524
4637 /* SSLfatal() already called */-
4638 goto err;
never executed: goto err;
0
4639 }-
4640 }
executed 2524 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
2524
4641-
4642 ret = 1;-
4643 err:
code before this statement executed 2582 times by 1 test: err:
Executed by:
  • libssl.so.1.1
2582
4644 if (pms) {
pmsDescription
TRUEevaluated 2528 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 54 times by 1 test
Evaluated by:
  • libssl.so.1.1
54-2528
4645 if (free_pms)
free_pmsDescription
TRUEevaluated 1376 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1152 times by 1 test
Evaluated by:
  • libssl.so.1.1
1152-1376
4646 OPENSSL_clear_free(pms, pmslen);
executed 1376 times by 1 test: CRYPTO_clear_free(pms, pmslen, __FILE__, 4646);
Executed by:
  • libssl.so.1.1
1376
4647 else-
4648 OPENSSL_cleanse(pms, pmslen);
executed 1152 times by 1 test: OPENSSL_cleanse(pms, pmslen);
Executed by:
  • libssl.so.1.1
1152
4649 }-
4650 if (s->server == 0)
s->server == 0Description
TRUEevaluated 1393 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 1189 times by 1 test
Evaluated by:
  • libssl.so.1.1
1189-1393
4651 s->s3->tmp.pms = NULL;
executed 1393 times by 1 test: s->s3->tmp.pms = ((void *)0) ;
Executed by:
  • libssl.so.1.1
1393
4652 return ret;
executed 2582 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
2582
4653}-
4654-
4655/* Generate a private key from parameters */-
4656EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)-
4657{-
4658 EVP_PKEY_CTX *pctx = NULL;-
4659 EVP_PKEY *pkey = NULL;-
4660-
4661 if (pm == NULL)
pm == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2479 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2479
4662 return NULL;
never executed: return ((void *)0) ;
0
4663 pctx = EVP_PKEY_CTX_new(pm, NULL);-
4664 if (pctx == NULL)
pctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2479 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2479
4665 goto err;
never executed: goto err;
0
4666 if (EVP_PKEY_keygen_init(pctx) <= 0)
EVP_PKEY_keyge...nit(pctx) <= 0Description
TRUEnever evaluated
FALSEevaluated 2479 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2479
4667 goto err;
never executed: goto err;
0
4668 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
EVP_PKEY_keyge...x, &pkey) <= 0Description
TRUEnever evaluated
FALSEevaluated 2479 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-2479
4669 EVP_PKEY_free(pkey);-
4670 pkey = NULL;-
4671 }
never executed: end of block
0
4672-
4673 err:
code before this statement executed 2479 times by 1 test: err:
Executed by:
  • libssl.so.1.1
2479
4674 EVP_PKEY_CTX_free(pctx);-
4675 return pkey;
executed 2479 times by 1 test: return pkey;
Executed by:
  • libssl.so.1.1
2479
4676}-
4677#ifndef OPENSSL_NO_EC-
4678/* Generate a private key from a group ID */-
4679EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)-
4680{-
4681 EVP_PKEY_CTX *pctx = NULL;-
4682 EVP_PKEY *pkey = NULL;-
4683 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);-
4684 uint16_t gtype;-
4685-
4686 if (ginf == NULL) {
ginf == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4864 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4864
4687 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,-
4688 ERR_R_INTERNAL_ERROR);-
4689 goto err;
never executed: goto err;
0
4690 }-
4691 gtype = ginf->flags & TLS_CURVE_TYPE;-
4692 if (gtype == TLS_CURVE_CUSTOM)
gtype == 0x2Description
TRUEevaluated 4210 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 654 times by 1 test
Evaluated by:
  • libssl.so.1.1
654-4210
4693 pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
executed 4210 times by 1 test: pctx = EVP_PKEY_CTX_new_id(ginf->nid, ((void *)0) );
Executed by:
  • libssl.so.1.1
4210
4694 else-
4695 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
executed 654 times by 1 test: pctx = EVP_PKEY_CTX_new_id(408, ((void *)0) );
Executed by:
  • libssl.so.1.1
654
4696 if (pctx == NULL) {
pctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4864 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4864
4697 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,-
4698 ERR_R_MALLOC_FAILURE);-
4699 goto err;
never executed: goto err;
0
4700 }-
4701 if (EVP_PKEY_keygen_init(pctx) <= 0) {
EVP_PKEY_keyge...nit(pctx) <= 0Description
TRUEnever evaluated
FALSEevaluated 4864 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4864
4702 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,-
4703 ERR_R_EVP_LIB);-
4704 goto err;
never executed: goto err;
0
4705 }-
4706 if (gtype != TLS_CURVE_CUSTOM
gtype != 0x2Description
TRUEevaluated 654 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 4210 times by 1 test
Evaluated by:
  • libssl.so.1.1
654-4210
4707 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
EVP_PKEY_CTX_c...id *)0) ) <= 0Description
TRUEnever evaluated
FALSEevaluated 654 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-654
4708 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,-
4709 ERR_R_EVP_LIB);-
4710 goto err;
never executed: goto err;
0
4711 }-
4712 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
EVP_PKEY_keyge...x, &pkey) <= 0Description
TRUEnever evaluated
FALSEevaluated 4864 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-4864
4713 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,-
4714 ERR_R_EVP_LIB);-
4715 EVP_PKEY_free(pkey);-
4716 pkey = NULL;-
4717 }
never executed: end of block
0
4718-
4719 err:
code before this statement executed 4864 times by 1 test: err:
Executed by:
  • libssl.so.1.1
4864
4720 EVP_PKEY_CTX_free(pctx);-
4721 return pkey;
executed 4864 times by 1 test: return pkey;
Executed by:
  • libssl.so.1.1
4864
4722}-
4723-
4724/*-
4725 * Generate parameters from a group ID-
4726 */-
4727EVP_PKEY *ssl_generate_param_group(uint16_t id)-
4728{-
4729 EVP_PKEY_CTX *pctx = NULL;-
4730 EVP_PKEY *pkey = NULL;-
4731 const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);-
4732-
4733 if (ginf == NULL)
ginf == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1910 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-1910
4734 goto err;
never executed: goto err;
0
4735-
4736 if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
(ginf->flags & 0x3) == 0x2Description
TRUEevaluated 1682 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 228 times by 1 test
Evaluated by:
  • libssl.so.1.1
228-1682
4737 pkey = EVP_PKEY_new();-
4738 if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
pkey != ((void *)0)Description
TRUEevaluated 1682 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
EVP_PKEY_set_t...ey, ginf->nid)Description
TRUEevaluated 1682 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1682
4739 return pkey;
executed 1682 times by 1 test: return pkey;
Executed by:
  • libssl.so.1.1
1682
4740 EVP_PKEY_free(pkey);-
4741 return NULL;
never executed: return ((void *)0) ;
0
4742 }-
4743-
4744 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);-
4745 if (pctx == NULL)
pctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 228 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-228
4746 goto err;
never executed: goto err;
0
4747 if (EVP_PKEY_paramgen_init(pctx) <= 0)
EVP_PKEY_param...nit(pctx) <= 0Description
TRUEnever evaluated
FALSEevaluated 228 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-228
4748 goto err;
never executed: goto err;
0
4749 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
EVP_PKEY_CTX_c...id *)0) ) <= 0Description
TRUEnever evaluated
FALSEevaluated 228 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-228
4750 goto err;
never executed: goto err;
0
4751 if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
EVP_PKEY_param...x, &pkey) <= 0Description
TRUEnever evaluated
FALSEevaluated 228 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-228
4752 EVP_PKEY_free(pkey);-
4753 pkey = NULL;-
4754 }
never executed: end of block
0
4755-
4756 err:
code before this statement executed 228 times by 1 test: err:
Executed by:
  • libssl.so.1.1
228
4757 EVP_PKEY_CTX_free(pctx);-
4758 return pkey;
executed 228 times by 1 test: return pkey;
Executed by:
  • libssl.so.1.1
228
4759}-
4760#endif-
4761-
4762/* Derive secrets for ECDH/DH */-
4763int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)-
4764{-
4765 int rv = 0;-
4766 unsigned char *pms = NULL;-
4767 size_t pmslen = 0;-
4768 EVP_PKEY_CTX *pctx;-
4769-
4770 if (privkey == NULL || pubkey == NULL) {
privkey == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3432 times by 1 test
Evaluated by:
  • libssl.so.1.1
pubkey == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3432 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3432
4771 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,-
4772 ERR_R_INTERNAL_ERROR);-
4773 return 0;
never executed: return 0;
0
4774 }-
4775-
4776 pctx = EVP_PKEY_CTX_new(privkey, NULL);-
4777-
4778 if (EVP_PKEY_derive_init(pctx) <= 0
EVP_PKEY_deriv...nit(pctx) <= 0Description
TRUEnever evaluated
FALSEevaluated 3432 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3432
4779 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
EVP_PKEY_deriv..., pubkey) <= 0Description
TRUEnever evaluated
FALSEevaluated 3432 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3432
4780 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
EVP_PKEY_deriv... &pmslen) <= 0Description
TRUEnever evaluated
FALSEevaluated 3432 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3432
4781 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,-
4782 ERR_R_INTERNAL_ERROR);-
4783 goto err;
never executed: goto err;
0
4784 }-
4785-
4786 pms = OPENSSL_malloc(pmslen);-
4787 if (pms == NULL) {
pms == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3432 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-3432
4788 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,-
4789 ERR_R_MALLOC_FAILURE);-
4790 goto err;
never executed: goto err;
0
4791 }-
4792-
4793 if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
EVP_PKEY_deriv... &pmslen) <= 0Description
TRUEevaluated 26 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 3406 times by 1 test
Evaluated by:
  • libssl.so.1.1
26-3406
4794 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,-
4795 ERR_R_INTERNAL_ERROR);-
4796 goto err;
executed 26 times by 1 test: goto err;
Executed by:
  • libssl.so.1.1
26
4797 }-
4798-
4799 if (gensecret) {
gensecretDescription
TRUEevaluated 2474 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 932 times by 1 test
Evaluated by:
  • libssl.so.1.1
932-2474
4800 /* SSLfatal() called as appropriate in the below functions */-
4801 if (SSL_IS_TLS13(s)) {
!(s->method->s...c_flags & 0x8)Description
TRUEevaluated 2350 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 124 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->version >= 0x0304Description
TRUEevaluated 1467 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 883 times by 1 test
Evaluated by:
  • libssl.so.1.1
(s)->method->v...ion != 0x10000Description
TRUEevaluated 1467 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-2350
4802 /*-
4803 * If we are resuming then we already generated the early secret-
4804 * when we created the ClientHello, so don't recreate it.-
4805 */-
4806 if (!s->hit)
!s->hitDescription
TRUEevaluated 1252 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEevaluated 215 times by 1 test
Evaluated by:
  • libssl.so.1.1
215-1252
4807 rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
executed 1252 times by 1 test: rv = tls13_generate_secret(s, ssl_handshake_md(s), ((void *)0) , ((void *)0) , 0, (unsigned char *)&s->early_secret);
Executed by:
  • libssl.so.1.1
1252
4808 0,
executed 1252 times by 1 test: rv = tls13_generate_secret(s, ssl_handshake_md(s), ((void *)0) , ((void *)0) , 0, (unsigned char *)&s->early_secret);
Executed by:
  • libssl.so.1.1
1252
4809 (unsigned char *)&s->early_secret);
executed 1252 times by 1 test: rv = tls13_generate_secret(s, ssl_handshake_md(s), ((void *)0) , ((void *)0) , 0, (unsigned char *)&s->early_secret);
Executed by:
  • libssl.so.1.1
1252
4810 else-
4811 rv = 1;
executed 215 times by 1 test: rv = 1;
Executed by:
  • libssl.so.1.1
215
4812-
4813 rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
rvDescription
TRUEevaluated 1467 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
tls13_generate..., pms, pmslen)Description
TRUEevaluated 1467 times by 1 test
Evaluated by:
  • libssl.so.1.1
FALSEnever evaluated
0-1467
4814 } else {
executed 1467 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1467
4815 rv = ssl_generate_master_secret(s, pms, pmslen, 0);-
4816 }
executed 1007 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
1007
4817 } else {-
4818 /* Save premaster secret */-
4819 s->s3->tmp.pms = pms;-
4820 s->s3->tmp.pmslen = pmslen;-
4821 pms = NULL;-
4822 rv = 1;-
4823 }
executed 932 times by 1 test: end of block
Executed by:
  • libssl.so.1.1
932
4824-
4825 err:
code before this statement executed 3406 times by 1 test: err:
Executed by:
  • libssl.so.1.1
3406
4826 OPENSSL_clear_free(pms, pmslen);-
4827 EVP_PKEY_CTX_free(pctx);-
4828 return rv;
executed 3432 times by 1 test: return rv;
Executed by:
  • libssl.so.1.1
3432
4829}-
4830-
4831#ifndef OPENSSL_NO_DH-
4832EVP_PKEY *ssl_dh_to_pkey(DH *dh)-
4833{-
4834 EVP_PKEY *ret;-
4835 if (dh == NULL)
dh == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 235 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-235
4836 return NULL;
never executed: return ((void *)0) ;
0
4837 ret = EVP_PKEY_new();-
4838 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
EVP_PKEY_set1_DH(ret, dh) <= 0Description
TRUEnever evaluated
FALSEevaluated 235 times by 1 test
Evaluated by:
  • libssl.so.1.1
0-235
4839 EVP_PKEY_free(ret);-
4840 return NULL;
never executed: return ((void *)0) ;
0
4841 }-
4842 return ret;
executed 235 times by 1 test: return ret;
Executed by:
  • libssl.so.1.1
235
4843}-
4844#endif-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2